Signed CoRIM rework #35
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The spec defines CoRIM tags field variants as
tagged-concise-swid-tag = #6.505(bytes .cbor concise-swid-tag)
tagged-concise-mid-tag = #6.506(bytes .cbor concise-mid-tag)
tagged-concise-tl-tag = #6.508(bytes .cbor concise-tl-tag)
This means that, e.g., tagged-concise-swid-tag is CBOR tag 505 wrapping
a byte string, which contain the CBOR-encoded concise-swid-tag
structure. However, we encoded it as COBR tag 505 wrapping the
concise-swid-tag structure (without first encoding it as a bytes
string).
This change updates CBOR serialization to match the spec. JSON
serialization is left as-is, because it is non-canonical, and it would
significantly negatively impact readability if we encoded the structures
as base64 strings.
Signed-off-by: setrofim <setrofim@gmail.com>
Implement extensions for EntityNameTypeChoice. This involve re-defining it as an enum with Text and Extenion variants (form Text type alias that it was before), implementing the appropriate serializations and conversions. Signed-off-by: setrofim <setrofim@gmail.com>
Serialize CorimSignerMap using string field names for human-readable formats, and integer keys otherwise. Signed-off-by: setrofim <setrofim@gmail.com>
- Serialize CorimMetaMap using string field names for human-readable formats, and integer keys otherwise. - Add extensions filed to CorimMetaMap to align with the spec. Signed-off-by: setrofim <setrofim@gmail.com>
- Add IntegerTime.as_i128() method for converting to an int - Implement Default for IntegerTime, with default value 0 (EPOC). Signed-off-by: setrofim <setrofim@gmail.com>
Add unwrap() method for tagged types to allow converting to the inner type without cloning. Signed-off-by: setrofim <setrofim@gmail.com>
Both only contain integer values, so there is no reason why they should not be Copy. Signed-off-by: setrofim <setrofim@gmail.com>
This is a major rework of how signed CoRIMs are handled. Structures that are duplicates of COSE types are removed and coset library is used to provide COSE support. SignedCorim, rather than being a COSE_Sign1 object, now contains it, alongside the deserialized CorimMap and header values (CorimMetaMap, etc). A builder is used to both construct and sign the SignedCorim values, ensuring that the COSE_Sign1 is in sync with the deserialized fields. As with coset library, actual signing and signature validation is delegated to external code via hooks. CoseKeyOwner, CoseSigner, and CoseVerifier traits are defined for this purpose. CoseKeyOwner provides a way of getting a CoseKey from whatever format the actual key is in. This is used to do validation of the key against the COSE headers, as defined by the spec. CoseSigner and CoseVerifier define hooks, similar to those defined by coset, for signature creation and verification respectively. Some types and ConciseRimTypeChoice variants have been renamed for consistency. deserialization for ConciseRimTypeChoice has been fixed (due to a know ciborium issue, tagged types inside enums cannot be deserialized in the usual way.). Convenience to_/from_cbor() methods have been added to ConciseRimTypeChoice, TaggedSignedCorim, and TaggedUnsignedCorim to remove the need for the calling code to invoke ciborium directly. Analogously, to_/from_json() have been added to TaggedUnsignedCorim, and ConciseRimTypeChoice (SignedCorim is a COSE wrapper, and so does not have/need a JSON representation). Signed-off-by: setrofim <setrofim@gmail.com>
Add a builder for CorimMetaMap that collects CorimSignerMap and ValidityMap fields. Since a lot of the fields are optional (the only thing that _needs_ to be set in the meta is the signer name), this makes it easier to construct a valid CorimMetaMap, without needing to worry about its internal structure. Signed-off-by: setrofim <setrofim@gmail.com>
Replace "use <submod>::*;" with "pub use <submod>::*;" to export the submod's public contents as public, and thus allow external crates to import them directly from top level. Signed-off-by: setrofim <setrofim@gmail.com>
Allow creating SvnTypeChoice with just <some u64>.into() to remove the need for the calling code to explicitly import the SvnTypeChoice in some cases. Signed-off-by: setrofim <setrofim@gmail.com>
Implement new() for all builders, aligned with default(), as per rust API best practices. Note in some cases an implementation was already provided via deriving Constructor, however that generate a new() that took an argument for every field. This does not really make sense for builders as they use chaining, so this was replaced with an implementation that takes no arguments. Signed-off-by: setrofim <setrofim@gmail.com>
Update module documentation to use the rewored API, and to give examples of creating and verifying signatures. Signed-off-by: setrofim <setrofim@gmail.com>
Add a signer implementation that uses openssl crate. At the moment, this implementation only supports EC2 keys. The implementation, and the associated dependency on openssl, are configurable by "openssl" feature. Signed-off-by: setrofim <setrofim@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
2FB3
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This re-implements signed CoRIM, relying on
cosetlibrary to handle the COSE encoding. Hooks are added for providing actual siganture creation and everification logic. An optional implementation of ECDSA signatures usingopensslcrate is added under "openssl" feature.Top-level CoRIM types are renamed for consitency and helper methods are added to remove the need for the calling code to explicilty invoke
ciborium.A number trait implementations and conversion methods for other types added to allow using them in a cleaner way.
NOTE: this is implemented on top of #34