chore: Move c2pa::CoseValidator to c2pa_crypto::RawSignatureValidator
#683
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #683 +/- ##
==========================================
- Coverage 81.77% 81.55% -0.22%
==========================================
Files 101 104 +3
Lines 30916 30602 -314
==========================================
- Hits 25281 24958 -323
- Misses 5635 5644 +9 ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
…ve existing OpenSSL implementations to it
scouten-adobe
force-pushed
the
move-cose-validator
branch
from
e4755c9 to
b11b39a
Compare
Enable tests on WASM
| let s = BigNum::from_slice(&sig[sig_len..])?; | ||
| EcdsaSig::from_private_components(r, s)?.to_der()? | ||
| } else { | ||
| sig.to_vec() |
There was a problem hiding this comment.
@mauricefisher64 do you know of a case where the signature is not encoded as P1363?
There was a problem hiding this comment.
OpenSSL/AWS KMS/X509 certs use DER. Web standards and Cose/C2PA use P1363
There was a problem hiding this comment.
So when we sign with OpenSSL or we are checking certificates the values are DER.
There was a problem hiding this comment.
@mauricefisher64 reason I'm asking is that the unit test framework isn't generating coverage for line 70 (the DER case) so I'm looking for sample data that would exercise that case.
There was a problem hiding this comment.
Is you sign something with straight OpenSSL it will be a DER signature. You can't use a signature that came from Cose because it will be in the other format.
| /// ECDSA with SHA-384 | ||
| Es384, | ||
| // ECDSA with SHA-512 | ||
| // Es512, // not yet implemented (check with Colin) |
There was a problem hiding this comment.
@cdmurph32 why was Es512 not implemented in #653?
There was a problem hiding this comment.
Looks like the switch to Rustls here is a regression. We currently support ES512 with SubtleCrypto.
There was a problem hiding this comment.
OK, that's the reason to keep the async path open. SubtleCrypto requires async.
There was a problem hiding this comment.
This code path is synchronous-only.
| @@ -29,53 +25,3 @@ pub struct ValidationInfo { | |||
| pub cert_chain: Vec<u8>, // certificate chain used to validate signature | |||
| pub revocation_status: Option<bool>, | |||
| } | |||
|
|
|||
| /// Trait to support validating a signature against the provided data | |||
| pub(crate) trait CoseValidator { | |||
There was a problem hiding this comment.
Replaced by c2pa_crypto::raw_signature::RawSignatureValidator.
|
|
||
| /// return validator for supported C2PA algorithms | ||
| #[cfg(feature = "openssl")] | ||
| pub(crate) fn get_validator(alg: SigningAlg) -> Box<dyn CoseValidator> { |
There was a problem hiding this comment.
Replaced by c2pa_crypto::raw_signature::validator::validator_for_signing_alg.
| @@ -16,33 +16,16 @@ mod rsa_signer; | |||
| #[cfg(feature = "openssl_sign")] | |||
| pub(crate) use rsa_signer::RsaSigner; | |||
|
|
|||
| #[cfg(feature = "openssl")] | |||
There was a problem hiding this comment.
These all moved into c2pa_crypto::openssl::validators.
Unify logic as much as possible
| /// lacks an Eq implementation. Instead we capture the error description. | ||
| #[cfg(feature = "openssl")] | ||
| #[error("an error was reported by OpenSSL native code: {0}")] | ||
| OpenSslError(String), |
There was a problem hiding this comment.
I think this is a very good choice.
There was a problem hiding this comment.
Should we allow the RawSignatureValidationError to return LogItem to get the detailed error info?
There was a problem hiding this comment.
@mauricefisher64 the LogItem code was never plumbed down this far in the code being replaced. Certainly open to a subsequent PR that would add it.
There was a problem hiding this comment.
@mauricefisher64 I saw this error case a few times while debugging the new code and I was pretty pleased with the description that was provided. It included the OpenSSL file name and line number.
| /// | ||
| /// Which validators are available may vary depending on the platform and | ||
| /// which crate features were enabled. | ||
| pub fn validator_for_signing_alg(alg: SigningAlg) -> Option<Box<dyn RawSignatureValidator>> { |
There was a problem hiding this comment.
I have to think about this. It may be too restrictive. There are cases where we validate patterns that don't match our predefined signature types. For example You can have an EC signature that uses an arbitrary hash length. They are not limited to for example ES256 where the sig is on curve prime256v1 but the hash is Sha256. You can use that curve with other hash values. We see this when validating certs.
There was a problem hiding this comment.
@mauricefisher64 this is pretty directly taken from existing code in validator.rs: https://github.com/contentauth/c2pa-rs/blob/main/sdk/src/validator.rs#L62-L75
There was a separate function get_local_validator that had more flexibility and I've carried that over as validator_for_sig_and_alg_oids a little farther down in this file.
There was a problem hiding this comment.
I see. We will have to do some testing against those odd cert cases.
There was a problem hiding this comment.
@mauricefisher64 would love to have new test cases for anything else you're familiar with.
| p256 = "0.13.2" | ||
| p384 = "0.13.0" | ||
| rsa = { version = "0.9.6", features = ["sha2"] } | ||
| spki = "0.7.3" | ||
| wasm-bindgen = "0.2.83" |
There was a problem hiding this comment.
wasm-bindgen, web-sys, web-time can not be included in the wasi target. I know this PR isn't really about adding WASI support, but there are other wasi targets in the Cargo.toml
|
|
||
| const SAMPLE_DATA: &[u8] = b"some sample content to sign"; | ||
|
|
||
| #[test] |
There was a problem hiding this comment.
With these changes I thought these unit tests would work for both WASM and non-WASM cases?
There was a problem hiding this comment.
Not sure what you're saying here. Next line flags it was a WASM-compatible test.
Unfortunately, the WASM test framework doesn't respect the standard #[test] annotation. 😢
| match alg { | ||
| SigningAlg::Es256 => Some(Box::new(EcdsaValidator::Es256)), | ||
| SigningAlg::Es384 => Some(Box::new(EcdsaValidator::Es384)), | ||
| SigningAlg::Es512 => None, /* why is this unimplemented? */ |
There was a problem hiding this comment.
Interesting? This is implemented in the current c2pa-rs
There was a problem hiding this comment.
In the synchronous case for WASM, it's not implemented. @cdmurph32 can you explain?
No description provided.