Skip to content

Commit

Permalink
progress
Browse files Browse the repository at this point in the history 
Signed-off-by: Irene Diez <idiez@redhat.com>
  • Loading branch information
@7flying
7flying committed Jan 2, 2023
1 parent a06a3a8 commit cbd8f0e
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 21 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions data-formats/src/constants/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,8 @@ const RS384: i16 = -258;
#[repr(i16)]
#[non_exhaustive]
pub enum DeviceSigType {
StSECP256R1 = (aws_nitro_enclaves_cose::sign::SignatureAlgorithm::ES256 as i16),
StSECP384R1 = (aws_nitro_enclaves_cose::sign::SignatureAlgorithm::ES384 as i16),
StSECP256R1 = (aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES256 as i16),
StSECP384R1 = (aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES384 as i16),
StRSA2048 = RS256,
StRSA3072 = RS384,
StEPID10 = 90,
Expand Down
24 changes: 14 additions & 10 deletions data-formats/src/devicecredential/file.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ use crate::{
DeviceCredential, ProtocolVersion,
};

use aws_nitro_enclaves_cose::{error::CoseError, sign::SignatureAlgorithm};
use aws_nitro_enclaves_cose::error::CoseError;
use openssl::{pkey::PKey, sign::Signer};
use serde::{Deserialize, Serialize};
use serde_tuple::Serialize_tuple;
Expand Down Expand Up @@ -249,7 +249,10 @@ impl TpmCoseSigner {
public: &tss_esapi::structures::Public,
) -> Result<
(
(SignatureAlgorithm, openssl::hash::MessageDigest),
(
aws_nitro_enclaves_cose::crypto::SignatureAlgorithm,
aws_nitro_enclaves_cose::crypto::MessageDigest,
),
tss_esapi::interface_types::algorithm::HashingAlgorithm,
usize,
),
Expand All @@ -264,13 +267,13 @@ impl TpmCoseSigner {
};
let param_hash_alg = match hash_alg {
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256 => {
openssl::hash::MessageDigest::sha256()
aws_nitro_enclaves_cose::crypto::MessageDigest::Sha256
}
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha384 => {
openssl::hash::MessageDigest::sha384()
aws_nitro_enclaves_cose::crypto::MessageDigest::Sha384
}
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha512 => {
openssl::hash::MessageDigest::sha512()
aws_nitro_enclaves_cose::crypto::MessageDigest::Sha512
}
_ => {
return Err(CoseError::UnsupportedError(
Expand All @@ -280,17 +283,17 @@ impl TpmCoseSigner {
};
let (sig_alg, correct_hash_alg, key_length) = match parameters.ecc_curve() {
tss_esapi::interface_types::ecc::EccCurve::NistP256 => (
SignatureAlgorithm::ES256,
aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES256,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256,
32,
),
tss_esapi::interface_types::ecc::EccCurve::NistP384 => (
SignatureAlgorithm::ES384,
aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES384,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha384,
48,
),
tss_esapi::interface_types::ecc::EccCurve::NistP521 => (
SignatureAlgorithm::ES512,
aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES512,
tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha512,
66,
),
Expand All @@ -317,8 +320,9 @@ impl aws_nitro_enclaves_cose::crypto::SigningPublicKey for TpmCoseSigner {
&self,
) -> Result<
(
aws_nitro_enclaves_cose::sign::SignatureAlgorithm,
openssl::hash::MessageDigest,
aws_nitro_enclaves_cose::crypto::SignatureAlgorithm,
aws_nitro_enclaves_cose::crypto::MessageDigest,
// openssl::hash::MessageDigest,
),
CoseError,
> {
Expand Down
21 changes: 14 additions & 7 deletions data-formats/src/types.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1791,33 +1791,37 @@ impl COSESign {
})
}

pub fn new<T>(
pub fn new<T, H>(
payload: &T,
unprotected: Option<COSEHeaderMap>,
sign_key: &dyn SigningPrivateKey,
hash: &H,
) -> Result<Self, Error>
where
T: Serializable,
H: aws_nitro_enclaves_cose::crypto::Hash,
{
let unprotected = match unprotected {
Some(v) => v,
None => COSEHeaderMap::new(),
};
let payload = payload.serialize_data()?;

let inner = COSESignInner::new(&payload, &unprotected.into(), sign_key)?;
let inner = COSESignInner::new::<H>(&payload, &unprotected.into(), sign_key)?;

Self::new_from_inner(inner)
}

pub fn new_with_protected<T>(
pub fn new_with_protected<T, H>(
payload: &T,
protected: COSEHeaderMap,
unprotected: Option<COSEHeaderMap>,
sign_key: &dyn SigningPrivateKey,
hash: &H,
) -> Result<Self, Error>
where
T: Serializable,
H: aws_nitro_enclaves_cose::crypto::Hash,
{
let unprotected = match unprotected {
Some(v) => v,
Expand All @@ -1830,13 +1834,16 @@ impl COSESign {
protected.insert(1.into(), (sig_alg as i8).into());

let inner =
COSESignInner::new_with_protected(&payload, &protected, &unprotected.into(), sign_key)?;
COSESignInner::new_with_protected::<H>(&payload, &protected, &unprotected.into(), sign_key)?;

Self::new_from_inner(inner)
}

pub fn verify(&self, sign_key: &dyn SigningPublicKey) -> Result<(), Error> {
if self.cached_inner.verify_signature(sign_key)? {
pub fn verify<H>(&self, sign_key: &dyn SigningPublicKey) -> Result<(), Error>
where
H: aws_nitro_enclaves_cose::crypto::Hash,
{
if self.cached_inner.verify_signature::<H>(sign_key)? {
Ok(())
} else {
Err(Error::InconsistentValue("Signature verification failed"))
Expand All @@ -1852,7 +1859,7 @@ impl COSESign {
ES: PayloadState,
{
let claims = eat.to_map();
Self::new(&claims.0, unprotected, sign_key)
Self::new(&claims.0, unprotected, sign_key, &sign_key.get_parameters()?.0)
}

pub fn get_payload_unverified<T>(&self) -> Result<UnverifiedValue<T>, Error>
Expand Down

0 comments on commit cbd8f0e

Please sign in to comment.