chore: update aws-nitro-enclaves-cose requirement from 0.4.0 to 0.5.0

data-formats/Cargo.toml

@@ -17,7 +17,7 @@ serde_cbor = "0.11"
 serde_repr = "0.1.6"
 serde_tuple = "0.5"
 thiserror = "1"
-aws-nitro-enclaves-cose = "0.4.0"
+aws-nitro-enclaves-cose = "0.5.0"
 uuid = "1.3"
 num-traits = "0.2"
 num-derive = "0.3"

data-formats/src/constants/mod.rs

@@ -111,8 +111,8 @@ const RS384: i16 = -258;
 #[repr(i16)]
 #[non_exhaustive]
 pub enum DeviceSigType {
-    StSECP256R1 = (aws_nitro_enclaves_cose::sign::SignatureAlgorithm::ES256 as i16),
-    StSECP384R1 = (aws_nitro_enclaves_cose::sign::SignatureAlgorithm::ES384 as i16),
+    StSECP256R1 = (aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES256 as i16),
+    StSECP384R1 = (aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES384 as i16),
     StRSA2048 = RS256,
     StRSA3072 = RS384,
     StEPID10 = 90,

data-formats/src/devicecredential/file.rs

@@ -11,7 +11,7 @@ use crate::{
     DeviceCredential, ProtocolVersion,
 };
 
-use aws_nitro_enclaves_cose::{error::CoseError, sign::SignatureAlgorithm};
+use aws_nitro_enclaves_cose::error::CoseError;
 use openssl::{pkey::PKey, sign::Signer};
 use serde::{Deserialize, Serialize};
 use serde_tuple::Serialize_tuple;
@@ -249,7 +249,10 @@ impl TpmCoseSigner {
         public: &tss_esapi::structures::Public,
     ) -> Result<
         (
-            (SignatureAlgorithm, openssl::hash::MessageDigest),
+            (
+                aws_nitro_enclaves_cose::crypto::SignatureAlgorithm,
+                aws_nitro_enclaves_cose::crypto::MessageDigest,
+            ),
             tss_esapi::interface_types::algorithm::HashingAlgorithm,
             usize,
         ),
@@ -264,13 +267,13 @@ impl TpmCoseSigner {
                 };
                 let param_hash_alg = match hash_alg {
                     tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256 => {
-                        openssl::hash::MessageDigest::sha256()
+                        aws_nitro_enclaves_cose::crypto::MessageDigest::Sha256
                     }
                     tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha384 => {
-                        openssl::hash::MessageDigest::sha384()
+                        aws_nitro_enclaves_cose::crypto::MessageDigest::Sha384
                     }
                     tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha512 => {
-                        openssl::hash::MessageDigest::sha512()
+                        aws_nitro_enclaves_cose::crypto::MessageDigest::Sha512
                     }
                     _ => {
                         return Err(CoseError::UnsupportedError(
@@ -280,17 +283,17 @@ impl TpmCoseSigner {
                 };
                 let (sig_alg, correct_hash_alg, key_length) = match parameters.ecc_curve() {
                     tss_esapi::interface_types::ecc::EccCurve::NistP256 => (
-                        SignatureAlgorithm::ES256,
+                        aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES256,
                         tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha256,
                         32,
                     ),
                     tss_esapi::interface_types::ecc::EccCurve::NistP384 => (
-                        SignatureAlgorithm::ES384,
+                        aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES384,
                         tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha384,
                         48,
                     ),
                     tss_esapi::interface_types::ecc::EccCurve::NistP521 => (
-                        SignatureAlgorithm::ES512,
+                        aws_nitro_enclaves_cose::crypto::SignatureAlgorithm::ES512,
                         tss_esapi::interface_types::algorithm::HashingAlgorithm::Sha512,
                         66,
                     ),
@@ -317,8 +320,9 @@ impl aws_nitro_enclaves_cose::crypto::SigningPublicKey for TpmCoseSigner {
         &self,
     ) -> Result<
         (
-            aws_nitro_enclaves_cose::sign::SignatureAlgorithm,
-            openssl::hash::MessageDigest,
+            aws_nitro_enclaves_cose::crypto::SignatureAlgorithm,
+            aws_nitro_enclaves_cose::crypto::MessageDigest,
+            // openssl::hash::MessageDigest,
         ),
         CoseError,
     > {

data-formats/src/types.rs

@@ -1791,33 +1791,37 @@ impl COSESign {
         })
     }
 
-    pub fn new<T>(
+    pub fn new<T, H>(
         payload: &T,
         unprotected: Option<COSEHeaderMap>,
         sign_key: &dyn SigningPrivateKey,
+        hash: &H,
     ) -> Result<Self, Error>
     where
         T: Serializable,
+        H: aws_nitro_enclaves_cose::crypto::Hash,
     {
         let unprotected = match unprotected {
             Some(v) => v,
             None => COSEHeaderMap::new(),
         };
         let payload = payload.serialize_data()?;
 
-        let inner = COSESignInner::new(&payload, &unprotected.into(), sign_key)?;
+        let inner = COSESignInner::new::<H>(&payload, &unprotected.into(), sign_key)?;
 
         Self::new_from_inner(inner)
     }
 
-    pub fn new_with_protected<T>(
+    pub fn new_with_protected<T, H>(
         payload: &T,
         protected: COSEHeaderMap,
         unprotected: Option<COSEHeaderMap>,
         sign_key: &dyn SigningPrivateKey,
+        hash: &H,
     ) -> Result<Self, Error>
     where
         T: Serializable,
+        H: aws_nitro_enclaves_cose::crypto::Hash,
     {
         let unprotected = match unprotected {
             Some(v) => v,
@@ -1830,13 +1834,16 @@ impl COSESign {
         protected.insert(1.into(), (sig_alg as i8).into());
 
         let inner =
-            COSESignInner::new_with_protected(&payload, &protected, &unprotected.into(), sign_key)?;
+            COSESignInner::new_with_protected::<H>(&payload, &protected, &unprotected.into(), sign_key)?;
 
         Self::new_from_inner(inner)
     }
 
-    pub fn verify(&self, sign_key: &dyn SigningPublicKey) -> Result<(), Error> {
-        if self.cached_inner.verify_signature(sign_key)? {
+    pub fn verify<H>(&self, sign_key: &dyn SigningPublicKey) -> Result<(), Error>
+    where
+        H: aws_nitro_enclaves_cose::crypto::Hash,
+    {
+        if self.cached_inner.verify_signature::<H>(sign_key)? {
             Ok(())
         } else {
             Err(Error::InconsistentValue("Signature verification failed"))
@@ -1852,7 +1859,7 @@ impl COSESign {
         ES: PayloadState,
     {
         let claims = eat.to_map();
-        Self::new(&claims.0, unprotected, sign_key)
+        Self::new(&claims.0, unprotected, sign_key, &sign_key.get_parameters()?.0)
     }
 
     pub fn get_payload_unverified<T>(&self) -> Result<UnverifiedValue<T>, Error>

http-wrapper/Cargo.toml

@@ -20,7 +20,7 @@ openssl = "0.10.60"
 
 fdo-data-formats = { path = "../data-formats", version = "0.4.12" }
 fdo-store = { path = "../store", version = "0.4.12" }
-aws-nitro-enclaves-cose = "0.4.0"
+aws-nitro-enclaves-cose = "0.5.0"
 
 # Server-side
 uuid = { version = "1.3", features = ["v4"], optional = true }