From 55b6252010631d6534d9687f4d543c25a97cb162 Mon Sep 17 00:00:00 2001 From: Anton Pronin Date: Sun, 15 Dec 2024 09:24:55 +0100 Subject: [PATCH] Vical CoseSign1 verification added; code cleanup --- .../certificate_info.rs | 34 +++------ .../org_iso_18013_5_1_vical/extension.rs | 3 - .../namespaces/org_iso_18013_5_1_vical/mod.rs | 28 ++------ .../vical_cose_sign1.rs | 69 ++++++++----------- .../org_iso_18013_5_1_vical/vical.json | 23 +++++++ 5 files changed, 68 insertions(+), 89 deletions(-) create mode 100644 test/definitions/namespaces/org_iso_18013_5_1_vical/vical.json diff --git a/src/definitions/namespaces/org_iso_18013_5_1_vical/certificate_info.rs b/src/definitions/namespaces/org_iso_18013_5_1_vical/certificate_info.rs index e3791b8..58ca9c1 100644 --- a/src/definitions/namespaces/org_iso_18013_5_1_vical/certificate_info.rs +++ b/src/definitions/namespaces/org_iso_18013_5_1_vical/certificate_info.rs @@ -1,3 +1,13 @@ +use crate::{ + definitions::{ + helpers::ByteStr, + namespaces::{ + latin1::Latin1, + org_iso_18013_5_1::{Alpha2, TDate}, + org_iso_18013_5_1_vical::{Extensions, certificate_profile::CertificateProfiles, doc_type::DocTypes}}, + traits::ToCbor}, + macros::{FromJson, ToCbor}, +}; //CertificateInfo = { // "certificate" : bstr // "serialNumber" : biguint @@ -14,30 +24,6 @@ // ? "extensions" : Extensions // * tstr => any ; // } - -use crate::{ - definitions::{ - helpers::ByteStr, - namespaces::{ - latin1::Latin1, - org_iso_18013_5_1::{ - Alpha2, - TDate - }, - org_iso_18013_5_1_vical::{ - Extensions, - certificate_profile::CertificateProfiles, - doc_type::DocTypes - } - }, - traits::ToCbor - }, - macros::{ - FromJson, - ToCbor - }, -}; - #[derive(Clone, Debug, FromJson)] #[isomdl(crate = "crate")] pub struct CertificateInfos(Vec); diff --git a/src/definitions/namespaces/org_iso_18013_5_1_vical/extension.rs b/src/definitions/namespaces/org_iso_18013_5_1_vical/extension.rs index 3190f33..3a70c0f 100644 --- a/src/definitions/namespaces/org_iso_18013_5_1_vical/extension.rs +++ b/src/definitions/namespaces/org_iso_18013_5_1_vical/extension.rs @@ -3,9 +3,6 @@ use isomdl_macros::FromJson; use crate::definitions::helpers::ByteStr; use crate::definitions::traits::ToCbor; -// pub type Extensions = Option>; -// pub type Extensions = Option>; - #[derive(Clone, Debug, FromJson)] #[isomdl(crate = "crate")] pub struct Extensions(BTreeMap); diff --git a/src/definitions/namespaces/org_iso_18013_5_1_vical/mod.rs b/src/definitions/namespaces/org_iso_18013_5_1_vical/mod.rs index 340a306..7eb9d22 100644 --- a/src/definitions/namespaces/org_iso_18013_5_1_vical/mod.rs +++ b/src/definitions/namespaces/org_iso_18013_5_1_vical/mod.rs @@ -34,29 +34,13 @@ pub struct OrgIso1901351Vical { mod tests { use super::*; use crate::definitions::traits::FromJson; + + static JSON_VICAL: &str = include_str!("../../../../test/definitions/namespaces/org_iso_18013_5_1_vical/vical.json"); #[test] fn all() { - let json = serde_json::json!({ - "version": "1.0.0", - "vical_provider": "Spruce", - "date": "2024-12-31T12:00:00Z", - "vical_issue_id": 1, - "next_update": "2022-03-21T13:30:00Z", - "certificate_infos": [ - { - "certificate": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", - "serial_number": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", - "ski": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", - "doc_type": ["somedoc"], - "certificate_profile": ["profile"], - "extensions": {"extension_name": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3"}, - } - ] - }); - - let ns = OrgIso1901351Vical::from_json(&json).unwrap(); - - assert!(ns.vical_issue_id.is_some()); - assert!(ns.next_update.is_some()); + let json_vical: serde_json::Value = serde_json::from_str(JSON_VICAL).unwrap(); + let vical = OrgIso1901351Vical::from_json(&json_vical).unwrap(); + assert!(vical.vical_issue_id.is_some()); + assert!(vical.next_update.is_some()); } } \ No newline at end of file diff --git a/src/definitions/namespaces/org_iso_18013_5_1_vical/vical_cose_sign1.rs b/src/definitions/namespaces/org_iso_18013_5_1_vical/vical_cose_sign1.rs index 4de8d2c..2cd9c67 100644 --- a/src/definitions/namespaces/org_iso_18013_5_1_vical/vical_cose_sign1.rs +++ b/src/definitions/namespaces/org_iso_18013_5_1_vical/vical_cose_sign1.rs @@ -1,67 +1,56 @@ use crate::definitions::namespaces::org_iso_18013_5_1_vical::OrgIso1901351Vical; -use coset::{iana, CoseSign1}; +use coset::{CborSerializable, CoseSign1}; use p256::ecdsa::{Signature}; -use signature::{SignatureEncoding, Signer}; -use crate::cose::SignatureAlgorithm; +use signature::{Signer, Verifier}; +use crate::cose::{SignatureAlgorithm}; use crate::definitions::traits::ToCbor; -pub fn sign_vical(vical: OrgIso1901351Vical, signer: &S) -> CoseSign1 +pub fn sign_vical(vical: OrgIso1901351Vical, signer: &S) -> CoseSign1 where - S: Signer + SignatureAlgorithm, - Sig: SignatureEncoding + S: Signer + SignatureAlgorithm, { let aad = b""; let protected = coset::HeaderBuilder::new() - .algorithm(iana::Algorithm::ES256) + .algorithm(signer.algorithm()) .key_id(b"11".to_vec()) .build(); - let cose_sign = coset::CoseSign1Builder::new() + coset::CoseSign1Builder::new() .protected(protected) .payload(vical.to_cbor_bytes().unwrap()) - .create_signature(aad, |pt| signer.sign(pt).to_vec()) // closure to do sign operation - .build(); - cose_sign + .create_signature(aad, |pt| signer.sign(pt).to_vec()) + .build() +} +pub fn verify_vical(sign_data: Vec, verifier: &V) -> Result<(), signature::Error> +where + V: Verifier + SignatureAlgorithm, +{ + let aad = b""; + let cose_sign1 = CoseSign1::from_slice(&sign_data).unwrap(); + cose_sign1.verify_signature(aad, |sig, data| verifier.verify(data, &Signature::from_slice(sig).unwrap())) } #[cfg(test)] mod tests { use coset::CborSerializable; use hex::FromHex; - use p256::ecdsa::{SigningKey}; + use p256::ecdsa::{SigningKey, VerifyingKey}; use p256::SecretKey; use crate::definitions::traits::FromJson; use super::*; static COSE_KEY: &str = include_str!("../../../../test/definitions/cose/sign1/secret_key"); + static JSON_VICAL: &str = include_str!("../../../../test/definitions/namespaces/org_iso_18013_5_1_vical/vical.json"); #[test] fn test_sign_vical() { - let key = Vec::::from_hex(COSE_KEY).unwrap(); - let signer: SigningKey = SecretKey::from_slice(&key).unwrap().into(); - - let json = serde_json::json!({ - "version": "1.0.0", - "vical_provider": "Spruce", - "date": "2024-12-31T12:00:00Z", - "vical_issue_id": 1, - "next_update": "2022-03-21T13:30:00Z", - "certificate_infos": [ - { - "certificate": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", - "serial_number": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", - "ski": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", - "doc_type": ["somedoc"], - "certificate_profile": ["profile"], - "extensions": {"extension_name": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3"}, - } - ] - }); - let vical = OrgIso1901351Vical::from_json(&json).unwrap(); - let sign = sign_vical::(vical, &signer); - + let key_bytes = Vec::::from_hex(COSE_KEY).unwrap(); + let signer: SigningKey = SecretKey::from_slice(&key_bytes).unwrap().into(); + let verifier = VerifyingKey::from(&signer); + let json_vical: serde_json::Value = serde_json::from_str(JSON_VICAL).unwrap(); + let vical = OrgIso1901351Vical::from_json(&json_vical).unwrap(); + let sign = sign_vical::(vical, &signer); + // println!("{:#?}", hex::encode(sign.to_vec().unwrap())); let sign_data = sign.to_vec().unwrap(); - let sign1 = coset::CoseSign1::from_slice(&sign_data).unwrap(); - // let result = sign1.verify_signature(b"", |sig, data| verifier.verify(sig, data)); - // println!("Signature verified: {:?}.", result); - // assert!(result.is_ok()); - // println!("{:#?}", hex::encode(&sign.to_vec().unwrap())); + let result = verify_vical::(sign_data, &verifier); + println!("Signature verified: {:?}.", result); + assert!(result.is_ok()); } } \ No newline at end of file diff --git a/test/definitions/namespaces/org_iso_18013_5_1_vical/vical.json b/test/definitions/namespaces/org_iso_18013_5_1_vical/vical.json new file mode 100644 index 0000000..2c88d07 --- /dev/null +++ b/test/definitions/namespaces/org_iso_18013_5_1_vical/vical.json @@ -0,0 +1,23 @@ +{ + "version": "1.0.0", + "vical_provider": "Spruce", + "date": "2024-12-31T12:00:00Z", + "vical_issue_id": 1, + "next_update": "2022-03-21T13:30:00Z", + "certificate_infos": [ + { + "certificate": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", + "serial_number": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", + "ski": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3", + "doc_type": [ + "somedoc" + ], + "certificate_profile": [ + "profile" + ], + "extensions": { + "extension_name": "57c92077664146e876760c9520d054aa93c3afb04e306705db6090308507b4d3" + } + } + ] +} \ No newline at end of file