Broken CAWG signing.

Author: cdmurph32

js-src/Builder.spec.ts

@@ -381,9 +381,6 @@ describe("Builder", () => {
       const reader = await Reader.fromAsset(dest);
       const manifest = reader.json();
 
-      // Ensure JSON parsing the manifest doesn't include any backslashes
-      const manifestJson = JSON.stringify(manifest);
-
       // Check that our specific JSON assertion doesn't have escaped characters
       const activeManifest = manifest.manifests[manifest.active_manifest!];
       const fingerprintAssertionData = activeManifest?.assertions?.find(
@@ -405,7 +402,6 @@ describe("Builder", () => {
       expect(JSON.stringify(fingerprintAssertionData?.data)).not.toContain(
         "\\",
       );
-      console.log(manifestJson);
     });
 
     it("should archive and restore builder with ingredient thumbnail", async () => {

js-src/IdentityAssertion.spec.ts

@@ -150,7 +150,7 @@ describe("IdentityAssertionBuilder", () => {
 
     const source = {
       buffer: await fs.readFile("./tests/fixtures/CA.jpg"),
-      mimeType: "jpeg",
+      mimeType: "image/jpeg",
     };
     const dest: DestinationBufferAsset = {
       buffer: null,
@@ -161,30 +161,30 @@ describe("IdentityAssertionBuilder", () => {
 
     // Add the required resources
     await builder.addResource("thumbnail.jpg", {
-      mimeType: "jpeg",
+      mimeType: "image/jpeg",
       buffer: await fs.readFile("./tests/fixtures/thumbnail.jpg"),
     });
     await builder.addResource("ingredient-thumb.jpg", {
-      mimeType: "jpeg",
+      mimeType: "image/jpeg",
       buffer: await fs.readFile("./tests/fixtures/thumbnail.jpg"),
     });
 
     // Create and configure the identity assertion
-    const ia_signer = IdentityAssertionSigner.new(c2paSigner);
+    const iaSigner = IdentityAssertionSigner.new(c2paSigner.signer());
     const iab =
       await IdentityAssertionBuilder.identityBuilderForCredentialHolder(
-        cawgSigner,
+        cawgSigner.signer(),
       );
     iab.addReferencedAssertions(["cawg.training-mining"]);
-    ia_signer.addIdentityAssertion(iab);
+    iaSigner.addIdentityAssertion(iab);
 
-    // Sign the manifest
-    await builder.signAsync(c2paSigner, source, dest);
+    // Sign the manifest (standard async flow)
+    await builder.signAsync(iaSigner, source, dest);
 
     // Verify the manifest
     const reader = await Reader.fromAsset({
       buffer: dest.buffer! as Buffer,
-      mimeType: "jpeg",
+      mimeType: "image/jpeg",
     });
     await reader.postValidateCawg();
   });

js-src/Settings.ts

@@ -42,7 +42,7 @@ export async function loadSettingsFromFile(filePath: string): Promise<void> {
   const ext = path.extname(filePath).toLowerCase();
   const content = await fs.readFile(filePath, "utf8");
   if (ext === ".toml") {
-    loadC2paSettings(content);
+    loadC2paSettingsToml(content);
     return;
   }
   // Assume JSON (or JSON5 that is valid JSON) otherwise

js-src/Signer.ts

@@ -13,10 +13,12 @@
 
 const neon = require("./index.node");
 import type {
-  LocalSignerInterface,
   CallbackSignerInterface,
-  SigningAlg,
+  CallbackCredentialHolderInterface,
   JsCallbackSignerConfig,
+  LocalSignerInterface,
+  SignerPayload,
+  SigningAlg,
 } from "./types";
 
 export class LocalSigner implements LocalSignerInterface {
@@ -99,3 +101,40 @@ export class CallbackSigner implements CallbackSignerInterface {
     return neon.callbackSignerTimeAuthorityUrl.call(this.callbackSigner);
   }
 }
+
+export class CallbackCredentialHolder
+  implements CallbackCredentialHolderInterface
+{
+  constructor(
+    private callbackCredentialHolder: CallbackSignerInterface,
+  ) {}
+
+  signer(): CallbackSignerInterface {
+    return this.callbackCredentialHolder;
+  }
+
+  static newSigner(
+    config: JsCallbackSignerConfig,
+    callback: (data: Buffer) => Promise<Buffer>,
+  ) {
+    // Convert the config object to a JsBox<CallbackSignerConfig>
+    const configBox = neon.callbackSignerConfigFromJs(config);
+    const signer = neon.callbackSignerFromConfig(configBox, callback);
+    return new CallbackCredentialHolder(signer);
+  }
+
+  async sign(payload: SignerPayload): Promise<Buffer> {
+    return neon.callbackSignerSignPayload.call(
+      this.callbackCredentialHolder,
+      payload,
+    );
+  }
+
+  reserveSize(): number {
+    return neon.callbackSignerReserveSize.call(this.callbackCredentialHolder);
+  }
+
+  sigType(): string {
+    return "cawg.x509.cose";
+  }
+}

js-src/index.node.d.ts

@@ -18,12 +18,14 @@ import type {
   CallbackSignerInterface,
   ClaimVersion,
   DestinationAsset,
+  CallbackCredentialHolderInterface,
   IdentityAssertionBuilderInterface,
   IdentityAssertionSignerInterface,
   JsCallbackSignerConfig,
   LocalSignerInterface,
   ManifestAssertionKind,
   ReaderInterface,
+  SignerPayload,
   SigningAlg,
   SourceAsset,
   TrustmarkConfig,

js-src/types.d.ts

@@ -121,6 +121,13 @@ export interface CallbackSignerInterface {
   signer(): CallbackSignerInterface;
 }
 
+export interface CallbackCredentialHolderInterface {
+  sigType(): string;
+  reserveSize(): number;
+  sign(payload: SignerPayload): Promise<Buffer>;
+  signer(): CallbackSignerInterface;
+}
+
 /**
  * @internal
  * Internal type used for Rust/Node.js interop
@@ -141,6 +148,18 @@ export interface JsCallbackSignerConfig {
   directCoseHandling: boolean;
 }
 
+export interface SignerPayload {
+  referencedAssertions: HashedUri[];
+  sigType: string;
+  roles: string[];
+}
+
+export interface HashedUri {
+  url: string;
+  hash: Uint8Array;
+  alg?: string;
+}
+
 export interface BuilderInterface {
   /**
    * Set the no embed flag of the manifest
@@ -221,7 +240,7 @@ export interface BuilderInterface {
    * @returns the bytes of the c2pa_manifest that was embedded
    */
   signAsync(
-    callbackSigner: CallbackSignerInterface,
+    callbackSigner: CallbackSignerInterface | IdentityAssertionSignerInterface,
     input: SourceAsset,
     output: DestinationAsset,
   ): Promise<Buffer>;
@@ -239,20 +258,6 @@ export interface BuilderInterface {
     output: DestinationAsset,
   ): Buffer;
 
-  /**
-   * Sign an asset from a buffer or file asynchronously, using an
-   * IdentityAssertionSigner
-   * @param signer The IdentityAssertionSigner
-   * @param source The file or buffer containing the asset
-   * @param dest The file or buffer to write the asset to
-   * @returns the bytes of the c2pa_manifest that was embedded
-   */
-  identitySignAsync(
-    callbackSigner: IdentityAssertionSignerInterface,
-    input: SourceAsset,
-    output: DestinationAsset,
-  ): Promise<Buffer>;
-
   /**
    * Getter for the builder's manifest definition
    * @returns The manifest definition

src/neon_identity_assertion_builder.rs

@@ -17,6 +17,8 @@ use c2pa::{
     identity::{builder::AsyncCredentialHolder, SignerPayload},
 };
 use neon::prelude::*;
+use serde::{Deserialize, Serialize};
+use serde_bytes::ByteBuf;
 use std::ops::Deref;
 use std::sync::RwLock;
 
@@ -28,6 +30,22 @@ pub struct NeonIdentityAssertionBuilder {
     roles: RwLock<Vec<String>>,
 }
 
+#[derive(Deserialize, Serialize)]
+struct IdentityAssertion {
+    signer_payload: SignerPayload,
+
+    signature: Vec<u8>,
+
+    pad1: Vec<u8>,
+
+    // Must use explicit ByteBuf here because #[serde(with = "serde_bytes")]
+    // does not work with Option<Vec<u8>>.
+    pad2: Option<ByteBuf>,
+
+    // Label for the assertion. Only assigned when reading from a manifest.
+    label: Option<String>,
+}
+
 // Note: unwrap is used on read() and write() results, as poisoning only occurs as a result of a
 // panic on another thread.
 impl Clone for NeonIdentityAssertionBuilder {
@@ -108,9 +126,11 @@ impl AsyncDynamicAssertion for NeonIdentityAssertionBuilder {
         let referenced_assertions = claim
             .assertions()
             .filter(|a| {
+                // Always include hash data assertions
                 if a.url().contains("c2pa.assertions/c2pa.hash.") {
                     return true;
                 }
+                // Otherwise include if user-added label matches
                 let label = if let Some((_, label)) = a.url().rsplit_once('/') {
                     label.to_string()
                 } else {
@@ -138,20 +158,52 @@ impl AsyncDynamicAssertion for NeonIdentityAssertionBuilder {
             .await
             .map_err(|e| c2pa::Error::OtherError(Box::new(e)))?;
 
-        let mut assertion_cbor: Vec<u8> = vec![];
-        ciborium::into_writer(&(signer_payload, signature), &mut assertion_cbor)
+        finalize_identity_assertion(signer_payload, size, signature)
+    }
+}
+fn finalize_identity_assertion(
+    signer_payload: SignerPayload,
+    size: Option<usize>,
+    signature: Vec<u8>,
+) -> c2pa::Result<DynamicAssertionContent> {
+    let mut ia = IdentityAssertion {
+        signer_payload,
+        signature,
+        pad1: vec![],
+        pad2: None,
+        label: None,
+    };
+
+    let mut assertion_cbor: Vec<u8> = vec![];
+    ciborium::into_writer(&ia, &mut assertion_cbor)
+        .map_err(|e| c2pa::Error::BadParam(e.to_string()))?;
+    // TO DO: Think through how errors map into crate::Error.
+
+    if let Some(assertion_size) = size {
+        if assertion_cbor.len() > assertion_size {
+            return Err(c2pa::Error::BadParam(format!("Serialized assertion is {len} bytes, which exceeds the planned size of {assertion_size} bytes", len = assertion_cbor.len())));
+        }
+
+        ia.pad1 = vec![0u8; assertion_size - assertion_cbor.len() - 15];
+
+        assertion_cbor.clear();
+        ciborium::into_writer(&ia, &mut assertion_cbor)
             .map_err(|e| c2pa::Error::BadParam(e.to_string()))?;
+        // TO DO: Think through how errors map into crate::Error.
 
-        if let Some(assertion_size) = size {
-            if assertion_cbor.len() > assertion_size {
-                return Err(c2pa::Error::BadParam(format!(
-                    "Serialized assertion is {} bytes, which exceeds the planned size of {} bytes",
-                    assertion_cbor.len(),
-                    assertion_size
-                )));
-            }
-        }
+        ia.pad2 = Some(ByteBuf::from(vec![
+            0u8;
+            assertion_size - assertion_cbor.len() - 6
+        ]));
 
-        Ok(DynamicAssertionContent::Cbor(assertion_cbor))
+        assertion_cbor.clear();
+        ciborium::into_writer(&ia, &mut assertion_cbor)
+            .map_err(|e| c2pa::Error::BadParam(e.to_string()))?;
+        // TO DO: Think through how errors map into crate::Error.
+
+        // TO DO: See if this approach ever fails. IMHO it "should" work for all cases.
+        assert_eq!(assertion_size, assertion_cbor.len());
     }
+
+    Ok(DynamicAssertionContent::Cbor(assertion_cbor))
 }

src/neon_signer.rs

@@ -16,7 +16,6 @@ use async_trait::async_trait;
 use c2pa::{
     create_signer,
     crypto::{
-        cose::{sign, TimeStampStorage},
         raw_signature::{AsyncRawSigner, RawSigner, RawSignerError},
         time_stamp::{AsyncTimeStampProvider, TimeStampProvider},
     },
@@ -26,7 +25,7 @@ use c2pa::{
     },
     AsyncSigner,
     Error::OtherError,
-    Signer, SigningAlg,
+    HashedUri, Signer, SigningAlg,
 };
 use neon::prelude::*;
 use neon::types::buffer::TypedArray;
@@ -319,10 +318,10 @@ impl TimeStampProvider for NeonCallbackSigner {
 
 impl AsyncTimeStampProvider for NeonCallbackSigner {
     fn time_stamp_service_url(&self) -> Option<String> {
-        TimeStampProvider::time_stamp_service_url(self)
+        self.config.tsa_url.clone()
     }
     fn time_stamp_request_headers(&self) -> Option<Vec<(String, String)>> {
-        TimeStampProvider::time_stamp_request_headers(self)
+        self.config.tsa_headers.clone()
     }
 }
 
@@ -394,7 +393,7 @@ impl AsyncRawSigner for NeonCallbackSigner {
 
 impl RawSigner for NeonCallbackSigner {
     fn sign(&self, _data: &[u8]) -> Result<Vec<u8>, RawSignerError> {
-        // Instead of blocking, we'll return an error since this is a sync context
+        // Synchronous signing is not supported; use AsyncRawSigner instead
         Err(RawSignerError::InternalError(
             "Synchronous signing not supported - use AsyncRawSigner instead".to_string(),
         ))
@@ -428,8 +427,10 @@ impl AsyncCredentialHolder for NeonCallbackSigner {
         ciborium::into_writer(signer_payload, &mut sp_cbor)
             .map_err(|e| IdentityBuilderError::CborGenerationError(e.to_string()))?;
 
-        // Create a COSE_Sign1 structure using the raw signature
-        sign(self, &sp_cbor, None, TimeStampStorage::V2_sigTst2_CTT)
+        // Package into COSE_Sign1 using library-side COSE handling via async wrapper
+        // Use AsyncSigner::sign to avoid any sync context
+        c2pa::AsyncSigner::sign(self, sp_cbor)
+            .await
             .map_err(|e| IdentityBuilderError::SignerError(e.to_string()))
     }
 }