feat: Move COSE timestamp generation into c2pa_crypto (#803)

Author: scouten-adobe

internal/crypto/src/cose/error.rs

@@ -49,6 +49,10 @@ pub enum CoseError {
     #[error("error while parsing CBOR ({0})")]
     CborParsingError(String),
 
+    /// An error occurred while generating CBOR.
+    #[error("error while generating CBOR ({0})")]
+    CborGenerationError(String),
+
     /// An error occurred while parsing a time stamp.
     #[error(transparent)]
     TimeStampError(#[from] TimeStampError),

internal/crypto/src/cose/mod.rs

@@ -34,8 +34,9 @@ pub use sign1::{cert_chain_from_sign1, parse_cose_sign1, signing_alg_from_sign1}
 
 mod sigtst;
 pub use sigtst::{
-    cose_countersign_data, parse_and_validate_sigtst, parse_and_validate_sigtst_async,
-    validate_cose_tst_info, validate_cose_tst_info_async, TstToken,
+    add_sigtst_header, add_sigtst_header_async, cose_countersign_data, parse_and_validate_sigtst,
+    parse_and_validate_sigtst_async, validate_cose_tst_info, validate_cose_tst_info_async,
+    TstToken,
 };
 
 mod verifier;

internal/crypto/src/cose/sigtst.rs

@@ -13,13 +13,15 @@
 
 use async_generic::async_generic;
 use ciborium::value::Value;
-use coset::{sig_structure_data, Label, ProtectedHeader, SignatureContext};
+use coset::{sig_structure_data, HeaderBuilder, Label, ProtectedHeader, SignatureContext};
 use serde::{Deserialize, Serialize};
 
 use crate::{
     asn1::rfc3161::TstInfo,
     cose::CoseError,
-    time_stamp::{verify_time_stamp, verify_time_stamp_async},
+    time_stamp::{
+        verify_time_stamp, verify_time_stamp_async, AsyncTimeStampProvider, TimeStampProvider,
+    },
 };
 
 /// Given a COSE signature, retrieve the `sigTst` header from it and validate
@@ -121,8 +123,69 @@ pub struct TstToken {
     pub val: Vec<u8>,
 }
 
-#[derive(Debug, Deserialize, Eq, PartialEq, Serialize)]
+#[derive(Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
 struct TstContainer {
     #[serde(rename = "tstTokens")]
     tst_tokens: Vec<TstToken>,
 }
+
+impl TstContainer {
+    pub fn add_token(&mut self, token: TstToken) {
+        self.tst_tokens.push(token);
+    }
+}
+
+/// TO DO: Determine if this needs to be public after refactoring.
+///
+/// Given a COSE [`ProtectedHeader`] and an arbitrary block of data, use the
+/// provided [`TimeStampProvider`] or [`AsyncTimeStampProvider`] to request a
+/// timestamp for that block of data.
+#[async_generic(
+    async_signature(
+        ts_provider: &dyn AsyncTimeStampProvider,
+        data: &[u8],
+        p_header: &ProtectedHeader,
+        mut header_builder: HeaderBuilder,
+    ))]
+pub fn add_sigtst_header(
+    ts_provider: &dyn TimeStampProvider,
+    data: &[u8],
+    p_header: &ProtectedHeader,
+    mut header_builder: HeaderBuilder,
+) -> Result<HeaderBuilder, CoseError> {
+    let sd = cose_countersign_data(data, p_header);
+
+    let maybe_cts = if _sync {
+        ts_provider.send_time_stamp_request(&sd)
+    } else {
+        ts_provider.send_time_stamp_request(&sd).await
+    };
+
+    if let Some(cts) = maybe_cts {
+        let cts = cts?;
+        let cts = make_cose_timestamp(&cts);
+
+        let mut sigtst_vec: Vec<u8> = vec![];
+        ciborium::into_writer(&cts, &mut sigtst_vec)
+            .map_err(|e| CoseError::CborGenerationError(e.to_string()))?;
+
+        let sigtst_cbor: Value = ciborium::from_reader(sigtst_vec.as_slice())
+            .map_err(|e| CoseError::CborGenerationError(e.to_string()))?;
+
+        header_builder = header_builder.text_value("sigTst".to_string(), sigtst_cbor);
+    }
+
+    Ok(header_builder)
+}
+
+// Wrap RFC 3161 TimeStampRsp in COSE sigTst object.
+fn make_cose_timestamp(ts_data: &[u8]) -> TstContainer {
+    let token = TstToken {
+        val: ts_data.to_vec(),
+    };
+
+    let mut container = TstContainer::default();
+    container.add_token(token);
+
+    container
+}

internal/crypto/src/time_stamp/provider.rs

@@ -73,9 +73,79 @@ pub trait TimeStampProvider {
 /// asynchronously.
 ///
 /// [RFC 3161]: https://datatracker.ietf.org/doc/html/rfc3161
-#[cfg_attr(not(target_arch = "wasm32"), async_trait)]
-#[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
+#[cfg(not(target_arch = "wasm32"))]
+#[async_trait]
+pub trait AsyncTimeStampProvider: Sync {
+    // IMPORTANT: It appears that the Sync (most platforms) vs not-Sync (WASM)
+    // distinction can't be achieved without duplicating the trait definition 👎🏻.
+    // Please verify that any changes made here are also made to the subsequent
+    // definition of AsyncTimeStampProvider for WASM builds.
+
+    /// Return the URL for time stamp service.
+    fn time_stamp_service_url(&self) -> Option<String> {
+        None
+    }
+
+    /// Additional request headers to pass to the time stamp service.
+    ///
+    /// IMPORTANT: You should not include the "Content-type" header here.
+    /// That is provided by default.
+    fn time_stamp_request_headers(&self) -> Option<Vec<(String, String)>> {
+        None
+    }
+
+    /// Generate the request body for the HTTPS request to the time stamp
+    /// service.
+    fn time_stamp_request_body(&self, message: &[u8]) -> Result<Vec<u8>, TimeStampError> {
+        default_rfc3161_message(message)
+    }
+
+    /// Request a [RFC 3161] time stamp over an arbitrary data packet.
+    ///
+    /// The default implementation will send the request to the URL
+    /// provided by [`Self::time_stamp_service_url()`], if any.
+    ///
+    /// [RFC 3161]: https://datatracker.ietf.org/doc/html/rfc3161
+    #[allow(unused_variables)] // `message` not used on WASM
+    async fn send_time_stamp_request(
+        &self,
+        message: &[u8],
+    ) -> Option<Result<Vec<u8>, TimeStampError>> {
+        // NOTE: This is currently synchronous, but may become
+        // async in the future.
+        #[cfg(not(target_arch = "wasm32"))]
+        if let Some(url) = self.time_stamp_service_url() {
+            if let Ok(body) = self.time_stamp_request_body(message) {
+                let headers: Option<Vec<(String, String)>> = self.time_stamp_request_headers();
+                return Some(
+                    super::http_request::default_rfc3161_request_async(
+                        &url, headers, &body, message,
+                    )
+                    .await,
+                );
+            }
+        }
+
+        None
+    }
+}
+
+/// An `AsyncTimeStampProvider` implementation can contact a [RFC 3161] time
+/// stamp service and generate a corresponding time stamp for a specific piece
+/// of data.
+///
+/// This is identical to [`TimeStampProvider`] except for performing its work
+/// asynchronously.
+///
+/// [RFC 3161]: https://datatracker.ietf.org/doc/html/rfc3161
+#[cfg(target_arch = "wasm32")]
+#[async_trait(?Send)]
 pub trait AsyncTimeStampProvider {
+    // IMPORTANT: It appears that the Sync (most platforms) vs not-Sync (WASM)
+    // distinction can't be achieved without duplicating the trait definition 👎🏻.
+    // Please verify that any changes made here are also made to the previous
+    // definition of AsyncTimeStampProvider for non-WASM builds.
+
     /// Return the URL for time stamp service.
     fn time_stamp_service_url(&self) -> Option<String> {
         None

sdk/src/cose_sign.rs

@@ -17,7 +17,10 @@
 
 use async_generic::async_generic;
 use c2pa_crypto::{
-    cose::{check_certificate_profile, CertificateTrustPolicy},
+    cose::{
+        add_sigtst_header, add_sigtst_header_async, check_certificate_profile,
+        CertificateTrustPolicy,
+    },
     p1363::parse_ec_der_sig,
     SigningAlg,
 };
@@ -30,13 +33,8 @@ use coset::{
 };
 
 use crate::{
-    claim::Claim,
-    cose_validator::verify_cose,
-    settings::get_settings_value,
-    time_stamp::{
-        cose_timestamp_countersign, cose_timestamp_countersign_async, make_cose_timestamp,
-    },
-    AsyncSigner, Error, Result, Signer,
+    claim::Claim, cose_validator::verify_cose, settings::get_settings_value, AsyncSigner, Error,
+    Result, Signer,
 };
 
 /// Generate a COSE signature for a block of bytes which must be a valid C2PA
@@ -310,20 +308,20 @@ fn build_headers(signer: &dyn Signer, data: &[u8], alg: SigningAlg) -> Result<(H
         header: protected_header.clone(),
     };
 
-    let maybe_cts = if _sync {
-        cose_timestamp_countersign(signer, data, &ph2)
-    } else {
-        cose_timestamp_countersign_async(signer, data, &ph2).await
-    };
+    let unprotected_h = HeaderBuilder::new();
 
-    let mut unprotected_h = if let Some(cts) = maybe_cts {
-        let cts = cts?;
-        let sigtst_vec = serde_cbor::to_vec(&make_cose_timestamp(&cts))?;
-        let sigtst_cbor = serde_cbor::from_slice(&sigtst_vec)?;
-
-        HeaderBuilder::new().text_value("sigTst".to_string(), sigtst_cbor)
+    let mut unprotected_h = if _sync {
+        if let Some(tsp) = signer.time_stamp_provider() {
+            add_sigtst_header(*tsp, data, &ph2, unprotected_h)?
+        } else {
+            unprotected_h
+        }
     } else {
-        HeaderBuilder::new()
+        if let Some(tsp) = signer.async_time_stamp_provider() {
+            add_sigtst_header_async(*tsp, data, &ph2, unprotected_h).await?
+        } else {
+            unprotected_h
+        }
     };
 
     // set the ocsp responder response if available

sdk/src/error.rs

@@ -354,6 +354,7 @@ impl From<CoseError> for Error {
             CoseError::UnsupportedSigningAlgorithm => Self::CoseSignatureAlgorithmNotSupported,
             CoseError::InvalidEcdsaSignature => Self::InvalidEcdsaSignature,
             CoseError::CborParsingError(_) => Self::CoseTimeStampGeneration,
+            CoseError::CborGenerationError(_) => Self::CoseTimeStampGeneration,
             CoseError::TimeStampError(e) => e.into(),
             CoseError::CertificateProfileError(e) => e.into(),
             CoseError::CertificateTrustError(e) => e.into(),

sdk/src/lib.rs

@@ -170,7 +170,6 @@ pub(crate) mod resource_store;
 pub(crate) mod salt;
 pub(crate) mod signer;
 pub(crate) mod store;
-pub(crate) mod time_stamp;
 
 pub(crate) mod utils;
 pub(crate) use utils::{cbor_types, hash_utils};

sdk/src/signer.rs

@@ -12,7 +12,11 @@
 // each license.
 
 use async_trait::async_trait;
-use c2pa_crypto::{raw_signature::RawSigner, SigningAlg};
+use c2pa_crypto::{
+    raw_signature::RawSigner,
+    time_stamp::{AsyncTimeStampProvider, TimeStampProvider},
+    SigningAlg,
+};
 
 use crate::{DynamicAssertion, Result};
 
@@ -94,6 +98,13 @@ pub trait Signer {
     fn dynamic_assertions(&self) -> Vec<Box<dyn DynamicAssertion>> {
         Vec::new()
     }
+
+    /// If this struct also implements [`TimeStampProvider`], return a reference to that struct.
+    ///
+    /// [`TimeStampProvider`]: c2pa_crypto::time_stamp::TimeStampProvider
+    fn time_stamp_provider(&self) -> Option<Box<&dyn TimeStampProvider>> {
+        None
+    }
 }
 
 /// Trait to allow loading of signing credential from external sources
@@ -207,6 +218,13 @@ pub trait AsyncSigner: Sync {
     fn dynamic_assertions(&self) -> Vec<Box<dyn DynamicAssertion>> {
         Vec::new()
     }
+
+    /// If this struct also implements [`AsyncTimeStampProvider`], return a reference to that struct.
+    ///
+    /// [`AsyncTimeStampProvider`]: c2pa_crypto::time_stamp::AsyncTimeStampProvider
+    fn async_time_stamp_provider(&self) -> Option<Box<&dyn AsyncTimeStampProvider>> {
+        None
+    }
 }
 
 /// The `AsyncSigner` trait generates a cryptographic signature over a byte array.
@@ -279,6 +297,13 @@ pub trait AsyncSigner {
     fn dynamic_assertions(&self) -> Vec<Box<dyn DynamicAssertion>> {
         Vec::new()
     }
+
+    /// If this struct also implements [`AsyncTimeStampProvider`], return a reference to that struct.
+    ///
+    /// [`AsyncTimeStampProvider`]: c2pa_crypto::time_stamp::AsyncTimeStampProvider
+    fn async_time_stamp_provider<'a>(&'a self) -> Option<Box<&'a dyn AsyncTimeStampProvider>> {
+        None
+    }
 }
 
 #[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
@@ -342,6 +367,10 @@ impl Signer for Box<dyn Signer> {
     fn send_timestamp_request(&self, message: &[u8]) -> Option<Result<Vec<u8>>> {
         (**self).send_timestamp_request(message)
     }
+
+    fn time_stamp_provider(&self) -> Option<Box<&dyn TimeStampProvider>> {
+        (**self).time_stamp_provider()
+    }
 }
 
 #[cfg(not(target_arch = "wasm32"))]