fix: Bring claim_v2 changes from #707 into c2pa_crypto (#811)

* Apply changes from merge commit 13889dd

* Introduce `cose::TimeStampStorage` enum

* Plumb TimeStampStorage through first layers of SDK

* Port `sigTst2` changes from `claim_v2` branch. See 6028853

* Port `sigTst2` validation changes from claim_v2 branch. See 6028853

* Move P1363 format check earlier in validation. See 6028853

* Pick up `claim_v2` changes to ContentInfo parsing. See bfdadc1

Author: scouten-adobe

internal/crypto/src/cose/mod.rs

@@ -42,5 +42,8 @@ pub use sigtst::{
     TstToken,
 };
 
+mod time_stamp_storage;
+pub use time_stamp_storage::TimeStampStorage;
+
 mod verifier;
 pub use verifier::Verifier;

internal/crypto/src/cose/sign.rs

@@ -18,9 +18,10 @@ use coset::{
     CoseSign1, CoseSign1Builder, Header, HeaderBuilder, Label, ProtectedHeader,
     TaggedCborSerializable,
 };
+use serde_bytes::ByteBuf;
 
 use crate::{
-    cose::{add_sigtst_header, add_sigtst_header_async, CoseError},
+    cose::{add_sigtst_header, add_sigtst_header_async, CoseError, TimeStampStorage},
     p1363::{der_to_p1363, parse_ec_der_sig},
     raw_signature::{AsyncRawSigner, RawSigner},
     SigningAlg,
@@ -76,22 +77,60 @@ use crate::{
 #[async_generic(async_signature(
     signer: &dyn AsyncRawSigner,
     data: &[u8],
-    box_size: usize
+    box_size: usize,
+    tss: TimeStampStorage
 ))]
-pub fn sign(signer: &dyn RawSigner, data: &[u8], box_size: usize) -> Result<Vec<u8>, CoseError> {
+pub fn sign(
+    signer: &dyn RawSigner,
+    data: &[u8],
+    box_size: usize,
+    tss: TimeStampStorage,
+) -> Result<Vec<u8>, CoseError> {
+    if _sync {
+        match tss {
+            TimeStampStorage::V1_sigTst => sign_v1(signer, data, box_size, tss),
+            TimeStampStorage::V2_sigTst2_CTT => sign_v2(signer, data, box_size, tss),
+        }
+    } else {
+        match tss {
+            TimeStampStorage::V1_sigTst => sign_v1_async(signer, data, box_size, tss).await,
+            TimeStampStorage::V2_sigTst2_CTT => sign_v2_async(signer, data, box_size, tss).await,
+        }
+    }
+}
+
+#[async_generic(async_signature(
+    signer: &dyn AsyncRawSigner,
+    data: &[u8],
+    box_size: usize,
+    tss: TimeStampStorage
+))]
+pub fn sign_v1(
+    signer: &dyn RawSigner,
+    data: &[u8],
+    box_size: usize,
+    tss: TimeStampStorage,
+) -> Result<Vec<u8>, CoseError> {
     let alg = signer.alg();
 
-    let (protected_header, unprotected_header) = if _sync {
-        build_headers(signer, data, alg)?
+    let protected_header = if _sync {
+        build_protected_header(signer, alg)?
     } else {
-        build_headers_async(signer, data, alg).await?
+        build_protected_header_async(signer, alg).await?
     };
 
     // We don't use the additional data header.
     let aad: &[u8; 0] = b"";
 
+    // V1: Generate time stamp then sign.
+    let unprotected_header = if _sync {
+        build_unprotected_header(signer, data, &protected_header, tss)?
+    } else {
+        build_unprotected_header_async(signer, data, &protected_header, tss).await?
+    };
+
     let sign1_builder = CoseSign1Builder::new()
-        .protected(protected_header)
+        .protected(protected_header.header.clone())
         .unprotected(unprotected_header)
         .payload(data.to_vec());
 
@@ -130,12 +169,89 @@ pub fn sign(signer: &dyn RawSigner, data: &[u8], box_size: usize) -> Result<Vec<
     pad_cose_sig(&mut sign1, box_size)
 }
 
-#[async_generic(async_signature(signer: &dyn AsyncRawSigner, data: &[u8], alg: SigningAlg))]
-fn build_headers(
+#[async_generic(async_signature(
+    signer: &dyn AsyncRawSigner,
+    data: &[u8],
+    box_size: usize,
+    tss: TimeStampStorage
+))]
+pub fn sign_v2(
     signer: &dyn RawSigner,
     data: &[u8],
+    box_size: usize,
+    tss: TimeStampStorage,
+) -> Result<Vec<u8>, CoseError> {
+    let alg = signer.alg();
+
+    let protected_header = if _sync {
+        build_protected_header(signer, alg)?
+    } else {
+        build_protected_header_async(signer, alg).await?
+    };
+
+    // We don't use the additional data header.
+    let aad: &[u8; 0] = b"";
+
+    // V2: Sign then generate time stamp.
+    let sign1_builder = CoseSign1Builder::new()
+        .protected(protected_header.header.clone())
+        .payload(data.to_vec());
+
+    let mut sign1 = sign1_builder.build();
+
+    let tbs = coset::sig_structure_data(
+        coset::SignatureContext::CoseSign1,
+        sign1.protected.clone(),
+        None,
+        aad,
+        sign1.payload.as_ref().unwrap_or(&vec![]),
+    );
+
+    let signature = if _sync {
+        signer.sign(&tbs)?
+    } else {
+        signer.sign(tbs).await?
+    };
+
+    // Fix up signatures that may be in the wrong format.
+    sign1.signature = match alg {
+        SigningAlg::Es256 | SigningAlg::Es384 | SigningAlg::Es512 => {
+            if parse_ec_der_sig(&signature).is_ok() {
+                // Fix up DER signature to be in P1363 format.
+                der_to_p1363(&signature, alg)?
+            } else {
+                signature
+            }
+        }
+        _ => signature,
+    };
+
+    // The payload is provided elsewhere, so we don't need to repeat it in the
+    // `Cose_Sign1` structure.
+    sign1.payload = None;
+
+    let sig_data = ByteBuf::from(sign1.signature.clone());
+    let mut sig_data_cbor: Vec<u8> = vec![];
+    ciborium::into_writer(&sig_data, &mut sig_data_cbor)
+        .map_err(|e| CoseError::CborGenerationError(e.to_string()))?;
+
+    // Fill in the unprotected header with time stamp data.
+    let unprotected_header = if _sync {
+        build_unprotected_header(signer, &sig_data_cbor, &protected_header, tss)?
+    } else {
+        build_unprotected_header_async(signer, &sig_data_cbor, &protected_header, tss).await?
+    };
+
+    sign1.unprotected = unprotected_header;
+
+    pad_cose_sig(&mut sign1, box_size)
+}
+
+#[async_generic(async_signature(signer: &dyn AsyncRawSigner, alg: SigningAlg))]
+fn build_protected_header(
+    signer: &dyn RawSigner,
     alg: SigningAlg,
-) -> Result<(Header, Header), CoseError> {
+) -> Result<ProtectedHeader, CoseError> {
     let mut protected_h = match alg {
         SigningAlg::Ps256 => HeaderBuilder::new().algorithm(iana::Algorithm::PS256),
         SigningAlg::Ps384 => HeaderBuilder::new().algorithm(iana::Algorithm::PS384),
@@ -146,14 +262,6 @@ fn build_headers(
         SigningAlg::Ed25519 => HeaderBuilder::new().algorithm(iana::Algorithm::EdDSA),
     };
 
-    let ocsp_val = if _sync {
-        signer.ocsp_response()
-    } else {
-        signer.ocsp_response().await
-    };
-
-    dbg!(&ocsp_val);
-
     let certs = signer.cert_chain()?;
 
     let sc_der_array_or_bytes = match certs.len() {
@@ -173,15 +281,35 @@ fn build_headers(
         header: protected_header.clone(),
     };
 
+    Ok(ph2)
+}
+
+#[async_generic(async_signature(signer: &dyn AsyncRawSigner, data: &[u8], p_header: &ProtectedHeader,     tss: TimeStampStorage,))]
+fn build_unprotected_header(
+    signer: &dyn RawSigner,
+    data: &[u8],
+    p_header: &ProtectedHeader,
+    tss: TimeStampStorage,
+) -> Result<Header, CoseError> {
+    // signed_data_from_time_stamp_response
+
+    // TO DO: Continue with diff here ... (let maybe_cts etc)
+
     let unprotected_h = HeaderBuilder::new();
 
     let mut unprotected_h = if _sync {
-        add_sigtst_header(signer, data, &ph2, unprotected_h)?
+        add_sigtst_header(signer, data, p_header, unprotected_h, tss)?
     } else {
-        add_sigtst_header_async(signer, data, &ph2, unprotected_h).await?
+        add_sigtst_header_async(signer, data, p_header, unprotected_h, tss).await?
     };
 
     // Set the OCSP responder response if available.
+    let ocsp_val = if _sync {
+        signer.ocsp_response()
+    } else {
+        signer.ocsp_response().await
+    };
+
     if let Some(ocsp) = ocsp_val {
         let mut ocsp_vec: Vec<Value> = Vec::new();
         let mut r_vals: Vec<(Value, Value)> = vec![];
@@ -192,8 +320,8 @@ fn build_headers(
         unprotected_h = unprotected_h.text_value("rVals".to_string(), Value::Map(r_vals));
     }
 
-    // Build complete header
-    Ok((protected_header, unprotected_h.build()))
+    // Build complete header.
+    Ok(unprotected_h.build())
 }
 
 const PAD: &str = "pad";

internal/crypto/src/cose/sigtst.rs

@@ -11,16 +11,19 @@
 // specific language governing permissions and limitations under
 // each license.
 
+use asn1_rs::nom::AsBytes;
 use async_generic::async_generic;
+use bcder::decode::Constructed;
 use ciborium::value::Value;
 use coset::{sig_structure_data, HeaderBuilder, Label, ProtectedHeader, SignatureContext};
 use serde::{Deserialize, Serialize};
+use serde_bytes::ByteBuf;
 
 use crate::{
-    asn1::rfc3161::TstInfo,
-    cose::CoseError,
+    asn1::rfc3161::{TimeStampResp, TstInfo},
+    cose::{CoseError, TimeStampStorage},
     raw_signature::{AsyncRawSigner, RawSigner},
-    time_stamp::{verify_time_stamp, verify_time_stamp_async},
+    time_stamp::{verify_time_stamp, verify_time_stamp_async, ContentInfo, TimeStampResponse},
 };
 
 /// Given a COSE signature, retrieve the `sigTst` header from it and validate
@@ -29,13 +32,15 @@ use crate::{
 /// Return a [`TstInfo`] struct if available and valid.
 #[async_generic]
 pub fn validate_cose_tst_info(sign1: &coset::CoseSign1, data: &[u8]) -> Result<TstInfo, CoseError> {
-    let Some(sigtst) = &sign1
+    let Some((sigtst, tss)) = &sign1
         .unprotected
         .rest
         .iter()
         .find_map(|x: &(Label, Value)| {
-            if x.0 == Label::Text("sigTst".to_string()) {
-                Some(x.1.clone())
+            if x.0 == Label::Text("sigTst2".to_string()) {
+                Some((x.1.clone(), TimeStampStorage::V2_sigTst2_CTT))
+            } else if x.0 == Label::Text("sigTst".to_string()) {
+                Some((x.1.clone(), TimeStampStorage::V1_sigTst))
             } else {
                 None
             }
@@ -44,14 +49,27 @@ pub fn validate_cose_tst_info(sign1: &coset::CoseSign1, data: &[u8]) -> Result<T
         return Err(CoseError::NoTimeStampToken);
     };
 
+    // `maybe_sig_data` has to be declared outside the match block below so that the
+    // slice we return can live long enough.
+    let mut maybe_sig_data: Vec<u8> = vec![];
+    let tbs = match tss {
+        TimeStampStorage::V1_sigTst => data,
+        TimeStampStorage::V2_sigTst2_CTT => {
+            let sig_data = ByteBuf::from(sign1.signature.clone());
+            ciborium::into_writer(&sig_data, &mut maybe_sig_data)
+                .map_err(|e| CoseError::CborParsingError(e.to_string()))?;
+            maybe_sig_data.as_slice()
+        }
+    };
+
     let mut time_cbor: Vec<u8> = vec![];
     ciborium::into_writer(sigtst, &mut time_cbor)
         .map_err(|e| CoseError::InternalError(e.to_string()))?;
 
     let tst_infos = if _sync {
-        parse_and_validate_sigtst(&time_cbor, data, &sign1.protected)?
+        parse_and_validate_sigtst(&time_cbor, tbs, &sign1.protected)?
     } else {
-        parse_and_validate_sigtst_async(&time_cbor, data, &sign1.protected).await?
+        parse_and_validate_sigtst_async(&time_cbor, tbs, &sign1.protected).await?
     };
 
     // For now, we only pay attention to the first time stamp header.
@@ -148,12 +166,14 @@ impl TstContainer {
         data: &[u8],
         p_header: &ProtectedHeader,
         mut header_builder: HeaderBuilder,
+        tss: TimeStampStorage,
     ))]
 pub fn add_sigtst_header(
     ts_provider: &dyn RawSigner,
     data: &[u8],
     p_header: &ProtectedHeader,
     mut header_builder: HeaderBuilder,
+    tss: TimeStampStorage,
 ) -> Result<HeaderBuilder, CoseError> {
     let sd = cose_countersign_data(data, p_header);
 
@@ -164,7 +184,16 @@ pub fn add_sigtst_header(
     };
 
     if let Some(cts) = maybe_cts {
-        let cts = cts?;
+        let mut cts = cts?;
+
+        if tss == TimeStampStorage::V2_sigTst2_CTT {
+            // In `sigTst2`, we use only the `TimeStampToken` and not `TimeStampRsp` for
+            // sigTst2
+            cts = timestamptoken_from_timestamprsp(&cts).ok_or(CoseError::CborGenerationError(
+                "unable to generate time stamp token".to_string(),
+            ))?;
+        }
+
         let cts = make_cose_timestamp(&cts);
 
         let mut sigtst_vec: Vec<u8> = vec![];
@@ -174,7 +203,14 @@ pub fn add_sigtst_header(
         let sigtst_cbor: Value = ciborium::from_reader(sigtst_vec.as_slice())
             .map_err(|e| CoseError::CborGenerationError(e.to_string()))?;
 
-        header_builder = header_builder.text_value("sigTst".to_string(), sigtst_cbor);
+        match tss {
+            TimeStampStorage::V1_sigTst => {
+                header_builder = header_builder.text_value("sigTst".to_string(), sigtst_cbor);
+            }
+            TimeStampStorage::V2_sigTst2_CTT => {
+                header_builder = header_builder.text_value("sigTst2".to_string(), sigtst_cbor);
+            }
+        }
     }
 
     Ok(header_builder)
@@ -191,3 +227,28 @@ fn make_cose_timestamp(ts_data: &[u8]) -> TstContainer {
 
     container
 }
+
+// Return timeStampToken used by sigTst2.
+fn timestamptoken_from_timestamprsp(ts: &[u8]) -> Option<Vec<u8>> {
+    let ts_resp = TimeStampResponse(
+        Constructed::decode(ts, bcder::Mode::Der, TimeStampResp::take_from).ok()?,
+    );
+
+    let tst = ts_resp.0.time_stamp_token?;
+
+    let a: Result<Vec<u32>, CoseError> = tst
+        .content_type
+        .iter()
+        .map(|v| {
+            v.to_u32()
+                .ok_or(CoseError::InternalError("invalid component".to_string()))
+        })
+        .collect();
+
+    let ci = ContentInfo {
+        content_type: rasn::types::ObjectIdentifier::new(a.ok()?)?,
+        content: rasn::types::Any::new(tst.content.as_bytes().to_vec()),
+    };
+
+    rasn::der::encode(&ci).ok()
+}