feat: Move COSE OCSP support into c2pa-crypto (#793)

Author: scouten-adobe

internal/crypto/src/cose/error.rs

@@ -13,14 +13,22 @@
 
 use thiserror::Error;
 
-use crate::time_stamp::TimeStampError;
+use crate::{cose::CertificateProfileError, time_stamp::TimeStampError};
 
 /// Describes errors that can occur when processing or generating [COSE]
 /// signatures.
 ///
 /// [COSE]: https://datatracker.ietf.org/doc/rfc9052/
 #[derive(Debug, Error)]
 pub enum CoseError {
+    /// No signing certificate chain was found.
+    #[error("missing signing certificate chain")]
+    MissingSigningCertificateChain,
+
+    /// Signing certificates appeared in both protected and unprotected headers.
+    #[error("multiple signing certificate chains detected")]
+    MultipleSigningCertificateChains,
+
     /// No time stamp token found.
     #[error("no time stamp token found in sigTst or sigTst2 header")]
     NoTimeStampToken,
@@ -32,4 +40,14 @@ pub enum CoseError {
     /// An error occurred while parsing a time stamp.
     #[error(transparent)]
     TimeStampError(#[from] TimeStampError),
+
+    /// The signing certificate(s) did not match the required certificate
+    /// profile.
+    #[error(transparent)]
+    CertificateProfileError(#[from] CertificateProfileError),
+
+    /// An unexpected internal error occured while requesting the time stamp
+    /// response.
+    #[error("internal error ({0})")]
+    InternalError(String),
 }

internal/crypto/src/cose/mod.rs

@@ -26,7 +26,11 @@ pub use certificate_profile::{check_certificate_profile, CertificateProfileError
 mod error;
 pub use error::CoseError;
 
+mod ocsp;
+pub use ocsp::{check_ocsp_status, check_ocsp_status_async, OcspFetchPolicy};
+
 mod sigtst;
 pub use sigtst::{
-    cose_countersign_data, parse_and_validate_sigtst, parse_and_validate_sigtst_async, TstToken,
+    cose_countersign_data, parse_and_validate_sigtst, parse_and_validate_sigtst_async,
+    validate_cose_tst_info, validate_cose_tst_info_async, TstToken,
 };

internal/crypto/src/cose/ocsp.rs

@@ -0,0 +1,270 @@
+// Copyright 2022 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License,
+// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+// or the MIT license (http://opensource.org/licenses/MIT),
+// at your option.
+
+// Unless required by applicable law or agreed to in writing,
+// this software is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
+// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
+// specific language governing permissions and limitations under
+// each license.
+
+use async_generic::async_generic;
+use c2pa_status_tracker::StatusTracker;
+use chrono::{DateTime, Utc};
+use ciborium::value::Value;
+use coset::{CoseSign1, Label};
+
+use crate::{
+    cose::{
+        check_certificate_profile, validate_cose_tst_info, validate_cose_tst_info_async,
+        CertificateTrustPolicy, CoseError,
+    },
+    ocsp::OcspResponse,
+};
+
+/// Given a COSE signature, extract the OCSP data and validate the status of
+/// that report.
+///
+/// TO DO: Determine if this needs to remain fully public after refactoring.
+#[async_generic]
+pub fn check_ocsp_status(
+    sign1: &CoseSign1,
+    data: &[u8],
+    fetch_policy: OcspFetchPolicy,
+    ctp: &CertificateTrustPolicy,
+    validation_log: &mut impl StatusTracker,
+) -> Result<OcspResponse, CoseError> {
+    match get_ocsp_der(sign1) {
+        Some(ocsp_response_der) => {
+            if _sync {
+                check_stapled_ocsp_response(sign1, &ocsp_response_der, data, ctp, validation_log)
+            } else {
+                check_stapled_ocsp_response_async(
+                    sign1,
+                    &ocsp_response_der,
+                    data,
+                    ctp,
+                    validation_log,
+                )
+                .await
+            }
+        }
+
+        None => match fetch_policy {
+            OcspFetchPolicy::FetchAllowed => {
+                fetch_and_check_ocsp_response(sign1, data, ctp, validation_log)
+            }
+            OcspFetchPolicy::DoNotFetch => Ok(OcspResponse::default()),
+        },
+    }
+}
+
+/// Policy for fetching OCSP responses.
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub enum OcspFetchPolicy {
+    /// Allow internet connection to fetch OCSP response.
+    FetchAllowed,
+
+    /// Do not connect and ignore OCSP status if not available.
+    DoNotFetch,
+}
+
+#[async_generic]
+fn check_stapled_ocsp_response(
+    sign1: &CoseSign1,
+    ocsp_response_der: &[u8],
+    data: &[u8],
+    ctp: &CertificateTrustPolicy,
+    validation_log: &mut impl StatusTracker,
+) -> Result<OcspResponse, CoseError> {
+    let time_stamp_info = if _sync {
+        validate_cose_tst_info(sign1, data)
+    } else {
+        validate_cose_tst_info_async(sign1, data).await
+    };
+
+    // If the stapled OCSP response has a time stamp, we can validate it.
+    let Ok(tst_info) = &time_stamp_info else {
+        return Ok(OcspResponse::default());
+    };
+
+    let signing_time: DateTime<Utc> = tst_info.gen_time.clone().into();
+
+    let Ok(ocsp_data) =
+        OcspResponse::from_der_checked(ocsp_response_der, Some(signing_time), validation_log)
+    else {
+        return Ok(OcspResponse::default());
+    };
+
+    // If we get a valid response, validate the certs.
+    if ocsp_data.revoked_at.is_none() {
+        if let Some(ocsp_certs) = &ocsp_data.ocsp_certs {
+            check_certificate_profile(&ocsp_certs[0], ctp, validation_log, Some(tst_info))?;
+        }
+    }
+
+    Ok(ocsp_data)
+}
+
+// TO DO: Add async version of this?
+fn fetch_and_check_ocsp_response(
+    sign1: &CoseSign1,
+    data: &[u8],
+    ctp: &CertificateTrustPolicy,
+    validation_log: &mut impl StatusTracker,
+) -> Result<OcspResponse, CoseError> {
+    #[cfg(target_arch = "wasm32")]
+    {
+        let _ = (sign1, data, ctp, validation_log);
+        Ok(OcspResponse::default())
+    }
+
+    #[cfg(not(target_arch = "wasm32"))]
+    {
+        let certs = get_cert_chain(sign1)?;
+
+        let Some(ocsp_der) = crate::ocsp::fetch_ocsp_response(&certs) else {
+            return Ok(OcspResponse::default());
+        };
+
+        let ocsp_response_der = ocsp_der;
+
+        let signing_time: Option<DateTime<Utc>> = validate_cose_tst_info(sign1, data)
+            .ok()
+            .map(|tst_info| tst_info.gen_time.clone().into());
+
+        // Check the OCSP response, but only if it is well-formed.
+        // Revocation errors are reported in the validation log.
+        let Ok(ocsp_data) =
+            OcspResponse::from_der_checked(&ocsp_response_der, signing_time, validation_log)
+        else {
+            // TO REVIEW: This is how the old code worked, but is it correct to ignore a
+            // malformed OCSP response?
+            return Ok(OcspResponse::default());
+        };
+
+        // If we get a valid response validate the certs.
+        if ocsp_data.revoked_at.is_none() {
+            if let Some(ocsp_certs) = &ocsp_data.ocsp_certs {
+                check_certificate_profile(&ocsp_certs[0], ctp, validation_log, None)?;
+            }
+        }
+
+        Ok(ocsp_data)
+    }
+}
+
+fn get_ocsp_der(sign1: &coset::CoseSign1) -> Option<Vec<u8>> {
+    let der = sign1
+        .unprotected
+        .rest
+        .iter()
+        .find_map(|x: &(Label, Value)| {
+            if x.0 == Label::Text("rVals".to_string()) {
+                Some(x.1.clone())
+            } else {
+                None
+            }
+        })?;
+
+    let Value::Map(rvals_map) = der else {
+        return None;
+    };
+
+    // Find OCSP value if available.
+    rvals_map.iter().find_map(|x: &(Value, Value)| {
+        if x.0 == Value::Text("ocspVals".to_string()) {
+            x.1.as_array()
+                .and_then(|ocsp_rsp_val| ocsp_rsp_val.first())
+                .and_then(Value::as_bytes)
+                .cloned()
+        } else {
+            None
+        }
+    })
+}
+
+// TO DO: See if this gets more widely used in crate.
+#[cfg(not(target_arch = "wasm32"))]
+fn get_cert_chain(sign1: &coset::CoseSign1) -> Result<Vec<Vec<u8>>, CoseError> {
+    use coset::iana::{self, EnumI64};
+
+    // Check the protected header first.
+    let Some(value) = sign1
+        .protected
+        .header
+        .rest
+        .iter()
+        .find_map(|x: &(Label, Value)| {
+            if x.0 == Label::Text("x5chain".to_string())
+                || x.0 == Label::Int(iana::HeaderParameter::X5Chain.to_i64())
+            {
+                Some(x.1.clone())
+            } else {
+                None
+            }
+        })
+    else {
+        // Not there: Also try unprotected header. (This was permitted in older versions
+        // of C2PA.)
+        return get_unprotected_header_certs(sign1);
+    };
+
+    // Certs may be in protected or unprotected header, but not both.
+    if get_unprotected_header_certs(sign1).is_ok() {
+        return Err(CoseError::MultipleSigningCertificateChains);
+    }
+
+    cert_chain_from_cbor_value(value)
+}
+
+#[cfg(not(target_arch = "wasm32"))]
+fn get_unprotected_header_certs(sign1: &coset::CoseSign1) -> Result<Vec<Vec<u8>>, CoseError> {
+    let Some(value) = sign1
+        .unprotected
+        .rest
+        .iter()
+        .find_map(|x: &(Label, Value)| {
+            if x.0 == Label::Text("x5chain".to_string()) {
+                Some(x.1.clone())
+            } else {
+                None
+            }
+        })
+    else {
+        return Err(CoseError::MissingSigningCertificateChain);
+    };
+
+    cert_chain_from_cbor_value(value)
+}
+
+#[cfg(not(target_arch = "wasm32"))]
+fn cert_chain_from_cbor_value(value: Value) -> Result<Vec<Vec<u8>>, CoseError> {
+    match value {
+        Value::Array(cert_chain) => {
+            let certs: Vec<Vec<u8>> = cert_chain
+                .iter()
+                .filter_map(|c| {
+                    if let Value::Bytes(der_bytes) = c {
+                        Some(der_bytes.clone())
+                    } else {
+                        None
+                    }
+                })
+                .collect();
+
+            if certs.is_empty() {
+                Err(CoseError::MissingSigningCertificateChain)
+            } else {
+                Ok(certs)
+            }
+        }
+
+        Value::Bytes(ref der_bytes) => Ok(vec![der_bytes.clone()]),
+
+        _ => Err(CoseError::MissingSigningCertificateChain),
+    }
+}

internal/crypto/src/cose/sigtst.rs

@@ -12,7 +12,8 @@
 // each license.
 
 use async_generic::async_generic;
-use coset::{sig_structure_data, ProtectedHeader, SignatureContext};
+use ciborium::value::Value;
+use coset::{sig_structure_data, Label, ProtectedHeader, SignatureContext};
 use serde::{Deserialize, Serialize};
 
 use crate::{
@@ -21,6 +22,46 @@ use crate::{
     time_stamp::{verify_time_stamp, verify_time_stamp_async},
 };
 
+/// Given a COSE signature, retrieve the `sigTst` header from it and validate
+/// the information within it.
+///
+/// Return a [`TstInfo`] struct if available and valid.
+#[async_generic]
+pub fn validate_cose_tst_info(sign1: &coset::CoseSign1, data: &[u8]) -> Result<TstInfo, CoseError> {
+    let Some(sigtst) = &sign1
+        .unprotected
+        .rest
+        .iter()
+        .find_map(|x: &(Label, Value)| {
+            if x.0 == Label::Text("sigTst".to_string()) {
+                Some(x.1.clone())
+            } else {
+                None
+            }
+        })
+    else {
+        return Err(CoseError::NoTimeStampToken);
+    };
+
+    let mut time_cbor: Vec<u8> = vec![];
+    ciborium::into_writer(sigtst, &mut time_cbor)
+        .map_err(|e| CoseError::InternalError(e.to_string()))?;
+
+    let tst_infos = if _sync {
+        parse_and_validate_sigtst(&time_cbor, data, &sign1.protected)?
+    } else {
+        parse_and_validate_sigtst_async(&time_cbor, data, &sign1.protected).await?
+    };
+
+    // For now, we only pay attention to the first time stamp header.
+    // Technically, more are permitted, but we ignore them for now.
+    let Some(tst_info) = tst_infos.into_iter().next() else {
+        return Err(CoseError::NoTimeStampToken);
+    };
+
+    Ok(tst_info)
+}
+
 /// Parse the `sigTst` header from a COSE signature, which should contain one or
 /// more `TstInfo` structures ([RFC 3161] time stamps).
 ///