feat: Move get_cose_sign1 into c2pa-crypto crate (#794)

Author: scouten-adobe

internal/crypto/src/cose/mod.rs

@@ -29,6 +29,9 @@ pub use error::CoseError;
 mod ocsp;
 pub use ocsp::{check_ocsp_status, check_ocsp_status_async, OcspFetchPolicy};
 
+mod sign1;
+pub use sign1::parse_cose_sign1;
+
 mod sigtst;
 pub use sigtst::{
     cose_countersign_data, parse_and_validate_sigtst, parse_and_validate_sigtst_async,

internal/crypto/src/cose/sign1.rs

@@ -0,0 +1,47 @@
+// Copyright 2022 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License,
+// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+// or the MIT license (http://opensource.org/licenses/MIT),
+// at your option.
+
+// Unless required by applicable law or agreed to in writing,
+// this software is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
+// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
+// specific language governing permissions and limitations under
+// each license.
+
+use c2pa_status_tracker::{log_item, validation_codes::CLAIM_SIGNATURE_MISMATCH, StatusTracker};
+use coset::{CoseSign1, TaggedCborSerializable};
+
+use crate::cose::CoseError;
+
+/// Parse a byte slice as a COSE Sign1 data structure.
+///
+/// Log errors that might occur to the provided [`StatusTracker`].
+pub fn parse_cose_sign1(
+    cose_bytes: &[u8],
+    data: &[u8],
+    validation_log: &mut impl StatusTracker,
+) -> Result<CoseSign1, CoseError> {
+    let mut sign1 = <coset::CoseSign1 as TaggedCborSerializable>::from_tagged_slice(cose_bytes)
+        .map_err(|coset_error| {
+            log_item!(
+                "Cose_Sign1",
+                "could not parse signature",
+                "parse_cose_sign1"
+            )
+            .validation_status(CLAIM_SIGNATURE_MISMATCH)
+            .failure_no_throw(
+                validation_log,
+                CoseError::CborParsingError(coset_error.to_string()),
+            );
+
+            CoseError::CborParsingError(coset_error.to_string())
+        })?;
+
+    // Temporarily restore the payload into the signature for verification check.
+    sign1.payload = Some(data.to_vec());
+
+    Ok(sign1)
+}

sdk/src/claim.rs

@@ -16,7 +16,11 @@ use std::path::Path;
 use std::{collections::HashMap, fmt};
 
 use async_generic::async_generic;
-use c2pa_crypto::{base64, cose::CertificateTrustPolicy, ValidationInfo};
+use c2pa_crypto::{
+    base64,
+    cose::{parse_cose_sign1, CertificateTrustPolicy},
+    ValidationInfo,
+};
 use c2pa_status_tracker::{log_item, OneShotStatusTracker, StatusTracker};
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
@@ -35,8 +39,8 @@ use crate::{
     },
     asset_io::CAIRead,
     cose_validator::{
-        check_ocsp_status, check_ocsp_status_async, get_cose_sign1, get_signing_info,
-        get_signing_info_async, verify_cose, verify_cose_async,
+        check_ocsp_status, check_ocsp_status_async, get_signing_info, get_signing_info_async,
+        verify_cose, verify_cose_async,
     },
     error::{Error, Result},
     hashed_uri::HashedUri,
@@ -1068,7 +1072,7 @@ impl Claim {
         }
 
         // check certificate revocation
-        let sign1 = get_cose_sign1(&sig, &data, validation_log)?;
+        let sign1 = parse_cose_sign1(&sig, &data, validation_log)?;
         check_ocsp_status_async(&sign1, &data, ctp, validation_log).await?;
 
         let verified =
@@ -1114,7 +1118,7 @@ impl Claim {
         };
 
         // check certificate revocation
-        let sign1 = get_cose_sign1(sig, data, validation_log)?;
+        let sign1 = parse_cose_sign1(sig, data, validation_log)?;
         check_ocsp_status(&sign1, data, ctp, validation_log)?;
 
         let verified = verify_cose(