WIP

Author: maxtropets

CMakeLists.txt

@@ -173,6 +173,7 @@ set(HTTP_PARSER_SOURCES
     ${CCF_3RD_PARTY_EXPORTED_DIR}/llhttp/llhttp.c
 )
 
+include(${CCF_DIR}/cmake/cose_openssl.cmake)
 include(${CCF_DIR}/cmake/crypto.cmake)
 include(${CCF_DIR}/cmake/quickjs.cmake)
 include(${CCF_DIR}/cmake/qcbor.cmake)

cmake/cose_openssl.cmake

@@ -0,0 +1,22 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the Apache 2.0 License.
+
+include(FetchContent)
+
+FetchContent_Declare(
+  Corrosion
+  GIT_REPOSITORY https://github.com/corrosion-rs/corrosion.git
+  GIT_TAG a1a1aaa057a5da656c06c3d8505b767a4e941709 # v0.5.2
+)
+FetchContent_MakeAvailable(Corrosion)
+
+corrosion_import_crate(
+  MANIFEST_PATH
+  "${CCF_DIR}/src/cose/ccf_cose/Cargo.toml"
+  PROFILE
+  "release"
+  CRATES
+  "ccf-cose"
+  CRATE_TYPES
+  "staticlib"
+)

cmake/crypto.cmake

@@ -40,7 +40,13 @@ target_compile_options(ccfcrypto PUBLIC ${COMPILE_LIBCXX})
 target_link_options(ccfcrypto PUBLIC ${LINK_LIBCXX})
 
 target_link_libraries(ccfcrypto PUBLIC crypto ssl evercbor)
-target_link_libraries(ccfcrypto PRIVATE t_cose)
+target_link_libraries(
+  ccfcrypto PRIVATE t_cose ${CMAKE_BINARY_DIR}/libccf_cose.a
+)
+add_dependencies(ccfcrypto cargo-build_ccf_cose)
+target_include_directories(
+  ccfcrypto PUBLIC $<BUILD_INTERFACE:${CCF_DIR}/src/cose>
+)
 set_property(TARGET ccfcrypto PROPERTY POSITION_INDEPENDENT_CODE ON)
 
 install(

scripts/setup-ci.sh

@@ -48,7 +48,7 @@ tdnf --snapshottime=$SOURCE_DATE_EPOCH -y install procps
 tdnf --snapshottime=$SOURCE_DATE_EPOCH install -y bind-utils
 curl -L --output h2spec_linux_amd64.tar.gz https://github.com/summerwind/h2spec/releases/download/$H2SPEC_VERSION/h2spec_linux_amd64.tar.gz
 tar -xvf h2spec_linux_amd64.tar.gz
-mkdir /opt/h2spec
+mkdir -p /opt/h2spec
 mv h2spec /opt/h2spec/h2spec
 rm h2spec_linux_amd64.tar.gz
 
@@ -58,3 +58,6 @@ tdnf --snapshottime=$SOURCE_DATE_EPOCH -y install strace
 
 # For packaging
 tdnf --snapshottime=$SOURCE_DATE_EPOCH -y install rpm-build
+
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --component rustfmt
+export PATH="$HOME/.cargo/bin:$PATH"

src/cose/ccf_cose.h

@@ -0,0 +1,56 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+
+#pragma once
+
+#include <cstddef>
+#include <cstdint>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+  /// Sign a CCF ledger signature (COSE_Sign1, detached payload).
+  /// Returns 0 on success, non-zero on failure.
+  int ccf_cose_sign_ledger(
+    const uint8_t* key_der_ptr,
+    size_t key_der_len,
+    const uint8_t* kid_ptr,
+    size_t kid_len,
+    int64_t iat,
+    const uint8_t* issuer_ptr,
+    size_t issuer_len,
+    const uint8_t* subject_ptr,
+    size_t subject_len,
+    const uint8_t* txid_ptr,
+    size_t txid_len,
+    const uint8_t* payload_ptr,
+    size_t payload_len,
+    uint8_t** out_ptr,
+    size_t* out_len);
+
+  /// Sign a CCF identity endorsement (COSE_Sign1, embedded payload).
+  /// epoch_end and prev_root may be NULL/0 if not applicable.
+  /// Returns 0 on success, non-zero on failure.
+  int ccf_cose_sign_endorsement(
+    const uint8_t* key_der_ptr,
+    size_t key_der_len,
+    int64_t iat,
+    const uint8_t* epoch_begin_ptr,
+    size_t epoch_begin_len,
+    const uint8_t* epoch_end_ptr,
+    size_t epoch_end_len,
+    const uint8_t* prev_root_ptr,
+    size_t prev_root_len,
+    const uint8_t* payload_ptr,
+    size_t payload_len,
+    uint8_t** out_ptr,
+    size_t* out_len);
+
+  /// Free a buffer returned by ccf_cose_sign_*.
+  void ccf_cose_free(uint8_t* ptr, size_t len);
+
+#ifdef __cplusplus
+}
+#endif

src/cose/ccf_cose/Cargo.lock

@@ -0,0 +1,13 @@
+[package]
+name = "ccf-cose"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+crate-type = ["staticlib"]
+
+[dependencies]
+cose-openssl = { git = "https://github.com/maxtropets/cose-openssl.git", branch = "f/cose-wrapped" }
+
+[profile.release]
+lto = true