feat: implement signed-cbor-cmw

Implement new `SignCBOR` and `VerifyCBOR` APIs to sign and verify a
`signed-cbor-cmw` (see §4.1 of draft-ietf-rats-msg-wrap-17).

Fix #14

Signed-off-by: Thomas Fossati <[email protected]>

Author: thomas-fossati

go.mod

@@ -4,7 +4,8 @@ go 1.23.0
 
 require (
 	github.com/fxamacker/cbor/v2 v2.7.0
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
+	github.com/veraison/go-cose v1.3.0
 )
 
 require (

go.sum

@@ -4,8 +4,10 @@ github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7rk=
+github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=

signed_cbor.go

@@ -0,0 +1,56 @@
+package cmw
+
+import (
+	"crypto/rand"
+	"fmt"
+
+	cose "github.com/veraison/go-cose"
+)
+
+// SignCBOR produces a signed-cbor-cmw from the target CMW by signing it with
+// the supplied cose.Signer.
+func (o CMW) SignCBOR(signer cose.Signer) ([]byte, error) {
+	msg := cose.NewSignMessage()
+
+	msg.Headers.Protected[cose.HeaderLabelAlgorithm] = signer.Algorithm()
+	msg.Headers.Protected[cose.HeaderLabelContentType] = "application/cmw+cbor"
+
+	payload, err := o.MarshalCBOR()
+	if err != nil {
+		return nil, err
+	}
+
+	return cose.Sign1(rand.Reader, signer, msg.Headers, payload, nil)
+}
+
+// VerifyCBOR verifies the signed-cbor-cmw using the supplied cose.Verifier.  If
+// the signature is succesfully validated and the payload CMW is correctly
+// formatted, the CMW target is populated.
+func (o *CMW) VerifyCBOR(verifier cose.Verifier, cbor []byte) error {
+	var msg cose.Sign1Message
+	if err := msg.UnmarshalCBOR(cbor); err != nil {
+		return fmt.Errorf("CBOR decoding signed-cbor-cmw: %w", err)
+	}
+
+	if v, ok := msg.Headers.Protected[cose.HeaderLabelContentType]; ok {
+		if v != "application/cmw+cbor" {
+			return fmt.Errorf("unexpected content type in signed-cbor-cmw: %v", v)
+		}
+	} else {
+		return fmt.Errorf("missing mandatory cty parameter in signed-cbor-cmw protected headers")
+	}
+
+	if _, ok := msg.Headers.Protected[cose.HeaderLabelAlgorithm]; !ok {
+		return fmt.Errorf("missing mandatory alg parameter in signed-cbor-cmw protected headers")
+	}
+
+	if err := msg.Verify(nil, verifier); err != nil {
+		return fmt.Errorf("signed-cbor-cmw signature verification failed: %w", err)
+	}
+
+	if err := o.UnmarshalCBOR(msg.Payload); err != nil {
+		return fmt.Errorf("CBOR decoding signed-cbor-cmw payload: %w", err)
+	}
+
+	return nil
+}

signed_cbor_test.go

@@ -0,0 +1,70 @@
+package cmw
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	cose "github.com/veraison/go-cose"
+)
+
+func TestCMW_Signed_CBOR_roundtrip_ok(t *testing.T) {
+	in := makeCMWCollection()
+	c0, _ := in.MarshalCBOR()
+
+	signer, verifier, err := getCOSESignerAndVerifier(t, testES256Key, cose.AlgorithmES256)
+	require.NoError(t, err)
+
+	got, err := in.SignCBOR(signer)
+	assert.NoError(t, err)
+
+	var out CMW
+	err = out.VerifyCBOR(verifier, got)
+	assert.NoError(t, err)
+
+	c1, _ := out.MarshalCBOR()
+	assert.Equal(t, c0, c1)
+}
+
+func TestCMW_Signed_CBOR_Verify_phdr_failures(t *testing.T) {
+	tvs := []struct {
+		v []byte
+		e string
+	}{
+		{
+			mustHexDecode("d28457a103746170706c69636174696f6e2f636d772b63626f72a058dea4685f5f636d77635f74737461673a696574662e6f72672c323032343a586a6d75726d75726c657373a2685f5f636d77635f74737461673a696574662e6f72672c323032343a596a706f6c7973636f7069638378186170706c69636174696f6e2f6561742d7563732b6a736f6e527b226561745f6e6f6e6365223a202e2e2e7d086c6272657477616c6461646f6d8278186170706c69636174696f6e2f6561742d7563732b63626f7242a10a7170686f746f656c656374726f67726170688378186170706c69636174696f6e2f6561742d7563732b63626f7243827818035840c274b981723930b3cc14912fe385a9dd2b29425a60afb01ebc625444ac05edd74bd7ebc69faa1b961606b58b575bf4ade87e5835d90454c6336a6cead4b3e5c7"),
+			"missing mandatory alg parameter in signed-cbor-cmw protected headers",
+		},
+		{
+			mustHexDecode("d28443a10126a058dea4685f5f636d77635f74737461673a696574662e6f72672c323032343a586a6d75726d75726c657373a2685f5f636d77635f74737461673a696574662e6f72672c323032343a596a706f6c7973636f7069638378186170706c69636174696f6e2f6561742d7563732b6a736f6e527b226561745f6e6f6e6365223a202e2e2e7d086c6272657477616c6461646f6d8278186170706c69636174696f6e2f6561742d7563732b63626f7242a10a7170686f746f656c656374726f67726170688378186170706c69636174696f6e2f6561742d7563732b63626f7243827818035840c274b981723930b3cc14912fe385a9dd2b29425a60afb01ebc625444ac05edd74bd7ebc69faa1b961606b58b575bf4ade87e5835d90454c6336a6cead4b3e5c7"),
+			"missing mandatory cty parameter in signed-cbor-cmw protected headers",
+		},
+		{
+			mustHexDecode("d2845820a2012603781a6170706c69636174696f6e2f736f6d657468696e672b656c7365a058dea4685f5f636d77635f74737461673a696574662e6f72672c323032343a586a6d75726d75726c657373a2685f5f636d77635f74737461673a696574662e6f72672c323032343a596a706f6c7973636f7069638378186170706c69636174696f6e2f6561742d7563732b6a736f6e527b226561745f6e6f6e6365223a202e2e2e7d086c6272657477616c6461646f6d8278186170706c69636174696f6e2f6561742d7563732b63626f7242a10a7170686f746f656c656374726f67726170688378186170706c69636174696f6e2f6561742d7563732b63626f7243827818035840c274b981723930b3cc14912fe385a9dd2b29425a60afb01ebc625444ac05edd74bd7ebc69faa1b961606b58b575bf4ade87e5835d90454c6336a6cead4b3e5c7"),
+			"unexpected content type in signed-cbor-cmw: application/something+else",
+		},
+		{
+			// clobbered signature field
+			mustHexDecode("d2845819a2012603746170706c69636174696f6e2f636d772b63626f72a058dea4685f5f636d77635f74737461673a696574662e6f72672c323032343a586a6d75726d75726c657373a2685f5f636d77635f74737461673a696574662e6f72672c323032343a596a706f6c7973636f7069638378186170706c69636174696f6e2f6561742d7563732b6a736f6e527b226561745f6e6f6e6365223a202e2e2e7d086c6272657477616c6461646f6d8278186170706c69636174696f6e2f6561742d7563732b63626f7242a10a7170686f746f656c656374726f67726170688378186170706c69636174696f6e2f6561742d7563732b63626f7243827818035840c274b981723930b3cc14912fe385a9dd2b29425a60afb01ebc625444ac05edd74bd7ebc69faa1b961606b58b575bf4ade87e5835d90454c6336a6cead4b3e5ff"),
+			"signed-cbor-cmw signature verification failed: verification error",
+		},
+		{
+			mustHexDecode("d2845819a20126037461"),
+			"CBOR decoding signed-cbor-cmw: unexpected EOF",
+		},
+		{
+			// invalid CMW payload 0xff (start of indef-length)
+			mustHexDecode("d2845819a2012603746170706c69636174696f6e2f636d772b63626f72a041ff5840746bbcd3f317eeed7de98aae40e0940dbae9f08a348bca6015c58e03eba1090d3f5c6bbcf6237fa0b74670c45eda09835d36d43c970c3e9df50811144e42aeff"),
+			"CBOR decoding signed-cbor-cmw payload: decoding tag",
+		},
+	}
+
+	_, verifier, err := getCOSESignerAndVerifier(t, testES256Key, cose.AlgorithmES256)
+	require.NoError(t, err)
+
+	for _, tv := range tvs {
+		var c CMW
+		err := c.VerifyCBOR(verifier, tv.v)
+		assert.ErrorContains(t, err, tv.e)
+	}
+}

test_common.go

@@ -0,0 +1,84 @@
+package cmw
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"math/big"
+	"testing"
+
+	cose "github.com/veraison/go-cose"
+)
+
+var testES256Key = []byte(`{
+	"kty": "EC",
+	"crv": "P-256",
+	"x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
+	"y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
+	"d": "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
+	"kid": "1"
+}`)
+
+func getCOSESignerAndVerifier(t *testing.T, keyBytes []byte, alg cose.Algorithm) (cose.Signer, cose.Verifier, error) {
+	var key map[string]string
+
+	err := json.Unmarshal(keyBytes, &key)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pkey, err := getKey(key)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	signer, err := cose.NewSigner(alg, pkey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	verifier, err := cose.NewVerifier(alg, pkey.Public())
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return signer, verifier, nil
+}
+
+func getKey(key map[string]string) (crypto.Signer, error) {
+	switch key["kty"] {
+	case "EC":
+		var c elliptic.Curve
+		switch key["crv"] {
+		case "P-256":
+			c = elliptic.P256()
+		case "P-384":
+			c = elliptic.P384()
+		case "P-521":
+			c = elliptic.P521()
+		default:
+			return nil, errors.New("unsupported EC curve: " + key["crv"])
+		}
+		pkey := &ecdsa.PrivateKey{
+			PublicKey: ecdsa.PublicKey{
+				X:     mustBase64ToBigInt(key["x"]),
+				Y:     mustBase64ToBigInt(key["y"]),
+				Curve: c,
+			},
+			D: mustBase64ToBigInt(key["d"]),
+		}
+		return pkey, nil
+	}
+	return nil, errors.New("unsupported key type: " + key["kty"])
+}
+
+func mustBase64ToBigInt(s string) *big.Int {
+	val, err := base64.RawURLEncoding.DecodeString(s)
+	if err != nil {
+		panic(err)
+	}
+	return new(big.Int).SetBytes(val)
+}