From e364d762d19770406440ece4579dee5852bb8dec Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Tue, 26 Nov 2024 16:49:32 +0100 Subject: [PATCH 1/7] WIP: Make CoseSigned fully payload-type aware --- signum | 2 +- .../at/asitplus/wallet/lib/agent/Validator.kt | 7 +-- .../asitplus/wallet/lib/cbor/CoseService.kt | 48 ++++--------------- .../wallet/lib/cbor/CoseServiceTest.kt | 18 +++++-- .../asitplus/wallet/lib/iso/IsoProcessTest.kt | 9 +--- .../wallet/lib/iso/Tag24SerializationTest.kt | 4 +- .../wallet/lib/cbor/CoseServiceJvmTest.kt | 10 ++-- 7 files changed, 34 insertions(+), 64 deletions(-) diff --git a/signum b/signum index 2ae952abc..ac2a81bb3 160000 --- a/signum +++ b/signum @@ -1 +1 @@ -Subproject commit 2ae952abc6cf3a9dda1d21ff0bb405558618c408 +Subproject commit ac2a81bb3db987a92023c64fa8b2e6823a134869 diff --git a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt index 1bcee5e74..8d8b3975f 100644 --- a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt +++ b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt @@ -300,12 +300,9 @@ class Validator( throw IllegalArgumentException("issuerAuth") } - val mso: MobileSecurityObject? = issuerSigned.issuerAuth.getTypedPayload(MobileSecurityObject.serializer()).onFailure { - throw IllegalArgumentException("mso", it) - Napier.w("MSO could not be decoded", it) - }.getOrNull()?.value + val mso: MobileSecurityObject? = issuerSigned.issuerAuth.payload if (mso == null) { - Napier.w("MSO is null: ${issuerAuth.payload?.encodeToString(Base16(strict = true))}") + Napier.w("MSO is null: $issuerAuth") throw IllegalArgumentException("mso") } diff --git a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt index 2aa3eac26..ce74108c7 100644 --- a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt +++ b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt @@ -4,7 +4,6 @@ import at.asitplus.KmmResult import at.asitplus.catching import at.asitplus.signum.indispensable.CryptoSignature import at.asitplus.signum.indispensable.cosef.* -import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper import at.asitplus.signum.indispensable.pki.X509Certificate import at.asitplus.signum.indispensable.toX509SignatureAlgorithm import at.asitplus.signum.supreme.asKmmResult @@ -12,11 +11,7 @@ import at.asitplus.signum.supreme.sign.Verifier import at.asitplus.wallet.lib.agent.CryptoService import at.asitplus.wallet.lib.agent.DefaultVerifierCryptoService import at.asitplus.wallet.lib.agent.VerifierCryptoService -import at.asitplus.wallet.lib.iso.MobileSecurityObject -import at.asitplus.wallet.lib.iso.vckCborSerializer -import at.asitplus.wallet.lib.iso.wrapInCborTag import io.github.aakira.napier.Napier -import kotlinx.serialization.encodeToByteArray /** * Creates and parses COSE objects. @@ -62,42 +57,15 @@ class DefaultCoseService(private val cryptoService: CryptoService) : CoseService addCertificate: Boolean, ): KmmResult> = catching { protectedHeader.withAlgorithmAndKeyId(addKeyId).let { coseHeader -> - payload.asCosePayload().let { cosePayload -> - CoseSigned( - protectedHeader = coseHeader, - unprotectedHeader = unprotectedHeader.withCertificateIfExists(addCertificate), - payload = cosePayload, - signature = calcSignature(coseHeader, cosePayload) - ) - } + CoseSigned

( + protectedHeader = coseHeader, + unprotectedHeader = unprotectedHeader.withCertificateIfExists(addCertificate), + payload = payload, + signature = calcSignature(coseHeader, payload) + ) } } - /** - * Encodes [this] as payload for [createSignedCose], i.e. encodes it into a byte array. - * + [ByteArray] is processed as it is - * + [ByteStringWrapper] is wrapped in Tag(24) - * + [MobileSecurityObject] is wrapped as [ByteStringWrapper] and wrapped in Tag(24) - * + null is processed as it is - * - * If other complex data classes need to be serialized (other than [MobileSecurityObject]), - * extend this method in the same fashion - */ - @Throws(NotImplementedError::class) - private fun

P.asCosePayload(): ByteArray? = when (this) { - is ByteArray -> this - is ByteStringWrapper<*> -> vckCborSerializer - .encodeToByteArray(this) - .wrapInCborTag(24) - - is MobileSecurityObject -> vckCborSerializer - .encodeToByteArray(ByteStringWrapper(this) as ByteStringWrapper) - .wrapInCborTag(24) - - is Nothing? -> null - else -> throw NotImplementedError() - } - private suspend fun CoseHeader?.withCertificateIfExists(addCertificate: Boolean): CoseHeader? = if (addCertificate) { withCertificate(cryptoService.keyMaterial.getCertificate()) @@ -122,9 +90,9 @@ class DefaultCoseService(private val cryptoService: CryptoService) : CoseService this?.copy(algorithm = coseAlgorithm) ?: CoseHeader(algorithm = coseAlgorithm) - private suspend fun calcSignature( + private suspend fun calcSignature( protectedHeader: CoseHeader, - payload: ByteArray?, + payload: P?, ): CryptoSignature.RawByteEncodable = cryptoService.sign(CoseSigned.prepareCoseSignatureInput(protectedHeader, payload)) .asKmmResult().getOrElse { diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt index 50a6f6239..6dd1a3e1e 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt @@ -9,8 +9,12 @@ import io.kotest.core.spec.style.FreeSpec import io.kotest.matchers.nulls.shouldNotBeNull import io.kotest.matchers.shouldBe import kotlinx.datetime.Clock +import kotlinx.serialization.ExperimentalSerializationApi +import kotlinx.serialization.builtins.ByteArraySerializer +import kotlinx.serialization.builtins.NothingSerializer import kotlin.random.Random +@OptIn(ExperimentalSerializationApi::class) class CoseServiceTest : FreeSpec({ lateinit var cryptoService: CryptoService @@ -37,7 +41,9 @@ class CoseServiceTest : FreeSpec({ signed.payload shouldBe randomPayload signed.signature.shouldNotBeNull() - val parsed = CoseSigned.deserialize(signed.serialize()).getOrThrow() + val parameterSerializer = ByteArraySerializer() + val parsed = CoseSigned.deserialize(parameterSerializer, signed.serialize(parameterSerializer)).getOrThrow() + parsed shouldBe signed val result = verifierCoseService.verifyCose(parsed, coseKey) result.isSuccess shouldBe true @@ -64,10 +70,12 @@ class CoseServiceTest : FreeSpec({ payload = mso, ).getOrThrow() - signed.getTypedPayload(MobileSecurityObject.serializer()).getOrThrow().shouldNotBeNull().value shouldBe mso + signed.payload shouldBe mso signed.signature.shouldNotBeNull() - val parsed = CoseSigned.deserialize(signed.serialize()).getOrThrow() + val parameterSerializer = MobileSecurityObject.serializer() + val parsed = CoseSigned.deserialize(parameterSerializer,signed.serialize(parameterSerializer)).getOrThrow() + parsed shouldBe signed val result = verifierCoseService.verifyCose(parsed, coseKey) result.isSuccess shouldBe true @@ -82,7 +90,9 @@ class CoseServiceTest : FreeSpec({ signed.payload shouldBe null signed.signature.shouldNotBeNull() - val parsed = CoseSigned.deserialize(signed.serialize()).getOrThrow() + val parameterSerializer = NothingSerializer() + val parsed = CoseSigned.deserialize(parameterSerializer,signed.serialize(parameterSerializer)).getOrThrow() + parsed shouldBe signed val result = verifierCoseService.verifyCose(parsed, coseKey) result.isSuccess shouldBe true diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt index 4d8472739..cf575ddee 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt @@ -55,9 +55,7 @@ class Wallet { issuerAuth.payload.shouldNotBeNull() val mso = document.issuerSigned.issuerAuth - .getTypedPayload(MobileSecurityObject.serializer()) - .getOrThrow()?.value - .shouldNotBeNull() + .payload.shouldNotBeNull() val mdlItems = document.issuerSigned.namespaces?.get(ConstantIndex.AtomicAttribute2023.isoNamespace) .shouldNotBeNull() @@ -198,10 +196,7 @@ class Verifier { val issuerAuth = issuerSigned.issuerAuth verifierCoseService.verifyCose(issuerAuth, issuerKey).isSuccess shouldBe true issuerAuth.payload.shouldNotBeNull() - val mso = issuerAuth - .getTypedPayload(MobileSecurityObject.serializer()) - .getOrThrow()?.value - .shouldNotBeNull() + val mso = issuerAuth.payload.shouldNotBeNull() mso.docType shouldBe ConstantIndex.AtomicAttribute2023.isoDocType val mdlItems = mso.valueDigests[ConstantIndex.AtomicAttribute2023.isoNamespace].shouldNotBeNull() diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt index fdcf47887..6d63872ef 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt @@ -119,7 +119,7 @@ class Tag24SerializationTest : FreeSpec({ val input = CoseSigned>( protectedHeader = ByteStringWrapper(CoseHeader()), unprotectedHeader = null, - payload = serializedMso, + payload = ByteStringWrapper(mso), rawSignature = byteArrayOf() ) @@ -169,7 +169,7 @@ private fun deviceKeyInfo() = private fun issuerAuth() = CoseSigned( protectedHeader = ByteStringWrapper(CoseHeader()), unprotectedHeader = null, - payload = byteArrayOf(), + payload = null, rawSignature = byteArrayOf() ) diff --git a/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt b/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt index d8382ce34..ef8b5a136 100644 --- a/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt +++ b/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt @@ -7,7 +7,6 @@ import at.asitplus.signum.supreme.HazardousMaterials import at.asitplus.signum.supreme.hazmat.jcaPrivateKey import at.asitplus.signum.supreme.sign.EphemeralKey import at.asitplus.wallet.lib.agent.DefaultCryptoService -import at.asitplus.wallet.lib.agent.EphemeralKeyWithSelfSignedCert import at.asitplus.wallet.lib.agent.EphemeralKeyWithoutCert import com.authlete.cbor.CBORByteArray import com.authlete.cbor.CBORDecoder @@ -21,6 +20,7 @@ import io.kotest.matchers.shouldBe import io.kotest.matchers.types.shouldBeInstanceOf import io.matthewnelson.encoding.base16.Base16 import io.matthewnelson.encoding.core.Encoder.Companion.encodeToString +import kotlinx.serialization.builtins.ByteArraySerializer import java.security.interfaces.ECPrivateKey import java.security.interfaces.ECPublicKey @@ -110,7 +110,7 @@ class CoseServiceJvmTest : FreeSpec({ extLibVerifier.verify(extLibCoseSign1) shouldBe true // Parsing to our structure verifying payload - val coseSigned = CoseSigned.deserialize(extLibCoseSign1.encode()).getOrThrow() + val coseSigned = CoseSigned.deserialize(ByteArraySerializer(), extLibCoseSign1.encode()).getOrThrow() coseSigned.payload shouldBe randomPayload.encodeToByteArray() val parsedDefLengthSignature = coseSigned.signature as CryptoSignature.EC.DefiniteLength val parsedSig = parsedDefLengthSignature.rawByteArray.encodeToString(Base16()) @@ -128,11 +128,11 @@ class CoseServiceJvmTest : FreeSpec({ addCertificate = false, addKeyId = false, ).getOrThrow() - val signedSerialized = signed.serialize().encodeToString(Base16()) + val signedSerialized = signed.serialize(ByteArraySerializer()).encodeToString(Base16()) val extLibSerialized = extLibCoseSign1.encode().encodeToString(Base16()) signedSerialized.length shouldBe extLibSerialized.length - withClue("$sigAlgo: Signature: ${parsedSig}") { + withClue("$sigAlgo: Signature: $parsedSig") { verifierCoseService.verifyCose(coseSigned, coseKey).isSuccess shouldBe true } } @@ -145,7 +145,7 @@ class CoseServiceJvmTest : FreeSpec({ addKeyId = false, ).getOrThrow() - val parsed = CBORDecoder(byteArrayOf(0xD2.toByte()) + coseSigned.serialize()).next() + val parsed = CBORDecoder(byteArrayOf(0xD2.toByte()) + coseSigned.serialize(ByteArraySerializer())).next() .shouldBeInstanceOf() val parsedCoseSign1 = parsed.tagContent .shouldBeInstanceOf() From 9e4bad4eb0150c4c899870434d6389bc0753b467 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Tue, 26 Nov 2024 18:16:12 +0100 Subject: [PATCH 2/7] Add serializer as parameter for several methods in CoseSigned --- signum | 2 +- .../wallet/lib/oidvci/CredentialIssuer.kt | 6 ++-- .../asitplus/wallet/lib/agent/IssuerAgent.kt | 1 + .../at/asitplus/wallet/lib/agent/Validator.kt | 10 ++++--- .../agent/VerifiablePresentationFactory.kt | 2 ++ .../asitplus/wallet/lib/cbor/CoseService.kt | 29 ++++++++++++++----- .../wallet/lib/cbor/CoseServiceTest.kt | 15 ++++++---- .../asitplus/wallet/lib/iso/IsoProcessTest.kt | 8 +++-- .../wallet/lib/cbor/CoseServiceJvmTest.kt | 7 +++-- 9 files changed, 54 insertions(+), 26 deletions(-) diff --git a/signum b/signum index ac2a81bb3..65096bd11 160000 --- a/signum +++ b/signum @@ -1 +1 @@ -Subproject commit ac2a81bb3db987a92023c64fa8b2e6823a134869 +Subproject commit 65096bd1130758fdc6f22c73d95c1eabab3a155c diff --git a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/CredentialIssuer.kt b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/CredentialIssuer.kt index 2260f4086..a6241bb61 100644 --- a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/CredentialIssuer.kt +++ b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/CredentialIssuer.kt @@ -24,6 +24,7 @@ import at.asitplus.wallet.lib.data.vckJsonSerializer import com.benasher44.uuid.uuid4 import io.github.aakira.napier.Napier import io.matthewnelson.encoding.core.Decoder.Companion.decodeToByteArray +import kotlinx.serialization.builtins.ByteArraySerializer /** * Server implementation to issue credentials using OID4VCI. @@ -98,8 +99,7 @@ class CredentialIssuer( credentialIssuer = publicContext, configurationIds = credentialSchemes.flatMap { it.toCredentialIdentifier() }, grants = CredentialOfferGrants( - authorizationCode = - CredentialOfferGrantsAuthCode( + authorizationCode = CredentialOfferGrantsAuthCode( // TODO remember this state, for subsequent requests from the Wallet issuerState = uuid4().toString(), authorizationServer = authorizationService.publicContext @@ -219,7 +219,7 @@ class CredentialIssuer( * Removed in OID4VCI Draft 14, kept here for a bit of backwards-compatibility */ private suspend fun String.validateCwtProof(): CryptoPublicKey { - val coseSigned = CoseSigned.deserialize(decodeToByteArray(Base64UrlStrict)).getOrNull() + val coseSigned = CoseSigned.deserialize(ByteArraySerializer(), decodeToByteArray(Base64UrlStrict)).getOrNull() ?: throw OAuth2Exception(Errors.INVALID_PROOF) .also { Napier.w("client did provide invalid proof: $this") } val cwt = coseSigned.payload?.let { CborWebToken.deserialize(it).getOrNull() } diff --git a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/IssuerAgent.kt b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/IssuerAgent.kt index 2591eb2dc..8c6d0c5d0 100644 --- a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/IssuerAgent.kt +++ b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/IssuerAgent.kt @@ -119,6 +119,7 @@ class IssuerAgent( namespacedItems = mapOf(credential.scheme.isoNamespace!! to credential.issuerSignedItems), issuerAuth = coseService.createSignedCose( payload = mso, + serializer = MobileSecurityObject.serializer(), addKeyId = false, addCertificate = true, ).getOrThrow(), diff --git a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt index 8d8b3975f..23ea33d78 100644 --- a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt +++ b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt @@ -24,6 +24,7 @@ import io.matthewnelson.encoding.base16.Base16 import io.matthewnelson.encoding.base64.Base64 import io.matthewnelson.encoding.core.Decoder.Companion.decodeToByteArrayOrNull import io.matthewnelson.encoding.core.Encoder.Companion.encodeToString +import kotlinx.serialization.builtins.ByteArraySerializer import kotlinx.serialization.json.buildJsonObject @@ -295,7 +296,7 @@ class Validator( throw IllegalArgumentException("issuerKey") } - if (verifierCoseService.verifyCose(issuerAuth, issuerKey).isFailure) { + if (verifierCoseService.verifyCose(issuerAuth, issuerKey, MobileSecurityObject.serializer()).isFailure) { Napier.w("IssuerAuth not verified: $issuerAuth") throw IllegalArgumentException("issuerAuth") } @@ -311,13 +312,14 @@ class Validator( throw IllegalArgumentException("mso.docType") } val walletKey = mso.deviceKeyInfo.deviceKey + val deviceSignature = doc.deviceSigned.deviceAuth.deviceSignature ?: run { Napier.w("DeviceSignature is null: ${doc.deviceSigned.deviceAuth}") throw IllegalArgumentException("deviceSignature") } - if (verifierCoseService.verifyCose(deviceSignature, walletKey).isFailure) { - Napier.w("DeviceSignature not verified") + if (verifierCoseService.verifyCose(deviceSignature, walletKey, ByteArraySerializer()).isFailure) { + Napier.w("DeviceSignature not verified: ${doc.deviceSigned.deviceAuth}") throw IllegalArgumentException("deviceSignature") } @@ -468,7 +470,7 @@ class Validator( it.serialize().encodeToString(Base16(strict = true)) ) } - val result = verifierCoseService.verifyCose(it.issuerAuth, issuerKey) + val result = verifierCoseService.verifyCose(it.issuerAuth, issuerKey, MobileSecurityObject.serializer()) if (result.isFailure) { Napier.w("ISO: Could not verify credential", result.exceptionOrNull()) return Verifier.VerifyCredentialResult.InvalidStructure( diff --git a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/VerifiablePresentationFactory.kt b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/VerifiablePresentationFactory.kt index 3bbe04e37..ba051b3be 100644 --- a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/VerifiablePresentationFactory.kt +++ b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/VerifiablePresentationFactory.kt @@ -15,6 +15,7 @@ import at.asitplus.wallet.lib.jws.JwsService import at.asitplus.wallet.lib.jws.SdJwtSigned import io.github.aakira.napier.Napier import kotlinx.datetime.Clock +import kotlinx.serialization.builtins.ByteArraySerializer import kotlinx.serialization.json.JsonElement class VerifiablePresentationFactory( @@ -57,6 +58,7 @@ class VerifiablePresentationFactory( ): Holder.CreatePresentationResult.DeviceResponse { val deviceSignature = coseService.createSignedCose( payload = challenge.encodeToByteArray(), + serializer = ByteArraySerializer(), addKeyId = false ).getOrElse { Napier.w("Could not create DeviceAuth for presentation", it) diff --git a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt index ce74108c7..ffafcea53 100644 --- a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt +++ b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt @@ -12,6 +12,7 @@ import at.asitplus.wallet.lib.agent.CryptoService import at.asitplus.wallet.lib.agent.DefaultVerifierCryptoService import at.asitplus.wallet.lib.agent.VerifierCryptoService import io.github.aakira.napier.Napier +import kotlinx.serialization.KSerializer /** * Creates and parses COSE objects. @@ -30,10 +31,11 @@ interface CoseService { * @param addKeyId whether to set [CoseHeader.kid] in [protectedHeader] * @param addCertificate whether to set [CoseHeader.certificateChain] in [unprotectedHeader] */ - suspend fun

createSignedCose( + suspend fun

createSignedCose( protectedHeader: CoseHeader? = null, unprotectedHeader: CoseHeader? = null, payload: P? = null, + serializer: KSerializer

, addKeyId: Boolean = true, addCertificate: Boolean = false, ): KmmResult> @@ -41,7 +43,11 @@ interface CoseService { interface VerifierCoseService { - fun verifyCose(coseSigned: CoseSigned<*>, signer: CoseKey): KmmResult + fun

verifyCose( + coseSigned: CoseSigned

, + signer: CoseKey, + serializer: KSerializer

+ ): KmmResult } @@ -49,10 +55,11 @@ class DefaultCoseService(private val cryptoService: CryptoService) : CoseService override val algorithm: CoseAlgorithm = cryptoService.keyMaterial.signatureAlgorithm.toCoseAlgorithm().getOrThrow() - override suspend fun

createSignedCose( + override suspend fun

createSignedCose( protectedHeader: CoseHeader?, unprotectedHeader: CoseHeader?, payload: P?, + serializer: KSerializer

, addKeyId: Boolean, addCertificate: Boolean, ): KmmResult> = catching { @@ -61,7 +68,7 @@ class DefaultCoseService(private val cryptoService: CryptoService) : CoseService protectedHeader = coseHeader, unprotectedHeader = unprotectedHeader.withCertificateIfExists(addCertificate), payload = payload, - signature = calcSignature(coseHeader, payload) + signature = calcSignature(coseHeader, payload, serializer) ) } } @@ -90,11 +97,12 @@ class DefaultCoseService(private val cryptoService: CryptoService) : CoseService this?.copy(algorithm = coseAlgorithm) ?: CoseHeader(algorithm = coseAlgorithm) - private suspend fun calcSignature( + private suspend fun

calcSignature( protectedHeader: CoseHeader, payload: P?, + serializer: KSerializer

, ): CryptoSignature.RawByteEncodable = - cryptoService.sign(CoseSigned.prepareCoseSignatureInput(protectedHeader, payload)) + cryptoService.sign(CoseSigned.prepareCoseSignatureInput

(protectedHeader, payload, serializer)) .asKmmResult().getOrElse { Napier.w("No signature from native code", it) throw it @@ -109,8 +117,13 @@ class DefaultVerifierCoseService( /** * Verifiers the signature of [coseSigned] by using [signer]. */ - override fun verifyCose(coseSigned: CoseSigned<*>, signer: CoseKey) = catching { - val signatureInput = CoseSigned.prepareCoseSignatureInput(coseSigned.protectedHeader.value, coseSigned.payload) + override fun

verifyCose( + coseSigned: CoseSigned

, + signer: CoseKey, + serializer: KSerializer

+ ) = catching { + val signatureInput = + CoseSigned.prepareCoseSignatureInput(coseSigned.protectedHeader.value, coseSigned.payload, serializer) val algorithm = coseSigned.protectedHeader.value.algorithm ?: throw IllegalArgumentException("Algorithm not specified") diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt index 6dd1a3e1e..3078d4c56 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceTest.kt @@ -33,23 +33,25 @@ class CoseServiceTest : FreeSpec({ } "signed object with bytes can be verified" { + val parameterSerializer = ByteArraySerializer() val signed = coseService.createSignedCose( unprotectedHeader = CoseHeader(algorithm = CoseAlgorithm.ES256), payload = randomPayload, + serializer = parameterSerializer, ).getOrThrow() signed.payload shouldBe randomPayload signed.signature.shouldNotBeNull() - val parameterSerializer = ByteArraySerializer() val parsed = CoseSigned.deserialize(parameterSerializer, signed.serialize(parameterSerializer)).getOrThrow() parsed shouldBe signed - val result = verifierCoseService.verifyCose(parsed, coseKey) + val result = verifierCoseService.verifyCose(parsed, coseKey, parameterSerializer) result.isSuccess shouldBe true } "signed object with MSO payload can be verified" { + val parameterSerializer = MobileSecurityObject.serializer() val mso = MobileSecurityObject( version = "1.0", digestAlgorithm = "SHA-256", @@ -68,33 +70,34 @@ class CoseServiceTest : FreeSpec({ val signed = coseService.createSignedCose( protectedHeader = CoseHeader(algorithm = CoseAlgorithm.ES256), payload = mso, + serializer = parameterSerializer ).getOrThrow() signed.payload shouldBe mso signed.signature.shouldNotBeNull() - val parameterSerializer = MobileSecurityObject.serializer() val parsed = CoseSigned.deserialize(parameterSerializer,signed.serialize(parameterSerializer)).getOrThrow() parsed shouldBe signed - val result = verifierCoseService.verifyCose(parsed, coseKey) + val result = verifierCoseService.verifyCose(parsed, coseKey, parameterSerializer) result.isSuccess shouldBe true } "signed object without payload can be verified" { + val parameterSerializer = NothingSerializer() val signed = coseService.createSignedCose( unprotectedHeader = null, payload = null, + serializer = parameterSerializer ).getOrThrow() signed.payload shouldBe null signed.signature.shouldNotBeNull() - val parameterSerializer = NothingSerializer() val parsed = CoseSigned.deserialize(parameterSerializer,signed.serialize(parameterSerializer)).getOrThrow() parsed shouldBe signed - val result = verifierCoseService.verifyCose(parsed, coseKey) + val result = verifierCoseService.verifyCose(parsed, coseKey, parameterSerializer) result.isSuccess shouldBe true } diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt index cf575ddee..326a08f8d 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt @@ -19,6 +19,7 @@ import io.kotest.matchers.shouldBe import io.matthewnelson.encoding.base16.Base16 import io.matthewnelson.encoding.core.Encoder.Companion.encodeToString import kotlinx.datetime.Clock +import kotlinx.serialization.builtins.ByteArraySerializer import kotlin.random.Random class IsoProcessTest : FreeSpec({ @@ -89,6 +90,7 @@ class Wallet { deviceAuth = DeviceAuth( deviceSignature = coseService.createSignedCose( payload = null, + serializer = ByteArraySerializer(), addKeyId = false ).getOrThrow() ) @@ -140,6 +142,7 @@ class Issuer { ), issuerAuth = coseService.createSignedCose( payload = mso, + serializer = MobileSecurityObject.serializer(), addKeyId = false, addCertificate = true, ).getOrThrow() @@ -181,6 +184,7 @@ class Verifier { readerAuth = coseService.createSignedCose( unprotectedHeader = CoseHeader(), payload = null, + serializer = ByteArraySerializer(), addKeyId = false, ).getOrThrow() ) @@ -194,7 +198,7 @@ class Verifier { doc.errors.shouldBeNull() val issuerSigned = doc.issuerSigned val issuerAuth = issuerSigned.issuerAuth - verifierCoseService.verifyCose(issuerAuth, issuerKey).isSuccess shouldBe true + verifierCoseService.verifyCose(issuerAuth, issuerKey, MobileSecurityObject.serializer()).isSuccess shouldBe true issuerAuth.payload.shouldNotBeNull() val mso = issuerAuth.payload.shouldNotBeNull() @@ -203,7 +207,7 @@ class Verifier { val walletKey = mso.deviceKeyInfo.deviceKey val deviceSignature = doc.deviceSigned.deviceAuth.deviceSignature.shouldNotBeNull() - verifierCoseService.verifyCose(deviceSignature, walletKey).isSuccess shouldBe true + verifierCoseService.verifyCose(deviceSignature, walletKey, ByteArraySerializer()).isSuccess shouldBe true val namespaces = issuerSigned.namespaces.shouldNotBeNull() val issuerSignedItems = namespaces[ConstantIndex.AtomicAttribute2023.isoNamespace].shouldNotBeNull() diff --git a/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt b/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt index ef8b5a136..1346e91be 100644 --- a/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt +++ b/vck/src/jvmTest/kotlin/at/asitplus/wallet/lib/cbor/CoseServiceJvmTest.kt @@ -87,10 +87,11 @@ class CoseServiceJvmTest : FreeSpec({ "Signed object from int. library can be verified with int. library" { val signed = coseService.createSignedCose( payload = randomPayload.encodeToByteArray(), + serializer = ByteArraySerializer(), ).getOrThrow() withClue("$sigAlgo: Signature: ${signed.signature.encodeToTlv().toDerHexString()}") { - verifierCoseService.verifyCose(signed, cryptoService.keyMaterial.publicKey.toCoseKey().getOrThrow()) + verifierCoseService.verifyCose(signed, cryptoService.keyMaterial.publicKey.toCoseKey().getOrThrow(), ByteArraySerializer()) .isSuccess shouldBe true } } @@ -125,6 +126,7 @@ class CoseServiceJvmTest : FreeSpec({ val signed = coseService.createSignedCose( protectedHeader = CoseHeader(algorithm = coseAlgorithm), payload = randomPayload.encodeToByteArray(), + serializer = ByteArraySerializer(), addCertificate = false, addKeyId = false, ).getOrThrow() @@ -133,7 +135,7 @@ class CoseServiceJvmTest : FreeSpec({ signedSerialized.length shouldBe extLibSerialized.length withClue("$sigAlgo: Signature: $parsedSig") { - verifierCoseService.verifyCose(coseSigned, coseKey).isSuccess shouldBe true + verifierCoseService.verifyCose(coseSigned, coseKey, ByteArraySerializer()).isSuccess shouldBe true } } @@ -141,6 +143,7 @@ class CoseServiceJvmTest : FreeSpec({ val coseSigned = coseService.createSignedCose( protectedHeader = CoseHeader(algorithm = coseAlgorithm), payload = randomPayload.encodeToByteArray(), + serializer = ByteArraySerializer(), addCertificate = false, addKeyId = false, ).getOrThrow() From 0d6ca769f3e8d6e64589fdf67465b1358cacc15b Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Tue, 26 Nov 2024 18:43:17 +0100 Subject: [PATCH 3/7] WIP: Missing correct tags for ByteStringWrapper in CoseSigned --- signum | 2 +- .../wallet/lib/iso/Tag24SerializationTest.kt | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/signum b/signum index 65096bd11..40c6e64f9 160000 --- a/signum +++ b/signum @@ -1 +1 @@ -Subproject commit 65096bd1130758fdc6f22c73d95c1eabab3a155c +Subproject commit 40c6e64f9efeb7882c96f1afc6327722d26b450f diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt index 6d63872ef..35695d40e 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt @@ -2,6 +2,7 @@ package at.asitplus.wallet.lib.iso import at.asitplus.catching import at.asitplus.signum.indispensable.cosef.* +import at.asitplus.signum.indispensable.cosef.io.Base16Strict import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapperSerializer import at.asitplus.wallet.lib.agent.DummyCredentialDataProvider @@ -9,6 +10,7 @@ import at.asitplus.wallet.lib.agent.EphemeralKeyWithSelfSignedCert import at.asitplus.wallet.lib.agent.Issuer import at.asitplus.wallet.lib.agent.IssuerAgent import at.asitplus.wallet.lib.data.ConstantIndex +import io.kotest.assertions.withClue import io.kotest.core.spec.style.FreeSpec import io.kotest.matchers.collections.shouldHaveSize import io.kotest.matchers.maps.shouldNotBeEmpty @@ -82,6 +84,7 @@ class Tag24SerializationTest : FreeSpec({ ) val serialized = vckCborSerializer.encodeToByteArray(input) + .also{println(it.encodeToString(Base16Strict))} serialized.encodeToString(Base16(true)).shouldContainOnlyOnce("D818") vckCborSerializer.decodeFromByteArray(serialized) shouldBe input @@ -98,11 +101,13 @@ class Tag24SerializationTest : FreeSpec({ ).getOrThrow().shouldBeInstanceOf() issuedCredential.issuerSigned.namespaces!!.shouldNotBeEmpty() - val numberOfClaims = issuedCredential.issuerSigned.namespaces!!.entries.fold(0) { acc, entry -> + val numberOfClaims = issuedCredential.issuerSigned.namespaces.entries.fold(0) { acc, entry -> acc + entry.value.entries.size } val serialized = issuedCredential.issuerSigned.serialize().encodeToString(Base16(true)) - "D818".toRegex().findAll(serialized).toList().shouldHaveSize(numberOfClaims + 1) + withClue(serialized) { + "D818".toRegex().findAll(serialized).toList().shouldHaveSize(numberOfClaims + 1) + } // add 1 for MSO in IssuerAuth } @@ -116,10 +121,10 @@ class Tag24SerializationTest : FreeSpec({ validityInfo = ValidityInfo(Clock.System.now(), Clock.System.now(), Clock.System.now()) ) val serializedMso = mso.serializeForIssuerAuth() - val input = CoseSigned>( + val input = CoseSigned( protectedHeader = ByteStringWrapper(CoseHeader()), unprotectedHeader = null, - payload = ByteStringWrapper(mso), + payload = mso, rawSignature = byteArrayOf() ) From f43ee046b39f6feed3c4371bee22cf547d59a7b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernd=20Pr=C3=BCnster?= Date: Tue, 3 Dec 2024 14:59:08 +0100 Subject: [PATCH 4/7] fix tag24 encoding --- signum | 2 +- .../kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/signum b/signum index 40c6e64f9..a10afcb45 160000 --- a/signum +++ b/signum @@ -1 +1 @@ -Subproject commit 40c6e64f9efeb7882c96f1afc6327722d26b450f +Subproject commit a10afcb4598d31bbe23f292ebb69a3d36d37d97e diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt index 35695d40e..248d5005c 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt @@ -132,7 +132,7 @@ class Tag24SerializationTest : FreeSpec({ serialized.encodeToString(Base16(true)).shouldContainOnlyOnce("D818") serializedMso.encodeToString(Base16(true)).shouldStartWith("D818") - vckCborSerializer.decodeFromByteArray>(serialized) shouldBe input + vckCborSerializer.decodeFromByteArray>(serialized) shouldBe input MobileSecurityObject.deserializeFromIssuerAuth(serializedMso).getOrThrow() shouldBe mso } From d256f4d1f2b84ba9565d48ba8e39eabee43f9abe Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Wed, 4 Dec 2024 10:02:56 +0100 Subject: [PATCH 5/7] Refactor code --- signum | 2 +- .../asitplus/wallet/lib/cbor/CoseService.kt | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/signum b/signum index a10afcb45..75c94651b 160000 --- a/signum +++ b/signum @@ -1 +1 @@ -Subproject commit a10afcb4598d31bbe23f292ebb69a3d36d37d97e +Subproject commit 75c94651bde101fe35de9d264a8d64110c7ec115 diff --git a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt index ffafcea53..6e9d4b522 100644 --- a/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt +++ b/vck/src/commonMain/kotlin/at/asitplus/wallet/lib/cbor/CoseService.kt @@ -46,7 +46,7 @@ interface VerifierCoseService { fun

verifyCose( coseSigned: CoseSigned

, signer: CoseKey, - serializer: KSerializer

+ serializer: KSerializer

, ): KmmResult } @@ -97,17 +97,18 @@ class DefaultCoseService(private val cryptoService: CryptoService) : CoseService this?.copy(algorithm = coseAlgorithm) ?: CoseHeader(algorithm = coseAlgorithm) + @Throws(Throwable::class) private suspend fun

calcSignature( protectedHeader: CoseHeader, payload: P?, serializer: KSerializer

, ): CryptoSignature.RawByteEncodable = - cryptoService.sign(CoseSigned.prepareCoseSignatureInput

(protectedHeader, payload, serializer)) - .asKmmResult().getOrElse { + CoseSigned.prepareCoseSignatureInput

(protectedHeader, payload, serializer).let { signatureInput -> + cryptoService.sign(signatureInput).asKmmResult().getOrElse { Napier.w("No signature from native code", it) throw it } - + } } class DefaultVerifierCoseService( @@ -120,11 +121,13 @@ class DefaultVerifierCoseService( override fun

verifyCose( coseSigned: CoseSigned

, signer: CoseKey, - serializer: KSerializer

+ serializer: KSerializer

, ) = catching { - val signatureInput = - CoseSigned.prepareCoseSignatureInput(coseSigned.protectedHeader.value, coseSigned.payload, serializer) - + val signatureInput = CoseSigned.prepareCoseSignatureInput( + protectedHeader = coseSigned.protectedHeader.value, + payload = coseSigned.payload, + serializer = serializer + ) val algorithm = coseSigned.protectedHeader.value.algorithm ?: throw IllegalArgumentException("Algorithm not specified") val publicKey = signer.toCryptoPublicKey().getOrElse { ex -> From a0306c13e7d6f18fb1aeac76938116d5dbd56f35 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Wed, 4 Dec 2024 10:07:01 +0100 Subject: [PATCH 6/7] Remove println from tests --- signum | 2 +- .../at/asitplus/wallet/lib/agent/SdJwtVerificationTest.kt | 2 +- .../kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/signum b/signum index 75c94651b..d6e27face 160000 --- a/signum +++ b/signum @@ -1 +1 @@ -Subproject commit 75c94651bde101fe35de9d264a8d64110c7ec115 +Subproject commit d6e27facef631302b294192ed7ad0ea7ac340965 diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/agent/SdJwtVerificationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/agent/SdJwtVerificationTest.kt index b7d34b5f0..217b8e86d 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/agent/SdJwtVerificationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/agent/SdJwtVerificationTest.kt @@ -129,7 +129,7 @@ class SdJwtVerificationTest : FreeSpec({ } } """.trimIndent() - println(reconstructed) + reconstructed shouldBe vckJsonSerializer.parseToJsonElement(expected) } diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt index 248d5005c..715a16221 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt @@ -84,7 +84,6 @@ class Tag24SerializationTest : FreeSpec({ ) val serialized = vckCborSerializer.encodeToByteArray(input) - .also{println(it.encodeToString(Base16Strict))} serialized.encodeToString(Base16(true)).shouldContainOnlyOnce("D818") vckCborSerializer.decodeFromByteArray(serialized) shouldBe input From 5c40e62a5b06927d34ec0874c21446387d2e35a4 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Wed, 4 Dec 2024 12:26:51 +0100 Subject: [PATCH 7/7] Update signum --- signum | 2 +- .../lib/cbor/DeviceSignedItemSerializationTest.kt | 8 ++++---- .../lib/cbor/IssuerSignedItemSerializationTest.kt | 5 +++-- .../wallet/lib/iso/Tag24SerializationTest.kt | 14 +++++++------- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/signum b/signum index d6e27face..67298aeeb 160000 --- a/signum +++ b/signum @@ -1 +1 @@ -Subproject commit d6e27facef631302b294192ed7ad0ea7ac340965 +Subproject commit 67298aeeb7be70680eab15bc21fbc4ee2fa89260 diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/DeviceSignedItemSerializationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/DeviceSignedItemSerializationTest.kt index d062acffc..66e95e261 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/DeviceSignedItemSerializationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/DeviceSignedItemSerializationTest.kt @@ -1,8 +1,8 @@ package at.asitplus.wallet.lib.cbor +import at.asitplus.signum.indispensable.CryptoSignature import at.asitplus.signum.indispensable.cosef.CoseHeader import at.asitplus.signum.indispensable.cosef.CoseSigned -import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper import at.asitplus.wallet.lib.iso.* import com.benasher44.uuid.uuid4 import io.kotest.core.spec.style.FreeSpec @@ -47,9 +47,9 @@ class DeviceSignedItemSerializationTest : FreeSpec({ key = elementId, value = Random.nextBytes(32), ) - val protectedHeader = ByteStringWrapper(CoseHeader(), CoseHeader().serialize()) - val issuerAuth = CoseSigned(protectedHeader, null, null, byteArrayOf()) - val deviceAuth = CoseSigned(protectedHeader, null, null, byteArrayOf()) + val protectedHeader = CoseHeader() + val issuerAuth = CoseSigned(protectedHeader, null, null, CryptoSignature.RSAorHMAC(byteArrayOf())) + val deviceAuth = CoseSigned(protectedHeader, null, null, CryptoSignature.RSAorHMAC(byteArrayOf())) val doc = Document( docType = uuid4().toString(), diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/IssuerSignedItemSerializationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/IssuerSignedItemSerializationTest.kt index a2a0ac6ec..0f5de7f07 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/IssuerSignedItemSerializationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/IssuerSignedItemSerializationTest.kt @@ -1,5 +1,6 @@ package at.asitplus.wallet.lib.cbor +import at.asitplus.signum.indispensable.CryptoSignature import at.asitplus.signum.indispensable.cosef.CoseHeader import at.asitplus.signum.indispensable.cosef.CoseSigned import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper @@ -45,8 +46,8 @@ class IssuerSignedItemSerializationTest : FreeSpec({ elementIdentifier = elementId, elementValue = Random.nextBytes(32), ) - val protectedHeader = ByteStringWrapper(CoseHeader(), CoseHeader().serialize()) - val issuerAuth = CoseSigned(protectedHeader, null, null, byteArrayOf()) + val protectedHeader = CoseHeader() + val issuerAuth = CoseSigned(protectedHeader, null, null, CryptoSignature.RSAorHMAC(byteArrayOf())) val doc = Document( docType = uuid4().toString(), issuerSigned = IssuerSigned.fromIssuerSignedItems( diff --git a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt index 715a16221..72f935396 100644 --- a/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt +++ b/vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt @@ -1,8 +1,8 @@ package at.asitplus.wallet.lib.iso import at.asitplus.catching +import at.asitplus.signum.indispensable.CryptoSignature import at.asitplus.signum.indispensable.cosef.* -import at.asitplus.signum.indispensable.cosef.io.Base16Strict import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapperSerializer import at.asitplus.wallet.lib.agent.DummyCredentialDataProvider @@ -49,10 +49,10 @@ class Tag24SerializationTest : FreeSpec({ ), deviceAuth = DeviceAuth( deviceSignature = CoseSigned( - protectedHeader = ByteStringWrapper(CoseHeader()), + protectedHeader = CoseHeader(), unprotectedHeader = null, payload = byteArrayOf(), - rawSignature = byteArrayOf() + signature = CryptoSignature.RSAorHMAC(byteArrayOf()) ) ) @@ -121,10 +121,10 @@ class Tag24SerializationTest : FreeSpec({ ) val serializedMso = mso.serializeForIssuerAuth() val input = CoseSigned( - protectedHeader = ByteStringWrapper(CoseHeader()), + protectedHeader = CoseHeader(), unprotectedHeader = null, payload = mso, - rawSignature = byteArrayOf() + signature = CryptoSignature.RSAorHMAC(byteArrayOf()) ) val serialized = vckCborSerializer.encodeToByteArray(input) @@ -171,10 +171,10 @@ private fun deviceKeyInfo() = DeviceKeyInfo(CoseKey(CoseKeyType.EC2, keyParams = CoseKeyParams.EcYBoolParams(CoseEllipticCurve.P256))) private fun issuerAuth() = CoseSigned( - protectedHeader = ByteStringWrapper(CoseHeader()), + protectedHeader = CoseHeader(), unprotectedHeader = null, payload = null, - rawSignature = byteArrayOf() + signature = CryptoSignature.RSAorHMAC(byteArrayOf()) ) private fun issuerSignedItem() = IssuerSignedItem(0u, Random.nextBytes(16), "identifier", "value")