COSE unprotected parameters are a map not a bstr

As per RFC 8152 section 3, the unprotected parameters in the headers of COSE objects are just encoded as a map, not as a bstr that contains the CBOR-encoding of a map. Test: TreeHugger presubmit Change-Id: Id4eeb023d3a81ad1398d78d410c8224bf941f9b1
author: David Drysdale <drysdale@google.com> 2021-03-15 14:36:57 +0000
committer: David Drysdale <drysdale@google.com> 2021-03-15 14:56:29 +0000
commit: 31a2b56ca29cc53b4a9fc36e61237e2eabe8643d (patch)
tree: 1de33f3ac3de5469b06606862cdfe18b5b071bab /security/keymint/support/cppcose.cpp
parent: 9d746597e82b0e5dbf7cc547173d94734a52d9e1 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/security/keymint/support/cppcose.cpp b/security/keymint/support/cppcose.cpp
index c626adeccb..bafb2b6bc9 100644
--- a/security/keymint/support/cppcose.cpp
+++ b/security/keymint/support/cppcose.cpp
@@ -85,7 +85,7 @@ ErrMsgOr<cppbor::Array> constructCoseMac0(const bytevec& macKey, const bytevec&
 
     return cppbor::Array()
             .add(cppbor::Map().add(ALGORITHM, HMAC_256).canonicalize().encode())
-            .add(cppbor::Bstr() /* unprotected */)
+            .add(cppbor::Map() /* unprotected */)
             .add(payload)
             .add(tag.moveValue());
 }
@@ -97,7 +97,7 @@ ErrMsgOr<bytevec /* payload */> parseCoseMac0(const cppbor::Item* macItem) {
     }
 
     auto protectedParms = mac->get(kCoseMac0ProtectedParams)->asBstr();
-    auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asBstr();
+    auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asMap();
     auto payload = mac->get(kCoseMac0Payload)->asBstr();
     auto tag = mac->get(kCoseMac0Tag)->asBstr();
     if (!protectedParms || !unprotectedParms || !payload || !tag) {
@@ -115,7 +115,7 @@ ErrMsgOr<bytevec /* payload */> verifyAndParseCoseMac0(const cppbor::Item* macIt
     }
 
     auto protectedParms = mac->get(kCoseMac0ProtectedParams)->asBstr();
-    auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asBstr();
+    auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asMap();
     auto payload = mac->get(kCoseMac0Payload)->asBstr();
     auto tag = mac->get(kCoseMac0Tag)->asBstr();
     if (!protectedParms || !unprotectedParms || !payload || !tag) {
@@ -168,7 +168,7 @@ ErrMsgOr<cppbor::Array> constructCoseSign1(const bytevec& key, cppbor::Map prote
 
     return cppbor::Array()
             .add(protParms)
-            .add(bytevec{} /* unprotected parameters */)
+            .add(cppbor::Map() /* unprotected parameters */)
             .add(payload)
             .add(*signature);
 }
@@ -185,7 +185,7 @@ ErrMsgOr<bytevec> verifyAndParseCoseSign1(bool ignoreSignature, const cppbor::Ar
     }
 
     const cppbor::Bstr* protectedParams = coseSign1->get(kCoseSign1ProtectedParams)->asBstr();
-    const cppbor::Bstr* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asBstr();
+    const cppbor::Map* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asMap();
     const cppbor::Bstr* payload = coseSign1->get(kCoseSign1Payload)->asBstr();
     const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();
author	David Drysdale <drysdale@google.com>	2021-03-15 14:36:57 +0000
committer	David Drysdale <drysdale@google.com>	2021-03-15 14:56:29 +0000
commit	31a2b56ca29cc53b4a9fc36e61237e2eabe8643d (patch)
tree	1de33f3ac3de5469b06606862cdfe18b5b071bab /security/keymint/support/cppcose.cpp
parent	9d746597e82b0e5dbf7cc547173d94734a52d9e1 (diff)