diff options
| -rw-r--r-- | identity/aidl/default/Android.bp | 4 | ||||
| -rw-r--r-- | identity/aidl/default/common/IdentityCredential.cpp | 2 | ||||
| -rw-r--r-- | identity/aidl/default/common/IdentityCredential.h | 2 | ||||
| -rw-r--r-- | identity/aidl/default/common/WritableIdentityCredential.cpp | 4 | ||||
| -rw-r--r-- | identity/aidl/vts/Android.bp | 2 | ||||
| -rw-r--r-- | identity/aidl/vts/AuthenticationKeyTests.cpp | 2 | ||||
| -rw-r--r-- | identity/aidl/vts/DeleteCredentialTests.cpp | 4 | ||||
| -rw-r--r-- | identity/aidl/vts/EndToEndTests.cpp | 27 | ||||
| -rw-r--r-- | identity/aidl/vts/ProveOwnershipTests.cpp | 2 | ||||
| -rw-r--r-- | identity/aidl/vts/ReaderAuthTests.cpp | 16 | ||||
| -rw-r--r-- | identity/aidl/vts/TestCredentialTests.cpp | 2 | ||||
| -rw-r--r-- | identity/aidl/vts/UpdateCredentialTests.cpp | 4 | ||||
| -rw-r--r-- | identity/aidl/vts/UserAuthTests.cpp | 6 | ||||
| -rw-r--r-- | identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp | 9 | ||||
| -rw-r--r-- | identity/support/Android.bp | 8 | ||||
| -rw-r--r-- | identity/support/src/IdentityCredentialSupport.cpp | 201 | ||||
| -rw-r--r-- | identity/support/tests/IdentityCredentialSupportTest.cpp | 128 |
17 files changed, 69 insertions, 354 deletions
diff --git a/identity/aidl/default/Android.bp b/identity/aidl/default/Android.bp index 05b3662035..a124b1e9de 100644 --- a/identity/aidl/default/Android.bp +++ b/identity/aidl/default/Android.bp @@ -31,7 +31,7 @@ cc_library_static { ], static_libs: [ "libbase", - "libcppbor", + "libcppbor_external", "libutils", "libsoft_attestation_cert", "libkeymaster_portable", @@ -91,7 +91,7 @@ cc_binary { ], static_libs: [ "libbase", - "libcppbor", + "libcppbor_external", "libutils", "libsoft_attestation_cert", "libkeymaster_portable", diff --git a/identity/aidl/default/common/IdentityCredential.cpp b/identity/aidl/default/common/IdentityCredential.cpp index c8ee0dd67a..95557b5c9d 100644 --- a/identity/aidl/default/common/IdentityCredential.cpp +++ b/identity/aidl/default/common/IdentityCredential.cpp @@ -488,7 +488,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval( } for (size_t n = 0; n < nsMap->size(); n++) { - auto [nsKeyItem, nsValueItem] = (*nsMap)[n]; + auto& [nsKeyItem, nsValueItem] = (*nsMap)[n]; const cppbor::Tstr* nsKey = nsKeyItem->asTstr(); const cppbor::Map* nsInnerMap = nsValueItem->asMap(); if (nsKey == nullptr || nsInnerMap == nullptr) { diff --git a/identity/aidl/default/common/IdentityCredential.h b/identity/aidl/default/common/IdentityCredential.h index 9913b86869..ef9d13351c 100644 --- a/identity/aidl/default/common/IdentityCredential.h +++ b/identity/aidl/default/common/IdentityCredential.h @@ -27,7 +27,7 @@ #include <string> #include <vector> -#include <cppbor/cppbor.h> +#include <cppbor.h> #include "IdentityCredentialStore.h" #include "SecureHardwareProxy.h" diff --git a/identity/aidl/default/common/WritableIdentityCredential.cpp b/identity/aidl/default/common/WritableIdentityCredential.cpp index 2d897c7d8b..25f129b14b 100644 --- a/identity/aidl/default/common/WritableIdentityCredential.cpp +++ b/identity/aidl/default/common/WritableIdentityCredential.cpp @@ -23,8 +23,8 @@ #include <android-base/logging.h> #include <android-base/stringprintf.h> -#include <cppbor/cppbor.h> -#include <cppbor/cppbor_parse.h> +#include <cppbor.h> +#include <cppbor_parse.h> #include <utility> diff --git a/identity/aidl/vts/Android.bp b/identity/aidl/vts/Android.bp index 82c40110eb..3592d3e93b 100644 --- a/identity/aidl/vts/Android.bp +++ b/identity/aidl/vts/Android.bp @@ -34,7 +34,7 @@ cc_test { "libcrypto", ], static_libs: [ - "libcppbor", + "libcppbor_external", "libkeymaster_portable", "libpuresoftkeymasterdevice", "android.hardware.keymaster@4.0", diff --git a/identity/aidl/vts/AuthenticationKeyTests.cpp b/identity/aidl/vts/AuthenticationKeyTests.cpp index bda3e70413..25d74d4d0f 100644 --- a/identity/aidl/vts/AuthenticationKeyTests.cpp +++ b/identity/aidl/vts/AuthenticationKeyTests.cpp @@ -118,7 +118,7 @@ TEST_P(AuthenticationKeyTests, proofOfProvisionInAuthKeyCert) { optional<vector<uint8_t>> proofOfProvisioning = support::coseSignGetPayload(proofOfProvisioningSignature); ASSERT_TRUE(proofOfProvisioning); - string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {}); + string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {}); EXPECT_EQ( "[\n" " 'ProofOfProvisioning',\n" diff --git a/identity/aidl/vts/DeleteCredentialTests.cpp b/identity/aidl/vts/DeleteCredentialTests.cpp index 1d300673eb..d3addf4b90 100644 --- a/identity/aidl/vts/DeleteCredentialTests.cpp +++ b/identity/aidl/vts/DeleteCredentialTests.cpp @@ -126,7 +126,7 @@ TEST_P(DeleteCredentialTests, Delete) { optional<vector<uint8_t>> proofOfDeletion = support::coseSignGetPayload(proofOfDeletionSignature); ASSERT_TRUE(proofOfDeletion); - string cborPretty = support::cborPrettyPrint(proofOfDeletion.value(), 32, {}); + string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {}); EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', true, ]", cborPretty); EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data credentialPubKey_)); @@ -153,7 +153,7 @@ TEST_P(DeleteCredentialTests, DeleteWithChallenge) { optional<vector<uint8_t>> proofOfDeletion = support::coseSignGetPayload(proofOfDeletionSignature); ASSERT_TRUE(proofOfDeletion); - string cborPretty = support::cborPrettyPrint(proofOfDeletion.value(), 32, {}); + string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {}); EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {0x41, 0x42, 0x43}, true, ]", cborPretty); EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data diff --git a/identity/aidl/vts/EndToEndTests.cpp b/identity/aidl/vts/EndToEndTests.cpp index 5798b4c28c..67db915d7c 100644 --- a/identity/aidl/vts/EndToEndTests.cpp +++ b/identity/aidl/vts/EndToEndTests.cpp @@ -231,7 +231,7 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { optional<vector<uint8_t>> proofOfProvisioning = support::coseSignGetPayload(proofOfProvisioningSignature); ASSERT_TRUE(proofOfProvisioning); - cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"}); + cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"}); EXPECT_EQ( "[\n" " 'ProofOfProvisioning',\n" @@ -339,8 +339,8 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode(); vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode(); cppbor::Array sessionTranscript = cppbor::Array() - .add(cppbor::Semantic(24, deviceEngagementBytes)) - .add(cppbor::Semantic(24, eReaderPubBytes)); + .add(cppbor::SemanticTag(24, deviceEngagementBytes)) + .add(cppbor::SemanticTag(24, eReaderPubBytes)); vector<uint8_t> sessionTranscriptEncoded = sessionTranscript.encode(); vector<uint8_t> itemsRequestBytes = @@ -353,7 +353,7 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { .add("Home address", true)) .add("Image", cppbor::Map().add("Portrait image", false))) .encode(); - cborPretty = support::cborPrettyPrint(itemsRequestBytes, 32, {"EphemeralPublicKey"}); + cborPretty = cppbor::prettyPrint(itemsRequestBytes, 32, {"EphemeralPublicKey"}); EXPECT_EQ( "{\n" " 'nameSpaces' : {\n" @@ -373,10 +373,10 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { cppbor::Array() .add("ReaderAuthentication") .add(sessionTranscript.clone()) - .add(cppbor::Semantic(24, itemsRequestBytes)) + .add(cppbor::SemanticTag(24, itemsRequestBytes)) .encode(); vector<uint8_t> encodedReaderAuthenticationBytes = - cppbor::Semantic(24, encodedReaderAuthentication).encode(); + cppbor::SemanticTag(24, encodedReaderAuthentication).encode(); optional<vector<uint8_t>> readerSignature = support::coseSignEcDsa(readerKey, {}, // content encodedReaderAuthenticationBytes, // detached content @@ -443,7 +443,7 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { vector<uint8_t> mac; vector<uint8_t> deviceNameSpacesEncoded; ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk()); - cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {}); + cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {}); ASSERT_EQ( "{\n" " 'PersonalData' : {\n" @@ -462,10 +462,11 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { string docType = "org.iso.18013-5.2019.mdl"; optional<vector<uint8_t>> readerEphemeralPrivateKey = support::ecKeyPairGetPrivateKey(readerEphemeralKeyPair.value()); - optional<vector<uint8_t>> eMacKey = support::calcEMacKey( - readerEphemeralPrivateKey.value(), // Private Key - signingPubKey.value(), // Public Key - cppbor::Semantic(24, sessionTranscript.encode()).encode()); // SessionTranscriptBytes + optional<vector<uint8_t>> eMacKey = + support::calcEMacKey(readerEphemeralPrivateKey.value(), // Private Key + signingPubKey.value(), // Public Key + cppbor::SemanticTag(24, sessionTranscript.encode()) + .encode()); // SessionTranscriptBytes optional<vector<uint8_t>> calculatedMac = support::calcMac(sessionTranscript.encode(), // SessionTranscript docType, // DocType @@ -486,7 +487,7 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { testEntriesEntryCounts) .isOk()); ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk()); - cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {}); + cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {}); ASSERT_EQ("{}", cborPretty); // Calculate DeviceAuthentication and MAC (MACing key hasn't changed) calculatedMac = support::calcMac(sessionTranscript.encode(), // SessionTranscript @@ -508,7 +509,7 @@ TEST_P(EndToEndTests, createAndRetrieveCredential) { testEntriesEntryCounts) .isOk()); ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk()); - cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {}); + cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {}); ASSERT_EQ("{}", cborPretty); // Calculate DeviceAuthentication and MAC (MACing key hasn't changed) calculatedMac = support::calcMac(sessionTranscript.encode(), // SessionTranscript diff --git a/identity/aidl/vts/ProveOwnershipTests.cpp b/identity/aidl/vts/ProveOwnershipTests.cpp index d1a3d39223..fa0e293388 100644 --- a/identity/aidl/vts/ProveOwnershipTests.cpp +++ b/identity/aidl/vts/ProveOwnershipTests.cpp @@ -131,7 +131,7 @@ TEST_P(ProveOwnershipTests, proveOwnership) { optional<vector<uint8_t>> proofOfOwnership = support::coseSignGetPayload(proofOfOwnershipSignature); ASSERT_TRUE(proofOfOwnership); - string cborPretty = support::cborPrettyPrint(proofOfOwnership.value(), 32, {}); + string cborPretty = cppbor::prettyPrint(proofOfOwnership.value(), 32, {}); EXPECT_EQ("['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {0x11, 0x12}, true, ]", cborPretty); EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfOwnershipSignature, {}, // Additional data credentialPubKey_)); diff --git a/identity/aidl/vts/ReaderAuthTests.cpp b/identity/aidl/vts/ReaderAuthTests.cpp index 7656c8edfc..c4a58c327c 100644 --- a/identity/aidl/vts/ReaderAuthTests.cpp +++ b/identity/aidl/vts/ReaderAuthTests.cpp @@ -262,8 +262,8 @@ void ReaderAuthTests::retrieveData(const vector<uint8_t>& readerPrivateKey, vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode(); vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode(); cppbor::Array sessionTranscript = cppbor::Array() - .add(cppbor::Semantic(24, deviceEngagementBytes)) - .add(cppbor::Semantic(24, eReaderPubBytes)); + .add(cppbor::SemanticTag(24, deviceEngagementBytes)) + .add(cppbor::SemanticTag(24, eReaderPubBytes)); vector<uint8_t> sessionTranscriptBytes = sessionTranscript.encode(); vector<uint8_t> itemsRequestBytes; @@ -293,10 +293,10 @@ void ReaderAuthTests::retrieveData(const vector<uint8_t>& readerPrivateKey, cppbor::Array() .add("ReaderAuthentication") .add(sessionTranscript.clone()) - .add(cppbor::Semantic(24, itemsRequestBytes)) + .add(cppbor::SemanticTag(24, itemsRequestBytes)) .encode(); vector<uint8_t> encodedReaderAuthenticationBytes = - cppbor::Semantic(24, encodedReaderAuthentication).encode(); + cppbor::SemanticTag(24, encodedReaderAuthentication).encode(); optional<vector<uint8_t>> readerSignature = support::coseSignEcDsa(readerPrivateKey, // private key for reader @@ -517,8 +517,8 @@ TEST_P(ReaderAuthTests, ephemeralKeyNotInSessionTranscript) { vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode(); vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode(); cppbor::Array sessionTranscript = cppbor::Array() - .add(cppbor::Semantic(24, deviceEngagementBytes)) - .add(cppbor::Semantic(24, eReaderPubBytes)); + .add(cppbor::SemanticTag(24, deviceEngagementBytes)) + .add(cppbor::SemanticTag(24, eReaderPubBytes)); vector<uint8_t> sessionTranscriptBytes = sessionTranscript.encode(); vector<uint8_t> itemsRequestBytes; @@ -535,10 +535,10 @@ TEST_P(ReaderAuthTests, ephemeralKeyNotInSessionTranscript) { cppbor::Array() .add("ReaderAuthentication") .add(sessionTranscript.clone()) - .add(cppbor::Semantic(24, itemsRequestBytes)) + .add(cppbor::SemanticTag(24, itemsRequestBytes)) .encode(); vector<uint8_t> encodedReaderAuthenticationBytes = - cppbor::Semantic(24, encodedReaderAuthentication).encode(); + cppbor::SemanticTag(24, encodedReaderAuthentication).encode(); vector<vector<uint8_t>> readerCertChain = {cert_reader_SelfSigned_}; optional<vector<uint8_t>> readerSignature = diff --git a/identity/aidl/vts/TestCredentialTests.cpp b/identity/aidl/vts/TestCredentialTests.cpp index d53de3b073..46c22290ef 100644 --- a/identity/aidl/vts/TestCredentialTests.cpp +++ b/identity/aidl/vts/TestCredentialTests.cpp @@ -114,7 +114,7 @@ TEST_P(TestCredentialTests, testCredential) { optional<vector<uint8_t>> proofOfProvisioning = support::coseSignGetPayload(proofOfProvisioningSignature); ASSERT_TRUE(proofOfProvisioning); - string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {}); + string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {}); EXPECT_EQ( "[\n" " 'ProofOfProvisioning',\n" diff --git a/identity/aidl/vts/UpdateCredentialTests.cpp b/identity/aidl/vts/UpdateCredentialTests.cpp index 9c5ca55cf2..e05bb3bfc1 100644 --- a/identity/aidl/vts/UpdateCredentialTests.cpp +++ b/identity/aidl/vts/UpdateCredentialTests.cpp @@ -114,7 +114,7 @@ void UpdateCredentialTests::provisionData() { optional<vector<uint8_t>> proofOfProvisioning = support::coseSignGetPayload(proofOfProvisioningSignature); ASSERT_TRUE(proofOfProvisioning); - string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {}); + string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {}); EXPECT_EQ( "[\n" " 'ProofOfProvisioning',\n" @@ -195,7 +195,7 @@ TEST_P(UpdateCredentialTests, updateCredential) { optional<vector<uint8_t>> proofOfProvisioning = support::coseSignGetPayload(proofOfProvisioningSignature); ASSERT_TRUE(proofOfProvisioning); - string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {}); + string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {}); EXPECT_EQ( "[\n" " 'ProofOfProvisioning',\n" diff --git a/identity/aidl/vts/UserAuthTests.cpp b/identity/aidl/vts/UserAuthTests.cpp index ef89d1cafd..edd1725055 100644 --- a/identity/aidl/vts/UserAuthTests.cpp +++ b/identity/aidl/vts/UserAuthTests.cpp @@ -160,8 +160,8 @@ cppbor::Map calcSessionTranscript(const vector<uint8_t>& ePublicKey) { // Let SessionTranscript be a map here (it's an array in EndToEndTest) just // to check that the implementation can deal with either. cppbor::Map sessionTranscript; - sessionTranscript.add(42, cppbor::Semantic(24, deviceEngagementBytes)); - sessionTranscript.add(43, cppbor::Semantic(24, eReaderPubBytes)); + sessionTranscript.add(42, cppbor::SemanticTag(24, deviceEngagementBytes)); + sessionTranscript.add(43, cppbor::SemanticTag(24, eReaderPubBytes)); return sessionTranscript; } @@ -209,7 +209,7 @@ void UserAuthTests::retrieveData(HardwareAuthToken authToken, VerificationToken vector<uint8_t> dataToSign = cppbor::Array() .add("ReaderAuthentication") .add(sessionTranscript_.clone()) - .add(cppbor::Semantic(24, itemsRequestBytes)) + .add(cppbor::SemanticTag(24, itemsRequestBytes)) .encode(); } diff --git a/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp b/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp index cc63c482f1..bc37020293 100644 --- a/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp +++ b/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp @@ -338,8 +338,7 @@ TEST_P(IdentityCredentialTests, verifyOneProfileAndEntryPass) { optional<vector<uint8_t>> proofOfProvisioning = support::coseSignGetPayload(proofOfProvisioningSignature); ASSERT_TRUE(proofOfProvisioning); - string cborPretty = - support::cborPrettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"}); + string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"}); EXPECT_EQ( "[\n" " 'ProofOfProvisioning',\n" @@ -449,9 +448,9 @@ TEST_P(IdentityCredentialTests, verifyManyProfilesAndEntriesPass) { optional<vector<uint8_t>> proofOfProvisioning = support::coseSignGetPayload(proofOfProvisioningSignature); ASSERT_TRUE(proofOfProvisioning); - string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), - 32, // - {"readerCertificate"}); + string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), + 32, // + {"readerCertificate"}); EXPECT_EQ( "[\n" " 'ProofOfProvisioning',\n" diff --git a/identity/support/Android.bp b/identity/support/Android.bp index d00f59a9fa..774bc40406 100644 --- a/identity/support/Android.bp +++ b/identity/support/Android.bp @@ -42,7 +42,7 @@ cc_library { "libpuresoftkeymasterdevice", ], static_libs: [ - "libcppbor", + "libcppbor_external", ], } @@ -59,7 +59,7 @@ cc_test { "libhardware", ], static_libs: [ - "libcppbor", + "libcppbor_external", "libgmock", ], test_suites: ["general-tests"], @@ -89,7 +89,7 @@ cc_test { "tests/cppbor_test.cpp", ], shared_libs: [ - "libcppbor", + "libcppbor_external", "libbase", ], static_libs: [ @@ -104,7 +104,7 @@ cc_test_host { "tests/cppbor_test.cpp", ], shared_libs: [ - "libcppbor", + "libcppbor_external", "libbase", ], static_libs: [ diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp index aba89c12dc..4547624fde 100644 --- a/identity/support/src/IdentityCredentialSupport.cpp +++ b/identity/support/src/IdentityCredentialSupport.cpp @@ -148,199 +148,6 @@ optional<vector<uint8_t>> decodeHex(const string& hexEncoded) { } // --------------------------------------------------------------------------- -// CBOR utilities. -// --------------------------------------------------------------------------- - -static bool cborAreAllElementsNonCompound(const cppbor::CompoundItem* compoundItem) { - if (compoundItem->type() == cppbor::ARRAY) { - const cppbor::Array* array = compoundItem->asArray(); - for (size_t n = 0; n < array->size(); n++) { - const cppbor::Item* entry = (*array)[n].get(); - switch (entry->type()) { - case cppbor::ARRAY: - case cppbor::MAP: - return false; - default: - break; - } - } - } else { - const cppbor::Map* map = compoundItem->asMap(); - for (size_t n = 0; n < map->size(); n++) { - auto [keyEntry, valueEntry] = (*map)[n]; - switch (keyEntry->type()) { - case cppbor::ARRAY: - case cppbor::MAP: - return false; - default: - break; - } - switch (valueEntry->type()) { - case cppbor::ARRAY: - case cppbor::MAP: - return false; - default: - break; - } - } - } - return true; -} - -static bool cborPrettyPrintInternal(const cppbor::Item* item, string& out, size_t indent, - size_t maxBStrSize, const vector<string>& mapKeysToNotPrint) { - char buf[80]; - - string indentString(indent, ' '); - - switch (item->type()) { - case cppbor::UINT: - snprintf(buf, sizeof(buf), "%" PRIu64, item->asUint()->unsignedValue()); - out.append(buf); - break; - - case cppbor::NINT: - snprintf(buf, sizeof(buf), "%" PRId64, item->asNint()->value()); - out.append(buf); - break; - - case cppbor::BSTR: { - const cppbor::Bstr* bstr = item->asBstr(); - const vector<uint8_t>& value = bstr->value(); - if (value.size() > maxBStrSize) { - unsigned char digest[SHA_DIGEST_LENGTH]; - SHA_CTX ctx; - SHA1_Init(&ctx); - SHA1_Update(&ctx, value.data(), value.size()); - SHA1_Final(digest, &ctx); - char buf2[SHA_DIGEST_LENGTH * 2 + 1]; - for (size_t n = 0; n < SHA_DIGEST_LENGTH; n++) { - snprintf(buf2 + n * 2, 3, "%02x", digest[n]); - } - snprintf(buf, sizeof(buf), "<bstr size=%zd sha1=%s>", value.size(), buf2); - out.append(buf); - } else { - out.append("{"); - for (size_t n = 0; n < value.size(); n++) { - if (n > 0) { - out.append(", "); - } - snprintf(buf, sizeof(buf), "0x%02x", value[n]); - out.append(buf); - } - out.append("}"); - } - } break; - - case cppbor::TSTR: - out.append("'"); - { - // TODO: escape "'" characters - out.append(item->asTstr()->value().c_str()); - } - out.append("'"); - break; - - case cppbor::ARRAY: { - const cppbor::Array* array = item->asArray(); - if (array->size() == 0) { - out.append("[]"); - } else if (cborAreAllElementsNonCompound(array)) { - out.append("["); - for (size_t n = 0; n < array->size(); n++) { - if (!cborPrettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize, - mapKeysToNotPrint)) { - return false; - } - out.append(", "); - } - out.append("]"); - } else { - out.append("[\n" + indentString); - for (size_t n = 0; n < array->size(); n++) { - out.append(" "); - if (!cborPrettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize, - mapKeysToNotPrint)) { - return false; - } - out.append(",\n" + indentString); - } - out.append("]"); - } - } break; - - case cppbor::MAP: { - const cppbor::Map* map = item->asMap(); - - if (map->size() == 0) { - out.append("{}"); - } else { - out.append("{\n" + indentString); - for (size_t n = 0; n < map->size(); n++) { - out.append(" "); - - auto [map_key, map_value] = (*map)[n]; - - if (!cborPrettyPrintInternal(map_key.get(), out, indent + 2, maxBStrSize, - mapKeysToNotPrint)) { - return false; - } - out.append(" : "); - if (map_key->type() == cppbor::TSTR && - std::find(mapKeysToNotPrint.begin(), mapKeysToNotPrint.end(), - map_key->asTstr()->value()) != mapKeysToNotPrint.end()) { - out.append("<not printed>"); - } else { - if (!cborPrettyPrintInternal(map_value.get(), out, indent + 2, maxBStrSize, - mapKeysToNotPrint)) { - return false; - } - } - out.append(",\n" + indentString); - } - out.append("}"); - } - } break; - - case cppbor::SEMANTIC: { - const cppbor::Semantic* semantic = item->asSemantic(); - snprintf(buf, sizeof(buf), "tag %" PRIu64 " ", semantic->value()); - out.append(buf); - cborPrettyPrintInternal(semantic->child().get(), out, indent, maxBStrSize, - mapKeysToNotPrint); - } break; - - case cppbor::SIMPLE: - const cppbor::Bool* asBool = item->asSimple()->asBool(); - const cppbor::Null* asNull = item->asSimple()->asNull(); - if (asBool != nullptr) { - out.append(asBool->value() ? "true" : "false"); - } else if (asNull != nullptr) { - out.append("null"); - } else { - LOG(ERROR) << "Only boolean/null is implemented for SIMPLE"; - return false; - } - break; - } - - return true; -} - -string cborPrettyPrint(const vector<uint8_t>& encodedCbor, size_t maxBStrSize, - const vector<string>& mapKeysToNotPrint) { - auto [item, _, message] = cppbor::parse(encodedCbor); - if (item == nullptr) { - LOG(ERROR) << "Data to pretty print is not valid CBOR: " << message; - return ""; - } - - string out; - cborPrettyPrintInternal(item.get(), out, 0, maxBStrSize, mapKeysToNotPrint); - return out; -} - -// --------------------------------------------------------------------------- // Crypto functionality / abstraction. // --------------------------------------------------------------------------- @@ -2140,7 +1947,7 @@ optional<int> coseSignGetAlg(const vector<uint8_t>& signatureCoseSign1) { } for (size_t n = 0; n < protectedHeaders->size(); n++) { - auto [keyItem, valueItem] = (*protectedHeaders)[n]; + auto& [keyItem, valueItem] = (*protectedHeaders)[n]; const cppbor::Int* number = keyItem->asInt(); if (number == nullptr) { LOG(ERROR) << "Key item in top-level map is not a number"; @@ -2183,7 +1990,7 @@ optional<vector<uint8_t>> coseSignGetX5Chain(const vector<uint8_t>& signatureCos } for (size_t n = 0; n < unprotectedHeaders->size(); n++) { - auto [keyItem, valueItem] = (*unprotectedHeaders)[n]; + auto& [keyItem, valueItem] = (*unprotectedHeaders)[n]; const cppbor::Int* number = keyItem->asInt(); if (number == nullptr) { LOG(ERROR) << "Key item in top-level map is not a number"; @@ -2335,9 +2142,9 @@ optional<vector<uint8_t>> calcMac(const vector<uint8_t>& sessionTranscriptEncode .add("DeviceAuthentication") .add(std::move(sessionTranscriptItem)) .add(docType) - .add(cppbor::Semantic(kSemanticTagEncodedCbor, deviceNameSpacesEncoded)); + .add(cppbor::SemanticTag(kSemanticTagEncodedCbor, deviceNameSpacesEncoded)); vector<uint8_t> deviceAuthenticationBytes = - cppbor::Semantic(kSemanticTagEncodedCbor, deviceAuthentication.encode()).encode(); + cppbor::SemanticTag(kSemanticTagEncodedCbor, deviceAuthentication.encode()).encode(); optional<vector<uint8_t>> calculatedMac = support::coseMac0(eMacKey, {}, // payload deviceAuthenticationBytes); // detached content diff --git a/identity/support/tests/IdentityCredentialSupportTest.cpp b/identity/support/tests/IdentityCredentialSupportTest.cpp index 509133cbc9..4c9b87af6f 100644 --- a/identity/support/tests/IdentityCredentialSupportTest.cpp +++ b/identity/support/tests/IdentityCredentialSupportTest.cpp @@ -55,99 +55,6 @@ TEST(IdentityCredentialSupport, decodeHex) { EXPECT_FALSE(support::decodeHex("012")); } -TEST(IdentityCredentialSupport, CborPrettyPrint) { - EXPECT_EQ("'Some text'", support::cborPrettyPrint(cppbor::Tstr("Some text").encode())); - - EXPECT_EQ("''", support::cborPrettyPrint(cppbor::Tstr("").encode())); - - EXPECT_EQ("{0x01, 0x00, 0x02, 0xf0, 0xff, 0x40}", - support::cborPrettyPrint( - cppbor::Bstr(vector<uint8_t>({1, 0, 2, 240, 255, 64})).encode())); - - EXPECT_EQ("{}", support::cborPrettyPrint(cppbor::Bstr(vector<uint8_t>()).encode())); - - EXPECT_EQ("true", support::cborPrettyPrint(cppbor::Bool(true).encode())); - - EXPECT_EQ("false", support::cborPrettyPrint(cppbor::Bool(false).encode())); - - EXPECT_EQ("42", support::cborPrettyPrint(cppbor::Uint(42).encode())); - - EXPECT_EQ("9223372036854775807", // 0x7fff ffff ffff ffff - support::cborPrettyPrint(cppbor::Uint(std::numeric_limits<int64_t>::max()).encode())); - - EXPECT_EQ("-42", support::cborPrettyPrint(cppbor::Nint(-42).encode())); - - EXPECT_EQ("-9223372036854775808", // -0x8000 0000 0000 0000 - support::cborPrettyPrint(cppbor::Nint(std::numeric_limits<int64_t>::min()).encode())); -} - -TEST(IdentityCredentialSupport, CborPrettyPrintCompound) { - cppbor::Array array = cppbor::Array("foo", "bar", "baz"); - EXPECT_EQ("['foo', 'bar', 'baz', ]", support::cborPrettyPrint(array.encode())); - - cppbor::Map map = cppbor::Map().add("foo", 42).add("bar", 43).add("baz", 44); - EXPECT_EQ( - "{\n" - " 'foo' : 42,\n" - " 'bar' : 43,\n" - " 'baz' : 44,\n" - "}", - support::cborPrettyPrint(map.encode())); - - cppbor::Array array2 = cppbor::Array(cppbor::Tstr("Some text"), cppbor::Nint(-42)); - EXPECT_EQ("['Some text', -42, ]", support::cborPrettyPrint(array2.encode())); - - cppbor::Map map2 = cppbor::Map().add(42, "foo").add(43, "bar").add(44, "baz"); - EXPECT_EQ( - "{\n" - " 42 : 'foo',\n" - " 43 : 'bar',\n" - " 44 : 'baz',\n" - "}", - support::cborPrettyPrint(map2.encode())); - - cppbor::Array deeplyNestedArrays = - cppbor::Array(cppbor::Array(cppbor::Array("a", "b", "c")), - cppbor::Array(cppbor::Array("d", "e", cppbor::Array("f", "g")))); - EXPECT_EQ( - "[\n" - " ['a', 'b', 'c', ],\n" - " [\n 'd',\n" - " 'e',\n" - " ['f', 'g', ],\n" - " ],\n" - "]", - support::cborPrettyPrint(deeplyNestedArrays.encode())); - - EXPECT_EQ( - "[\n" - " {0x0a, 0x0b},\n" - " 'foo',\n" - " 42,\n" - " ['foo', 'bar', 'baz', ],\n" - " {\n" - " 'foo' : 42,\n" - " 'bar' : 43,\n" - " 'baz' : 44,\n" - " },\n" - " {\n" - " 'deep1' : ['Some text', -42, ],\n" - " 'deep2' : {\n" - " 42 : 'foo',\n" - " 43 : 'bar',\n" - " 44 : 'baz',\n" - " },\n" - " },\n" - "]", - support::cborPrettyPrint(cppbor::Array(cppbor::Bstr(vector<uint8_t>{10, 11}), - cppbor::Tstr("foo"), cppbor::Uint(42), - std::move(array), std::move(map), - (cppbor::Map() - .add("deep1", std::move(array2)) - .add("deep2", std::move(map2)))) - .encode())); -} - TEST(IdentityCredentialSupport, Signatures) { vector<uint8_t> data = {1, 2, 3}; @@ -219,7 +126,7 @@ TEST(IdentityCredentialSupport, CoseSignatures) { ASSERT_EQ(data, payload.value()); // Finally, check that |coseSign1| are the bytes of a valid COSE_Sign1 message - string out = support::cborPrettyPrint(coseSign1.value()); + string out = cppbor::prettyPrint(coseSign1.value()); out = replaceLine(out, -2, " [] // Signature Removed"); EXPECT_EQ( "[\n" @@ -250,7 +157,7 @@ TEST(IdentityCredentialSupport, CoseSignaturesAdditionalData) { ASSERT_EQ(0, payload.value().size()); // Finally, check that |coseSign1| are the bytes of a valid COSE_Sign1 message - string out = support::cborPrettyPrint(coseSign1.value()); + string out = cppbor::prettyPrint(coseSign1.value()); out = replaceLine(out, -2, " [] // Signature Removed"); EXPECT_EQ( "[\n" @@ -411,7 +318,7 @@ TEST(IdentityCredentialSupport, CoseMac0) { "0x86, 0x5c, 0x28, 0x2c, 0xd5, 0xa5, 0x13, 0xff, 0x3b, 0xd1, 0xde, 0x70, 0x5e, 0xbb, " "0xe2, 0x2d, 0x42, 0xbe, 0x53},\n" "]", - support::cborPrettyPrint(mac.value())); + cppbor::prettyPrint(mac.value())); } TEST(IdentityCredentialSupport, CoseMac0DetachedContent) { @@ -433,7 +340,7 @@ TEST(IdentityCredentialSupport, CoseMac0DetachedContent) { "0x86, 0x5c, 0x28, 0x2c, 0xd5, 0xa5, 0x13, 0xff, 0x3b, 0xd1, 0xde, 0x70, 0x5e, 0xbb, " "0xe2, 0x2d, 0x42, 0xbe, 0x53},\n" "]", - support::cborPrettyPrint(mac.value())); + cppbor::prettyPrint(mac.value())); } // Generates a private key in DER format for a small value of 'd'. @@ -460,8 +367,8 @@ std::pair<vector<uint8_t>, vector<uint8_t>> p256PrivateKeyGetXandY( const cppbor::Item* findValueForTstr(const cppbor::Map* map, const string& keyValue) { // TODO: Need cast until libcppbor's Map::get() is marked as const - auto [item, found] = ((cppbor::Map*)map)->get(keyValue); - if (!found) { + const auto& item = map->get(keyValue); + if (!item) { return nullptr; } return item.get(); @@ -483,12 +390,13 @@ const cppbor::Map* findMapValueForTstr(const cppbor::Map* map, const string& key return item->asMap(); } -const cppbor::Semantic* findSemanticValueForTstr(const cppbor::Map* map, const string& keyValue) { +const cppbor::SemanticTag* findSemanticValueForTstr(const cppbor::Map* map, + const string& keyValue) { const cppbor::Item* item = findValueForTstr(map, keyValue); if (item == nullptr) { return nullptr; } - return item->asSemantic(); + return item->asSemanticTag(); } const std::string findStringValueForTstr(const cppbor::Map* map, const string& keyValue) { @@ -576,11 +484,11 @@ TEST(IdentityCredentialSupport, testVectors_18013_5) { auto [sessionEstablishmentItem, _se, _se2] = cppbor::parse(sessionEstablishmentEncoded.value()); const cppbor::Map* sessionEstablishment = sessionEstablishmentItem->asMap(); ASSERT_NE(sessionEstablishment, nullptr); - const cppbor::Semantic* eReaderKeyBytes = + const cppbor::SemanticTag* eReaderKeyBytes = findSemanticValueForTstr(sessionEstablishment, "eReaderKeyBytes"); ASSERT_NE(eReaderKeyBytes, nullptr); - ASSERT_EQ(eReaderKeyBytes->value(), 24); - const cppbor::Bstr* eReaderKeyBstr = eReaderKeyBytes->child()->asBstr(); + ASSERT_EQ(eReaderKeyBytes->semanticTag(), 24); + const cppbor::Bstr* eReaderKeyBstr = eReaderKeyBytes->asBstr(); ASSERT_NE(eReaderKeyBstr, nullptr); vector<uint8_t> eReaderKeyEncoded = eReaderKeyBstr->value(); // TODO: verify this agrees with ephemeralReaderKeyX and ephemeralReaderKeyY @@ -605,12 +513,12 @@ TEST(IdentityCredentialSupport, testVectors_18013_5) { // SessionTranscriptBytes = #6.24(bstr .cbor SessionTranscript) // cppbor::Array sessionTranscript; - sessionTranscript.add(cppbor::Semantic(24, deviceEngagementEncoded)); - sessionTranscript.add(cppbor::Semantic(24, eReaderKeyEncoded)); + sessionTranscript.add(cppbor::SemanticTag(24, deviceEngagementEncoded)); + sessionTranscript.add(cppbor::SemanticTag(24, eReaderKeyEncoded)); sessionTranscript.add(cppbor::Null()); vector<uint8_t> sessionTranscriptEncoded = sessionTranscript.encode(); vector<uint8_t> sessionTranscriptBytes = - cppbor::Semantic(24, sessionTranscriptEncoded).encode(); + cppbor::SemanticTag(24, sessionTranscriptEncoded).encode(); // The expected EMacKey is 4c1ebb8aacc633465390fa44edfdb49cb57f2e079aaa771d812584699c0b97e2 // @@ -696,11 +604,11 @@ TEST(IdentityCredentialSupport, testVectors_18013_5) { // Dig out the encoded form of DeviceNameSpaces // - const cppbor::Semantic* deviceNameSpacesBytes = + const cppbor::SemanticTag* deviceNameSpacesBytes = findSemanticValueForTstr(deviceSigned, "nameSpaces"); ASSERT_NE(deviceNameSpacesBytes, nullptr); - ASSERT_EQ(deviceNameSpacesBytes->value(), 24); - const cppbor::Bstr* deviceNameSpacesBstr = deviceNameSpacesBytes->child()->asBstr(); + ASSERT_EQ(deviceNameSpacesBytes->semanticTag(), 24); + const cppbor::Bstr* deviceNameSpacesBstr = deviceNameSpacesBytes->asBstr(); ASSERT_NE(deviceNameSpacesBstr, nullptr); vector<uint8_t> deviceNameSpacesEncoded = deviceNameSpacesBstr->value(); |