diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-18 06:20:23 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-18 06:20:23 +0000 |
| commit | 8243a3b2a6fb25ed6323eef75bfd1ae52756fc6f (patch) | |
| tree | e06f7cf937b8c7571f45854c64ee5fe5b9c315c9 | |
| parent | ea86a06dd42d2424f1d93941b5898800c627f820 (diff) | |
| parent | 40333aecef6b95f6505093d44681d39d9c3222e1 (diff) | |
| download | coset-8243a3b2a6fb25ed6323eef75bfd1ae52756fc6f.tar.gz | |
Snap for 9626528 from 40333aecef6b95f6505093d44681d39d9c3222e1 to udc-release
Change-Id: I25fa583243c05389af58a778be995449756ce391
| -rw-r--r-- | .cargo_vcs_info.json | 2 | ||||
| -rw-r--r-- | .github/workflows/ci.yml | 6 | ||||
| -rw-r--r-- | Android.bp | 6 | ||||
| -rw-r--r-- | CHANGELOG.md | 6 | ||||
| -rw-r--r-- | Cargo.lock | 2 | ||||
| -rw-r--r-- | Cargo.toml | 6 | ||||
| -rw-r--r-- | Cargo.toml.orig | 7 | ||||
| -rw-r--r-- | METADATA | 14 | ||||
| -rw-r--r-- | examples/cwt.rs | 9 | ||||
| -rwxr-xr-x | scripts/check-format.sh | 2 | ||||
| -rw-r--r-- | src/common/mod.rs | 3 | ||||
| -rw-r--r-- | src/cwt/mod.rs | 15 | ||||
| -rw-r--r-- | src/cwt/tests.rs | 41 | ||||
| -rw-r--r-- | src/encrypt/mod.rs | 48 | ||||
| -rw-r--r-- | src/lib.rs | 2 | ||||
| -rw-r--r-- | src/util/mod.rs | 1 |
16 files changed, 122 insertions, 48 deletions
diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json index 505822c..79d70ec 100644 --- a/.cargo_vcs_info.json +++ b/.cargo_vcs_info.json @@ -1,6 +1,6 @@ { "git": { - "sha1": "1f265f2dd6ef6fa855dedfe185bf3ad19f05d755" + "sha1": "8a8552a8b57f004d08d081230659b47578c86b66" }, "path_in_vcs": "" }
\ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 66d1a3f..14bc1f5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,6 +28,7 @@ jobs: components: rustfmt override: true - run: cargo build --release --workspace + - run: cargo build --release --workspace --features=std test: runs-on: ubuntu-latest @@ -48,6 +49,7 @@ jobs: components: rustfmt override: true - run: cargo test --workspace -- --nocapture + - run: cargo test --workspace --features=std -- --nocapture examples: runs-on: ubuntu-latest @@ -68,6 +70,7 @@ jobs: components: rustfmt override: true - run: cargo test --examples + - run: cargo test --features=std --examples no_std: name: Build for a no_std target @@ -107,6 +110,7 @@ jobs: components: rustfmt override: true - run: rustc --version + - run: cargo build --release --workspace - run: cargo build --release --workspace --all-features formatting: @@ -114,7 +118,7 @@ jobs: steps: - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 - uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2 - - run: go get github.com/campoy/embedmd + - run: go install github.com/campoy/embedmd@97c13d6 - uses: actions/setup-ruby@b007fae6f1ffbe3a51c00a6df6f5ff01184d5340 # v1 - run: gem install mdl - uses: actions-rs/toolchain@63eb9591781c46a70274cb3ebdf190fce92702e8 # v1 @@ -23,7 +23,7 @@ rust_test { host_supported: true, crate_name: "coset", cargo_env_compat: true, - cargo_pkg_version: "0.3.3", + cargo_pkg_version: "0.3.4", srcs: ["src/lib.rs"], test_suites: ["general-tests"], auto_gen_config: true, @@ -31,6 +31,7 @@ rust_test { unit_test: true, }, edition: "2018", + features: ["default"], rustlibs: [ "libciborium", "libciborium_io", @@ -43,9 +44,10 @@ rust_library { host_supported: true, crate_name: "coset", cargo_env_compat: true, - cargo_pkg_version: "0.3.3", + cargo_pkg_version: "0.3.4", srcs: ["src/lib.rs"], edition: "2018", + features: ["default"], rustlibs: [ "libciborium", "libciborium_io", diff --git a/CHANGELOG.md b/CHANGELOG.md index 087c02d..df2b2cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change Log +## 0.3.4 - 2023-01-25 + +- Add non-default `std` feature that turns on `impl Error for CoseError`. +- Add `cwt::ClaimsSetBuilder::private_claim` method. +- Update documentation for existing encryption methods to make it clear that they only support AEAD encryption. + ## 0.3.3 - 2022-09-30 - Add `CoseKeyBuilder` methods `kty`, `key_type` and `new_okp_key`. @@ -31,7 +31,7 @@ dependencies = [ [[package]] name = "coset" -version = "0.3.3" +version = "0.3.4" dependencies = [ "ciborium", "ciborium-io", @@ -12,7 +12,7 @@ [package] edition = "2018" name = "coset" -version = "0.3.3" +version = "0.3.4" authors = [ "David Drysdale <drysdale@google.com>", "Paul Crowley <paulcrowley@google.com>", @@ -37,3 +37,7 @@ features = ["alloc"] [dev-dependencies.hex] version = "^0.4.2" + +[features] +default = [] +std = [] diff --git a/Cargo.toml.orig b/Cargo.toml.orig index 5544745..e011996 100644 --- a/Cargo.toml.orig +++ b/Cargo.toml.orig @@ -1,6 +1,6 @@ [package] name = "coset" -version = "0.3.3" +version = "0.3.4" authors = ["David Drysdale <drysdale@google.com>", "Paul Crowley <paulcrowley@google.com>"] edition = "2018" license = "Apache-2.0" @@ -9,6 +9,11 @@ repository = "https://github.com/google/coset" keywords = ["cryptography", "cose"] categories = ["cryptography"] +[features] +default = [] +# `std` feature enables an `Error` impl for `CoseError` +std = [] + [dependencies] ciborium = { version = "^0.2.0", default-features = false } ciborium-io = { version = "^0.2.0", features = ["alloc"] } @@ -1,3 +1,7 @@ +# This project was upgraded with external_updater. +# Usage: tools/external_updater/updater.sh update rust/crates/coset +# For more info, check https://cs.android.com/android/platform/superproject/+/master:tools/external_updater/README.md + name: "coset" description: "Set of types for supporting COSE" third_party { @@ -7,13 +11,13 @@ third_party { } url { type: ARCHIVE - value: "https://static.crates.io/crates/coset/coset-0.3.3.crate" + value: "https://static.crates.io/crates/coset/coset-0.3.4.crate" } - version: "0.3.3" + version: "0.3.4" license_type: NOTICE last_upgrade_date { - year: 2022 - month: 10 - day: 6 + year: 2023 + month: 2 + day: 15 } } diff --git a/examples/cwt.rs b/examples/cwt.rs index f9f113b..5972cf9 100644 --- a/examples/cwt.rs +++ b/examples/cwt.rs @@ -15,7 +15,7 @@ //////////////////////////////////////////////////////////////////////////////// //! Example program demonstrating signed CWT processing. -use coset::{cwt, iana, CborSerializable, CoseError}; +use coset::{cbor::value::Value, cwt, iana, CborSerializable, CoseError}; #[derive(Copy, Clone)] struct FakeSigner {} @@ -49,6 +49,13 @@ fn main() -> Result<(), CoseError> { .not_before(cwt::Timestamp::WholeSeconds(1443944944)) .issued_at(cwt::Timestamp::WholeSeconds(1443944944)) .cwt_id(vec![0x0b, 0x71]) + // Add additional standard claim. + .claim( + iana::CwtClaimName::Scope, + Value::Text("email phone".to_string()), + ) + // Add additional private-use claim. + .private_claim(-70_000, Value::Integer(42.into())) .build(); let aad = b""; diff --git a/scripts/check-format.sh b/scripts/check-format.sh index 445a564..220022c 100755 --- a/scripts/check-format.sh +++ b/scripts/check-format.sh @@ -90,7 +90,7 @@ done EMBEDMD="$(go env GOPATH)/bin/embedmd" if [[ ! -x "$EMBEDMD" ]]; then - go get github.com/campoy/embedmd + go install github.com/campoy/embedmd@97c13d6 fi for f in "${MD_FILES[@]}"; do "$EMBEDMD" -d "$f" diff --git a/src/common/mod.rs b/src/common/mod.rs index c1f2973..106a3a3 100644 --- a/src/common/mod.rs +++ b/src/common/mod.rs @@ -87,6 +87,9 @@ impl core::fmt::Display for CoseError { } } +#[cfg(feature = "std")] +impl std::error::Error for CoseError {} + impl CoseError { fn fmt_msg(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { match self { diff --git a/src/cwt/mod.rs b/src/cwt/mod.rs index fe5e410..d12531a 100644 --- a/src/cwt/mod.rs +++ b/src/cwt/mod.rs @@ -20,7 +20,7 @@ use crate::{ cbor::value::Value, common::AsCborValue, iana, - iana::EnumI64, + iana::{EnumI64, WithPrivateRange}, util::{cbor_type_error, ValueTryAs}, CoseError, }; @@ -183,4 +183,17 @@ impl ClaimsSetBuilder { self.0.rest.push((ClaimName::Text(name), value)); self } + + /// Set a claim where the claim key is a numeric value from the private use range. + /// + /// # Panics + /// + /// This function will panic if it is used to set a claim with a key value outside of the + /// private use range. + #[must_use] + pub fn private_claim(mut self, id: i64, value: Value) -> Self { + assert!(iana::CwtClaimName::is_private(id)); + self.0.rest.push((ClaimName::PrivateUse(id), value)); + self + } } diff --git a/src/cwt/tests.rs b/src/cwt/tests.rs index 7487d1a..ff59dd6 100644 --- a/src/cwt/tests.rs +++ b/src/cwt/tests.rs @@ -41,16 +41,32 @@ fn test_cwt_encode() { .not_before(Timestamp::WholeSeconds(0x200)) .issued_at(Timestamp::WholeSeconds(0x10)) .cwt_id(vec![1, 2, 3, 4]) + .private_claim(-70_000, Value::Integer(0.into())) .build(), concat!( - "a7", // 7-map - "01", "63", "616161", // 1 (iss) => 3-tstr - "02", "62", "6262", // 2 (sub) => 2-tstr - "03", "61", "63", // 3 (aud) => 1-tstr - "04", "19", "0100", // 4 (exp) => uint - "05", "19", "0200", // 5 (nbf) => uint - "06", "10", // 6 (iat) => uint - "07", "44", "01020304" // 7 => bstr + "a8", // 8-map + "01", + "63", + "616161", // 1 (iss) => 3-tstr + "02", + "62", + "6262", // 2 (sub) => 2-tstr + "03", + "61", + "63", // 3 (aud) => 1-tstr + "04", + "19", + "0100", // 4 (exp) => uint + "05", + "19", + "0200", // 5 (nbf) => uint + "06", + "10", // 6 (iat) => uint + "07", + "44", + "01020304", // 7 => bstr + "3a0001116f", + "00" // -70000 => uint ), ), ( @@ -196,6 +212,15 @@ fn test_cwt_claims_builder_core_param_panic() { } #[test] +#[should_panic] +fn test_cwt_claims_builder_non_private_panic() { + // Attempting to set a claim outside of private range via `.private_claim()` panics. + let _claims = ClaimsSetBuilder::new() + .private_claim(100, Value::Null) + .build(); +} + +#[test] fn test_cwt_dup_claim() { // Set a duplicate map key. let claims = ClaimsSetBuilder::new() diff --git a/src/encrypt/mod.rs b/src/encrypt/mod.rs index 22f9777..db38de5 100644 --- a/src/encrypt/mod.rs +++ b/src/encrypt/mod.rs @@ -95,8 +95,8 @@ impl AsCborValue for CoseRecipient { } impl CoseRecipient { - /// Decrypt the `ciphertext` value, using `cipher` to decrypt the cipher text and - /// combined AAD. + /// Decrypt the `ciphertext` value with an AEAD, using `cipher` to decrypt the cipher text and + /// combined AAD as per RFC 8152 section 5.3. /// /// # Panics /// @@ -140,9 +140,9 @@ impl CoseRecipientBuilder { self } - /// Calculate the ciphertext value, using `cipher` to generate the encrypted bytes from the - /// plaintext and combined AAD (in that order). Any protected header values should be set - /// before using this method. + /// Calculate the ciphertext value with an AEAD, using `cipher` to generate the encrypted bytes + /// from the plaintext and combined AAD (in that order) as per RFC 8152 section 5.3. Any + /// protected header values should be set before using this method. /// /// # Panics /// @@ -162,9 +162,9 @@ impl CoseRecipientBuilder { self.ciphertext(cipher(plaintext, &aad)) } - /// Calculate the ciphertext value, using `cipher` to generate the encrypted bytes from the - /// plaintext and combined AAD (in that order). Any protected header values should be set - /// before using this method. + /// Calculate the ciphertext value with an AEAD, using `cipher` to generate the encrypted bytes + /// from the plaintext and combined AAD (in that order) as per RFC 8152 section 5.3. Any + /// protected header values should be set before using this method. /// /// # Panics /// @@ -183,8 +183,8 @@ impl CoseRecipientBuilder { Ok(self.ciphertext(cipher(plaintext, &aad)?)) } - /// Construct the combined AAD data needed for encryption. Any protected header values should be - /// set before using this method. + /// Construct the combined AAD data needed for encryption with an AEAD. Any protected header + /// values should be set before using this method. /// /// # Panics /// @@ -261,7 +261,7 @@ impl AsCborValue for CoseEncrypt { } impl CoseEncrypt { - /// Decrypt the `ciphertext` value, using `cipher` to decrypt the cipher text and + /// Decrypt the `ciphertext` value with an AEAD, using `cipher` to decrypt the cipher text and /// combined AAD. /// /// # Panics @@ -291,9 +291,9 @@ impl CoseEncryptBuilder { builder_set! {unprotected: Header} builder_set_optional! {ciphertext: Vec<u8>} - /// Calculate the ciphertext value, using `cipher` to generate the encrypted bytes from the - /// plaintext and combined AAD (in that order). Any protected header values should be set - /// before using this method. + /// Calculate the ciphertext value with an AEAD, using `cipher` to generate the encrypted bytes + /// from the plaintext and combined AAD (in that order) as per RFC 8152 section 5.3. Any + /// protected header values should be set before using this method. #[must_use] pub fn create_ciphertext<F>(self, plaintext: &[u8], external_aad: &[u8], cipher: F) -> Self where @@ -307,9 +307,9 @@ impl CoseEncryptBuilder { self.ciphertext(cipher(plaintext, &aad)) } - /// Calculate the ciphertext value, using `cipher` to generate the encrypted bytes from the - /// plaintext and combined AAD (in that order). Any protected header values should be set - /// before using this method. + /// Calculate the ciphertext value with an AEAD, using `cipher` to generate the encrypted bytes + /// from the plaintext and combined AAD (in that order) as per RFC 8152 section 5.3. Any + /// protected header values should be set before using this method. pub fn try_create_ciphertext<F, E>( self, plaintext: &[u8], @@ -389,7 +389,7 @@ impl AsCborValue for CoseEncrypt0 { } impl CoseEncrypt0 { - /// Decrypt the `ciphertext` value, using `cipher` to decrypt the cipher text and + /// Decrypt the `ciphertext` value with an AEAD, using `cipher` to decrypt the cipher text and /// combined AAD. /// /// # Panics @@ -419,9 +419,9 @@ impl CoseEncrypt0Builder { builder_set! {unprotected: Header} builder_set_optional! {ciphertext: Vec<u8>} - /// Calculate the ciphertext value, using `cipher` to generate the encrypted bytes from the - /// plaintext and combined AAD (in that order). Any protected header values should be set - /// before using this method. + /// Calculate the ciphertext value with an AEAD, using `cipher` to generate the encrypted bytes + /// from the plaintext and combined AAD (in that order) as per RFC 8152 section 5.3. Any + /// protected header values should be set before using this method. #[must_use] pub fn create_ciphertext<F>(self, plaintext: &[u8], external_aad: &[u8], cipher: F) -> Self where @@ -435,9 +435,9 @@ impl CoseEncrypt0Builder { self.ciphertext(cipher(plaintext, &aad)) } - /// Calculate the ciphertext value, using `cipher` to generate the encrypted bytes from the - /// plaintext and combined AAD (in that order). Any protected header values should be set - /// before using this method. + /// Calculate the ciphertext value with an AEAD, using `cipher` to generate the encrypted bytes + /// from the plaintext and combined AAD (in that order) as per RFC 8152 section 5.3. Any + /// protected header values should be set before using this method. pub fn try_create_ciphertext<F, E>( self, plaintext: &[u8], @@ -96,7 +96,7 @@ //! [COSE]: https://tools.ietf.org/html/rfc8152 //! [CBOR]: https://tools.ietf.org/html/rfc7049 -#![no_std] +#![cfg_attr(not(feature = "std"), no_std)] #![deny(rustdoc::broken_intra_doc_links)] extern crate alloc; diff --git a/src/util/mod.rs b/src/util/mod.rs index 5608a4f..5dde295 100644 --- a/src/util/mod.rs +++ b/src/util/mod.rs @@ -164,6 +164,7 @@ pub fn expect_err<T: core::fmt::Debug, E: core::fmt::Debug + core::fmt::Display> result: Result<T, E>, err_msg: &str, ) { + #[cfg(not(feature = "std"))] use alloc::format; match result { Ok(_) => { |