Add COSE Hash Envelope

transmute-industries · Jul 21, 2024 · 9b3214b · 9b3214b
1 parent 277bce1
commit 9b3214b
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 15 deletions.
diff --git a/src/cose/Params.ts b/src/cose/Params.ts
@@ -30,8 +30,11 @@ export const PartyVOther = -26
 
 export const ContentType = 3
 
-export const ProofType = -111
+export const ProofType = 395
 
+export const PayloadLocation = -6801;
+export const PayloadPreImageContentType = -6802;
+export const PayloadHashAlgorithm = -6800;
 
 export const Protected = {
   ...HeaderParameters,
@@ -42,7 +45,11 @@ export const Protected = {
   PartyVNonce,
   PartyVOther,
   ContentType,
-  ProofType // new from COSE Merkle Tree Proofs
+  ProofType, // new from COSE Merkle Tree Proofs
+
+  PayloadHashAlgorithm, // new COSE Hash Envelop
+  PayloadPreImageContentType,
+  PayloadLocation,
 }
 
 export const Unprotected = {
@@ -57,6 +64,11 @@ export const Aead = {
   A128GCM
 }
 
+
+export const Hash = {
+  'SHA256': -16
+}
+
 export const Signature = {
   'ES256': -7
 }

diff --git a/src/cose/receipt/consistency/issue.ts b/src/cose/receipt/consistency/issue.ts
@@ -15,7 +15,7 @@ export type RequestIssueConsistencyReceipt = {
 
 export const issue = async (req: RequestIssueConsistencyReceipt) => {
   const { protectedHeader, receipt, entries, signer } = req;
-  const consistencyVds = protectedHeader.get(-111)
+  const consistencyVds = protectedHeader.get(395)
   if (consistencyVds !== 1) {
     throw new Error('Unsupported verifiable data structure. See https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs')
   }
@@ -27,12 +27,12 @@ export const issue = async (req: RequestIssueConsistencyReceipt) => {
 
   const [protectedHeaderBytes, unprotectedHeaderMap, payload] = value
   const receiptProtectedHeader = cbor.decode(protectedHeaderBytes)
-  const inclusionVds = receiptProtectedHeader.get(-111);
+  const inclusionVds = receiptProtectedHeader.get(395);
   if (inclusionVds !== 1) {
     throw new Error('Unsupported verifiable data structure. See https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs')
   }
 
-  const [inclusion] = unprotectedHeaderMap.get(-222).get(-1) // get first inclusion proof
+  const [inclusion] = unprotectedHeaderMap.get(396).get(-1) // get first inclusion proof
   if (payload !== null) {
     throw new Error('payload must be null for this type of proof')
   }
@@ -51,7 +51,7 @@ export const issue = async (req: RequestIssueConsistencyReceipt) => {
   const root = await CoMETRE.RFC9162_SHA256.root(entries)
 
   const proofs = new Map();
-  proofs.set(-2, [ // -2 is consistency proof for -111 (vds), 1 (RFC9162)
+  proofs.set(-2, [ // -2 is consistency proof for 395 (vds), 1 (RFC9162)
     cbor.encode([
       consistency_proof.tree_size_1,
       consistency_proof.tree_size_2,
@@ -60,7 +60,7 @@ export const issue = async (req: RequestIssueConsistencyReceipt) => {
   ])
 
   const unprotectedHeader = new Map();
-  unprotectedHeader.set(-222, proofs)
+  unprotectedHeader.set(396, proofs)
 
   const consistency = await signer.sign({
     protectedHeader,

diff --git a/src/cose/receipt/consistency/verify.ts b/src/cose/receipt/consistency/verify.ts
@@ -20,11 +20,11 @@ export const verify = async (req: RequestVerifyConsistencyReceipt) => {
   }
   const [protectedHeaderBytes, unprotectedHeaderMap, payload] = value
   const protectedHeader = cbor.decode(protectedHeaderBytes)
-  const vds = protectedHeader.get(-111);
+  const vds = protectedHeader.get(395);
   if (vds !== 1) {
     throw new Error('Unsupported verifiable data structure. See https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs')
   }
-  const proofs = unprotectedHeaderMap.get(-222)
+  const proofs = unprotectedHeaderMap.get(396)
   const [consistency] = proofs.get(-2) // get first consistency proof
   if (payload !== null) {
     throw new Error('payload must be null for this type of proof')

diff --git a/src/cose/receipt/inclusion/issue.ts b/src/cose/receipt/inclusion/issue.ts
@@ -14,7 +14,7 @@ export type RequestIssueInclusionReceipt = {
 
 export const issue = async (req: RequestIssueInclusionReceipt) => {
   const { protectedHeader, entry, entries, signer } = req;
-  const vds = protectedHeader.get(-111)
+  const vds = protectedHeader.get(395)
   if (vds !== 1) {
     throw new Error('Unsupported verifiable data structure. See https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs')
   }
@@ -24,15 +24,15 @@ export const issue = async (req: RequestIssueInclusionReceipt) => {
     entries,
   )
   const proofs = new Map();
-  proofs.set(-1, [ // -1 is inclusion proof for -111 (vds), 1 (RFC9162)
+  proofs.set(-1, [ // -1 is inclusion proof for 395 (vds), 1 (RFC9162)
     cbor.encode([ // encoded proof
       proof.tree_size,
       proof.leaf_index,
       proof.inclusion_path.map(cbor.toArrayBuffer),
     ])
   ])
   const unprotectedHeader = new Map();
-  unprotectedHeader.set(-222, proofs)
+  unprotectedHeader.set(396, proofs)
   return signer.sign({
     protectedHeader,
     unprotectedHeader,

diff --git a/src/cose/receipt/inclusion/verify.ts b/src/cose/receipt/inclusion/verify.ts
@@ -19,11 +19,11 @@ export const verify = async (req: RequestVerifyInclusionReceipt) => {
   }
   const [protectedHeaderBytes, unprotectedHeaderMap, payload] = value
   const protectedHeader = cbor.decode(protectedHeaderBytes)
-  const vds = protectedHeader.get(-111);
+  const vds = protectedHeader.get(395);
   if (vds !== 1) {
     throw new Error('Unsupported verifiable data structure. See https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs')
   }
-  const proofs = unprotectedHeaderMap.get(-222)
+  const proofs = unprotectedHeaderMap.get(396)
   const [inclusion] = proofs.get(-1) // get first inclusion proof
   if (payload !== null) {
     throw new Error('payload must be null for this type of proof')

diff --git a/src/cose/sign1/hashEnvelopeSigner.ts b/src/cose/sign1/hashEnvelopeSigner.ts
@@ -0,0 +1,28 @@
+import signer from "./signer";
+
+import subtleCryptoProvider from "../../crypto/subtleCryptoProvider";
+
+import { RequestCoseSign1Signer, RequestCoseSign1 } from "./types"
+
+// https://datatracker.ietf.org/doc/draft-steele-cose-hash-envelope/
+
+
+import { Protected } from "../Params";
+
+
+export const hash = {
+  signer: ({ remote }: RequestCoseSign1Signer) => {
+    return {
+      sign: async ({ protectedHeader, unprotectedHeader, payload }: RequestCoseSign1): Promise<Uint8Array> => {
+        const subtle = await subtleCryptoProvider();
+        const hashEnvelopeAlgorithm = protectedHeader.get(Protected.PayloadHashAlgorithm)
+        if (hashEnvelopeAlgorithm !== -16) {
+          throw new Error('Unsupported hash envelope algorithm (-16 is only one supported)')
+        }
+        const payloadHash = await subtle.digest("SHA-256", payload)
+        const normalSigner = signer({ remote })
+        return new Uint8Array(await normalSigner.sign({ protectedHeader, unprotectedHeader, payload: payloadHash }))
+      }
+    }
+  }
+}
diff --git a/src/cose/sign1/index.ts b/src/cose/sign1/index.ts
@@ -1,7 +1,8 @@
 
 import signer from "./signer";
 import verifier from "./verifier";
+import { hash } from './hashEnvelopeSigner'
 
 export * from './types'
 
-export { signer, verifier }
+export { signer, verifier, hash }