Skip to content

Commit

Permalink
reader auth
Browse files Browse the repository at this point in the history
  • Loading branch information
alex-richards committed Jul 22, 2024
1 parent 87c0256 commit 7854784
Show file tree
Hide file tree
Showing 16 changed files with 346 additions and 94 deletions.
4 changes: 2 additions & 2 deletions cbor.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"github.com/fxamacker/cbor/v2"
)

const TagEncodedCBOR = 24
const tagEncodedCBOR = 24

type bstr []byte
type TaggedEncodedCBOR struct {
Expand All @@ -30,7 +30,7 @@ func init() {
ts.Add(
cbor.TagOptions{DecTag: cbor.DecTagRequired, EncTag: cbor.EncTagRequired},
reflect.TypeOf(bstr(nil)),
TagEncodedCBOR,
tagEncodedCBOR,
)

var err error
Expand Down
2 changes: 1 addition & 1 deletion cbor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func TestEncodedCBORTagged(t *testing.T) {
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(testStructBytesTagged[0:2], []byte{0xd8, TagEncodedCBOR}) {
if !bytes.Equal(testStructBytesTagged[0:2], []byte{0xd8, tagEncodedCBOR}) {
t.Fatal(hex.EncodeToString(testStructBytesTagged))
}

Expand Down
34 changes: 34 additions & 0 deletions cose.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package mdoc

import (
"crypto/x509"
"errors"

"github.com/veraison/go-cose"
)

func X509Chain(from cose.UnprotectedHeader) ([]*x509.Certificate, error) {
x509ChainHeader := from[cose.HeaderLabelX5Chain]

switch x509ChainEncoded := x509ChainHeader.(type) {
case []byte:
cert, err := x509.ParseCertificate(x509ChainEncoded)
if err != nil {
return nil, err
}

return []*x509.Certificate{cert}, nil
case [][]byte:
certs := make([]*x509.Certificate, len(x509ChainEncoded))
for i, certEncoded := range x509ChainEncoded {
cert, err := x509.ParseCertificate(certEncoded)
if err != nil {
return nil, err
}
certs[i] = cert
}
return certs, nil
default:
return nil, errors.New("TODO - header type wrong")
}
}
42 changes: 42 additions & 0 deletions device_auth.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
package mdoc

import (
"github.com/fxamacker/cbor/v2"
"github.com/veraison/go-cose"
)

type DeviceAuth struct {
DeviceSignature DeviceSignature
// DeviceMAC DeviceMAC
}

type DeviceSignature cose.UntaggedSign1Message

func (ds *DeviceSignature) MarshalCBOR() ([]byte, error) {
return cbor.Marshal((*cose.UntaggedSign1Message)(ds))
}
func (ds *DeviceSignature) UnmarshalCBOR(data []byte) error {
return cbor.Unmarshal(data, (*cose.UntaggedSign1Message)(ds))
}

// type DeviceMAC cose.Mac0Message

type DeviceAuthentication struct {
_ struct{} `cbor:",toarray"`
DeviceAuthentication string
SessionTranscript SessionTranscript
DocType DocType
DeviceNameSpaceBytes TaggedEncodedCBOR
}

func NewDeviceAuthentication(
sessionTranscript SessionTranscript,
docType DocType,
deviceNameSpaceBytes TaggedEncodedCBOR,
) *DeviceAuthentication {
return &DeviceAuthentication{
DeviceAuthentication: "DeviceAuthentication",
DocType: docType,
DeviceNameSpaceBytes: deviceNameSpaceBytes,
}
}
18 changes: 10 additions & 8 deletions device_engagement.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,6 @@ import (
"github.com/veraison/go-cose"
)

const (
DeviceRetrievalMethodTypeNFC = 1
DeviceRetrievalMethodTypeBLE = 2
DeviceRetrievalMethodTypeWiFiAware = 3
)

var ErrorUnreccognisedReterevalMethod = errors.New("unreccognised retreival method")

type DeviceEngagement struct {
Expand Down Expand Up @@ -76,16 +70,24 @@ type Security struct {
EDeviceKeyBytes TaggedEncodedCBOR
}

type DeviceRetrievalMethodType uint

const (
DeviceRetrievalMethodTypeNFC DeviceRetrievalMethodType = 1
DeviceRetrievalMethodTypeBLE DeviceRetrievalMethodType = 2
DeviceRetrievalMethodTypeWiFiAware DeviceRetrievalMethodType = 3
)

type DeviceRetrievalMethod struct {
_ struct{} `cbor:",toarray"`
Type uint
Type DeviceRetrievalMethodType
Version uint
RetrievalOptions RetrievalOptions
}

type intermediateDeviceRetreievalMethod struct {
_ struct{} `cbor:",toarray"`
Type uint
Type DeviceRetrievalMethodType
Version uint
RetrievalOptions cbor.RawMessage
}
Expand Down
20 changes: 11 additions & 9 deletions device_response.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,26 @@ import (
"github.com/fxamacker/cbor/v2"
)

const (
StatusCodeOK = 0
StatusCodeGeneralError = 10
StatusCodeCBORDecodingError = 11
StatusCodeCBORValidationError = 12
)

type DeviceResponse struct {
Version string `cbor:"version"`
Documents []Document `cbor:"documents,omitempty"`
DocumentErrors []DocumentError `cbor:"documentErrors,omitempty"`
Status uint `cbor:"status"`
Status StatusCode `cbor:"status"`
}

type StatusCode uint

const (
StatusCodeOK StatusCode = 0
StatusCodeGeneralError StatusCode = 10
StatusCodeCBORDecodingError StatusCode = 11
StatusCodeCBORValidationError StatusCode = 12
)

func NewDeviceResponse(
documents []Document,
documentErrors []DocumentError,
status uint,
status StatusCode,
) *DeviceResponse {
return &DeviceResponse{
"1.0",
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.22.4

require (
github.com/fxamacker/cbor/v2 v2.7.0
github.com/google/go-cmp v0.6.0
github.com/google/go-cmp v0.6.0 // test
github.com/google/uuid v1.6.0
github.com/veraison/go-cose v1.1.1-0.20240126165338-2300d5c96dbd
golang.org/x/crypto v0.25.0
Expand Down
22 changes: 22 additions & 0 deletions iso_18013_5_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,28 @@ import (
)

const (
IACAHex = "308201ce30820173a00302010202142ab4edd052b2582f4c6ad96186de70f4de5a3994300a06082a8648ce3d0" +
"4030230233114301206035504030c0b75746f7069612069616361310b3009060355040613025553301e170d32" +
"30313030313030303030305a170d3239303932393030303030305a30233114301206035504030c0b75746f70" +
"69612069616361310b30090603550406130255533059301306072a8648ce3d020106082a8648ce3d030107034" +
"200042c3e103dbc07b25c5a770aeedfa5d8bd15417e3e676142461a7875e3b4188a2221e6423599d1db19aaef" +
"66f923d394b61709549bcec2ea6ff60ec75268f2e094a38184308181301e0603551d120417301581136578616d7" +
"06c65406578616d706c652e636f6d301c0603551d1f041530133011a00fa00d820b6578616d706c652e636f6d3" +
"01d0603551d0e0416041454fa2383a04c28e0d930792261c80c4881d2c00b300e0603551d0f0101ff0404030201" +
"0630120603551d130101ff040830060101ff020100300a06082a8648ce3d0403020349003046022100ec897f0b8a" +
"e51028288955031f860069659b75989af7129fa609c24299a5c787022100d088d8741f5d05b360ef6e85023e9" +
"0df1d31dd1e6701a88efe9a7103021f986c"

ReaderRootHex = "3082019030820137a003020102021430d747795405d564b7ac48be6f364ae2c774f2fc300a06082a8648ce3d0" +
"4030230163114301206035504030c0b72656164657220726f6f74301e170d3230313030313030303030305a17" +
"0d3239303932393030303030305a30163114301206035504030c0b72656164657220726f6f743059301306072" +
"a8648ce3d020106082a8648ce3d030107034200043643293832e0a480de592df0708fe25b6b923f6397ab39a8" +
"b1b7444593adb89c77b7e9c28cf48d6d187b43c9bf7b9c2c5c5ef22f329e44e7a91b4745b7e2063aa36330613" +
"01c0603551d1f041530133011a00fa00d820b6578616d706c652e636f6d301d0603551d0e04160414cfb7a881b" +
"aea5f32b6fb91cc29590c50dfac416e300e0603551d0f0101ff04040302010630120603551d130101ff040830060" +
"101ff020100300a06082a8648ce3d0403020347003044022018ac84baf991a614fb25e76241857b7fd0579dfe8a" +
"ed8ac7f130675490799930022077f46f00b4af3e014d253e0edcc9f146a75a6b1bdfe33e9fa72f30f0880d5237"

EDeviceKeyX = "5a88d182bce5f42efa59943f33359d2e8a968ff289d93e5fa444b624343167fe"
EDeviceKeyY = "b16e8cf858ddc7690407ba61d4c338237a8cfcf3de6aa672fc60a557aa32fc67"
EDeviceKeyD = "c1917a1579949a042f1ba9fc53a2df9b1bc47adf31c10f813ed75702d1c1f136"
Expand Down
53 changes: 7 additions & 46 deletions authentication.go → issuer_auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,33 +7,6 @@ import (
"github.com/veraison/go-cose"
)

type ReaderAuth cose.UntaggedSign1Message

func (ra *ReaderAuth) MarshalCBOR() ([]byte, error) {
return cbor.Marshal((*cose.UntaggedSign1Message)(ra))
}
func (ra *ReaderAuth) UnmarshalCBOR(data []byte) error {
return cbor.Unmarshal(data, (*cose.UntaggedSign1Message)(ra))
}

type ReaderAuthentication struct {
_ struct{} `cbor:",toarray"`
ReaderAuthentication string
SessionTranscript SessionTranscript
ItemsRequestBytes TaggedEncodedCBOR
}

func NewReaderAuthentication(
sessionTranscript SessionTranscript,
itemsRequestBytes TaggedEncodedCBOR,
) *ReaderAuthentication {
return &ReaderAuthentication{
ReaderAuthentication: "ReaderAuthentication",
SessionTranscript: sessionTranscript,
ItemsRequestBytes: itemsRequestBytes,
}
}

type IssuerAuth cose.UntaggedSign1Message

func (ia *IssuerAuth) MarshalCBOR() ([]byte, error) {
Expand All @@ -43,11 +16,6 @@ func (ia *IssuerAuth) UnmarshalCBOR(data []byte) error {
return cbor.Unmarshal(data, (*cose.UntaggedSign1Message)(ia))
}

type DeviceAuth struct {
DeviceSignature DeviceSignature
// DeviceMAC DeviceMAC
}

func (ia *IssuerAuth) MobileSecurityObjectBytes() (*TaggedEncodedCBOR, error) {
mobileSecurityObjectBytes := new(TaggedEncodedCBOR)
if err := cbor.Unmarshal(ia.Payload, mobileSecurityObjectBytes); err != nil {
Expand Down Expand Up @@ -76,17 +44,6 @@ func (ia *IssuerAuth) MobileSecurityObject() (*MobileSecurityObject, error) {
return mobileSecurityObject, nil
}

type DeviceSignature cose.UntaggedSign1Message

func (ds *DeviceSignature) MarshalCBOR() ([]byte, error) {
return cbor.Marshal((*cose.UntaggedSign1Message)(ds))
}
func (ds *DeviceSignature) UnmarshalCBOR(data []byte) error {
return cbor.Unmarshal(data, (*cose.UntaggedSign1Message)(ds))
}

// type DeviceMAC cose.Mac0Message

type MobileSecurityObject struct {
Version string `cbor:"version"`
DigestAlgorithm DigestAlgorithm `cbor:"digestAlgorithm"`
Expand All @@ -98,19 +55,23 @@ type MobileSecurityObject struct {

type DigestAlgorithm string

const (
DigestAlgorithmSHA256 DigestAlgorithm = "SHA-256"
DigestAlgorithmSHA384 DigestAlgorithm = "SHA-384"
DigestAlgorithmSHA512 DigestAlgorithm = "SHA-512"
)

type ValueDigests map[NameSpace]DigestIDs
type DigestIDs map[DigestID]Digest
type DigestID uint
type Digest []byte

type DeviceKeyInfo struct {
DeviceKey DeviceKey `cbor:"deviceKey"`
DeviceKey cose.Key `cbor:"deviceKey"`
KeyAuthorizations *KeyAuthorizations `cbor:"keyAuthorizations,omitempty"`
KeyInfo *KeyInfo `cbor:"keyInfo,omitEmpty"`
}

type DeviceKey cose.Key

type KeyAuthorizations struct {
NameSpaces *AuthorizedNameSpaces `cbor:"nameSpaces,omitempty"`
DataElements *AuthorizedDataElements `cbor:"dataElements,omitempty"`
Expand Down
File renamed without changes.
File renamed without changes.
Loading

0 comments on commit 7854784

Please sign in to comment.