Merge branch 'main' into chore/consistent-camel-case-in-api

microsoft · Dec 19, 2024 · 1d81438 · 1d81438
2 parents 63ed37e + ce11795
commit 1d81438
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 376 deletions.
diff --git a/app/src/main.cpp b/app/src/main.cpp
@@ -13,7 +13,6 @@
 #include "kv_types.h"
 #include "operations_endpoints.h"
 #include "policy_engine.h"
-#include "receipt.h"
 #include "service_endpoints.h"
 #include "tracing.h"
 #include "util.h"

diff --git a/app/src/receipt.h b/app/src/receipt.h
diff --git a/app/src/service_endpoints.h b/app/src/service_endpoints.h
@@ -24,7 +24,7 @@ namespace scitt
 
     GetServiceParameters::Out out;
     out.service_id = service_id;
-    out.tree_algorithm = TREE_ALGORITHM_CCF;
+    out.tree_algorithm = "CCF";
     out.signature_algorithm = JOSE_ALGORITHM_ES256;
     out.service_certificate = ccf::crypto::b64_from_raw(certificate_der);
     return out;

diff --git a/app/src/verifier.h b/app/src/verifier.h
@@ -559,143 +559,6 @@ namespace scitt::verifier
       return ccf::crypto::split_x509_cert_bundle(*ca_certs);
     }
 
-    /**
-     * Get a PublicKey out of a JSON Web Key.
-     */
-    static PublicKey get_jwk_public_key(const scitt::did::Jwk& jwk)
-    {
-      if (jwk.kty != "EC" && jwk.kty != "RSA" && jwk.kty != "OKP")
-      {
-        throw VerificationError("JWK has an unsupported key type");
-      }
-
-      // TODO: check the `use` and `key_ops` fields of the JWK
-      // to ensure the key usage is correct.
-      std::optional<int64_t> cose_alg;
-      if (jwk.alg.has_value())
-      {
-        try
-        {
-          cose_alg = get_cose_alg_from_jose_alg(jwk.alg.value());
-        }
-        catch (const InvalidSignatureAlgorithm& e)
-        {
-          throw VerificationError(e.what());
-        }
-      }
-
-      if (jwk.kty == "RSA" && jwk.n.has_value() && jwk.e.has_value())
-      {
-        auto n = ccf::crypto::raw_from_b64url(jwk.n.value());
-        auto e = ccf::crypto::raw_from_b64url(jwk.e.value());
-        ccf::crypto::OpenSSL::Unique_BIGNUM n_bn;
-        ccf::crypto::OpenSSL::Unique_BIGNUM e_bn;
-        if (BN_bin2bn(n.data(), n.size(), n_bn) == nullptr)
-        {
-          throw VerificationError("JWK n could not be parsed");
-        }
-        if (BN_bin2bn(e.data(), e.size(), e_bn) == nullptr)
-        {
-          throw VerificationError("JWK e could not be parsed");
-        }
-
-#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
-        std::pair<std::vector<uint8_t>, std::vector<uint8_t>> r(
-          BN_num_bytes(n_bn), BN_num_bytes(e_bn));
-
-        ccf::crypto::OpenSSL::CHECKPOSITIVE(
-          BN_bn2nativepad(n_bn, r.first.data(), r.first.size()));
-        ccf::crypto::OpenSSL::CHECKPOSITIVE(
-          BN_bn2nativepad(e_bn, r.second.data(), r.second.size()));
-
-        return PublicKey(r.first, r.second, cose_alg);
-#else
-        ccf::crypto::OpenSSL::Unique_RSA rsa;
-        if (!RSA_set0_key(rsa, n_bn, e_bn, nullptr))
-        {
-          throw std::runtime_error("RSA key could not be set");
-        }
-        // Ignore previous pointers, as they're now managed by RSA*.
-        (void)n_bn.release();
-        (void)e_bn.release();
-
-        return PublicKey(rsa, cose_alg);
-#endif
-      }
-
-      if (jwk.kty == "OKP" && jwk.crv == "Ed25519" && jwk.x.has_value())
-      {
-        auto x = ccf::crypto::raw_from_b64url(jwk.x.value());
-        return PublicKey(EVP_PKEY_ED25519, x, cose_alg);
-      }
-
-      if (
-        jwk.kty == "EC" && jwk.crv.has_value() && jwk.x.has_value() &&
-        jwk.y.has_value())
-      {
-        auto crv = jwk.crv.value();
-        auto x = ccf::crypto::raw_from_b64url(jwk.x.value());
-        auto y = ccf::crypto::raw_from_b64url(jwk.y.value());
-        ccf::crypto::OpenSSL::Unique_BIGNUM x_bn;
-        ccf::crypto::OpenSSL::Unique_BIGNUM y_bn;
-        if (BN_bin2bn(x.data(), x.size(), x_bn) == nullptr)
-        {
-          throw VerificationError("JWK x could not be parsed");
-        }
-        if (BN_bin2bn(y.data(), y.size(), y_bn) == nullptr)
-        {
-          throw VerificationError("JWK y could not be parsed");
-        }
-        int nid;
-        if (crv == "P-256")
-        {
-          nid = NID_X9_62_prime256v1;
-        }
-        else if (crv == "P-384")
-        {
-          nid = NID_secp384r1;
-        }
-        else if (crv == "P-521")
-        {
-          nid = NID_secp521r1;
-        }
-        else
-        {
-          throw VerificationError("JWK EC Key has no valid supported curve");
-        }
-
-#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
-        ccf::crypto::OpenSSL::Unique_BN_CTX bn_ctx;
-        ccf::crypto::OpenSSL::Unique_EC_GROUP group(nid);
-        ccf::crypto::OpenSSL::Unique_EC_POINT p(group);
-        ccf::crypto::OpenSSL::CHECK1(
-          EC_POINT_set_affine_coordinates(group, p, x_bn, y_bn, bn_ctx));
-        size_t buf_size = EC_POINT_point2oct(
-          group, p, POINT_CONVERSION_UNCOMPRESSED, nullptr, 0, bn_ctx);
-        std::vector<uint8_t> buf(buf_size);
-        ccf::crypto::OpenSSL::CHECKPOSITIVE(EC_POINT_point2oct(
-          group,
-          p,
-          POINT_CONVERSION_UNCOMPRESSED,
-          buf.data(),
-          buf.size(),
-          bn_ctx));
-
-        return PublicKey(buf, nid, cose_alg);
-#else
-        auto ec_key = ccf::crypto::OpenSSL::Unique_EC_KEY(nid);
-        if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x_bn, y_bn))
-        {
-          throw std::runtime_error("EC key could not be set");
-        }
-
-        return PublicKey(ec_key, cose_alg);
-#endif
-      }
-
-      throw VerificationError("JWK has no valid supported key");
-    }
-
     /**
      * Assuming a verified chain and leaf certificate, enforce additional
      * policies.