Use CBOR-write wrappers

Author: maxtropets

src/crypto/cbor.cpp

@@ -99,7 +99,7 @@ namespace
       throw CBORDecodeError(
         Error::DECODE_FAILED, "Failed to decode signed value");
     }
-    return std::make_unique<ValueImpl>(value);
+    return std::make_shared<ValueImpl>(value);
   }
 
   Value consume_byte_string(cbor_nondet_t cbor)
@@ -112,7 +112,7 @@ namespace
         Error::DECODE_FAILED, "Failed to decode byte string");
     }
     Bytes value{data, static_cast<size_t>(length)};
-    return std::make_unique<ValueImpl>(value);
+    return std::make_shared<ValueImpl>(value);
   }
 
   Value consume_text_string(cbor_nondet_t cbor)
@@ -126,7 +126,7 @@ namespace
     }
     String value{
       reinterpret_cast<const char*>(data), static_cast<size_t>(length)};
-    return std::make_unique<ValueImpl>(value);
+    return std::make_shared<ValueImpl>(value);
   }
 
   Value consume_array(cbor_nondet_t cbor)
@@ -149,7 +149,7 @@ namespace
       }
       array.items.push_back(consume(item));
     }
-    return std::make_unique<ValueImpl>(std::move(array));
+    return std::make_shared<ValueImpl>(std::move(array));
   }
 
   Value consume_map(cbor_nondet_t cbor)
@@ -173,7 +173,7 @@ namespace
       }
       map.items.emplace_back(consume(key_raw), consume(value_raw));
     }
-    return std::make_unique<ValueImpl>(std::move(map));
+    return std::make_shared<ValueImpl>(std::move(map));
   }
 
   Value consume_tagged(cbor_nondet_t cbor)
@@ -189,7 +189,7 @@ namespace
     Tagged tagged;
     tagged.tag = tag;
     tagged.item = consume(payload);
-    return std::make_unique<ValueImpl>(std::move(tagged));
+    return std::make_shared<ValueImpl>(std::move(tagged));
   }
 
   Value consume_simple(cbor_nondet_t cbor)
@@ -203,7 +203,7 @@ namespace
       throw CBORDecodeError(
         Error::DECODE_FAILED, "Failed to decode simple value");
     }
-    return std::make_unique<ValueImpl>(value);
+    return std::make_shared<ValueImpl>(value);
   }
 
   Value consume(cbor_nondet_t cbor)
@@ -502,17 +502,38 @@ namespace ccf::cbor
 
   Value make_signed(int64_t value)
   {
-    return std::make_unique<ValueImpl>(value);
+    return std::make_shared<ValueImpl>(value);
+  }
+
+  Value make_simple(SimpleValue value)
+  {
+    return std::make_shared<ValueImpl>(value);
   }
 
   Value make_string(std::string_view data)
   {
-    return std::make_unique<ValueImpl>(data);
+    return std::make_shared<ValueImpl>(data);
   }
 
   Value make_bytes(std::span<const uint8_t> data)
   {
-    return std::make_unique<ValueImpl>(data);
+    return std::make_shared<ValueImpl>(data);
+  }
+
+  Value make_tagged(uint64_t tag, Value&& value)
+  {
+    return std::make_shared<ValueImpl>(
+      Tagged{.tag = tag, .item = std::move(value)});
+  }
+
+  Value make_array(std::vector<Value>&& data)
+  {
+    return std::make_shared<ValueImpl>(Array{.items = std::move(data)});
+  }
+
+  Value make_map(std::vector<MapItem>&& data)
+  {
+    return std::make_shared<ValueImpl>(Map{.items = std::move(data)});
   }
 
   Value parse(std::span<const uint8_t> raw)
@@ -587,6 +608,11 @@ namespace ccf::cbor
     }
   }
 
+  SimpleValue boolean_to_simple(bool value)
+  {
+    return value ? SimpleValue::True : SimpleValue::False;
+  }
+
   const Value& ValueImpl::array_at(size_t index) const
   {
     if (!std::holds_alternative<Array>(value))

src/crypto/cbor.h

@@ -17,7 +17,7 @@
 namespace ccf::cbor
 {
   struct ValueImpl;
-  using Value = std::unique_ptr<ValueImpl>;
+  using Value = std::shared_ptr<ValueImpl>;
 
   using Signed = int64_t;
   using Bytes = std::span<const uint8_t>;
@@ -40,9 +40,10 @@ namespace ccf::cbor
     std::vector<Value> items;
   };
 
+  using MapItem = std::pair<Value, Value>;
   struct Map
   {
-    std::vector<std::pair<Value, Value>> items;
+    std::vector<MapItem> items;
   };
 
   struct Tagged
@@ -99,14 +100,19 @@ namespace ccf::cbor
   };
 
   Value make_signed(int64_t value);
+  Value make_simple(SimpleValue value);
   Value make_string(std::string_view data);
   Value make_bytes(std::span<const uint8_t> data);
+  Value make_tagged(uint64_t tag, Value&& value);
+  Value make_array(std::vector<Value>&& data);
+  Value make_map(std::vector<MapItem>&& data);
 
   Value parse(std::span<const uint8_t> raw);
   std::vector<uint8_t> serialize(const Value& value);
 
   std::string to_string(const Value& value);
   bool simple_to_boolean(const Simple& value);
+  SimpleValue boolean_to_simple(bool value);
 
   decltype(auto) rethrow_with_msg(auto&& f, std::string_view msg = {})
   {

src/crypto/cose.cpp

@@ -3,6 +3,8 @@
 
 #include "ccf/crypto/cose.h"
 
+#include "crypto/cbor.h"
+
 #include <qcbor/qcbor_decode.h>
 #include <qcbor/qcbor_encode.h>
 #include <qcbor/qcbor_spiffy_decode.h>
@@ -14,158 +16,70 @@ namespace ccf::cose::edit
   std::vector<uint8_t> set_unprotected_header(
     const std::span<const uint8_t>& cose_input, const desc::Type& descriptor)
   {
-    UsefulBufC buf{cose_input.data(), cose_input.size()};
-
-    QCBORError err = QCBOR_SUCCESS;
-    QCBORDecodeContext ctx;
-    QCBORDecode_Init(&ctx, buf, QCBOR_DECODE_MODE_NORMAL);
-
-    size_t pos_start = 0;
-    size_t pos_end = 0;
-
-    QCBORDecode_EnterArray(&ctx, nullptr);
-    err = QCBORDecode_GetError(&ctx);
-    if (err != QCBOR_SUCCESS)
-    {
-      throw std::logic_error("Failed to parse COSE_Sign1 outer array");
-    }
-
-    auto tag = QCBORDecode_GetNthTagOfLast(&ctx, 0);
-    if (tag != CBOR_TAG_COSE_SIGN1)
-    {
-      throw std::logic_error("Failed to parse COSE_Sign1 tag");
-    }
-
-    QCBORItem item;
-    err = QCBORDecode_GetNext(&ctx, &item);
-    if (err != QCBOR_SUCCESS || item.uDataType != QCBOR_TYPE_BYTE_STRING)
-    {
-      throw std::logic_error(
-        "Failed to parse COSE_Sign1 protected header as bstr");
-    }
-    UsefulBufC phdr = {item.val.string.ptr, item.val.string.len};
-
-    // Skip unprotected header
-    QCBORDecode_VGetNextConsume(&ctx, &item);
-
-    err = QCBORDecode_PartialFinish(&ctx, &pos_start);
-    if (err != QCBOR_ERR_ARRAY_OR_MAP_UNCONSUMED)
-    {
-      throw std::logic_error("Failed to find start of payload");
-    }
-    QCBORDecode_VGetNextConsume(&ctx, &item);
-    err = QCBORDecode_PartialFinish(&ctx, &pos_end);
-    if (err != QCBOR_ERR_ARRAY_OR_MAP_UNCONSUMED)
-    {
-      throw std::logic_error("Failed to find end of payload");
-    }
-    UsefulBufC payload = {cose_input.data() + pos_start, pos_end - pos_start};
-
-    // QCBORDecode_PartialFinish() before and after should allow constructing a
-    // span of the encoded payload, which can perhaps then be passed to
-    // QCBOREncode_AddEncoded and would allow blindly copying the payload
-    // without parsing it.
-
-    err = QCBORDecode_GetNext(&ctx, &item);
-    if (err != QCBOR_SUCCESS && item.uDataType != QCBOR_TYPE_BYTE_STRING)
-    {
-      throw std::logic_error("Failed to parse COSE_Sign1 signature");
-    }
-    UsefulBufC signature = {item.val.string.ptr, item.val.string.len};
+    using namespace ccf::cbor;
 
-    QCBORDecode_ExitArray(&ctx);
-    err = QCBORDecode_Finish(&ctx);
-    if (err != QCBOR_SUCCESS)
-    {
-      throw std::logic_error("Failed to parse COSE_Sign1");
-    }
+    auto cose_cbor = rethrow_with_msg(
+      [&]() { return parse(cose_input); }, "Failed to parse COSE_Sign1");
 
-    size_t additional_map_size = 0;
+    const auto& cose_envelope = rethrow_with_msg(
+      [&]() -> auto& { return cose_cbor->tag_at(18); },
+      "Failed to parse COSE_Sign1 tag");
 
-    if (std::holds_alternative<desc::Empty>(descriptor))
-    {
-      // Nothing to do
-    }
-    else if (std::holds_alternative<desc::Value>(descriptor))
-    {
-      const auto& [pos, key, value] = std::get<desc::Value>(descriptor);
+    const auto& phdr = rethrow_with_msg(
+      [&]() -> auto& { return cose_envelope->array_at(0); },
+      "Failed to parse COSE_Sign1 protected header");
 
-      // Maximum expected size of the additional map, sub-map is the
-      // worst-case scenario
-      additional_map_size = QCBOR_HEAD_BUFFER_SIZE + // map
-        QCBOR_HEAD_BUFFER_SIZE + // key
-        sizeof(key) + // key
-        QCBOR_HEAD_BUFFER_SIZE + // submap
-        QCBOR_HEAD_BUFFER_SIZE + // subkey
-        sizeof(pos::AtKey::key) + // subkey
-        QCBOR_HEAD_BUFFER_SIZE + // value
-        value.size(); // value
-    }
-    else
-    {
-      throw std::logic_error("Invalid COSE_Sign1 edit descriptor");
-    }
+    const auto& payload = rethrow_with_msg(
+      [&]() -> auto& { return cose_envelope->array_at(2); },
+      "Failed to parse COSE_Sign1 payload");
 
-    // We add one extra QCBOR_HEAD_BUFFER_SIZE, because we parse and re-encode
-    // the protected header bstr, which involves variable integer encoding, just
-    // in case the library does not pick the most compact encoding.
-    std::vector<uint8_t> output(
-      cose_input.size() + additional_map_size + QCBOR_HEAD_BUFFER_SIZE);
-    UsefulBuf output_buf{output.data(), output.size()};
+    const auto& signature = rethrow_with_msg(
+      [&]() -> auto& { return cose_envelope->array_at(3); },
+      "Failed to parse COSE_Sign1 signature");
 
-    QCBOREncodeContext ectx;
-    QCBOREncode_Init(&ectx, output_buf);
-    QCBOREncode_AddTag(&ectx, CBOR_TAG_COSE_SIGN1);
-    QCBOREncode_OpenArray(&ectx);
-    QCBOREncode_AddBytes(&ectx, phdr);
-    QCBOREncode_OpenMap(&ectx);
+    std::vector<Value> edited;
+    edited.push_back(phdr);
 
     if (std::holds_alternative<desc::Empty>(descriptor))
     {
-      // Nothing to do
+      edited.push_back(make_map({}));
     }
     else if (std::holds_alternative<desc::Value>(descriptor))
     {
       const auto& [pos, key, value] = std::get<desc::Value>(descriptor);
+      std::vector<MapItem> uhdr;
 
       if (std::holds_alternative<pos::InArray>(pos))
       {
-        QCBOREncode_OpenArrayInMapN(&ectx, key);
-        QCBOREncode_AddBytes(&ectx, {value.data(), value.size()});
-        QCBOREncode_CloseArray(&ectx);
+        std::vector<Value> items{make_bytes(value)};
+        uhdr.emplace_back(make_signed(key), make_array(std::move(items)));
       }
       else if (std::holds_alternative<pos::AtKey>(pos))
       {
-        QCBOREncode_OpenMapInMapN(&ectx, key);
         auto subkey = std::get<pos::AtKey>(pos).key;
-        QCBOREncode_OpenArrayInMapN(&ectx, subkey);
-        QCBOREncode_AddBytes(&ectx, {value.data(), value.size()});
-        QCBOREncode_CloseArray(&ectx);
-        QCBOREncode_CloseMap(&ectx);
+
+        std::vector<Value> items{make_bytes(value)};
+        std::vector<MapItem> submap{
+          {make_signed(subkey), make_array(std::move(items))}};
+
+        uhdr.emplace_back(make_signed(key), make_map(std::move(submap)));
       }
       else
       {
         throw std::logic_error("Invalid COSE_Sign1 edit operation");
       }
+
+      edited.push_back(make_map(std::move(uhdr)));
     }
     else
     {
       throw std::logic_error("Invalid COSE_Sign1 edit descriptor");
     }
 
-    QCBOREncode_CloseMap(&ectx);
-    QCBOREncode_AddEncoded(&ectx, payload);
-    QCBOREncode_AddBytes(&ectx, signature);
-    QCBOREncode_CloseArray(&ectx);
+    edited.push_back(payload);
+    edited.push_back(signature);
 
-    UsefulBufC cose_output;
-    err = QCBOREncode_Finish(&ectx, &cose_output);
-    if (err != QCBOR_SUCCESS)
-    {
-      throw std::logic_error("Failed to encode COSE_Sign1");
-    }
-    output.resize(cose_output.len);
-    output.shrink_to_fit();
-    return output;
-  };
+    auto edited_envelope = make_tagged(18, make_array(std::move(edited)));
+    return serialize(edited_envelope);
+  }
 }