chore: Move c2pa::CoseValidator to c2pa_crypto::RawSignatureValidator

internal/crypto/Cargo.toml

@@ -42,12 +42,12 @@ serde = { version = "1.0.197", features = ["derive"] }
 sha1 = "0.10.6"
 thiserror = "1.0.61"
 x509-certificate = "0.21.0"
+x509-parser = "0.16.0"
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 openssl = { version = "0.10.61", features = ["vendored"], optional = true }
 ureq = "2.4.0"
 url = "=2.5.2" # Can't advance to 2.5.3 until Unicode-3.0 license is reviewed.
-x509-parser = "0.16.0"
 
 [package.metadata.cargo-udeps.ignore]
 normal = ["openssl"] # TEMPORARY: Remove after openssl transition complete.
@@ -63,9 +63,26 @@ default-features = false
 features = ["now", "wasmbind"]
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
+ecdsa = "0.16.9"
+ed25519-dalek = "2.1.1"
+p256 = "0.13.2"
+p384 = "0.13.0"
+rsa = { version = "0.9.6", features = ["sha2"] }
+spki = "0.7.3"
 wasm-bindgen = "0.2.83"
 wasm-bindgen-futures = "0.4.31"
+web-sys = { version = "0.3.58", features = [
+    "console",
+    "Crypto",
+    "SubtleCrypto",
+    "CryptoKey",
+    "Window",
+    "WorkerGlobalScope",
+] }
 web-time = "1.1"
 
+[target.'cfg(all(target_arch = "wasm32", not(target_os = "wasi")))'.dependencies]
+getrandom = { version = "0.2.7", features = ["js"] }
+
 [target.'cfg(target_arch = "wasm32")'.dev-dependencies]
 wasm-bindgen-test = "0.3.31"

internal/crypto/src/lib.rs

@@ -32,10 +32,15 @@ pub mod openssl;
 #[cfg(all(feature = "openssl", target_arch = "wasm32"))]
 compile_error!("OpenSSL feature is not compatible with WASM platform");
 
-pub mod validation_codes;
+pub mod raw_signature;
 
 mod signing_alg;
 pub use signing_alg::{SigningAlg, UnknownAlgorithmError};
 
+pub mod validation_codes;
+
+#[cfg(all(target_arch = "wasm32", not(target_os = "wasi")))]
+pub mod webcrypto;
+
 #[cfg(test)]
 pub(crate) mod tests;

internal/crypto/src/openssl/mod.rs

@@ -20,3 +20,5 @@
 
 mod ffi_mutex;
 pub use ffi_mutex::{OpenSslMutex, OpenSslMutexUnavailable};
+
+pub mod validators;

internal/crypto/src/openssl/validators/ecdsa_validator.rs

@@ -0,0 +1,82 @@
+// Copyright 2022 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License,
+// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+// or the MIT license (http://opensource.org/licenses/MIT),
+// at your option.
+
+// Unless required by applicable law or agreed to in writing,
+// this software is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
+// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
+// specific language governing permissions and limitations under
+// each license.
+
+use openssl::{
+    bn::BigNum, ec::EcKey, ecdsa::EcdsaSig, hash::MessageDigest, pkey::PKey, sign::Verifier,
+};
+
+use crate::{
+    openssl::OpenSslMutex,
+    raw_signature::{RawSignatureValidationError, RawSignatureValidator},
+};
+
+/// An `EcdsaValidator` can validate raw signatures with one of the ECDSA
+/// signature algorithms.
+#[non_exhaustive]
+pub enum EcdsaValidator {
+    /// ECDSA with SHA-256
+    Es256,
+
+    /// ECDSA with SHA-384
+    Es384,
+
+    /// ECDSA with SHA-512
+    Es512,
+}
+
+impl RawSignatureValidator for EcdsaValidator {
+    fn validate(
+        &self,
+        sig: &[u8],
+        data: &[u8],
+        public_key: &[u8],
+    ) -> Result<(), RawSignatureValidationError> {
+        let _openssl = OpenSslMutex::acquire()?;
+
+        let public_key = EcKey::public_key_from_der(public_key)?;
+        let key = PKey::from_ec_key(public_key)?;
+
+        let mut verifier = match self {
+            Self::Es256 => Verifier::new(MessageDigest::sha256(), &key)?,
+            Self::Es384 => Verifier::new(MessageDigest::sha384(), &key)?,
+            Self::Es512 => Verifier::new(MessageDigest::sha512(), &key)?,
+        };
+
+        // We may need to convert a P1363 signature to a DER signature if the signature
+        // matches one of the expected P1363 signature sizes.
+        let is_p1363 = match self {
+            Self::Es256 => sig.len() == 64,
+            Self::Es384 => sig.len() == 96,
+            Self::Es512 => sig.len() == 132,
+        };
+
+        let sig_der = if is_p1363 {
+            // Convert P1363 signature to DER signature.
+            let sig_len = sig.len() / 2;
+
+            let r = BigNum::from_slice(&sig[0..sig_len])?;
+            let s = BigNum::from_slice(&sig[sig_len..])?;
+            EcdsaSig::from_private_components(r, s)?.to_der()?
+        } else {
+            sig.to_vec()
+        };
+
+        verifier.update(data)?;
+
+        if verifier.verify(&sig_der)? {
+            Ok(())
+        } else {
+            Err(RawSignatureValidationError::SignatureMismatch)
+        }
+    }
+}

internal/crypto/src/openssl/validators/ed25519_validator.rs

@@ -0,0 +1,42 @@
+// Copyright 2022 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License,
+// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+// or the MIT license (http://opensource.org/licenses/MIT),
+// at your option.
+
+// Unless required by applicable law or agreed to in writing,
+// this software is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
+// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
+// specific language governing permissions and limitations under
+// each license.
+
+use openssl::{pkey::PKey, sign::Verifier};
+
+use crate::{
+    openssl::OpenSslMutex,
+    raw_signature::{RawSignatureValidationError, RawSignatureValidator},
+};
+
+/// An `Ed25519Validator` can validate raw signatures with the Ed25519 signature
+/// algorithm.
+pub struct Ed25519Validator {}
+
+impl RawSignatureValidator for Ed25519Validator {
+    fn validate(
+        &self,
+        sig: &[u8],
+        data: &[u8],
+        public_key: &[u8],
+    ) -> Result<(), RawSignatureValidationError> {
+        let _openssl = OpenSslMutex::acquire()?;
+
+        let public_key = PKey::public_key_from_der(public_key)?;
+
+        if Verifier::new_without_digest(&public_key)?.verify_oneshot(sig, data)? {
+            Ok(())
+        } else {
+            Err(RawSignatureValidationError::SignatureMismatch)
+        }
+    }
+}

internal/crypto/src/openssl/validators/mod.rs

@@ -0,0 +1,70 @@
+// Copyright 2024 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License,
+// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+// or the MIT license (http://opensource.org/licenses/MIT),
+// at your option.
+
+// Unless required by applicable law or agreed to in writing,
+// this software is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
+// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
+// specific language governing permissions and limitations under
+// each license.
+
+//! This module binds OpenSSL logic for validating raw signatures to this
+//! crate's [`RawSignatureValidator`] trait.
+
+use bcder::Oid;
+
+use crate::{
+    raw_signature::{oids::*, RawSignatureValidator},
+    SigningAlg,
+};
+
+mod ecdsa_validator;
+pub use ecdsa_validator::EcdsaValidator;
+
+mod ed25519_validator;
+pub use ed25519_validator::Ed25519Validator;
+
+mod rsa_legacy_validator;
+pub(crate) use rsa_legacy_validator::RsaLegacyValidator;
+
+mod rsa_validator;
+pub use rsa_validator::RsaValidator;
+
+/// Return a validator for the given signing algorithm.
+pub fn validator_for_signing_alg(alg: SigningAlg) -> Option<Box<dyn RawSignatureValidator>> {
+    match alg {
+        SigningAlg::Es256 => Some(Box::new(EcdsaValidator::Es256)),
+        SigningAlg::Es384 => Some(Box::new(EcdsaValidator::Es384)),
+        SigningAlg::Es512 => Some(Box::new(EcdsaValidator::Es512)),
+        SigningAlg::Ed25519 => Some(Box::new(Ed25519Validator {})),
+        SigningAlg::Ps256 => Some(Box::new(RsaValidator::Ps256)),
+        SigningAlg::Ps384 => Some(Box::new(RsaValidator::Ps384)),
+        SigningAlg::Ps512 => Some(Box::new(RsaValidator::Ps512)),
+    }
+}
+
+pub(crate) fn validator_for_sig_and_hash_algs(
+    sig_alg: &Oid,
+    hash_alg: &Oid,
+) -> Option<Box<dyn RawSignatureValidator>> {
+    if sig_alg.as_ref() == RSA_OID.as_bytes()
+        || sig_alg.as_ref() == SHA256_WITH_RSAENCRYPTION_OID.as_bytes()
+        || sig_alg.as_ref() == SHA384_WITH_RSAENCRYPTION_OID.as_bytes()
+        || sig_alg.as_ref() == SHA512_WITH_RSAENCRYPTION_OID.as_bytes()
+    {
+        if hash_alg.as_ref() == SHA1_OID.as_bytes() {
+            return Some(Box::new(RsaLegacyValidator::Sha1));
+        } else if hash_alg.as_ref() == SHA256_OID.as_bytes() {
+            return Some(Box::new(RsaLegacyValidator::Rsa256));
+        } else if hash_alg.as_ref() == SHA384_OID.as_bytes() {
+            return Some(Box::new(RsaLegacyValidator::Rsa384));
+        } else if hash_alg.as_ref() == SHA512_OID.as_bytes() {
+            return Some(Box::new(RsaLegacyValidator::Rsa512));
+        }
+    }
+
+    None
+}

internal/crypto/src/openssl/validators/rsa_legacy_validator.rs

@@ -0,0 +1,66 @@
+// Copyright 2022 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License,
+// Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+// or the MIT license (http://opensource.org/licenses/MIT),
+// at your option.
+
+// Unless required by applicable law or agreed to in writing,
+// this software is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR REPRESENTATIONS OF ANY KIND, either express or
+// implied. See the LICENSE-MIT and LICENSE-APACHE files for the
+// specific language governing permissions and limitations under
+// each license.
+
+#![allow(missing_docs)] // REMOVE once this becomes `pub(crate)`
+
+use openssl::{hash::MessageDigest, pkey::PKey, rsa::Rsa, sign::Verifier};
+
+use crate::{
+    openssl::OpenSslMutex,
+    raw_signature::{RawSignatureValidationError, RawSignatureValidator},
+};
+
+/// An `RsaLegacyValidator` can validate raw signatures with an RSA signature
+/// algorithm that is not supported directly by C2PA. (Some RFC 3161 time stamp
+/// providers issue these signatures, which is why it's supported here.)
+///
+/// TEMPORARILY public; will move to `pub(crate)` visibility later in the
+/// refactoring.
+pub enum RsaLegacyValidator {
+    Sha1,
+    Rsa256,
+    Rsa384,
+    Rsa512,
+}
+
+impl RawSignatureValidator for RsaLegacyValidator {
+    fn validate(
+        &self,
+        sig: &[u8],
+        data: &[u8],
+        pkey: &[u8],
+    ) -> Result<(), RawSignatureValidationError> {
+        let _openssl = OpenSslMutex::acquire()?;
+        let rsa = Rsa::public_key_from_der(pkey)?;
+
+        // Rebuild RSA keys to eliminate incompatible values.
+        let n = rsa.n().to_owned()?;
+        let e = rsa.e().to_owned()?;
+
+        let new_rsa = Rsa::from_public_components(n, e)?;
+        let public_key = PKey::from_rsa(new_rsa)?;
+
+        let mut verifier = match self {
+            Self::Sha1 => Verifier::new(MessageDigest::sha1(), &public_key)?,
+            Self::Rsa256 => Verifier::new(MessageDigest::sha256(), &public_key)?,
+            Self::Rsa384 => Verifier::new(MessageDigest::sha384(), &public_key)?,
+            Self::Rsa512 => Verifier::new(MessageDigest::sha512(), &public_key)?,
+        };
+
+        if verifier.verify_oneshot(sig, data)? {
+            Ok(())
+        } else {
+            Err(RawSignatureValidationError::SignatureMismatch)
+        }
+    }
+}