Add support for indefinite length arrays

src/libraries/System.Security.Cryptography.Cose/src/Resources/Strings.resx

@@ -157,7 +157,7 @@
     <value>Critical Headers must be a definite-length CBOR array of at least one element.</value>
   </data>
   <data name="DecodeCoseSignatureMustBeArrayOfThree" xml:space="preserve">
-    <value>COSE Signature must be a definite-length array of 3 elements.</value>
+    <value>COSE Signature must be an array of 3 elements.</value>
   </data>
   <data name="DecodeErrorWhileDecoding" xml:space="preserve">
     <value>Error while decoding COSE message. {0}</value>
@@ -168,11 +168,14 @@
   <data name="DecodeMessageContainedTrailingData" xml:space="preserve">
     <value>CBOR payload contained trailing data after message was complete.</value>
   </data>
+  <data name="DecodeMultiSignArrayLengthMustBeFour" xml:space="preserve">
+    <value>COSE_Sign must be an array of four elements.</value>
+  </data>
   <data name="DecodeMultiSignIncorrectTag" xml:space="preserve">
     <value>Incorrect tag. Expected Sign(98) or Untagged, Actual '{0}'.</value>
   </data>
   <data name="DecodeSign1ArrayLengthMustBeFour" xml:space="preserve">
-    <value>Array length for COSE_Sign1 must be four.</value>
+    <value>COSE_Sign1 must be an array of four elements.</value>
   </data>
   <data name="DecodeSign1EncodedProtectedMapIncorrect" xml:space="preserve">
     <value>Protected map was incorrect.</value>

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseHeaderMap.cs

@@ -266,16 +266,18 @@ private static void ValidateInsertion(CoseHeaderLabel label, CoseHeaderValue val
                             reader.SkipValue();
                             break;
                         case KnownHeaders.Crit:
-                            int length = reader.ReadStartArray().GetValueOrDefault();
-                            if (length < 1)
-                            {
-                                throw new ArgumentException(SR.CriticalHeadersMustBeArrayOfAtLeastOne, nameof(value));
-                            }
+                            int? length = reader.ReadStartArray();
+                            bool isEmpty = true;
 
-                            for (int i = 0; i < length; i++)
+                            while (true)
                             {
                                 CborReaderState state = reader.PeekState();
-                                if (state == CborReaderState.UnsignedInteger || state == CborReaderState.NegativeInteger)
+                                if (state == CborReaderState.EndArray)
+                                {
+                                    reader.ReadEndArray();
+                                    break;
+                                }
+                                else if (state == CborReaderState.UnsignedInteger || state == CborReaderState.NegativeInteger)
                                 {
                                     reader.ReadInt32();
                                 }
@@ -287,8 +289,13 @@ private static void ValidateInsertion(CoseHeaderLabel label, CoseHeaderValue val
                                 {
                                     throw new ArgumentException(SR.Format(SR.CoseHeaderMapHeaderDoesNotAcceptSpecifiedValue, label.LabelName), nameof(value));
                                 }
+                                isEmpty = false;
+                            }
+
+                            if (isEmpty)
+                            {
+                                throw new ArgumentException(SR.CriticalHeadersMustBeArrayOfAtLeastOne, nameof(value));
                             }
-                            reader.SkipToParent();
                             break;
                         case KnownHeaders.ContentType:
                             if (initialState != CborReaderState.TextString &&

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseMessage.cs

@@ -129,7 +129,7 @@ private static CoseSign1Message DecodeCoseSign1Core(CborReader reader)
                 }
 
                 int? arrayLength = reader.ReadStartArray();
-                if (arrayLength != 4)
+                if (arrayLength != null && arrayLength != CoseSign1Message.Sign1ArrayLength)
                 {
                     throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.DecodeSign1ArrayLengthMustBeFour));
                 }
@@ -208,9 +208,9 @@ private static CoseMultiSignMessage DecodeCoseMultiSignCore(CborReader reader)
                 }
 
                 int? arrayLength = reader.ReadStartArray();
-                if (arrayLength != 4)
+                if (arrayLength != null && arrayLength != CoseMultiSignMessage.MultiSignArrayLength)
                 {
-                    throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.DecodeSign1ArrayLengthMustBeFour));
+                    throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.DecodeMultiSignArrayLengthMustBeFour));
                 }
 
                 var protectedHeaders = new CoseHeaderMap();
@@ -322,19 +322,12 @@ private static byte[] DecodeSignature(CborReader reader)
         private static List<CoseSignature> DecodeCoseSignaturesArray(CborReader reader, byte[] bodyProtected)
         {
             int? signaturesLength = reader.ReadStartArray();
+            List<CoseSignature> signatures = new List<CoseSignature>(signaturesLength ?? 1);
 
-            if (signaturesLength.GetValueOrDefault() < 1)
-            {
-                throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.MultiSignMessageMustCarryAtLeastOneSignature));
-            }
-
-            List<CoseSignature> signatures = new List<CoseSignature>(signaturesLength!.Value);
-
-            for (int i = 0; i < signaturesLength; i++)
+            while (reader.PeekState() == CborReaderState.StartArray)
             {
                 int? length = reader.ReadStartArray();
-
-                if (length != CoseMultiSignMessage.CoseSignatureArrayLength)
+                if (length != null && length != CoseMultiSignMessage.CoseSignatureArrayLength)
                 {
                     throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.DecodeCoseSignatureMustBeArrayOfThree));
                 }
@@ -351,13 +344,18 @@ private static List<CoseSignature> DecodeCoseSignaturesArray(CborReader reader,
                 }
 
                 byte[] signatureBytes = DecodeSignature(reader);
+                reader.ReadEndArray();
 
                 signatures.Add(new CoseSignature(protectedHeaders, unprotectedHeaders, bodyProtected, signProtected, signatureBytes));
-
-                reader.ReadEndArray();
             }
+
             reader.ReadEndArray();
 
+            if (signatures.Count < 1)
+            {
+                throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.MultiSignMessageMustCarryAtLeastOneSignature));
+            }
+
             return signatures;
         }
 

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseMultiSignMessage.cs

@@ -17,7 +17,7 @@ namespace System.Security.Cryptography.Cose
     /// </summary>
     public sealed class CoseMultiSignMessage : CoseMessage
     {
-        private const int MultiSignArrayLength = 4;
+        internal const int MultiSignArrayLength = 4;
         private const int MultiSignSizeOfCborTag = 2;
         internal const int CoseSignatureArrayLength = 3;
 

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseSign1Message.cs

@@ -15,7 +15,7 @@ namespace System.Security.Cryptography.Cose
     /// </summary>
     public sealed class CoseSign1Message : CoseMessage
     {
-        private const int Sign1ArrayLength = 4;
+        internal const int Sign1ArrayLength = 4;
         private const int Sign1SizeOfCborTag = 1;
         private readonly byte[] _signature;
 

src/libraries/System.Security.Cryptography.Cose/tests/CoseHeaderMapTests.cs

@@ -295,6 +295,41 @@ public void RemoveKeyValuePair_DoesNotMatchKeyOrValue(bool changeKey)
             Assert.Equal(1, map.Count);
         }
 
+        [Fact]
+        public void SetEncodedValue_CriticalHeaders_ThrowIf_ArrayEmpty()
+        {
+            // definite length
+            var writer = new CborWriter();
+            writer.WriteStartArray(0);
+            writer.WriteEndArray();
+
+            Verify(writer.Encode());
+
+            // indefinite length
+            writer.Reset();
+            writer.WriteStartArray(null);
+            writer.WriteEndArray();
+
+            Verify(writer.Encode());
+
+            void Verify(byte[] encodedValue)
+            {
+                CoseHeaderMap map = new();
+                CoseHeaderValue value = CoseHeaderValue.FromEncodedValue(writer.Encode());
+                Assert.Throws<ArgumentException>(() => map[CoseHeaderLabel.CriticalHeaders] = value);
+            }
+        }
+
+        [Fact]
+        public void SetEncodedValue_CriticalHeaders_ThrowIf_IndefiniteLengthArrayMissingBreak()
+        {
+            byte[] encodedValue = GetDummyCritHeaderValue(useIndefiniteLength: true);
+
+            CoseHeaderMap map = new();
+            CoseHeaderValue value = CoseHeaderValue.FromEncodedValue(encodedValue.AsSpan(0, encodedValue.Length - 1));
+            Assert.Throws<ArgumentException>(() => map[CoseHeaderLabel.CriticalHeaders] = value);
+        }
+
         public enum SetValueMethod
         {
             ItemSet,
@@ -493,7 +528,11 @@ public static IEnumerable<object[]> KnownHeadersEncodedValues_TestData()
                 writer.WriteInt32((int)ECDsaAlgorithm.ES256);
                 yield return ReturnDataAndReset(KnownHeaderAlg, writer, setMethod, getMethod);
 
-                WriteDummyCritHeaderValue(writer);
+                WriteDummyCritHeaderValue(writer, useIndefiniteLength: false);
+                yield return ReturnDataAndReset(KnownHeaderCrit, writer, setMethod, getMethod);
+
+
+                WriteDummyCritHeaderValue(writer, useIndefiniteLength: true);
                 yield return ReturnDataAndReset(KnownHeaderCrit, writer, setMethod, getMethod);
 
                 writer.WriteTextString(ContentTypeDummyValue);

src/libraries/System.Security.Cryptography.Cose/tests/CoseMessageTests.DecodeMultiSign.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Formats.Cbor;
 using Test.Cryptography;
@@ -82,5 +83,52 @@ public void DecodeMultiSign_IncorrectStructure()
             writer.WriteEndArray();
             Assert.Throws<CryptographicException>(() => CoseMessage.DecodeMultiSign(writer.Encode()));
         }
+
+        [Theory]
+        // COSE_Sign is an indefinite-length array
+        [InlineData("D8629F40A054546869732069732074686520636F6E74656E742E818343A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30AFF")]
+        // [+COSE_Signature]
+        [InlineData("D8628440A054546869732069732074686520636F6E74656E742E9F8343A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30AFF")]
+        // COSE_Signature
+        [InlineData("D8628440A054546869732069732074686520636F6E74656E742E819F43A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30AFF")]
+        // All of them
+        [InlineData("D8629F40A054546869732069732074686520636F6E74656E742E9F9F43A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30AFFFFFF")]
+        public void DecodeMultiSign_IndefiniteLengthArray(string hexCborPayload)
+        {
+            byte[] cborPayload = ByteUtils.HexToByteArray(hexCborPayload);
+            CoseMultiSignMessage msg = CoseMessage.DecodeMultiSign(cborPayload);
+
+            ReadOnlyCollection<CoseSignature> signatures = msg.Signatures;
+            Assert.Equal(1, signatures.Count);
+            Assert.True(signatures[0].VerifyEmbedded(DefaultKey));
+        }
+
+        [Theory]
+        // COSE_Sign
+        [InlineData("D8629F40A054546869732069732074686520636F6E74656E742E818343A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30A")]
+        // [+COSE_Signature]
+        [InlineData("D8628440A054546869732069732074686520636F6E74656E742E9F8343A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30A")]
+        // COSE_Signature
+        [InlineData("D8628440A054546869732069732074686520636F6E74656E742E819F43A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30A")]
+        public void DecodeMultiSign_IndefiniteLengthArray_MissingBreak(string hexCborPayload)
+        {
+            byte[] cborPayload = ByteUtils.HexToByteArray(hexCborPayload);
+            CryptographicException ex = Assert.Throws<CryptographicException>(() => CoseMessage.DecodeMultiSign(cborPayload));
+            Assert.IsType<CborContentException>(ex.InnerException);
+        }
+
+        [Theory]
+        // COSE_Sign
+        [InlineData("D8629F40A054546869732069732074686520636F6E74656E742E818343A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30A40FF")]
+        // [+COSE_Signature]
+        [InlineData("D8628440A054546869732069732074686520636F6E74656E742E9F8343A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30A40FF")]
+        // COSE_Signature
+        [InlineData("D8628440A054546869732069732074686520636F6E74656E742E819F43A10126A1044231315840E2AEAFD40D69D19DFE6E52077C5D7FF4E408282CBEFB5D06CBF414AF2E19D982AC45AC98B8544C908B4507DE1E90B717C3D34816FE926A2B98F53AFD2FA0F30A40FF")]
+        public void DecodeMultiSign_IndefiniteLengthArray_LargerByOne(string hexCborPayload)
+        {
+            byte[] cborPayload = ByteUtils.HexToByteArray(hexCborPayload);
+            CryptographicException ex = Assert.Throws<CryptographicException>(() => CoseMessage.DecodeMultiSign(cborPayload));
+            Assert.IsType<InvalidOperationException>(ex.InnerException);
+        }
     }
 }

src/libraries/System.Security.Cryptography.Cose/tests/CoseMessageTests.DecodeSign1.cs

@@ -69,5 +69,30 @@ public void DecodeSign1_IncorrectStructure()
             writer.WriteEndArray();
             Assert.Throws<CryptographicException>(() => CoseMessage.DecodeSign1(writer.Encode()));
         }
+
+        [Fact]
+        public void DecodeSign1_IndefiniteLengthArray()
+        {
+            byte[] cborPayload = ByteUtils.HexToByteArray("D29F43A10126A10442313154546869732069732074686520636F6E74656E742E58408EB33E4CA31D1C465AB05AAC34CC6B23D58FEF5C083106C4D25A91AEF0B0117E2AF9A291AA32E14AB834DC56ED2A223444547E01F11D3B0916E5A4C345CACB36FF");
+            CoseSign1Message msg = CoseMessage.DecodeSign1(cborPayload);
+
+            Assert.True(msg.VerifyEmbedded(DefaultKey));
+        }
+
+        [Fact]
+        public void DecodeSign1_IndefiniteLengthArray_MissingBreak()
+        {
+            byte[] cborPayload = ByteUtils.HexToByteArray("D29F43A10126A10442313154546869732069732074686520636F6E74656E742E58408EB33E4CA31D1C465AB05AAC34CC6B23D58FEF5C083106C4D25A91AEF0B0117E2AF9A291AA32E14AB834DC56ED2A223444547E01F11D3B0916E5A4C345CACB36");
+            CryptographicException ex = Assert.Throws<CryptographicException>(() => CoseMessage.DecodeSign1(cborPayload));
+            Assert.IsType<CborContentException>(ex.InnerException);
+        }
+
+        [Fact]
+        public void DecodeSign1_IndefiniteLengthArray_LargerByOne()
+        {
+            byte[] cborPayload = ByteUtils.HexToByteArray("D29F43A10126A10442313154546869732069732074686520636F6E74656E742E58408EB33E4CA31D1C465AB05AAC34CC6B23D58FEF5C083106C4D25A91AEF0B0117E2AF9A291AA32E14AB834DC56ED2A223444547E01F11D3B0916E5A4C345CACB3640FF");
+            CryptographicException ex = Assert.Throws<CryptographicException>(() => CoseMessage.DecodeSign1(cborPayload));
+            Assert.IsType<InvalidOperationException>(ex.InnerException);
+        }
     }
 }

src/libraries/System.Security.Cryptography.Cose/tests/CoseTestHelpers.cs

@@ -541,17 +541,17 @@ internal enum CoseMessageKind
             MultiSign = 98
         }
 
-        internal static void WriteDummyCritHeaderValue(CborWriter writer)
+        internal static void WriteDummyCritHeaderValue(CborWriter writer, bool useIndefiniteLength = false)
         {
-            writer.WriteStartArray(1);
+            writer.WriteStartArray(useIndefiniteLength ? null : 1);
             writer.WriteInt32(42);
             writer.WriteEndArray();
         }
 
-        internal static byte[] GetDummyCritHeaderValue()
+        internal static byte[] GetDummyCritHeaderValue(bool useIndefiniteLength = false)
         {
             var writer = new CborWriter();
-            WriteDummyCritHeaderValue(writer);
+            WriteDummyCritHeaderValue(writer, useIndefiniteLength);
             return writer.Encode();
         }