WIP [feat]: Add es256k signing and validation support to synced fork #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* ci: Fix docs. * docs: One more format change * chore: Update openssl * ci: One more note * ci: One more note * ci: One more note 3 * `make test` should not use nightly Clippy build * Revert doc changes made because we were running `cargo +nightly clippy` --------- Co-authored-by: Eric Scouten <scouten@adobe.com>
Fix code that adjusted incorrect EC signatures.
* Remove redundant LogItems. Add claim URI or Ingredient URI when possible * More error reporting enhancements * Add OCSP revocations status * Comment fix * Update test image and go back to old test
* Remove redundant LogItems. Add claim URI or Ingredient URI when possible * More error reporting enhancements * Add OCSP revocations status * Comment fix * Update test image and go back to old test * Update c2patool version
* Remove redundant LogItems. Add claim URI or Ingredient URI when possible * More error reporting enhancements * Add OCSP revocations status * Comment fix * Update test image and go back to old test * Update c2patool version * Restore fix for claim_generator_hints
…ty crate (contentauth#918) Workaround for release-plz/release-plz#2034.
…yAssertion::summarize_all` (contentauth#913)
…ble report for entire manifest store (contentauth#920)
… their own identity assertion (contentauth#923)
* docs: Update versions and feature flags * Updates based on Maurice's comments
* feat: Add support for DynamicAssertions in JSON format Adds DynamicAssertionContent type.
fix: slicing of empty XMP data
…#864) Co-authored-by: Gavin Peacock <gpeacock@adobe.com>
fix: decoding of GIF chunks Co-authored-by: Gavin Peacock <gpeacock@adobe.com>
clippy fix for release
feat: Add wasi compatibility. - wasip2 will require +nightly until rust-lang/rust#130323 is resolved and/or std::os::wasip2 is available in stable. - Support was added to rustix for version 0.38.39 bytecodealliance/rustix#1205 - Support was added to tempfile for version 3.14 Stebalien/tempfile#305 - Tempfile is not supported in wasip1 - Working remote manifest fetch. Tests passing with WASI. CARGO_TARGET_WASM32_WASIP2_RUNNER="wasmtime -S common -S http --dir ."
Also: Add new GitHub Action to preflight build with Rust beta (i.e. expected next stable build).
* refactor: Move uri_to_path into utils * fix: Reduce allocations * fix: Return pathbuf directly, add conditional compilation * fix: Remove unused method, modify uri to take Option, resource store uses util * fix: Manifest label replaces colon, and also add test to verify colon replacement * chore: Cleaner import
Hopefully the last release where v1 claim generation is the default.
Updating syntax ahead of new `mismatched-lifetime-syntaxes` lint rule hitting stable. rust-lang/rust#138677
Add support for m4v
* feat: unified config foundation * refactor: separate user-facing settings and move thumbnail code * feat: impl profiles, thumbnail.prefer_smallest_format, remove default_format * feat: implement auto_opened, auto_created, and claim_generator_infos settings * feat: impl auto_opened setting * fix: default all_actions_included in actions assertion to true * fix: all test cases * docs: cleanup comments and document new functions * test: add thumbnail tests * fix: auto actions assertion, lots of tests, crash when empty actions, and optional settings values * fix: optional signer settings and document get_profile_settings_signer * docs: document Builder::add_auto_actions_assertion * test: remove test code in test * feat: add settings to CLI * docs: create an example c2pa.toml settings * fix: cli settings * feat: add config path and env vars for cli settings arg * fix: remove bmp and ico from supported thumbnails * fix: single claim generator info and rename load settings functions * test: remove scoped settings * refactor: remove profiles and document digital source type * feat: allow specifying digital source type for auto actions in settings * refactor: convert usage of json settings to toml * refactor: move global settings functions into public `Settings` struct * refactor: move builder settings into its own module * fix: add ingredient uris to auto actions, only add placed actions if not added already, and use builder claim gen info or settings * feat: add `Settings::from_url` * feat: setup base for remote signers and cawg signers in settings * feat: impl `RemoteSigner` and fix when pulling optional settings * feat: prefer_smallest_format tiff->jpeg * feat: allow specifying infer operating system for claim generator info * refactor: default test signer in `Settings` * fix: source type optional for auto add actions and use ref for test signer to prevent freeze * feat: add `ActionsSettings`, all_actions_included, action_templates, actions * docs: add new fields to c2pa.toml * fix: wip change serde_json::Value in settings to toml::Value (issues with this in TODO comments) * fix: actions/action_templates and add tests, use toml for defining settings instead of setting each field * test: cleanup and add more builder and settings tests * fix: make_thumbnail_from_stream format before stream in parameters * docs: finish documenting some settings structs * fix: private Settings set/get_value * test: add allActionsIncluded by default when signing to test * style: +nightly fmt * fix: feature flag thumbnails and wasm * test: fix hash_alg string * fix: remove cawg_signer, doc cli config path, move signer to top-level settings, fix wasi issue by reset settings before test, resourceref icons * feat: define ActionSettings * fix: remove Settings top-level export for now * test: add remote signer test with mock server * fix: change `builder.signer` setting to just `signer` * fix: test sample toml and fix up fields * test: don't use httpmock on wasm * test: fix wasi test
…e_manifests` (contentauth#1252) * test: feature flag `test_reader_remote_url` with feature `fetch_remote_manifests` wasi can fetch remote manifests --------- Co-authored-by: Colin D Murphy <colmurph@adobe.com>
* Support for BMFF Hash V3 validation of fixedBlockSize and fixedBlockSizes Merkle trees generation of fixedBlockSize Merkle trees * Bug fix for case when BMFF exclusion subset is using length with no offset * Setting to control Merkle tree storage * Change error message * More error checking PR comment change * Make settings fetch return error is not set * Add test for no fixed offset * Fix formatting * Check for conflicting block types * Fix error response for competing Merkle block types * Make spec responses * Allow 0 length fixed offset * A little cleanup * Make sure there is a recognized hash binding * Fix for some more edge cases * clippy fix --------- Co-authored-by: Gavin Peacock <gpeacock@adobe.com>
feat: Use V2 Claims by default updates the unit tests to work with V2 by default bump min rust version to 1.86 The c2pa_rs SDK will now generate v2 claims by default aligning with the c2pa 2.2 specification> v1 claims (c2pa 1.4) generation is still available when requested but may be deprecated soon. Reading, validating and ingredient support for v1 claims will continue to be supported. We now support actions.parameters.ingredientIds to replace org.cai.ingredientIds (due to not owning cai.org. Neither of those parameter values will be written to the store action once they are converted to an ingredients array. added Actions try_from(str) to convert a string into an Action added an actions.ingredients() method to return hashed_uris since they are difficult to parse from values. updated make_test_images to produce v2 claims and updated all the known good v2 json samples ClaimDecoding Error now has a detailed message string to help with debugging. We support saving a store that was just loaded (no added signature) verify_after_sign setting now will verify the entire manifest, not just the signature. Fixed support for assertions vs databoxes in some cases. added test_to_and_from_jumbf for store disabled the unresolvable_did unit test since it was timing out on every run. Added DigitalSourceType Enum to builder Added Builder Create constructor using DigtitalSourceType Added Builder Update constructor for auto parent ingredient generation Added BuilderFlow Enum to keep track of the Builder constructor mode. Added Builder.add_action method to add an individual action from a serializable. do not generate the claim_generator field for v2 claims (claim_generator_info only) remove support for adding claim metadata (it will be ignored) fixed status tracker validation info/error message Added test_settings.toml with certs and trust lists for running unit tests. Updated many unit tests and integration tests for v2 compatibility and Settings api.
…ather than a reference (contentauth#1238) (Supports upcoming work I'm planning around configuring trust for reading CAWG identity assertions.)
…ows (contentauth#1281) PR validation (aka "CI") should be MUCH faster now since we're only running on ubuntu-latest.
* fix: Add some features * fix: Add some features * fix: Make pdf feature available too
…contentauth#1288) (Replace test asset with a new one that points to a different site.)
…F label when possible (contentauth#1291)
* feat: No Send for CAIRead on wasm `unsafe impl Send` will no longer be required on Wasm. Wasm is single threaded. * fix: Ensure doc tests work if file_io isn't enabled.
* Support for C2PA 2.2 BMFF update manifest changes * Add return of common name for cert info Make sure we always recurse ingredient certs
cameronfyfe
reviewed
Aug 11, 2025
| hasher.finalize().to_vec() | ||
| } | ||
|
|
||
| EcdsaValidator::Es256K => { |
There was a problem hiding this comment.
Could pair these up since they use same hash function
EcdsaValidator::Es256 | EcdsaValidator::Es256K => {
let mut hasher = Sha256::new();
hasher.update(data);
hasher.finalize().to_vec()
}
cameronfyfe
reviewed
Aug 11, 2025
| } | ||
| SigningAlg::Es256K => { | ||
| async_validate( | ||
| "ECDSA".to_string(), |
There was a problem hiding this comment.
Seems like we also need to update async_validate() to handle secp256k1 sigs, since it would try to validate this as sepc256r1 based on alg = "ECDSA", hash = "SHA-256" in the async_validate() args.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes in this pull request
Adds ES256K support to the current tip