11935120896

Committed 20 Nov 2024 02:11PM UTC coverage: 86.555% (+1.3%) from 85.242%

Build # 11935120896

Build Type

Pull #27

github

Committed by

web-flow

Commit Message

Merge d2b3d706b into 383248641

Pull Request Pull Request #27: ci: update grcov to latest stable version

Run Details

6116 of 7066 relevant lines covered (86.56%)

167.28 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

41.03

/src/token/cose/util/sign.rs

/*
 * Copyright (c) 2024 The NAMIB Project Developers.
 * Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
 * https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
 * <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
 * option. This file may not be copied, modified, or distributed
 * except according to those terms.
 *
 * SPDX-License-Identifier: MIT OR Apache-2.0
 */
use crate::error::CoseCipherError;
use crate::token::cose::{CoseEc2Key, CoseParsedKey};
use core::fmt::Display;
use coset::{iana, Algorithm};

/// Attempts to parse the given `parsed_key` as an ECDSA key.
///
/// Performs the checks required for ECDSA keys according to
/// [RFC 9053, Section 2.1](https://datatracker.ietf.org/doc/html/rfc9053#section-2.1) and/or
/// [RFC 8812, Section 3.2](https://datatracker.ietf.org/doc/html/rfc8812#section-3.2).
pub(crate) fn ensure_valid_ecdsa_key<BE: Display>(
    algorithm: iana::Algorithm,
    parsed_key: CoseParsedKey<BE>,
    key_should_be_private: bool,
) -> Result<CoseEc2Key<BE>, CoseCipherError<BE>> {
    // Checks according to RFC 9053, Section 2.1 or RFC 8812, Section 3.2.

    // Key type must be EC2
    let ec2_key = if let CoseParsedKey::Ec2(ec2_key) = parsed_key {
        ec2_key
    } else {
        return Err(CoseCipherError::KeyTypeAlgorithmMismatch(
            parsed_key.as_ref().kty.clone(),
            Algorithm::Assigned(algorithm),
        ));
    };

    // If algorithm in key is set, it must match our algorithm
    if let Some(key_alg) = &ec2_key.as_ref().alg {
        if key_alg != &Algorithm::Assigned(algorithm) {
            return Err(CoseCipherError::KeyAlgorithmMismatch(
                key_alg.clone(),
                Algorithm::Assigned(algorithm),
            ));
        }
    }

    // Key must contain private key information to perform signature, and either D or X and Y to
    // verify a signature.
    if key_should_be_private && ec2_key.d.is_none() {
        return Err(CoseCipherError::MissingKeyParam(vec![
            iana::Ec2KeyParameter::D.into(),
        ]));
    } else if !key_should_be_private && ec2_key.d.is_none() {
        if ec2_key.x.is_none() {
            return Err(CoseCipherError::MissingKeyParam(vec![
                iana::Ec2KeyParameter::X.into(),
                iana::Ec2KeyParameter::D.into(),
            ]));
        }
        if ec2_key.y.is_none() {
            return Err(CoseCipherError::MissingKeyParam(vec![
                iana::Ec2KeyParameter::Y.into(),
                iana::Ec2KeyParameter::D.into(),
            ]));
        }
    }

    Ok(ec2_key)
}

1	/*
2	* Copyright (c) 2024 The NAMIB Project Developers.
3	* Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
4	* https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
5	* <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
6	* option. This file may not be copied, modified, or distributed
7	* except according to those terms.
8	*
9	* SPDX-License-Identifier: MIT OR Apache-2.0
10	*/
11	use crate::error::CoseCipherError;
12	use crate::token::cose::{CoseEc2Key, CoseParsedKey};
13	use core::fmt::Display;
14	use coset::{iana, Algorithm};
15
16	/// Attempts to parse the given `parsed_key` as an ECDSA key.
17	///
18	/// Performs the checks required for ECDSA keys according to
19	/// [RFC 9053, Section 2.1](https://datatracker.ietf.org/doc/html/rfc9053#section-2.1) and/or
20	/// [RFC 8812, Section 3.2](https://datatracker.ietf.org/doc/html/rfc8812#section-3.2).
21	pub(crate) fn ensure_valid_ecdsa_key<BE: Display>(	329✔
22	algorithm: iana::Algorithm,	329✔
23	parsed_key: CoseParsedKey<BE>,	329✔
24	key_should_be_private: bool,	329✔
25	) -> Result<CoseEc2Key<BE>, CoseCipherError<BE>> {	329✔
26	// Checks according to RFC 9053, Section 2.1 or RFC 8812, Section 3.2.
27
28	// Key type must be EC2
29	let ec2_key = if let CoseParsedKey::Ec2(ec2_key) = parsed_key {	329✔
30	ec2_key	329✔
31	} else {
32	return Err(CoseCipherError::KeyTypeAlgorithmMismatch(	×
33	parsed_key.as_ref().kty.clone(),	×
34	Algorithm::Assigned(algorithm),	×
35	));	×
36	};
37
38	// If algorithm in key is set, it must match our algorithm
39	if let Some(key_alg) = &ec2_key.as_ref().alg {	329✔
40	if key_alg != &Algorithm::Assigned(algorithm) {	9✔
41	return Err(CoseCipherError::KeyAlgorithmMismatch(	×
42	key_alg.clone(),	×
43	Algorithm::Assigned(algorithm),	×
44	));	×
45	}	9✔
46	}	320✔
47
48	// Key must contain private key information to perform signature, and either D or X and Y to
49	// verify a signature.
50	if key_should_be_private && ec2_key.d.is_none() {	329✔
51	return Err(CoseCipherError::MissingKeyParam(vec![	×
52	iana::Ec2KeyParameter::D.into(),	×
53	]));	×
54	} else if !key_should_be_private && ec2_key.d.is_none() {	329✔
55	if ec2_key.x.is_none() {	×
56	return Err(CoseCipherError::MissingKeyParam(vec![	×
57	iana::Ec2KeyParameter::X.into(),	×
58	iana::Ec2KeyParameter::D.into(),	×
59	]));	×
60	}	×
61	if ec2_key.y.is_none() {	×
62	return Err(CoseCipherError::MissingKeyParam(vec![	×
63	iana::Ec2KeyParameter::Y.into(),	×
64	iana::Ec2KeyParameter::D.into(),	×
65	]));	×
66	}	×
67	}	329✔
68
69	Ok(ec2_key)	329✔
70	}	329✔

namib-project / dcaf-rs / 11935120896

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous