Source release 19.4.0

oemcrypto/util/include/signed_csr_payload_validator.h

@@ -8,10 +8,12 @@
 #define WVOEC_UTIL_SIGNED_CSR_PAYLOAD_VALIDATOR_H_
 
 #include <sstream>
-#include <string>
 
+#include "bcc_validator.h"
 #include "cbor_validator.h"
 #include "cppbor.h"
+#include "device_info_validator.h"
+#include "prov4_validation_helper.h"
 #include "wv_class_utils.h"
 
 namespace wvoec {
@@ -20,6 +22,67 @@ namespace util {
 // SignedData<CsrPayload>. The definition of SignedData<T> and CsrPayload can be
 // found at:
 // https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
+struct CertificateType {
+  std::pair<FieldStatus, std::string> type;
+  std::string ToString() const;
+  CborMessageStatus Validate(
+      std::vector<std::pair<CborMessageStatus, std::string>>& msgs) const;
+};
+
+// CsrPayload = [             ; CBOR Array defining the payload for Csr
+//    version: 3,             ; The CsrPayload CDDL Schema version.
+//    CertificateType,        ; The type of certificate being requested.
+//    DeviceInfo,             ; Defined in the relevant DeviceInfoV*.cddl file.
+//    KeysToSign,             ; Provided by the method parameters
+// ]
+struct CsrPayload {
+  std::pair<FieldStatus, std::string> version;
+  std::pair<FieldStatus, CertificateType> certificate_type;
+  std::pair<FieldStatus, DeviceInfo> device_info;
+  std::vector<BccPublicKeyInfo> keys_to_sign;  // always empty
+  std::string ToString() const;
+  CborMessageStatus Validate(
+      std::vector<std::pair<CborMessageStatus, std::string>>& msgs) const;
+};
+
+struct SignedDataProtected {
+  std::pair<FieldStatus, int64_t> algorithm;
+  std::string ToString() const;
+  CborMessageStatus Validate(
+      std::vector<std::pair<CborMessageStatus, std::string>>& msgs) const;
+};
+
+//    SignedData<[
+//        challenge: bstr .size (0..64), ; Provided by the method parameters
+//        bstr .cbor T,
+//    ]>,
+struct DataToBeSigned {
+  std::pair<FieldStatus, std::vector<uint8_t>> challenge;
+  std::pair<FieldStatus, CsrPayload> csr_payload;
+  std::string ToString() const;
+  CborMessageStatus Validate(
+      std::vector<std::pair<CborMessageStatus, std::string>>& msgs) const;
+};
+
+// clang-format off
+// SignedData<Data> = [
+//    protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 / AlgorithmES384 },
+//    unprotected: {},
+//    payload: bstr .cbor Data / nil,
+//    signature: bstr     ; PureEd25519(CDI_Leaf_Priv, SignedDataSigStruct<Data>) /
+//                        ; ECDSA(CDI_Leaf_Priv, SignedDataSigStruct<Data>)
+// ]
+// clang-format on
+struct SignedCsrPayload {
+  std::pair<FieldStatus, SignedDataProtected> protected_data;
+  std::pair<FieldStatus, std::string> unprotected;
+  std::pair<FieldStatus, DataToBeSigned> payload;
+  std::pair<FieldStatus, std::vector<uint8_t>> signature;
+  std::string ToString() const;
+  CborMessageStatus Validate(
+      std::vector<std::pair<CborMessageStatus, std::string>>& msgs) const;
+};
+
 class SignedCsrPayloadValidator : public CborValidator {
  public:
   explicit SignedCsrPayloadValidator() {}
@@ -32,9 +95,20 @@ class SignedCsrPayloadValidator : public CborValidator {
   virtual std::string GetFormattedMessage() const override;
 
  private:
-  CborMessageStatus ValidateProtectedParams(
-      const cppbor::Bstr* protected_params);
-  CborMessageStatus ValidateDataToBeSigned(const cppbor::Bstr* data);
+  // Processes protected field in signed csr payload and extracts it to
+  // *|protected_data|.
+  // Caller ensures that all pointers are not null.
+  CborMessageStatus ProcessSignedDataProtected(
+      const cppbor::Map* protected_map, SignedDataProtected* protected_data);
+  // Processes the data to be signed and extracts it to *|payload_to_be_signed|.
+  // Caller ensures that all pointers are not null.
+  CborMessageStatus ProcessDataToBeSigned(
+      const cppbor::Array* payload_to_be_signed_array,
+      DataToBeSigned* payload_to_be_signed);
+  // Processes csr payload field and extracts it to *|csr_payload|.
+  // Caller ensures that all pointers are not null.
+  CborMessageStatus ProcessCsrPayload(const cppbor::Array* csr_payload_array,
+                                      CsrPayload* csr_payload);
   // Used to generate formatted message.
   std::stringstream msg_ss_;
 };  // class SignedCsrPayloadValidator