-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CWT support for C++ #4804
Add CWT support for C++ #4804
Conversation
I think the only problem that remains in this PR is using the libcppbor template <typename Key,
typename = std::enable_if_t<std::is_integral_v<Key> || std::is_enum_v<Key> ||
details::is_text_type_v<Key>::value>>
const std::unique_ptr<Item>& Map::get(Key key) const { This is what happens if I don't have explicit
|
I think you're hitting C++ 14/17 compatibilityissue (see b/314141962) |
cc/attestation/cose.h
Outdated
} | ||
} | ||
|
||
absl::Status UnexpectedCborTypeError(std::string_view name, cppbor::MajorType expected, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this go to cose.cc ? It is not public.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function is currently used in cwt.cc
as well
cc/attestation/cwt.cc
Outdated
absl::StatusOr<CoseSign1> cose_sign1 = CoseSign1::Deserialize(data); | ||
if (!cose_sign1.ok()) { | ||
return cose_sign1.status(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are the usual macros available externally?
ASSIGN_OR_RETURN(absl::StatusOr cose_sign1, CoseSign1::Deserialize(data));
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Macros are not available externally
cc/utils/cose/cose.cc
Outdated
|
||
namespace oak::utils::cose { | ||
|
||
absl::StatusOr<CoseSign1> CoseSign1::Deserialize(const std::vector<uint8_t>& data) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prefer absl::Span
, unless the cppbor code insists this be a reference to a vector.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
libcppbor
provides the following parse
functions:
ParseResult parse(const uint8_t* begin, const uint8_t* end);
ParseResult parse(const std::vector<uint8_t>& encoding);
ParseResult parse(const uint8_t* begin, size_t size);
ParseResult parse(const Bstr* bstr);
We can potentially use (const uint8_t* begin, const uint8_t* end)
, but those are not iterators. Not sure whether it's ok to get raw pointers from an absl::Span
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's fine -- Span is a contiguous region of memory -- but we'll most likely deal with vectors anyway, so it's not a big deal. (Otherwise, you could call parse(span.data(), span.size())'
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Parsing protobufs will produce an std::string
, is there a conversion between those? Or it's better to use absl::string_view
instead of span? (I was hitting zero-byte related problems when trying to use string view)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed input arguments to absl::string_view
// Array of signatures. Each signature is represented as a COSE_Signature structure. | ||
const cppbor::Bstr* signature; | ||
|
||
CoseSign1(const cppbor::Bstr* protected_headers, const cppbor::Map* unprotected_headers, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do these pointers point to? Who owns the memory? How do you guarantee that the memory they point to does not go out of scope while sthis struct is alive?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They point to fields from the item_
which is a unique pointer owned by this struct
|
||
CoseSign1(const cppbor::Bstr* protected_headers, const cppbor::Map* unprotected_headers, | ||
const cppbor::Bstr* payload, const cppbor::Bstr* signature, | ||
std::unique_ptr<cppbor::Item>&& item) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I it fine for this unique_ptr to be a nullptr?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It cannot be nullptr
, because the other pointers should point to the fields from this item
cc/utils/cose/cose.h
Outdated
// Public key. | ||
const cppbor::Bstr* x; | ||
|
||
CoseKey(const cppbor::Uint* kty, const cppbor::Bstr* kid, const cppbor::Nint* alg, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking API-wise, and this is in line with my comments above...
I'd change these constructors to just take cppbor::Item
directly. Once you've assigned it to item_, then, in the constructor you can build the pointers to inside the item.
Or: move the constructors to the private section so that the only way how to construct these structs is via the factory method, which enforces the invariants.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Parsing an item could produce errors (i.e. fields not have corret types), so moving the constructor to the private section. And the logic that produces errors stays in the static method.
This PR:
WORKSPACE
dependencySUBJECT_PUBLIC_KEY
for now and doesn't provide custom claimsThis logic is required to implement C++ integration tests that use DICE attestation evidence.
Ref #4074
Ref #4627
Ref #4818