Skip to content

Add S.S.C.Cose with COSE Sign1 support#64461

Merged
jozkee merged 17 commits intodotnet:mainfrom
jozkee:cose2
Feb 7, 2022
Merged

Add S.S.C.Cose with COSE Sign1 support#64461
jozkee merged 17 commits intodotnet:mainfrom
jozkee:cose2

Conversation

@jozkee
Copy link
Member

@jozkee jozkee commented Jan 28, 2022

Fixes #32121.
Contributes to #62600.

@jozkee jozkee added this to the 7.0.0 milestone Jan 28, 2022
@jozkee jozkee requested a review from bartonjs January 28, 2022 18:18
@jozkee jozkee self-assigned this Jan 28, 2022
@ghost
Copy link

ghost commented Jan 28, 2022

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@ghost
Copy link

ghost commented Jan 28, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Fixes #32121.
Contributes to #62600.

Author: Jozkee
Assignees: Jozkee
Labels:

area-System.Security
Milestone: 7.0.0

jozkee added 2 commits February 4, 2022 14:06
@jozkee
src: Address suggestions
e317a69
@jozkee
tests:
cefe686 
* Fix ThreadStatic properties
* Switch from SkipOnPlatformAttribute to IgnoreForCI in csproj
@jozkee jozkee requested a review from bartonjs February 5, 2022 00:46
bartonjs
bartonjs approved these changes Feb 5, 2022
View reviewed changes
Copy link
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as someone who knows about building things signs off on ProjectRef vs PackageRef, and @tannergooding or someone can give a grunt of assent regarding the RequiresPreview attribute, I think that we can call this good enough for first partner preview.

safern
safern reviewed Feb 7, 2022
View reviewed changes
Copy link
Member

@safern safern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than a few comments/questions, build changes look good.

@jozkee
src: use RequiresPreviewFeatures as assembly level attribute
9d4a77b 
tests: add test project to exclusion list of local browser runs
buyaa-n
buyaa-n approved these changes Feb 7, 2022
View reviewed changes
Copy link
Contributor

@buyaa-n buyaa-n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a NIT, overall attributes annotations LGTM

src/libraries/System.Security.Cryptography.Cose/ref/System.Security.Cryptography.Cose.cs
public bool Verify(System.Security.Cryptography.ECDsa key, System.ReadOnlySpan<byte> content) { throw null; }
[System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
public bool Verify(System.Security.Cryptography.RSA key) { throw null; }
[System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")]
Copy link
Contributor

@buyaa-n buyaa-n Feb 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: probably better to apply the attribute at the type level as all membrs have it except internal constructor

Copy link
Member Author

@jozkee jozkee Feb 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that is a nit and the CI finished mostly clean, I will address this in a future PR.

Copy link
Member Author

@jozkee jozkee Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One a second thought, we shouldn't move the attribute to the type since the internal .ctor is used in an API (CoseMessage.DecodeSign1) that can be called from browser.

.../System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseSign1Message.cs
internal CoseSign1Message(CoseHeaderMap protectedHeader, CoseHeaderMap unprotectedHeader, byte[]? content, byte[] signature, byte[] protectedHeaderAsBstr)
: base(protectedHeader, unprotectedHeader, content, signature, protectedHeaderAsBstr) { }

[UnsupportedOSPlatform("browser")]
Copy link
Contributor

@buyaa-n buyaa-n Feb 7, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

browser-compat is supposed to be opt-in, so I wouldn't expect this to trip.

That is right, by defualt it should not warn for cross platform builds, but browser team wanted to see/propogate the warning for cross-platform builds in runtime repo

@bartonjs
Copy link
Member

bartonjs commented Feb 7, 2022

That is right, by defualt it should not warn for cross platform builds, but browser team wanted to see/propogate the warning for cross-platform builds in runtime repo

Ahhh. Thanks for the explanation :)

@jozkee jozkee merged commit cf3aeb1 into dotnet:main Feb 7, 2022
@jozkee jozkee deleted the cose2 branch February 7, 2022 23:21
@ghost ghost locked as resolved and limited conversation to collaborators Mar 10, 2022
@bartonjs bartonjs added cryptographic-docs-impact needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration labels Aug 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stephentoub stephentoub stephentoub left review comments

@bartonjs bartonjs bartonjs approved these changes

@safern safern safern left review comments

@tannergooding tannergooding Awaiting requested review from tannergooding

+1 more reviewer

@buyaa-n buyaa-n buyaa-n approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jozkee jozkee

Labels

area-System.Security needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration new-api-needs-documentation

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

COSE_Sign1 messages (single signer) can be read, validated, and created

5 participants

@jozkee @bartonjs @stephentoub @safern @buyaa-n