cleanup RSArsaOrHmacMess

Author: JesusMcCloud

CHANGELOG.md

@@ -64,6 +64,7 @@
 
 
 
+
 ### 3.14.0 (Supreme 0.7.0)
 
 * Certificate Improvements:

docs/docs/indispensable-asn1.md

@@ -139,7 +139,7 @@ An alternative exists, taking a `Tag` instead of an `Ulong`. in both cases a tag
 the content of the ASN.1 primitive. Moreover, a non-throwing `decodeOrNull` variant is present.
 In addition, the following self-describing shorthands are defined:
 
-| Function                                    | Description                                                                         |
+| Function                                    | Descrption                                                                          |
 |---------------------------------------------|-------------------------------------------------------------------------------------|
 | `Asn1Primitive.decodeToBoolean()`           | throws                                                                              |
 | `Asn1Primitive.decodeToBooleanOrNull()`     | returns `null` on error                                                             |

docs/docs/indispensable.md

@@ -148,7 +148,7 @@ The following functions provide interop functionality with platform types.
 * `CryptoSignature.jcaSignatureBytes` returns the JCA-native encoded representation of a signature
 * `CryptoSignature.parseFromJca()` returns a signature object form a JCA-native encoded representation of a signature
 * `CryptoSignature.EC.parseFromJca()` returns an EC signature object form a JCA-native encoded representation of a signature
-* `CryptoSignature.RSAorHMAC.parseFromJca()` returns an RSA signature object form a JCA-native encoded representation of a signature
+* `CryptoSignature.RSA.parseFromJca()` returns an RSA signature object form a JCA-native encoded representation of a signature
 * `CryptoSignature.EC.parseFromJcaP1363` parses a signature produced by the JCA digestWithECDSAinP1363Format algorithm.
 * `X509Certificate.toJcaCertificate()` converts the certificate to a JCA-native `X509Certificate`
 * `java.security.cert.X509Certificate.toKmpCertificate()` converts a JCA-native certificate to a Signum `X509Certificate`

indispensable-cosef/src/commonMain/kotlin/at/asitplus/signum/indispensable/cosef/CoseAlgorithm.kt

@@ -1,11 +1,15 @@
+@file:Suppress("SERIALIZER_TYPE_INCOMPATIBLE")
+
 package at.asitplus.signum.indispensable.cosef
 
+import at.asitplus.KmmResult
 import at.asitplus.catching
-import at.asitplus.signum.indispensable.Digest
-import at.asitplus.signum.indispensable.ECCurve
-import at.asitplus.signum.indispensable.RSAPadding
-import at.asitplus.signum.indispensable.SignatureAlgorithm
-import at.asitplus.signum.indispensable.SpecializedSignatureAlgorithm
+import at.asitplus.signum.indispensable.*
+import at.asitplus.signum.indispensable.mac.HMAC
+import at.asitplus.signum.indispensable.mac.MessageAuthenticationCode
+import at.asitplus.signum.indispensable.misc.BitLength
+import at.asitplus.signum.indispensable.misc.bit
+import at.asitplus.signum.indispensable.symmetric.SymmetricEncryptionAlgorithm
 import kotlinx.serialization.KSerializer
 import kotlinx.serialization.Serializable
 import kotlinx.serialization.descriptors.PrimitiveKind
@@ -18,47 +22,151 @@ import kotlinx.serialization.encoding.Encoder
  * See [COSE Algorithm Registry](https://www.iana.org/assignments/cose/cose.xhtml)
  */
 @Serializable(with = CoseAlgorithmSerializer::class)
-enum class CoseAlgorithm(val value: Int): SpecializedSignatureAlgorithm {
-
-    // ECDSA with SHA-size
-    ES256(-7),
-    ES384(-35),
-    ES512(-36),
-
-    // HMAC-size with SHA-size
-    HS256(5),
-    HS384(6),
-    HS512(7),
-
-    // RSASSA-PSS with SHA-size
-    PS256(-37),
-    PS384(-38),
-    PS512(-39),
-
-    // RSASSA-PKCS1-v1_5 with SHA-size
-    RS256(-257),
-    RS384(-258),
-    RS512(-259),
-
-    // RSASSA-PKCS1-v1_5 using SHA-1
-    RS1(-65535);
-
-    val digest: Digest get() = when(this) {
-        RS1 -> Digest.SHA1
-        ES256, HS256, PS256, RS256 -> Digest.SHA256
-        ES384, HS384, PS384, RS384 -> Digest.SHA384
-        ES512, HS512, PS512, RS512 -> Digest.SHA512
+sealed interface CoseAlgorithm {
+
+    sealed interface Symmetric : CoseAlgorithm {
+        companion object {
+            val entries: Collection<Symmetric> = MAC.entries + SymmetricEncryption.entries
+        }
+    }
+
+    val value: Int
+
+    @Serializable(with = CoseAlgorithmSerializer::class)
+    sealed class DataIntegrity<D : DataIntegrityAlgorithm>(override val value: Int, val algorithm: D) : CoseAlgorithm {
+        companion object {
+            val entries: Collection<DataIntegrity<*>> = Signature.entries + MAC.entries
+        }
+    }
+
+    @Serializable(with = CoseAlgorithmSerializer::class)
+    sealed class SymmetricEncryption(override val value: Int, val algorithm: SymmetricEncryptionAlgorithm<*, *, *>) :
+        CoseAlgorithm.Symmetric {
+
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object A128GCM : SymmetricEncryption(1, SymmetricEncryptionAlgorithm.AES_128.GCM)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object A192GCM : SymmetricEncryption(2, SymmetricEncryptionAlgorithm.AES_192.GCM)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object A256GCM : SymmetricEncryption(3, SymmetricEncryptionAlgorithm.AES_256.GCM)
+
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object ChaCha20Poly1305 : SymmetricEncryption(24, SymmetricEncryptionAlgorithm.ChaCha20Poly1305)
+
+        companion object {
+            val entries: Collection<SymmetricEncryption> = listOf(A128GCM, A192GCM, A256GCM, ChaCha20Poly1305)
+        }
+    }
+
+
+    @Serializable(with = CoseAlgorithmSerializer::class)
+    sealed class Signature(value: Int, algorithm: SignatureAlgorithm) :
+        DataIntegrity<SignatureAlgorithm>(value, algorithm),
+        SpecializedSignatureAlgorithm {
+
+        // ECDSA with SHA-size
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object ES256 : Signature(-7, SignatureAlgorithm.ECDSAwithSHA256)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object ES384 : Signature(-35, SignatureAlgorithm.ECDSAwithSHA384)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object ES512 : Signature(-36, SignatureAlgorithm.ECDSAwithSHA512)
+
+        // RSASSA-PSS with SHA-size
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object PS256 : Signature(-37, SignatureAlgorithm.RSAwithSHA256andPSSPadding)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object PS384 : Signature(-38, SignatureAlgorithm.RSAwithSHA384andPSSPadding)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object PS512 : Signature(-39, SignatureAlgorithm.RSAwithSHA512andPSSPadding)
+
+        // RSASSA-PKCS1-v1_5 with SHA-size
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object RS256 : Signature(-257, SignatureAlgorithm.RSAwithSHA256andPKCS1Padding)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object RS384 : Signature(-258, SignatureAlgorithm.RSAwithSHA384andPKCS1Padding)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object RS512 : Signature(-259, SignatureAlgorithm.RSAwithSHA512andPKCS1Padding)
+
+        // RSASSA-PKCS1-v1_5 using SHA-1
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object RS1 : Signature(-65535, SignatureAlgorithm.RSA(Digest.SHA1, RSAPadding.PKCS1))
+
+        open val digest: Digest?
+            get() = when (algorithm) {
+                is SignatureAlgorithm.ECDSA -> digest
+                is SignatureAlgorithm.RSA -> digest
+            }
+
+        companion object {
+            val entries: Collection<Signature> = listOf(
+                ES256,
+                ES384,
+                ES512,
+                PS256,
+                PS384,
+                PS512,
+                RS256,
+                RS384,
+                RS512,
+                RS1,
+            )
+        }
+
     }
 
-    override val algorithm: SignatureAlgorithm get() = when (this) {
-        ES256 -> SignatureAlgorithm.ECDSA(Digest.SHA256, ECCurve.SECP_256_R_1)
-        ES384 -> SignatureAlgorithm.ECDSA(Digest.SHA384, ECCurve.SECP_384_R_1)
-        ES512 -> SignatureAlgorithm.ECDSA(Digest.SHA512, ECCurve.SECP_521_R_1)
 
-        HS256, HS384, HS512 -> SignatureAlgorithm.HMAC(this.digest)
-        PS256, PS384, PS512 -> SignatureAlgorithm.RSA(this. digest, RSAPadding.PSS)
-        RS1, RS256, RS384, RS512 -> SignatureAlgorithm.RSA(this.digest, RSAPadding.PKCS1)
+    @Serializable(with = CoseAlgorithmSerializer::class)
+    sealed class MAC(
+        value: Int, algorithm: MessageAuthenticationCode,
+        /**
+         * The tag length for COSE might not be the same as for the underlying HMAC
+         */
+        val tagLength: BitLength
+    ) :
+        DataIntegrity<MessageAuthenticationCode>(value, algorithm), Symmetric {
+        // HMAC-size with SHA-size
+        /**HMAC w/ SHA-256 truncated to 64 bits*/
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object HS256_64 : MAC(4, HMAC.SHA256, 64.bit)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object HS256 : MAC(5, HMAC.SHA256, 256.bit)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object HS384 : MAC(6, HMAC.SHA384, 384.bit)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object HS512 : MAC(7, HMAC.SHA512, 512.bit)
+
+        @Serializable(with = CoseAlgorithmSerializer::class)
+        object UNOFFICIAL_HS1 : MAC(-2341169 /*random inside private use range*/, HMAC.SHA1, 160.bit)
+
+        companion object {
+            val entries: Collection<MAC> = listOf(
+                HS256,
+                HS384,
+                HS512,
+                UNOFFICIAL_HS1,
+            )
+        }
+    }
+
+    companion object {
+        val entries: Collection<CoseAlgorithm> = DataIntegrity.entries + SymmetricEncryption.entries
     }
+
 }
 
 object CoseAlgorithmSerializer : KSerializer<CoseAlgorithm> {
@@ -78,37 +186,62 @@ object CoseAlgorithmSerializer : KSerializer<CoseAlgorithm> {
 }
 
 /** Tries to find a matching COSE algorithm. Note that COSE imposes curve restrictions on ECDSA based on the digest. */
-fun SignatureAlgorithm.toCoseAlgorithm() = catching {
+fun SignatureAlgorithm.toCoseAlgorithm(): KmmResult<CoseAlgorithm.Signature> = catching {
     when (this) {
         is SignatureAlgorithm.ECDSA -> when (this.digest) {
-            Digest.SHA256 -> CoseAlgorithm.ES256
-            Digest.SHA384 -> CoseAlgorithm.ES384
-            Digest.SHA512 -> CoseAlgorithm.ES512
+            Digest.SHA256 -> CoseAlgorithm.Signature.ES256
+            Digest.SHA384 -> CoseAlgorithm.Signature.ES384
+            Digest.SHA512 -> CoseAlgorithm.Signature.ES512
             else -> throw IllegalArgumentException("ECDSA with ${this.digest} is unsupported by COSE")
         }
+
         is SignatureAlgorithm.RSA -> when (this.padding) {
             RSAPadding.PKCS1 -> when (this.digest) {
-                Digest.SHA1 -> CoseAlgorithm.RS1
-                Digest.SHA256 -> CoseAlgorithm.RS256
-                Digest.SHA384 -> CoseAlgorithm.RS384
-                Digest.SHA512 -> CoseAlgorithm.RS512
+                Digest.SHA1 -> CoseAlgorithm.Signature.RS1
+                Digest.SHA256 -> CoseAlgorithm.Signature.RS256
+                Digest.SHA384 -> CoseAlgorithm.Signature.RS384
+                Digest.SHA512 -> CoseAlgorithm.Signature.RS512
             }
+
             RSAPadding.PSS -> when (this.digest) {
-                Digest.SHA256 -> CoseAlgorithm.PS256
-                Digest.SHA384 -> CoseAlgorithm.PS384
-                Digest.SHA512 -> CoseAlgorithm.PS512
+                Digest.SHA256 -> CoseAlgorithm.Signature.PS256
+                Digest.SHA384 -> CoseAlgorithm.Signature.PS384
+                Digest.SHA512 -> CoseAlgorithm.Signature.PS512
                 else -> throw IllegalArgumentException("RSA-PSS with ${this.digest} is unsupported by COSE")
             }
         }
-        is SignatureAlgorithm.HMAC -> when (this.digest) {
-            Digest.SHA256 -> CoseAlgorithm.HS256
-            Digest.SHA384 -> CoseAlgorithm.HS384
-            Digest.SHA512 -> CoseAlgorithm.HS512
-            else -> throw IllegalArgumentException("HMAC with ${this.digest} is unsupported by COSE")
-        }
+    }
+}
+
+fun DataIntegrityAlgorithm.toCoseAlgorithm(): KmmResult<CoseAlgorithm> = catching {
+    when (this) {
+        is SignatureAlgorithm -> toCoseAlgorithm().getOrThrow()
+        is MessageAuthenticationCode -> toCoseAlgorithm().getOrThrow()
+        else -> throw IllegalArgumentException("Algorithm $this not supported by COSE")
+    }
+}
+
+/** Tries to find a matching COSE algorithm. Note that [CoseAlgorithm.MAC.HS256_64] cannot be mapped automatically. */
+fun MessageAuthenticationCode.toCoseAlgorithm(): KmmResult<CoseAlgorithm.MAC> = catching {
+    when (this) {
+        HMAC.SHA1 -> CoseAlgorithm.MAC.UNOFFICIAL_HS1
+        HMAC.SHA256 -> CoseAlgorithm.MAC.HS256
+        HMAC.SHA384 -> CoseAlgorithm.MAC.HS384
+        HMAC.SHA512 -> CoseAlgorithm.MAC.HS512
+    }
+}
+
+/** Tries to find a matching COSE algorithm. Note that only AES-GCM and ChaCha/Poly are supported. */
+fun SymmetricEncryptionAlgorithm<*, *, *>.toCoseAlgorithm(): KmmResult<CoseAlgorithm.SymmetricEncryption> = catching {
+    when (this) {
+        SymmetricEncryptionAlgorithm.ChaCha20Poly1305 -> CoseAlgorithm.SymmetricEncryption.ChaCha20Poly1305
+        SymmetricEncryptionAlgorithm.AES_128.GCM -> CoseAlgorithm.SymmetricEncryption.A128GCM
+        SymmetricEncryptionAlgorithm.AES_192.GCM -> CoseAlgorithm.SymmetricEncryption.A192GCM
+        SymmetricEncryptionAlgorithm.AES_256.GCM -> CoseAlgorithm.SymmetricEncryption.A256GCM
+        else -> throw IllegalArgumentException("$this has no COSE algorithm mapping")
     }
 }
 
 /** Tries to find a matching COSE algorithm. Note that COSE imposes curve restrictions on ECDSA based on the digest. */
-fun SpecializedSignatureAlgorithm.toCoseAlgorithm() =
+fun SpecializedSignatureAlgorithm.toCoseAlgorithm(): KmmResult<CoseAlgorithm.Signature> =
     this.algorithm.toCoseAlgorithm()