Merge branch 'main' into wasm32-wasi_0.41.0

contentauth · Feb 5, 2025 · a5edd28 · a5edd28
2 parents 2e4e51e + 4cb20e3
commit a5edd28
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/internal/crypto/src/cose/sign.rs b/internal/crypto/src/cose/sign.rs
@@ -11,6 +11,7 @@
 // specific language governing permissions and limitations under
 // each license.
 
+use asn1_rs::FromDer;
 use async_generic::async_generic;
 use ciborium::value::Value;
 use coset::{
@@ -19,6 +20,7 @@ use coset::{
     TaggedCborSerializable,
 };
 use serde_bytes::ByteBuf;
+use x509_parser::prelude::X509Certificate;
 
 use super::cert_chain_from_sign1;
 use crate::{
@@ -161,7 +163,13 @@ pub fn sign_v1(
                     "bad certificate chain".to_string(),
                 ))?;
 
-                let curve = ec_curve_from_public_key_der(signing_cert).ok_or(
+                let (_, cert) = X509Certificate::from_der(signing_cert).map_err(|_e| {
+                    CoseError::CborGenerationError("incorrect EC signature format".to_string())
+                })?;
+
+                let certificate_public_key = cert.public_key();
+
+                let curve = ec_curve_from_public_key_der(certificate_public_key.raw).ok_or(
                     CoseError::CborGenerationError("incorrect EC signature format".to_string()),
                 )?;
 
@@ -235,7 +243,13 @@ pub fn sign_v2(
                     "bad certificate chain".to_string(),
                 ))?;
 
-                let curve = ec_curve_from_public_key_der(signing_cert).ok_or(
+                let (_, cert) = X509Certificate::from_der(signing_cert).map_err(|_e| {
+                    CoseError::CborGenerationError("incorrect EC signature format".to_string())
+                })?;
+
+                let certificate_public_key = cert.public_key();
+
+                let curve = ec_curve_from_public_key_der(certificate_public_key.raw).ok_or(
                     CoseError::CborGenerationError("incorrect EC signature format".to_string()),
                 )?;
 

diff --git a/internal/crypto/src/ec_utils.rs b/internal/crypto/src/ec_utils.rs
@@ -127,6 +127,7 @@ pub(crate) fn der_to_p1363(data: &[u8], sig_len: usize) -> Result<Vec<u8>, RawSi
 }
 
 // Returns supported EcdsaCurve for given public key.
+#[allow(dead_code)]
 pub(crate) fn ec_curve_from_public_key_der(public_key: &[u8]) -> Option<EcdsaCurve> {
     let (_, pk) = SubjectPublicKeyInfo::from_der(public_key).ok()?;