summaryrefslogtreecommitdiffstats
path: root/third_party/rust/cose
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /third_party/rust/cose
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/rust/cose')
-rw-r--r--third_party/rust/cose/.cargo-checksum.json1
-rw-r--r--third_party/rust/cose/Cargo.toml32
-rw-r--r--third_party/rust/cose/LICENSE373
-rw-r--r--third_party/rust/cose/README.md26
-rw-r--r--third_party/rust/cose/build.rs11
-rw-r--r--third_party/rust/cose/examples/sign_verify/main.rs259
-rw-r--r--third_party/rust/cose/examples/sign_verify/nss.rs356
-rw-r--r--third_party/rust/cose/examples/sign_verify/test_nss.rs65
-rw-r--r--third_party/rust/cose/examples/sign_verify/test_setup.rs625
-rw-r--r--third_party/rust/cose/examples/sign_verify/util_test.rs194
-rw-r--r--third_party/rust/cose/rustfmt.toml4
-rw-r--r--third_party/rust/cose/src/cose.rs72
-rw-r--r--third_party/rust/cose/src/decoder.rs235
-rw-r--r--third_party/rust/cose/src/test_cose.rs496
-rw-r--r--third_party/rust/cose/src/test_setup.rs169
-rw-r--r--third_party/rust/cose/src/util.rs27
-rw-r--r--third_party/rust/cose/tools/certs/certs.md9
-rwxr-xr-xthird_party/rust/cose/tools/certs/certs.sh21
-rw-r--r--third_party/rust/cose/tools/certs/ee-p256.certspec6
-rw-r--r--third_party/rust/cose/tools/certs/ee-p256.keyspec1
-rw-r--r--third_party/rust/cose/tools/certs/ee-p384.certspec6
-rw-r--r--third_party/rust/cose/tools/certs/ee-p521.certspec6
-rw-r--r--third_party/rust/cose/tools/certs/ee-rsa.certspec3
-rw-r--r--third_party/rust/cose/tools/certs/int-p256.certspec8
-rw-r--r--third_party/rust/cose/tools/certs/int-rsa.certspec5
-rw-r--r--third_party/rust/cose/tools/certs/root-p256.certspec8
-rw-r--r--third_party/rust/cose/tools/certs/root-rsa.certspec5
27 files changed, 3023 insertions, 0 deletions
diff --git a/third_party/rust/cose/.cargo-checksum.json b/third_party/rust/cose/.cargo-checksum.json
new file mode 100644
index 0000000000..61855016bb
--- /dev/null
+++ b/third_party/rust/cose/.cargo-checksum.json
@@ -0,0 +1 @@
+{"files":{"Cargo.toml":"40534ef8d01b0269e2ca3b00c4d14f7523222bc85611ee07afcffea45a71ef4b","LICENSE":"1f256ecad192880510e84ad60474eab7589218784b9a50bc7ceee34c2b91f1d5","README.md":"7b9676ec9ed5d7ac38f461b1b257eb0bd80568e732994fb26fa929ce5fe503af","build.rs":"a2b798bbeaf8ef19a9bd8c1e24b3fd3899a5b4b3e121e5e09794e4e2b35971dd","examples/sign_verify/main.rs":"fbe4b9c73b23e1ef364126f453f749fefb67ab45703bf809a5eed910a25e461e","examples/sign_verify/nss.rs":"a1d133142efc0ac6564f0b9587890587f1ecaa7404ac0c4c8907de6d43de3267","examples/sign_verify/test_nss.rs":"be41ebe0a82b6172297b10c13767e4768f0b613ac331b554f6e8c2c7a20c0bc8","examples/sign_verify/test_setup.rs":"82330118e4284d9bf788dbec9e637ab4a3b53fd4ec9c7efaed0e996ffa084de4","examples/sign_verify/util_test.rs":"48d52f3ca3e93b670a1d69f8443358260c1ae61d7977a59d922696811320d4c3","rustfmt.toml":"e97717e906fcd3eeb86dcee52ed26f13e1884597b016a27172229d9c78dd3d57","src/cose.rs":"104e06843f4cdffe2ca6f42f46c51c79d685c18d2ad92b65811e3ceffbd90e07","src/decoder.rs":"a4d2dcd44d179fabdac6ce99cc3512ece3164ba48beab9f313ad85db466c3a55","src/test_cose.rs":"849ec936a00eb438a08eb85380b3e4ba8d8c5a5cf674b272e0fd8e671ab6d5ca","src/test_setup.rs":"e26f290831343cbb4e2b2ec7d1be34c7b900eb8c87abd6f40629372a87b6e992","src/util.rs":"8cdcdc8a120e71a772af61fa63ffa2d2d2eb572d8a53da3b5f1ce9da784f2662","tools/certs/certs.md":"7a1acd946f5bb5b9b21ebd7653ef9d5746a1ea237131a69218a91dc26eda545a","tools/certs/certs.sh":"a06e1a7bf99316c7800e388d20c1630da7449937635600d9f21d8d93907011bf","tools/certs/ee-p256.certspec":"5a7246c0abf1ee08edb858ce2fd38010de7785a0e8652f2d9a0b7eee7aa39213","tools/certs/ee-p256.keyspec":"eabd2839f9e57cf2c372e686e5856cf651d7f07d0d396b3699d1d228b5931945","tools/certs/ee-p384.certspec":"d2e4fdd6d8f02f22bffa800ac2b7f899f5d826528e7b7d3248e1abea15cd33bd","tools/certs/ee-p521.certspec":"7ad1fc3cdf024dfa7213f3a2875af0ccfa2bd73fddcfaf73223aa25b24ee2cad","tools/certs/ee-rsa.certspec":"dd69ecbb1cdf322fb8ef6eb50c2f033b62e7983b5448b96f1965eee8f85b7bde","tools/certs/int-p256.certspec":"b42a2286339455626b9a8b6c0811b031bf269440c6fcef7478796d02c5491364","tools/certs/int-rsa.certspec":"a0942438c72a3ce83b54c04e4a5d4bff08036c2c9feb7d75a7105bfa4fdc5499","tools/certs/root-p256.certspec":"99c1bb07505ddfc3ada5737d8a1bf4cff7b1a70a79abda9fd45fc3a6e72061fc","tools/certs/root-rsa.certspec":"67903313b6058aa98be0d98564577b0c878c868b6f2a8758f27bb7af17616d8e"},"package":"72fa26cb151d3ae4b70f63d67d0fed57ce04220feafafbae7f503bef7aae590d"} \ No newline at end of file
diff --git a/third_party/rust/cose/Cargo.toml b/third_party/rust/cose/Cargo.toml
new file mode 100644
index 0000000000..5251eac5c2
--- /dev/null
+++ b/third_party/rust/cose/Cargo.toml
@@ -0,0 +1,32 @@
+# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO
+#
+# When uploading crates to the registry Cargo will automatically
+# "normalize" Cargo.toml files for maximal compatibility
+# with all versions of Cargo and also rewrite `path` dependencies
+# to registry (e.g. crates.io) dependencies
+#
+# If you believe there's an error in this file please file an
+# issue against the rust-lang/cargo repository. If you're
+# editing this file be aware that the upstream Cargo.toml
+# will likely look very different (and much more reasonable)
+
+[package]
+name = "cose"
+version = "0.1.4"
+authors = ["Franziskus Kiefer <franziskuskiefer@gmail.com>", "David Keeler <dkeeler@mozilla.com>"]
+build = "build.rs"
+description = "Library to use COSE (https://tools.ietf.org/html/rfc8152) in Rust"
+keywords = ["cose", "jose"]
+license = "MPL-2.0"
+repository = "https://github.com/franziskuskiefer/cose-rust"
+
+[lib]
+name = "cose"
+path = "src/cose.rs"
+[dependencies.moz_cbor]
+version = "0.1.0"
+[dev-dependencies.scopeguard]
+version = "0.3"
+
+[features]
+default = []
diff --git a/third_party/rust/cose/LICENSE b/third_party/rust/cose/LICENSE
new file mode 100644
index 0000000000..a612ad9813
--- /dev/null
+++ b/third_party/rust/cose/LICENSE
@@ -0,0 +1,373 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+ means each individual or legal entity that creates, contributes to
+ the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+ means the combination of the Contributions of others (if any) used
+ by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+ means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+ means Source Code Form to which the initial Contributor has attached
+ the notice in Exhibit A, the Executable Form of such Source Code
+ Form, and Modifications of such Source Code Form, in each case
+ including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+ means
+
+ (a) that the initial Contributor has attached the notice described
+ in Exhibit B to the Covered Software; or
+
+ (b) that the Covered Software was made available under the terms of
+ version 1.1 or earlier of the License, but not also under the
+ terms of a Secondary License.
+
+1.6. "Executable Form"
+ means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+ means a work that combines Covered Software with other material, in
+ a separate file or files, that is not Covered Software.
+
+1.8. "License"
+ means this document.
+
+1.9. "Licensable"
+ means having the right to grant, to the maximum extent possible,
+ whether at the time of the initial grant or subsequently, any and
+ all of the rights conveyed by this License.
+
+1.10. "Modifications"
+ means any of the following:
+
+ (a) any file in Source Code Form that results from an addition to,
+ deletion from, or modification of the contents of Covered
+ Software; or
+
+ (b) any new file in Source Code Form that contains any Covered
+ Software.
+
+1.11. "Patent Claims" of a Contributor
+ means any patent claim(s), including without limitation, method,
+ process, and apparatus claims, in any patent Licensable by such
+ Contributor that would be infringed, but for the grant of the
+ License, by the making, using, selling, offering for sale, having
+ made, import, or transfer of either its Contributions or its
+ Contributor Version.
+
+1.12. "Secondary License"
+ means either the GNU General Public License, Version 2.0, the GNU
+ Lesser General Public License, Version 2.1, the GNU Affero General
+ Public License, Version 3.0, or any later versions of those
+ licenses.
+
+1.13. "Source Code Form"
+ means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+ means an individual or a legal entity exercising rights under this
+ License. For legal entities, "You" includes any entity that
+ controls, is controlled by, or is under common control with You. For
+ purposes of this definition, "control" means (a) the power, direct
+ or indirect, to cause the direction or management of such entity,
+ whether by contract or otherwise, or (b) ownership of more than
+ fifty percent (50%) of the outstanding shares or beneficial
+ ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+ Licensable by such Contributor to use, reproduce, make available,
+ modify, display, perform, distribute, and otherwise exploit its
+ Contributions, either on an unmodified basis, with Modifications, or
+ as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+ for sale, have made, import, and otherwise transfer either its
+ Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+ or
+
+(b) for infringements caused by: (i) Your and any other third party's
+ modifications of Covered Software, or (ii) the combination of its
+ Contributions with other software (except as part of its Contributor
+ Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+ its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+ Form, as described in Section 3.1, and You must inform recipients of
+ the Executable Form how they can obtain a copy of such Source Code
+ Form by reasonable means in a timely manner, at a charge no more
+ than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+ License, or sublicense it under different terms, provided that the
+ license for the Executable Form does not attempt to limit or alter
+ the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+* *
+* 6. Disclaimer of Warranty *
+* ------------------------- *
+* *
+* Covered Software is provided under this License on an "as is" *
+* basis, without warranty of any kind, either expressed, implied, or *
+* statutory, including, without limitation, warranties that the *
+* Covered Software is free of defects, merchantable, fit for a *
+* particular purpose or non-infringing. The entire risk as to the *
+* quality and performance of the Covered Software is with You. *
+* Should any Covered Software prove defective in any respect, You *
+* (not any Contributor) assume the cost of any necessary servicing, *
+* repair, or correction. This disclaimer of warranty constitutes an *
+* essential part of this License. No use of any Covered Software is *
+* authorized under this License except under this disclaimer. *
+* *
+************************************************************************
+
+************************************************************************
+* *
+* 7. Limitation of Liability *
+* -------------------------- *
+* *
+* Under no circumstances and under no legal theory, whether tort *
+* (including negligence), contract, or otherwise, shall any *
+* Contributor, or anyone who distributes Covered Software as *
+* permitted above, be liable to You for any direct, indirect, *
+* special, incidental, or consequential damages of any character *
+* including, without limitation, damages for lost profits, loss of *
+* goodwill, work stoppage, computer failure or malfunction, or any *
+* and all other commercial damages or losses, even if such party *
+* shall have been informed of the possibility of such damages. This *
+* limitation of liability shall not apply to liability for death or *
+* personal injury resulting from such party's negligence to the *
+* extent applicable law prohibits such limitation. Some *
+* jurisdictions do not allow the exclusion or limitation of *
+* incidental or consequential damages, so this exclusion and *
+* limitation may not apply to You. *
+* *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+ This Source Code Form is subject to the terms of the Mozilla Public
+ License, v. 2.0. If a copy of the MPL was not distributed with this
+ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+ This Source Code Form is "Incompatible With Secondary Licenses", as
+ defined by the Mozilla Public License, v. 2.0.
diff --git a/third_party/rust/cose/README.md b/third_party/rust/cose/README.md
new file mode 100644
index 0000000000..5540371c01
--- /dev/null
+++ b/third_party/rust/cose/README.md
@@ -0,0 +1,26 @@
+# cose-rust
+
+A Rust library for [COSE](https://tools.ietf.org/html/rfc8152) using [NSS](https://github.com/nss-dev/nss/).
+
+[![Build Status](https://travis-ci.org/franziskuskiefer/cose-rust.svg?branch=master)](https://travis-ci.org/franziskuskiefer/cose-rust/)
+![Maturity Level](https://img.shields.io/badge/maturity-alpha-red.svg)
+
+**THIS IS WORK IN PROGRESS. DO NOT USE YET.**
+
+## Build instructions
+
+If NSS is not installed in the path, use `NSS_LIB_DIR` to set the library path where
+we can find the NSS libraries.
+
+ cargo build
+
+### Run Tests and Examples
+
+To run tests and examples you need NSS in your library path. Tests can be run
+with
+
+ cargo test
+
+and examples with
+
+ cargo run --example sign_verify
diff --git a/third_party/rust/cose/build.rs b/third_party/rust/cose/build.rs
new file mode 100644
index 0000000000..8db7af5ad1
--- /dev/null
+++ b/third_party/rust/cose/build.rs
@@ -0,0 +1,11 @@
+use std::env;
+
+fn main() {
+ // Use NSS_LIB_DIR lazily. If it's not set and we can't find NSS in the path,
+ // the build will fail.
+ #[cfg(test)]
+ let lib_dir = env::var("NSS_LIB_DIR");
+ if let Ok(lib_dir) = env::var("NSS_LIB_DIR") {
+ println!("cargo:rustc-link-search={}", lib_dir);
+ }
+}
diff --git a/third_party/rust/cose/examples/sign_verify/main.rs b/third_party/rust/cose/examples/sign_verify/main.rs
new file mode 100644
index 0000000000..0b356e41bb
--- /dev/null
+++ b/third_party/rust/cose/examples/sign_verify/main.rs
@@ -0,0 +1,259 @@
+extern crate moz_cbor as cbor;
+extern crate cose;
+
+#[macro_use(defer)]
+extern crate scopeguard;
+
+mod nss;
+mod test_nss;
+mod test_setup;
+mod util_test;
+
+use util_test::{sign, verify_signature};
+use test_setup as test;
+use std::str::FromStr;
+use cose::{CoseError, SignatureAlgorithm};
+
+// All keys here are from pykey.py/pycert.py from mozilla-central.
+// Certificates can be generated with tools/certs/certs.sh and mozilla-central.
+
+#[derive(Debug)]
+pub struct SignatureParameters<'a> {
+ certificate: &'a [u8],
+ algorithm: SignatureAlgorithm,
+ pkcs8: &'a [u8],
+}
+
+#[derive(Debug)]
+pub struct Signature<'a> {
+ parameter: &'a SignatureParameters<'a>,
+ signature_bytes: Vec<u8>,
+}
+
+const P256_PARAMS: SignatureParameters = SignatureParameters {
+ certificate: &test::P256_EE,
+ algorithm: SignatureAlgorithm::ES256,
+ pkcs8: &test::PKCS8_P256_EE,
+};
+const P384_PARAMS: SignatureParameters = SignatureParameters {
+ certificate: &test::P384_EE,
+ algorithm: SignatureAlgorithm::ES384,
+ pkcs8: &test::PKCS8_P384_EE,
+};
+const P521_PARAMS: SignatureParameters = SignatureParameters {
+ certificate: &test::P521_EE,
+ algorithm: SignatureAlgorithm::ES512,
+ pkcs8: &test::PKCS8_P521_EE,
+};
+
+fn test_verify(payload: &[u8], cert_chain: &[&[u8]], params_vec: Vec<SignatureParameters>) {
+ test::setup();
+ let cose_signature = sign(payload, cert_chain, &params_vec);
+ assert!(cose_signature.is_ok());
+ let cose_signature = cose_signature.unwrap();
+
+ // Verify signature.
+ assert!(verify_signature(payload, cose_signature).is_ok());
+}
+
+fn test_verify_modified_payload(
+ payload: &mut [u8],
+ cert_chain: &[&[u8]],
+ params_vec: Vec<SignatureParameters>,
+) {
+ test::setup();
+ let cose_signature = sign(payload, cert_chain, &params_vec);
+ assert!(cose_signature.is_ok());
+ let cose_signature = cose_signature.unwrap();
+
+ // Verify signature.
+ payload[0] = !payload[0];
+ let verify_result = verify_signature(payload, cose_signature);
+ assert!(verify_result.is_err());
+ assert_eq!(verify_result, Err(CoseError::VerificationFailed));
+}
+
+fn test_verify_modified_signature(
+ payload: &[u8],
+ cert_chain: &[&[u8]],
+ params_vec: Vec<SignatureParameters>,
+) {
+ test::setup();
+ let cose_signature = sign(payload, cert_chain, &params_vec);
+ assert!(cose_signature.is_ok());
+ let mut cose_signature = cose_signature.unwrap();
+
+ // Tamper with the cose signature.
+ let len = cose_signature.len();
+ cose_signature[len - 15] = !cose_signature[len - 15];
+
+ // Verify signature.
+ let verify_result = verify_signature(payload, cose_signature);
+ assert!(verify_result.is_err());
+ assert_eq!(verify_result, Err(CoseError::VerificationFailed));
+}
+
+// This can be used with inconsistent parameters that make the verification fail.
+// In particular, the signing key does not match the certificate used to verify.
+fn test_verify_verification_fails(
+ payload: &[u8],
+ cert_chain: &[&[u8]],
+ params_vec: Vec<SignatureParameters>,
+) {
+ test::setup();
+ let cose_signature = sign(payload, cert_chain, &params_vec);
+ assert!(cose_signature.is_ok());
+ let cose_signature = cose_signature.unwrap();
+
+ // Verify signature.
+ let verify_result = verify_signature(payload, cose_signature);
+ assert!(verify_result.is_err());
+ assert_eq!(verify_result, Err(CoseError::VerificationFailed));
+}
+
+fn test_cose_sign_verify() {
+ let payload = b"This is the content.";
+
+ // P256
+ let certs: [&[u8]; 2] = [&test::P256_ROOT,
+ &test::P256_INT];
+ let params_vec = vec![P256_PARAMS];
+ test_verify(payload, &certs, params_vec);
+
+ // P256, no other certs.
+ let certs: [&[u8]; 0] = [];
+ let params_vec = vec![P256_PARAMS];
+ test_verify(payload, &certs, params_vec);
+
+ // P384
+ let params_vec = vec![P384_PARAMS];
+ test_verify(payload, &certs, params_vec);
+
+ // P521
+ let params_vec = vec![P521_PARAMS];
+ test_verify(payload, &certs, params_vec);
+}
+
+fn test_cose_verify_xpi_signature() {
+ // This signature was created with sign_app.py from m-c.
+ test::setup();
+ assert!(verify_signature(&test::XPI_PAYLOAD, test::XPI_SIGNATURE.to_vec()).is_ok());
+}
+
+fn test_cose_sign_verify_modified_payload() {
+ let mut payload = String::from_str("This is the content.")
+ .unwrap()
+ .into_bytes();
+ let certs: [&[u8]; 2] = [&test::P256_ROOT,
+ &test::P256_INT];
+ let params_vec = vec![P256_PARAMS];
+ test_verify_modified_payload(&mut payload, &certs, params_vec);
+}
+
+fn test_cose_sign_verify_wrong_cert() {
+ let payload = b"This is the content.";
+ let certs: [&[u8]; 2] = [&test::P256_ROOT,
+ &test::P256_INT];
+ let params = SignatureParameters {
+ certificate: &test::P384_EE,
+ algorithm: SignatureAlgorithm::ES256,
+ pkcs8: &test::PKCS8_P256_EE,
+ };
+ let params_vec = vec![params];
+ test_verify_verification_fails(payload, &certs, params_vec);
+}
+
+fn test_cose_sign_verify_tampered_signature() {
+ let payload = b"This is the content.";
+ let certs: [&[u8]; 2] = [&test::P256_ROOT,
+ &test::P256_INT];
+ let params_vec = vec![P256_PARAMS];
+ test_verify_modified_signature(payload, &certs, params_vec);
+}
+
+const RSA_PARAMS: SignatureParameters = SignatureParameters {
+ certificate: &test::RSA_EE,
+ algorithm: SignatureAlgorithm::PS256,
+ pkcs8: &test::PKCS8_RSA_EE,
+};
+
+fn test_cose_sign_verify_rsa() {
+ let payload = b"This is the RSA-signed content.";
+ let certs: [&[u8]; 2] = [&test::RSA_ROOT,
+ &test::RSA_INT];
+ let params_vec = vec![RSA_PARAMS];
+ test_verify(payload, &certs, params_vec);
+}
+
+fn test_cose_sign_verify_rsa_modified_payload() {
+ let mut payload = String::from_str("This is the RSA-signed content.")
+ .unwrap()
+ .into_bytes();
+ let certs: [&[u8]; 2] = [&test::RSA_ROOT,
+ &test::RSA_INT];
+ let params_vec = vec![RSA_PARAMS];
+ test_verify_modified_payload(&mut payload, &certs, params_vec);
+}
+
+fn test_cose_sign_verify_rsa_tampered_signature() {
+ let payload = b"This is the RSA-signed content.";
+ let certs: [&[u8]; 2] = [&test::RSA_ROOT,
+ &test::RSA_INT];
+ let params_vec = vec![RSA_PARAMS];
+ test_verify_modified_signature(payload, &certs, params_vec);
+}
+
+fn test_cose_sign_verify_two_signatures() {
+ let payload = b"This is the content.";
+ let certs: [&[u8]; 4] = [&test::P256_ROOT,
+ &test::P256_INT,
+ &test::RSA_ROOT,
+ &test::RSA_INT];
+ let params_vec = vec![P256_PARAMS,
+ RSA_PARAMS];
+ test_verify(payload, &certs, params_vec);
+}
+
+fn test_cose_sign_verify_two_signatures_tampered_payload() {
+ let mut payload = String::from_str("This is the content.")
+ .unwrap()
+ .into_bytes();
+ let certs: [&[u8]; 4] = [&test::P256_ROOT,
+ &test::P256_INT,
+ &test::RSA_ROOT,
+ &test::RSA_INT];
+ let params_vec = vec![P256_PARAMS,
+ RSA_PARAMS];
+ test_verify_modified_payload(&mut payload, &certs, params_vec);
+}
+
+fn test_cose_sign_verify_two_signatures_tampered_signature() {
+ let payload = b"This is the content.";
+ let certs: [&[u8]; 4] = [&test::P256_ROOT,
+ &test::P256_INT,
+ &test::RSA_ROOT,
+ &test::RSA_INT];
+ let params_vec = vec![P256_PARAMS,
+ RSA_PARAMS];
+ test_verify_modified_signature(payload, &certs, params_vec);
+}
+
+fn main() {
+ // Basic NSS exmaple usage.
+ test_nss::test_nss_sign_verify();
+ test_nss::test_nss_sign_verify_different_payload();
+ test_nss::test_nss_sign_verify_wrong_cert();
+
+ // COSE sign/verify example usages.
+ test_cose_sign_verify_two_signatures_tampered_signature();
+ test_cose_sign_verify_two_signatures_tampered_payload();
+ test_cose_sign_verify_two_signatures();
+ test_cose_sign_verify_rsa_tampered_signature();
+ test_cose_sign_verify_rsa_modified_payload();
+ test_cose_sign_verify_rsa();
+ test_cose_sign_verify_tampered_signature();
+ test_cose_sign_verify_wrong_cert();
+ test_cose_sign_verify_modified_payload();
+ test_cose_verify_xpi_signature();
+ test_cose_sign_verify();
+}
diff --git a/third_party/rust/cose/examples/sign_verify/nss.rs b/third_party/rust/cose/examples/sign_verify/nss.rs
new file mode 100644
index 0000000000..a5a827ceba
--- /dev/null
+++ b/third_party/rust/cose/examples/sign_verify/nss.rs
@@ -0,0 +1,356 @@
+use std::marker::PhantomData;
+use std::{mem, ptr};
+use std::os::raw;
+use std::os::raw::c_char;
+use cose::SignatureAlgorithm;
+
+type SECItemType = raw::c_uint; // TODO: actually an enum - is this the right size?
+const SI_BUFFER: SECItemType = 0; // called siBuffer in NSS
+
+#[repr(C)]
+struct SECItem {
+ typ: SECItemType,
+ data: *const u8,
+ len: raw::c_uint,
+}
+
+impl SECItem {
+ fn maybe_new(data: &[u8]) -> Result<SECItem, NSSError> {
+ if data.len() > u32::max_value() as usize {
+ return Err(NSSError::InputTooLarge);
+ }
+ Ok(SECItem {
+ typ: SI_BUFFER,
+ data: data.as_ptr(),
+ len: data.len() as u32,
+ })
+ }
+
+ fn maybe_from_parts(data: *const u8, len: usize) -> Result<SECItem, NSSError> {
+ if len > u32::max_value() as usize {
+ return Err(NSSError::InputTooLarge);
+ }
+ Ok(SECItem {
+ typ: SI_BUFFER,
+ data: data,
+ len: len as u32,
+ })
+ }
+}
+
+/// Many NSS APIs take constant data input as SECItems. Some, however, output data as SECItems.
+/// To represent this, we define another type of mutable SECItem.
+#[repr(C)]
+struct SECItemMut<'a> {
+ typ: SECItemType,
+ data: *mut u8,
+ len: raw::c_uint,
+ _marker: PhantomData<&'a mut Vec<u8>>,
+}
+
+impl<'a> SECItemMut<'a> {
+ /// Given a mutable reference to a Vec<u8> that has a particular allocated capacity, create a
+ /// SECItemMut that points to the vec and has the same capacity.
+ /// The input vec is not expected to have any actual contents, and in any case is cleared.
+ fn maybe_from_empty_preallocated_vec(vec: &'a mut Vec<u8>) -> Result<SECItemMut<'a>, NSSError> {
+ if vec.capacity() > u32::max_value() as usize {
+ return Err(NSSError::InputTooLarge);
+ }
+ vec.clear();
+ Ok(SECItemMut {
+ typ: SI_BUFFER,
+ data: vec.as_mut_ptr(),
+ len: vec.capacity() as u32,
+ _marker: PhantomData,
+ })
+ }
+}
+
+#[repr(C)]
+struct CkRsaPkcsPssParams {
+ // Called CK_RSA_PKCS_PSS_PARAMS in NSS
+ hash_alg: CkMechanismType, // Called hashAlg in NSS
+ mgf: CkRsaPkcsMgfType,
+ s_len: raw::c_ulong, // Called sLen in NSS
+}
+
+impl CkRsaPkcsPssParams {
+ fn new() -> CkRsaPkcsPssParams {
+ CkRsaPkcsPssParams {
+ hash_alg: CKM_SHA256,
+ mgf: CKG_MGF1_SHA256,
+ s_len: 32,
+ }
+ }
+
+ fn get_params_item(&self) -> Result<SECItem, NSSError> {
+ // This isn't entirely NSS' fault, but it mostly is.
+ let params_ptr: *const CkRsaPkcsPssParams = self;
+ let params_ptr: *const u8 = params_ptr as *const u8;
+ let params_secitem =
+ SECItem::maybe_from_parts(params_ptr, mem::size_of::<CkRsaPkcsPssParams>())?;
+ Ok(params_secitem)
+ }
+}
+
+type CkMechanismType = raw::c_ulong; // called CK_MECHANISM_TYPE in NSS
+const CKM_ECDSA: CkMechanismType = 0x0000_1041;
+const CKM_RSA_PKCS_PSS: CkMechanismType = 0x0000_000D;
+const CKM_SHA256: CkMechanismType = 0x0000_0250;
+
+type CkRsaPkcsMgfType = raw::c_ulong; // called CK_RSA_PKCS_MGF_TYPE in NSS
+const CKG_MGF1_SHA256: CkRsaPkcsMgfType = 0x0000_0002;
+
+type SECStatus = raw::c_int; // TODO: enum - right size?
+const SEC_SUCCESS: SECStatus = 0; // Called SECSuccess in NSS
+const SEC_FAILURE: SECStatus = -1; // Called SECFailure in NSS
+
+enum SECKEYPublicKey {}
+enum SECKEYPrivateKey {}
+enum PK11SlotInfo {}
+enum CERTCertificate {}
+enum CERTCertDBHandle {}
+
+const SHA256_LENGTH: usize = 32;
+const SHA384_LENGTH: usize = 48;
+const SHA512_LENGTH: usize = 64;
+
+// TODO: ugh this will probably have a platform-specific name...
+#[link(name = "nss3")]
+extern "C" {
+ fn PK11_HashBuf(
+ hashAlg: HashAlgorithm,
+ out: *mut u8,
+ data_in: *const u8, // called "in" in NSS
+ len: raw::c_int,
+ ) -> SECStatus;
+ fn PK11_VerifyWithMechanism(
+ key: *const SECKEYPublicKey,
+ mechanism: CkMechanismType,
+ param: *const SECItem,
+ sig: *const SECItem,
+ hash: *const SECItem,
+ wincx: *const raw::c_void,
+ ) -> SECStatus;
+
+ fn SECKEY_DestroyPublicKey(pubk: *const SECKEYPublicKey);
+
+ fn CERT_GetDefaultCertDB() -> *const CERTCertDBHandle;
+ fn CERT_DestroyCertificate(cert: *mut CERTCertificate);
+ fn CERT_NewTempCertificate(
+ handle: *const CERTCertDBHandle,
+ derCert: *const SECItem,
+ nickname: *const c_char,
+ isperm: bool,
+ copyDER: bool,
+ ) -> *mut CERTCertificate;
+ fn CERT_ExtractPublicKey(cert: *const CERTCertificate) -> *const SECKEYPublicKey;
+
+ fn PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ slot: *mut PK11SlotInfo,
+ derPKI: *const SECItem,
+ nickname: *const SECItem,
+ publicValue: *const SECItem,
+ isPerm: bool,
+ isPrivate: bool,
+ keyUsage: u32,
+ privk: *mut *mut SECKEYPrivateKey,
+ wincx: *const u8,
+ ) -> SECStatus;
+ fn PK11_GetInternalSlot() -> *mut PK11SlotInfo;
+ fn PK11_FreeSlot(slot: *mut PK11SlotInfo);
+ fn PK11_SignatureLen(key: *const SECKEYPrivateKey) -> usize;
+ fn PK11_SignWithMechanism(
+ key: *const SECKEYPrivateKey,
+ mech: CkMechanismType,
+ param: *const SECItem,
+ sig: *mut SECItemMut,
+ hash: *const SECItem,
+ ) -> SECStatus;
+}
+
+/// An error type describing errors that may be encountered during verification.
+#[derive(Debug, PartialEq)]
+pub enum NSSError {
+ ImportCertError,
+ DecodingPKCS8Failed,
+ InputTooLarge,
+ LibraryFailure,
+ SignatureVerificationFailed,
+ SigningFailed,
+ ExtractPublicKeyFailed,
+}
+
+// https://searchfox.org/nss/rev/990c2e793aa731cd66238c6c4f00b9473943bc66/lib/util/secoidt.h#274
+#[derive(Debug, PartialEq, Clone)]
+#[repr(C)]
+enum HashAlgorithm {
+ SHA256 = 191,
+ SHA384 = 192,
+ SHA512 = 193,
+}
+
+fn hash(payload: &[u8], signature_algorithm: &SignatureAlgorithm) -> Result<Vec<u8>, NSSError> {
+ if payload.len() > raw::c_int::max_value() as usize {
+ return Err(NSSError::InputTooLarge);
+ }
+ let (hash_algorithm, digest_length) = match *signature_algorithm {
+ SignatureAlgorithm::ES256 => (HashAlgorithm::SHA256, SHA256_LENGTH),
+ SignatureAlgorithm::ES384 => (HashAlgorithm::SHA384, SHA384_LENGTH),
+ SignatureAlgorithm::ES512 => (HashAlgorithm::SHA512, SHA512_LENGTH),
+ SignatureAlgorithm::PS256 => (HashAlgorithm::SHA256, SHA256_LENGTH),
+ };
+ let mut hash_buf = vec![0; digest_length];
+ let len: raw::c_int = payload.len() as raw::c_int;
+ let hash_result =
+ unsafe { PK11_HashBuf(hash_algorithm, hash_buf.as_mut_ptr(), payload.as_ptr(), len) };
+ if hash_result != SEC_SUCCESS {
+ return Err(NSSError::LibraryFailure);
+ }
+ Ok(hash_buf)
+}
+
+/// Main entrypoint for verification. Given a signature algorithm, the bytes of a subject public key
+/// info, a payload, and a signature over the payload, returns a result based on the outcome of
+/// decoding the subject public key info and running the signature verification algorithm on the
+/// signed data.
+pub fn verify_signature(
+ signature_algorithm: &SignatureAlgorithm,
+ cert: &[u8],
+ payload: &[u8],
+ signature: &[u8],
+) -> Result<(), NSSError> {
+ let slot = unsafe { PK11_GetInternalSlot() };
+ if slot.is_null() {
+ return Err(NSSError::LibraryFailure);
+ }
+ defer!(unsafe {
+ PK11_FreeSlot(slot);
+ });
+
+ let hash_buf = hash(payload, signature_algorithm).unwrap();
+ let hash_item = SECItem::maybe_new(hash_buf.as_slice())?;
+
+ // Import DER cert into NSS.
+ let der_cert = SECItem::maybe_new(cert)?;
+ let db_handle = unsafe { CERT_GetDefaultCertDB() };
+ if db_handle.is_null() {
+ // TODO #28
+ return Err(NSSError::LibraryFailure);
+ }
+ let nss_cert =
+ unsafe { CERT_NewTempCertificate(db_handle, &der_cert, ptr::null(), false, true) };
+ if nss_cert.is_null() {
+ return Err(NSSError::ImportCertError);
+ }
+ defer!(unsafe {
+ CERT_DestroyCertificate(nss_cert);
+ });
+
+ let key = unsafe { CERT_ExtractPublicKey(nss_cert) };
+ if key.is_null() {
+ return Err(NSSError::ExtractPublicKeyFailed);
+ }
+ defer!(unsafe {
+ SECKEY_DestroyPublicKey(key);
+ });
+ let signature_item = SECItem::maybe_new(signature)?;
+ let mechanism = match *signature_algorithm {
+ SignatureAlgorithm::ES256 => CKM_ECDSA,
+ SignatureAlgorithm::ES384 => CKM_ECDSA,
+ SignatureAlgorithm::ES512 => CKM_ECDSA,
+ SignatureAlgorithm::PS256 => CKM_RSA_PKCS_PSS,
+ };
+ let rsa_pss_params = CkRsaPkcsPssParams::new();
+ let rsa_pss_params_item = rsa_pss_params.get_params_item()?;
+ let params_item = match *signature_algorithm {
+ SignatureAlgorithm::ES256 => ptr::null(),
+ SignatureAlgorithm::ES384 => ptr::null(),
+ SignatureAlgorithm::ES512 => ptr::null(),
+ SignatureAlgorithm::PS256 => &rsa_pss_params_item,
+ };
+ let null_cx_ptr: *const raw::c_void = ptr::null();
+ let result = unsafe {
+ PK11_VerifyWithMechanism(
+ key,
+ mechanism,
+ params_item,
+ &signature_item,
+ &hash_item,
+ null_cx_ptr,
+ )
+ };
+ match result {
+ SEC_SUCCESS => Ok(()),
+ SEC_FAILURE => Err(NSSError::SignatureVerificationFailed),
+ _ => Err(NSSError::LibraryFailure),
+ }
+}
+
+pub fn sign(
+ signature_algorithm: &SignatureAlgorithm,
+ pk8: &[u8],
+ payload: &[u8],
+) -> Result<Vec<u8>, NSSError> {
+ let slot = unsafe { PK11_GetInternalSlot() };
+ if slot.is_null() {
+ return Err(NSSError::LibraryFailure);
+ }
+ defer!(unsafe {
+ PK11_FreeSlot(slot);
+ });
+ let pkcs8item = SECItem::maybe_new(pk8)?;
+ let mut key: *mut SECKEYPrivateKey = ptr::null_mut();
+ let ku_all = 0xFF;
+ let rv = unsafe {
+ PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ slot,
+ &pkcs8item,
+ ptr::null(),
+ ptr::null(),
+ false,
+ false,
+ ku_all,
+ &mut key,
+ ptr::null(),
+ )
+ };
+ if rv != SEC_SUCCESS || key.is_null() {
+ return Err(NSSError::DecodingPKCS8Failed);
+ }
+ let mechanism = match *signature_algorithm {
+ SignatureAlgorithm::ES256 => CKM_ECDSA,
+ SignatureAlgorithm::ES384 => CKM_ECDSA,
+ SignatureAlgorithm::ES512 => CKM_ECDSA,
+ SignatureAlgorithm::PS256 => CKM_RSA_PKCS_PSS,
+ };
+ let rsa_pss_params = CkRsaPkcsPssParams::new();
+ let rsa_pss_params_item = rsa_pss_params.get_params_item()?;
+ let params_item = match *signature_algorithm {
+ SignatureAlgorithm::ES256 => ptr::null(),
+ SignatureAlgorithm::ES384 => ptr::null(),
+ SignatureAlgorithm::ES512 => ptr::null(),
+ SignatureAlgorithm::PS256 => &rsa_pss_params_item,
+ };
+ let signature_len = unsafe { PK11_SignatureLen(key) };
+ // Allocate enough space for the signature.
+ let mut signature: Vec<u8> = Vec::with_capacity(signature_len);
+ let hash_buf = hash(payload, signature_algorithm).unwrap();
+ let hash_item = SECItem::maybe_new(hash_buf.as_slice())?;
+ {
+ // Get a mutable SECItem on the preallocated signature buffer. PK11_SignWithMechanism will
+ // fill the SECItem's buf with the bytes of the signature.
+ let mut signature_item = SECItemMut::maybe_from_empty_preallocated_vec(&mut signature)?;
+ let rv = unsafe {
+ PK11_SignWithMechanism(key, mechanism, params_item, &mut signature_item, &hash_item)
+ };
+ if rv != SEC_SUCCESS || signature_item.len as usize != signature_len {
+ return Err(NSSError::SigningFailed);
+ }
+ }
+ unsafe {
+ // Now that the bytes of the signature have been filled out, set its length.
+ signature.set_len(signature_len);
+ }
+ Ok(signature)
+}
diff --git a/third_party/rust/cose/examples/sign_verify/test_nss.rs b/third_party/rust/cose/examples/sign_verify/test_nss.rs
new file mode 100644
index 0000000000..5733aa01e2
--- /dev/null
+++ b/third_party/rust/cose/examples/sign_verify/test_nss.rs
@@ -0,0 +1,65 @@
+use test_setup as test;
+use nss;
+use nss::NSSError;
+use SignatureAlgorithm;
+
+pub fn test_nss_sign_verify() {
+ test::setup();
+ let payload = b"sample";
+
+ // Sign.
+ let signature_result = nss::sign(&SignatureAlgorithm::ES256, &test::PKCS8_P256_EE, payload);
+ assert!(signature_result.is_ok());
+ let signature_result = signature_result.unwrap();
+
+ // Verify the signature.
+ assert!(
+ nss::verify_signature(
+ &SignatureAlgorithm::ES256,
+ &test::P256_EE,
+ payload,
+ &signature_result,
+ ).is_ok()
+ );
+}
+
+pub fn test_nss_sign_verify_different_payload() {
+ test::setup();
+ let payload = b"sample";
+
+ // Sign.
+ let signature_result = nss::sign(&SignatureAlgorithm::ES256, &test::PKCS8_P256_EE, payload);
+ assert!(signature_result.is_ok());
+ let signature_result = signature_result.unwrap();
+
+ // Verify the signature with a different payload.
+ let payload = b"sampli";
+ let verify_result = nss::verify_signature(
+ &SignatureAlgorithm::ES256,
+ &test::P256_EE,
+ payload,
+ &signature_result,
+ );
+ assert!(verify_result.is_err());
+ assert_eq!(verify_result, Err(NSSError::SignatureVerificationFailed));
+}
+
+pub fn test_nss_sign_verify_wrong_cert() {
+ test::setup();
+ let payload = b"sample";
+
+ // Sign.
+ let signature_result = nss::sign(&SignatureAlgorithm::ES256, &test::PKCS8_P256_EE, payload);
+ assert!(signature_result.is_ok());
+ let signature_result = signature_result.unwrap();
+
+ // Verify the signature with a wrong cert.
+ let verify_result = nss::verify_signature(
+ &SignatureAlgorithm::ES256,
+ &test::P384_EE,
+ payload,
+ &signature_result,
+ );
+ assert!(verify_result.is_err());
+ assert_eq!(verify_result, Err(NSSError::SignatureVerificationFailed));
+}
diff --git a/third_party/rust/cose/examples/sign_verify/test_setup.rs b/third_party/rust/cose/examples/sign_verify/test_setup.rs
new file mode 100644
index 0000000000..28ae3c1e1c
--- /dev/null
+++ b/third_party/rust/cose/examples/sign_verify/test_setup.rs
@@ -0,0 +1,625 @@
+use std::os::raw;
+use std::ptr;
+use std::sync::{ONCE_INIT, Once};
+static START: Once = ONCE_INIT;
+
+type SECStatus = raw::c_int;
+const SEC_SUCCESS: SECStatus = 0;
+// TODO: ugh this will probably have a platform-specific name...
+#[link(name = "nss3")]
+extern "C" {
+ fn NSS_NoDB_Init(configdir: *const u8) -> SECStatus;
+}
+
+pub fn setup() {
+ START.call_once(|| {
+ let null_ptr: *const u8 = ptr::null();
+ unsafe {
+ assert_eq!(NSS_NoDB_Init(null_ptr), SEC_SUCCESS);
+ }
+ });
+}
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const PKCS8_P256_EE: [u8; 139] = [
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01,
+ 0x01, 0x04, 0x20, 0x21, 0x91, 0x40, 0x3d, 0x57, 0x10, 0xbf, 0x15,
+ 0xa2, 0x65, 0x81, 0x8c, 0xd4, 0x2e, 0xd6, 0xfe, 0xdf, 0x09, 0xad,
+ 0xd9, 0x2d, 0x78, 0xb1, 0x8e, 0x7a, 0x1e, 0x9f, 0xeb, 0x95, 0x52,
+ 0x47, 0x02, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+ 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87,
+ 0x04, 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92,
+ 0x3f, 0x2c, 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33,
+ 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed,
+ 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3,
+ 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, 0x0a
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const P256_EE: [u8; 300] = [
+ 0x30, 0x82, 0x01, 0x28, 0x30, 0x81, 0xcf, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x14, 0x2f, 0xc3, 0x5f, 0x05, 0x80, 0xb4, 0x49, 0x45, 0x13, 0x92,
+ 0xd6, 0x93, 0xb7, 0x2d, 0x71, 0x19, 0xc5, 0x8c, 0x40, 0x39, 0x30, 0x0a,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x13,
+ 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69,
+ 0x6e, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f, 0x32,
+ 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30,
+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x65, 0x65, 0x2d, 0x70,
+ 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
+ 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb, 0x61, 0xe0,
+ 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2, 0xec, 0x05,
+ 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b,
+ 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d,
+ 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b,
+ 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, 0x30, 0x0a,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48,
+ 0x00, 0x30, 0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50,
+ 0xcd, 0x5d, 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2,
+ 0x73, 0x75, 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70,
+ 0xe6, 0x02, 0x21, 0x00, 0xff, 0x81, 0xbe, 0xa8, 0x0d, 0x03, 0x36, 0x6b,
+ 0x75, 0xe2, 0x70, 0x6a, 0xac, 0x07, 0x2e, 0x4c, 0xdc, 0xf9, 0xc5, 0x89,
+ 0xc1, 0xcf, 0x88, 0xc2, 0xc8, 0x2a, 0x32, 0xf5, 0x42, 0x0c, 0xfa, 0x0b
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const PKCS8_P384_EE: [u8; 185] = [
+ 0x30, 0x81, 0xb6, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22,
+ 0x04, 0x81, 0x9e, 0x30, 0x81, 0x9b, 0x02, 0x01, 0x01, 0x04, 0x30, 0x03,
+ 0x5c, 0x7a, 0x1b, 0x10, 0xd9, 0xfa, 0xfe, 0x83, 0x7b, 0x64, 0xad, 0x92,
+ 0xf2, 0x2f, 0x5c, 0xed, 0x07, 0x89, 0x18, 0x65, 0x38, 0x66, 0x9b, 0x5c,
+ 0x6d, 0x87, 0x2c, 0xec, 0x3d, 0x92, 0x61, 0x22, 0xb3, 0x93, 0x77, 0x2b,
+ 0x57, 0x60, 0x2f, 0xf3, 0x13, 0x65, 0xef, 0xe1, 0x39, 0x32, 0x46, 0xa1,
+ 0x64, 0x03, 0x62, 0x00, 0x04, 0xa1, 0x68, 0x72, 0x43, 0x36, 0x2b, 0x5c,
+ 0x7b, 0x18, 0x89, 0xf3, 0x79, 0x15, 0x46, 0x15, 0xa1, 0xc7, 0x3f, 0xb4,
+ 0x8d, 0xee, 0x86, 0x3e, 0x02, 0x29, 0x15, 0xdb, 0x60, 0x8e, 0x25, 0x2d,
+ 0xe4, 0xb7, 0x13, 0x2d, 0xa8, 0xce, 0x98, 0xe8, 0x31, 0x53, 0x4e, 0x6a,
+ 0x9c, 0x0c, 0x0b, 0x09, 0xc8, 0xd6, 0x39, 0xad, 0xe8, 0x32, 0x06, 0xe5,
+ 0xba, 0x81, 0x34, 0x73, 0xa1, 0x1f, 0xa3, 0x30, 0xe0, 0x5d, 0xa8, 0xc9,
+ 0x6e, 0x43, 0x83, 0xfe, 0x27, 0x87, 0x3d, 0xa9, 0x71, 0x03, 0xbe, 0x28,
+ 0x88, 0xcf, 0xf0, 0x02, 0xf0, 0x5a, 0xf7, 0x1a, 0x1f, 0xdd, 0xcc, 0x83,
+ 0x74, 0xaa, 0x6e, 0xa9, 0xce
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const PKCS8_P521_EE: [u8; 240] = [
+ 0x30, 0x81, 0xed, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23,
+ 0x04, 0x81, 0xd5, 0x30, 0x81, 0xd2, 0x02, 0x01, 0x01, 0x04, 0x42, 0x01,
+ 0x4f, 0x32, 0x84, 0xfa, 0x69, 0x8d, 0xd9, 0xfe, 0x11, 0x18, 0xdd, 0x33,
+ 0x18, 0x51, 0xcd, 0xfa, 0xac, 0x5a, 0x38, 0x29, 0x27, 0x8e, 0xb8, 0x99,
+ 0x48, 0x39, 0xde, 0x94, 0x71, 0xc9, 0x40, 0xb8, 0x58, 0xc6, 0x9d, 0x2d,
+ 0x05, 0xe8, 0xc0, 0x17, 0x88, 0xa7, 0xd0, 0xb6, 0xe2, 0x35, 0xaa, 0x5e,
+ 0x78, 0x3f, 0xc1, 0xbe, 0xe8, 0x07, 0xdc, 0xc3, 0x86, 0x5f, 0x92, 0x0e,
+ 0x12, 0xcf, 0x8f, 0x2d, 0x29, 0xa1, 0x81, 0x88, 0x03, 0x81, 0x85, 0x00,
+ 0x04, 0x18, 0x94, 0x55, 0x0d, 0x07, 0x85, 0x93, 0x2e, 0x00, 0xea, 0xa2,
+ 0x3b, 0x69, 0x4f, 0x21, 0x3f, 0x8c, 0x31, 0x21, 0xf8, 0x6d, 0xc9, 0x7a,
+ 0x04, 0xe5, 0xa7, 0x16, 0x7d, 0xb4, 0xe5, 0xbc, 0xd3, 0x71, 0x12, 0x3d,
+ 0x46, 0xe4, 0x5d, 0xb6, 0xb5, 0xd5, 0x37, 0x0a, 0x7f, 0x20, 0xfb, 0x63,
+ 0x31, 0x55, 0xd3, 0x8f, 0xfa, 0x16, 0xd2, 0xbd, 0x76, 0x1d, 0xca, 0xc4,
+ 0x74, 0xb9, 0xa2, 0xf5, 0x02, 0x3a, 0x40, 0x49, 0x31, 0x01, 0xc9, 0x62,
+ 0xcd, 0x4d, 0x2f, 0xdd, 0xf7, 0x82, 0x28, 0x5e, 0x64, 0x58, 0x41, 0x39,
+ 0xc2, 0xf9, 0x1b, 0x47, 0xf8, 0x7f, 0xf8, 0x23, 0x54, 0xd6, 0x63, 0x0f,
+ 0x74, 0x6a, 0x28, 0xa0, 0xdb, 0x25, 0x74, 0x1b, 0x5b, 0x34, 0xa8, 0x28,
+ 0x00, 0x8b, 0x22, 0xac, 0xc2, 0x3f, 0x92, 0x4f, 0xaa, 0xfb, 0xd4, 0xd3,
+ 0x3f, 0x81, 0xea, 0x66, 0x95, 0x6d, 0xfe, 0xaa, 0x2b, 0xfd, 0xfc, 0xf5
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const P521_EE: [u8; 367] = [
+ 0x30, 0x82, 0x01, 0x6b, 0x30, 0x82, 0x01, 0x12, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x14, 0x49, 0xdb, 0x7d, 0xec, 0x87, 0x2b, 0x95, 0xfc, 0xfb,
+ 0x57, 0xfb, 0xc8, 0xd5, 0x57, 0xb7, 0x3a, 0x10, 0xcc, 0xf1, 0x7a, 0x30,
+ 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30,
+ 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08,
+ 0x69, 0x6e, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+ 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+ 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10,
+ 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x65, 0x65, 0x2d,
+ 0x70, 0x35, 0x32, 0x31, 0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, 0x07, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00,
+ 0x23, 0x03, 0x81, 0x86, 0x00, 0x04, 0x01, 0x4c, 0xdc, 0x9c, 0xac, 0xc4,
+ 0x79, 0x41, 0x09, 0x6b, 0xc9, 0xcc, 0x66, 0x75, 0x2e, 0xc2, 0x7f, 0x59,
+ 0x77, 0x34, 0xfa, 0x66, 0xc6, 0x2b, 0x79, 0x2f, 0x88, 0xc5, 0x19, 0xd6,
+ 0xd3, 0x7f, 0x0d, 0x16, 0xea, 0x1c, 0x48, 0x3a, 0x18, 0x27, 0xa0, 0x10,
+ 0xb9, 0x12, 0x8e, 0x3a, 0x08, 0x07, 0x0c, 0xa3, 0x3e, 0xf5, 0xf5, 0x78,
+ 0x35, 0xb7, 0xc1, 0xba, 0x25, 0x1f, 0x6c, 0xc3, 0x52, 0x1d, 0xc4, 0x2b,
+ 0x01, 0x06, 0x53, 0x45, 0x19, 0x81, 0xb4, 0x45, 0xd3, 0x43, 0xee, 0xd3,
+ 0x78, 0x2a, 0x35, 0xd6, 0xcf, 0xf0, 0xff, 0x48, 0x4f, 0x5a, 0x88, 0x3d,
+ 0x20, 0x9f, 0x1b, 0x90, 0x42, 0xb7, 0x26, 0x70, 0x35, 0x68, 0xb2, 0xf3,
+ 0x26, 0xe1, 0x8b, 0x83, 0x3b, 0xdd, 0x8a, 0xa0, 0x73, 0x43, 0x92, 0xbc,
+ 0xd1, 0x95, 0x01, 0xe1, 0x0d, 0x69, 0x8a, 0x79, 0xf5, 0x3e, 0x11, 0xe0,
+ 0xa2, 0x2b, 0xdd, 0x2a, 0xad, 0x90, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02,
+ 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d, 0x8a, 0xde,
+ 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75, 0x5f, 0x31,
+ 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02, 0x20, 0x35,
+ 0x20, 0x7c, 0xff, 0x51, 0xf6, 0x68, 0xce, 0x1d, 0x00, 0xf9, 0xcc, 0x7f,
+ 0xa7, 0xbc, 0x79, 0x52, 0xea, 0x56, 0xdf, 0xc1, 0x46, 0x7c, 0x0c, 0xa1,
+ 0x2e, 0x32, 0xb1, 0x69, 0x4b, 0x20, 0xc4
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const P384_EE: [u8; 329] = [
+ 0x30, 0x82, 0x01, 0x45, 0x30, 0x81, 0xec, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x14, 0x79, 0xe3, 0x1c, 0x60, 0x97, 0xa4, 0x3c, 0x3b, 0x82, 0x11,
+ 0x42, 0x37, 0xaf, 0x57, 0x05, 0xa8, 0xde, 0xd3, 0x40, 0x58, 0x30, 0x0a,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x13,
+ 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69,
+ 0x6e, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f, 0x32,
+ 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30,
+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x65, 0x65, 0x2d, 0x70,
+ 0x33, 0x38, 0x34, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03,
+ 0x62, 0x00, 0x04, 0xa1, 0x68, 0x72, 0x43, 0x36, 0x2b, 0x5c, 0x7b, 0x18,
+ 0x89, 0xf3, 0x79, 0x15, 0x46, 0x15, 0xa1, 0xc7, 0x3f, 0xb4, 0x8d, 0xee,
+ 0x86, 0x3e, 0x02, 0x29, 0x15, 0xdb, 0x60, 0x8e, 0x25, 0x2d, 0xe4, 0xb7,
+ 0x13, 0x2d, 0xa8, 0xce, 0x98, 0xe8, 0x31, 0x53, 0x4e, 0x6a, 0x9c, 0x0c,
+ 0x0b, 0x09, 0xc8, 0xd6, 0x39, 0xad, 0xe8, 0x32, 0x06, 0xe5, 0xba, 0x81,
+ 0x34, 0x73, 0xa1, 0x1f, 0xa3, 0x30, 0xe0, 0x5d, 0xa8, 0xc9, 0x6e, 0x43,
+ 0x83, 0xfe, 0x27, 0x87, 0x3d, 0xa9, 0x71, 0x03, 0xbe, 0x28, 0x88, 0xcf,
+ 0xf0, 0x02, 0xf0, 0x5a, 0xf7, 0x1a, 0x1f, 0xdd, 0xcc, 0x83, 0x74, 0xaa,
+ 0x6e, 0xa9, 0xce, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x5c, 0x75,
+ 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d, 0x8a, 0xde, 0x20, 0xa3, 0xbc,
+ 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75, 0x5f, 0x31, 0x64, 0xec, 0xfd,
+ 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02, 0x21, 0x00, 0xf3, 0x04, 0x26,
+ 0xf2, 0xfd, 0xbc, 0x89, 0x3f, 0x29, 0x3b, 0x70, 0xbc, 0x72, 0xa6, 0xc2,
+ 0x23, 0xcc, 0x43, 0x4d, 0x84, 0x71, 0xaf, 0x53, 0xe4, 0x4b, 0x3e, 0xc0,
+ 0xbf, 0xe5, 0x68, 0x86, 0x49
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const P256_INT: [u8; 332] = [
+ 0x30, 0x82, 0x01, 0x48, 0x30, 0x81, 0xf0, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x14, 0x43, 0x63, 0x59, 0xad, 0x04, 0x34, 0x56, 0x80,
+ 0x43, 0xec, 0x90, 0x6a, 0xd4, 0x10, 0x64, 0x7c, 0x7f, 0x38, 0x32,
+ 0xe2, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
+ 0x03, 0x02, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32,
+ 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x32, 0x30,
+ 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18,
+ 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e, 0x74, 0x2d,
+ 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf,
+ 0xbb, 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac,
+ 0x87, 0x04, 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e,
+ 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2,
+ 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e,
+ 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07,
+ 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, 0xa3, 0x1d, 0x30, 0x1b,
+ 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
+ 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04,
+ 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44,
+ 0x02, 0x20, 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff,
+ 0xd1, 0x16, 0x4e, 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf,
+ 0x77, 0x5c, 0x93, 0x60, 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d,
+ 0x24, 0x02, 0x20, 0x3d, 0x87, 0x0f, 0xac, 0x22, 0x4d, 0x16, 0xd9,
+ 0xa1, 0x95, 0xbb, 0x56, 0xe0, 0x21, 0x05, 0x93, 0xd1, 0x07, 0xb5,
+ 0x25, 0x3b, 0xf4, 0x57, 0x20, 0x87, 0x13, 0xa2, 0xf7, 0x78, 0x15,
+ 0x30, 0xa7
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const P256_ROOT: [u8; 334] = [
+ 0x30, 0x82, 0x01, 0x4a, 0x30, 0x81, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x14, 0x5f, 0x3f, 0xae, 0x90, 0x49, 0x30, 0x2f, 0x33, 0x6e, 0x95,
+ 0x23, 0xa7, 0xcb, 0x23, 0xd7, 0x65, 0x4f, 0xea, 0x3c, 0xf7, 0x30, 0x0a,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x14,
+ 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72,
+ 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+ 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+ 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x14, 0x31, 0x12,
+ 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f,
+ 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+ 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+ 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+ 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+ 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+ 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+ 0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+ 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30,
+ 0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d,
+ 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75,
+ 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02,
+ 0x21, 0x00, 0xc2, 0xe4, 0xc1, 0xa8, 0xe2, 0x89, 0xdc, 0xa1, 0xbb, 0xe7,
+ 0xd5, 0x4f, 0x5c, 0x88, 0xad, 0xeb, 0xa4, 0x78, 0xa1, 0x19, 0xbe, 0x22,
+ 0x54, 0xc8, 0x9f, 0xef, 0xb8, 0x5d, 0xa2, 0x40, 0xd9, 0x8b
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const PKCS8_RSA_EE: [u8; 1218] = [
+ 0x30, 0x82, 0x04, 0xbe, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+ 0x04, 0xa8, 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xba, 0x88, 0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41, 0xfd,
+ 0x6e, 0xb6, 0x88, 0x06, 0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea, 0xe4,
+ 0x35, 0x4a, 0xb4, 0xec, 0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1, 0xc7,
+ 0x25, 0xa8, 0xe0, 0xd8, 0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e, 0x1a,
+ 0x86, 0xf2, 0x6b, 0xe2, 0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71, 0x08,
+ 0x7a, 0xa5, 0x5a, 0xa7, 0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c, 0x02,
+ 0x7e, 0xcd, 0x43, 0xfc, 0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93, 0xab,
+ 0x20, 0xc3, 0x49, 0xe4, 0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e, 0xed,
+ 0x15, 0x82, 0x0f, 0xf1, 0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02, 0x3a,
+ 0x8b, 0x2a, 0x41, 0xee, 0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd, 0x66,
+ 0x0b, 0x2b, 0xb0, 0x24, 0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79, 0x90,
+ 0xb1, 0x57, 0x90, 0x3d, 0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f, 0xa8,
+ 0x37, 0xd3, 0x88, 0x43, 0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66, 0x5a,
+ 0xaa, 0x7e, 0x02, 0x90, 0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24, 0xcc,
+ 0x1c, 0x6c, 0x97, 0xad, 0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12, 0xc0,
+ 0x75, 0x31, 0xa3, 0x0c, 0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad, 0x1d,
+ 0x25, 0xd3, 0x09, 0xef, 0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3, 0x7b,
+ 0x2f, 0x22, 0x6f, 0x69, 0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee, 0x26,
+ 0xd6, 0x25, 0x9d, 0xab, 0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24, 0x04,
+ 0x2c, 0xbf, 0x16, 0x8b, 0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31, 0xb8,
+ 0xb3, 0xfe, 0x49, 0x23, 0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03, 0xac,
+ 0xda, 0x18, 0x0a, 0x35, 0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+ 0x82, 0x01, 0x01, 0x00, 0x9e, 0xcb, 0xce, 0x38, 0x61, 0xa4, 0x54, 0xec,
+ 0xb1, 0xe0, 0xfe, 0x8f, 0x85, 0xdd, 0x43, 0xc9, 0x2f, 0x58, 0x25, 0xce,
+ 0x2e, 0x99, 0x78, 0x84, 0xd0, 0xe1, 0xa9, 0x49, 0xda, 0xa2, 0xc5, 0xac,
+ 0x55, 0x9b, 0x24, 0x04, 0x50, 0xe5, 0xac, 0x9f, 0xe0, 0xc3, 0xe3, 0x1c,
+ 0x0e, 0xef, 0xa6, 0x52, 0x5a, 0x65, 0xf0, 0xc2, 0x21, 0x94, 0x00, 0x4e,
+ 0xe1, 0xab, 0x46, 0x3d, 0xde, 0x9e, 0xe8, 0x22, 0x87, 0xcc, 0x93, 0xe7,
+ 0x46, 0xa9, 0x19, 0x29, 0xc5, 0xe6, 0xac, 0x3d, 0x88, 0x75, 0x3f, 0x6c,
+ 0x25, 0xba, 0x59, 0x79, 0xe7, 0x3e, 0x5d, 0x8f, 0xb2, 0x39, 0x11, 0x1a,
+ 0x3c, 0xda, 0xb8, 0xa4, 0xb0, 0xcd, 0xf5, 0xf9, 0xca, 0xb0, 0x5f, 0x12,
+ 0x33, 0xa3, 0x83, 0x35, 0xc6, 0x4b, 0x55, 0x60, 0x52, 0x5e, 0x7e, 0x3b,
+ 0x92, 0xad, 0x7c, 0x75, 0x04, 0xcf, 0x1d, 0xc7, 0xcb, 0x00, 0x57, 0x88,
+ 0xaf, 0xcb, 0xe1, 0xe8, 0xf9, 0x5d, 0xf7, 0x40, 0x2a, 0x15, 0x15, 0x30,
+ 0xd5, 0x80, 0x83, 0x46, 0x86, 0x4e, 0xb3, 0x70, 0xaa, 0x79, 0x95, 0x6a,
+ 0x58, 0x78, 0x62, 0xcb, 0x53, 0x37, 0x91, 0x30, 0x7f, 0x70, 0xd9, 0x1c,
+ 0x96, 0xd2, 0x2d, 0x00, 0x1a, 0x69, 0x00, 0x9b, 0x92, 0x3c, 0x68, 0x33,
+ 0x88, 0xc9, 0xf3, 0x6c, 0xb9, 0xb5, 0xeb, 0xe6, 0x43, 0x02, 0x04, 0x1c,
+ 0x78, 0xd9, 0x08, 0x20, 0x6b, 0x87, 0x00, 0x9c, 0xb8, 0xca, 0xba, 0xca,
+ 0xd3, 0xdb, 0xdb, 0x27, 0x92, 0xfb, 0x91, 0x1b, 0x2c, 0xf4, 0xdb, 0x66,
+ 0x03, 0x58, 0x5b, 0xe9, 0xae, 0x0c, 0xa3, 0xb8, 0xe6, 0x41, 0x7a, 0xa0,
+ 0x4b, 0x06, 0xe4, 0x70, 0xea, 0x1a, 0x3b, 0x58, 0x1c, 0xa0, 0x3a, 0x67,
+ 0x81, 0xc9, 0x31, 0x5b, 0x62, 0xb3, 0x0e, 0x60, 0x11, 0xf2, 0x24, 0x72,
+ 0x59, 0x46, 0xee, 0xc5, 0x7c, 0x6d, 0x94, 0x41, 0x02, 0x81, 0x81, 0x00,
+ 0xdd, 0x6e, 0x1d, 0x4f, 0xff, 0xeb, 0xf6, 0x8d, 0x88, 0x9c, 0x4d, 0x11,
+ 0x4c, 0xda, 0xaa, 0x9c, 0xaa, 0x63, 0xa5, 0x93, 0x74, 0x28, 0x6c, 0x8a,
+ 0x5c, 0x29, 0xa7, 0x17, 0xbb, 0xa6, 0x03, 0x75, 0x64, 0x4d, 0x5c, 0xaa,
+ 0x67, 0x4c, 0x4b, 0x8b, 0xc7, 0x32, 0x63, 0x58, 0x64, 0x62, 0x20, 0xe4,
+ 0x55, 0x0d, 0x76, 0x08, 0xac, 0x27, 0xd5, 0x5b, 0x6d, 0xb7, 0x4f, 0x8d,
+ 0x81, 0x27, 0xef, 0x8f, 0xa0, 0x90, 0x98, 0xb6, 0x91, 0x47, 0xde, 0x06,
+ 0x55, 0x73, 0x44, 0x7e, 0x18, 0x3d, 0x22, 0xfe, 0x7d, 0x88, 0x5a, 0xce,
+ 0xb5, 0x13, 0xd9, 0x58, 0x1d, 0xd5, 0xe0, 0x7c, 0x1a, 0x90, 0xf5, 0xce,
+ 0x08, 0x79, 0xde, 0x13, 0x13, 0x71, 0xec, 0xef, 0xc9, 0xce, 0x72, 0xe9,
+ 0xc4, 0x3d, 0xc1, 0x27, 0xd2, 0x38, 0x19, 0x0d, 0xe8, 0x11, 0x77, 0x3c,
+ 0xa5, 0xd1, 0x93, 0x01, 0xf4, 0x8c, 0x74, 0x2b, 0x02, 0x81, 0x81, 0x00,
+ 0xd7, 0xa7, 0x73, 0xd9, 0xeb, 0xc3, 0x80, 0xa7, 0x67, 0xd2, 0xfe, 0xc0,
+ 0x93, 0x4a, 0xd4, 0xe8, 0xb5, 0x66, 0x72, 0x40, 0x77, 0x1a, 0xcd, 0xeb,
+ 0xb5, 0xad, 0x79, 0x6f, 0x47, 0x8f, 0xec, 0x4d, 0x45, 0x98, 0x5e, 0xfb,
+ 0xc9, 0x53, 0x29, 0x68, 0x28, 0x9c, 0x8d, 0x89, 0x10, 0x2f, 0xad, 0xf2,
+ 0x1f, 0x34, 0xe2, 0xdd, 0x49, 0x40, 0xeb, 0xa8, 0xc0, 0x9d, 0x6d, 0x1f,
+ 0x16, 0xdc, 0xc2, 0x97, 0x29, 0x77, 0x4c, 0x43, 0x27, 0x5e, 0x92, 0x51,
+ 0xdd, 0xbe, 0x49, 0x09, 0xe1, 0xfd, 0x3b, 0xf1, 0xe4, 0xbe, 0xdf, 0x46,
+ 0xa3, 0x9b, 0x8b, 0x38, 0x33, 0x28, 0xef, 0x4a, 0xe3, 0xb9, 0x5b, 0x92,
+ 0xf2, 0x07, 0x0a, 0xf2, 0x6c, 0x9e, 0x7c, 0x5c, 0x9b, 0x58, 0x7f, 0xed,
+ 0xde, 0x05, 0xe8, 0xe7, 0xd8, 0x6c, 0xa5, 0x78, 0x86, 0xfb, 0x16, 0x58,
+ 0x10, 0xa7, 0x7b, 0x98, 0x45, 0xbc, 0x31, 0x27, 0x02, 0x81, 0x81, 0x00,
+ 0x96, 0x47, 0x2b, 0x41, 0xa6, 0x10, 0xc0, 0xad, 0xe1, 0xaf, 0x22, 0x66,
+ 0xc1, 0x60, 0x0e, 0x36, 0x71, 0x35, 0x5b, 0xa4, 0x2d, 0x4b, 0x5a, 0x0e,
+ 0xb4, 0xe9, 0xd7, 0xeb, 0x35, 0x81, 0x40, 0x0b, 0xa5, 0xdd, 0x13, 0x2c,
+ 0xdb, 0x1a, 0x5e, 0x93, 0x28, 0xc7, 0xbb, 0xc0, 0xbb, 0xb0, 0x15, 0x5e,
+ 0xa1, 0x92, 0x97, 0x2e, 0xdf, 0x97, 0xd1, 0x27, 0x51, 0xd8, 0xfc, 0xf6,
+ 0xae, 0x57, 0x2a, 0x30, 0xb1, 0xea, 0x30, 0x9a, 0x87, 0x12, 0xdd, 0x4e,
+ 0x33, 0x24, 0x1d, 0xb1, 0xee, 0x45, 0x5f, 0xc0, 0x93, 0xf5, 0xbc, 0x9b,
+ 0x59, 0x2d, 0x75, 0x6e, 0x66, 0x21, 0x47, 0x4f, 0x32, 0xc0, 0x7a, 0xf2,
+ 0x2f, 0xb2, 0x75, 0xd3, 0x40, 0x79, 0x2b, 0x32, 0xba, 0x25, 0x90, 0xbb,
+ 0xb2, 0x61, 0xae, 0xfb, 0x95, 0xa2, 0x58, 0xee, 0xa5, 0x37, 0x65, 0x53,
+ 0x15, 0xbe, 0x9c, 0x24, 0xd1, 0x91, 0x99, 0x2d, 0x02, 0x81, 0x80, 0x28,
+ 0xb4, 0x50, 0xa7, 0xa7, 0x5a, 0x85, 0x64, 0x13, 0xb2, 0xbd, 0xa6, 0xf7,
+ 0xa6, 0x3e, 0x3d, 0x96, 0x4f, 0xb9, 0xec, 0xf5, 0x0e, 0x38, 0x23, 0xef,
+ 0x6c, 0xc8, 0xe8, 0xfa, 0x26, 0xee, 0x41, 0x3f, 0x8b, 0x9d, 0x12, 0x05,
+ 0x54, 0x0f, 0x12, 0xbb, 0xe7, 0xa0, 0xc7, 0x68, 0x28, 0xb7, 0xba, 0x65,
+ 0xad, 0x83, 0xcc, 0xa4, 0xd0, 0xfe, 0x2a, 0x22, 0x01, 0x14, 0xe1, 0xb3,
+ 0x5d, 0x03, 0xd5, 0xa8, 0x5b, 0xfe, 0x27, 0x06, 0xbd, 0x50, 0xfc, 0xe6,
+ 0xcf, 0xcd, 0xd5, 0x71, 0xb4, 0x6c, 0xa6, 0x21, 0xb8, 0xed, 0x47, 0xd6,
+ 0x05, 0xbb, 0xe7, 0x65, 0xb0, 0xaa, 0x4a, 0x06, 0x65, 0xac, 0x25, 0x36,
+ 0x4d, 0xa2, 0x01, 0x54, 0x03, 0x2e, 0x12, 0x04, 0xb8, 0x55, 0x9d, 0x3e,
+ 0x34, 0xfb, 0x5b, 0x17, 0x7c, 0x9a, 0x56, 0xff, 0x93, 0x51, 0x0a, 0x5a,
+ 0x4a, 0x62, 0x87, 0xc1, 0x51, 0xde, 0x2d, 0x02, 0x81, 0x80, 0x28, 0x06,
+ 0x7b, 0x93, 0x55, 0x80, 0x1d, 0x2e, 0xf5, 0x2d, 0xfa, 0x96, 0xd8, 0xad,
+ 0xb5, 0x89, 0x67, 0x3c, 0xf8, 0xee, 0x8a, 0x9c, 0x6f, 0xf7, 0x2a, 0xee,
+ 0xab, 0xe9, 0xef, 0x6b, 0xe5, 0x8a, 0x4f, 0x4a, 0xbf, 0x05, 0xf7, 0x88,
+ 0x94, 0x7d, 0xc8, 0x51, 0xfd, 0xaa, 0x34, 0x54, 0x21, 0x47, 0xa7, 0x1a,
+ 0x24, 0x6b, 0xfb, 0x05, 0x4e, 0xe7, 0x6a, 0xa3, 0x46, 0xab, 0xcd, 0x26,
+ 0x92, 0xcf, 0xc9, 0xe4, 0x4c, 0x51, 0xe6, 0xf0, 0x69, 0xc7, 0x35, 0xe0,
+ 0x73, 0xba, 0x01, 0x9f, 0x6a, 0x72, 0x14, 0x96, 0x1c, 0x91, 0xb2, 0x68,
+ 0x71, 0xca, 0xea, 0xbf, 0x8f, 0x06, 0x44, 0x18, 0xa0, 0x26, 0x90, 0xe3,
+ 0x9a, 0x8d, 0x5f, 0xf3, 0x06, 0x7b, 0x7c, 0xdb, 0x7f, 0x50, 0xb1, 0xf5,
+ 0x34, 0x18, 0xa7, 0x03, 0x96, 0x6c, 0x4f, 0xc7, 0x74, 0xbf, 0x74, 0x02,
+ 0xaf, 0x6c, 0x43, 0x24, 0x7f, 0x43
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const RSA_EE: [u8; 691] = [
+ 0x30, 0x82, 0x02, 0xaf, 0x30, 0x82, 0x01, 0x99, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x14, 0x07, 0x1c, 0x3b, 0x71, 0x08, 0xbe, 0xd7, 0x9f, 0xfd,
+ 0xaf, 0x26, 0xb6, 0x08, 0xa3, 0x99, 0x06, 0x77, 0x69, 0x32, 0x7e, 0x30,
+ 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+ 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+ 0x07, 0x69, 0x6e, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18, 0x0f,
+ 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+ 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x11, 0x31, 0x0f,
+ 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, 0x65, 0x65, 0x2d,
+ 0x72, 0x73, 0x61, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
+ 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
+ 0xba, 0x88, 0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41, 0xfd, 0x6e, 0xb6,
+ 0x88, 0x06, 0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea, 0xe4, 0x35, 0x4a,
+ 0xb4, 0xec, 0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1, 0xc7, 0x25, 0xa8,
+ 0xe0, 0xd8, 0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e, 0x1a, 0x86, 0xf2,
+ 0x6b, 0xe2, 0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71, 0x08, 0x7a, 0xa5,
+ 0x5a, 0xa7, 0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c, 0x02, 0x7e, 0xcd,
+ 0x43, 0xfc, 0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93, 0xab, 0x20, 0xc3,
+ 0x49, 0xe4, 0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e, 0xed, 0x15, 0x82,
+ 0x0f, 0xf1, 0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02, 0x3a, 0x8b, 0x2a,
+ 0x41, 0xee, 0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd, 0x66, 0x0b, 0x2b,
+ 0xb0, 0x24, 0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79, 0x90, 0xb1, 0x57,
+ 0x90, 0x3d, 0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f, 0xa8, 0x37, 0xd3,
+ 0x88, 0x43, 0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66, 0x5a, 0xaa, 0x7e,
+ 0x02, 0x90, 0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24, 0xcc, 0x1c, 0x6c,
+ 0x97, 0xad, 0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12, 0xc0, 0x75, 0x31,
+ 0xa3, 0x0c, 0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad, 0x1d, 0x25, 0xd3,
+ 0x09, 0xef, 0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3, 0x7b, 0x2f, 0x22,
+ 0x6f, 0x69, 0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee, 0x26, 0xd6, 0x25,
+ 0x9d, 0xab, 0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24, 0x04, 0x2c, 0xbf,
+ 0x16, 0x8b, 0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31, 0xb8, 0xb3, 0xfe,
+ 0x49, 0x23, 0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03, 0xac, 0xda, 0x18,
+ 0x0a, 0x35, 0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0b, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82,
+ 0x01, 0x01, 0x00, 0x44, 0x92, 0xbb, 0x8e, 0x83, 0x58, 0x56, 0x2e, 0x7a,
+ 0x86, 0xfa, 0x1d, 0x77, 0x50, 0x3f, 0x45, 0x8d, 0x90, 0xc4, 0x62, 0x27,
+ 0x21, 0x96, 0x5a, 0xef, 0x51, 0x78, 0xd7, 0x7d, 0x0d, 0x02, 0x2d, 0x5a,
+ 0x0e, 0x3c, 0x82, 0x6f, 0x1d, 0x92, 0x87, 0xd5, 0x1a, 0x44, 0xae, 0xa7,
+ 0x92, 0xd1, 0x8b, 0xfa, 0x16, 0x53, 0x7f, 0xa3, 0x22, 0x96, 0x1a, 0x51,
+ 0x8c, 0xeb, 0xa1, 0xe6, 0xf6, 0x37, 0x11, 0xfe, 0x7d, 0x53, 0x3f, 0xae,
+ 0xf0, 0x6b, 0xb9, 0xb1, 0x7a, 0x73, 0x07, 0x14, 0xcf, 0x04, 0x05, 0x93,
+ 0x9e, 0xe3, 0xd2, 0x4d, 0x9d, 0x6d, 0x35, 0x68, 0xf9, 0x36, 0xe5, 0x10,
+ 0x0a, 0x36, 0xd9, 0x48, 0xb0, 0x83, 0xd0, 0xb9, 0x58, 0x74, 0x53, 0xb3,
+ 0xbc, 0x99, 0xab, 0xe1, 0x3e, 0xd5, 0x01, 0x8e, 0xcf, 0x3a, 0x69, 0x93,
+ 0x9e, 0xa7, 0x88, 0xd4, 0xad, 0x95, 0xf9, 0x2a, 0xb4, 0x7f, 0x95, 0x97,
+ 0x86, 0x50, 0x38, 0xb1, 0x04, 0x0a, 0xe4, 0x7a, 0xd5, 0x2d, 0x6c, 0xde,
+ 0x3e, 0x1a, 0x47, 0x17, 0x88, 0x63, 0x20, 0x9d, 0x21, 0x3e, 0x0c, 0x6f,
+ 0xfd, 0x20, 0x54, 0xd0, 0x67, 0xd2, 0x6b, 0x06, 0xfe, 0x60, 0x13, 0x42,
+ 0x3d, 0xb7, 0xca, 0xcb, 0xab, 0x7b, 0x5f, 0x5d, 0x01, 0x56, 0xd3, 0x99,
+ 0x80, 0x0f, 0xde, 0x7f, 0x3a, 0x61, 0x9c, 0xd3, 0x6b, 0x5e, 0xfe, 0xb5,
+ 0xfc, 0x39, 0x8b, 0x8e, 0xf0, 0x8c, 0x8b, 0x65, 0x46, 0x45, 0xff, 0x47,
+ 0x8f, 0xd4, 0xdd, 0xae, 0xc9, 0x72, 0xc7, 0x7f, 0x28, 0x86, 0xf1, 0xf7,
+ 0x6e, 0xcb, 0x86, 0x03, 0xeb, 0x0c, 0x46, 0xe5, 0xa0, 0x6b, 0xef, 0xd4,
+ 0x5e, 0xa4, 0x0f, 0x53, 0xe1, 0xbc, 0xb4, 0xc9, 0x37, 0x0e, 0x75, 0xdd,
+ 0x93, 0xe8, 0x0f, 0x18, 0x0a, 0x02, 0x83, 0x17, 0x74, 0xbb, 0x1a, 0x42,
+ 0x5b, 0x63, 0x2c, 0x80, 0x80, 0xa6, 0x84
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const RSA_INT: [u8; 724] = [
+ 0x30, 0x82, 0x02, 0xd0, 0x30, 0x82, 0x01, 0xba, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x14, 0x07, 0x10, 0xaf, 0xc4, 0x1a, 0x3a, 0x56, 0x4f, 0xd8,
+ 0xc2, 0xcc, 0x46, 0xd7, 0x5b, 0xdf, 0x1c, 0x4e, 0x2f, 0x49, 0x3a, 0x30,
+ 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+ 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+ 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18,
+ 0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+ 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31,
+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x69, 0x6e,
+ 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
+ 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xba, 0x88, 0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41, 0xfd,
+ 0x6e, 0xb6, 0x88, 0x06, 0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea, 0xe4,
+ 0x35, 0x4a, 0xb4, 0xec, 0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1, 0xc7,
+ 0x25, 0xa8, 0xe0, 0xd8, 0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e, 0x1a,
+ 0x86, 0xf2, 0x6b, 0xe2, 0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71, 0x08,
+ 0x7a, 0xa5, 0x5a, 0xa7, 0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c, 0x02,
+ 0x7e, 0xcd, 0x43, 0xfc, 0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93, 0xab,
+ 0x20, 0xc3, 0x49, 0xe4, 0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e, 0xed,
+ 0x15, 0x82, 0x0f, 0xf1, 0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02, 0x3a,
+ 0x8b, 0x2a, 0x41, 0xee, 0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd, 0x66,
+ 0x0b, 0x2b, 0xb0, 0x24, 0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79, 0x90,
+ 0xb1, 0x57, 0x90, 0x3d, 0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f, 0xa8,
+ 0x37, 0xd3, 0x88, 0x43, 0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66, 0x5a,
+ 0xaa, 0x7e, 0x02, 0x90, 0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24, 0xcc,
+ 0x1c, 0x6c, 0x97, 0xad, 0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12, 0xc0,
+ 0x75, 0x31, 0xa3, 0x0c, 0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad, 0x1d,
+ 0x25, 0xd3, 0x09, 0xef, 0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3, 0x7b,
+ 0x2f, 0x22, 0x6f, 0x69, 0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee, 0x26,
+ 0xd6, 0x25, 0x9d, 0xab, 0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24, 0x04,
+ 0x2c, 0xbf, 0x16, 0x8b, 0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31, 0xb8,
+ 0xb3, 0xfe, 0x49, 0x23, 0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03, 0xac,
+ 0xda, 0x18, 0x0a, 0x35, 0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
+ 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05,
+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f,
+ 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00,
+ 0x5e, 0xba, 0x69, 0x55, 0x9f, 0xf8, 0xeb, 0x16, 0x21, 0x98, 0xde, 0xb7,
+ 0x31, 0x3e, 0x66, 0xe1, 0x3b, 0x0c, 0x29, 0xf7, 0x48, 0x73, 0x05, 0xd9,
+ 0xce, 0x5e, 0x4c, 0xbe, 0x03, 0xc4, 0x51, 0xd6, 0x21, 0x92, 0x40, 0x38,
+ 0xaa, 0x5b, 0x28, 0xb5, 0xa1, 0x10, 0x52, 0x57, 0xff, 0x91, 0x54, 0x82,
+ 0x86, 0x9e, 0x74, 0xd5, 0x3d, 0x82, 0x29, 0xee, 0xd1, 0xcf, 0x93, 0xb1,
+ 0x24, 0x76, 0xbb, 0x95, 0x41, 0x06, 0x7e, 0x40, 0x9b, 0xb4, 0xab, 0x44,
+ 0x34, 0x10, 0x8f, 0xb1, 0x51, 0x6f, 0xc0, 0x89, 0xd1, 0xa3, 0xc4, 0x9f,
+ 0xb3, 0x48, 0xe1, 0xcd, 0x73, 0xad, 0xff, 0x42, 0x5f, 0x76, 0x05, 0x60,
+ 0xc5, 0xe0, 0x45, 0x79, 0x18, 0xa1, 0x19, 0xb8, 0xa7, 0x3a, 0x64, 0xb3,
+ 0x19, 0xba, 0x14, 0xa1, 0xb5, 0xdc, 0x32, 0xec, 0x09, 0x39, 0x58, 0x54,
+ 0x5b, 0x04, 0xdc, 0x1b, 0x66, 0x0d, 0x1d, 0x0d, 0xce, 0x7f, 0xfa, 0x24,
+ 0x52, 0x6a, 0xad, 0xe2, 0xc8, 0x30, 0xaf, 0xf2, 0xaf, 0x63, 0xc5, 0xe2,
+ 0xbf, 0xe2, 0x20, 0x1b, 0x9e, 0xf9, 0x3d, 0xbc, 0xfb, 0x04, 0x8e, 0xda,
+ 0x7a, 0x1a, 0x5d, 0xd3, 0x13, 0xd7, 0x00, 0x8e, 0x9b, 0x5d, 0x85, 0x51,
+ 0xda, 0xd3, 0x91, 0x25, 0xf5, 0x67, 0x85, 0x3e, 0x25, 0x89, 0x5e, 0xcb,
+ 0x89, 0x8a, 0xec, 0x8a, 0xde, 0x8b, 0xf4, 0x33, 0x5f, 0x76, 0xdb, 0x3d,
+ 0xfc, 0x6a, 0x05, 0x21, 0x43, 0xb2, 0x41, 0xd8, 0x33, 0x8d, 0xfd, 0x05,
+ 0x5c, 0x22, 0x0a, 0xf6, 0x90, 0x65, 0x9c, 0x4f, 0x8c, 0x44, 0x9f, 0x2d,
+ 0xca, 0xf3, 0x49, 0x9c, 0x3a, 0x14, 0x88, 0xab, 0xe4, 0xce, 0xb7, 0xbc,
+ 0x95, 0x22, 0x2e, 0xb1, 0x82, 0x4c, 0xbf, 0x83, 0x3e, 0x49, 0x72, 0x03,
+ 0x2a, 0x68, 0xe7, 0x2d, 0xe5, 0x2d, 0x4b, 0x61, 0xb0, 0x8d, 0x0d, 0x0c,
+ 0x87, 0xc6, 0x5c, 0x51
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const RSA_ROOT: [u8; 725] = [
+ 0x30, 0x82, 0x02, 0xd1, 0x30, 0x82, 0x01, 0xbb, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x14, 0x29, 0x6c, 0x1a, 0xd8, 0x20, 0xcd, 0x74, 0x6d, 0x4b,
+ 0x00, 0xf3, 0x16, 0x88, 0xd9, 0x66, 0x87, 0x5f, 0x28, 0x56, 0x6a, 0x30,
+ 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+ 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+ 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x22, 0x18,
+ 0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+ 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31,
+ 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x72, 0x6f,
+ 0x6f, 0x74, 0x2d, 0x72, 0x73, 0x61, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
+ 0x01, 0x01, 0x00, 0xba, 0x88, 0x51, 0xa8, 0x44, 0x8e, 0x16, 0xd6, 0x41,
+ 0xfd, 0x6e, 0xb6, 0x88, 0x06, 0x36, 0x10, 0x3d, 0x3c, 0x13, 0xd9, 0xea,
+ 0xe4, 0x35, 0x4a, 0xb4, 0xec, 0xf5, 0x68, 0x57, 0x6c, 0x24, 0x7b, 0xc1,
+ 0xc7, 0x25, 0xa8, 0xe0, 0xd8, 0x1f, 0xbd, 0xb1, 0x9c, 0x06, 0x9b, 0x6e,
+ 0x1a, 0x86, 0xf2, 0x6b, 0xe2, 0xaf, 0x5a, 0x75, 0x6b, 0x6a, 0x64, 0x71,
+ 0x08, 0x7a, 0xa5, 0x5a, 0xa7, 0x45, 0x87, 0xf7, 0x1c, 0xd5, 0x24, 0x9c,
+ 0x02, 0x7e, 0xcd, 0x43, 0xfc, 0x1e, 0x69, 0xd0, 0x38, 0x20, 0x29, 0x93,
+ 0xab, 0x20, 0xc3, 0x49, 0xe4, 0xdb, 0xb9, 0x4c, 0xc2, 0x6b, 0x6c, 0x0e,
+ 0xed, 0x15, 0x82, 0x0f, 0xf1, 0x7e, 0xad, 0x69, 0x1a, 0xb1, 0xd3, 0x02,
+ 0x3a, 0x8b, 0x2a, 0x41, 0xee, 0xa7, 0x70, 0xe0, 0x0f, 0x0d, 0x8d, 0xfd,
+ 0x66, 0x0b, 0x2b, 0xb0, 0x24, 0x92, 0xa4, 0x7d, 0xb9, 0x88, 0x61, 0x79,
+ 0x90, 0xb1, 0x57, 0x90, 0x3d, 0xd2, 0x3b, 0xc5, 0xe0, 0xb8, 0x48, 0x1f,
+ 0xa8, 0x37, 0xd3, 0x88, 0x43, 0xef, 0x27, 0x16, 0xd8, 0x55, 0xb7, 0x66,
+ 0x5a, 0xaa, 0x7e, 0x02, 0x90, 0x2f, 0x3a, 0x7b, 0x10, 0x80, 0x06, 0x24,
+ 0xcc, 0x1c, 0x6c, 0x97, 0xad, 0x96, 0x61, 0x5b, 0xb7, 0xe2, 0x96, 0x12,
+ 0xc0, 0x75, 0x31, 0xa3, 0x0c, 0x91, 0xdd, 0xb4, 0xca, 0xf7, 0xfc, 0xad,
+ 0x1d, 0x25, 0xd3, 0x09, 0xef, 0xb9, 0x17, 0x0e, 0xa7, 0x68, 0xe1, 0xb3,
+ 0x7b, 0x2f, 0x22, 0x6f, 0x69, 0xe3, 0xb4, 0x8a, 0x95, 0x61, 0x1d, 0xee,
+ 0x26, 0xd6, 0x25, 0x9d, 0xab, 0x91, 0x08, 0x4e, 0x36, 0xcb, 0x1c, 0x24,
+ 0x04, 0x2c, 0xbf, 0x16, 0x8b, 0x2f, 0xe5, 0xf1, 0x8f, 0x99, 0x17, 0x31,
+ 0xb8, 0xb3, 0xfe, 0x49, 0x23, 0xfa, 0x72, 0x51, 0xc4, 0x31, 0xd5, 0x03,
+ 0xac, 0xda, 0x18, 0x0a, 0x35, 0xed, 0x8d, 0x02, 0x03, 0x01, 0x00, 0x01,
+ 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d,
+ 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0b, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01,
+ 0x00, 0x23, 0x2f, 0x9f, 0x72, 0xeb, 0x70, 0x6d, 0x9e, 0x3e, 0x9f, 0xd7,
+ 0x9c, 0xd9, 0x19, 0x7c, 0x99, 0x07, 0xc5, 0x5c, 0x9d, 0xf5, 0x66, 0x9f,
+ 0x28, 0x8d, 0xfe, 0x0e, 0x3f, 0x38, 0x75, 0xed, 0xee, 0x4e, 0x3f, 0xf6,
+ 0x6e, 0x35, 0xe0, 0x95, 0x3f, 0x08, 0x4a, 0x71, 0x5a, 0xf2, 0x4f, 0xc9,
+ 0x96, 0x61, 0x8d, 0x45, 0x4b, 0x97, 0x85, 0xff, 0xb0, 0xe3, 0xbb, 0xb5,
+ 0xd7, 0x7e, 0xfb, 0xd2, 0xfc, 0xec, 0xfe, 0x42, 0x9f, 0x4e, 0x7b, 0xbf,
+ 0x97, 0xbb, 0xb4, 0x3a, 0x93, 0x0b, 0x13, 0x61, 0x90, 0x0c, 0x3a, 0xce,
+ 0xf7, 0x8e, 0xef, 0x80, 0xf5, 0x4a, 0x92, 0xc5, 0xa5, 0x03, 0x78, 0xc2,
+ 0xee, 0xb8, 0x66, 0x60, 0x6b, 0x76, 0x4f, 0x32, 0x5a, 0x1a, 0xa2, 0x4b,
+ 0x7e, 0x2b, 0xa6, 0x1a, 0x89, 0x01, 0xe3, 0xbb, 0x55, 0x13, 0x7c, 0x4c,
+ 0xf4, 0x6a, 0x99, 0x94, 0xd1, 0xa0, 0x84, 0x1c, 0x1a, 0xc2, 0x7b, 0xb4,
+ 0xa0, 0xb0, 0x3b, 0xdc, 0x5a, 0x7b, 0xc7, 0xe0, 0x44, 0xb2, 0x1f, 0x46,
+ 0xd5, 0x8b, 0x39, 0x8b, 0xdc, 0x9e, 0xce, 0xa8, 0x7f, 0x85, 0x1d, 0x4b,
+ 0x63, 0x06, 0x1e, 0x8e, 0xe5, 0xe5, 0x99, 0xd9, 0xf7, 0x4d, 0x89, 0x0b,
+ 0x1d, 0x5c, 0x27, 0x33, 0x66, 0x21, 0xcf, 0x9a, 0xbd, 0x98, 0x68, 0x23,
+ 0x3a, 0x66, 0x9d, 0xd4, 0x46, 0xed, 0x63, 0x58, 0xf3, 0x42, 0xe4, 0x1d,
+ 0xe2, 0x47, 0x65, 0x13, 0x8d, 0xd4, 0x1f, 0x4b, 0x7e, 0xde, 0x11, 0x56,
+ 0xf8, 0x6d, 0x01, 0x0c, 0x99, 0xbd, 0x8d, 0xca, 0x8a, 0x2e, 0xe3, 0x8a,
+ 0x9c, 0x3d, 0x83, 0x8d, 0x69, 0x62, 0x8d, 0x05, 0xea, 0xb7, 0xf5, 0xa3,
+ 0x4b, 0xfc, 0x96, 0xcf, 0x18, 0x21, 0x0a, 0xc7, 0xf3, 0x23, 0x7e, 0x1c,
+ 0xab, 0xe2, 0xa2, 0xd1, 0x83, 0xc4, 0x25, 0x93, 0x37, 0x80, 0xca, 0xda,
+ 0xf0, 0xef, 0x7d, 0x94, 0xb5
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const XPI_SIGNATURE: [u8; 646] = [
+ 0xd8, 0x62, 0x84, 0x43, 0xa1, 0x04, 0x80, 0xa0, 0xf6, 0x81, 0x83, 0x59,
+ 0x02, 0x35, 0xa2, 0x01, 0x26, 0x04, 0x59, 0x02, 0x2e, 0x30, 0x82, 0x02,
+ 0x2a, 0x30, 0x82, 0x01, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14,
+ 0x17, 0x03, 0x6b, 0xc1, 0xfe, 0xb4, 0x38, 0xe1, 0x83, 0x8f, 0xe5, 0xa7,
+ 0xca, 0xf1, 0x54, 0x32, 0x4c, 0x8b, 0xf3, 0x05, 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
+ 0x29, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e,
+ 0x78, 0x70, 0x63, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x20, 0x73, 0x69, 0x67,
+ 0x6e, 0x65, 0x64, 0x20, 0x61, 0x70, 0x70, 0x73, 0x20, 0x74, 0x65, 0x73,
+ 0x74, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30,
+ 0x31, 0x35, 0x31, 0x31, 0x32, 0x38, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x38, 0x30, 0x32, 0x30, 0x35, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x27,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x20, 0x78, 0x70, 0x63, 0x73,
+ 0x68, 0x65, 0x6c, 0x6c, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x20,
+ 0x61, 0x70, 0x70, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x73, 0x69, 0x67,
+ 0x6e, 0x65, 0x72, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
+ 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb, 0x61, 0xe0,
+ 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2, 0xec, 0x05,
+ 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b,
+ 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d,
+ 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b,
+ 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, 0xa3, 0x0f,
+ 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03,
+ 0x02, 0x07, 0x80, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4f,
+ 0x5c, 0xcb, 0x1d, 0xea, 0x71, 0x58, 0xfe, 0xe2, 0x49, 0x11, 0x16, 0x65,
+ 0xbc, 0x23, 0x6d, 0xda, 0x46, 0x7e, 0x98, 0x93, 0x5d, 0x48, 0x2a, 0xa0,
+ 0xbb, 0x7f, 0x4e, 0xbd, 0x01, 0x0a, 0x1a, 0x30, 0xff, 0xce, 0x03, 0xf5,
+ 0x9c, 0xd9, 0x84, 0x69, 0x7a, 0x5a, 0xe3, 0x43, 0xd2, 0xd4, 0xbc, 0xab,
+ 0x4d, 0x17, 0x8f, 0x10, 0x6a, 0xcf, 0xde, 0x17, 0x1d, 0x7d, 0x16, 0x03,
+ 0x7e, 0x21, 0xf0, 0x32, 0x02, 0x89, 0x67, 0x32, 0x5a, 0xfe, 0xd5, 0xd9,
+ 0x31, 0x53, 0xdc, 0xd7, 0xba, 0x2a, 0x9f, 0xd3, 0x59, 0x8d, 0x61, 0xb9,
+ 0x6e, 0xf7, 0x6e, 0x86, 0x61, 0xdd, 0xfd, 0xe1, 0x73, 0xfe, 0xef, 0x9d,
+ 0xe9, 0x99, 0x9e, 0x51, 0xe8, 0x5d, 0xf7, 0x48, 0x77, 0x8e, 0xc6, 0xe8,
+ 0x53, 0x05, 0x7b, 0x5c, 0x2c, 0x28, 0xe7, 0x0a, 0x07, 0xbf, 0xea, 0xc1,
+ 0x06, 0x11, 0x0d, 0xe7, 0x60, 0xd0, 0x79, 0x94, 0xe9, 0x26, 0xf1, 0x93,
+ 0x71, 0x7b, 0x5b, 0x02, 0x3b, 0x5d, 0x51, 0xb8, 0x19, 0x38, 0x16, 0xab,
+ 0x48, 0x30, 0xf3, 0xec, 0xd9, 0xd5, 0x8f, 0xc7, 0x9a, 0x02, 0xfd, 0x12,
+ 0x57, 0x82, 0x0e, 0xde, 0xce, 0xfc, 0x50, 0x42, 0x2a, 0x41, 0xc7, 0xc6,
+ 0xa8, 0x80, 0x37, 0x7c, 0xc4, 0x47, 0xad, 0xf5, 0xd8, 0xcb, 0xe8, 0xae,
+ 0x0c, 0x01, 0x80, 0x60, 0x35, 0x93, 0x0a, 0x21, 0x81, 0x33, 0xd1, 0xd6,
+ 0x6a, 0x1b, 0xe7, 0xb6, 0xd9, 0x91, 0x50, 0xc2, 0xbd, 0x16, 0xda, 0xb7,
+ 0x68, 0x60, 0xf2, 0x20, 0xaa, 0x72, 0x8c, 0x76, 0x0a, 0x54, 0x7a, 0x05,
+ 0xd8, 0xa1, 0xcd, 0xe9, 0x07, 0x8a, 0x02, 0x07, 0x4b, 0x87, 0x7d, 0xb5,
+ 0x27, 0xca, 0x38, 0xb3, 0x30, 0xaf, 0x97, 0xe0, 0xb7, 0x35, 0x14, 0x08,
+ 0xab, 0x01, 0xb0, 0x14, 0x08, 0x5c, 0x4b, 0xfb, 0x76, 0x0a, 0x95, 0xfc,
+ 0xb4, 0xb8, 0x34, 0xa0, 0x58, 0x40, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11,
+ 0x50, 0xcd, 0x5d, 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff,
+ 0xb2, 0x73, 0x75, 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a,
+ 0x70, 0xe6, 0x82, 0x02, 0x0a, 0xe8, 0x69, 0x13, 0xd5, 0xf4, 0x1b, 0xab,
+ 0xb6, 0xbb, 0x59, 0x93, 0x08, 0x48, 0x68, 0x9c, 0xbd, 0x72, 0xc7, 0xcb,
+ 0x37, 0xde, 0x26, 0xbc, 0xe9, 0x83, 0x0e, 0xd8, 0x90, 0xa3
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const XPI_PAYLOAD: [u8; 236] = [
+ 0x4E, 0x61, 0x6D, 0x65, 0x3A, 0x20, 0x6D, 0x61, 0x6E, 0x69, 0x66, 0x65,
+ 0x73, 0x74, 0x2E, 0x6A, 0x73, 0x6F, 0x6E, 0x0A, 0x53, 0x48, 0x41, 0x32,
+ 0x35, 0x36, 0x2D, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x3A, 0x20, 0x42,
+ 0x54, 0x6E, 0x43, 0x70, 0x54, 0x31, 0x35, 0x34, 0x4E, 0x32, 0x36, 0x52,
+ 0x5A, 0x6D, 0x38, 0x62, 0x68, 0x64, 0x44, 0x34, 0x33, 0x57, 0x58, 0x64,
+ 0x30, 0x74, 0x6A, 0x35, 0x62, 0x67, 0x36, 0x6F, 0x66, 0x4D, 0x31, 0x39,
+ 0x4E, 0x4C, 0x49, 0x30, 0x4F, 0x45, 0x3D, 0x0A, 0x0A, 0x4E, 0x61, 0x6D,
+ 0x65, 0x3A, 0x20, 0x52, 0x45, 0x41, 0x44, 0x4D, 0x45, 0x0A, 0x53, 0x48,
+ 0x41, 0x32, 0x35, 0x36, 0x2D, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x3A,
+ 0x20, 0x62, 0x59, 0x30, 0x6C, 0x39, 0x78, 0x71, 0x47, 0x4A, 0x59, 0x43,
+ 0x70, 0x71, 0x59, 0x65, 0x4A, 0x30, 0x4B, 0x36, 0x71, 0x34, 0x44, 0x57,
+ 0x55, 0x51, 0x71, 0x75, 0x30, 0x6D, 0x4E, 0x42, 0x46, 0x4D, 0x34, 0x48,
+ 0x34, 0x65, 0x6D, 0x68, 0x6A, 0x69, 0x4A, 0x67, 0x3D, 0x0A, 0x0A, 0x4E,
+ 0x61, 0x6D, 0x65, 0x3A, 0x20, 0x64, 0x61, 0x74, 0x61, 0x2F, 0x69, 0x6D,
+ 0x61, 0x67, 0x65, 0x2E, 0x70, 0x6E, 0x67, 0x0A, 0x53, 0x48, 0x41, 0x32,
+ 0x35, 0x36, 0x2D, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x3A, 0x20, 0x45,
+ 0x50, 0x6A, 0x6B, 0x4E, 0x5A, 0x77, 0x79, 0x61, 0x39, 0x58, 0x2B, 0x70,
+ 0x72, 0x75, 0x4C, 0x6C, 0x78, 0x47, 0x2B, 0x46, 0x41, 0x43, 0x4C, 0x77,
+ 0x47, 0x43, 0x34, 0x38, 0x58, 0x55, 0x34, 0x53, 0x39, 0x6F, 0x5A, 0x4F,
+ 0x41, 0x30, 0x6C, 0x56, 0x56, 0x51, 0x3D, 0x0A
+];
diff --git a/third_party/rust/cose/examples/sign_verify/util_test.rs b/third_party/rust/cose/examples/sign_verify/util_test.rs
new file mode 100644
index 0000000000..c4dd26091a
--- /dev/null
+++ b/third_party/rust/cose/examples/sign_verify/util_test.rs
@@ -0,0 +1,194 @@
+/// We don't need COSE signing at the moment. But we need to generate test files.
+/// This module implements basic COSE signing.
+use nss;
+use {CoseError, Signature, SignatureAlgorithm, SignatureParameters};
+use std::collections::BTreeMap;
+use cbor::CborType;
+use cose::util::get_sig_struct_bytes;
+use cose::decoder::decode_signature;
+use cose::decoder::{COSE_TYPE_ES256, COSE_TYPE_ES384, COSE_TYPE_ES512, COSE_TYPE_PS256};
+
+/// Converts a `SignatureAlgorithm` to its corresponding `CborType`.
+/// See RFC 8152 section 8.1 and RFC 8230 section 5.1.
+pub fn signature_type_to_cbor_value(signature_type: &SignatureAlgorithm) -> CborType {
+ CborType::SignedInteger(match signature_type {
+ &SignatureAlgorithm::ES256 => COSE_TYPE_ES256,
+ &SignatureAlgorithm::ES384 => COSE_TYPE_ES384,
+ &SignatureAlgorithm::ES512 => COSE_TYPE_ES512,
+ &SignatureAlgorithm::PS256 => COSE_TYPE_PS256,
+ })
+}
+
+pub fn build_protected_sig_header(ee_cert: &[u8], alg: &SignatureAlgorithm) -> CborType {
+ // Protected signature header
+ let mut header_map: BTreeMap<CborType, CborType> = BTreeMap::new();
+
+ // Signature type.
+ let signature_type_value = signature_type_to_cbor_value(alg);
+ header_map.insert(CborType::Integer(1), signature_type_value);
+
+ // Signer certificate.
+ header_map.insert(CborType::Integer(4), CborType::Bytes(ee_cert.to_vec()));
+
+ let header_map = CborType::Map(header_map).serialize();
+ CborType::Bytes(header_map)
+}
+
+pub fn build_protected_header(cert_chain: &[&[u8]]) -> CborType {
+ let mut cert_array: Vec<CborType> = Vec::new();
+ for cert in cert_chain {
+ cert_array.push(CborType::Bytes(cert.to_vec()));
+ }
+ let mut protected_body_header: BTreeMap<CborType, CborType> = BTreeMap::new();
+ protected_body_header.insert(CborType::Integer(4), CborType::Array(cert_array));
+ let protected_body_header = CborType::Map(protected_body_header).serialize();
+
+ CborType::Bytes(protected_body_header)
+}
+
+pub fn build_sig_struct(ee_cert: &[u8], alg: &SignatureAlgorithm, sig_bytes: &Vec<u8>) -> CborType {
+ // Build the signature item.
+ let mut signature_item: Vec<CborType> = Vec::new();
+
+ // Protected signature header
+ signature_item.push(build_protected_sig_header(ee_cert, alg));
+
+ // The unprotected signature header is empty.
+ let empty_map: BTreeMap<CborType, CborType> = BTreeMap::new();
+ signature_item.push(CborType::Map(empty_map));
+
+ // And finally the signature bytes.
+ signature_item.push(CborType::Bytes(sig_bytes.clone()));
+ CborType::Array(signature_item)
+}
+
+// 98(
+// [
+// / protected / h'..', / {
+// \ kid \ 4:'..' \ Array of DER encoded intermediate certificates \
+// } / ,
+// / unprotected / {},
+// / payload / nil, / The payload is the contents of the manifest file /
+// / signatures / [
+// [
+// / protected / h'a2012604..' / {
+// \ alg \ 1:-7, \ ECDSA with SHA-256 \
+// \ kid \ 4:'..' \ DER encoded signing certificate \
+// } / ,
+// / unprotected / {},
+// / signature / h'e2ae..'
+// ],
+// [
+// / protected / h'a201382404..' / {
+// \ alg \ 1:-37, \ RSASSA-PSS with SHA-256 \
+// \ kid \ 4:'..' \ DER encoded signing certificate \
+// } / ,
+// / unprotected / {},
+// / signature / h'00a2..'
+// ]
+// ]
+// ]
+pub fn build_cose_signature(cert_chain: &[&[u8]], signature_vec: &Vec<Signature>) -> Vec<u8> {
+ // Building the COSE signature content.
+ let mut cose_signature: Vec<CborType> = Vec::new();
+
+ // add cert chain as protected header
+ cose_signature.push(build_protected_header(cert_chain));
+
+ // Empty map (unprotected header)
+ let empty_map: BTreeMap<CborType, CborType> = BTreeMap::new();
+ cose_signature.push(CborType::Map(empty_map));
+
+ // No payload (nil).
+ cose_signature.push(CborType::Null);
+
+ // Create signature items.
+ let mut signatures: Vec<CborType> = Vec::new();
+ for signature in signature_vec {
+ let signature_item = build_sig_struct(
+ signature.parameter.certificate,
+ &signature.parameter.algorithm,
+ &signature.signature_bytes,
+ );
+ signatures.push(signature_item);
+ }
+
+ // Pack the signature item and add everything to the cose signature object.
+ cose_signature.push(CborType::Array(signatures));
+
+ // A COSE signature is a tagged array (98).
+ let signature_struct = CborType::Tag(98, Box::new(CborType::Array(cose_signature).clone()));
+
+ return signature_struct.serialize();
+}
+
+pub fn sign(
+ payload: &[u8],
+ cert_chain: &[&[u8]],
+ parameters: &Vec<SignatureParameters>,
+) -> Result<Vec<u8>, CoseError> {
+ assert!(parameters.len() > 0);
+ if parameters.len() < 1 {
+ return Err(CoseError::InvalidArgument);
+ }
+
+ let mut signatures: Vec<Signature> = Vec::new();
+ for param in parameters {
+ // Build the signature structure containing the protected headers and the
+ // payload to generate the payload that is actually signed.
+ let protected_sig_header_serialized =
+ build_protected_sig_header(param.certificate, &param.algorithm);
+ let protected_header_serialized = build_protected_header(cert_chain);
+ let payload = get_sig_struct_bytes(
+ protected_header_serialized,
+ protected_sig_header_serialized,
+ payload,
+ );
+
+ let signature_bytes = match nss::sign(&param.algorithm, &param.pkcs8, &payload) {
+ Err(_) => return Err(CoseError::SigningFailed),
+ Ok(signature) => signature,
+ };
+ let signature = Signature {
+ parameter: param,
+ signature_bytes: signature_bytes,
+ };
+ signatures.push(signature);
+ }
+
+ assert!(signatures.len() > 0);
+ if signatures.len() < 1 {
+ return Err(CoseError::MalformedInput);
+ }
+
+ let cose_signature = build_cose_signature(cert_chain, &signatures);
+ Ok(cose_signature)
+}
+
+/// Verify a COSE signature.
+pub fn verify_signature(payload: &[u8], cose_signature: Vec<u8>) -> Result<(), CoseError> {
+ // Parse COSE signature.
+ let cose_signatures = decode_signature(&cose_signature, payload)?;
+ if cose_signatures.len() < 1 {
+ return Err(CoseError::MalformedInput);
+ }
+
+ for signature in cose_signatures {
+ let signature_algorithm = &signature.signature_type;
+ let signature_bytes = &signature.signature;
+ let real_payload = &signature.to_verify;
+
+ // Verify the parsed signatures.
+ // We ignore the certs field here because we don't verify the certificate.
+ let verify_result = nss::verify_signature(
+ &signature_algorithm,
+ &signature.signer_cert,
+ real_payload,
+ signature_bytes,
+ );
+ if !verify_result.is_ok() {
+ return Err(CoseError::VerificationFailed);
+ }
+ }
+ Ok(())
+}
diff --git a/third_party/rust/cose/rustfmt.toml b/third_party/rust/cose/rustfmt.toml
new file mode 100644
index 0000000000..a47e18ea00
--- /dev/null
+++ b/third_party/rust/cose/rustfmt.toml
@@ -0,0 +1,4 @@
+array_layout = "Visual"
+array_width = 0
+reorder_imported_names = true
+array_horizontal_layout_threshold = 0
diff --git a/third_party/rust/cose/src/cose.rs b/third_party/rust/cose/src/cose.rs
new file mode 100644
index 0000000000..d55dda8d16
--- /dev/null
+++ b/third_party/rust/cose/src/cose.rs
@@ -0,0 +1,72 @@
+//! This crate implements [COSE](https://tools.ietf.org/html/rfc8152) signature
+//! parsing. Verification has to be performed by the caller.
+//!
+//! Example usage: Let `payload` and `cose_signature` be variables holding the
+//! signed payload and the COSE signature bytes respectively.
+//! Let further `verify_callback` be a function callback that implements
+//! signature verification.
+//!
+//!```rust,ignore
+//! use cose::decoder::decode_signature;
+//!
+//! // Parse the incoming signature.
+//! let cose_signatures = decode_signature(cose_signature, &payload);
+//! let cose_signatures = match cose_signatures {
+//! Ok(signature) => signature,
+//! Err(_) => Vec::new(),
+//! };
+//! if cose_signatures.len() < 1 {
+//! return false;
+//! }
+//!
+//! let mut result = true;
+//! for cose_signature in cose_signatures {
+//! // Call callback to verify the parsed signatures.
+//! result &= verify_callback(cose_signature);
+//!
+//! // We can stop early. The cose_signature is not valid.
+//! if !result {
+//! return result;
+//! }
+//! }
+//!```
+extern crate moz_cbor as cbor;
+
+pub mod decoder;
+pub mod util;
+
+/// Errors that can be returned from COSE functions.
+#[derive(Debug, PartialEq)]
+pub enum CoseError {
+ DecodingFailure,
+ LibraryFailure,
+ MalformedInput,
+ MissingHeader,
+ UnexpectedHeaderValue,
+ UnexpectedTag,
+ UnexpectedType,
+ Unimplemented,
+ VerificationFailed,
+ UnknownSignatureScheme,
+ SigningFailed,
+ InvalidArgument,
+}
+
+/// An enum identifying supported signature algorithms.
+/// Currently ES256 (ECDSA with P256 and SHA256), ES384 (ECDSA with P384 and SHA384)
+/// ES512 (ECDSA with P521 and SHA512), and PS256 (RSASSA-PSS with SHA256)
+/// are supported. Note that with PS256, the salt length is defined
+/// to be 32 bytes.
+#[derive(Debug)]
+#[derive(PartialEq)]
+pub enum SignatureAlgorithm {
+ ES256,
+ ES384,
+ ES512,
+ PS256,
+}
+
+#[cfg(test)]
+mod test_setup;
+#[cfg(test)]
+mod test_cose;
diff --git a/third_party/rust/cose/src/decoder.rs b/third_party/rust/cose/src/decoder.rs
new file mode 100644
index 0000000000..90463d5dd2
--- /dev/null
+++ b/third_party/rust/cose/src/decoder.rs
@@ -0,0 +1,235 @@
+//! Parse and decode COSE signatures.
+
+use cbor::CborType;
+use cbor::decoder::decode;
+use {CoseError, SignatureAlgorithm};
+use util::get_sig_struct_bytes;
+use std::collections::BTreeMap;
+
+pub const COSE_SIGN_TAG: u64 = 98;
+
+/// The result of `decode_signature` holding a decoded COSE signature.
+#[derive(Debug)]
+pub struct CoseSignature {
+ pub signature_type: SignatureAlgorithm,
+ pub signature: Vec<u8>,
+ pub signer_cert: Vec<u8>,
+ pub certs: Vec<Vec<u8>>,
+ pub to_verify: Vec<u8>,
+}
+
+pub const COSE_TYPE_ES256: i64 = -7;
+pub const COSE_TYPE_ES384: i64 = -35;
+pub const COSE_TYPE_ES512: i64 = -36;
+pub const COSE_TYPE_PS256: i64 = -37;
+
+pub const COSE_HEADER_ALG: u64 = 1;
+pub const COSE_HEADER_KID: u64 = 4;
+
+macro_rules! unpack {
+ ($to:tt, $var:ident) => (
+ match *$var {
+ CborType::$to(ref cbor_object) => {
+ cbor_object
+ }
+ _ => return Err(CoseError::UnexpectedType),
+ };
+ )
+}
+
+fn get_map_value(
+ map: &BTreeMap<CborType, CborType>,
+ key: &CborType,
+) -> Result<CborType, CoseError> {
+ match map.get(key) {
+ Some(x) => Ok(x.clone()),
+ _ => Err(CoseError::MissingHeader),
+ }
+}
+
+/// Ensure that the referenced `CborType` is an empty map.
+fn ensure_empty_map(map: &CborType) -> Result<(), CoseError> {
+ let unpacked = unpack!(Map, map);
+ if !unpacked.is_empty() {
+ return Err(CoseError::MalformedInput);
+ }
+ Ok(())
+}
+
+// This syntax is a little unintuitive. Taken together, the two previous definitions essentially
+// mean:
+//
+// COSE_Sign = [
+// protected : empty_or_serialized_map,
+// unprotected : header_map
+// payload : bstr / nil,
+// signatures : [+ COSE_Signature]
+// ]
+//
+// (COSE_Sign is an array. The first element is an empty or serialized map (in our case, it is
+// never expected to be empty). The second element is a map (it is expected to be empty. The third
+// element is a bstr or nil (it is expected to be nil). The fourth element is an array of
+// COSE_Signature.)
+//
+// COSE_Signature = [
+// Headers,
+// signature : bstr
+// ]
+//
+// but again, unpacking this:
+//
+// COSE_Signature = [
+// protected : empty_or_serialized_map,
+// unprotected : header_map
+// signature : bstr
+// ]
+fn decode_signature_struct(
+ cose_signature: &CborType,
+ payload: &[u8],
+ protected_body_head: &CborType,
+) -> Result<CoseSignature, CoseError> {
+ let cose_signature = unpack!(Array, cose_signature);
+ if cose_signature.len() != 3 {
+ return Err(CoseError::MalformedInput);
+ }
+ let protected_signature_header_serialized = &cose_signature[0];
+ let protected_signature_header_bytes = unpack!(Bytes, protected_signature_header_serialized);
+
+ // Parse the protected signature header.
+ let protected_signature_header = &match decode(protected_signature_header_bytes) {
+ Err(_) => return Err(CoseError::DecodingFailure),
+ Ok(value) => value,
+ };
+ let protected_signature_header = unpack!(Map, protected_signature_header);
+ if protected_signature_header.len() != 2 {
+ return Err(CoseError::MalformedInput);
+ }
+ let signature_algorithm = get_map_value(
+ protected_signature_header,
+ &CborType::Integer(COSE_HEADER_ALG),
+ )?;
+ let signature_algorithm = match signature_algorithm {
+ CborType::SignedInteger(val) => {
+ match val {
+ COSE_TYPE_ES256 => SignatureAlgorithm::ES256,
+ COSE_TYPE_ES384 => SignatureAlgorithm::ES384,
+ COSE_TYPE_ES512 => SignatureAlgorithm::ES512,
+ COSE_TYPE_PS256 => SignatureAlgorithm::PS256,
+ _ => return Err(CoseError::UnexpectedHeaderValue),
+ }
+ }
+ _ => return Err(CoseError::UnexpectedType),
+ };
+
+ let ee_cert = &get_map_value(
+ protected_signature_header,
+ &CborType::Integer(COSE_HEADER_KID),
+ )?;
+ let ee_cert = unpack!(Bytes, ee_cert).clone();
+
+ // The unprotected header section is expected to be an empty map.
+ ensure_empty_map(&cose_signature[1])?;
+
+ // Build signature structure to verify.
+ let signature_bytes = &cose_signature[2];
+ let signature_bytes = unpack!(Bytes, signature_bytes).clone();
+ let sig_structure_bytes = get_sig_struct_bytes(
+ protected_body_head.clone(),
+ protected_signature_header_serialized.clone(),
+ payload,
+ );
+
+ // Read intermediate certificates from protected_body_head.
+ // Any tampering of the protected header during transport will be detected
+ // because it is input to the signature verification.
+ // Note that a protected header has to be present and hold a kid with an
+ // empty list of intermediate certificates.
+ let protected_body_head_bytes = unpack!(Bytes, protected_body_head);
+ let protected_body_head_map = &match decode(protected_body_head_bytes) {
+ Ok(value) => value,
+ Err(_) => return Err(CoseError::DecodingFailure),
+ };
+ let protected_body_head_map = unpack!(Map, protected_body_head_map);
+ if protected_body_head_map.len() != 1 {
+ return Err(CoseError::MalformedInput);
+ }
+ let intermediate_certs_array =
+ &get_map_value(protected_body_head_map, &CborType::Integer(COSE_HEADER_KID))?;
+ let intermediate_certs = unpack!(Array, intermediate_certs_array);
+ let mut certs: Vec<Vec<u8>> = Vec::new();
+ for cert in intermediate_certs {
+ let cert = unpack!(Bytes, cert);
+ certs.push(cert.clone());
+ }
+
+ Ok(CoseSignature {
+ signature_type: signature_algorithm,
+ signature: signature_bytes,
+ signer_cert: ee_cert,
+ certs: certs,
+ to_verify: sig_structure_bytes,
+ })
+}
+
+/// Decode COSE signature bytes and return a vector of `CoseSignature`.
+///
+///```rust,ignore
+/// COSE_Sign = [
+/// Headers,
+/// payload : bstr / nil,
+/// signatures : [+ COSE_Signature]
+/// ]
+///
+/// Headers = (
+/// protected : empty_or_serialized_map,
+/// unprotected : header_map
+/// )
+///```
+pub fn decode_signature(bytes: &[u8], payload: &[u8]) -> Result<Vec<CoseSignature>, CoseError> {
+ // This has to be a COSE_Sign object, which is a tagged array.
+ let tagged_cose_sign = match decode(bytes) {
+ Err(_) => return Err(CoseError::DecodingFailure),
+ Ok(value) => value,
+ };
+ let cose_sign_array = match tagged_cose_sign {
+ CborType::Tag(tag, cose_sign) => {
+ if tag != COSE_SIGN_TAG {
+ return Err(CoseError::UnexpectedTag);
+ }
+ match *cose_sign {
+ CborType::Array(values) => values,
+ _ => return Err(CoseError::UnexpectedType),
+ }
+ }
+ _ => return Err(CoseError::UnexpectedType),
+ };
+ if cose_sign_array.len() != 4 {
+ return Err(CoseError::MalformedInput);
+ }
+
+ // The unprotected header section is expected to be an empty map.
+ ensure_empty_map(&cose_sign_array[1])?;
+
+ // The payload is expected to be Null (i.e. this is a detached signature).
+ match cose_sign_array[2] {
+ CborType::Null => {}
+ _ => return Err(CoseError::UnexpectedType),
+ };
+
+ let signatures = &cose_sign_array[3];
+ let signatures = unpack!(Array, signatures);
+
+ // Decode COSE_Signatures.
+ // There has to be at least one signature to make this a valid COSE signature.
+ if signatures.len() < 1 {
+ return Err(CoseError::MalformedInput);
+ }
+ let mut result = Vec::new();
+ for cose_signature in signatures {
+ // cose_sign_array[0] holds the protected body header.
+ let signature = decode_signature_struct(cose_signature, payload, &cose_sign_array[0])?;
+ result.push(signature);
+ }
+
+ Ok(result)
+}
diff --git a/third_party/rust/cose/src/test_cose.rs b/third_party/rust/cose/src/test_cose.rs
new file mode 100644
index 0000000000..7c680a879c
--- /dev/null
+++ b/third_party/rust/cose/src/test_cose.rs
@@ -0,0 +1,496 @@
+use test_setup as test;
+use {CoseError, SignatureAlgorithm};
+use decoder::{COSE_HEADER_ALG, COSE_HEADER_KID, COSE_SIGN_TAG, COSE_TYPE_ES256, decode_signature};
+use cbor::CborType;
+use std::collections::BTreeMap;
+
+#[test]
+fn test_cose_decode() {
+ let payload = b"This is the content.";
+ let cose_signatures = decode_signature(&test::COSE_SIGNATURE_BYTES, payload).unwrap();
+ assert_eq!(cose_signatures.len(), 1);
+ assert_eq!(cose_signatures[0].signature_type, SignatureAlgorithm::ES256);
+ assert_eq!(cose_signatures[0].signature, test::SIGNATURE_BYTES.to_vec());
+ assert_eq!(cose_signatures[0].certs[0], test::P256_ROOT.to_vec());
+ assert_eq!(cose_signatures[0].certs[1], test::P256_INT.to_vec());
+}
+
+fn test_cose_format_error(bytes: &[u8], expected_error: CoseError) {
+ let payload = vec![0];
+ let result = decode_signature(bytes, &payload);
+ assert!(result.is_err());
+ assert_eq!(result.err(), Some(expected_error));
+}
+
+// Helper function to take a `Vec<CborType>`, wrap it in a `CborType::Array`, tag it with the
+// COSE_Sign tag (COSE_SIGN_TAG = 98), and serialize it to a `Vec<u8>`.
+fn wrap_tag_and_encode_array(array: Vec<CborType>) -> Vec<u8> {
+ CborType::Tag(COSE_SIGN_TAG, Box::new(CborType::Array(array))).serialize()
+}
+
+// Helper function to create an encoded protected header for a COSE_Sign or COSE_Signature
+// structure.
+fn encode_test_protected_header(keys: Vec<CborType>, values: Vec<CborType>) -> Vec<u8> {
+ assert_eq!(keys.len(), values.len());
+ let mut map: BTreeMap<CborType, CborType> = BTreeMap::new();
+ for (key, value) in keys.iter().zip(values) {
+ map.insert(key.clone(), value.clone());
+ }
+ CborType::Map(map).serialize()
+}
+
+// Helper function to create a test COSE_Signature structure with the given protected header.
+fn build_test_cose_signature(protected_header: Vec<u8>) -> CborType {
+ CborType::Array(vec![CborType::Bytes(protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Bytes(Vec::new())])
+}
+
+// Helper function to create the minimally-valid COSE_Sign (i.e. "body") protected header.
+fn make_minimally_valid_cose_sign_protected_header() -> Vec<u8> {
+ encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_KID)],
+ vec![CborType::Array(Vec::new())],
+ )
+}
+
+// Helper function to create a minimally-valid COSE_Signature (i.e. "body").
+fn make_minimally_valid_cose_signature_protected_header() -> Vec<u8> {
+ encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_ALG),
+ CborType::Integer(COSE_HEADER_KID)],
+ vec![CborType::SignedInteger(COSE_TYPE_ES256),
+ CborType::Bytes(Vec::new())],
+ )
+}
+
+// This tests the minimally-valid COSE_Sign structure according to this implementation.
+// The structure must be a CBOR array of length 4 tagged with the integer 98.
+// The COSE_Sign protected header must have the `kid` integer key and no others. The value for `kid`
+// must be an array (although it may be empty). Each element of the array must be of type bytes.
+// The COSE_Sign unprotected header must be an empty map.
+// The COSE_Sign payload must be nil.
+// The COSE_Sign signatures must be an array with at least one COSE_Signature.
+// Each COSE_Signature must be an array of length 3.
+// Each COSE_Signature protected header must have the `alg` and `kid` integer keys and no others.
+// The value for `alg` must be a valid algorithm identifier. The value for `kid` must be bytes,
+// although it may be empty.
+// Each COSE_Signature unprotected header must be an empty map.
+// Each COSE_Signature signature must be of type bytes (although it may be empty).
+#[test]
+fn test_cose_sign_minimally_valid() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ let payload = vec![0];
+ let result = decode_signature(&bytes, &payload);
+ assert!(result.is_ok());
+ let decoded = result.unwrap();
+ assert_eq!(decoded.len(), 1);
+ assert_eq!(decoded[0].signer_cert.len(), 0);
+ assert_eq!(decoded[0].certs.len(), 0);
+}
+
+#[test]
+fn test_cose_sign_not_tagged() {
+ let bytes = CborType::Array(vec![CborType::Integer(0)]).serialize();
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_sign_wrong_tag() {
+ // The expected COSE_Sign tag is 98.
+ let bytes = CborType::Tag(99, Box::new(CborType::Integer(0))).serialize();
+ test_cose_format_error(&bytes, CoseError::UnexpectedTag);
+}
+
+#[test]
+fn test_cose_sign_right_tag_wrong_contents() {
+ // The COSE_Sign tag is 98, but the contents should be an array.
+ let bytes = CborType::Tag(98, Box::new(CborType::Integer(0))).serialize();
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_sign_too_small() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_sign_too_large() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(Vec::new()),
+ CborType::Array(Vec::new())];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_sign_protected_header_empty() {
+ let body_protected_header = encode_test_protected_header(Vec::new(), Vec::new());
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_sign_protected_header_missing_kid() {
+ let body_protected_header =
+ encode_test_protected_header(vec![CborType::Integer(2)], vec![CborType::Integer(2)]);
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MissingHeader);
+}
+
+#[test]
+fn test_cose_sign_protected_header_kid_wrong_type() {
+ let body_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_KID)],
+ vec![CborType::Integer(2)],
+ );
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_sign_protected_header_extra_header_key() {
+ let body_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_KID),
+ CborType::Integer(2)],
+ vec![CborType::Bytes(Vec::new()),
+ CborType::Integer(2)],
+ );
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_sign_unprotected_header_wrong_type() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Integer(1),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_sign_unprotected_header_not_empty() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let mut unprotected_header_map: BTreeMap<CborType, CborType> = BTreeMap::new();
+ unprotected_header_map.insert(CborType::Integer(0), CborType::SignedInteger(-1));
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(unprotected_header_map),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_sign_payload_not_null() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Integer(0),
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_signatures_not_array() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Integer(0)];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_signatures_empty() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(Vec::new())];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_signature_protected_header_wrong_type() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature = CborType::Array(vec![CborType::Null,
+ CborType::Map(BTreeMap::new()),
+ CborType::SignedInteger(-1)]);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_signature_protected_header_empty() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(Vec::new(), Vec::new());
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_signature_protected_header_too_large() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = CborType::Array(vec![CborType::Bytes(signature_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Bytes(Vec::new()),
+ CborType::Null]);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_signature_protected_header_bad_encoding() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ // The bytes here are a truncated integer encoding.
+ let signature = CborType::Array(vec![CborType::Bytes(vec![0x1a, 0x00, 0x00]),
+ CborType::Map(BTreeMap::new()),
+ CborType::Bytes(Vec::new())]);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::DecodingFailure);
+}
+
+#[test]
+fn test_cose_signature_protected_header_missing_alg() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(2),
+ CborType::Integer(COSE_HEADER_KID)],
+ vec![CborType::SignedInteger(COSE_TYPE_ES256),
+ CborType::Bytes(Vec::new())],
+ );
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MissingHeader);
+}
+
+#[test]
+fn test_cose_signature_protected_header_missing_kid() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_ALG),
+ CborType::Integer(3)],
+ vec![CborType::SignedInteger(COSE_TYPE_ES256),
+ CborType::Bytes(Vec::new())],
+ );
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MissingHeader);
+}
+
+#[test]
+fn test_cose_signature_protected_header_wrong_key_types() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(
+ vec![CborType::SignedInteger(-1),
+ CborType::Bytes(vec![0])],
+ vec![CborType::SignedInteger(COSE_TYPE_ES256),
+ CborType::Bytes(Vec::new())],
+ );
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MissingHeader);
+}
+
+#[test]
+fn test_cose_signature_protected_header_unexpected_alg_type() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_ALG),
+ CborType::Integer(COSE_HEADER_KID)],
+ vec![CborType::Integer(10),
+ CborType::Integer(4)],
+ );
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_signature_protected_header_unsupported_alg() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_ALG),
+ CborType::Integer(COSE_HEADER_KID)],
+ vec![CborType::SignedInteger(-10),
+ CborType::Bytes(Vec::new())],
+ );
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedHeaderValue);
+}
+
+#[test]
+fn test_cose_signature_protected_header_unexpected_kid_type() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_ALG),
+ CborType::Integer(COSE_HEADER_KID)],
+ vec![CborType::SignedInteger(COSE_TYPE_ES256),
+ CborType::Integer(0)],
+ );
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_signature_protected_header_extra_key() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = encode_test_protected_header(
+ vec![CborType::Integer(COSE_HEADER_ALG),
+ CborType::Integer(COSE_HEADER_KID),
+ CborType::Integer(5)],
+ vec![CborType::SignedInteger(COSE_TYPE_ES256),
+ CborType::Bytes(Vec::new()),
+ CborType::Integer(5)],
+ );
+ let signature = build_test_cose_signature(signature_protected_header);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_signature_unprotected_header_wrong_type() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = CborType::Array(vec![CborType::Bytes(signature_protected_header),
+ CborType::Integer(1),
+ CborType::Bytes(Vec::new())]);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
+
+#[test]
+fn test_cose_signature_unprotected_header_not_empty() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let mut unprotected_header_map: BTreeMap<CborType, CborType> = BTreeMap::new();
+ unprotected_header_map.insert(CborType::Integer(0), CborType::SignedInteger(-1));
+ let signature = CborType::Array(vec![CborType::Bytes(signature_protected_header),
+ CborType::Map(unprotected_header_map),
+ CborType::Bytes(Vec::new())]);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::MalformedInput);
+}
+
+#[test]
+fn test_cose_signature_signature_wrong_type() {
+ let body_protected_header = make_minimally_valid_cose_sign_protected_header();
+ let signature_protected_header = make_minimally_valid_cose_signature_protected_header();
+ let signature = CborType::Array(vec![CborType::Bytes(signature_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::SignedInteger(-1)]);
+ let values = vec![CborType::Bytes(body_protected_header),
+ CborType::Map(BTreeMap::new()),
+ CborType::Null,
+ CborType::Array(vec![signature])];
+ let bytes = wrap_tag_and_encode_array(values);
+ test_cose_format_error(&bytes, CoseError::UnexpectedType);
+}
diff --git a/third_party/rust/cose/src/test_setup.rs b/third_party/rust/cose/src/test_setup.rs
new file mode 100644
index 0000000000..fce0676a66
--- /dev/null
+++ b/third_party/rust/cose/src/test_setup.rs
@@ -0,0 +1,169 @@
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const P256_INT: [u8; 332] = [
+ 0x30, 0x82, 0x01, 0x48, 0x30, 0x81, 0xf0, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x14, 0x43, 0x63, 0x59, 0xad, 0x04, 0x34, 0x56, 0x80,
+ 0x43, 0xec, 0x90, 0x6a, 0xd4, 0x10, 0x64, 0x7c, 0x7f, 0x38, 0x32,
+ 0xe2, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
+ 0x03, 0x02, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32,
+ 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x32, 0x30,
+ 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18,
+ 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31, 0x11, 0x30, 0x0f,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e, 0x74, 0x2d,
+ 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf,
+ 0xbb, 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac,
+ 0x87, 0x04, 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e,
+ 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2,
+ 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e,
+ 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07,
+ 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, 0xa3, 0x1d, 0x30, 0x1b,
+ 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
+ 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04,
+ 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44,
+ 0x02, 0x20, 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff,
+ 0xd1, 0x16, 0x4e, 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf,
+ 0x77, 0x5c, 0x93, 0x60, 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d,
+ 0x24, 0x02, 0x20, 0x3d, 0x87, 0x0f, 0xac, 0x22, 0x4d, 0x16, 0xd9,
+ 0xa1, 0x95, 0xbb, 0x56, 0xe0, 0x21, 0x05, 0x93, 0xd1, 0x07, 0xb5,
+ 0x25, 0x3b, 0xf4, 0x57, 0x20, 0x87, 0x13, 0xa2, 0xf7, 0x78, 0x15,
+ 0x30, 0xa7
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const P256_ROOT: [u8; 334] = [
+ 0x30, 0x82, 0x01, 0x4a, 0x30, 0x81, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x14, 0x5f, 0x3f, 0xae, 0x90, 0x49, 0x30, 0x2f, 0x33, 0x6e, 0x95,
+ 0x23, 0xa7, 0xcb, 0x23, 0xd7, 0x65, 0x4f, 0xea, 0x3c, 0xf7, 0x30, 0x0a,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x14,
+ 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72,
+ 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+ 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+ 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x14, 0x31, 0x12,
+ 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f,
+ 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+ 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+ 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+ 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+ 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+ 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+ 0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+ 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30,
+ 0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d,
+ 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75,
+ 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02,
+ 0x21, 0x00, 0xc2, 0xe4, 0xc1, 0xa8, 0xe2, 0x89, 0xdc, 0xa1, 0xbb, 0xe7,
+ 0xd5, 0x4f, 0x5c, 0x88, 0xad, 0xeb, 0xa4, 0x78, 0xa1, 0x19, 0xbe, 0x22,
+ 0x54, 0xc8, 0x9f, 0xef, 0xb8, 0x5d, 0xa2, 0x40, 0xd9, 0x8b
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const COSE_SIGNATURE_BYTES: [u8; 1062] = [
+ 0xd8, 0x62, 0x84, 0x59, 0x02, 0xa3, 0xa1, 0x04, 0x82, 0x59, 0x01, 0x4e,
+ 0x30, 0x82, 0x01, 0x4a, 0x30, 0x81, 0xf1, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x14, 0x5f, 0x3f, 0xae, 0x90, 0x49, 0x30, 0x2f, 0x33, 0x6e, 0x95,
+ 0x23, 0xa7, 0xcb, 0x23, 0xd7, 0x65, 0x4f, 0xea, 0x3c, 0xf7, 0x30, 0x0a,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x14,
+ 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72,
+ 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f,
+ 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33,
+ 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x14, 0x31, 0x12,
+ 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x72, 0x6f, 0x6f,
+ 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+ 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+ 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+ 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+ 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+ 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+ 0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+ 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30,
+ 0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd, 0x5d,
+ 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73, 0x75,
+ 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6, 0x02,
+ 0x21, 0x00, 0xc2, 0xe4, 0xc1, 0xa8, 0xe2, 0x89, 0xdc, 0xa1, 0xbb, 0xe7,
+ 0xd5, 0x4f, 0x5c, 0x88, 0xad, 0xeb, 0xa4, 0x78, 0xa1, 0x19, 0xbe, 0x22,
+ 0x54, 0xc8, 0x9f, 0xef, 0xb8, 0x5d, 0xa2, 0x40, 0xd9, 0x8b, 0x59, 0x01,
+ 0x4c, 0x30, 0x82, 0x01, 0x48, 0x30, 0x81, 0xf0, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x14, 0x43, 0x63, 0x59, 0xad, 0x04, 0x34, 0x56, 0x80, 0x43,
+ 0xec, 0x90, 0x6a, 0xd4, 0x10, 0x64, 0x7c, 0x7f, 0x38, 0x32, 0xe2, 0x30,
+ 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30,
+ 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09,
+ 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18,
+ 0x0f, 0x32, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32,
+ 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x13, 0x31,
+ 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e,
+ 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb,
+ 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04,
+ 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c,
+ 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36,
+ 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90,
+ 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6,
+ 0xc0, 0xa3, 0x1d, 0x30, 0x1b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03, 0x55,
+ 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0a, 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30,
+ 0x44, 0x02, 0x20, 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff,
+ 0xd1, 0x16, 0x4e, 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf, 0x77,
+ 0x5c, 0x93, 0x60, 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d, 0x24, 0x02,
+ 0x20, 0x3d, 0x87, 0x0f, 0xac, 0x22, 0x4d, 0x16, 0xd9, 0xa1, 0x95, 0xbb,
+ 0x56, 0xe0, 0x21, 0x05, 0x93, 0xd1, 0x07, 0xb5, 0x25, 0x3b, 0xf4, 0x57,
+ 0x20, 0x87, 0x13, 0xa2, 0xf7, 0x78, 0x15, 0x30, 0xa7, 0xa0, 0xf6, 0x81,
+ 0x83, 0x59, 0x01, 0x33, 0xa2, 0x01, 0x26, 0x04, 0x59, 0x01, 0x2c, 0x30,
+ 0x82, 0x01, 0x28, 0x30, 0x81, 0xcf, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
+ 0x14, 0x2f, 0xc3, 0x5f, 0x05, 0x80, 0xb4, 0x49, 0x45, 0x13, 0x92, 0xd6,
+ 0x93, 0xb7, 0x2d, 0x71, 0x19, 0xc5, 0x8c, 0x40, 0x39, 0x30, 0x0a, 0x06,
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x13, 0x31,
+ 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x69, 0x6e,
+ 0x74, 0x2d, 0x70, 0x32, 0x35, 0x36, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30,
+ 0x31, 0x32, 0x30, 0x31, 0x30, 0x33, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, 0x31, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x07, 0x65, 0x65, 0x2d, 0x70, 0x32,
+ 0x35, 0x36, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
+ 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
+ 0x07, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb, 0x61, 0xe0, 0xf8,
+ 0xf9, 0xb1, 0xa6, 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2, 0xec, 0x05, 0x0b,
+ 0x42, 0x3e, 0x3c, 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b, 0x45,
+ 0x5c, 0x2a, 0x69, 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d, 0x07,
+ 0x06, 0xe0, 0x0e, 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b, 0x7b,
+ 0x2d, 0x07, 0xa3, 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, 0x30, 0x0a, 0x06,
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00,
+ 0x30, 0x45, 0x02, 0x20, 0x5c, 0x75, 0x51, 0x9f, 0x13, 0x11, 0x50, 0xcd,
+ 0x5d, 0x8a, 0xde, 0x20, 0xa3, 0xbc, 0x06, 0x30, 0x91, 0xff, 0xb2, 0x73,
+ 0x75, 0x5f, 0x31, 0x64, 0xec, 0xfd, 0xcb, 0x42, 0x80, 0x0a, 0x70, 0xe6,
+ 0x02, 0x21, 0x00, 0xff, 0x81, 0xbe, 0xa8, 0x0d, 0x03, 0x36, 0x6b, 0x75,
+ 0xe2, 0x70, 0x6a, 0xac, 0x07, 0x2e, 0x4c, 0xdc, 0xf9, 0xc5, 0x89, 0xc1,
+ 0xcf, 0x88, 0xc2, 0xc8, 0x2a, 0x32, 0xf5, 0x42, 0x0c, 0xfa, 0x0b, 0xa0,
+ 0x58, 0x40, 0x11, 0xe5, 0x73, 0x2c, 0x23, 0x31, 0x6f, 0xb4, 0x17, 0xcf,
+ 0xa9, 0xee, 0xc5, 0xe3, 0x57, 0xcc, 0x77, 0x82, 0x29, 0x1f, 0xba, 0x97,
+ 0xbf, 0x32, 0xaf, 0x8d, 0x88, 0x27, 0xde, 0x69, 0xd2, 0xdf, 0xd6, 0xec,
+ 0x9e, 0x5b, 0xd3, 0x9d, 0xf8, 0x9d, 0x68, 0xc6, 0xce, 0x91, 0x32, 0x41,
+ 0x50, 0x5f, 0xd8, 0x72, 0xb0, 0x41, 0xb9, 0x39, 0x3d, 0xdf, 0x44, 0xee,
+ 0x89, 0x74, 0x4d, 0x9e, 0xb4, 0xd7
+];
+
+#[cfg_attr(rustfmt, rustfmt_skip)]
+pub const SIGNATURE_BYTES: [u8; 64] = [
+ 0x11, 0xe5, 0x73, 0x2c, 0x23, 0x31, 0x6f, 0xb4, 0x17, 0xcf,
+ 0xa9, 0xee, 0xc5, 0xe3, 0x57, 0xcc, 0x77, 0x82, 0x29, 0x1f, 0xba, 0x97,
+ 0xbf, 0x32, 0xaf, 0x8d, 0x88, 0x27, 0xde, 0x69, 0xd2, 0xdf, 0xd6, 0xec,
+ 0x9e, 0x5b, 0xd3, 0x9d, 0xf8, 0x9d, 0x68, 0xc6, 0xce, 0x91, 0x32, 0x41,
+ 0x50, 0x5f, 0xd8, 0x72, 0xb0, 0x41, 0xb9, 0x39, 0x3d, 0xdf, 0x44, 0xee,
+ 0x89, 0x74, 0x4d, 0x9e, 0xb4, 0xd7
+];
diff --git a/third_party/rust/cose/src/util.rs b/third_party/rust/cose/src/util.rs
new file mode 100644
index 0000000000..8f1cf7e954
--- /dev/null
+++ b/third_party/rust/cose/src/util.rs
@@ -0,0 +1,27 @@
+use cbor::CborType;
+
+/// Sig_structure is a CBOR array:
+///
+/// Sig_structure = [
+/// context : "Signature" / "Signature1" / "CounterSignature",
+/// body_protected : empty_or_serialized_map,
+/// ? sign_protected : empty_or_serialized_map,
+/// external_aad : bstr,
+/// payload : bstr
+/// ]
+///
+/// In this case, the context is "Signature". There is no external_aad, so this defaults to a
+/// zero-length bstr.
+pub fn get_sig_struct_bytes(
+ protected_body_header_serialized: CborType,
+ protected_signature_header_serialized: CborType,
+ payload: &[u8],
+) -> Vec<u8> {
+ let sig_structure_array: Vec<CborType> = vec![CborType::String(String::from("Signature")),
+ protected_body_header_serialized,
+ protected_signature_header_serialized,
+ CborType::Null,
+ CborType::Bytes(payload.to_vec())];
+
+ CborType::Array(sig_structure_array).serialize()
+}
diff --git a/third_party/rust/cose/tools/certs/certs.md b/third_party/rust/cose/tools/certs/certs.md
new file mode 100644
index 0000000000..ef8a53909e
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/certs.md
@@ -0,0 +1,9 @@
+## This folder holds everything to generate certificates and keys for tests
+
+Scripts in this folder require a copy of [mozilla-central](https://hg.mozilla.org/mozilla-central/) and use scripts from `security/manager/ssl/tests/unit`. The default path for `MOZILLA_CENTRAL` is next to the root of this project.
+
+The helper script `certs.sh` sets all necessary paths and generates certificates.
+The following command generates the end-entity certificate with P256, ECDSA, SHA256.
+
+ MOZILLA_CENTRAL=<path to mc> ./certs.sh < ee-p256.certspec
+
diff --git a/third_party/rust/cose/tools/certs/certs.sh b/third_party/rust/cose/tools/certs/certs.sh
new file mode 100755
index 0000000000..b6f4db679c
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/certs.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+cwd=$(cd $(dirname $0); pwd -P)
+MOZILLA_CENTRAL=${MOZILLA_CENTRAL:-"$cwd/../../../mc"}
+script_path="$MOZILLA_CENTRAL/security/manager/ssl/tests/unit"
+
+python_path="$MOZILLA_CENTRAL/third_party/python/pyasn1/"
+python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/pyasn1-modules/"
+python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/PyECC/"
+python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/mock-1.0.0/"
+python_path="$python_path:$MOZILLA_CENTRAL/third_party/python/rsa/"
+
+gen_cert() {
+ PYTHONPATH=$python_path "$script_path"/pycert.py "$@" > /tmp/cert.pem
+ openssl x509 -in /tmp/cert.pem -out /tmp/cert.der -outform DER
+ xxd -ps /tmp/cert.der | sed 's/\([0-9A-Fa-f]\{2\}\)/0x\1, /g' \
+ | tr -d '\n'
+ echo ""
+}
+
+gen_cert "${@:1}"
diff --git a/third_party/rust/cose/tools/certs/ee-p256.certspec b/third_party/rust/cose/tools/certs/ee-p256.certspec
new file mode 100644
index 0000000000..59d1312987
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/ee-p256.certspec
@@ -0,0 +1,6 @@
+issuer:int-p256
+subject:ee-p256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+validity:3650 \ No newline at end of file
diff --git a/third_party/rust/cose/tools/certs/ee-p256.keyspec b/third_party/rust/cose/tools/certs/ee-p256.keyspec
new file mode 100644
index 0000000000..562d46f945
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/ee-p256.keyspec
@@ -0,0 +1 @@
+secp256r1 \ No newline at end of file
diff --git a/third_party/rust/cose/tools/certs/ee-p384.certspec b/third_party/rust/cose/tools/certs/ee-p384.certspec
new file mode 100644
index 0000000000..19be32edb2
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/ee-p384.certspec
@@ -0,0 +1,6 @@
+issuer:int-p256
+subject:ee-p384
+issuerKey:secp256r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+validity:3650 \ No newline at end of file
diff --git a/third_party/rust/cose/tools/certs/ee-p521.certspec b/third_party/rust/cose/tools/certs/ee-p521.certspec
new file mode 100644
index 0000000000..b6cec39b08
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/ee-p521.certspec
@@ -0,0 +1,6 @@
+issuer:int-p256
+subject:ee-p521
+issuerKey:secp256r1
+subjectKey:secp521r1
+signature:ecdsaWithSHA256
+validity:3650 \ No newline at end of file
diff --git a/third_party/rust/cose/tools/certs/ee-rsa.certspec b/third_party/rust/cose/tools/certs/ee-rsa.certspec
new file mode 100644
index 0000000000..27a0ff3bca
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/ee-rsa.certspec
@@ -0,0 +1,3 @@
+issuer:int-rsa
+subject:ee-rsa
+validity:3650
diff --git a/third_party/rust/cose/tools/certs/int-p256.certspec b/third_party/rust/cose/tools/certs/int-p256.certspec
new file mode 100644
index 0000000000..8fec3584db
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/int-p256.certspec
@@ -0,0 +1,8 @@
+issuer:root-p256
+subject:int-p256
+issuerKey:secp256k1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+validity:3650 \ No newline at end of file
diff --git a/third_party/rust/cose/tools/certs/int-rsa.certspec b/third_party/rust/cose/tools/certs/int-rsa.certspec
new file mode 100644
index 0000000000..e79c1ecc53
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/int-rsa.certspec
@@ -0,0 +1,5 @@
+issuer:root-rsa
+subject:int-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+validity:3650
diff --git a/third_party/rust/cose/tools/certs/root-p256.certspec b/third_party/rust/cose/tools/certs/root-p256.certspec
new file mode 100644
index 0000000000..e44d96e226
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/root-p256.certspec
@@ -0,0 +1,8 @@
+issuer:root-p256
+subject:root-p256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+validity:3650 \ No newline at end of file
diff --git a/third_party/rust/cose/tools/certs/root-rsa.certspec b/third_party/rust/cose/tools/certs/root-rsa.certspec
new file mode 100644
index 0000000000..39454648fa
--- /dev/null
+++ b/third_party/rust/cose/tools/certs/root-rsa.certspec
@@ -0,0 +1,5 @@
+issuer:root-rsa
+subject:root-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+validity:3650