Canonicalize CoseKey CBOR serialization.

Change-Id: I9b4abf1662ffccef692258e979d7e3c23ddd52e2
thmsbinder · Jun 6, 2024 · f0e41c6 · f0e41c6
1 parent f1716be
commit f0e41c6
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 16 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/enclave_apps/Cargo.lock b/enclave_apps/Cargo.lock
diff --git a/oak_dice/src/cert.rs b/oak_dice/src/cert.rs
@@ -21,8 +21,8 @@ use alloc::{string::String, vec, vec::Vec};
 use coset::{
     cbor::value::Value,
     cwt::{ClaimName, ClaimsSet, ClaimsSetBuilder},
-    iana, Algorithm, CborSerializable, CoseError, CoseKey, CoseSign1, KeyOperation, KeyType, Label,
-    RegisteredLabelWithPrivate,
+    iana, Algorithm, CborOrdering, CborSerializable, CoseError, CoseKey, CoseSign1, KeyOperation,
+    KeyType, Label, RegisteredLabelWithPrivate,
 };
 use hkdf::Hkdf;
 use p256::{
@@ -228,7 +228,7 @@ pub fn cose_key_to_verifying_key(cose_key: &CoseKey) -> Result<VerifyingKey, &'s
 /// Converts an ECDSA verifying key to a COSE_Key representation.
 pub fn verifying_key_to_cose_key(public_key: &VerifyingKey) -> CoseKey {
     let encoded_point = public_key.to_encoded_point(false);
-    CoseKey {
+    let mut ck = CoseKey {
         kty: KeyType::Assigned(iana::KeyType::EC2),
         key_id: Vec::from(derive_verifying_key_id(public_key)),
         alg: Some(Algorithm::Assigned(iana::Algorithm::ES256)),
@@ -248,7 +248,9 @@ pub fn verifying_key_to_cose_key(public_key: &VerifyingKey) -> CoseKey {
             ),
         ],
         ..Default::default()
-    }
+    };
+    ck.canonicalize(CborOrdering::LengthFirstLexicographic);
+    ck
 }
 
 /// Generates a CWT certificate representing an ECDSA signing key, such as an

diff --git a/oak_ml_transparency/runner/Cargo.lock b/oak_ml_transparency/runner/Cargo.lock
diff --git a/oak_restricted_kernel_bin/Cargo.lock b/oak_restricted_kernel_bin/Cargo.lock
diff --git a/stage0_bin/Cargo.lock b/stage0_bin/Cargo.lock