search

Scopevisio / eudgc

A totally free (Apache 2.0) implementation of the Covid Vaccination Certifcate parsing and validation (more accurately EuDGC) in Javascript/Typescript. This works completely on the client side if needed. Serverside is possible too of course.
23 stars 13 forks source link

Structure of Sig1_Structure #5

Open jumpjack opened 2 years ago

jumpjack commented 2 years ago

https://github.com/Scopevisio/eudgc/blob/9af2d1baf7c2a802df978d9c195a470a09da1aff/src/cose1.ts#L77

The structure of Sig1_Structure is described in sign.js file of cose-js node library:

https://github.com/erdtman/cose-js/blob/9757a6bdcb9b8dec356210b24e794bb8d630c4f4/lib/sign.js#L277

  const SigStructure = [
      'Signature1',
      p,
      externalAAD,
      plaintext
    ];

As far as I can understand, greenpass always use "Sign1" signature, so you can disregard Sig_Structure defined at line 263, and externalAAD is always EMPTY_BUFFER.

srutz commented 2 years ago

Thanks Jumpjack, i don't have any clue whatsoever whether this is required or not. However the current code doesn't do any harm, does it? Or in other words, does the current code have any negative impact (performancewise maybe?) ?

jumpjack commented 2 years ago

It's not very clear to me, too, how signature process works; I opened the issue just because you wrote in the code "Since the above doesn't work, we do the cbor semi-manually...." and you created your own algorithm, but you can find the full structure of SigStructure in the source code I mentioned, so maybe you can use it to figure out why your code dose not work.

For example, the definition in sign.js includes four elements, your definitions includes five elements: In sign.js:

'Signature1', // n.1 (string)
p,            // n.2 (CBOR object)
externalAAD,  // n.3 ( EMPTY_BUFFER = Buffer.alloc(0) )
plaintext     // n.4 (string)

Yours:

"Signature1",       // n.1 (string)
cose1.protected_,   // n.2 (CBOR object)
64,                 // n.3 (number)
64,                 // n.4 (number)
cose1.payload,      // n.5 (string)

By sure you have too many elements. But I think there is another error: "64" is a "CBOR code", but you are going to CBOR-Encode the SigStructure structure, so you cannot write the 64 (=empty in CBOR language) in it: you must put an empty buffer ( Buffer.alloc(0) ), and it will be converted into code 64 by the CBOR-encoding.

So probably (I didn't test it) your code could work if you changed it like this:

"Signature1",       // n.1 (string)
cose1.protected_,   // n.2 (CBOR object)
Buffer.alloc(0),    // n.3 (number)  <<< changed from "64" to "Buffer.alloc(0)"
// 64,              // n.4 (number)  <<< removed
cose1.payload,      // n.5 (string)