cdx-core 0.7.1

Core library for reading, writing, and validating Codex Document Format (.cdx) files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343

//! WebAuthn/FIDO2 signature verification.
//!
//! WebAuthn signatures are created client-side (in browsers or native apps)
//! using hardware security keys or platform authenticators. This module
//! provides verification of WebAuthn assertion responses.
//!
//! # Verification Process
//!
//! 1. Decode the base64-encoded fields from [`WebAuthnSignature`]
//! 2. Parse the client data JSON and verify the challenge matches the document ID
//! 3. Verify the origin matches the expected relying party
//! 4. Verify the signature over authenticator data + SHA-256(client data JSON)
//!
//! # Example
//!
//! ```ignore
//! use cdx_core::security::{WebAuthnVerifier, WebAuthnSignature, Signature};
//!
//! let verifier = WebAuthnVerifier::new(
//!     "https://example.com",  // expected origin
//!     public_key_bytes,       // credential public key
//! )?;
//!
//! let result = verifier.verify(&document_id, &signature)?;
//! ```

use base64::Engine;
use p256::ecdsa::{signature::Verifier as _, VerifyingKey};
use serde::Deserialize;
use sha2::{Digest, Sha256};

use super::signature::{Signature, SignatureVerification, WebAuthnSignature};
use super::Verifier;
use crate::error::signature_error;
use crate::{DocumentId, Result};

/// WebAuthn client data structure.
///
/// Parsed from the `clientDataJSON` field of a WebAuthn assertion.
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
struct ClientData {
    /// The type of operation (should be "webauthn.get" for assertions).
    #[serde(rename = "type")]
    type_: String,

    /// The challenge, base64url-encoded.
    challenge: String,

    /// The origin of the request.
    origin: String,

    /// Cross-origin flag (optional, required by WebAuthn spec for deserialization).
    #[serde(default)]
    #[allow(dead_code)]
    cross_origin: Option<bool>,
}

/// WebAuthn signature verifier.
///
/// Verifies WebAuthn assertion responses using the credential's public key.
/// The document ID is used as the challenge for verification.
pub struct WebAuthnVerifier {
    /// Expected origin (e.g., `https://example.com`).
    expected_origin: String,

    /// The credential's public key for signature verification.
    verifying_key: VerifyingKey,

    /// Expected credential ID (optional, for additional validation).
    expected_credential_id: Option<Vec<u8>>,
}

impl WebAuthnVerifier {
    /// Create a new WebAuthn verifier.
    ///
    /// # Arguments
    ///
    /// * `expected_origin` - The expected origin (e.g., `https://example.com`)
    /// * `public_key` - The credential's public key in uncompressed SEC1 format (65 bytes)
    ///   or compressed format (33 bytes)
    ///
    /// # Errors
    ///
    /// Returns an error if the public key cannot be parsed.
    pub fn new(expected_origin: impl Into<String>, public_key: &[u8]) -> Result<Self> {
        let verifying_key = VerifyingKey::from_sec1_bytes(public_key)
            .map_err(|e| signature_error(format!("Invalid WebAuthn public key: {e}")))?;

        Ok(Self {
            expected_origin: expected_origin.into(),
            verifying_key,
            expected_credential_id: None,
        })
    }

    /// Create a verifier from a PEM-encoded public key.
    ///
    /// # Errors
    ///
    /// Returns an error if the PEM cannot be parsed.
    pub fn from_pem(expected_origin: impl Into<String>, pem: &str) -> Result<Self> {
        use p256::pkcs8::DecodePublicKey;

        let verifying_key = VerifyingKey::from_public_key_pem(pem)
            .map_err(|e| signature_error(format!("Invalid WebAuthn public key PEM: {e}")))?;

        Ok(Self {
            expected_origin: expected_origin.into(),
            verifying_key,
            expected_credential_id: None,
        })
    }

    /// Set the expected credential ID for additional validation.
    #[must_use]
    pub fn with_credential_id(mut self, credential_id: Vec<u8>) -> Self {
        self.expected_credential_id = Some(credential_id);
        self
    }

    /// Verify a WebAuthn signature.
    fn verify_webauthn(
        &self,
        signature_id: &str,
        document_id: &DocumentId,
        webauthn: &WebAuthnSignature,
    ) -> Result<SignatureVerification> {
        let engine = base64::engine::general_purpose::STANDARD;

        // Decode credential ID
        let credential_id = engine
            .decode(&webauthn.credential_id)
            .map_err(|e| signature_error(format!("Invalid credential ID base64: {e}")))?;

        // Verify credential ID if expected
        if let Some(ref expected) = self.expected_credential_id {
            if &credential_id != expected {
                return Ok(SignatureVerification::invalid(
                    signature_id,
                    "Credential ID mismatch",
                ));
            }
        }

        // Decode client data JSON
        let client_data_bytes = engine
            .decode(&webauthn.client_data_json)
            .map_err(|e| signature_error(format!("Invalid clientDataJSON base64: {e}")))?;

        // Parse client data
        let client_data: ClientData = serde_json::from_slice(&client_data_bytes)
            .map_err(|e| signature_error(format!("Invalid clientDataJSON: {e}")))?;

        // Verify type
        if client_data.type_ != "webauthn.get" {
            return Ok(SignatureVerification::invalid(
                signature_id,
                format!(
                    "Invalid type: expected 'webauthn.get', got '{}'",
                    client_data.type_
                ),
            ));
        }

        // Verify origin
        if client_data.origin != self.expected_origin {
            return Ok(SignatureVerification::invalid(
                signature_id,
                format!(
                    "Origin mismatch: expected '{}', got '{}'",
                    self.expected_origin, client_data.origin
                ),
            ));
        }

        // Verify challenge matches document ID
        // WebAuthn uses base64url encoding for the challenge
        let challenge_bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD
            .decode(&client_data.challenge)
            .map_err(|e| signature_error(format!("Invalid challenge base64url: {e}")))?;

        if challenge_bytes != document_id.digest() {
            return Ok(SignatureVerification::invalid(
                signature_id,
                "Challenge does not match document ID",
            ));
        }

        // Decode authenticator data
        let authenticator_data = engine
            .decode(&webauthn.authenticator_data)
            .map_err(|e| signature_error(format!("Invalid authenticatorData base64: {e}")))?;

        // Verify authenticator data is at least 37 bytes (RP ID hash + flags + counter)
        if authenticator_data.len() < 37 {
            return Ok(SignatureVerification::invalid(
                signature_id,
                "Authenticator data too short",
            ));
        }

        // Verify RP ID hash (first 32 bytes of authenticator data)
        // Per WebAuthn spec section 7.2 step 13: rpIdHash must equal SHA-256(rp_id)
        let expected_rp_id = self
            .expected_origin
            .strip_prefix("https://")
            .or_else(|| self.expected_origin.strip_prefix("http://"))
            .unwrap_or(&self.expected_origin);
        let expected_rp_id_hash = Sha256::digest(expected_rp_id.as_bytes());
        if authenticator_data[..32] != expected_rp_id_hash[..] {
            return Ok(SignatureVerification::invalid(
                signature_id,
                "RP ID hash mismatch in authenticator data",
            ));
        }

        // Check user presence flag (bit 0 of flags byte at offset 32)
        let flags = authenticator_data[32];
        if flags & 0x01 == 0 {
            return Ok(SignatureVerification::invalid(
                signature_id,
                "User presence flag not set",
            ));
        }

        // Decode signature
        let signature_bytes = engine
            .decode(&webauthn.signature)
            .map_err(|e| signature_error(format!("Invalid signature base64: {e}")))?;

        // Parse the signature (DER-encoded ECDSA signature)
        let signature = p256::ecdsa::DerSignature::from_bytes(&signature_bytes)
            .map_err(|e| signature_error(format!("Invalid ECDSA signature: {e}")))?;

        // Compute the signed data: authenticator_data || SHA-256(clientDataJSON)
        let client_data_hash = Sha256::digest(&client_data_bytes);
        let mut signed_data = authenticator_data.clone();
        signed_data.extend_from_slice(&client_data_hash);

        // Verify the signature
        match self.verifying_key.verify(&signed_data, &signature) {
            Ok(()) => Ok(SignatureVerification::valid(signature_id)),
            Err(e) => Ok(SignatureVerification::invalid(
                signature_id,
                format!("Signature verification failed: {e}"),
            )),
        }
    }
}

impl Verifier for WebAuthnVerifier {
    fn verify(
        &self,
        document_id: &DocumentId,
        signature: &Signature,
    ) -> Result<SignatureVerification> {
        // Check if this is a WebAuthn signature
        let Some(webauthn) = &signature.webauthn else {
            return Ok(SignatureVerification::invalid(
                &signature.id,
                "Not a WebAuthn signature",
            ));
        };

        // Verify the WebAuthn assertion
        self.verify_webauthn(&signature.id, document_id, webauthn)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::security::SignerInfo;
    use crate::{HashAlgorithm, Hasher};

    #[test]
    fn test_webauthn_signature_new() {
        let sig = WebAuthnSignature::new(
            "Y3JlZGVudGlhbC1pZA==",
            "YXV0aGVudGljYXRvci1kYXRh",
            "Y2xpZW50LWRhdGEtanNvbg==",
            "c2lnbmF0dXJl",
        );

        assert_eq!(sig.credential_id, "Y3JlZGVudGlhbC1pZA==");
        assert_eq!(sig.authenticator_data, "YXV0aGVudGljYXRvci1kYXRh");
        assert_eq!(sig.client_data_json, "Y2xpZW50LWRhdGEtanNvbg==");
        assert_eq!(sig.signature, "c2lnbmF0dXJl");
    }

    #[test]
    fn test_signature_new_webauthn() {
        let webauthn = WebAuthnSignature::new("Y3JlZA==", "YXV0aA==", "Y2xpZW50", "c2ln");

        let signer = SignerInfo::new("Test User");
        let sig = Signature::new_webauthn("sig-webauthn-1", signer, webauthn);

        assert!(sig.is_webauthn());
        assert_eq!(sig.algorithm, super::super::SignatureAlgorithm::ES256);
        assert!(sig.value.is_empty());
        assert!(sig.webauthn_data().is_some());
    }

    #[test]
    fn test_webauthn_signature_serialization() {
        let webauthn =
            WebAuthnSignature::new("credential-id", "auth-data", "client-data", "signature");

        let json = serde_json::to_string(&webauthn).unwrap();
        assert!(json.contains("\"credentialId\":\"credential-id\""));
        assert!(json.contains("\"authenticatorData\":\"auth-data\""));
        assert!(json.contains("\"clientDataJson\":\"client-data\""));
        assert!(json.contains("\"signature\":\"signature\""));

        let parsed: WebAuthnSignature = serde_json::from_str(&json).unwrap();
        assert_eq!(parsed.credential_id, "credential-id");
    }

    #[test]
    fn test_verifier_rejects_non_webauthn() {
        // Generate a test key pair
        use p256::elliptic_curve::Generate;
        let signing_key = p256::ecdsa::SigningKey::generate();
        let verifying_key = signing_key.verifying_key();
        let public_key = verifying_key.to_sec1_bytes();

        let verifier = WebAuthnVerifier::new("https://example.com", &public_key).unwrap();

        let doc_id = Hasher::hash(HashAlgorithm::Sha256, b"test");
        let signer = SignerInfo::new("Test");
        let sig = Signature::new(
            "sig-1",
            super::super::SignatureAlgorithm::ES256,
            signer,
            "base64sig",
        );

        let result = verifier.verify(&doc_id, &sig).unwrap();
        assert!(!result.is_valid());
        assert!(result.error.as_ref().unwrap().contains("Not a WebAuthn"));
    }
}