Rename indirect-signature content validation to ContentDigest verbiage (V2)

V2/Cose.Abstractions/README.md

@@ -5,7 +5,7 @@ Generic COSE abstractions that are independent of any specific COSE message type
 ## Contents
 - `CoseHeaderLocation` — Flags for searching protected/unprotected headers
 - `IndirectSignatureHeaderLabels` — RFC 9054 header label constants
-- `SignatureFormat` — Signature format enumeration
+- `ContentDigestFormat` — Signature format enumeration
 
 ## Polyfills
 - `Guard` — Cross-framework argument validation (ThrowIfNull, ThrowIfDisposed, etc.)

V2/CoseSign1.Abstractions.Tests/Extensions/ContentDigestFormatTests.cs

@@ -0,0 +1,53 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+namespace CoseSign1.Abstractions.Tests.Extensions;
+
+using System.Security.Cryptography.Cose;
+
+/// <summary>
+/// Tests for <see cref="ContentDigestFormat"/> enum.
+/// </summary>
+[TestFixture]
+public class ContentDigestFormatTests
+{
+    [Test]
+    public void Direct_HasValue0()
+    {
+        Assert.That((int)ContentDigestFormat.Direct, Is.EqualTo(0));
+    }
+
+    [Test]
+    public void IndirectHashLegacy_HasValue1()
+    {
+        Assert.That((int)ContentDigestFormat.IndirectHashLegacy, Is.EqualTo(1));
+    }
+
+    [Test]
+    public void IndirectCoseHashV_HasValue2()
+    {
+        Assert.That((int)ContentDigestFormat.IndirectCoseHashV, Is.EqualTo(2));
+    }
+
+    [Test]
+    public void IndirectCoseHashEnvelope_HasValue3()
+    {
+        Assert.That((int)ContentDigestFormat.IndirectCoseHashEnvelope, Is.EqualTo(3));
+    }
+
+    [Test]
+    public void AllValues_AreUnique()
+    {
+        var values = Enum.GetValues<ContentDigestFormat>();
+        Assert.That(values.Distinct().Count(), Is.EqualTo(values.Length));
+    }
+
+    [Test]
+    public void AllValues_AreDefined()
+    {
+        Assert.That(Enum.IsDefined(ContentDigestFormat.Direct), Is.True);
+        Assert.That(Enum.IsDefined(ContentDigestFormat.IndirectHashLegacy), Is.True);
+        Assert.That(Enum.IsDefined(ContentDigestFormat.IndirectCoseHashV), Is.True);
+        Assert.That(Enum.IsDefined(ContentDigestFormat.IndirectCoseHashEnvelope), Is.True);
+    }
+}

V2/CoseSign1.Abstractions.Tests/Extensions/CoseSign1MessageExtensionsTests.cs

@@ -91,76 +91,76 @@ public void IsIndirectSignature_WithPayloadHashAlgHeader_ReturnsTrue()
 
     #endregion
 
-    #region GetSignatureFormat Tests
+    #region GetContentDigestFormat Tests
 
     [Test]
-    public void GetSignatureFormat_WithNoIndirectMarkers_ReturnsDirect()
+    public void GetContentDigestFormat_WithNoIndirectMarkers_ReturnsDirect()
     {
         var headers = new CoseHeaderMap
         {
             { CoseHeaderLabel.ContentType, CoseHeaderValue.FromString("application/json") }
         };
         var message = CreateMessageWithHeaders(headers);
 
-        Assert.That(message.GetSignatureFormat(), Is.EqualTo(SignatureFormat.Direct));
+        Assert.That(message.GetContentDigestFormat(), Is.EqualTo(ContentDigestFormat.Direct));
     }
 
     [Test]
-    public void GetSignatureFormat_WithPayloadHashAlgHeader_ReturnsCoseHashEnvelope()
+    public void GetContentDigestFormat_WithPayloadHashAlgHeader_ReturnsCoseHashEnvelope()
     {
         var headers = new CoseHeaderMap
         {
             { IndirectSignatureHeaderLabels.PayloadHashAlg, CoseHeaderValue.FromInt32(-16) }
         };
         var message = CreateMessageWithHeaders(headers);
 
-        Assert.That(message.GetSignatureFormat(), Is.EqualTo(SignatureFormat.IndirectCoseHashEnvelope));
+        Assert.That(message.GetContentDigestFormat(), Is.EqualTo(ContentDigestFormat.IndirectCoseHashEnvelope));
     }
 
     [Test]
-    public void GetSignatureFormat_WithCoseHashVContentType_ReturnsCoseHashV()
+    public void GetContentDigestFormat_WithCoseHashVContentType_ReturnsCoseHashV()
     {
         var headers = new CoseHeaderMap
         {
             { CoseHeaderLabel.ContentType, CoseHeaderValue.FromString("application/json+cose-hash-v") }
         };
         var message = CreateMessageWithHeaders(headers);
 
-        Assert.That(message.GetSignatureFormat(), Is.EqualTo(SignatureFormat.IndirectCoseHashV));
+        Assert.That(message.GetContentDigestFormat(), Is.EqualTo(ContentDigestFormat.IndirectCoseHashV));
     }
 
     [Test]
-    public void GetSignatureFormat_WithHashLegacyContentType_ReturnsHashLegacy()
+    public void GetContentDigestFormat_WithHashLegacyContentType_ReturnsHashLegacy()
     {
         var headers = new CoseHeaderMap
         {
             { CoseHeaderLabel.ContentType, CoseHeaderValue.FromString("application/json+hash-sha256") }
         };
         var message = CreateMessageWithHeaders(headers);
 
-        Assert.That(message.GetSignatureFormat(), Is.EqualTo(SignatureFormat.IndirectHashLegacy));
+        Assert.That(message.GetContentDigestFormat(), Is.EqualTo(ContentDigestFormat.IndirectHashLegacy));
     }
 
     [Test]
-    public void GetSignatureFormat_WithNullMessage_ReturnsDirect()
+    public void GetContentDigestFormat_WithNullMessage_ReturnsDirect()
     {
         CoseSign1Message? message = null;
 
-        Assert.That(message!.GetSignatureFormat(), Is.EqualTo(SignatureFormat.Direct));
+        Assert.That(message!.GetContentDigestFormat(), Is.EqualTo(ContentDigestFormat.Direct));
     }
 
     [TestCase("application/test+hash-sha384")]
     [TestCase("text/plain+hash-SHA512")]
     [TestCase("application/octet-stream+hash-sha_256")]
-    public void GetSignatureFormat_WithVariousHashLegacyFormats_ReturnsHashLegacy(string contentType)
+    public void GetContentDigestFormat_WithVariousHashLegacyFormats_ReturnsHashLegacy(string contentType)
     {
         var headers = new CoseHeaderMap
         {
             { CoseHeaderLabel.ContentType, CoseHeaderValue.FromString(contentType) }
         };
         var message = CreateMessageWithHeaders(headers);
 
-        Assert.That(message.GetSignatureFormat(), Is.EqualTo(SignatureFormat.IndirectHashLegacy));
+        Assert.That(message.GetContentDigestFormat(), Is.EqualTo(ContentDigestFormat.IndirectHashLegacy));
     }
 
     #endregion

V2/CoseSign1.Abstractions/Extensions/SignatureFormat.cs → V2/CoseSign1.Abstractions/Extensions/ContentDigestFormat.cs

@@ -4,9 +4,9 @@
 namespace System.Security.Cryptography.Cose;
 
 /// <summary>
-/// Specifies the signature format used by a COSE Sign1 message.
+/// Specifies the content-digest format used by a COSE Sign1 message.
 /// </summary>
-public enum SignatureFormat
+public enum ContentDigestFormat
 {
     /// <summary>
     /// Standard embedded or detached signature where the payload is signed directly.

V2/CoseSign1.Abstractions/Extensions/CoseSign1MessageExtensions.cs

@@ -31,24 +31,24 @@ internal static class ClassStrings
     /// <param name="message">The COSE Sign1 message to inspect.</param>
     /// <returns><see langword="true"/> if the message uses any indirect signature format; otherwise, <see langword="false"/>.</returns>
     public static bool IsIndirectSignature(this CoseSign1Message message)
-        => message.GetSignatureFormat() != SignatureFormat.Direct;
+        => message.GetContentDigestFormat() != ContentDigestFormat.Direct;
 
     /// <summary>
     /// Determines the signature format type.
     /// </summary>
     /// <param name="message">The COSE Sign1 message to inspect.</param>
-    /// <returns>The <see cref="SignatureFormat"/> for the provided message.</returns>
-    public static SignatureFormat GetSignatureFormat(this CoseSign1Message message)
+    /// <returns>The <see cref="ContentDigestFormat"/> for the provided message.</returns>
+    public static ContentDigestFormat GetContentDigestFormat(this CoseSign1Message message)
     {
         if (message == null)
         {
-            return SignatureFormat.Direct;
+            return ContentDigestFormat.Direct;
         }
 
         // Check for CoseHashEnvelope (has header 258 - payload hash algorithm)
         if (message.ProtectedHeaders.ContainsKey(IndirectSignatureHeaderLabels.PayloadHashAlg))
         {
-            return SignatureFormat.IndirectCoseHashEnvelope;
+            return ContentDigestFormat.IndirectCoseHashEnvelope;
         }
 
         // Check content-type header for indirect signature markers
@@ -57,16 +57,16 @@ public static SignatureFormat GetSignatureFormat(this CoseSign1Message message)
         {
             if (CoseHashVRegex.IsMatch(contentType))
             {
-                return SignatureFormat.IndirectCoseHashV;
+                return ContentDigestFormat.IndirectCoseHashV;
             }
 
             if (HashLegacyRegex.IsMatch(contentType))
             {
-                return SignatureFormat.IndirectHashLegacy;
+                return ContentDigestFormat.IndirectHashLegacy;
             }
         }
 
-        return SignatureFormat.Direct;
+        return ContentDigestFormat.Direct;
     }
 
     #endregion
@@ -91,10 +91,10 @@ public static bool TryGetContentType(
             return false;
         }
 
-        var format = message.GetSignatureFormat();
+        var format = message.GetContentDigestFormat();
 
         // For indirect signatures, get the pre-image content type
-        if (format != SignatureFormat.Direct)
+        if (format != ContentDigestFormat.Direct)
         {
             return message.TryGetIndirectContentType(format, out contentType);
         }
@@ -111,16 +111,16 @@ public static bool TryGetContentType(
     /// </summary>
     private static bool TryGetIndirectContentType(
         this CoseSign1Message message,
-        SignatureFormat format,
+        ContentDigestFormat format,
         out string? contentType)
     {
         switch (format)
         {
-            case SignatureFormat.IndirectCoseHashEnvelope:
+            case ContentDigestFormat.IndirectCoseHashEnvelope:
                 // For CoseHashEnvelope, content type is in header 259 (preimage content type)
                 return message.TryGetPreImageContentType(out contentType);
 
-            case SignatureFormat.IndirectCoseHashV:
+            case ContentDigestFormat.IndirectCoseHashV:
                 // For CoseHashV, strip the "+cose-hash-v" extension
                 if (message.TryGetHeader(CoseHeaderLabel.ContentType, out string? rawContentType))
                 {
@@ -130,7 +130,7 @@ private static bool TryGetIndirectContentType(
                 contentType = null;
                 return false;
 
-            case SignatureFormat.IndirectHashLegacy:
+            case ContentDigestFormat.IndirectHashLegacy:
                 // For legacy indirect, strip the "+hash-*" extension
                 if (message.TryGetHeader(CoseHeaderLabel.ContentType, out rawContentType))
                 {
@@ -194,7 +194,7 @@ public static bool TryGetPayloadLocation(
         }
 
         // Payload location is only meaningful for CoseHashEnvelope format
-        if (message.GetSignatureFormat() != SignatureFormat.IndirectCoseHashEnvelope)
+        if (message.GetContentDigestFormat() != ContentDigestFormat.IndirectCoseHashEnvelope)
         {
             payloadLocation = null;
             return false;

V2/CoseSign1.Certificates/Trust/Facts/AssemblyStrings.cs

@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+namespace CoseSign1.Certificates.Trust.Facts;
+
+using System.Diagnostics.CodeAnalysis;
+
+/// <summary>
+/// String-literal pool for facts shipped from the certificate trust pack. The repo's
+/// <c>StringLiteralAnalyzer</c> requires user-visible literals (including <c>[TrustFactId]</c>
+/// values) to be sourced from a central <c>ClassStrings</c> static so id renames are diff-able
+/// in one place.
+/// </summary>
+[ExcludeFromCodeCoverage]
+internal static class AssemblyStrings
+{
+    internal const string FactIdCertificateSigningKeyTrust = "certificate-signing-key-trust/v1";
+    internal const string FactIdX509ChainElementIdentity = "x509-chain-element-identity/v1";
+    internal const string FactIdX509ChainTrusted = "x509-chain-trusted/v1";
+    internal const string FactIdX509SigningCertificateBasicConstraints = "x509-cert-basic-constraints/v1";
+    internal const string FactIdX509SigningCertificateEku = "x509-cert-eku/v1";
+    internal const string FactIdX509SigningCertificateIdentityAllowed = "x509-cert-identity-allowed/v1";
+    internal const string FactIdX509SigningCertificateIdentity = "x509-cert-identity/v1";
+    internal const string FactIdX509SigningCertificateKeyUsage = "x509-cert-key-usage/v1";
+    internal const string FactIdX509X5ChainCertificateIdentity = "x509-x5chain-cert-identity/v1";
+}

V2/CoseSign1.Certificates/Trust/Facts/CertificateSigningKeyTrustFact.cs

@@ -10,6 +10,7 @@ namespace CoseSign1.Certificates.Trust.Facts;
 /// <summary>
 /// Fact summarizing certificate identity and trust evaluation for a message's signing key.
 /// </summary>
+[TrustFactId(AssemblyStrings.FactIdCertificateSigningKeyTrust)]
 public sealed class CertificateSigningKeyTrustFact : ISigningKeyFact
 {
     /// <inheritdoc />

V2/CoseSign1.Certificates/Trust/Facts/X509ChainElementIdentityFact.cs

@@ -12,6 +12,7 @@ namespace CoseSign1.Certificates.Trust.Facts;
 /// <remarks>
 /// Depth 0 is the leaf (signing) certificate. Depth increases toward the root.
 /// </remarks>
+[TrustFactId(AssemblyStrings.FactIdX509ChainElementIdentity)]
 public sealed class X509ChainElementIdentityFact : ISigningKeyFact
 {
     /// <inheritdoc />

V2/CoseSign1.Certificates/Trust/Facts/X509ChainTrustedFact.cs

@@ -9,6 +9,7 @@ namespace CoseSign1.Certificates.Trust.Facts;
 /// <summary>
 /// Fact summarizing X.509 chain trust evaluation for the primary signing key certificate.
 /// </summary>
+[TrustFactId(AssemblyStrings.FactIdX509ChainTrusted)]
 public sealed class X509ChainTrustedFact : ISigningKeyFact
 {
     /// <inheritdoc />

V2/CoseSign1.Certificates/Trust/Facts/X509SigningCertificateBasicConstraintsFact.cs

@@ -9,6 +9,7 @@ namespace CoseSign1.Certificates.Trust.Facts;
 /// <summary>
 /// Fact describing the basic constraints of the signing certificate.
 /// </summary>
+[TrustFactId(AssemblyStrings.FactIdX509SigningCertificateBasicConstraints)]
 public sealed class X509SigningCertificateBasicConstraintsFact : ISigningKeyFact
 {
     /// <inheritdoc />

V2/CoseSign1.Certificates/Trust/Facts/X509SigningCertificateEkuFact.cs

@@ -9,6 +9,7 @@ namespace CoseSign1.Certificates.Trust.Facts;
 /// <summary>
 /// Fact representing an EKU OID on the signing certificate.
 /// </summary>
+[TrustFactId(AssemblyStrings.FactIdX509SigningCertificateEku)]
 public sealed class X509SigningCertificateEkuFact : ISigningKeyFact
 {
     /// <inheritdoc />

V2/CoseSign1.Certificates/Trust/Facts/X509SigningCertificateIdentityAllowedFact.cs

@@ -9,6 +9,7 @@ namespace CoseSign1.Certificates.Trust.Facts;
 /// <summary>
 /// Fact indicating whether the signing certificate identity satisfies the configured allow-list.
 /// </summary>
+[TrustFactId(AssemblyStrings.FactIdX509SigningCertificateIdentityAllowed)]
 public sealed class X509SigningCertificateIdentityAllowedFact : ISigningKeyFact
 {
     /// <inheritdoc />