[omaha-client] Implement deserialization of Omaha public keys from PEM.

This CL replaces the default deserialization derivation with a custom one which uses FromStr (https://docs.rs/ecdsa/0.13.4/ecdsa/struct.VerifyingKey.html#impl-FromStr) to deserialize from a PEM string into a p256::ecdsa::VerifyingKey. The default deserialization derivation does not behave as expected: RustCrypto/elliptic-curves#536. This CL also adds a test case for deserializing that key from PEM, and deserializing a PublicKeyAndId struct from JSON. Change-Id: I2ea02fa56b70c430935e40c74f30d2a8e1173516 Bug: 95799 Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/667108 Reviewed-by: Sen Jiang <senj@google.com> Commit-Queue: James Buckland <jbuckland@google.com>
google · Apr 13, 2022 · e3faa44 · e3faa44
1 parent 0070c54
commit e3faa44
Showing 1 changed file with 34 additions and 1 deletion.
diff --git a/src/cup_ecdsa.rs b/src/cup_ecdsa.rs
@@ -6,7 +6,7 @@ use http::Response;
 use hyper::header::ETAG;
 use p256::ecdsa::{signature::Verifier as _, DerSignature};
 use rand::{thread_rng, Rng};
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Deserializer, Serialize};
 use sha2::{Digest, Sha256};
 use signature::Signature;
 use std::{collections::HashMap, convert::TryInto, fmt::Debug};
@@ -47,8 +47,18 @@ pub enum CupVerificationError {
 pub type PublicKeyId = u64;
 pub type PublicKey = p256::ecdsa::VerifyingKey;
 
+fn from_pem<'de, D>(deserializer: D) -> Result<PublicKey, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    use serde::de;
+    let s = String::deserialize(deserializer)?;
+    s.parse().map_err(de::Error::custom)
+}
+
 #[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct PublicKeyAndId {
+    #[serde(deserialize_with = "from_pem")]
     pub key: PublicKey,
     pub id: PublicKeyId,
 }
@@ -655,4 +665,27 @@ mod tests {
 
         Ok(())
     }
+
+    #[test]
+    fn test_deserialize_public_keys() {
+        use std::str::FromStr;
+
+        let verifying_key = PublicKey::from_str(
+            r#"-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHKz/tV8vLO/YnYnrN0smgRUkUoAt
+7qCZFgaBN9g5z3/EgaREkjBNfvZqwRe+/oOo0I8VXytS+fYY3URwKQSODw==
+-----END PUBLIC KEY-----"#,
+        )
+        .unwrap();
+
+        let public_key_and_id: PublicKeyAndId = serde_json::from_str(
+            r#"{
+                 "id": 123,
+                 "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHKz/tV8vLO/YnYnrN0smgRUkUoAt\n7qCZFgaBN9g5z3/EgaREkjBNfvZqwRe+/oOo0I8VXytS+fYY3URwKQSODw==\n-----END PUBLIC KEY-----"
+            }"#,
+        )
+        .unwrap();
+
+        assert_eq!(public_key_and_id.key, verifying_key);
+    }
 }