Replace QCBOR/t_cose with COSE-OpenSSL (Rust FFI) by maxtropets · Pull Request #7734 · microsoft/CCF

maxtropets · 2026-03-11T16:33:58Z

✅ Long Test passed
✔️ No regression in benchmarks

Reviewer's note:

ignore 3rdparty/*.
The Rust FFI is currently the simplest possible
- Exposes built-in sign_endoded(), verify() and verify_decoded()
- For sign()ing non-encoded, exposes cose_sign_ledger() and cose_sign_endorsement()
- These are to be replaced by a fancies high-level CBOR FFI wrapper in the future, out of scope for this PR
Other nice-to-have but out-of-scope things
- More detailed error propagation
  - Actually, done in this PR
- Perf: keys caching, etc
  - Actually, do it here, to avoid perf degradation
- Rust: linters, formatting, etc

Before ready:

PoC proven, can scrap t_cose/qcbor
Unit-test all FFI wrappers
Optimise to call decoded verify where possible
Rustup?..
Move cose_openssl to 3rdparty, actually
Make sure reproducibility stays
Build/link (preventive release testing)

Copilot

Pull request overview

This PR removes the vendored QCBOR/t_cose implementation and introduces a new Rust crate (cose-openssl) to perform COSE_Sign1 signing and verification via OpenSSL (intended to be consumed through a minimal FFI layer).

Changes:

Delete the existing vendored t_cose and QCBOR sources/build/test scaffolding.
Add a new Rust cose-openssl crate implementing COSE_Sign1 signing/verifying, including unit tests.
Switch low-level signing/verifying to OpenSSL EVP one-shot APIs, including ECDSA DER<->fixed conversions and RSA-PSS digest selection by COSE alg.

Reviewed changes

Copilot reviewed 57 out of 110 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
3rdparty/internal/t_cose/src/t_cose_sign1_sign.c	Removes t_cose signing implementation (vendored deletion).
3rdparty/internal/t_cose/src/t_cose_short_circuit.h	Removes short-circuit signature header (vendored deletion).
3rdparty/internal/t_cose/src/t_cose_short_circuit.c	Removes short-circuit signature implementation (vendored deletion).
3rdparty/internal/t_cose/src/t_cose_parameters.h	Removes COSE header parameter parsing types (vendored deletion).
3rdparty/internal/t_cose/src/t_cose_parameters.c	Removes COSE header parameter parsing implementation (vendored deletion).
3rdparty/internal/t_cose/mainpage.dox	Removes t_cose Doxygen main page (vendored deletion).
3rdparty/internal/t_cose/main.c	Removes t_cose test runner main (vendored deletion).
3rdparty/internal/t_cose/inc/t_cose/t_cose_sign1_verify.h	Removes t_cose verification API header (vendored deletion).
3rdparty/internal/t_cose/inc/t_cose/t_cose_common.h	Removes t_cose common constants/errors header (vendored deletion).
3rdparty/internal/t_cose/inc/t_cose/q_useful_buf.h	Removes q_useful_buf wrapper header (vendored deletion).
3rdparty/internal/t_cose/examples/t_cose_basic_example_psa.c	Removes PSA example (vendored deletion).
3rdparty/internal/t_cose/crypto_adapters/t_cose_test_crypto.c	Removes test crypto adapter (vendored deletion).
3rdparty/internal/t_cose/crypto_adapters/t_cose_psa_crypto.c	Removes PSA crypto adapter (vendored deletion).
3rdparty/internal/t_cose/crypto_adapters/b_con_hash/sha256.h	Removes bundled SHA256 header (vendored deletion).
3rdparty/internal/t_cose/crypto_adapters/b_con_hash/sha256.c	Removes bundled SHA256 implementation (vendored deletion).
3rdparty/internal/t_cose/cmake/FindQCBOR.cmake	Removes CMake find-module for QCBOR (vendored deletion).
3rdparty/internal/t_cose/cmake/FindMbedTLS.cmake	Removes CMake find-module for MbedTLS (vendored deletion).
3rdparty/internal/t_cose/SECURITY.md	Removes t_cose security policy (vendored deletion).
3rdparty/internal/t_cose/README.md	Removes t_cose readme (vendored deletion).
3rdparty/internal/t_cose/Makefile.test	Removes t_cose test makefile (vendored deletion).
3rdparty/internal/t_cose/Makefile.psa	Removes t_cose PSA makefile (vendored deletion).
3rdparty/internal/t_cose/Makefile.ossl	Removes t_cose OpenSSL makefile (vendored deletion).
3rdparty/internal/t_cose/LICENSE	Removes t_cose license file (vendored deletion).
3rdparty/internal/t_cose/CONTRIBUTING.md	Removes t_cose contributing doc (vendored deletion).
3rdparty/internal/t_cose/CMakeLists.txt	Removes t_cose CMake build (vendored deletion).
3rdparty/internal/t_cose/.gitignore	Removes t_cose gitignore (vendored deletion).
3rdparty/internal/t_cose/.github/workflows/pages.yml	Removes t_cose GitHub Pages workflow (vendored deletion).
3rdparty/internal/t_cose/.github/workflows/ci.yml	Removes t_cose CI workflow (vendored deletion).
3rdparty/internal/cose-openssl/src/verify.rs	Adds OpenSSL-backed signature verification code.
3rdparty/internal/cose-openssl/src/sign.rs	Adds OpenSSL-backed signature generation code.
3rdparty/internal/cose-openssl/src/lib.rs	Adds crate module wiring and exports.
3rdparty/internal/cose-openssl/src/cose.rs	Adds COSE_Sign1 envelope creation and verification helpers + tests.
3rdparty/internal/cose-openssl/Cargo.toml	Adds Rust crate manifest, dependencies, and lint settings.
3rdparty/internal/cose-openssl/.gitignore	Ignores Cargo build artifacts and lockfile.
3rdparty/internal/QCBOR/src/qcbor_err_to_str.c	Removes QCBOR error-to-string implementation (vendored deletion).
3rdparty/internal/QCBOR/src/ieee754.h	Removes QCBOR float conversion header (vendored deletion).
3rdparty/internal/QCBOR/src/UsefulBuf.c	Removes UsefulBuf implementation (vendored deletion).
3rdparty/internal/QCBOR/inc/qcbor/qcbor_private.h	Removes QCBOR private header (vendored deletion).
3rdparty/internal/QCBOR/inc/qcbor/qcbor.h	Removes qcbor.h shim header (vendored deletion).
3rdparty/internal/QCBOR/inc/qcbor.h	Removes top-level qcbor include shim (vendored deletion).
3rdparty/internal/QCBOR/inc/UsefulBuf.h	Removes top-level UsefulBuf include shim (vendored deletion).
3rdparty/internal/QCBOR/SECURITY.md	Removes QCBOR security policy (vendored deletion).
3rdparty/internal/QCBOR/README.md	Removes QCBOR readme (vendored deletion).
3rdparty/internal/QCBOR/Makefile	Removes QCBOR makefile (vendored deletion).
3rdparty/internal/QCBOR/LICENSE	Removes QCBOR license file (vendored deletion).
3rdparty/internal/QCBOR/CMakeLists.txt	Removes QCBOR CMake build (vendored deletion).

achamayou

@maxtropets can we have a little one-off picobench, covering say signing and verification of a simple envelope (something like a ledger signature say), pitting t_cose against cose-rs?

Something like https://github.com/microsoft/CCF/blob/main/src/crypto/test/bench.cpp#L61, but COSE?

Edit: #7759

maxtropets · 2026-03-24T23:58:05Z

@maxtropets can we have a little one-off picobench, covering say signing and verification of a simple envelope (something like a ledger signature say), pitting t_cose against cose-rs?

Something like https://github.com/microsoft/CCF/blob/main/src/crypto/test/bench.cpp#L61, but COSE?

Edit: #7759

#7768

maxtropets self-assigned this Mar 11, 2026

maxtropets force-pushed the f/hehehe branch 2 times, most recently from 8ed71eb to 578b545 Compare March 11, 2026 17:54

maxtropets added the bench-ab label Mar 12, 2026

cjen1-msft reviewed Mar 12, 2026

View reviewed changes

Comment thread scripts/setup-ci.sh Outdated

maxtropets force-pushed the f/hehehe branch 4 times, most recently from 6e402ba to 09d38ae Compare March 16, 2026 12:35

maxtropets changed the title ~~[Do not merge] [Testing FFI]~~ [WIP] Replace QCBOR/t_cose with COSE-OpenSSL (Rust FFI) Mar 16, 2026

maxtropets removed the bench-ab label Mar 17, 2026

maxtropets force-pushed the f/hehehe branch from f6b3370 to 1348485 Compare March 17, 2026 11:13

maxtropets mentioned this pull request Mar 17, 2026

Add Rust to setup-ci.sh #7743

Merged

maxtropets force-pushed the f/hehehe branch 2 times, most recently from 43c042c to 3ded4e4 Compare March 17, 2026 13:53

maxtropets changed the title ~~[WIP] Replace QCBOR/t_cose with COSE-OpenSSL (Rust FFI)~~ Replace QCBOR/t_cose with COSE-OpenSSL (Rust FFI) Mar 17, 2026

maxtropets commented Mar 17, 2026

View reviewed changes

Comment thread .github/workflows/ci.yml Outdated

maxtropets commented Mar 17, 2026

View reviewed changes

Comment thread .github/workflows/ci.yml Outdated

maxtropets force-pushed the f/hehehe branch 3 times, most recently from 11e6518 to a71f8db Compare March 17, 2026 15:55

maxtropets commented Mar 17, 2026

View reviewed changes

Comment thread .github/workflows/release.yml Outdated

maxtropets force-pushed the f/hehehe branch from a71f8db to cad8d26 Compare March 17, 2026 16:54

maxtropets added the bench-ab label Mar 17, 2026

maxtropets force-pushed the f/hehehe branch 3 times, most recently from 04a1efd to 4e4d2ac Compare March 19, 2026 11:09

maxtropets added run-long-test Run Long Test job labels Mar 19, 2026

Replace t_cose and QCBOR with Rust COSE lib

4f5df55

Copilot AI reviewed Mar 20, 2026

View reviewed changes

Comment thread 3rdparty/internal/cose-openssl/Cargo.toml

Comment thread 3rdparty/internal/cose-openssl/.gitignore

Comment thread 3rdparty/internal/cose-openssl/src/verify.rs

Comment thread 3rdparty/internal/cose-openssl/src/cose.rs

maxtropets and others added 2 commits March 20, 2026 14:27

Make cache non-static

3879231

Merge branch 'main' into f/hehehe

fdf9ca1

achamayou reviewed Mar 21, 2026

View reviewed changes

Comment thread 3rdparty/internal/cose-openssl/src/cbor.rs

maxtropets removed run-long-test Run Long Test job bench-ab labels Mar 22, 2026

Code review, includes, cmake

d0f6ee6

maxtropets force-pushed the f/hehehe branch from f0073a2 to d0f6ee6 Compare March 22, 2026 17:17