Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C2PA v2.1 Updates - BMFF hash v3 assertion #213

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

C2PA v2.1 Updates - BMFF hash v3 assertion #213

wants to merge 7 commits into from

Conversation

karlobencic
Copy link
Contributor

No description provided.

@karlobencic karlobencic requested a review from cyraxx January 14, 2025 14:45
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 14, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 8c5fec0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@cyraxx
Copy link
Contributor

cyraxx commented Jan 14, 2025

The BMFF hashing is quite complicated, so it would be crucial to get some sort of testing for this, covering:

  • Existing BMFF hashing to avoid regressions
    • This could be handled by signing our example trustnxt-icon.heic using c2patool and/or our own code and add it as an input asset-reading.test.ts
  • v3 extensions
    • We will need example files, or at least unit tests for just the hash assertion including some sample HEIC data
  • Merkle tree validation

cyraxx
cyraxx reviewed Jan 16, 2025
View reviewed changes
src/manifest/assertions/BMFFHashAssertion.ts Outdated

if (!mdatBox) {
throw new ValidationError(ValidationStatusCode.AssertionBMFFHashMismatch, this.sourceBox, 'mdat not found');
}

// Start from the data portion of mdat (after 8-byte header)
const dataOffset = mdatBox.offset + 8;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be able to use mdatBox.payloadOffset for this

@karlobencic karlobencic force-pushed the feature/bmff-hash-v3-assertion branch from 0733b3d to acd6838 Compare January 16, 2025 11:02
@karlobencic
Refactor AssertionUtils and BMFFHashAssertion for improved exclusion …
8c5fec0 
…handling and validation logic

- Simplified exclusion sorting in AssertionUtils to only consider start positions.
- Enhanced data processing in AssertionUtils to correctly handle offset markers and remaining data.
- Updated BMFFHashAssertion to use mdatBox.payloadOffset for data retrieval, ensuring compliance with specifications.
- Modified test cases to reflect changes in exclusion structure and improve validation checks for BMFF hash assertions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cyraxx cyraxx cyraxx left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@karlobencic @cyraxx