Add APIs required for counter signature scenarios

src/libraries/System.Security.Cryptography.Cose/ref/System.Security.Cryptography.Cose.cs

@@ -77,6 +77,7 @@ public abstract partial class CoseMessage
     {
         internal CoseMessage() { }
         public System.ReadOnlyMemory<byte>? Content { get { throw null; } }
+        public System.ReadOnlyMemory<byte> EncodedProtectedHeaders { get { throw null; } }
         public System.Security.Cryptography.Cose.CoseHeaderMap ProtectedHeaders { get { throw null; } }
         public System.Security.Cryptography.Cose.CoseHeaderMap UnprotectedHeaders { get { throw null; } }
         public static System.Security.Cryptography.Cose.CoseMultiSignMessage DecodeMultiSign(byte[] cborPayload) { throw null; }
@@ -114,6 +115,7 @@ public void RemoveSignature(System.Security.Cryptography.Cose.CoseSignature sign
     public sealed partial class CoseSign1Message : System.Security.Cryptography.Cose.CoseMessage
     {
         internal CoseSign1Message() { }
+        public System.ReadOnlyMemory<byte> Signature { get { throw null; } }
         public override int GetEncodedLength() { throw null; }
         public static byte[] SignDetached(byte[] detachedContent, System.Security.Cryptography.Cose.CoseSigner signer, byte[]? associatedData = null) { throw null; }
         public static byte[] SignDetached(System.IO.Stream detachedContent, System.Security.Cryptography.Cose.CoseSigner signer, System.ReadOnlySpan<byte> associatedData = default(System.ReadOnlySpan<byte>)) { throw null; }
@@ -134,7 +136,9 @@ internal CoseSign1Message() { }
     public sealed partial class CoseSignature
     {
         internal CoseSignature() { }
+        public System.ReadOnlyMemory<byte> EncodedProtectedHeaders { get { throw null; } }
         public System.Security.Cryptography.Cose.CoseHeaderMap ProtectedHeaders { get { throw null; } }
+        public System.ReadOnlyMemory<byte> Signature { get { throw null; } }
         public System.Security.Cryptography.Cose.CoseHeaderMap UnprotectedHeaders { get { throw null; } }
         public bool VerifyDetached(System.Security.Cryptography.AsymmetricAlgorithm key, byte[] detachedContent, byte[]? associatedData = null) { throw null; }
         public bool VerifyDetached(System.Security.Cryptography.AsymmetricAlgorithm key, System.IO.Stream detachedContent, System.ReadOnlySpan<byte> associatedData = default(System.ReadOnlySpan<byte>)) { throw null; }

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseMessage.cs

@@ -24,24 +24,26 @@ public abstract class CoseMessage
         internal const CborTag Sign1Tag = (CborTag)18;
         internal const CborTag MultiSignTag = (CborTag)98;
 
-        internal byte[]? _content;
-        internal byte[] _protectedHeaderAsBstr;
-        internal bool _isTagged;
+        internal readonly byte[]? _content;
+        internal readonly byte[] _encodedProtectedHeaders;
+        internal readonly bool _isTagged;
 
         private CoseHeaderMap _protectedHeaders;
         private CoseHeaderMap _unprotectedHeaders;
-        public CoseHeaderMap ProtectedHeaders => _protectedHeaders;
-        public CoseHeaderMap UnprotectedHeaders => _unprotectedHeaders;
 
-        internal CoseMessage(CoseHeaderMap protectedHeader, CoseHeaderMap unprotectedHeader, byte[]? content, byte[] encodedProtectedHeader, bool isTagged)
+        internal CoseMessage(CoseHeaderMap protectedHeaders, CoseHeaderMap unprotectedHeaders, byte[]? content, byte[] encodedProtectedHeaders, bool isTagged)
         {
             _content = content;
-            _protectedHeaderAsBstr = encodedProtectedHeader;
-            _protectedHeaders = protectedHeader;
-            _unprotectedHeaders = unprotectedHeader;
+            _encodedProtectedHeaders = encodedProtectedHeaders;
+            _protectedHeaders = protectedHeaders;
+            _unprotectedHeaders = unprotectedHeaders;
             _isTagged = isTagged;
         }
 
+        public CoseHeaderMap ProtectedHeaders => _protectedHeaders;
+        public CoseHeaderMap UnprotectedHeaders => _unprotectedHeaders;
+        public ReadOnlyMemory<byte> EncodedProtectedHeaders => _encodedProtectedHeaders;
+
         // Sign and MAC also refer to the content as payload.
         // Encrypt also refers to the content as cyphertext.
         public ReadOnlyMemory<byte>? Content
@@ -98,13 +100,13 @@ private static CoseSign1Message DecodeCoseSign1Core(CborReader reader)
                     throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.DecodeSign1ArrayLengthMustBeFour));
                 }
 
-                var protectedHeader = new CoseHeaderMap();
-                DecodeProtectedBucket(reader, protectedHeader, out byte[] protectedHeaderAsBstr);
+                var protectedHeaders = new CoseHeaderMap();
+                DecodeProtectedBucket(reader, protectedHeaders, out byte[] encodedProtectedHeaders);
 
-                var unprotectedHeader = new CoseHeaderMap();
-                DecodeUnprotectedBucket(reader, unprotectedHeader);
+                var unprotectedHeaders = new CoseHeaderMap();
+                DecodeUnprotectedBucket(reader, unprotectedHeaders);
 
-                ThrowIfDuplicateLabels(protectedHeader, unprotectedHeader);
+                ThrowIfDuplicateLabels(protectedHeaders, unprotectedHeaders);
 
                 byte[]? payload = DecodePayload(reader);
                 byte[] signature = DecodeSignature(reader);
@@ -115,7 +117,7 @@ private static CoseSign1Message DecodeCoseSign1Core(CborReader reader)
                     throw new CryptographicException(SR.Format(SR.DecodeErrorWhileDecoding, SR.DecodeSign1MesageContainedTrailingData));
                 }
 
-                return new CoseSign1Message(protectedHeader, unprotectedHeader, payload, signature, protectedHeaderAsBstr, tag.HasValue);
+                return new CoseSign1Message(protectedHeaders, unprotectedHeaders, payload, signature, encodedProtectedHeaders, tag.HasValue);
             }
             catch (Exception ex) when (ex is CborContentException or InvalidOperationException)
             {

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseMultiSignMessage.cs

@@ -314,7 +314,7 @@ private static int ComputeEncodedSize(CoseSigner signer, CoseHeaderMap? protecte
 
         public override int GetEncodedLength()
         {
-            int encodedLength = CoseHelpers.GetCoseSignEncodedLengthMinusSignature(_isTagged, MultiSignSizeOfCborTag, _protectedHeaderAsBstr.Length, UnprotectedHeaders, _content);
+            int encodedLength = CoseHelpers.GetCoseSignEncodedLengthMinusSignature(_isTagged, MultiSignSizeOfCborTag, _encodedProtectedHeaders.Length, UnprotectedHeaders, _content);
             encodedLength += CoseHelpers.GetIntegerEncodedSize(Signatures.Count);
 
             foreach (CoseSignature signature in Signatures)
@@ -351,7 +351,7 @@ public override bool TryEncode(Span<byte> destination, out int bytesWritten)
 
             writer.WriteStartArray(MultiSignArrayLength);
 
-            writer.WriteByteString(_protectedHeaderAsBstr);
+            writer.WriteByteString(_encodedProtectedHeaders);
 
             CoseHelpers.WriteHeaderMap(destination, writer, UnprotectedHeaders, isProtected: false, null);
 
@@ -447,7 +447,7 @@ private void AddSignatureCore(ReadOnlySpan<byte> contentBytes, Stream? contentSt
 
             int toBeSignedLength = ComputeToBeSignedEncodedSize(
                 SigStructureContext.Signature,
-                _protectedHeaderAsBstr.Length,
+                _encodedProtectedHeaders.Length,
                 signProtectedEncodedLength,
                 associatedData.Length,
                 contentLength: 0);
@@ -462,11 +462,11 @@ private void AddSignatureCore(ReadOnlySpan<byte> contentBytes, Stream? contentSt
 
                 using (IncrementalHash hasher = IncrementalHash.CreateHash(signer.HashAlgorithm))
                 {
-                    AppendToBeSigned(bufferSpan, hasher, SigStructureContext.Signature, _protectedHeaderAsBstr, encodedSignProtected, associatedData, contentBytes, contentStream);
+                    AppendToBeSigned(bufferSpan, hasher, SigStructureContext.Signature, _encodedProtectedHeaders, encodedSignProtected, associatedData, contentBytes, contentStream);
                     bytesWritten = CoseHelpers.SignHash(signer, hasher, buffer);
 
                     byte[] signature = bufferSpan.Slice(0, bytesWritten).ToArray();
-                    _signatures.Add(new CoseSignature(this, signProtectedHeaders, signer.UnprotectedHeaders, _protectedHeaderAsBstr, encodedSignProtected, signature));
+                    _signatures.Add(new CoseSignature(this, signProtectedHeaders, signer.UnprotectedHeaders, _encodedProtectedHeaders, encodedSignProtected, signature));
                 }
             }
             finally
@@ -500,7 +500,7 @@ private async Task AddSignatureCoreAsync(Stream content, CoseSigner signer, Read
 
             int toBeSignedLength = ComputeToBeSignedEncodedSize(
                 SigStructureContext.Signature,
-                _protectedHeaderAsBstr.Length,
+                _encodedProtectedHeaders.Length,
                 signProtectedEncodedLength,
                 associatedData.Length,
                 contentLength: 0);
@@ -512,11 +512,11 @@ private async Task AddSignatureCoreAsync(Stream content, CoseSigner signer, Read
 
             using (IncrementalHash hasher = IncrementalHash.CreateHash(signer.HashAlgorithm))
             {
-                await AppendToBeSignedAsync(buffer, hasher, SigStructureContext.Signature, _protectedHeaderAsBstr, encodedSignProtected, associatedData, content, cancellationToken).ConfigureAwait(false);
+                await AppendToBeSignedAsync(buffer, hasher, SigStructureContext.Signature, _encodedProtectedHeaders, encodedSignProtected, associatedData, content, cancellationToken).ConfigureAwait(false);
                 bytesWritten = CoseHelpers.SignHash(signer, hasher, buffer);
 
                 byte[] signature = buffer.AsSpan(0, bytesWritten).ToArray();
-                _signatures.Add(new CoseSignature(this, signProtectedHeaders, signer.UnprotectedHeaders, _protectedHeaderAsBstr, encodedSignProtected, signature));
+                _signatures.Add(new CoseSignature(this, signProtectedHeaders, signer.UnprotectedHeaders, _encodedProtectedHeaders, encodedSignProtected, signature));
             }
 
             ArrayPool<byte>.Shared.Return(buffer, clearArray: true);

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseSign1Message.cs

@@ -16,12 +16,14 @@ public sealed class CoseSign1Message : CoseMessage
         private const int Sign1SizeOfCborTag = 1;
         private readonly byte[] _signature;
 
-        internal CoseSign1Message(CoseHeaderMap protectedHeader, CoseHeaderMap unprotectedHeader, byte[]? content, byte[] signature, byte[] protectedHeaderAsBstr, bool isTagged)
-            : base(protectedHeader, unprotectedHeader, content, protectedHeaderAsBstr, isTagged)
+        internal CoseSign1Message(CoseHeaderMap protectedHeaders, CoseHeaderMap unprotectedHeaders, byte[]? content, byte[] signature, byte[] encodedProtectedHeaders, bool isTagged)
+            : base(protectedHeaders, unprotectedHeaders, content, encodedProtectedHeaders, isTagged)
         {
             _signature = signature;
         }
 
+        public ReadOnlyMemory<byte> Signature => _signature;
+
         public static byte[] SignDetached(byte[] detachedContent, CoseSigner signer, byte[]? associatedData = null)
         {
             if (detachedContent is null)
@@ -307,15 +309,15 @@ private bool VerifyCore(AsymmetricAlgorithm key, ReadOnlySpan<byte> contentBytes
             {
                 int bufferLength = ComputeToBeSignedEncodedSize(
                     SigStructureContext.Signature1,
-                    _protectedHeaderAsBstr.Length,
+                    _encodedProtectedHeaders.Length,
                     signProtectedLength: 0,
                     associatedData.Length,
                     contentLength: 0);
                 byte[] buffer = ArrayPool<byte>.Shared.Rent(bufferLength);
 
                 try
                 {
-                    AppendToBeSigned(buffer, hasher, SigStructureContext.Signature1, _protectedHeaderAsBstr, ReadOnlySpan<byte>.Empty, associatedData, contentBytes, contentStream);
+                    AppendToBeSigned(buffer, hasher, SigStructureContext.Signature1, _encodedProtectedHeaders, ReadOnlySpan<byte>.Empty, associatedData, contentBytes, contentStream);
                     return VerifyHash(key, hasher, hashAlgorithm, keyType, padding);
                 }
                 finally
@@ -370,13 +372,13 @@ private async Task<bool> VerifyAsyncCore(AsymmetricAlgorithm key, Stream content
             {
                 int bufferLength = ComputeToBeSignedEncodedSize(
                     SigStructureContext.Signature1,
-                    _protectedHeaderAsBstr.Length,
+                    _encodedProtectedHeaders.Length,
                     signProtectedLength: 0,
                     associatedData.Length,
                     contentLength: 0);
                 byte[] buffer = ArrayPool<byte>.Shared.Rent(bufferLength);
 
-                await AppendToBeSignedAsync(buffer, hasher, SigStructureContext.Signature1, _protectedHeaderAsBstr, ReadOnlyMemory<byte>.Empty, associatedData, content, cancellationToken).ConfigureAwait(false);
+                await AppendToBeSignedAsync(buffer, hasher, SigStructureContext.Signature1, _encodedProtectedHeaders, ReadOnlyMemory<byte>.Empty, associatedData, content, cancellationToken).ConfigureAwait(false);
                 bool retVal = VerifyHash(key, hasher, hashAlgorithm, keyType, padding);
 
                 ArrayPool<byte>.Shared.Return(buffer, clearArray: true);
@@ -430,7 +432,7 @@ private static int ComputeEncodedSize(CoseSigner signer, int contentLength, bool
         }
 
         public override int GetEncodedLength() =>
-            CoseHelpers.GetCoseSignEncodedLengthMinusSignature(_isTagged, Sign1SizeOfCborTag, _protectedHeaderAsBstr.Length, UnprotectedHeaders, _content) +
+            CoseHelpers.GetCoseSignEncodedLengthMinusSignature(_isTagged, Sign1SizeOfCborTag, _encodedProtectedHeaders.Length, UnprotectedHeaders, _content) +
             CoseHelpers.GetByteStringEncodedSize(_signature.Length);
 
         public override bool TryEncode(Span<byte> destination, out int bytesWritten)
@@ -452,7 +454,7 @@ public override bool TryEncode(Span<byte> destination, out int bytesWritten)
 
             writer.WriteStartArray(Sign1ArrayLength);
 
-            writer.WriteByteString(_protectedHeaderAsBstr);
+            writer.WriteByteString(_encodedProtectedHeaders);
 
             CoseHelpers.WriteHeaderMap(destination, writer, UnprotectedHeaders, isProtected: false, null);
 

src/libraries/System.Security.Cryptography.Cose/src/System/Security/Cryptography/Cose/CoseSignature.cs

@@ -34,6 +34,10 @@ internal CoseSignature(CoseHeaderMap protectedHeaders, CoseHeaderMap unprotected
             _encodedSignProtectedHeaders = encodedSignProtectedHeaders;
             _signature = signature;
         }
+
+        public ReadOnlyMemory<byte> EncodedProtectedHeaders => _encodedSignProtectedHeaders;
+        public ReadOnlyMemory<byte> Signature => _signature;
+
         internal CoseMultiSignMessage Message
         {
             get