-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for CWT Claims & Type in Protected Headers (#189)
Signed-off-by: steve lasker <stevenlasker@hotmail.com> Co-authored-by: Orie Steele <orie@transmute.industries>
- Loading branch information
1 parent
96ea810
commit 8c458e2
Showing
3 changed files
with
153 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package cose | ||
|
||
// https://www.iana.org/assignments/cwt/cwt.xhtml#claims-registry | ||
const ( | ||
CWTClaimIssuer int64 = 1 | ||
CWTClaimSubject int64 = 2 | ||
CWTClaimAudience int64 = 3 | ||
CWTClaimExpirationTime int64 = 4 | ||
CWTClaimNotBefore int64 = 5 | ||
CWTClaimIssuedAt int64 = 6 | ||
CWTClaimCWTID int64 = 7 | ||
CWTClaimConfirmation int64 = 8 | ||
CWTClaimScope int64 = 9 | ||
|
||
// TODO: the rest upon request | ||
) | ||
|
||
// CWTClaims contains parameters that are to be cryptographically | ||
// protected. | ||
type CWTClaims map[any]any |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
package cose_test | ||
|
||
import ( | ||
"crypto/ecdsa" | ||
"crypto/elliptic" | ||
"crypto/rand" | ||
"fmt" | ||
|
||
"github.com/veraison/go-cose" | ||
) | ||
|
||
// This example demonstrates signing and verifying COSE_Sign1 signatures. | ||
func ExampleCWTMessage() { | ||
// create message to be signed | ||
msgToSign := cose.NewSign1Message() | ||
msgToSign.Payload = []byte("hello world") | ||
msgToSign.Headers.Protected.SetAlgorithm(cose.AlgorithmES512) | ||
|
||
msgToSign.Headers.Protected.SetType("application/cwt") | ||
claims := cose.CWTClaims{ | ||
cose.CWTClaimIssuer: "issuer.example", | ||
cose.CWTClaimSubject: "subject.example", | ||
} | ||
msgToSign.Headers.Protected.SetCWTClaims(claims) | ||
|
||
msgToSign.Headers.Unprotected[cose.HeaderLabelKeyID] = []byte("1") | ||
|
||
// create a signer | ||
privateKey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) | ||
if err != nil { | ||
panic(err) | ||
} | ||
signer, err := cose.NewSigner(cose.AlgorithmES512, privateKey) | ||
if err != nil { | ||
panic(err) | ||
} | ||
|
||
// sign message | ||
err = msgToSign.Sign(rand.Reader, nil, signer) | ||
if err != nil { | ||
panic(err) | ||
} | ||
sig, err := msgToSign.MarshalCBOR() | ||
// uncomment to review EDN | ||
// coseSign1Diagnostic, err := cbor.Diagnose(sig) | ||
// fmt.Println(coseSign1Diagnostic) | ||
if err != nil { | ||
panic(err) | ||
} | ||
fmt.Println("message signed") | ||
|
||
// create a verifier from a trusted public key | ||
publicKey := privateKey.Public() | ||
verifier, err := cose.NewVerifier(cose.AlgorithmES512, publicKey) | ||
if err != nil { | ||
panic(err) | ||
} | ||
|
||
// verify message | ||
var msgToVerify cose.Sign1Message | ||
err = msgToVerify.UnmarshalCBOR(sig) | ||
if err != nil { | ||
panic(err) | ||
} | ||
err = msgToVerify.Verify(nil, verifier) | ||
if err != nil { | ||
panic(err) | ||
} | ||
fmt.Println("message verified") | ||
|
||
// tamper the message and verification should fail | ||
msgToVerify.Payload = []byte("foobar") | ||
err = msgToVerify.Verify(nil, verifier) | ||
if err != cose.ErrVerification { | ||
panic(err) | ||
} | ||
fmt.Println("verification error as expected") | ||
// Output: | ||
// message signed | ||
// message verified | ||
// verification error as expected | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters