Reviewed how countersignatures are provided for COSE_Sign/COSE_Sign1/…

…COSE_Signature/COSE_Countersignature.
veraison · Sep 12, 2023 · 95e52e1 · 95e52e1
1 parent 1d2bc28
commit 95e52e1
Show file tree

Hide file tree

Showing 2 changed files with 155 additions and 124 deletions.
diff --git a/countersign.go b/countersign.go
@@ -79,7 +79,7 @@ func (s *Countersignature) UnmarshalCBOR(data []byte) error {
 //
 // Notice: The COSE Countersignature API is EXPERIMENTAL and may be changed or
 // removed in a later release.
-func (s *Countersignature) Sign(rand io.Reader, signer Signer, parent any, payload, external []byte) error {
+func (s *Countersignature) Sign(rand io.Reader, signer Signer, parent any, external []byte) error {
 	if s == nil {
 		return errors.New("signing nil Countersignature")
 	}
@@ -95,7 +95,7 @@ func (s *Countersignature) Sign(rand io.Reader, signer Signer, parent any, paylo
 	}
 
 	// sign the message
-	toBeSigned, err := s.toBeSigned(parent, payload, external)
+	toBeSigned, err := s.toBeSigned(parent, external)
 	if err != nil {
 		return err
 	}
@@ -118,7 +118,7 @@ func (s *Countersignature) Sign(rand io.Reader, signer Signer, parent any, paylo
 //
 // Notice: The COSE Sign API is EXPERIMENTAL and may be changed or removed in a
 // later release.
-func (s *Countersignature) Verify(verifier Verifier, parent any, payload, external []byte) error {
+func (s *Countersignature) Verify(verifier Verifier, parent any, external []byte) error {
 	if s == nil {
 		return errors.New("verifying nil Countersignature")
 	}
@@ -135,7 +135,7 @@ func (s *Countersignature) Verify(verifier Verifier, parent any, payload, extern
 	}
 
 	// verify the message
-	toBeSigned, err := s.toBeSigned(parent, payload, external)
+	toBeSigned, err := s.toBeSigned(parent, external)
 	if err != nil {
 		return err
 	}
@@ -145,23 +145,19 @@ func (s *Countersignature) Verify(verifier Verifier, parent any, payload, extern
 // toBeSigned returns ToBeSigned from COSE_Countersignature object.
 //
 // Reference: https://datatracker.ietf.org/doc/html/rfc9338#section-3.3
-func (s *Countersignature) toBeSigned(target any, payload, external []byte) ([]byte, error) {
+func (s *Countersignature) toBeSigned(target any, external []byte) ([]byte, error) {
 	var signProtected cbor.RawMessage
 	signProtected, err := s.Headers.MarshalProtected()
 	if err != nil {
 		return nil, err
 	}
-	return countersignToBeSigned(false, target, signProtected, payload, external)
+	return countersignToBeSigned(false, target, signProtected, external)
 }
 
 // countersignToBeSigned constructs Countersign_structure, computes and returns ToBeSigned.
 //
 // Reference: https://datatracker.ietf.org/doc/html/rfc9338#section-3.3
-func countersignToBeSigned(abbreviated bool, target any, signProtected cbor.RawMessage, payload, external []byte) ([]byte, error) {
-	if payload == nil {
-		return nil, ErrMissingPayload
-	}
-
+func countersignToBeSigned(abbreviated bool, target any, signProtected cbor.RawMessage, external []byte) ([]byte, error) {
 	// create a Countersign_structure and populate it with the appropriate fields.
 	//
 	//   Countersign_structure = [
@@ -177,44 +173,60 @@ func countersignToBeSigned(abbreviated bool, target any, signProtected cbor.RawM
 	var err error
 	var bodyProtected cbor.RawMessage
 	var otherFields []cbor.RawMessage
+	var payload []byte
 
 	switch t := target.(type) {
 	case SignMessage:
-		bodyProtected, err = t.Headers.MarshalProtected()
-		if err != nil {
-			return nil, err
-		}
 		if len(t.Signatures) == 0 {
-			return nil, errors.New("target has no signatures yet")
+			return nil, errors.New("SignMessage has no signatures yet")
 		}
-		signatures, err := encMode.Marshal(t.Signatures)
+		bodyProtected, err = t.Headers.MarshalProtected()
 		if err != nil {
 			return nil, err
 		}
-		otherFields = append(otherFields, signatures)
+		if t.Payload == nil {
+			return nil, ErrMissingPayload
+		}
+		payload = t.Payload
 	case Sign1Message:
+		if len(t.Signature) == 0 {
+			return nil, errors.New("Sign1Message was not signed yet")
+		}
 		bodyProtected, err = t.Headers.MarshalProtected()
 		if err != nil {
 			return nil, err
 		}
-		if len(t.Signature) == 0 {
-			return nil, errors.New("target was not signed yet")
+		if t.Payload == nil {
+			return nil, ErrMissingPayload
 		}
-		otherFields = append(otherFields, t.Signature)
+		payload = t.Payload
+		otherFields = []cbor.RawMessage{t.Signature}
 	case Signature:
 		bodyProtected, err = t.Headers.MarshalProtected()
 		if err != nil {
 			return nil, err
 		}
+		if len(t.Signature) == 0 {
+			return nil, errors.New("Signature was not signed yet")
+		}
+		payload = t.Signature
+
 		// There are no otherFields for the Signature struct as it contains only
 		// two bstr fields.
+
 	case Countersignature:
 		bodyProtected, err = t.Headers.MarshalProtected()
 		if err != nil {
 			return nil, err
 		}
-		// There are no otherFields for the Countersignature struct as it contains only
+		if len(t.Signature) == 0 {
+			return nil, errors.New("Countersignature was not signed yet")
+		}
+		payload = t.Signature
+
+		// There are no otherFields for the Signature struct as it contains only
 		// two bstr fields.
+
 	default:
 		return nil, fmt.Errorf("unsupported target %T", target)
 	}
@@ -269,8 +281,8 @@ func countersignToBeSigned(abbreviated bool, target any, signProtected cbor.RawM
 //
 // Notice: The COSE Countersignature API is EXPERIMENTAL and may be changed or
 // removed in a later release.
-func Countersign0(rand io.Reader, signer Signer, parent any, payload, external []byte) ([]byte, error) {
-	toBeSigned, err := countersignToBeSigned(true, parent, []byte{0x40}, payload, external)
+func Countersign0(rand io.Reader, signer Signer, parent any, external []byte) ([]byte, error) {
+	toBeSigned, err := countersignToBeSigned(true, parent, []byte{0x40}, external)
 	if err != nil {
 		return nil, err
 	}
@@ -291,8 +303,8 @@ func Countersign0(rand io.Reader, signer Signer, parent any, payload, external [
 //
 // Notice: The COSE Countersignature API is EXPERIMENTAL and may be changed or
 // removed in a later release.
-func VerifyCountersign0(verifier Verifier, parent any, payload, external, signature []byte) error {
-	toBeSigned, err := countersignToBeSigned(true, parent, []byte{0x40}, payload, external)
+func VerifyCountersign0(verifier Verifier, parent any, external, signature []byte) error {
+	toBeSigned, err := countersignToBeSigned(true, parent, []byte{0x40}, external)
 	if err != nil {
 		return err
 	}