From ac7310b1d0c920798815da6f02f6f0307671769d Mon Sep 17 00:00:00 2001
From: Guilherme Balena Versiani <guibv@mailbox.org>
Date: Mon, 18 Sep 2023 02:45:02 +0000
Subject: [PATCH] Added conformance tests.

---
 countersign.go      |  10 ++-
 countersign_test.go | 177 +++++++++++++++++++++++++++++++++++++-------
 2 files changed, 160 insertions(+), 27 deletions(-)

diff --git a/countersign.go b/countersign.go
index b9f80e7..f8119e0 100644
--- a/countersign.go
+++ b/countersign.go
@@ -187,7 +187,15 @@ func countersignToBeSigned(abbreviated bool, target any, signProtected cbor.RawM
 			return nil, ErrMissingPayload
 		}
 		payload = t.Payload
-		otherFields = []cbor.RawMessage{t.Signature}
+		signature, err := encMode.Marshal(t.Signature)
+		if err != nil {
+			return nil, err
+		}
+		signature, err = deterministicBinaryString(signature)
+		if err != nil {
+			return nil, err
+		}
+		otherFields = []cbor.RawMessage{signature}
 	case Signature:
 		bodyProtected, err = t.Headers.MarshalProtected()
 		if err != nil {
diff --git a/countersign_test.go b/countersign_test.go
index 0cdf80f..2bb4903 100644
--- a/countersign_test.go
+++ b/countersign_test.go
@@ -1842,7 +1842,9 @@ func TestCountersignature_Sign_Internal(t *testing.T) {
 	}{
 		{
 			// adapted from https://github.com/cose-wg/Examples/blob/master/countersign/signed1-01.json
-			name: "conformance test #1",
+			// by modifying the context to "CounterSignatureV2" (to adjust to RFC 9338), including the
+			// signature as other_fields and altering the countersignature algorithm.
+			name: "COSE_Sign1 countersignature conformance test",
 			sig: &Countersignature{
 				Headers: Headers{
 					Protected: ProtectedHeader{
@@ -1856,7 +1858,8 @@ func TestCountersignature_Sign_Internal(t *testing.T) {
 			parent: Sign1Message{
 				Headers: Headers{
 					Protected: ProtectedHeader{
-						HeaderLabelAlgorithm: AlgorithmEdDSA,
+						HeaderLabelAlgorithm:   AlgorithmEdDSA,
+						HeaderLabelContentType: 0,
 					},
 					Unprotected: UnprotectedHeader{
 						HeaderLabelKeyID: []byte("11"),
@@ -1864,33 +1867,155 @@ func TestCountersignature_Sign_Internal(t *testing.T) {
 				},
 				Payload: []byte("This is the content."),
 				Signature: []byte{
-					0x77, 0xf3, 0xea, 0xcd, 0x11, 0x85, 0x2c, 0x4b,
-					0xf9, 0xcb, 0x1d, 0x72, 0xfa, 0xbe, 0x6b, 0x26,
-					0xfb, 0xa1, 0xd7, 0x60, 0x92, 0xb2, 0xb5, 0xb7,
-					0xec, 0x83, 0xb8, 0x35, 0x57, 0x65, 0x22, 0x64,
-					0xe6, 0x96, 0x90, 0xdb, 0xc1, 0x17, 0x2d, 0xdc,
-					0x0b, 0xf8, 0x84, 0x11, 0xc0, 0xd2, 0x5a, 0x50,
-					0x7f, 0xdb, 0x24, 0x7a, 0x20, 0xc4, 0x0d, 0x5e,
-					0x24, 0x5f, 0xab, 0xd3, 0xfc, 0x9e, 0xc1, 0x06,
+					0x71, 0x42, 0xfd, 0x2f, 0xf9, 0x6d, 0x56, 0xdb,
+					0x85, 0xbe, 0xe9, 0x05, 0xa7, 0x6b, 0xa1, 0xd0,
+					0xb7, 0x32, 0x1a, 0x95, 0xc8, 0xc4, 0xd3, 0x60,
+					0x7c, 0x57, 0x81, 0x93, 0x2b, 0x7a, 0xfb, 0x87,
+					0x11, 0x49, 0x7d, 0xfa, 0x75, 0x1b, 0xf4, 0x0b,
+					0x58, 0xb3, 0xbc, 0xc3, 0x23, 0x00, 0xb1, 0x48,
+					0x7f, 0x3d, 0xb3, 0x40, 0x85, 0xee, 0xf0, 0x13,
+					0xbf, 0x08, 0xf4, 0xa4, 0x4d, 0x6f, 0xef, 0x0d,
 				},
 			},
 			toBeSigned: []byte{
-				0x85, 0x70, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x53, 0x69, 0x67,
-				0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x45, 0xa2, 0x01, 0x27, 0x03, 0x00,
-				0x43, 0xa1, 0x01, 0x27, 0x40, 0x54, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69,
-				0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e,
-				0x74, 0x2e,
-
-				0x86, 0x72, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x53, 0x69, 0x67,
-				0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x56, 0x32, 0x43, 0xa1, 0x01, 0x27,
-				0x47, 0xa1, 0x01, 0x3a, 0x6d, 0x6f, 0x63, 0x6a, 0x40, 0x54, 0x54, 0x68,
-				0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6f,
-				0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2e, 0x81, 0x77, 0xf3, 0xea, 0xcd, 0x11,
-				0x85, 0x2c, 0x4b, 0xf9, 0xcb, 0x1d, 0x72, 0xfa, 0xbe, 0x6b, 0x26, 0xfb,
-				0xa1, 0xd7, 0x60, 0x92, 0xb2, 0xb5, 0xb7, 0xec, 0x83, 0xb8, 0x35, 0x57,
-				0x65, 0x22, 0x64, 0xe6, 0x96, 0x90, 0xdb, 0xc1, 0x17, 0x2d, 0xdc, 0x0b,
-				0xf8, 0x84, 0x11, 0xc0, 0xd2, 0x5a, 0x50, 0x7f, 0xdb, 0x24, 0x7a, 0x20,
-				0xc4, 0x0d, 0x5e, 0x24, 0x5f, 0xab, 0xd3, 0xfc, 0x9e, 0xc1, 0x06,
+				0x86, // array(6)
+				0x72, // text(18) "CounterSignatureV2"
+				0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x53,
+				0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
+				0x56, 0x32,
+				0x45, // bytes(5)
+				0xa2, 0x01, 0x27, 0x03, 0x00,
+				0x47, // bytes(7)
+				0xa1, 0x01, 0x3a, 0x6d, 0x6f, 0x63, 0x6a,
+				0x40, // bytes(0)
+				0x54, // bytes(20) "This is the content."
+				0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+				0x74, 0x68, 0x65, 0x20, 0x63, 0x6f, 0x6e, 0x74,
+				0x65, 0x6e, 0x74, 0x2e,
+				0x81,       // array(1)
+				0x58, 0x40, // bytes(64) signature:
+				0x71, 0x42, 0xfd, 0x2f, 0xf9, 0x6d, 0x56, 0xdb,
+				0x85, 0xbe, 0xe9, 0x05, 0xa7, 0x6b, 0xa1, 0xd0,
+				0xb7, 0x32, 0x1a, 0x95, 0xc8, 0xc4, 0xd3, 0x60,
+				0x7c, 0x57, 0x81, 0x93, 0x2b, 0x7a, 0xfb, 0x87,
+				0x11, 0x49, 0x7d, 0xfa, 0x75, 0x1b, 0xf4, 0x0b,
+				0x58, 0xb3, 0xbc, 0xc3, 0x23, 0x00, 0xb1, 0x48,
+				0x7f, 0x3d, 0xb3, 0x40, 0x85, 0xee, 0xf0, 0x13,
+				0xbf, 0x08, 0xf4, 0xa4, 0x4d, 0x6f, 0xef, 0x0d,
+			},
+		},
+		{
+			// adapted from https://github.com/cose-wg/Examples/blob/master/countersign/signed-01.json
+			name: "COSE_Signature countersignature conformance test",
+			sig: &Countersignature{
+				Headers: Headers{
+					Protected: ProtectedHeader{
+						HeaderLabelAlgorithm: algorithmMock,
+					},
+					Unprotected: UnprotectedHeader{
+						HeaderLabelKeyID: []byte("11"),
+					},
+				},
+			},
+			parent: Signature{
+				Headers: Headers{
+					Protected: ProtectedHeader{
+						HeaderLabelAlgorithm: AlgorithmEdDSA,
+					},
+					Unprotected: UnprotectedHeader{
+						HeaderLabelKeyID: []byte("11"),
+					},
+				},
+				Signature: []byte{
+					0x8e, 0x1b, 0xe2, 0xf9, 0x45, 0x3d, 0x26, 0x48,
+					0x12, 0xe5, 0x90, 0x49, 0x91, 0x32, 0xbe, 0xf3,
+					0xfb, 0xf9, 0xee, 0x9d, 0xb2, 0x7c, 0x2c, 0x16,
+					0x87, 0x88, 0xe3, 0xb7, 0xeb, 0xe5, 0x06, 0xc0,
+					0x4f, 0xd3, 0xd1, 0x9f, 0xaa, 0x9f, 0x51, 0x23,
+					0x2a, 0xf5, 0xc9, 0x59, 0xe4, 0xef, 0x47, 0x92,
+					0x88, 0x34, 0x64, 0x7f, 0x56, 0xdf, 0xbe, 0x93,
+					0x91, 0x12, 0x88, 0x4d, 0x08, 0xef, 0x25, 0x05,
+				},
+			},
+			toBeSigned: []byte{
+				0x85, // array(5)
+				0x70, // text(16) "CounterSignature"
+				0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x53,
+				0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
+				0x43, // bytes(3)
+				0xa1, 0x01, 0x27,
+				0x47, // bytes(7)
+				0xa1, 0x01, 0x3a, 0x6d, 0x6f, 0x63, 0x6a,
+				0x40,       // bytes(0)
+				0x58, 0x40, // bytes(64) signature:
+				0x8e, 0x1b, 0xe2, 0xf9, 0x45, 0x3d, 0x26, 0x48,
+				0x12, 0xe5, 0x90, 0x49, 0x91, 0x32, 0xbe, 0xf3,
+				0xfb, 0xf9, 0xee, 0x9d, 0xb2, 0x7c, 0x2c, 0x16,
+				0x87, 0x88, 0xe3, 0xb7, 0xeb, 0xe5, 0x06, 0xc0,
+				0x4f, 0xd3, 0xd1, 0x9f, 0xaa, 0x9f, 0x51, 0x23,
+				0x2a, 0xf5, 0xc9, 0x59, 0xe4, 0xef, 0x47, 0x92,
+				0x88, 0x34, 0x64, 0x7f, 0x56, 0xdf, 0xbe, 0x93,
+				0x91, 0x12, 0x88, 0x4d, 0x08, 0xef, 0x25, 0x05,
+			},
+		},
+		{
+			// adapted from https://github.com/cose-wg/Examples/blob/master/countersign/signed-03.json
+			name: "COSE_Sign countersignature conformance test",
+			sig: &Countersignature{
+				Headers: Headers{
+					Protected: ProtectedHeader{
+						HeaderLabelAlgorithm: algorithmMock,
+					},
+					Unprotected: UnprotectedHeader{
+						HeaderLabelKeyID: []byte("11"),
+					},
+				},
+			},
+			parent: SignMessage{
+				Headers: Headers{
+					Protected: ProtectedHeader{
+						HeaderLabelContentType: 0,
+					},
+					Unprotected: UnprotectedHeader{},
+				},
+				Payload: []byte("This is the content."),
+				Signatures: []*Signature{
+					{
+						Headers: Headers{
+							Protected: ProtectedHeader{
+								HeaderLabelAlgorithm: AlgorithmEdDSA,
+							},
+							Unprotected: UnprotectedHeader{
+								HeaderLabelKeyID: []byte("11"),
+							},
+						},
+						Signature: []byte{
+							0x77, 0xf3, 0xea, 0xcd, 0x11, 0x85, 0x2c, 0x4b,
+							0xf9, 0xcb, 0x1d, 0x72, 0xfa, 0xbe, 0x6b, 0x26,
+							0xfb, 0xa1, 0xd7, 0x60, 0x92, 0xb2, 0xb5, 0xb7,
+							0xec, 0x83, 0xb8, 0x35, 0x57, 0x65, 0x22, 0x64,
+							0xe6, 0x96, 0x90, 0xdb, 0xc1, 0x17, 0x2d, 0xdc,
+							0x0b, 0xf8, 0x84, 0x11, 0xc0, 0xd2, 0x5a, 0x50,
+							0x7f, 0xdb, 0x24, 0x7a, 0x20, 0xc4, 0x0d, 0x5e,
+							0x24, 0x5f, 0xab, 0xd3, 0xfc, 0x9e, 0xc1, 0x06,
+						},
+					},
+				},
+			},
+			toBeSigned: []byte{
+				0x85, // array(5)
+				0x70, // text(16) "CounterSignature"
+				0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x53,
+				0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
+				0x43, // bytes(3)
+				0xa1, 0x03, 0x00,
+				0x47, // bytes(7)
+				0xa1, 0x01, 0x3a, 0x6d, 0x6f, 0x63, 0x6a,
+				0x40, // bytes(0)
+				0x54, // bytes(20) "This is the content."
+				0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+				0x74, 0x68, 0x65, 0x20, 0x63, 0x6f, 0x6e, 0x74,
+				0x65, 0x6e, 0x74, 0x2e,
 			},
 		},
 	}