Add support to COSE_Countersignature (RFC 9338)
#172
Conversation
balena
force-pushed
the
rfc9338-countersignatures
branch
from
f1a1e41
to
61d8f4a
Compare
balena
changed the title
balena
changed the title
balena
changed the title
COSE_Countersignature (RFC 9338)
balena
force-pushed
the
rfc9338-countersignatures
branch
2 times, most recently
from
e661db7
to
95e52e1
Compare
Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
balena
force-pushed
the
rfc9338-countersignatures
branch
from
ac7310b
to
22faed2
Compare
Codecov Report
@@ Coverage Diff @@
## main #172 +/- ##
=======================================
Coverage ? 91.99%
=======================================
Files ? 12
Lines ? 1961
Branches ? 0
=======================================
Hits ? 1804
Misses ? 108
Partials ? 49
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
|
Perhaps we can submit fixture files back to the COSE WG based on this implementation, is case no fixtures exist yet for countersignatures. |
|
Yes, I had to manually edit these vectors also to include references to the mocked algorithm that allows the execution of the unit tests. These may not be available at IETF test vectors anyway. A second aspect to consider is that the examples available at the COSE WG at GitHub are outdated. They still refer to RFC 8152, whereas this code is based on RFC 9338 which supersedes it. |
|
Thanks @balena for the great work and explanation and @OR13 for the review. |
|
Good suggestions, they should be applied imo. |
+1 |
There was a problem hiding this comment.
Apologies for being late to the party...
First, this is really an excellent contribution, thanks a lot @balena !
I agree with the spirit of Orie's comment about pulling the test vectors from some shared source (gluecose being another good candidate), but I think that can be added at a subsequent point in time.
Same as for Quim's comment about improving documentation around this new feature. As long as we track it and make it nextrel-blocking I am fine.
Re: Shiwei's suggestions. Please take the time to apply them, they are sensible and simple :-)
A while ago we started https://github.com/gluecose/test-vectors, which go-cose uses for the Sign1 conformance tests suite. That may be the place to add these too. |
* Syntax sugar while passing parents as references at `Sign` and `Verify` functions; * Added countersignatures usage examples to `example_test.go`; * Applied code improvements as suggested by @shizhMSFT. Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
Did that, let me know if it's OK now. |
Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
balena
force-pushed
the
rfc9338-countersignatures
branch
from
7fa55c8
to
b287c6a
Compare
* Returning either reference to countersignatures or slice of countersignature references at `UnmarshalCBOR` header functions; * Adjusted unit tests accordingly. Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
|
@qmuntal @thomas-fossati @OR13 @shizhMSFT please let me know if there is anything else I can help with. |
Again, thank you for an awesome job. FMPOV this PR can be merged now. |
|
@balena thank you for your patience and all the followup |
Added support to countersignatures:
Countersignatureas an alias toSignature, and modifiedSignandVerifyfunctions to obtain ToBeSigned value as specified in RFC 9338;Headersnow marshal/unmarshal headersHeaderLabelCounterSignatureorHeaderLabelCounterSignatureV2asCountersignatureor[]Countersignature;CounterSignature0andCounterSignature0V2using functionsCountersign0andVerifyCountersign0.Whenever
SignandVerifyare called, the parameterparentcaptures the parent structure being countersigned. It supportsSign1Message,SignMessage,SignatureandCountersignature(itself).