-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for CWT Claims & Type in Protected Headers #183
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #183 +/- ##
==========================================
+ Coverage 92.04% 92.20% +0.16%
==========================================
Files 12 12
Lines 1973 1976 +3
==========================================
+ Hits 1816 1822 +6
+ Misses 108 105 -3
Partials 49 49 ☔ View full report in Codecov by Sentry. |
83f2079
to
bd3d70d
Compare
CWTClaimConfirmation int64 = 8 | ||
CWTClaimScope int64 = 9 | ||
|
||
// TODO: the rest upon request |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it is smart to add the whole registry in the first PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on the above, it looks like we have the minimal code needed to proceed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add what is bare minimum required, and then extend it when a new point needs to be registered!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[...] and then extend it when a new point needs to be registered!
Sorry, I have probably missed the right conversations, but I am not sure I get what the strategy is. There are 10's of claims already registered. What is the criterion for promoting them from the CWT Claims registry to const
s in the cose
package?
I think we should explicitly document how to add new claims here.
fmt.Println("message verified") | ||
|
||
// tamper the message and verification should fail | ||
msgToVerify.Payload = []byte("foobar") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for this test, it might be better to tamper with the protected header.
@qmuntal, @shizhMSFT, @thomas-fossati, @henkbirkholz can you please take a look, and provide some feedback to @OR13 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does CWT
deserve its own package package cwt
under package cose
?
go-cose call feedback: consensus was to do it in this package. |
related issue #184 |
blocked, awaiting: https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/ |
https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/ is progressing is progressing. Expectation a few more weeks. |
e23425d
to
0906ae5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correctly reflects:
https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/10/
which will move with:
https://datatracker.ietf.org/doc/draft-ietf-cose-typ-header-parameter/05/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approve of the changes, however we decided to wait for https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/ to be completed, with a comment added referencing the RFC #.
@OR13, please add the RFC # as part of this pending PR/Issue as well: #184
I added support for the
Decoded protected header:
|
Signed-off-by: Orie Steele <orie@transmute.industries>
Signed-off-by: Orie Steele <orie@transmute.industries>
5ee4b28
to
c7cee92
Compare
I suppose there is an API consideration here, perhaps the validation checks should only happen when serialization occurs, instead of causing an error to be thrown when for example invalid claims or invalid cose type is set. |
Sooooooo, close. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
marvellous, thanks!
I have left a few (mostly silly) comments for your consideration.
CWTClaimConfirmation int64 = 8 | ||
CWTClaimScope int64 = 9 | ||
|
||
// TODO: the rest upon request |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[...] and then extend it when a new point needs to be registered!
Sorry, I have probably missed the right conversations, but I am not sure I get what the strategy is. There are 10's of claims already registered. What is the criterion for promoting them from the CWT Claims registry to const
s in the cose
package?
I think we should explicitly document how to add new claims here.
Signed-off-by: Orie Steele <orie@transmute.industries> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Signed-off-by: Orie Steele <orie@transmute.industries> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Co-authored-by: Orie Steele <orie@or13.io> Signed-off-by: Orie Steele <orie@transmute.industries> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Signed-off-by: Orie Steele <orie@transmute.industries> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Signed-off-by: Orie Steele <orie@transmute.industries> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Signed-off-by: Orie Steele <orie@transmute.industries> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Co-authored-by: Thomas Fossati <tho.ietf@gmail.com> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Co-authored-by: Thomas Fossati <tho.ietf@gmail.com> Signed-off-by: steve lasker <stevenlasker@hotmail.com>
dd69daa
to
c9f2ab1
Compare
Co-authored-by: Thomas Fossati <tho.ietf@gmail.com>
@thomas-fossati regarding #183 (comment) Its a fair point. My lazy answer is, people can add pull requests for the IANA registry entries they wish the library supported, and they can use the registries without adding "developer experience for them", even if we don't support them here. We could decide to not add any registry entries from the CWT registry, and only support the registered headers. |
The combination of a cross fork PR, and the DCO rebase + github suggestion merges... has made this more trouble than its worth. @thomas-fossati If you think we should drop the CWT side of this, I will probably just do a fresh PR that only defines the header parameters, and provide some examples that show how to use them, without defining any CWT registry specific stuff. |
I believe this PR is good and worth adding into the mainline as-is. Let's raise a couple of tracking issues (one for the registration, one for the potential refactoring) and let's get it merged. Thanks again for the great contribution. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚢 it
closes #173
closes #184
This PR should remain open until numbers are assigned to: