Add support to COSE_Countersignature (RFC 9338)#172
Add support to COSE_Countersignature (RFC 9338)#172SteveLasker merged 4 commits intoveraison:mainfrom
COSE_Countersignature (RFC 9338)#172Conversation
f1a1e41 to
61d8f4a
Compare
COSE_Countersignature (RFC 9338)
e661db7 to
95e52e1
Compare
Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
ac7310b to
22faed2
Compare
OR13
left a comment
There was a problem hiding this comment.
overall this looks good to me.
I would prefer to see the test vectors imported from files (ideally ones that are shared cross implementations).
Codecov Report
@@ Coverage Diff @@
## main #172 +/- ##
=======================================
Coverage ? 91.99%
=======================================
Files ? 12
Lines ? 1961
Branches ? 0
=======================================
Hits ? 1804
Misses ? 108
Partials ? 49
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
|
Perhaps we can submit fixture files back to the COSE WG based on this implementation, is case no fixtures exist yet for countersignatures. |
|
Yes, I had to manually edit these vectors also to include references to the mocked algorithm that allows the execution of the unit tests. These may not be available at IETF test vectors anyway. A second aspect to consider is that the examples available at the COSE WG at GitHub are outdated. They still refer to RFC 8152, whereas this code is based on RFC 9338 which supersedes it. |
|
Thanks @balena for the great work and explanation and @OR13 for the review. |
qmuntal
left a comment
There was a problem hiding this comment.
The implementation looks solid and well tested. Could you add some usage examples to example_test.go and some minimal documentation into README.md? Thanks.
|
Good suggestions, they should be applied imo. |
+1 |
thomas-fossati
left a comment
There was a problem hiding this comment.
Apologies for being late to the party...
First, this is really an excellent contribution, thanks a lot @balena !
I agree with the spirit of Orie's comment about pulling the test vectors from some shared source (gluecose being another good candidate), but I think that can be added at a subsequent point in time.
Same as for Quim's comment about improving documentation around this new feature. As long as we track it and make it nextrel-blocking I am fine.
Re: Shiwei's suggestions. Please take the time to apply them, they are sensible and simple :-)
A while ago we started https://github.com/gluecose/test-vectors, which go-cose uses for the Sign1 conformance tests suite. That may be the place to add these too. |
* Syntax sugar while passing parents as references at `Sign` and `Verify` functions; * Added countersignatures usage examples to `example_test.go`; * Applied code improvements as suggested by @shizhMSFT. Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
Did that, let me know if it's OK now. |
Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
7fa55c8 to
b287c6a
Compare
* Returning either reference to countersignatures or slice of countersignature references at `UnmarshalCBOR` header functions; * Adjusted unit tests accordingly. Signed-off-by: Guilherme Balena Versiani <guibv@mailbox.org>
|
@qmuntal @thomas-fossati @OR13 @shizhMSFT please let me know if there is anything else I can help with. |
Again, thank you for an awesome job. FMPOV this PR can be merged now. |
|
@balena thank you for your patience and all the followup |
Added support to countersignatures:
Countersignatureas an alias toSignature, and modifiedSignandVerifyfunctions to obtain ToBeSigned value as specified in RFC 9338;Headersnow marshal/unmarshal headersHeaderLabelCounterSignatureorHeaderLabelCounterSignatureV2asCountersignatureor[]Countersignature;CounterSignature0andCounterSignature0V2using functionsCountersign0andVerifyCountersign0.Whenever
SignandVerifyare called, the parameterparentcaptures the parent structure being countersigned. It supportsSign1Message,SignMessage,SignatureandCountersignature(itself).