-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for CWT Claims & Type in Protected Headers #183
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #183 +/- ##
==========================================
+ Coverage 92.04% 92.20% +0.16%
==========================================
Files 12 12
Lines 1973 1976 +3
==========================================
+ Hits 1816 1822 +6
+ Misses 108 105 -3
Partials 49 49 ☔ View full report in Codecov by Sentry. |
83f2079
to
bd3d70d
Compare
CWTClaimConfirmation int64 = 8 | ||
CWTClaimScope int64 = 9 | ||
|
||
// TODO: the rest upon request |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it is smart to add the whole registry in the first PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on the above, it looks like we have the minimal code needed to proceed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add what is bare minimum required, and then extend it when a new point needs to be registered!
fmt.Println("message verified") | ||
|
||
// tamper the message and verification should fail | ||
msgToVerify.Payload = []byte("foobar") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for this test, it might be better to tamper with the protected header.
@qmuntal, @shizhMSFT, @thomas-fossati, @henkbirkholz can you please take a look, and provide some feedback to @OR13 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does CWT
deserve its own package package cwt
under package cose
?
go-cose call feedback: consensus was to do it in this package. |
related issue #184 |
blocked, awaiting: https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/ |
https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/ is progressing is progressing. Expectation a few more weeks. |
e23425d
to
0906ae5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correctly reflects:
https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/10/
which will move with:
https://datatracker.ietf.org/doc/draft-ietf-cose-typ-header-parameter/05/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approve of the changes, however we decided to wait for https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/ to be completed, with a comment added referencing the RFC #.
@OR13, please add the RFC # as part of this pending PR/Issue as well: #184
I added support for the
Decoded protected header:
|
Signed-off-by: Orie Steele <orie@transmute.industries>
Signed-off-by: Orie Steele <orie@transmute.industries>
Co-authored-by: Orie Steele <orie@or13.io> Signed-off-by: Orie Steele <orie@transmute.industries>
Signed-off-by: Orie Steele <orie@transmute.industries>
Signed-off-by: Orie Steele <orie@transmute.industries>
Signed-off-by: Orie Steele <orie@transmute.industries>
5ee4b28
to
c7cee92
Compare
I suppose there is an API consideration here, perhaps the validation checks should only happen when serialization occurs, instead of causing an error to be thrown when for example invalid claims or invalid cose type is set. |
closes #173
closes #184
This PR should remain open until numbers are assigned to: