-
Found via fuzzing.
### What did you do?
```go
package main
import "github.com/veraison/go-cose"
func main() {
b := []byte("҄C\xa100\xa100T00000000000000000000\xcbA0000000000")
var msg…
-
Found via fuzzing.
`Sign1Message.UnmarshalCBOR` should reject the following message: `[]byte("҄D\xa1000\xa10X\x1e000000000000000000000000000000T00000000000000000000\x81\xf800")`,
Notice that the…
-
Found via fuzzing.
### What did you do?
```go
package main
import "github.com/veraison/go-cose"
func main() {
b := []byte("҄҄C\xa100\xa1\xf30T00000000000000000000A0000000")
var msg co…
-
The verification process of COSE Sign1 signature is as below.
```go
msg := &cose.Sign1Message{}
err := cbor.Unmarshal(sign, msg)
check(err)
err = msg.Verify(nil, *verifier)
check(err)
```
…
-
We need to add some negative tests. Ideally the test spec for these should come through GlueCOSE, same as we do with the positive test cases. So I have started by drafting a small document that isol…
-
This is the compiler output, in my case an error due to `-Werror`:
```c
t_cose/inc/t_cose/t_cose_sign1_verify.h:423:28: error: compound literals are a C99-specific feature [-Werror,-Wc99-extension…
-
Implement COSE Signing, [IETF RFC 8152, section 4](https://tools.ietf.org/html/rfc8152#section-4)
## Minimum Viable Product - Single Signer
* [x] Read and expose metadata for tagged and untagged…
-
### Problem description
Currently Zephyr uses specific variant of TinyCBOR (https://github.com/zephyrproject-rtos/tinycbor), that has been imported to support mcumgr library from internals of Mynew…
-
We need to define the media types for transporting CoRIMs (both the signed version and the unprotected one).
* `application/corim-unsigned+cbor` `#6.501(corim-map)`
* `application/corim-signed+cb…
-
See discussion on the list; some think an explicit 'content type' parameter is needed in the COSE_Sign1 object.
Logically this would then have value 60 (CBOR). (There is no cf number allocated for…