veraison / go-cose

go library for CBOR Object Signing and Encryption (COSE)
Mozilla Public License 2.0
50 stars 26 forks source link

Update Readme Examples #106

Closed OR13 closed 1 year ago

OR13 commented 2 years ago

I was preparing an update to the readme, to change ES521 to ES256 (which is much more reasonable starting point).

But the following surprisingly failed:


package main

import "fmt"

import "github.com/veraison/go-cose"

import (
    "crypto/ecdsa"
    "crypto/elliptic"
    "crypto/rand"

)

func main() {
    fmt.Println("hello world")

        // create a signer
    privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    signer, _ := cose.NewSigner(cose.AlgorithmES256, privateKey)

    // create message header
    headers := cose.Headers{
        Protected: cose.ProtectedHeader{
            cose.HeaderLabelAlgorithm: cose.AlgorithmES256,
        },
    }

    // sign and marshal message
    sig, _ := cose.Sign1(rand.Reader, signer, headers, []byte("hello world"), nil)
    fmt.Println("sig ", sig)
    publicKey := privateKey.Public()
    verifier, _ := cose.NewVerifier(cose.AlgorithmES256, publicKey)

    var msg cose.Sign1Message
    var err = msg.UnmarshalCBOR(sig)
    fmt.Println("UnmarshalCBOR ", err)
    err = msg.Verify(nil, verifier)
    fmt.Println("Verify ", err)

}
hello world
sig  []
UnmarshalCBOR  cbor: invalid COSE_Sign1_Tagged object
Verify  missing payload

All I did was change:

elliptic.P521() -> elliptic.P256()
AlgorithmES512  -> AlgorithmES256

For example, this works:


package main

import "fmt"

import "github.com/veraison/go-cose"
import (
    "crypto/ecdsa"
    "crypto/elliptic"
    "crypto/rand"

)

func main() {
    fmt.Println("hello world")

        // create a signer
    privateKey, _ := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
    signer, _ := cose.NewSigner(cose.AlgorithmES512, privateKey)

    // create message header
    headers := cose.Headers{
        Protected: cose.ProtectedHeader{
            cose.HeaderLabelAlgorithm: cose.AlgorithmES512,
        },
    }

    // sign and marshal message
    sig, _ := cose.Sign1(rand.Reader, signer, headers, []byte("hello world"), nil)
    fmt.Println("sig ", sig)
    publicKey := privateKey.Public()
    verifier, _ := cose.NewVerifier(cose.AlgorithmES512, publicKey)

    var msg cose.Sign1Message
    var err = msg.UnmarshalCBOR(sig)
    fmt.Println("UnmarshalCBOR ", err)
    err = msg.Verify(nil, verifier)
    fmt.Println("Verify ", err)

}
hello world
sig  [210 132 68 161 1 56 35 160 75 104 101 108 108 111 32 119 111 114 108 100 88 132 0 191 120 110 177 110 84 186 216 23 121 254 26 232 183 89 182 115 91 221 139 121 170 113 70 136 207 150 37 40 199 75 62 21 26 114 133 29 71 111 13 172 114 75 22 114 94 10 173 142 183 219 39 23 204 229 249 7 232 186 53 128 139 239 64 138 0 248 220 249 42 130 220 142 122 197 191 197 221 151 179 248 173 152 192 53 234 129 198 96 71 240 111 135 242 70 1 65 81 171 218 160 223 27 193 152 138 98 146 15 186 64 151 255 133 209 254 175 109 127 174 196 205 58 43 194 58 120 51 140 190 68]
UnmarshalCBOR  <nil>
Verify  <nil>
qmuntal commented 2 years ago

cose.Sign1 is returning an error, but is being discarded (sig, _ := cose.Sign1(...). That error says that the hash function for the given algorithm is not available. It should be fixed by adding crypto/sha256 as a blank import so Go links it to the binary.

There is no need to blank-import crypto/sha512 because it is already there in go1.19. This might not hold true in future releases, so it would be good to explicitly import it.

SteveLasker commented 1 year ago

Just looking for the next steps here:

SteveLasker commented 1 year ago

Thanks, @yogeshbdeshpande