Comments (2)
From https://datatracker.ietf.org/doc/html/rfc8152#section-3.1 alg:
This parameter MUST be authenticated where the ability to do so exists... This authentication can be done either by placing the header in the protected header bucket or as part of the externally supplied data.
But the example https://github.com/cose-wg/Examples/blob/master/sign1-tests/sign-pass-01.json puts the alg in the unprotected bucket, the protected bucket is
a0
(empty) and there is no externally supplied data.
Agree this shouldn't be a test case that is marked as PASS, unless I am entirely misunderstanding the intent of the test case. In fact, there is this bit:
"failures":{
"ChangeProtected":"a0"
},
which seems to suggest a failure is expected? I tried to interpret that against the CDDL schema but couldn't find an answer. BTW, it seems that we need to update the schema to match the example in question (e.g., the sign0
format is undefined and there is no sign1
in the CDDL, which I believe is what was intended).
from examples.
Indeed, I've also confirmed that this example is mislabelled as it fails to validate. The protected headers are encoded as an empty serialized map, e.g. 0a
, rather than an empty bstr
. This aligns with the JSON "failures": { "ChangeProtected":"a0" }
noted by @thomas-fossati .
RFC 8152 says the following about encodings of the protected headers:
Recipients MUST accept both a zero-
length binary value and a zero-length map encoded in the binary
value... (Badly behaved intermediates could decode and
re-encode, but this will result in a failure to verify unless the
re-encoded byte string is identical to the decoded byte string.)
This avoids the problem of all parties needing to be able to do a
common canonical encoding.
So it appears that the example was indeed designed to fail. Re-encoding the protected headers as an empty bstr
seems to fix the signature.
from examples.
Related Issues (11)
- file Examples/ecdsa-examples/ecdsa-sig-01.json HOT 7
- ecdsa-01.json has invalid base64 for y value HOT 1
- ecdsa-01 and ecdsa-02 have changed from cose_sign1 to cose_sign. HOT 3
- Label for "kid" in encryption examples is wrong HOT 2
- Missing LICENSE file HOT 2
- RSA-PSS examples using correct salt length? HOT 5
- eddsa-sig-02.json `kid` doesn't match HOT 3
- rsa-oaep-examples: RSAES-OAEP-x algorithm selection put in "unprotected" section.
- Provide RS256 signing sample
- How are the examples generated?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from examples.