Add ability to swap crypto implementation #100

shizhMSFT · 2022-08-18T07:11:01Z

The v1.0.0-rc.1 version of go-cose computes the digest of CBOR-encoded signature structure using the golang built-in hash implementations regardless of the implementation of Signer and Verifier.

If someone wants to change the implementation of golang built-in crypto packages (e.g. use openssl based implementation) just for go-cose, they can only change for Signer and Verifier but not the hash implementations.

Proposal: Instead of passing digest to Sign() and Verify(), we should pass content (i.e. raw payload). Thus it matches RFC 8152 section 8.

The signature functions for this scheme are:

  signature = Sign(message content, key)

  valid = Verification(message content, key, signature)

It also addresses the weird case that Ed25519 passes CBOR-encoded signature structure instead of digest to Signer as Ed25519 requires the content to be processed twice.

The text was updated successfully, but these errors were encountered:

shizhMSFT added the enhancement New feature or request label Aug 18, 2022

shizhMSFT added this to the 1.0.0 milestone Aug 18, 2022

shizhMSFT assigned qmuntal, SteveLasker, thomas-fossati, yogeshbdeshpande and roywill Aug 18, 2022

shizhMSFT mentioned this issue Aug 19, 2022

refactor!: accept message content instead of digest for sign and verify #101

Merged

SteveLasker closed this as completed in #101 Aug 24, 2022

ivarprudnikov mentioned this issue Jan 10, 2023

Cannot sign/verify digests anymore (think Merkle tree, ledger, detached payload) #120

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ability to swap crypto implementation #100

Add ability to swap crypto implementation #100

shizhMSFT commented Aug 18, 2022

Add ability to swap crypto implementation #100

Add ability to swap crypto implementation #100

Comments

shizhMSFT commented Aug 18, 2022