Skip to content

corim/signedcorim: check for mandatory alg and kid #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

corim/signedcorim: check for mandatory alg and kid #157

wants to merge 1 commit into from

Conversation

@pranjalkole
Copy link
Contributor

@pranjalkole pranjalkole commented Jan 19, 2025

Before merging, we need to change corim/testcases/signed-good-corim.cbor to include the kid parameter.

setrofim
setrofim requested changes Jan 20, 2025
View reviewed changes
Copy link
Contributor

@setrofim setrofim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to change corim/testcases/signed-good-corim.cbor to include the kid parameter.

The test cases should be amended as part of the same commit commit that changes the code to make it necessary. (Doing this requires first updaing https://github.com/veraison/gen-testcases to include the key ID on signing).

@pranjalkole pranjalkole mentioned this pull request Jan 20, 2025
Closed
@pranjalkole pranjalkole force-pushed the signedcorim branch 3 times, most recently from 1e94de3 to b16dda1 Compare January 20, 2025 18:52
@pranjalkole
corim/signedcorim: check for mandatory alg and kid
b16dda1 
* Added the kid parameter to the failing tests
* Added getKidFromJWK in corim/signer.go
* Regenerated all testcases
* Made regen-from-src.sh executable

Signed-off-by: Pranjal Kole <[email protected]>
thomas-fossati
thomas-fossati reviewed Jan 21, 2025
View reviewed changes
corim/signedcorim.go

o.message.Headers.Protected.SetAlgorithm(alg)
o.message.Headers.Protected[cose.HeaderLabelContentType] = ContentType
o.message.Headers.Protected[cose.HeaderLabelKeyID] = kid
Copy link
Contributor

@thomas-fossati thomas-fossati Jan 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should we ensure that kid != nil

Copy link
Contributor Author

@pranjalkole pranjalkole Jan 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kid is supposed to never be nil. I was thinking we should store kid as part of the cose.Signer while creating it from the JWK (like we do for alg). getKidFromJWK can get a kid from every JWK.

I'll wait for the meeting on kid being mandatory before making any more changes.

Copy link
Contributor Author

@pranjalkole pranjalkole Jan 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thomas-fossati Please ping me after the final decision on whether kid should be mandatory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomas-fossati thomas-fossati thomas-fossati left review comments

@setrofim setrofim Awaiting requested review from setrofim

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pranjalkole @setrofim @thomas-fossati