add basic test for cwt

Signed-off-by: Orie Steele <orie@transmute.industries>
veraison · Jan 26, 2024 · bd3d70d · bd3d70d
1 parent 9f7ade0
commit bd3d70d
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 7 deletions.
diff --git a/cwt.go b/cwt.go
@@ -1,6 +1,20 @@
 package cose
 
+// https://www.iana.org/assignments/cwt/cwt.xhtml
 const (
-	CWTClaimIssuer  int64 = 1
-	CWTClaimSubject int64 = 2
+	CWTClaimIssuer         int64 = 1
+	CWTClaimSubject        int64 = 2
+	CWTClaimAudience       int64 = 3
+	CWTClaimExpirationTime int64 = 4
+	CWTClaimNotBefore      int64 = 5
+	CWTClaimIssuedAt       int64 = 6
+	CWTClaimCWTID          int64 = 7
+	CWTClaimConfirmation   int64 = 8
+	CWTClaimScope          int64 = 9
+
+	// TODO: the rest upon request
 )
+
+// CWTClaims contains parameters that are to be cryptographically
+// protected.
+type CWTClaims map[any]any
diff --git a/cwt_test.go b/cwt_test.go
@@ -6,18 +6,24 @@ import (
 	"crypto/rand"
 	"fmt"
 
+	// "github.com/fxamacker/cbor/v2"
 	"github.com/veraison/go-cose"
 )
 
 // This example demonstrates signing and verifying COSE_Sign1 signatures.
 func ExampleCWTMessage() {
 
-	fmt.Println("begin ExampleCWTMessage")
-
 	// create message to be signed
 	msgToSign := cose.NewSign1Message()
 	msgToSign.Payload = []byte("hello world")
 	msgToSign.Headers.Protected.SetAlgorithm(cose.AlgorithmES512)
+
+	claims := make(cose.CWTClaims)
+	claims[cose.CWTClaimIssuer] = "issuer.example"
+	claims[cose.CWTClaimSubject] = "subject.example"
+
+	msgToSign.Headers.Protected.SetCWTClaims(claims)
+
 	msgToSign.Headers.Unprotected[cose.HeaderLabelKeyID] = []byte("1")
 
 	// create a signer
@@ -41,6 +47,10 @@ func ExampleCWTMessage() {
 	}
 	fmt.Println("message signed")
 
+	// coseSign1Diagnostic, err := cbor.Diagnose(sig)
+	// fmt.Println(coseSign1Diagnostic)
+	// 18([h'a20138230fa2016e6973737565722e6578616d706c65026f7375626a6563742e6578616d706c65', {4: h'31'}, h'68656c6c6f20776f726c64', h'00528f74d41bae106bba113c3802d3ca69efac4e65e59e99e8d7b74a067adebc769c4982ef389cf21be044e7b5dbed86b20c94a70ce02a20693e04f6ee94669974030147db61af96137d415961a83ae0cde53d4fd4fc6cf224692e25067c0eb17e9f18717e88f64775f11d505b4cb6175e4f6a5c75897001ab480f59437ad52cf65bfcef'])
+
 	// create a verifier from a trusted public key
 	publicKey := privateKey.Public()
 	verifier, err := cose.NewVerifier(cose.AlgorithmES512, publicKey)
@@ -68,7 +78,6 @@ func ExampleCWTMessage() {
 	}
 	fmt.Println("verification error as expected")
 	// Output:
-	// begin ExampleCWTMessage
 	// message signed
 	// message verified
 	// verification error as expected

diff --git a/headers.go b/headers.go
@@ -23,7 +23,7 @@ const (
 	HeaderLabelCounterSignature0   int64 = 9
 	HeaderLabelCounterSignatureV2  int64 = 11
 	HeaderLabelCounterSignature0V2 int64 = 12
-	HeaderLabelCWTClaim            int64 = 15
+	HeaderLabelCWTClaims           int64 = 15
 	HeaderLabelX5Bag               int64 = 32
 	HeaderLabelX5Chain             int64 = 33
 	HeaderLabelX5T                 int64 = 34
@@ -98,11 +98,17 @@ func (h *ProtectedHeader) UnmarshalCBOR(data []byte) error {
 	return nil
 }
 
-// SetAlgorithm sets the algorithm value to the algorithm header.
+// SetAlgorithm sets the algorithm value of the protected header.
 func (h ProtectedHeader) SetAlgorithm(alg Algorithm) {
 	h[HeaderLabelAlgorithm] = alg
 }
 
+// SetCWTClaims sets the CWT Claims value of the protected header.
+func (h ProtectedHeader) SetCWTClaims(claims CWTClaims) {
+	// TODO: validate claims, for example ensuring that 1 and 2 are tstr, not bstr
+	h[HeaderLabelCWTClaims] = claims
+}
+
 // Algorithm gets the algorithm value from the algorithm header.
 func (h ProtectedHeader) Algorithm() (Algorithm, error) {
 	value, ok := h[HeaderLabelAlgorithm]