-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update: enabled cose to verify time in Tag1 Datetime format #95
Conversation
Signed-off-by: Patrick Zheng <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #95 +/- ##
==========================================
- Coverage 78.76% 78.61% -0.15%
==========================================
Files 28 28
Lines 2067 2114 +47
==========================================
+ Hits 1628 1662 +34
- Misses 336 344 +8
- Partials 103 108 +5
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: Patrick Zheng <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: Patrick Zheng <[email protected]>
Signed-off-by: Patrick Zheng <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This PR enables COSE to verify time in Tag1 Datetime format.
Some details that worth to be mentioned:
Sign (Encode/MarshalCBOR):
in go-cose, time.Time will be encoded as numerical (in integer) representation of seconds since January 1, 1970 UTC.
For more details: https://github.com/fxamacker/cbor/blob/7704fa5efaf3ef4ac35aff38f50f6ff567793072/encode.go#L75
https://github.com/veraison/go-cose/blob/f72b6bc06b90d1e9c07ab11332df92c7838e3027/cbor.go#L30
Verify (Decode/UnmarshalCBOR):
For more details: https://github.com/fxamacker/cbor/blob/7704fa5efaf3ef4ac35aff38f50f6ff567793072/decode.go#L52
https://github.com/veraison/go-cose/blob/f72b6bc06b90d1e9c07ab11332df92c7838e3027/cbor.go#L43
Edit:
After discussion with @shizhMSFT, we decide to enforce Tag1 Datetime on both Sign and Verify. In other words, during Sign, we will create a Tag1 Datetime CBOR object and save it into cbor.ProtectedHeader. During verify, the Tag1 Datetime will be decoded as time.Time in go.
Signed-off-by: Patrick Zheng [email protected]