diff --git a/cbor.go b/cbor.go index 15bdc54..883f52b 100644 --- a/cbor.go +++ b/cbor.go @@ -95,7 +95,7 @@ func deterministicBinaryString(data cbor.RawMessage) (cbor.RawMessage, error) { } // fast path: return immediately if bstr is already deterministic - if err := decModeWithTagsForbidden.Valid(data); err != nil { + if err := decModeWithTagsForbidden.Wellformed(data); err != nil { return nil, err } ai := data[0] & 0x1f diff --git a/go.mod b/go.mod index 4a202d9..7e60365 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/veraison/go-cose go 1.18 -require github.com/fxamacker/cbor/v2 v2.4.0 +require github.com/fxamacker/cbor/v2 v2.5.0 require github.com/x448/float16 v0.8.4 // indirect diff --git a/go.sum b/go.sum index f424051..0f986a9 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,4 @@ -github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= -github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE= +github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= diff --git a/headers_test.go b/headers_test.go index 2dedd44..a28d6ae 100644 --- a/headers_test.go +++ b/headers_test.go @@ -2,6 +2,7 @@ package cose import ( "errors" + "math" "reflect" "testing" ) @@ -34,6 +35,39 @@ func TestProtectedHeader_MarshalCBOR(t *testing.T) { }, }, { + name: "header with MinInt64 alg", + h: ProtectedHeader{ + HeaderLabelAlgorithm: math.MinInt64, + }, + want: []byte{ + 0x4b, // bstr + 0xa1, // map + 0x01, 0x3b, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, // alg + }, + }, + { + name: "canonical ordering", + h: ProtectedHeader{ + HeaderLabelAlgorithm: 1, + HeaderLabelCritical: []any{HeaderLabelAlgorithm}, + HeaderLabelContentType: 16, + HeaderLabelKeyID: []byte{1, 2, 3}, + HeaderLabelIV: []byte{1, 2, 3}, + 0x46: 0x47, + 0x66: 0x67, + }, + want: []byte{ + 0x58, 0x1a, // bstr + 0xa7, // map + 0x01, 0x01, // alg + 0x02, 0x81, 0x01, // crit + 0x03, 0x10, // cty + 0x04, 0x43, 0x01, 0x02, 0x03, // kid + 0x05, 0x43, 0x01, 0x02, 0x03, // iv + 0x18, 0x46, 0x18, 0x47, // 0x46: 0x47 + 0x18, 0x66, 0x18, 0x67, // 0x66: 0x67 + }, + }, { name: "nil header", h: nil, want: []byte{0x40}, diff --git a/sign_test.go b/sign_test.go index 793d967..4b1f701 100644 --- a/sign_test.go +++ b/sign_test.go @@ -654,13 +654,13 @@ func TestSignature_Sign_Internal(t *testing.T) { }, }, }, - protected: []byte{0x40, 0xa1, 0x00, 0x00}, + protected: []byte{0x43, 0xa1, 0x00, 0x00}, payload: []byte("hello world"), external: []byte{}, toBeSigned: []byte{ 0x85, // array type 0x69, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, // context - 0x40, 0xa1, 0x00, 0x00, // body_protected + 0x43, 0xa1, 0x00, 0x00, // body_protected 0x47, 0xa1, 0x01, 0x3a, 0x6d, 0x6f, 0x63, 0x6a, // sign_protected 0x40, // external 0x4b, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, // payload @@ -2222,7 +2222,7 @@ func TestSignature_toBeSigned(t *testing.T) { payload []byte external []byte want []byte - wantErr bool + wantErr string }{ { name: "valid signature", @@ -2233,12 +2233,12 @@ func TestSignature_toBeSigned(t *testing.T) { }, }, }, - protected: []byte{0x40, 0xa1, 0x00, 0x00}, + protected: []byte{0x43, 0xa1, 0x00, 0x00}, payload: []byte("hello world"), want: []byte{ 0x85, // array type 0x69, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, // context - 0x40, 0xa1, 0x00, 0x00, // body_protected + 0x43, 0xa1, 0x00, 0x00, // body_protected 0x47, 0xa1, 0x01, 0x3a, 0x6d, 0x6f, 0x63, 0x6a, // sign_protected 0x40, // external 0x4b, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, // payload @@ -2255,7 +2255,20 @@ func TestSignature_toBeSigned(t *testing.T) { }, protected: []byte{0x00}, payload: []byte{}, - wantErr: true, + wantErr: "cbor: require bstr type", + }, + { + name: "extraneous protected data", + s: &Signature{ + Headers: Headers{ + Protected: ProtectedHeader{ + HeaderLabelAlgorithm: algorithmMock, + }, + }, + }, + protected: []byte{0x40, 0xa1, 0x00, 0x00}, + payload: []byte("hello world"), + wantErr: "cbor: 3 bytes of extraneous data starting at index 1", }, { name: "invalid sign protected header", @@ -2268,7 +2281,7 @@ func TestSignature_toBeSigned(t *testing.T) { }, protected: []byte{0x40}, payload: []byte{}, - wantErr: true, + wantErr: "protected header: header label: require int / tstr type", }, { name: "invalid raw sign protected header", @@ -2279,15 +2292,17 @@ func TestSignature_toBeSigned(t *testing.T) { }, protected: []byte{0x40}, payload: []byte{}, - wantErr: true, + wantErr: "cbor: require bstr type", }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got, err := tt.s.toBeSigned(tt.protected, tt.payload, tt.external) - if (err != nil) != tt.wantErr { - t.Errorf("Signature.toBeSigned() error = %v, wantErr %v", err, tt.wantErr) - return + if err != nil && (err.Error() != tt.wantErr) { + t.Fatalf("Signature.toBeSigned() error = %v, wantErr %v", err, tt.wantErr) + } + if err == nil && (tt.wantErr != "") { + t.Fatalf("Signature.toBeSigned() error = %v, wantErr %v", err, tt.wantErr) } if !reflect.DeepEqual(got, tt.want) { t.Errorf("Signature.toBeSigned() = %v, want %v", got, tt.want)