Skip to content

Commit eb9cdec

Browse files
OR13SteveLaskerthomas-fossati
authored
Update custom algorithms example (#209)
Signed-off-by: Orie Steele <[email protected]> Co-authored-by: Steve Lasker <[email protected]> Co-authored-by: Thomas Fossati <[email protected]>
1 parent cfe4231 commit eb9cdec

File tree

1 file changed

+92
-2
lines changed

1 file changed

+92
-2
lines changed

README.md

Lines changed: 92 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -206,9 +206,99 @@ go-cose has built-in supports the following algorithms:
206206

207207
### Custom Algorithms
208208

209-
The supported algorithms can be extended at runtime by using [cose.RegisterAlgorithm](https://pkg.go.dev/github.com/veraison/go-cose#RegisterAlgorithm).
209+
It is possible to use custom algorithms with this library, for example:
210210

211-
[API docs](https://pkg.go.dev/github.com/veraison/go-cose)
211+
```go
212+
package cose_test
213+
214+
import (
215+
"errors"
216+
"io"
217+
"testing"
218+
219+
"github.com/cloudflare/circl/sign"
220+
"github.com/cloudflare/circl/sign/schemes"
221+
"github.com/veraison/go-cose"
222+
)
223+
224+
type customKeySigner struct {
225+
alg cose.Algorithm
226+
key sign.PrivateKey
227+
}
228+
229+
func (ks *customKeySigner) Algorithm() cose.Algorithm {
230+
return ks.alg
231+
}
232+
233+
func (ks *customKeySigner) Sign(rand io.Reader, content []byte) ([]byte, error) {
234+
suite := schemes.ByName("ML-DSA-44")
235+
return suite.Sign(ks.key, content, nil), nil
236+
}
237+
238+
type customKeyVerifier struct {
239+
alg cose.Algorithm
240+
key sign.PublicKey
241+
}
242+
243+
func (ks *customKeyVerifier) Algorithm() cose.Algorithm {
244+
return ks.alg
245+
}
246+
247+
func (ks *customKeyVerifier) Verify(content []byte, signature []byte) error {
248+
suite := schemes.ByName("ML-DSA-44")
249+
valid := suite.Verify(ks.key, content, signature, nil)
250+
if !valid {
251+
return errors.New("Signature not from public key")
252+
}
253+
return nil
254+
}
255+
256+
func TestCustomSigner(t *testing.T) {
257+
const (
258+
COSE_ALG_ML_DSA_44 = -48
259+
)
260+
suite := schemes.ByName("ML-DSA-44")
261+
var seed [32]byte // zero seed
262+
pub, priv := suite.DeriveKey(seed[:])
263+
var ks cose.Signer = &customKeySigner{
264+
alg: COSE_ALG_ML_DSA_44,
265+
key: priv,
266+
}
267+
var kv = customKeyVerifier{
268+
alg: COSE_ALG_ML_DSA_44,
269+
key: pub,
270+
}
271+
272+
headers := cose.Headers{
273+
Protected: cose.ProtectedHeader{
274+
cose.HeaderLabelAlgorithm: COSE_ALG_ML_DSA_44,
275+
cose.HeaderLabelKeyID: []byte("key-42"),
276+
},
277+
}
278+
var payload = []byte("hello post quantum signatures")
279+
signature, _ := cose.Sign1(nil, ks, headers, payload, nil)
280+
var sign1 cose.Sign1Message
281+
_ = sign1.UnmarshalCBOR(signature)
282+
283+
var verifier cose.Verifier = &kv
284+
verifyError := sign1.Verify(nil, verifier)
285+
286+
if verifyError != nil {
287+
t.Fatalf("Verification failed")
288+
} else {
289+
// fmt.Println(cbor.Diagnose(signature))
290+
// 18([
291+
// <<{
292+
// / alg / 1: -48,
293+
// / kid / 4: h'6B65792D3432'}
294+
// >>,
295+
// {},
296+
// h'4974...722e',
297+
// h'cb5a...293b'
298+
// ])
299+
}
300+
}
301+
```
212302

213303
### Integer Ranges
214304

0 commit comments

Comments
 (0)