Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

a simpler interface for signing #14

Open
thomas-fossati opened this issue Nov 2, 2022 · 0 comments
Open

a simpler interface for signing #14

thomas-fossati opened this issue Nov 2, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@thomas-fossati
Copy link
Contributor

thomas-fossati commented Nov 2, 2022
edited
Loading

The signing path is currently needlessly complex and also, as a consequence, more error prone.

The user has to:

  1. instantiate an evidence object
  2. add the platform claims-set to the evidence object
  3. add the realm claims-set to the evidence object
  4. sign the evidence object supplying the RAK and IAK

(note: in #11 we merged 2. and 3. together)

There is no real reason for splitting the add and sign operations (and therefore for the evidence object to exist as a temporary state holder): the two steps can be performed atomically by a standalone function like this:

// Sign returns the signed CCA collection in CBOR format
func Sign(
    platformClaims psatoken.IClaims,
    IClaims realmClaims,
    cose.Signer IAK,
    cose.Signer RAK,
) ([]byte, error)

Note: Doing so also makes it easy to set the realm's public key claim as well as the platform's nonce from the supplied RAK, thus avoiding

  • any potential intra-collection mismatch
  • the user to compute the (very) raw public key from the signer
@thomas-fossati thomas-fossati added the enhancement New feature or request label Nov 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thomas-fossati