Make built-in types implement the new DigestSigner and DigestVerify interface

[qmuntal]

Fixes #120

[codecov]

Codecov Report

Merging #144 (5548b0a) into main (2f778da) will increase coverage by 2.79%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #144      +/-   ##
==========================================
+ Coverage   91.05%   93.84%   +2.79%     
==========================================
  Files          12       12              
  Lines        1542     1900     +358     
==========================================
+ Hits         1404     1783     +379     
+ Misses        101       82      -19     
+ Partials       37       35       -2     

Impacted Files	Coverage Δ
signer.go	100.00% <ø> (ø)
verifier.go	100.00% <ø> (ø)
ecdsa.go	96.25% <100.00%> (+0.35%)	⬆️
rsa.go	100.00% <100.00%> (ø)

... and 3 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[OR13]

this is interface also an integration point with remote KMS?

any time you have hardware isolated keys, you need a signer interface to request signatures from them.

[OR13]

looks good to me, but better to get a review from a better go dev

[yogeshbdeshpande]

@qmuntal as mentioned in the meeting, please add the README explaining the new API

[qmuntal]

@qmuntal as mentioned in the meeting, please add the README explaining the new API

Done.

[SteveLasker]

@yogeshbdeshpande, @shizhMSFT, @ivarprudnikov, @setrofim can you PTAL

[ivarprudnikov]

Unit tests would be necessary to prove it works.

1. Create a keypair (both for RSA and ECDSA), then for each
2. Create a signer, cast it to DigestSigner and sign some "foobar" digest
3. Create a verifier, cast it to DigestVerifier and verify the signature along with the digest

Otherwise it looks OK

[OR13]

You might want your test strings to include some nasty unicode, unless you use some standard test strings from some the RFCs

[setrofim]

LGTM

[qmuntal]

Unit tests would be necessary to prove it works.

1. Create a keypair (both for RSA and ECDSA), then for each
2. Create a signer, cast it to DigestSigner and sign some "foobar" digest
3. Create a verifier, cast it to DigestVerifier and verify the signature along with the digest

Otherwise it looks OK

You might want your test strings to include some nasty unicode, unless you use some standard test strings from some the RFCs

@ivarprudnikov @OR13 done. I initially didn't add any test case because the built-in signers/verifiers are internally implemented in terms of DigestSigner and DigestVerifier, therefore the existing test coverage already applies to the new interfaces. I've added some basic tests, as suggested, to be more explicit.

[yogeshbdeshpande]

Question: Does this interface support signing digest from any Digest Algorithm ? Meaning should go-cose not restrict the digest signing to ONLY a known set of digest algorithms? This interface relies on caller to just pass digest as a substitute to content[] ?

[qmuntal]

Question: Does this interface support signing digest from any Digest Algorithm ? Meaning should go-cose not restrict the digest signing to ONLY a known set of digest algorithms

How could we restrict that? Everyone is free to implement the interface as needed, Go doesn't allow intercepting interface implementations to do custom validations. Also, in this PR we don't use this interface anywhere, users would have to construct the cose.Sign1Message themselves, so it's an experts-only feature.

This interface relies on caller to just pass digest as a substitute to content[] ?

Yes

[yogeshbdeshpande]

LGTM!
Thanks, I suggested some minor nits, but in general look ok!

[shizhMSFT]

LGTM