The verification process of COSE Sign1 signature is as below.
msg := &cose.Sign1Message{}
err := cbor.Unmarshal(sign, msg)
check(err)
err = msg.Verify(nil, *verifier)
check(err)To verify the message, we need to unmarhsal the binary data to a Sign1Message structure. In the unmarhsal process, the protected header (encoded as a binary string) is deserialized into a map.
Later in msg.Verify() calls EncodeProtected() to re-serialized the protected header map back to a binary string for computing the digest-to-be-verified. Although canonical encoding is applied, the re-serialized protected header may not be the same as the original header, especially the header is encoded with tags. Hence, the verification will fail.
We should refactor the go-cose library so that the original protected header in the binary string form is used in the digest computation withour re-serialization.
The verification process of COSE Sign1 signature is as below.
To verify the message, we need to unmarhsal the binary data to a
Sign1Messagestructure. In the unmarhsal process, the protected header (encoded as a binary string) is deserialized into a map.Later in
msg.Verify()callsEncodeProtected()to re-serialized the protected header map back to a binary string for computing the digest-to-be-verified. Although canonical encoding is applied, the re-serialized protected header may not be the same as the original header, especially the header is encoded with tags. Hence, the verification will fail.We should refactor the
go-coselibrary so that the original protected header in the binary string form is used in the digest computation withour re-serialization.