1*1c60b9acSAndroid Build Coastguard Worker# lws minimal example for cose_sign 2*1c60b9acSAndroid Build Coastguard Worker 3*1c60b9acSAndroid Build Coastguard WorkerDemonstrates how to sign and verify using cose_sign and cose_key, providing a 4*1c60b9acSAndroid Build Coastguard Workercommandline tool for signing and verifying stdin. 5*1c60b9acSAndroid Build Coastguard Worker 6*1c60b9acSAndroid Build Coastguard Worker## build 7*1c60b9acSAndroid Build Coastguard Worker 8*1c60b9acSAndroid Build Coastguard Worker``` 9*1c60b9acSAndroid Build Coastguard Worker $ cmake . && make 10*1c60b9acSAndroid Build Coastguard Worker``` 11*1c60b9acSAndroid Build Coastguard Worker 12*1c60b9acSAndroid Build Coastguard Worker## usage 13*1c60b9acSAndroid Build Coastguard Worker 14*1c60b9acSAndroid Build Coastguard Worker|Option|Sig|Val|Meaning| 15*1c60b9acSAndroid Build Coastguard Worker|---|---|---|---| 16*1c60b9acSAndroid Build Coastguard Worker|-s|o|||Select signing mode (stdin is payload)| 17*1c60b9acSAndroid Build Coastguard Worker|-k <keyset filepath>|o|o|One or a set of cose_keys| 18*1c60b9acSAndroid Build Coastguard Worker|--kid string|o|mac0|Specifies the key ID to use as a string| 19*1c60b9acSAndroid Build Coastguard Worker|--kid-hex HEXSTRING|o|mac0|Specifies the key ID to use as a hex blob| 20*1c60b9acSAndroid Build Coastguard Worker|--cose-sign|o|if no tag|Sets cose-sign mode| 21*1c60b9acSAndroid Build Coastguard Worker|--cose-sign1|o|if no tag|Sets cose-sign1 mode| 22*1c60b9acSAndroid Build Coastguard Worker|--cose-mac|o|if no tag|Sets cose-sign1 mode| 23*1c60b9acSAndroid Build Coastguard Worker|--cose-mac0|o|if no tag|Sets cose-sign1 mode| 24*1c60b9acSAndroid Build Coastguard Worker|--extra HEXSTRING|o|o|Optional extra payload data| 25*1c60b9acSAndroid Build Coastguard Worker 26*1c60b9acSAndroid Build Coastguard WorkerHEXSTRING above means a string like `1a2b3c` 27*1c60b9acSAndroid Build Coastguard Worker 28*1c60b9acSAndroid Build Coastguard WorkerStdin is either the plaintext (if signing) or cose_sign (if verifying). 29*1c60b9acSAndroid Build Coastguard Worker 30*1c60b9acSAndroid Build Coastguard WorkerFor convenience, a keyset from the COSE RFC is provided in 31*1c60b9acSAndroid Build Coastguard Worker`minimal-examples/crypto/minimal-crypto-cose-sign/set1.cks`. Six example 32*1c60b9acSAndroid Build Coastguard Workercose_sign1 and cose_sign are also provided in that directory signed with keys 33*1c60b9acSAndroid Build Coastguard Workerfrom the provided keyset. 34*1c60b9acSAndroid Build Coastguard Worker 35*1c60b9acSAndroid Build Coastguard Worker## Examples 36*1c60b9acSAndroid Build Coastguard Worker 37*1c60b9acSAndroid Build Coastguard Worker### Validation 38*1c60b9acSAndroid Build Coastguard Worker 39*1c60b9acSAndroid Build Coastguard WorkerThe RFC8152 sign1_pass01.sig is a cose_sign1 that contains the ES256 alg 40*1c60b9acSAndroid Build Coastguard Workerparameter along with a kid hint that it was signed with the key with kid "11" 41*1c60b9acSAndroid Build Coastguard Workerfrom the RFC8152 key set. So we just need to provide the signature and the key 42*1c60b9acSAndroid Build Coastguard Workerset and lws can sort it out. 43*1c60b9acSAndroid Build Coastguard Worker 44*1c60b9acSAndroid Build Coastguard Worker``` 45*1c60b9acSAndroid Build Coastguard Worker$ cat sign1_pass01.sig | ./lws-crypto-cose-sign -k set1.cks 46*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:41:29:1663] N: lws_create_context: LWS: 4.2.99-v4.2.0-133-g300f3f3250, NET CLI SRV H1 H2 WS ConMon IPV6-on 47*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:41:29:3892] N: results count 1 48*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:41:29:3901] N: result: 0 (alg ES256, kid 3131) 49*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:41:29:4168] N: main: PASS 50*1c60b9acSAndroid Build Coastguard Worker``` 51*1c60b9acSAndroid Build Coastguard Worker 52*1c60b9acSAndroid Build Coastguard WorkerNotice how the validation just delivers a results list and leaves it to the user 53*1c60b9acSAndroid Build Coastguard Workercode to iterate it, and confirm that it's happy with the result, the alg used, 54*1c60b9acSAndroid Build Coastguard Workerand the kid that was used. 55*1c60b9acSAndroid Build Coastguard Worker 56*1c60b9acSAndroid Build Coastguard WorkerRFC8152 sign1_pass02.sig is similar but contains extra application data in the 57*1c60b9acSAndroid Build Coastguard Workersignature, that must be given at validation too. 58*1c60b9acSAndroid Build Coastguard Worker 59*1c60b9acSAndroid Build Coastguard Worker``` 60*1c60b9acSAndroid Build Coastguard Worker$cat sign1_pass02.sig | ./lws-crypto-cose-sign -k set1.cks --extra 11aa22bb33cc44dd55006699 61*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:50:9103] N: lws_create_context: LWS: 4.2.99-v4.2.0-133-g300f3f3250, NET CLI SRV H1 H2 WS ConMon IPV6-on 62*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:50:9381] N: 12 63*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:51:0924] N: 64*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:51:0939] N: 0000: 11 AA 22 BB 33 CC 44 DD 55 00 66 99 ..".3.D.U.f. 65*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:51:0943] N: 66*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:51:1368] N: results count 1 67*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:51:1377] N: result: 0 (alg ES256, kid 3131) 68*1c60b9acSAndroid Build Coastguard Worker[2021/07/26 05:55:51:1657] N: main: PASS 69*1c60b9acSAndroid Build Coastguard Worker``` 70*1c60b9acSAndroid Build Coastguard Worker 71*1c60b9acSAndroid Build Coastguard Worker### Signing 72*1c60b9acSAndroid Build Coastguard Worker 73*1c60b9acSAndroid Build Coastguard WorkerGenerate a cose-sign1 using ES256 and the key set key with id "11" for the 74*1c60b9acSAndroid Build Coastguard Workerpayload given on stdin 75*1c60b9acSAndroid Build Coastguard Worker 76*1c60b9acSAndroid Build Coastguard Worker``` 77*1c60b9acSAndroid Build Coastguard Worker$ echo -n "This is the content." |\ 78*1c60b9acSAndroid Build Coastguard Worker ./bin/lws-crypto-cose-sign -s -k set1.cks \ 79*1c60b9acSAndroid Build Coastguard Worker --kid 11 --alg ES256 > ./test.sig 80*1c60b9acSAndroid Build Coastguard Worker 81*1c60b9acSAndroid Build Coastguard Worker00000000 d2 84 43 a1 01 26 a1 04 42 31 31 54 54 68 69 73 |..C..&..B11TThis| 82*1c60b9acSAndroid Build Coastguard Worker00000010 20 69 73 20 74 68 65 20 63 6f 6e 74 65 6e 74 2e | is the content.| 83*1c60b9acSAndroid Build Coastguard Worker00000020 58 40 b9 a8 85 09 17 7f 01 f6 78 5d 39 62 d0 44 |[email protected]]9b.D| 84*1c60b9acSAndroid Build Coastguard Worker00000030 08 0b fa b4 b4 5b 17 80 c2 e3 ba a3 af 33 6f e6 |.....[.......3o.| 85*1c60b9acSAndroid Build Coastguard Worker00000040 44 09 13 1f cf 4f 17 5c 62 9f 8d 29 29 1c ab 28 |D....O.\b..))..(| 86*1c60b9acSAndroid Build Coastguard Worker00000050 b2 f4 e6 af f9 62 ea 69 52 90 07 0e 2c 40 72 d3 |.....b.iR...,@r.| 87*1c60b9acSAndroid Build Coastguard Worker00000060 12 cf |..| 88*1c60b9acSAndroid Build Coastguard Worker 89*1c60b9acSAndroid Build Coastguard Worker``` 90*1c60b9acSAndroid Build Coastguard Worker 91*1c60b9acSAndroid Build Coastguard WorkerSame as above, but force it to use cose-sign layout 92*1c60b9acSAndroid Build Coastguard Worker 93*1c60b9acSAndroid Build Coastguard Worker``` 94*1c60b9acSAndroid Build Coastguard Worker$ echo -n "This is the content." |\ 95*1c60b9acSAndroid Build Coastguard Worker ./bin/lws-crypto-cose-sign -s -k set1.cks \ 96*1c60b9acSAndroid Build Coastguard Worker --kid 11 --alg ES256 --cose-sign > ./test.sig 97*1c60b9acSAndroid Build Coastguard Worker 98*1c60b9acSAndroid Build Coastguard Worker00000000 d8 62 84 40 40 54 54 68 69 73 20 69 73 20 74 68 |.b.@@TThis is th| 99*1c60b9acSAndroid Build Coastguard Worker00000010 65 20 63 6f 6e 74 65 6e 74 2e 81 83 a1 01 26 a1 |e content.....&.| 100*1c60b9acSAndroid Build Coastguard Worker00000020 04 42 31 31 58 40 37 5d 93 48 20 b0 d0 75 16 41 |.B11X@7].H ..u.A| 101*1c60b9acSAndroid Build Coastguard Worker00000030 db 95 95 5b 39 7d 6d 92 6e 52 c9 78 96 d8 a2 9b |...[9}m.nR.x....| 102*1c60b9acSAndroid Build Coastguard Worker00000040 62 62 89 9e e5 26 31 63 4b 90 d1 37 86 ca 82 a2 |bb...&1cK..7....| 103*1c60b9acSAndroid Build Coastguard Worker00000050 28 9a d2 82 a7 6d 24 23 cd de 58 91 47 98 bb 11 |(....m$#..X.G...| 104*1c60b9acSAndroid Build Coastguard Worker00000060 e4 b9 08 18 48 65 |....He| 105*1c60b9acSAndroid Build Coastguard Worker``` 106