Example code for testing the behavior of various COSE libraries (pycose, cose-java, coset) when presented with COSE signatures. All three implementations are hard-coded to verify a COSE_Sign1 message with the key used for the corresponding tests in the cose-wg/Examples repository.
See google/coset#98 for the original issue description and findings.
Each of the three implementations interprets the first command line argument as a serialized tagged COSE signature message that it should verify and will return whether verification was successful.
The relevant test case for the issue described in google/coset#98 is the one found in COSE example sign-pass-01, which has the following encoded CBOR message:
D28441A0A201260442313154546869732069732074686520636F6E74656E742E584087DB0D2E5571843B78AC33ECB2830DF7B6E0A4D5B7376DE336B23C591C90C425317E56127FBE04370097CE347087B233BF722B64072BEB4486BDA4031D27244F
Python:
cd pycose
python -m venv ./venv
source venv/bin/activate
pip install cose binascii
python verify_cose_message.py [HEX OF SERIALIZED COSE MESSAGE]
# You can also generate a new message for testing with the other implementations using create_cose_message.py
python create_cose_message.pyJava:
cd java
mvn clean package
java -jar target/cose_empty_header_test_java-1.0-SNAPSHOT.jar [HEX OF SERIALIZED COSE MESSAGE]
Rust:
cd rust
cargo run -- [HEX OF SERIALIZED COSE MESSAGE]