Skip to content

ocp cosesign decode/verify #713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
parvathib merged 29 commits into from
Jan 14, 2026
Merged

ocp cosesign decode/verify #713

parvathib merged 29 commits into from
Jan 14, 2026

Conversation

@meilu-git
Copy link
Collaborator

@meilu-git meilu-git commented Jan 6, 2026

ocp cosesign decode/verify

Parvathi Bhogaraju and others added 22 commits January 6, 2026 10:02
@meilu-git
Add basic framework for the EAT verifier
e2faff1
@meilu-git
first version change
752c1b0
@meilu-git
Revert "first version change"
49bb2db 
This reverts commit 4b9b46d.
@meilu-git
first version of decode
ceceeb2
@meilu-git
add unit test
3279339
@meilu-git
unit test
dad9753
@meilu-git
some code for debugging
95772d3
@meilu-git
this is a working version
d48ce94
@meilu-git
intermi commit
201e8f8
@meilu-git
take out tag and then use coset from main
5253c88
@meilu-git
fix pipleline precheck error, add Clap cll to pass bin file ot decode.
5d932f3
@meilu-git
add steps to run cli tool to decode the bins
0bf0e92
@meilu-git
add step to call cli tool to validate bin files
e47abaa
@meilu-git
accidently checked cargo.toml that is workign in progress, roll back
234a995
@meilu-git
use Open SSL to parse pub key instead of 509 parser
b915d7e
@meilu-git
build the binary before running the cli
221d0e9
@meilu-git
update the working dir
6010d6e
@meilu-git
one more try with working dir
1ddeee2
@meilu-git
code review feedback
5979f07
@meilu-git
chamge the to add verify as a subcommand
0484956
@meilu-git
code review feedback
1630e41
@meilu-git
clean up
15f07bf
parvathib
parvathib reviewed Jan 6, 2026
View reviewed changes
@parvathib parvathib requested review from mhatrevi and swenson January 6, 2026 19:48
parvathib
parvathib approved these changes Jan 8, 2026
View reviewed changes
Copy link
Collaborator

@parvathib parvathib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

parvathib
parvathib reviewed Jan 8, 2026
View reviewed changes
swenson
swenson reviewed Jan 9, 2026
View reviewed changes
Copy link
Collaborator

@swenson swenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with merging this but we should maybe try to clean up the workspace in a follow-up if so.

@parvathib parvathib requested a review from fdamato January 9, 2026 22:08
fdamato
fdamato reviewed Jan 13, 2026
View reviewed changes
ocp-eat-verifier/ocptoken-rs/src/token/evidence.rs
Comment on lines +6 to +11
use openssl::{
bn::{BigNum, BigNumContext},
ec::{EcGroup, EcKey, EcPoint},
nid::Nid,
pkey::PKey,
x509::X509,
Copy link
Contributor

@fdamato fdamato Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps in a different PR we can abstract crypto interface

Copy link
Collaborator

@parvathib parvathib Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree! we'll abstract the crypto interface in the upcoming PRs.

ocp-eat-verifier/ocptoken-rs/src/token/evidence.rs
))
}

/// Extract raw P-384 public key coordinates (x, y) from DER X.509 cert
Copy link
Contributor

@fdamato fdamato Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider to make this generic... we`re going to have MLDSA profile too, as soon as it will get ratified

Copy link
Collaborator

@parvathib parvathib Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed—we’ll generalize how the verification key is extracted in future PRs.

@parvathib parvathib merged commit 444e148 into main Jan 14, 2026
4 checks passed
@parvathib parvathib deleted the meilu/ocp_cosesign_verify_clean branch January 14, 2026 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@parvathib parvathib parvathib approved these changes

@swenson swenson swenson approved these changes

@mhatrevi mhatrevi Awaiting requested review from mhatrevi

@mlvisaya mlvisaya Awaiting requested review from mlvisaya

@helloxiling helloxiling Awaiting requested review from helloxiling

+1 more reviewer

@fdamato fdamato fdamato left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@meilu-git @swenson @parvathib @fdamato