> On Dec 15, 2020, at 7:33 AM, Hristozov, Stefan > <stefan.hristo...@aisec.fraunhofer.de> wrote: > > What exactly do you mean by hacking the decoder? Do you mean to track the > offset? What are the alternatives?
I mean modifying the decoder to return the offset (or some other access to to-be-hashed data). Not all, maybe only very few, return the offset. There is no need return it. My own decoder, QCBOR, maintains an internal cursor for the position in the CBOR tree, but doesn’t return byte offsets. There is no need to. The alternative is to change the CBOR cert design so the to-be-signed data is wrapped in a byte string like COSE does (or just use COSE for signing native CBOR (which gets you code re use)). LL
_______________________________________________ COSE mailing list COSE@ietf.org https://www.ietf.org/mailman/listinfo/cose
