sign verify

[g-k]

WIP branch

TODO:

• correct
  • CBORDecode cases pass (alg = -7 instead of -6) (edit: -7 for alg=ES256 is right, I just need to ignore the RHS in the cbor.me playground cbor.me off by one in comments for negative ints cbor/cbor.github.io#41)
  • wg /sign-tests pass
  • wg /ecdsa-examples pass
  • cose-rust test cases pass
  • delete or get the commented out cbor encode Marshal test cases passing
  • sign an addon and have cose-rust verify it
    • add cose-rust verify test example w/ cli args (usage: NSS_LIB_DIR=/usr/local/opt/nss/lib/ cargo run --example sign_verify -- $(cat ../../xpi_payload_hex) $(cat ../../xpi_sig_hex)) NB: :ulfr cleared up that we already have shared certs from the test vectors
• feature complete for Addon Signing
  • Sign Message support
  • required algs
    • ES256, 384, 521
    • PS256
  • sign and verify multiple signatures
• code quality / cleanup
  • don't return ok and err from Verify
  • don't return ToBeSigned from Sign
  • API docs https://godoc.org/gopkg.in/g-k/go-cose.v0
  • golint passes (going to leave the rust cose consts as is so they're easy to grep)
  • enable CI
  • rm stray debug prints
  • gofmt
  • better code coverage (say 80+%)
  • useful docstrings
  • fix the generated alg and common header tags (they should all be const-like or in a static index/map of some sort) they are tidier (everything using COSEAlgorithms array / not maintaining multiple sets of alg data)
  • extract errors to named vars
  • use go.mozilla.org for imports
  • usage docs
  • fix TODOs will split out separate issues for these