Skip to content
This repository has been archived by the owner on Feb 9, 2024. It is now read-only.

Expose Hash, Sign, VerifySignature and VerifyHashSignature #4

Merged
merged 2 commits into from
Jun 22, 2018

Conversation

jvehent
Copy link
Contributor

@jvehent jvehent commented Jun 21, 2018

This patch refactors some of the internal logic to expose public functions that can be used outside of a MAR file.

This patch refactors some of the internal logic
to expose public functions that can be used
outside of a MAR file.
@jvehent jvehent requested a review from g-k June 21, 2018 16:47
@coveralls
Copy link

coveralls commented Jun 21, 2018

Pull Request Test Coverage Report for Build 61

  • 59 of 73 (80.82%) changed or added relevant lines in 2 files are covered.
  • 2 unchanged lines in 1 file lost coverage.
  • Overall coverage decreased (-1.2%) to 76.619%

Changes Missing Coverage Covered Lines Changed/Added Lines %
verify.go 25 27 92.59%
sign.go 34 46 73.91%
Files with Coverage Reduction New Missed Lines %
sign.go 2 78.38%
Totals Coverage Status
Change from base Build 55: -1.2%
Covered Lines: 426
Relevant Lines: 556

💛 - Coveralls

g-k
g-k previously approved these changes Jun 21, 2018
Copy link
Contributor

@g-k g-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+ w/ nits

sign.go Outdated
@@ -64,44 +66,16 @@ func (file *File) FinalizeSignatures() error {
if err != nil {
return err
}
if len(file.Signatures) == 0 {
return fmt.Errorf("there are no signature to finalize")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: s/signature/signatures/

sign.go Outdated
sigData, err := file.Signatures[i].privateKey.(crypto.Signer).Sign(
rand.Reader, md.Sum(nil), h)
hashed, hashAlg, err := Hash(signableBlock, file.Signatures[i].AlgorithmID)
sigData, err := Sign(file.Signatures[i].privateKey, rand.Reader, hashed, hashAlg)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@@ -112,6 +86,46 @@ func (file *File) MarshalForSignature() ([]byte, error) {
return file.Marshal()
}

// Hash takes an input and a signature algorithm and returns its hashed value
func Hash(input []byte, sigalg uint32) (output []byte, h crypto.Hash, err error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might want a type alias for the sig algs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does that buy us anything? we'll need to type assert to uint32 for marshalling

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's more explicit

sign.go Outdated
// Sign signs digest with the private key, possibly using entropy from rand
func Sign(key crypto.PrivateKey, rand io.Reader, digest []byte, h crypto.Hash) (sigData []byte, err error) {
// call the signer interface of the private key to sign the hash
sigData, err = key.(crypto.Signer).Sign(rand, digest, h)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can the cast to crypto.Signer fail and if so do we need to handle that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added an assertion that will return an error if Signer isn't implemented

verify.go Outdated
}

// VerifyHashSignature takes a signature, the digest of a signed MAR block, a hash algorithm and a public
// key and return nil if a valid signature is found, or an error if it isn't
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: s/return/returns/

verify.go Outdated

// VerifyHashSignature takes a signature, the digest of a signed MAR block, a hash algorithm and a public
// key and return nil if a valid signature is found, or an error if it isn't
func VerifyHashSignature(signature []byte, digest []byte, hashAlg crypto.Hash, key crypto.PublicKey) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 for splitting this out of VerifySignature

Copy link
Contributor

@g-k g-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+

@jvehent jvehent merged commit debf6b0 into master Jun 22, 2018
@jvehent jvehent deleted the signdataandhashes branch June 22, 2018 14:07
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants