-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tlsfuzzer/extract.py: Add support for {r,s} tuples in sigs file #925
Conversation
c74f631
to
c33dffd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so, that's generally called raw encoding
, see https://ecdsa.readthedocs.io/en/latest/basics.html#signature-formats
I wonder if instead of adding a "r_and_s", we shouldn't add a generic input_format
parameter and allow it to have either "DER" (the default), or "raw", for the new option.
Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @GeorgePantelakis)
tlsfuzzer/extract.py
line 82 at r1 (raw file):
print(" --raw-sigs FILE Read the signatures from an external file.") print(" The file must be in binary format.") print(" --r-and-s Specifies that the signatures in the binary file")
again, probably should use raw format
tlsfuzzer/extract.py
line 920 at r1 (raw file):
"""Iterator. Read the signatures from file provided""" with open(filename if filename else self.sigs, "rb") as sigs_fp: if self.r_or_s_size:
instead of increasing indentation level, why not create two new private methods, and call them from here based on the expected signature format?
tlsfuzzer/extract.py
line 932 at r1 (raw file):
sig = sigs_fp.read(1) while sig: if not ecdsa.der.is_sequence(sig): # pragma: no cover
no, that's a branch that we ought to have test coverage for
tlsfuzzer/extract.py
line 939 at r1 (raw file):
try: sig_length = ecdsa.der.read_length(length_bytes)[0] except ecdsa.UnexpectedDER: # pragma: no cover
same here
tlsfuzzer/extract.py
line 986 at r1 (raw file):
if self.r_or_s_size: r_bytes = sig[:self.r_or_s_size] s_bytes = sig[self.r_or_s_size:]
why not use ecdsa.util.sigdecode_string
: https://ecdsa.readthedocs.io/en/latest/ecdsa.util.html#ecdsa.util.sigdecode_string ?
thinking a bit more: the command line option can also be a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @tomato42)
tlsfuzzer/extract.py
line 932 at r1 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
no, that's a branch that we ought to have test coverage for
Can you elaborate a bit more on why this (and next) path needs to have coverage? I mean it is not tlsfuzzer code and in general, it is a very simple misformating error, perhaps I am missing something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @GeorgePantelakis)
tlsfuzzer/extract.py
line 932 at r1 (raw file):
Previously, GeorgePantelakis (George Pantelakis) wrote…
Can you elaborate a bit more on why this (and next) path needs to have coverage? I mean it is not tlsfuzzer code and in general, it is a very simple misformating error, perhaps I am missing something.
This error will be raised if the user passes in wrong signature file (i.e. in raw format when the system is configured for DER), or the signature file is damaged.
i.e. it's a user facing check and error, therefore we should have test coverage that this kind of mistake is detected and reported appropriately
c33dffd
to
0d28c7d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 2 files at r2, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @GeorgePantelakis)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @GeorgePantelakis)
looks good, thanks! |
Checklist
This change is