tlsfuzzer/extract.py: Add support for {r,s} tuples in sigs file #925
Conversation
GeorgePantelakis
force-pushed
the
r_and_s_extract
branch
from
c74f631
to
c33dffd
Compare
There was a problem hiding this comment.
so, that's generally called raw encoding, see https://ecdsa.readthedocs.io/en/latest/basics.html#signature-formats
I wonder if instead of adding a "r_and_s", we shouldn't add a generic input_format parameter and allow it to have either "DER" (the default), or "raw", for the new option.
Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @GeorgePantelakis)
tlsfuzzer/extract.py line 82 at r1 (raw file):
print(" --raw-sigs FILE Read the signatures from an external file.") print(" The file must be in binary format.") print(" --r-and-s Specifies that the signatures in the binary file")
again, probably should use raw format
tlsfuzzer/extract.py line 920 at r1 (raw file):
"""Iterator. Read the signatures from file provided""" with open(filename if filename else self.sigs, "rb") as sigs_fp: if self.r_or_s_size:
instead of increasing indentation level, why not create two new private methods, and call them from here based on the expected signature format?
tlsfuzzer/extract.py line 932 at r1 (raw file):
sig = sigs_fp.read(1) while sig: if not ecdsa.der.is_sequence(sig): # pragma: no cover
no, that's a branch that we ought to have test coverage for
tlsfuzzer/extract.py line 939 at r1 (raw file):
try: sig_length = ecdsa.der.read_length(length_bytes)[0] except ecdsa.UnexpectedDER: # pragma: no cover
same here
tlsfuzzer/extract.py line 986 at r1 (raw file):
if self.r_or_s_size: r_bytes = sig[:self.r_or_s_size] s_bytes = sig[self.r_or_s_size:]
why not use ecdsa.util.sigdecode_string: https://ecdsa.readthedocs.io/en/latest/ecdsa.util.html#ecdsa.util.sigdecode_string ?
|
thinking a bit more: the command line option can also be a |
There was a problem hiding this comment.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @tomato42)
tlsfuzzer/extract.py line 932 at r1 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
no, that's a branch that we ought to have test coverage for
Can you elaborate a bit more on why this (and next) path needs to have coverage? I mean it is not tlsfuzzer code and in general, it is a very simple misformating error, perhaps I am missing something.
There was a problem hiding this comment.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @GeorgePantelakis)
tlsfuzzer/extract.py line 932 at r1 (raw file):
Previously, GeorgePantelakis (George Pantelakis) wrote…
Can you elaborate a bit more on why this (and next) path needs to have coverage? I mean it is not tlsfuzzer code and in general, it is a very simple misformating error, perhaps I am missing something.
This error will be raised if the user passes in wrong signature file (i.e. in raw format when the system is configured for DER), or the signature file is damaged.
i.e. it's a user facing check and error, therefore we should have test coverage that this kind of mistake is detected and reported appropriately
GeorgePantelakis
force-pushed
the
r_and_s_extract
branch
from
c33dffd
to
0d28c7d
Compare
There was a problem hiding this comment.
Reviewed 2 of 2 files at r2, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @GeorgePantelakis)
There was a problem hiding this comment.
Reviewable status:
complete! all files reviewed, all discussions resolved (waiting on @GeorgePantelakis)
|
looks good, thanks! |
Checklist
This change is