Skip to content

Commit

Permalink
saving progress for the day
Browse files Browse the repository at this point in the history
Signed-off-by: chaosinthecrd <[email protected]>
  • Loading branch information
ChaosInTheCRD committed Dec 18, 2023
1 parent 5d16222 commit 23519fa
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 15 deletions.
2 changes: 1 addition & 1 deletion dsse/dsse.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func (e ErrInvalidThreshold) Error() string {
const PemTypeCertificate = "CERTIFICATE"

type Envelope struct {
Payload []byte `json:"payload"`
Payload string `json:"payload"`
PayloadType string `json:"payloadType"`
Signatures []Signature `json:"signatures"`
}
Expand Down
2 changes: 1 addition & 1 deletion dsse/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func Sign(bodyType string, body []byte, opts ...SignOption) (Envelope, error) {
}

env.PayloadType = bodyType
env.Payload = body
env.Payload = string(body)
env.Signatures = make([]Signature, 0)
pae := preauthEncode(bodyType, body)
for _, signer := range so.signers {
Expand Down
6 changes: 3 additions & 3 deletions dsse/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func (e Envelope) Verify(opts ...VerificationOption) ([]PassedVerifier, error) {
return nil, ErrInvalidThreshold(options.threshold)
}

pae := preauthEncode(e.PayloadType, e.Payload)
pae := preauthEncode(e.PayloadType, []byte(e.Payload))
if len(e.Signatures) == 0 {
return nil, ErrNoSignatures{}
}
Expand Down Expand Up @@ -146,7 +146,7 @@ func (e Envelope) Verify(opts ...VerificationOption) ([]PassedVerifier, error) {

for _, verifier := range options.verifiers {
if verifier != nil {
if err := verifier.Verify(bytes.NewReader(pae), sig.Signature); err == nil {
if err := verifier.Verify(context.TODO(), pae, sig.Signature); err == nil {
passedVerifiers = append(passedVerifiers, PassedVerifier{Verifier: verifier})
matchingSigFound = true
}
Expand All @@ -171,7 +171,7 @@ func verifyX509Time(cert *x509.Certificate, sigIntermediates, roots []*x509.Cert
return nil, err
}

if err := verifier.Verify(bytes.NewReader(pae), sig); err != nil {
if err := verifier.Verify(context.TODO(), pae, sig); err != nil {
return nil, err
}

Expand Down
25 changes: 16 additions & 9 deletions signature/envelope/dsse/dsse.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,38 +5,45 @@ import (
"fmt"

"github.com/in-toto/go-witness/cryptoutil"
// Eventually we will migrate to using github.com/securesystemslab/dsse
// but for now it doesn't support timestamps and intermediates
idsse "github.com/in-toto/go-witness/dsse"
"github.com/secure-systems-lab/go-securesystemslib/dsse"
)

type DSSEEnvelope struct {
Envelope *dsse.Envelope
Envelope *idsse.Envelope
}

func (e *DSSEEnvelope) Sign(signer *crypto.Signer, opts ...cryptoutil.SignerOption) (interface{}, error) {
if e.Envelope.PayloadType == "" || e.Envelope.Payload == "" {
return nil, fmt.Errorf("PayloadType and Payload not populated correctly")
}

s, err := cryptoutil.NewSigner(signer)
s, err := cryptoutil.NewSigner(signer, opts...)
if err != nil {
return nil, err
}

v, err := cryptoutil.NewVerifier(signer)
se, err := idsse.Sign(e.Envelope.PayloadType, []byte(e.Envelope.Payload), idsse.SignWithSigners(s))
if err != nil {
return nil, err
}

sv := cryptoutil.SignerVerifier{
Signer: s,
Verifier: v,
return se, nil
}

func (e *DSSEEnvelope) Verify(pub *crypto.PublicKey, opts ...cryptoutil.VerifierOption) (interface{}, error) {
v, err := cryptoutil.NewVerifier(pub, opts...)
if err != nil {
return nil, err
}

se, err := idsse.Sign(e.Envelope.PayloadType, []byte(e.Envelope.Payload), idsse.SignWithSigners(sv.Signer))
ve, err := e.Envelope.Verify(idsse.VerifyWithVerifiers(v))
if err != nil {
return nil, err
}

return se, nil
return ve, nil
}

func (e *DSSEEnvelope) Content() (interface{}, error)
15 changes: 14 additions & 1 deletion signature/envelope/envelope.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,18 @@ type Envelope interface {

// Content returns the payload and signer information of the envelope.
// Content is trusted only after the successful call to `Verify()`.
Content() ([]byte, error)
Content() (EnvelopeContent, error)
}

type EnvelopeContent struct {
PayloadType string
Payload string
Signatures []SignatureInfo
}

type SignatureInfo struct {
// NOTE: Made this a string for now but I think it might be better in antother form later
SignatureAlgorithm string

Signature []byte
}

0 comments on commit 23519fa

Please sign in to comment.