From e3d02ab2e1210ef283e273b11e27ce3e123e65a3 Mon Sep 17 00:00:00 2001 From: Jonny Stoten Date: Wed, 8 May 2024 10:28:01 +0100 Subject: [PATCH] Simplify and rename hash functions --- internal/util/crypto.go | 9 +++------ pkg/attestation/sign.go | 2 +- pkg/attestation/verify.go | 2 +- pkg/signerverifier/common.go | 2 +- pkg/signerverifier/keyid.go | 2 +- pkg/tlog/tl.go | 3 +-- pkg/tlog/tl_test.go | 2 +- pkg/tuf/registry_test.go | 2 +- pkg/tuf/tuf.go | 2 +- 9 files changed, 11 insertions(+), 15 deletions(-) diff --git a/internal/util/crypto.go b/internal/util/crypto.go index 497655f..f28d63a 100644 --- a/internal/util/crypto.go +++ b/internal/util/crypto.go @@ -5,14 +5,11 @@ import ( "encoding/hex" ) -func HexHashBytes(input []byte) string { - s256 := sha256.New() - s256.Write(input) - hashSum := s256.Sum(nil) - return hex.EncodeToString(hashSum) +func SHA256Hex(input []byte) string { + return hex.EncodeToString(SHA256(input)) } -func S256(data []byte) []byte { +func SHA256(data []byte) []byte { h := sha256.Sum256(data) return h[:] } diff --git a/pkg/attestation/sign.go b/pkg/attestation/sign.go index 1af1a9d..f5efc89 100644 --- a/pkg/attestation/sign.go +++ b/pkg/attestation/sign.go @@ -19,7 +19,7 @@ func SignDSSE(ctx context.Context, payload []byte, payloadType string, signer ds encPayload := dsse.PAE(payloadType, payload) // statement message digest - hash := util.S256(encPayload) + hash := util.SHA256(encPayload) // sign message digest sig, err := signer.Sign(ctx, hash) diff --git a/pkg/attestation/verify.go b/pkg/attestation/verify.go index bb3ffce..42471db 100644 --- a/pkg/attestation/verify.go +++ b/pkg/attestation/verify.go @@ -121,7 +121,7 @@ func verifySignature(ctx context.Context, sig Signature, payload []byte, keys Ke return fmt.Errorf("error failed to decode signature: %w", err) } // verify payload ecdsa signature - ok = ecdsa.VerifyASN1(publicKey, util.S256(payload), signature) + ok = ecdsa.VerifyASN1(publicKey, util.SHA256(payload), signature) if !ok { return fmt.Errorf("payload signature is not valid") } diff --git a/pkg/signerverifier/common.go b/pkg/signerverifier/common.go index 95c8554..75e9212 100644 --- a/pkg/signerverifier/common.go +++ b/pkg/signerverifier/common.go @@ -38,7 +38,7 @@ func (s *ECDSA256_SignerVerifier) Verify(ctx context.Context, data []byte, sig [ if !ok { return fmt.Errorf("public key is not ecdsa") } - ok = ecdsa.VerifyASN1(pub, util.S256(data), sig) + ok = ecdsa.VerifyASN1(pub, util.SHA256(data), sig) if !ok { return fmt.Errorf("payload signature is not valid") } diff --git a/pkg/signerverifier/keyid.go b/pkg/signerverifier/keyid.go index b38a934..4bd0c4a 100644 --- a/pkg/signerverifier/keyid.go +++ b/pkg/signerverifier/keyid.go @@ -13,5 +13,5 @@ func KeyID(pubKey crypto.PublicKey) (string, error) { if err != nil { return "", fmt.Errorf("error marshalling public key: %w", err) } - return util.HexHashBytes(pub), nil + return util.SHA256Hex(pub), nil } diff --git a/pkg/tlog/tl.go b/pkg/tlog/tl.go index 8c30ec0..8bddeab 100644 --- a/pkg/tlog/tl.go +++ b/pkg/tlog/tl.go @@ -7,7 +7,6 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/base64" - "encoding/hex" "encoding/pem" "fmt" "math/big" @@ -214,7 +213,7 @@ func (tl *RekorTL) VerifyEntryPayload(entryBytes, payload, publicKey []byte) err } // compare payload hashes - payloadHash := hex.EncodeToString(util.S256(payload)) + payloadHash := util.SHA256Hex(payload) if rekord.Hash != payloadHash { return fmt.Errorf("error payload and tl entry hash mismatch") } diff --git a/pkg/tlog/tl_test.go b/pkg/tlog/tl_test.go index 3354e3e..a51c3c9 100644 --- a/pkg/tlog/tl_test.go +++ b/pkg/tlog/tl_test.go @@ -44,7 +44,7 @@ func TestCreateX509Cert(t *testing.T) { func TestUploadAndVerifyLogEntry(t *testing.T) { // message digest payload := []byte("test") - hash := util.S256(payload) + hash := util.SHA256(payload) // generate ephemeral keys to sign message digest signer, err := signerverifier.GenKeyPair() diff --git a/pkg/tuf/registry_test.go b/pkg/tuf/registry_test.go index 2ab176a..cb8311a 100644 --- a/pkg/tuf/registry_test.go +++ b/pkg/tuf/registry_test.go @@ -121,7 +121,7 @@ func TestFindFileInManifest(t *testing.T) { // make test image manifest file := "test.json" data := []byte("test") - hash := v1.Hash{Algorithm: "sha256", Hex: util.HexHashBytes(data)} + hash := v1.Hash{Algorithm: "sha256", Hex: util.SHA256Hex(data)} img := empty.Image img = mutate.MediaType(img, types.OCIManifestSchema1) img = mutate.ConfigMediaType(img, types.OCIConfigJSON) diff --git a/pkg/tuf/tuf.go b/pkg/tuf/tuf.go index 48d0711..00808c5 100644 --- a/pkg/tuf/tuf.go +++ b/pkg/tuf/tuf.go @@ -44,7 +44,7 @@ func NewTufClient(initialRoot []byte, tufPath, metadataSource, targetsSource str tufSource = OciSource } - tufRootDigest := util.HexHashBytes(initialRoot) + tufRootDigest := util.SHA256Hex(initialRoot) // create a directory for each initial root.json metadataPath := filepath.Join(tufPath, tufRootDigest)