From 01672528cbe013f5ab35a11570acfafdeade0a05 Mon Sep 17 00:00:00 2001 From: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> Date: Thu, 14 Sep 2023 11:25:19 -0700 Subject: [PATCH] cryptutil: remove unused functions (#4541) Remove the unused functions Sign() and Verify(). --- pkg/cryptutil/sign.go | 36 ----------------------- pkg/cryptutil/sign_test.go | 60 -------------------------------------- 2 files changed, 96 deletions(-) delete mode 100644 pkg/cryptutil/sign_test.go diff --git a/pkg/cryptutil/sign.go b/pkg/cryptutil/sign.go index 4d1a51f71..dad16c942 100644 --- a/pkg/cryptutil/sign.go +++ b/pkg/cryptutil/sign.go @@ -4,8 +4,6 @@ import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" - "crypto/sha256" - "math/big" ) // NewSigningKey generates a random P-256 ECDSA private key. @@ -14,37 +12,3 @@ import ( func NewSigningKey() (*ecdsa.PrivateKey, error) { return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) } - -// Sign signs arbitrary data using ECDSA. -func Sign(data []byte, privkey *ecdsa.PrivateKey) ([]byte, error) { - // hash message - digest := sha256.Sum256(data) - - // sign the hash - r, s, err := ecdsa.Sign(rand.Reader, privkey, digest[:]) - if err != nil { - return nil, err - } - - // encode the signature {R, S} - // big.Int.Bytes() will need padding in the case of leading zero bytes - params := privkey.Curve.Params() - curveOrderByteSize := params.P.BitLen() / 8 - rBytes, sBytes := r.Bytes(), s.Bytes() - signature := make([]byte, curveOrderByteSize*2) - copy(signature[curveOrderByteSize-len(rBytes):], rBytes) - copy(signature[curveOrderByteSize*2-len(sBytes):], sBytes) - return signature, nil -} - -// Verify checks a raw ECDSA signature. -// Returns true if it's valid and false if not. -func Verify(data, signature []byte, pubkey *ecdsa.PublicKey) bool { - // hash message - digest := sha256.Sum256(data) - curveOrderByteSize := pubkey.Curve.Params().P.BitLen() / 8 - r, s := new(big.Int), new(big.Int) - r.SetBytes(signature[:curveOrderByteSize]) - s.SetBytes(signature[curveOrderByteSize:]) - return ecdsa.Verify(pubkey, digest[:], r, s) -} diff --git a/pkg/cryptutil/sign_test.go b/pkg/cryptutil/sign_test.go deleted file mode 100644 index 7d68c10ca..000000000 --- a/pkg/cryptutil/sign_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package cryptutil - -import ( - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "testing" -) - -func TestSign(t *testing.T) { - message := []byte("Hello, world!") - - key, err := NewSigningKey() - if err != nil { - t.Error(err) - return - } - - signature, err := Sign(message, key) - if err != nil { - t.Error(err) - return - } - - if !Verify(message, signature, &key.PublicKey) { - t.Error("signature was not correct") - return - } - - message[0] ^= 0xff - if Verify(message, signature, &key.PublicKey) { - t.Error("signature was good for altered message") - } -} - -func TestSignWithP384(t *testing.T) { - message := []byte("Hello, world!") - - key, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - if err != nil { - t.Error(err) - return - } - - signature, err := Sign(message, key) - if err != nil { - t.Error(err) - return - } - - if !Verify(message, signature, &key.PublicKey) { - t.Error("signature was not correct") - return - } - - message[0] ^= 0xff - if Verify(message, signature, &key.PublicKey) { - t.Error("signature was good for altered message") - } -}