mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
cryptutil: remove unused functions (#4541)
Remove the unused functions Sign() and Verify().
This commit is contained in:
Kenneth Jenkins
GitHub
parent
4df62bb9dc
commit
01672528cb
2 changed files with 0 additions and 96 deletions
|
|
@ -4,8 +4,6 @@ import (
|
|||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
// NewSigningKey generates a random P-256 ECDSA private key.
|
||||
|
|
@ -14,37 +12,3 @@ import (
|
|||
func NewSigningKey() (*ecdsa.PrivateKey, error) {
|
||||
return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
}
|
||||
|
||||
// Sign signs arbitrary data using ECDSA.
|
||||
func Sign(data []byte, privkey *ecdsa.PrivateKey) ([]byte, error) {
|
||||
// hash message
|
||||
digest := sha256.Sum256(data)
|
||||
|
||||
// sign the hash
|
||||
r, s, err := ecdsa.Sign(rand.Reader, privkey, digest[:])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// encode the signature {R, S}
|
||||
// big.Int.Bytes() will need padding in the case of leading zero bytes
|
||||
params := privkey.Curve.Params()
|
||||
curveOrderByteSize := params.P.BitLen() / 8
|
||||
rBytes, sBytes := r.Bytes(), s.Bytes()
|
||||
signature := make([]byte, curveOrderByteSize*2)
|
||||
copy(signature[curveOrderByteSize-len(rBytes):], rBytes)
|
||||
copy(signature[curveOrderByteSize*2-len(sBytes):], sBytes)
|
||||
return signature, nil
|
||||
}
|
||||
|
||||
// Verify checks a raw ECDSA signature.
|
||||
// Returns true if it's valid and false if not.
|
||||
func Verify(data, signature []byte, pubkey *ecdsa.PublicKey) bool {
|
||||
// hash message
|
||||
digest := sha256.Sum256(data)
|
||||
curveOrderByteSize := pubkey.Curve.Params().P.BitLen() / 8
|
||||
r, s := new(big.Int), new(big.Int)
|
||||
r.SetBytes(signature[:curveOrderByteSize])
|
||||
s.SetBytes(signature[curveOrderByteSize:])
|
||||
return ecdsa.Verify(pubkey, digest[:], r, s)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,60 +0,0 @@
|
|||
package cryptutil
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestSign(t *testing.T) {
|
||||
message := []byte("Hello, world!")
|
||||
|
||||
key, err := NewSigningKey()
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
signature, err := Sign(message, key)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
if !Verify(message, signature, &key.PublicKey) {
|
||||
t.Error("signature was not correct")
|
||||
return
|
||||
}
|
||||
|
||||
message[0] ^= 0xff
|
||||
if Verify(message, signature, &key.PublicKey) {
|
||||
t.Error("signature was good for altered message")
|
||||
}
|
||||
}
|
||||
|
||||
func TestSignWithP384(t *testing.T) {
|
||||
message := []byte("Hello, world!")
|
||||
|
||||
key, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
signature, err := Sign(message, key)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
}
|
||||
|
||||
if !Verify(message, signature, &key.PublicKey) {
|
||||
t.Error("signature was not correct")
|
||||
return
|
||||
}
|
||||
|
||||
message[0] ^= 0xff
|
||||
if Verify(message, signature, &key.PublicKey) {
|
||||
t.Error("signature was good for altered message")
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue