Tweak verify signature

2025-04-25 00:36:59 +00:00 · 2023-03-11 15:59:56 -08:00 · 2023-03-11 15:59:56 -08:00 · a3647eab81
commit a3647eab81
parent 74136da0c5
6 changed files with 15 additions and 10 deletions
--- a/Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
+++ b/Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
@ -24,7 +24,7 @@ public class AnySecretStore: SecretStore {
        _id = { secretStore.id }
        _secrets = { secretStore.secrets.map { AnySecret($0) } }
        _sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType, for: $2) }
-        _verify = { try secretStore.verify(data: $0, signature: $1, with: $2.base as! SecretStoreType.SecretType) }
+        _verify = { try secretStore.verify(signature: $0, for: $1, with: $2.base as! SecretStoreType.SecretType) }
        _existingPersistedAuthenticationContext = { secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) }
        _persistAuthentication = { try secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) }
        _reloadSecrets = { secretStore.reloadSecrets() }
@ -53,8 +53,8 @@ public class AnySecretStore: SecretStore {
        try _sign(data, secret, provenance)
    }

-    public func verify(data: Data, signature: Data, with secret: AnySecret) throws -> Bool {
-        try _verify(data, signature, secret)
+    public func verify(signature: Data, for data: Data, with secret: AnySecret) throws -> Bool {
+        try _verify(signature, data, secret)
    }

    public func existingPersistedAuthenticationContext(secret: AnySecret) -> PersistedAuthenticationContext? {
--- a/Sources/Packages/Sources/SecretKit/Types/SecretStore.swift
+++ b/Sources/Packages/Sources/SecretKit/Types/SecretStore.swift
@ -25,11 +25,11 @@ public protocol SecretStore: ObservableObject, Identifiable {

    /// Verifies that a signature is valid over a specified payload.
    /// - Parameters:
-    ///   - data: The data to verify the signature of.
    ///   - signature: The signature over the data.
+    ///   - data: The data to verify the signature of.
    ///   - secret: The secret whose signature to verify.
    /// - Returns: Whether the signature was verified.
-    func verify(data: Data, signature: Data, with secret: SecretType) throws -> Bool
+    func verify(signature: Data, for data: Data, with secret: SecretType) throws -> Bool

    /// Checks to see if there is currently a valid persisted authentication for a given secret.
    /// - Parameters:
--- a/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
+++ b/Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
@ -138,7 +138,7 @@ extension SecureEnclave {
            return signature as Data
        }

-        public func verify(data: Data, signature: Data, with secret: Secret) throws -> Bool {
+        public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
            let context = LAContext()
            context.localizedReason = "verify a signature using secret \"\(secret.name)\""
            context.localizedCancelTitle = "Deny"
--- a/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
+++ b/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
@ -86,7 +86,7 @@ extension SmartCard {
            }
            return signature as Data
        }
-        public func verify(data: Data, signature: Data, with secret: Secret) throws -> Bool {
+        public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
            let attributes = KeychainDictionary([
                kSecAttrKeyType: secret.algorithm.secAttrKeyType,
                kSecAttrKeySizeInBits: secret.keySize,
--- a/Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
+++ b/Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
@ -61,8 +61,13 @@ class AgentTests: XCTestCase {
        var rs = r
        rs.append(s)
        let signature = try! P256.Signing.ECDSASignature(rawRepresentation: rs)
-        let valid = try! P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey).isValidSignature(signature, for: dataToSign)
-        XCTAssertTrue(valid)
+        let refereneceValid = try! P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey).isValidSignature(signature, for: dataToSign)
+        let store = list.stores.first!
+        let valid = try? store.verify(signature: rs, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
+        let invalid = try? store.verify(signature: rs, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
+        XCTAssertTrue(refereneceValid)
+        XCTAssert(valid == true)
+        XCTAssert(invalid == false)
    }

    // MARK: Witness protocol
--- a/Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
+++ b/Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
@ -70,7 +70,7 @@ extension Stub {
            return SecKeyCreateSignature(privateKey, signatureAlgorithm, data as CFData, nil)! as Data
        }

-        public func verify(data: Data, signature: Data, with secret: Stub.Secret) throws -> Bool {
+        public func verify(signature: Data, for data: Data, with secret: Stub.Secret) throws -> Bool {
            let attributes = KeychainDictionary([
                kSecAttrKeyType: secret.algorithm.secAttrKeyType,
                kSecAttrKeySizeInBits: secret.keySize,