external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-04-10 17:47:19 +00:00
Code Issues Projects Releases Wiki Activity

Tweak verify signature

Browse Source
This commit is contained in:
Max Goedjen 2023-03-11 15:59:56 -08:00
parent 74136da0c5
commit a3647eab81
No known key found for this signature in database
6 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
View File

@ -24,7 +24,7 @@ public class AnySecretStore: SecretStore {
_id = { secretStore.id } _id = { secretStore.id }
_secrets = { secretStore.secrets.map { AnySecret($0) } } _secrets = { secretStore.secrets.map { AnySecret($0) } }
_sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType, for: $2) } _sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType, for: $2) }
_verify = { try secretStore.verify(data: $0, signature: $1, with: $2.base as! SecretStoreType.SecretType) } _verify = { try secretStore.verify(signature: $0, for: $1, with: $2.base as! SecretStoreType.SecretType) }
_existingPersistedAuthenticationContext = { secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) } _existingPersistedAuthenticationContext = { secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) }
_persistAuthentication = { try secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) } _persistAuthentication = { try secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) }
_reloadSecrets = { secretStore.reloadSecrets() } _reloadSecrets = { secretStore.reloadSecrets() }
@ -53,8 +53,8 @@ public class AnySecretStore: SecretStore {
try _sign(data, secret, provenance) try _sign(data, secret, provenance)
} }
public func verify(data: Data, signature: Data, with secret: AnySecret) throws -> Bool { public func verify(signature: Data, for data: Data, with secret: AnySecret) throws -> Bool {
try _verify(data, signature, secret) try _verify(signature, data, secret)
} }
public func existingPersistedAuthenticationContext(secret: AnySecret) -> PersistedAuthenticationContext? { public func existingPersistedAuthenticationContext(secret: AnySecret) -> PersistedAuthenticationContext? {

4
Sources/Packages/Sources/SecretKit/Types/SecretStore.swift
View File

@ -25,11 +25,11 @@ public protocol SecretStore: ObservableObject, Identifiable {
/// Verifies that a signature is valid over a specified payload. /// Verifies that a signature is valid over a specified payload.
/// - Parameters: /// - Parameters:
/// - data: The data to verify the signature of.
/// - signature: The signature over the data. /// - signature: The signature over the data.
/// - data: The data to verify the signature of.
/// - secret: The secret whose signature to verify. /// - secret: The secret whose signature to verify.
/// - Returns: Whether the signature was verified. /// - Returns: Whether the signature was verified.
func verify(data: Data, signature: Data, with secret: SecretType) throws -> Bool func verify(signature: Data, for data: Data, with secret: SecretType) throws -> Bool
/// Checks to see if there is currently a valid persisted authentication for a given secret. /// Checks to see if there is currently a valid persisted authentication for a given secret.
/// - Parameters: /// - Parameters:

2
Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
View File

@ -138,7 +138,7 @@ extension SecureEnclave {
return signature as Data return signature as Data
} }
public func verify(data: Data, signature: Data, with secret: Secret) throws -> Bool { public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
let context = LAContext() let context = LAContext()
context.localizedReason = "verify a signature using secret \"\(secret.name)\"" context.localizedReason = "verify a signature using secret \"\(secret.name)\""
context.localizedCancelTitle = "Deny" context.localizedCancelTitle = "Deny"

2
Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
View File

@ -86,7 +86,7 @@ extension SmartCard {
} }
return signature as Data return signature as Data
} }
public func verify(data: Data, signature: Data, with secret: Secret) throws -> Bool { public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
let attributes = KeychainDictionary([ let attributes = KeychainDictionary([
kSecAttrKeyType: secret.algorithm.secAttrKeyType, kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize, kSecAttrKeySizeInBits: secret.keySize,

9
Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
View File

@ -61,8 +61,13 @@ class AgentTests: XCTestCase {
var rs = r var rs = r
rs.append(s) rs.append(s)
let signature = try! P256.Signing.ECDSASignature(rawRepresentation: rs) let signature = try! P256.Signing.ECDSASignature(rawRepresentation: rs)
let valid = try! P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey).isValidSignature(signature, for: dataToSign) let refereneceValid = try! P256.Signing.PublicKey(x963Representation: Constants.Secrets.ecdsa256Secret.publicKey).isValidSignature(signature, for: dataToSign)
XCTAssertTrue(valid) let store = list.stores.first!
let valid = try? store.verify(signature: rs, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
let invalid = try? store.verify(signature: rs, for: dataToSign, with: AnySecret(Constants.Secrets.ecdsa256Secret))
XCTAssertTrue(refereneceValid)
XCTAssert(valid == true)
XCTAssert(invalid == false)
} }
// MARK: Witness protocol // MARK: Witness protocol

2
Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
View File

@ -70,7 +70,7 @@ extension Stub {
return SecKeyCreateSignature(privateKey, signatureAlgorithm, data as CFData, nil)! as Data return SecKeyCreateSignature(privateKey, signatureAlgorithm, data as CFData, nil)! as Data
} }
public func verify(data: Data, signature: Data, with secret: Stub.Secret) throws -> Bool { public func verify(signature: Data, for data: Data, with secret: Stub.Secret) throws -> Bool {
let attributes = KeychainDictionary([ let attributes = KeychainDictionary([
kSecAttrKeyType: secret.algorithm.secAttrKeyType, kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize, kSecAttrKeySizeInBits: secret.keySize,