Skip to content

Commit beb01bb

Browse files
MichaelMureMichaelMure
committed
Remove support for varsig v0
1 parent 35ef54f commit beb01bb

15 files changed

+123
-591
lines changed

common.go

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -4,70 +4,70 @@ import "fmt"
44

55
// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
66

7-
// Ed25519 produces a varsig for EdDSA using Ed25519 curve.
7+
// Ed25519 produces a varsig for EdDSA using the Ed25519 curve.
88
// This algorithm is defined in [IANA JOSE specification].
9-
func Ed25519(payloadEncoding PayloadEncoding, opts ...Option) (EdDSAVarsig, error) {
10-
return NewEdDSAVarsig(CurveEd25519, HashSha2_512, payloadEncoding, opts...)
9+
func Ed25519(payloadEncoding PayloadEncoding) EdDSAVarsig {
10+
return NewEdDSAVarsig(CurveEd25519, HashSha2_512, payloadEncoding)
1111
}
1212

13-
// Ed448 produces a varsig for EdDSA using Ed448 curve.
13+
// Ed448 produces a varsig for EdDSA using the Ed448 curve.
1414
// This algorithm is defined in [IANA JOSE specification].
15-
func Ed448(payloadEncoding PayloadEncoding, opts ...Option) (EdDSAVarsig, error) {
16-
return NewEdDSAVarsig(CurveEd448, HashShake_256, payloadEncoding, opts...)
15+
func Ed448(payloadEncoding PayloadEncoding) EdDSAVarsig {
16+
return NewEdDSAVarsig(CurveEd448, HashShake_256, payloadEncoding)
1717
}
1818

1919
// RS256 produces a varsig for RSASSA-PKCS1-v1_5 using SHA-256.
2020
// This algorithm is defined in [IANA JOSE specification].
21-
func RS256(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (RSAVarsig, error) {
22-
return NewRSAVarsig(HashSha2_256, keyLength, payloadEncoding, opts...)
21+
func RS256(keyLength uint64, payloadEncoding PayloadEncoding) RSAVarsig {
22+
return NewRSAVarsig(HashSha2_256, keyLength, payloadEncoding)
2323
}
2424

2525
// RS384 produces a varsig for RSASSA-PKCS1-v1_5 using SHA-384.
2626
// This algorithm is defined in [IANA JOSE specification].
27-
func RS384(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (RSAVarsig, error) {
28-
return NewRSAVarsig(HashSha2_384, keyLength, payloadEncoding, opts...)
27+
func RS384(keyLength uint64, payloadEncoding PayloadEncoding) RSAVarsig {
28+
return NewRSAVarsig(HashSha2_384, keyLength, payloadEncoding)
2929
}
3030

3131
// RS512 produces a varsig for RSASSA-PKCS1-v1_5 using SHA-512.
3232
// This algorithm is defined in [IANA JOSE specification].
33-
func RS512(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (RSAVarsig, error) {
34-
return NewRSAVarsig(HashSha2_512, keyLength, payloadEncoding, opts...)
33+
func RS512(keyLength uint64, payloadEncoding PayloadEncoding) RSAVarsig {
34+
return NewRSAVarsig(HashSha2_512, keyLength, payloadEncoding)
3535
}
3636

3737
// ES256 produces a varsig for ECDSA using P-256 and SHA-256.
3838
// This algorithm is defined in [IANA JOSE specification].
39-
func ES256(payloadEncoding PayloadEncoding, opts ...Option) (ECDSAVarsig, error) {
40-
return NewECDSAVarsig(CurveP256, HashSha2_256, payloadEncoding, opts...)
39+
func ES256(payloadEncoding PayloadEncoding) ECDSAVarsig {
40+
return NewECDSAVarsig(CurveP256, HashSha2_256, payloadEncoding)
4141
}
4242

4343
// ES256K produces a varsig for ECDSA using secp256k1 curve and SHA-256.
4444
// This algorithm is defined in [IANA JOSE specification].
45-
func ES256K(payloadEncoding PayloadEncoding, opts ...Option) (ECDSAVarsig, error) {
46-
return NewECDSAVarsig(CurveSecp256k1, HashSha2_256, payloadEncoding, opts...)
45+
func ES256K(payloadEncoding PayloadEncoding) ECDSAVarsig {
46+
return NewECDSAVarsig(CurveSecp256k1, HashSha2_256, payloadEncoding)
4747
}
4848

4949
// ES384 produces a varsig for ECDSA using P-384 and SHA-384.
5050
// This algorithm is defined in [IANA JOSE specification].
51-
func ES384(payloadEncoding PayloadEncoding, opts ...Option) (ECDSAVarsig, error) {
52-
return NewECDSAVarsig(CurveP384, HashSha2_384, payloadEncoding, opts...)
51+
func ES384(payloadEncoding PayloadEncoding) ECDSAVarsig {
52+
return NewECDSAVarsig(CurveP384, HashSha2_384, payloadEncoding)
5353
}
5454

5555
// ES512 produces a varsig for ECDSA using P-521 and SHA-512.
5656
// This algorithm is defined in [IANA JOSE specification].
57-
func ES512(payloadEncoding PayloadEncoding, opts ...Option) (ECDSAVarsig, error) {
58-
return NewECDSAVarsig(CurveP521, HashSha2_512, payloadEncoding, opts...)
57+
func ES512(payloadEncoding PayloadEncoding) ECDSAVarsig {
58+
return NewECDSAVarsig(CurveP521, HashSha2_512, payloadEncoding)
5959
}
6060

6161
// EIP191 produces a varsig for ECDSA using the Secp256k1 curve, Keccak256 and encoded
6262
// with the "personal_sign" format defined by [EIP191].
6363
// payloadEncoding must be either PayloadEncodingEIP191Raw or PayloadEncodingEIP191Cbor.
6464
// [EIP191]: https://eips.ethereum.org/EIPS/eip-191
65-
func EIP191(payloadEncoding PayloadEncoding, opts ...Option) (ECDSAVarsig, error) {
65+
func EIP191(payloadEncoding PayloadEncoding) (ECDSAVarsig, error) {
6666
switch payloadEncoding {
6767
case PayloadEncodingEIP191Raw, PayloadEncodingEIP191Cbor:
6868
default:
6969
return ECDSAVarsig{}, fmt.Errorf("%w for EIP191: %v", ErrUnsupportedPayloadEncoding, payloadEncoding)
7070
}
7171

72-
return NewECDSAVarsig(CurveSecp256k1, HashKeccak256, payloadEncoding, opts...)
72+
return NewECDSAVarsig(CurveSecp256k1, HashKeccak_256, payloadEncoding), nil
7373
}

common_test.go

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -19,47 +19,47 @@ func TestRoundTrip(t *testing.T) {
1919
// Arbitrary use of presets
2020
{
2121
name: "Ed25519",
22-
varsig: must(varsig.Ed25519(varsig.PayloadEncodingDAGCBOR)),
22+
varsig: varsig.Ed25519(varsig.PayloadEncodingDAGCBOR),
2323
dataHex: "3401ed01ed011371",
2424
},
2525
{
2626
name: "Ed448",
27-
varsig: must(varsig.Ed448(varsig.PayloadEncodingDAGCBOR)),
27+
varsig: varsig.Ed448(varsig.PayloadEncodingDAGCBOR),
2828
dataHex: "3401ed0183241971",
2929
},
3030
{
3131
name: "RS256",
32-
varsig: must(varsig.RS256(0x100, varsig.PayloadEncodingDAGCBOR)),
32+
varsig: varsig.RS256(0x100, varsig.PayloadEncodingDAGCBOR),
3333
dataHex: "3401852412800271",
3434
},
3535
{
3636
name: "RS384",
37-
varsig: must(varsig.RS384(0x100, varsig.PayloadEncodingDAGCBOR)),
37+
varsig: varsig.RS384(0x100, varsig.PayloadEncodingDAGCBOR),
3838
dataHex: "3401852420800271",
3939
},
4040
{
4141
name: "RS512",
42-
varsig: must(varsig.RS512(0x100, varsig.PayloadEncodingDAGCBOR)),
42+
varsig: varsig.RS512(0x100, varsig.PayloadEncodingDAGCBOR),
4343
dataHex: "3401852413800271",
4444
},
4545
{
4646
name: "ES256",
47-
varsig: must(varsig.ES256(varsig.PayloadEncodingDAGCBOR)),
47+
varsig: varsig.ES256(varsig.PayloadEncodingDAGCBOR),
4848
dataHex: "3401ec0180241271",
4949
},
5050
{
5151
name: "ES256K",
52-
varsig: must(varsig.ES256K(varsig.PayloadEncodingDAGCBOR)),
52+
varsig: varsig.ES256K(varsig.PayloadEncodingDAGCBOR),
5353
dataHex: "3401ec01e7011271",
5454
},
5555
{
5656
name: "ES384",
57-
varsig: must(varsig.ES384(varsig.PayloadEncodingDAGCBOR)),
57+
varsig: varsig.ES384(varsig.PayloadEncodingDAGCBOR),
5858
dataHex: "3401ec0181242071",
5959
},
6060
{
6161
name: "ES512",
62-
varsig: must(varsig.ES512(varsig.PayloadEncodingDAGCBOR)),
62+
varsig: varsig.ES512(varsig.PayloadEncodingDAGCBOR),
6363
dataHex: "3401ec0182241371",
6464
},
6565
{
@@ -71,22 +71,22 @@ func TestRoundTrip(t *testing.T) {
7171
// from https://github.com/hugomrdias/iso-repo/blob/main/packages/iso-ucan/test/varsig.test.js
7272
{
7373
name: "RS256+RAW",
74-
varsig: must(varsig.RS256(256, varsig.PayloadEncodingVerbatim)),
74+
varsig: varsig.RS256(256, varsig.PayloadEncodingVerbatim),
7575
dataBytes: []byte{52, 1, 133, 36, 18, 128, 2, 95},
7676
},
7777
{
7878
name: "ES256+RAW",
79-
varsig: must(varsig.ES256(varsig.PayloadEncodingVerbatim)),
79+
varsig: varsig.ES256(varsig.PayloadEncodingVerbatim),
8080
dataBytes: []byte{52, 1, 236, 1, 128, 36, 18, 95},
8181
},
8282
{
8383
name: "ES512+RAW",
84-
varsig: must(varsig.ES512(varsig.PayloadEncodingVerbatim)),
84+
varsig: varsig.ES512(varsig.PayloadEncodingVerbatim),
8585
dataBytes: []byte{52, 1, 236, 1, 130, 36, 19, 95},
8686
},
8787
{
8888
name: "ES256K+RAW",
89-
varsig: must(varsig.ES256K(varsig.PayloadEncodingVerbatim)),
89+
varsig: varsig.ES256K(varsig.PayloadEncodingVerbatim),
9090
dataBytes: []byte{52, 1, 236, 1, 231, 1, 18, 95},
9191
},
9292
{
@@ -117,7 +117,6 @@ func TestRoundTrip(t *testing.T) {
117117
require.Equal(t, tc.varsig.Version(), rt.Version())
118118
require.Equal(t, tc.varsig.Discriminator(), rt.Discriminator())
119119
require.Equal(t, tc.varsig.PayloadEncoding(), rt.PayloadEncoding())
120-
require.Equal(t, tc.varsig.Signature(), rt.Signature())
121120

122121
switch vs := tc.varsig.(type) {
123122
case varsig.EdDSAVarsig:

constant.go

Lines changed: 31 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,14 @@ const (
3737

3838
HashShake_256 = Hash(0x19)
3939

40-
HashKeccak256 = Hash(0x1b)
41-
HashKeccak512 = Hash(0x1d)
40+
HashKeccak_256 = Hash(0x1b)
41+
HashKeccak_512 = Hash(0x1d)
42+
43+
// You should likely not use those:
44+
HashRipemd_160 = Hash(0x1053)
45+
HashMd4 = Hash(0xd4)
46+
HashMd5 = Hash(0xd5)
47+
HashSha1 = Hash(0x11)
4248
)
4349

4450
// DecodeHashAlgorithm reads and validates the expected hash algorithm
@@ -67,8 +73,12 @@ func DecodeHashAlgorithm(r BytesReader) (Hash, error) {
6773
HashBlake2b_384,
6874
HashBlake2b_512,
6975
HashShake_256,
70-
HashKeccak256,
71-
HashKeccak512:
76+
HashKeccak_256,
77+
HashKeccak_512,
78+
HashRipemd_160,
79+
HashMd4,
80+
HashMd5,
81+
HashSha1:
7282
return h, nil
7383
default:
7484
return HashUnspecified, fmt.Errorf("%w: %x", ErrUnknownHash, h)
@@ -82,7 +92,6 @@ type PayloadEncoding int
8292

8393
// Constant values that allow Varsig implementations to specify how the
8494
// payload content is encoded before being hashed.
85-
// In varsig >= v1, only canonical encoding is allowed.
8695
const (
8796
PayloadEncodingUnspecified = PayloadEncoding(iota)
8897
PayloadEncodingVerbatim
@@ -105,67 +114,34 @@ const (
105114

106115
// DecodePayloadEncoding reads and validates the expected canonical payload
107116
// encoding of the data to be signed.
108-
func DecodePayloadEncoding(r BytesReader, vers Version) (PayloadEncoding, error) {
117+
func DecodePayloadEncoding(r BytesReader) (PayloadEncoding, error) {
109118
seg1, err := binary.ReadUvarint(r)
110119
if err != nil {
111120
return PayloadEncodingUnspecified, fmt.Errorf("%w: %w", ErrUnsupportedPayloadEncoding, err)
112121
}
113122

114-
switch vers {
115-
case Version0:
116-
switch seg1 {
117-
case encodingSegmentVerbatim:
118-
return PayloadEncodingVerbatim, nil
119-
case encodingSegmentDAGPB:
120-
return PayloadEncodingDAGPB, nil
121-
case encodingSegmentDAGCBOR:
122-
return PayloadEncodingDAGCBOR, nil
123-
case encodingSegmentDAGJSON:
124-
return PayloadEncodingDAGJSON, nil
125-
case encodingSegmentEIP191:
126-
seg2, err := binary.ReadUvarint(r)
127-
if err != nil {
128-
return PayloadEncodingUnspecified, fmt.Errorf("%w: incomplete EIP191 encoding: %w", ErrUnsupportedPayloadEncoding, err)
129-
}
130-
switch seg2 {
131-
case encodingSegmentVerbatim:
132-
return PayloadEncodingEIP191Raw, nil
133-
case encodingSegmentDAGCBOR:
134-
return PayloadEncodingEIP191Cbor, nil
135-
default:
136-
return PayloadEncodingUnspecified, fmt.Errorf("%w: version=%d, encoding=%x+%x", ErrUnsupportedPayloadEncoding, vers, seg1, seg2)
137-
}
138-
case encodingSegmentJWT:
139-
return PayloadEncodingJWT, nil
140-
default:
141-
return PayloadEncodingUnspecified, fmt.Errorf("%w: version=%d, encoding=%x", ErrUnsupportedPayloadEncoding, vers, seg1)
123+
switch seg1 {
124+
case encodingSegmentVerbatim:
125+
return PayloadEncodingVerbatim, nil
126+
case encodingSegmentDAGCBOR:
127+
return PayloadEncodingDAGCBOR, nil
128+
case encodingSegmentDAGJSON:
129+
return PayloadEncodingDAGJSON, nil
130+
case encodingSegmentEIP191:
131+
seg2, err := binary.ReadUvarint(r)
132+
if err != nil {
133+
return PayloadEncodingUnspecified, fmt.Errorf("%w: incomplete EIP191 encoding: %w", ErrUnsupportedPayloadEncoding, err)
142134
}
143-
case Version1:
144-
switch seg1 {
135+
switch seg2 {
145136
case encodingSegmentVerbatim:
146-
return PayloadEncodingVerbatim, nil
137+
return PayloadEncodingEIP191Raw, nil
147138
case encodingSegmentDAGCBOR:
148-
return PayloadEncodingDAGCBOR, nil
149-
case encodingSegmentDAGJSON:
150-
return PayloadEncodingDAGJSON, nil
151-
case encodingSegmentEIP191:
152-
seg2, err := binary.ReadUvarint(r)
153-
if err != nil {
154-
return PayloadEncodingUnspecified, fmt.Errorf("%w: incomplete EIP191 encoding: %w", ErrUnsupportedPayloadEncoding, err)
155-
}
156-
switch seg2 {
157-
case encodingSegmentVerbatim:
158-
return PayloadEncodingEIP191Raw, nil
159-
case encodingSegmentDAGCBOR:
160-
return PayloadEncodingEIP191Cbor, nil
161-
default:
162-
return PayloadEncodingUnspecified, fmt.Errorf("%w: version=%d, encoding=%x+%x", ErrUnsupportedPayloadEncoding, vers, seg1, seg2)
163-
}
139+
return PayloadEncodingEIP191Cbor, nil
164140
default:
165-
return PayloadEncodingUnspecified, fmt.Errorf("%w: version=%d, encoding=%x", ErrUnsupportedPayloadEncoding, vers, seg1)
141+
return PayloadEncodingUnspecified, fmt.Errorf("%w: encoding=%x+%x", ErrUnsupportedPayloadEncoding, seg1, seg2)
166142
}
167143
default:
168-
return 0, ErrUnsupportedVersion
144+
return PayloadEncodingUnspecified, fmt.Errorf("%w: encoding=%x", ErrUnsupportedPayloadEncoding, seg1)
169145
}
170146
}
171147

constant_test.go

Lines changed: 4 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -53,18 +53,10 @@ func TestDecodePayloadEncoding(t *testing.T) {
5353
t.Run("passes", func(t *testing.T) {
5454
t.Parallel()
5555

56-
t.Run("v0", func(t *testing.T) {
57-
t.Parallel()
58-
59-
payEnc, err := varsig.DecodePayloadEncoding(bytes.NewReader([]byte{0x5f}), varsig.Version1)
60-
require.NoError(t, err)
61-
require.Equal(t, varsig.PayloadEncodingVerbatim, payEnc)
62-
})
63-
6456
t.Run("v1", func(t *testing.T) {
6557
t.Parallel()
6658

67-
payEnc, err := varsig.DecodePayloadEncoding(bytes.NewReader([]byte{0x5f}), varsig.Version1)
59+
payEnc, err := varsig.DecodePayloadEncoding(bytes.NewReader([]byte{0x5f}))
6860
require.NoError(t, err)
6961
require.Equal(t, varsig.PayloadEncodingVerbatim, payEnc)
7062
})
@@ -76,27 +68,13 @@ func TestDecodePayloadEncoding(t *testing.T) {
7668
tests := []struct {
7769
name string
7870
data []byte
79-
vers varsig.Version
8071
err error
8172
}{
8273
{
83-
name: "unsupported encoding - v0",
84-
data: []byte{0x42}, // random
85-
vers: varsig.Version0,
86-
err: varsig.ErrUnsupportedPayloadEncoding,
87-
},
88-
{
89-
name: "unsupported encoding - v1",
74+
name: "unsupported encoding",
9075
data: []byte{0x6a, 0x77}, // JWT
91-
vers: varsig.Version1,
9276
err: varsig.ErrUnsupportedPayloadEncoding,
9377
},
94-
{
95-
name: "unsupported version",
96-
data: []byte{0x5f}, // Verbatim
97-
vers: 99, // random
98-
err: varsig.ErrUnsupportedVersion,
99-
},
10078
}
10179

10280
for _, tt := range tests {
@@ -105,10 +83,8 @@ func TestDecodePayloadEncoding(t *testing.T) {
10583
t.Parallel()
10684

10785
r := bytes.NewReader(tt.data)
108-
_, err := varsig.DecodePayloadEncoding(r, tt.vers)
86+
_, err := varsig.DecodePayloadEncoding(r)
10987
require.ErrorIs(t, err, tt.err)
110-
// t.Log(err)
111-
// t.Fail()
11288
})
11389
}
11490
})
@@ -118,6 +94,6 @@ func BenchmarkDecodePayloadEncoding(b *testing.B) {
11894
b.ReportAllocs()
11995
data := []byte{0x5f}
12096
for i := 0; i < b.N; i++ {
121-
_, _ = varsig.DecodePayloadEncoding(bytes.NewReader(data), varsig.Version1)
97+
_, _ = varsig.DecodePayloadEncoding(bytes.NewReader(data))
12298
}
12399
}

0 commit comments

Comments
 (0)