Hashes revocation review: base64-encode instead of serde roundtrip.

Reviewed-by: Pietro Albini <[email protected]> Ticket: https://ferroussystems.clickup.com/t/86947z6fp
ferrocene · May 22, 2024 · 7733b97 · 7733b97
1 parent 0065677
commit 7733b97
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/crates/criticaltrust/src/errors.rs b/crates/criticaltrust/src/errors.rs
@@ -38,6 +38,4 @@ pub enum Error {
             aws_smithy_runtime_api::client::orchestrator::HttpResponse,
         >,
     ),
-    #[error("failed verification while converting signature to string")]
-    SignatureConversionFailure,
 }
diff --git a/crates/criticaltrust/src/keys/public.rs b/crates/criticaltrust/src/keys/public.rs
@@ -5,6 +5,7 @@ use crate::manifests::RevocationInfo;
 use crate::sha256::hash_sha256;
 use crate::signatures::{PublicKeysRepository, Signable, SignedPayload};
 use crate::Error;
+use base64::Engine;
 use serde::{Deserialize, Serialize};
 use time::OffsetDateTime;
 
@@ -51,13 +52,11 @@ impl PublicKey {
                 return Err(Error::VerificationFailed);
             }
 
-            let signature_as_string = match serde_json::to_string(signature) {
-                Ok(sig) => sig,
-                Err(_) => return Err(Error::SignatureConversionFailure),
-            };
+            let based_signature =
+                base64::engine::general_purpose::STANDARD.encode(signature.as_bytes());
             if verified_revoked_content
                 .revoked_content_sha256
-                .contains(&signature_as_string)
+                .contains(&based_signature)
             {
                 return Err(Error::VerificationFailed);
             }