From 7733b97be503c7792326befee3688a258d9e2fc7 Mon Sep 17 00:00:00 2001 From: Amanjeev Sethi Date: Wed, 22 May 2024 10:02:38 -0400 Subject: [PATCH] Hashes revocation review: base64-encode instead of serde roundtrip. Reviewed-by: Pietro Albini Ticket: https://ferroussystems.clickup.com/t/86947z6fp --- crates/criticaltrust/src/errors.rs | 2 -- crates/criticaltrust/src/keys/public.rs | 9 ++++----- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/crates/criticaltrust/src/errors.rs b/crates/criticaltrust/src/errors.rs index 89d825c2..32aa20ab 100644 --- a/crates/criticaltrust/src/errors.rs +++ b/crates/criticaltrust/src/errors.rs @@ -38,6 +38,4 @@ pub enum Error { aws_smithy_runtime_api::client::orchestrator::HttpResponse, >, ), - #[error("failed verification while converting signature to string")] - SignatureConversionFailure, } diff --git a/crates/criticaltrust/src/keys/public.rs b/crates/criticaltrust/src/keys/public.rs index b6353212..9b8f82f1 100644 --- a/crates/criticaltrust/src/keys/public.rs +++ b/crates/criticaltrust/src/keys/public.rs @@ -5,6 +5,7 @@ use crate::manifests::RevocationInfo; use crate::sha256::hash_sha256; use crate::signatures::{PublicKeysRepository, Signable, SignedPayload}; use crate::Error; +use base64::Engine; use serde::{Deserialize, Serialize}; use time::OffsetDateTime; @@ -51,13 +52,11 @@ impl PublicKey { return Err(Error::VerificationFailed); } - let signature_as_string = match serde_json::to_string(signature) { - Ok(sig) => sig, - Err(_) => return Err(Error::SignatureConversionFailure), - }; + let based_signature = + base64::engine::general_purpose::STANDARD.encode(signature.as_bytes()); if verified_revoked_content .revoked_content_sha256 - .contains(&signature_as_string) + .contains(&based_signature) { return Err(Error::VerificationFailed); }