ax(ueps): rename signedData to hmacInputBuffer for predictable naming
signedData was ambiguous — it did not convey that the buffer holds accumulated header TLVs fed as input to HMAC, nor whether data was already signed or pending signing. hmacInputBuffer makes the purpose unambiguous on first read (AX Principle 1: predictable names over short names). Co-Authored-By: Charon <charon@lethean.io>
This commit is contained in:
Claude
parent
99f37ed1bc
commit
067a4c38f8
1 changed files with 21 additions and 21 deletions
|
|
@ -26,7 +26,7 @@ type ParsedPacket struct {
|
|||
// packet, err := ueps.ReadAndVerify(bufio.NewReader(conn), []byte("my-shared-secret"))
|
||||
// if err == nil { dispatch(packet.Header.IntentID, packet.Header.ThreatScore, packet.Payload) }
|
||||
func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, error) {
|
||||
var signedData bytes.Buffer
|
||||
var hmacInputBuffer bytes.Buffer
|
||||
header := UEPSHeader{}
|
||||
var hmacSignature []byte
|
||||
var payload []byte
|
||||
|
|
@ -58,36 +58,36 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
|
|||
switch tagType {
|
||||
case TagVersion:
|
||||
header.Version = tagValue[0]
|
||||
signedData.WriteByte(tagType)
|
||||
signedData.WriteByte(tagValueLength)
|
||||
signedData.Write(tagValue)
|
||||
hmacInputBuffer.WriteByte(tagType)
|
||||
hmacInputBuffer.WriteByte(tagValueLength)
|
||||
hmacInputBuffer.Write(tagValue)
|
||||
case TagCurrentLayer:
|
||||
header.CurrentLayer = tagValue[0]
|
||||
signedData.WriteByte(tagType)
|
||||
signedData.WriteByte(tagValueLength)
|
||||
signedData.Write(tagValue)
|
||||
hmacInputBuffer.WriteByte(tagType)
|
||||
hmacInputBuffer.WriteByte(tagValueLength)
|
||||
hmacInputBuffer.Write(tagValue)
|
||||
case TagTargetLayer:
|
||||
header.TargetLayer = tagValue[0]
|
||||
signedData.WriteByte(tagType)
|
||||
signedData.WriteByte(tagValueLength)
|
||||
signedData.Write(tagValue)
|
||||
hmacInputBuffer.WriteByte(tagType)
|
||||
hmacInputBuffer.WriteByte(tagValueLength)
|
||||
hmacInputBuffer.Write(tagValue)
|
||||
case TagIntent:
|
||||
header.IntentID = tagValue[0]
|
||||
signedData.WriteByte(tagType)
|
||||
signedData.WriteByte(tagValueLength)
|
||||
signedData.Write(tagValue)
|
||||
hmacInputBuffer.WriteByte(tagType)
|
||||
hmacInputBuffer.WriteByte(tagValueLength)
|
||||
hmacInputBuffer.Write(tagValue)
|
||||
case TagThreatScore:
|
||||
header.ThreatScore = binary.BigEndian.Uint16(tagValue)
|
||||
signedData.WriteByte(tagType)
|
||||
signedData.WriteByte(tagValueLength)
|
||||
signedData.Write(tagValue)
|
||||
hmacInputBuffer.WriteByte(tagType)
|
||||
hmacInputBuffer.WriteByte(tagValueLength)
|
||||
hmacInputBuffer.Write(tagValue)
|
||||
case TagHMAC:
|
||||
hmacSignature = tagValue
|
||||
default:
|
||||
// signedData.Write([]byte{tagType, tagValueLength}); signedData.Write(tagValue) — unknown tags included in HMAC
|
||||
signedData.WriteByte(tagType)
|
||||
signedData.WriteByte(tagValueLength)
|
||||
signedData.Write(tagValue)
|
||||
// hmacInputBuffer.Write([]byte{tagType, tagValueLength}); hmacInputBuffer.Write(tagValue) — unknown tags included in HMAC
|
||||
hmacInputBuffer.WriteByte(tagType)
|
||||
hmacInputBuffer.WriteByte(tagValueLength)
|
||||
hmacInputBuffer.Write(tagValue)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -96,7 +96,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
|
|||
}
|
||||
|
||||
messageAuthCode := hmac.New(sha256.New, sharedSecret)
|
||||
messageAuthCode.Write(signedData.Bytes())
|
||||
messageAuthCode.Write(hmacInputBuffer.Bytes())
|
||||
messageAuthCode.Write(payload)
|
||||
expectedMessageAuthCode := messageAuthCode.Sum(nil)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue