From 067a4c38f82e142c8b8f585c9550e87010bb0ff4 Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 2 Apr 2026 12:21:22 +0100 Subject: [PATCH] ax(ueps): rename signedData to hmacInputBuffer for predictable naming MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit signedData was ambiguous — it did not convey that the buffer holds accumulated header TLVs fed as input to HMAC, nor whether data was already signed or pending signing. hmacInputBuffer makes the purpose unambiguous on first read (AX Principle 1: predictable names over short names). Co-Authored-By: Charon --- pkg/ueps/reader.go | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go index 91a674a..2c4ea3b 100644 --- a/pkg/ueps/reader.go +++ b/pkg/ueps/reader.go @@ -26,7 +26,7 @@ type ParsedPacket struct { // packet, err := ueps.ReadAndVerify(bufio.NewReader(conn), []byte("my-shared-secret")) // if err == nil { dispatch(packet.Header.IntentID, packet.Header.ThreatScore, packet.Payload) } func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, error) { - var signedData bytes.Buffer + var hmacInputBuffer bytes.Buffer header := UEPSHeader{} var hmacSignature []byte var payload []byte @@ -58,36 +58,36 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er switch tagType { case TagVersion: header.Version = tagValue[0] - signedData.WriteByte(tagType) - signedData.WriteByte(tagValueLength) - signedData.Write(tagValue) + hmacInputBuffer.WriteByte(tagType) + hmacInputBuffer.WriteByte(tagValueLength) + hmacInputBuffer.Write(tagValue) case TagCurrentLayer: header.CurrentLayer = tagValue[0] - signedData.WriteByte(tagType) - signedData.WriteByte(tagValueLength) - signedData.Write(tagValue) + hmacInputBuffer.WriteByte(tagType) + hmacInputBuffer.WriteByte(tagValueLength) + hmacInputBuffer.Write(tagValue) case TagTargetLayer: header.TargetLayer = tagValue[0] - signedData.WriteByte(tagType) - signedData.WriteByte(tagValueLength) - signedData.Write(tagValue) + hmacInputBuffer.WriteByte(tagType) + hmacInputBuffer.WriteByte(tagValueLength) + hmacInputBuffer.Write(tagValue) case TagIntent: header.IntentID = tagValue[0] - signedData.WriteByte(tagType) - signedData.WriteByte(tagValueLength) - signedData.Write(tagValue) + hmacInputBuffer.WriteByte(tagType) + hmacInputBuffer.WriteByte(tagValueLength) + hmacInputBuffer.Write(tagValue) case TagThreatScore: header.ThreatScore = binary.BigEndian.Uint16(tagValue) - signedData.WriteByte(tagType) - signedData.WriteByte(tagValueLength) - signedData.Write(tagValue) + hmacInputBuffer.WriteByte(tagType) + hmacInputBuffer.WriteByte(tagValueLength) + hmacInputBuffer.Write(tagValue) case TagHMAC: hmacSignature = tagValue default: - // signedData.Write([]byte{tagType, tagValueLength}); signedData.Write(tagValue) — unknown tags included in HMAC - signedData.WriteByte(tagType) - signedData.WriteByte(tagValueLength) - signedData.Write(tagValue) + // hmacInputBuffer.Write([]byte{tagType, tagValueLength}); hmacInputBuffer.Write(tagValue) — unknown tags included in HMAC + hmacInputBuffer.WriteByte(tagType) + hmacInputBuffer.WriteByte(tagValueLength) + hmacInputBuffer.Write(tagValue) } } @@ -96,7 +96,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er } messageAuthCode := hmac.New(sha256.New, sharedSecret) - messageAuthCode.Write(signedData.Bytes()) + messageAuthCode.Write(hmacInputBuffer.Bytes()) messageAuthCode.Write(payload) expectedMessageAuthCode := messageAuthCode.Sum(nil)