Snider/Mining
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ax(ueps): rename signature to hmacSignature for AX Principle 1 compliance
Some checks failed
Security Scan / security (push) Successful in 31s
Details
Test / test (push) Has been cancelled
Details

Browse source 
The variable name `signature` is ambiguous — any cryptographic operation
produces a signature. `hmacSignature` is unambiguous and self-describing,
consistent with the TagHMAC comment that already used `hmacSignature` as
the example parameter name.

Co-Authored-By: Charon <charon@lethean.io>
This commit is contained in:
Claude 2026-04-02 10:22:18 +01:00
parent c34e6da043
commit 729ad75d6f
No known key found for this signature in database
GPG key ID: AF404715446AEB41
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkg/ueps/packet.go
View file

@ -88,10 +88,10 @@ func (builder *PacketBuilder) MarshalAndSign(sharedSecret []byte) ([]byte, error
messageAuthCode := hmac.New(sha256.New, sharedSecret)
messageAuthCode.Write(frameBuffer.Bytes())
messageAuthCode.Write(builder.Payload)
signature := messageAuthCode.Sum(nil)
hmacSignature := messageAuthCode.Sum(nil)
// writeTLV(frameBuffer, TagHMAC, signature) → [0x06, 0x20, <32 bytes>]
if err := writeTLV(frameBuffer, TagHMAC, signature); err != nil {
// writeTLV(frameBuffer, TagHMAC, hmacSignature) → [0x06, 0x20, <32 bytes>]
if err := writeTLV(frameBuffer, TagHMAC, hmacSignature); err != nil {
return nil, err
}

8
pkg/ueps/reader.go
View file

@ -29,7 +29,7 @@ type ParsedPacket struct {
func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, error) {
var signedData bytes.Buffer
header := UEPSHeader{}
var signature []byte
var hmacSignature []byte
var payload []byte
for {
@ -85,7 +85,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
signedData.WriteByte(byte(tagLength))
signedData.Write(tagValue)
case TagHMAC:
signature = tagValue
hmacSignature = tagValue
default:
// signedData.WriteByte(unknownTag); signedData.Write(tagValue) — unknown tags contribute to HMAC, blocking injection
signedData.WriteByte(tagByte)
@ -94,7 +94,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
}
}
if len(signature) == 0 {
if len(hmacSignature) == 0 {
return nil, errMissingHMAC
}
@ -103,7 +103,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
messageAuthCode.Write(payload)
expectedMessageAuthCode := messageAuthCode.Sum(nil)
if !hmac.Equal(signature, expectedMessageAuthCode) {
if !hmac.Equal(hmacSignature, expectedMessageAuthCode) {
return nil, errIntegrityViolation
}