Merge pull request #6 from adityasaky/update-pae

adityasaky · web-flow · commit 1966c4ac3537 · 2021-11-10T11:35:14.000-05:00
Update PAE to expect byte sequence for payload
diff --git a/dsse/sign.go b/dsse/sign.go
@@ -48,7 +48,7 @@ type Signature struct {
 PAE implementes the DSSE Pre-Authentic Encoding
 https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition
 */
-func PAE(payloadType, payload string) []byte {
+func PAE(payloadType string, payload []byte) []byte {
 	return []byte(fmt.Sprintf("DSSEv1 %d %s %d %s",
 		len(payloadType), payloadType,
 		len(payload), payload))
@@ -124,7 +124,7 @@ func (es *EnvelopeSigner) SignPayload(payloadType string, body []byte) (*Envelop
 		PayloadType: payloadType,
 	}
 
-	paeEnc := PAE(payloadType, string(body))
+	paeEnc := PAE(payloadType, body)
 
 	for _, signer := range es.providers {
 		sig, keyID, err := signer.Sign(paeEnc)
diff --git a/dsse/sign_test.go b/dsse/sign_test.go
@@ -20,13 +20,19 @@ func TestPAE(t *testing.T) {
 	t.Run("Empty", func(t *testing.T) {
 		var want = []byte("DSSEv1 0  0 ")
 
-		got := PAE("", "")
+		got := PAE("", []byte{})
 		assert.Equal(t, want, got, "Wrong encoding")
 	})
 	t.Run("Hello world", func(t *testing.T) {
 		var want = []byte("DSSEv1 29 http://example.com/HelloWorld 11 hello world")
 
-		got := PAE("http://example.com/HelloWorld", "hello world")
+		got := PAE("http://example.com/HelloWorld", []byte("hello world"))
+		assert.Equal(t, want, got, "Wrong encoding")
+	})
+	t.Run("Unicode-only", func(t *testing.T) {
+		var want = []byte("DSSEv1 29 http://example.com/HelloWorld 3 ಠ")
+
+		got := PAE("http://example.com/HelloWorld", []byte("ಠ"))
 		assert.Equal(t, want, got, "Wrong encoding")
 	})
 }
@@ -144,7 +150,7 @@ func TestNoSigners(t *testing.T) {
 func TestNilSign(t *testing.T) {
 	var keyID = "nil"
 	var payloadType = "http://example.com/HelloWorld"
-	var payload = "hello world"
+	var payload = []byte("hello world")
 
 	pae := PAE(payloadType, payload)
 	want := Envelope{
diff --git a/dsse/verify.go b/dsse/verify.go
@@ -29,7 +29,7 @@ func (ev *EnvelopeVerifier) Verify(e *Envelope) error {
 		return err
 	}
 	// Generate PAE(payloadtype, serialized body)
-	paeEnc := PAE(e.PayloadType, string(body))
+	paeEnc := PAE(e.PayloadType, body)
 
 	// If *any* signature is found to be incorrect, the entire verification
 	// step fails even if *some* signatures are correct.

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func (ev EnvelopeVerifier) Verify(e Envelope) error {`
`29`	`29`	`return err`
`30`	`30`	`}`
`31`	`31`	`// Generate PAE(payloadtype, serialized body)`
`32`		`- paeEnc := PAE(e.PayloadType, string(body))`
	`32`	`+ paeEnc := PAE(e.PayloadType, body)`
`33`	`33`
`34`	`34`	`// If any signature is found to be incorrect, the entire verification`
`35`	`35`	`// step fails even if some signatures are correct.`