Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feedback on new crypto primitives and API #20

Closed
Foxboron opened this issue Jan 28, 2024 · 3 comments
Closed

Feedback on new crypto primitives and API #20

Foxboron opened this issue Jan 28, 2024 · 3 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed question Further information is requested

Comments

@Foxboron
Copy link
Owner

Foxboron commented Jan 28, 2024
edited

Yo,

I'm poking a bunch of people that is currently using this library to help provide feedback before I remove the old code. I assume people are relying on this code in different manners and It's hard for me to keep track.

  • pkcs7 and authenticode is rewritten with x/crypto/cryptobyte which is a lot easier to understand and deal with then the old struct based ASN.1 code.
  • authenticode appends signatures and rewrites the binary with several SectionReader and io.MultiReader. I suspect this is the less clever part of the new code instead of reading the file as a byte slice and doing surgery on the file that way.
  • efivarfs is a new abstraction to deal with efivarfs.
  • efivarfs/testfs now has several abstractions to support an in-memory efivarfs for testing purposes.
  • tests is rewritten with vmtest for EDKII/tianocore integration testing.

New code example to sign a binary in the README.md.

Feel free to come with opinions and requests for the rewritten code :)

@zaolin @smoser @werwurm @malt3 @flanfly @robertfairhead @smira @edgrz
@Foxboron Foxboron added documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed question Further information is requested labels Jan 28, 2024
@smira
Copy link
Contributor

smira commented Jan 29, 2024

Sounds good, we will adapt to the new APIs as needed. Thanks for keeping us updated!

@malt3
Copy link

malt3 commented Jan 29, 2024

Tested the new API for my use-case. The new authenticode parsing API looks nice and seems to produce identical results.

ln5 pushed a commit to system-transparency/stmgr that referenced this issue Apr 4, 2024
@quite
Sign the UKI for Secure Boot (optional)
5605303 
Signing is attempted if and only if both -signkey and -signcert as
passed.

go-uefi has a new API for authenticode signing, but it is not used as it
does not seem to be finalized. See:
Foxboron/go-uefi#20
@Foxboron
Copy link
Owner Author

Old code has been removed in famour of the new stuff.

Closing this issue.

35289af

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@smira @Foxboron @malt3