refactor: refactor pluginSigner to support new signature interface #131
Conversation
chloeyin
force-pushed
the
cose-pr1
branch
2 times, most recently
from
44c2e39 to
e2c3b75
Compare
Codecov Report
@@ Coverage Diff @@
## main #131 +/- ##
==========================================
- Coverage 72.79% 70.62% -2.17%
==========================================
Files 36 39 +3
Lines 2503 2669 +166
==========================================
+ Hits 1822 1885 +63
- Misses 544 632 +88
- Partials 137 152 +15
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
chloeyin
force-pushed
the
cose-pr1
branch
2 times, most recently
from
d232af2 to
2b26389
Compare
chloeyin
changed the title
chloeyin
force-pushed
the
cose-pr1
branch
2 times, most recently
from
db95979 to
bfccb79
Compare
chloeyin
force-pushed
the
cose-pr1
branch
2 times, most recently
from
d8a85f0 to
a2f21d6
Compare
| @@ -146,9 +145,9 @@ func (GenerateSignatureRequest) Command() Command { | |||
|
|
|||
| // GenerateSignatureResponse is the response of a generate-signature request. | |||
| type GenerateSignatureResponse struct { | |||
| KeyID string `json:"keyId"` | |||
| Signature []byte `json:"signature"` | |||
| SigningAlgorithm signer.SignatureAlgorithm `json:"signingAlgorithm"` | |||
There was a problem hiding this comment.
Can we use algorithm type instead of string?
There was a problem hiding this comment.
https://github.com/notaryproject/notaryproject/blob/main/specs/plugin-extensibility.md
I think spec requires a string value as the protocol to communicate with notation plugin.
E.g.
RSASSA-PSS-SHA-256: RSASSA-PSS with SHA-256
RSASSA-PSS-SHA-384: RSASSA-PSS with SHA-384
@shizhMSFT Can we reuse algorithm defined in notation-core-go?
signature/algorithm.go
Outdated
| const ( | ||
| ECDSA_SHA_256 = "ECDSA-SHA-256" | ||
| ECDSA_SHA_384 = "ECDSA-SHA-384" | ||
| ECDSA_SHA_512 = "ECDSA-SHA-512" | ||
| RSASSA_PSS_SHA_256 = "RSASSA-PSS-SHA-256" | ||
| RSASSA_PSS_SHA_384 = "RSASSA-PSS-SHA-384" | ||
| RSASSA_PSS_SHA_512 = "RSASSA-PSS-SHA-512" | ||
| ) |
There was a problem hiding this comment.
same here, spec describe it as a string
signature/algorithm.go
Outdated
| var InvalidKeySpec = signature.KeySpec{} | ||
|
|
||
| // KeySpecName returns the name of a keySpec according to the spec. | ||
| func KeySpecName(k signature.KeySpec) string { |
There was a problem hiding this comment.
signature/algorithm.go
Outdated
| case signature.AlgorithmES256: | ||
| return ECDSA_SHA_256 | ||
| case signature.AlgorithmES384: | ||
| return ECDSA_SHA_384 | ||
| case signature.AlgorithmES512: | ||
| return ECDSA_SHA_512 | ||
| case signature.AlgorithmPS256: | ||
| return RSASSA_PSS_SHA_256 | ||
| case signature.AlgorithmPS384: | ||
| return RSASSA_PSS_SHA_384 | ||
| case signature.AlgorithmPS512: | ||
| return RSASSA_PSS_SHA_512 |
There was a problem hiding this comment.
Why do we have different algo for core-go and for notation-go? Can we use one for both packages?
There was a problem hiding this comment.
keySpec : One of following supported key types - RSA-2048, RSA-3072, RSA-4096, EC-256, EC-384, EC-521. I think plugin spec requires them to be a string.
shizhMSFT
changed the title
signature/plugin.go
Outdated
| // TODO: pass media type as a parameter. | ||
| envelopeMediaType := jws.MediaTypeEnvelope |
There was a problem hiding this comment.
@priteshbandi Let's resolve this TODO in this PR. Although it will be an API change, it will be a small change in notation and will not block the alpha.4 release.
There was a problem hiding this comment.
Of course, we can defer it to post-alpha.4. It is just weird to have hard-coded envelopeMediaType in the code.
There was a problem hiding this comment.
Looks like @chloeyin has updated the pr with to pass envelopeMediaType as parameter.
signature/signer.go
Outdated
| // TODO: pass media type as a parameter | ||
| envelopeMediaType := jws.MediaTypeEnvelope |
| func ParseSigningAlgorithm(raw string) (signature.Algorithm, error) { | ||
| switch raw { | ||
| case ECDSA_SHA_256: | ||
| return signature.AlgorithmES256, nil | ||
| case ECDSA_SHA_384: | ||
| return signature.AlgorithmES384, nil | ||
| case ECDSA_SHA_512: | ||
| return signature.AlgorithmES512, nil | ||
| case RSASSA_PSS_SHA_256: | ||
| return signature.AlgorithmPS256, nil | ||
| case RSASSA_PSS_SHA_384: | ||
| return signature.AlgorithmPS384, nil | ||
| case RSASSA_PSS_SHA_512: | ||
| return signature.AlgorithmPS512, nil | ||
| } | ||
| return 0, errors.New("unknown signing algorithm") | ||
| } |
There was a problem hiding this comment.
Can we reuse mapping in SigningAlgorithmString function ?
The force push is rebasing the main branch. The latest change is here. 3479183 |
|
@chloeyin @shizhMSFT @yizha1 - this appears ready to merge after updating latest changes from main. I'd click to update it, but then it likely wouldn't be signed and it would then fail DCO. As this is blocking testing for Alpha 4 release, can we update/merge ASAP? @vaninrao10 @iamsamirzon |
Signed-off-by: zaihaoyin <[email protected]>
Signed-off-by: zaihaoyin <[email protected]>
Signed-off-by: zaihaoyin <[email protected]>
…provider Signed-off-by: zaihaoyin <[email protected]>
Signed-off-by: zaihaoyin <[email protected]>
Merged. notaryproject/notation#357 This pr will update dependency. |
What
Refactor
notation-goto support multiple envelope types.Background can be checked in notaryproject/notation#278
I wthe whole PR into two PRs to help review, this is the first PR. More unit test cases will be added in the next PR.
The whole picture is here #146
Major Changes
github.com/notaryproject/notation-core-go/signatureto sign and verify.runnerandsignerinto aproviderforpluginSignerto sign and remove thepluginSigProvider.builtinProviderto support local signing andexternalProviderto support signing by plugin.signaturepackage as mentioned in refactor: refactor envelope and signer to support cose notation-core-go#73SpeculateSignatureEnvelopeFormatto inspect signature (This function may change later to better inspect a signature)Signed-off-by: zaihaoyin [email protected]