go-uefi icon indicating copy to clipboard operation
go-uefi copied to clipboard

Published 20 hours ago verified publisher icon Foxboron

Feedback on new crypto primitives and API

Open Foxboron opened this issue 1 year ago • 2 comments

Yo,

I'm poking a bunch of people that is currently using this library to help provide feedback before I remove the old code. I assume people are relying on this code in different manners and It's hard for me to keep track.

  • pkcs7 and authenticode is rewritten with x/crypto/cryptobyte which is a lot easier to understand and deal with then the old struct based ASN.1 code.
  • authenticode appends signatures and rewrites the binary with several SectionReader and io.MultiReader. I suspect this is the less clever part of the new code instead of reading the file as a byte slice and doing surgery on the file that way.
  • efivarfs is a new abstraction to deal with efivarfs.
  • efivarfs/testfs now has several abstractions to support an in-memory efivarfs for testing purposes.
  • tests is rewritten with vmtest for EDKII/tianocore integration testing.

New code example to sign a binary in the README.md.

Feel free to come with opinions and requests for the rewritten code :)

@zaolin @smoser @werwurm @malt3 @flanfly @robertfairhead @smira @edgrz

Foxboron avatar Jan 28 '24 15:01 Foxboron

Sounds good, we will adapt to the new APIs as needed. Thanks for keeping us updated!

smira avatar Jan 29 '24 10:01 smira

Tested the new API for my use-case. The new authenticode parsing API looks nice and seems to produce identical results.

malt3 avatar Jan 29 '24 15:01 malt3

Old code has been removed in famour of the new stuff.

Closing this issue.

https://github.com/Foxboron/go-uefi/commit/35289af04a7516850b482599ccfb59f31f3ef0ae

Foxboron avatar May 16 '24 21:05 Foxboron