Feedback on new crypto primitives and API
Foxboron opened this issue · 3 comments
Foxboron commented
Yo,
I'm poking a bunch of people that is currently using this library to help provide feedback before I remove the old code. I assume people are relying on this code in different manners and It's hard for me to keep track.
- pkcs7 and authenticode is rewritten with
x/crypto/cryptobyte
which is a lot easier to understand and deal with then the old struct based ASN.1 code. authenticode
appends signatures and rewrites the binary with severalSectionReader
andio.MultiReader
. I suspect this is the less clever part of the new code instead of reading the file as a byte slice and doing surgery on the file that way.efivarfs
is a new abstraction to deal withefivarfs
.- efivarfs/testfs now has several abstractions to support an in-memory
efivarfs
for testing purposes. - tests is rewritten with vmtest for EDKII/tianocore integration testing.
New code example to sign a binary in the README.md.
Feel free to come with opinions and requests for the rewritten code :)
@zaolin @smoser @werwurm @malt3 @flanfly @robertfairhead @smira @edgrz
smira commented
Sounds good, we will adapt to the new APIs as needed. Thanks for keeping us updated!
malt3 commented
Tested the new API for my use-case. The new authenticode parsing API looks nice and seems to produce identical results.