andrewgdotcom
commented
3 months ago These have been tested in hockeypuck for the last few months without known issues.
Closed andrewgdotcom closed 2 months ago
andrewgdotcom
commented
3 months ago These have been tested in hockeypuck for the last few months without known issues.
andrewgdotcom
commented
2 months ago I suspect the build checks in this PR were stale at time of merging, they pre-date the big merge commit in 4deafc1e in which several key functions have changed their signatures. I can't build main currently on my machine, I'll try to submit a remedial patch asap.
andrewgdotcom
commented
2 months ago Also note that this PR did not touch the v2 API (because it didn't exist when I wrote it!). It may therefore need to be duplicated.
twiss
commented
2 months ago Ah right, my bad. Thanks!
The v2 API doesn't duplicate the packet subpackage, so I don't think it should need to be duplicated.
It is sometimes desirable(*) to check the plausibility of a signature over a piece of data based on its HashTag, in situations where we are unable to fully verify the signature (e.g. due to a third-party signing key being unavailable). This implements the necessary functions by mirroring the corresponding signature verification functions.
It is difficult to implement these functions at the application level, due to lack of access to private methods such as userIdSignatureHash(), serializeWithoutHeaders() etc.
(It crossed my mind that it might be worth factorising out the common code from VerifySignature and VerifyHashTag, but that would require care handling the mutated hash and the version exception)
(* https://github.com/hockeypuck/hockeypuck/issues/283)