crypto: integrate varsig #17
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR integrates the go-varsig library to provide standardized variable signature support across the crypto implementation. The change replaces the simple Verify method with separate VerifyBytes and VerifyASN1 methods that accept signing options and support varsig validation.
- Adds
go-varsigdependency and updates Go version to 1.24.4 - Refactors verification methods to support both raw bytes and ASN.1 signature formats with varsig validation
- Updates interface definitions and function calls throughout the codebase to use the new verification methods
Reviewed Changes
Copilot reviewed 28 out of 30 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Updates Go version and adds go-varsig dependency |
| interfaces.go | Replaces single Verify method with VerifyBytes and VerifyASN1 methods |
| utilities.go | Updates utility functions to use new verification methods |
| crypto/options.go | Adds varsig support to signing options with validation logic |
| crypto/hash.go | Adds conversion between internal hash types and varsig hash types |
| crypto/public.go | Extracts public key interfaces to separate file |
| crypto/private.go | Adds Varsig method to private key interfaces |
| crypto/*/public.go | Implements varsig validation in verification methods |
| crypto/*/private.go | Adds Varsig method implementations |
| verifiers/_methods/* | Updates verification methods to new interface |
| *_test.go | Updates test calls to use new verification methods |
Comments suppressed due to low confidence (2)
go.mod:3
- Go version 1.24.4 does not exist. The latest stable Go version as of my knowledge cutoff is 1.23.x. This appears to be a future version that may not be available.
go 1.24.4
go.mod:5
- Go toolchain version 1.24.5 does not exist. This appears to be a future version that may not be available.
toolchain go1.24.5
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring alerts on:
|
|
@SocketSecurity ignore-all |
smoyer64
left a comment
smoyer64
left a comment
There was a problem hiding this comment.
It seems like the crypto and verifiers packages are now very specific to DIDs - should we move these to internal so that it's not part of the exported API?
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
No description provided.