Skip to content

Commit

Permalink
verify: Add rsassa-pss-sha256 verifier, based on RSAVerifier removed in
Browse files Browse the repository at this point in the history 
theupdateframework#96 and ECDSA support added in theupdateframework#98
  • Loading branch information
@cce @lebauce
cce authored and lebauce committed Jul 26, 2021
1 parent f621e85 commit b51f4d6
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 7 deletions.
12 changes: 7 additions & 5 deletions data/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,13 @@ import (
)

const (
KeyIDLength = sha256.Size * 2
KeyTypeEd25519 = "ed25519"
KeyTypeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
KeySchemeEd25519 = "ed25519"
KeySchemeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
KeyIDLength = sha256.Size * 2
KeyTypeRSASSA_PSS_SHA256 = "rsassa-pss-sha256"
KeyTypeEd25519 = "ed25519"
KeyTypeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
KeySchemeRSASSA_PSS_SHA256 = "rsassa-pss-sha256"
KeySchemeEd25519 = "ed25519"
KeySchemeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
)

var (
Expand Down
40 changes: 38 additions & 2 deletions verify/verifiers.go
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
package verify

import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/asn1"
"math/big"

Expand All @@ -25,8 +28,9 @@ type Verifier interface {

// Verifiers is used to map key types to Verifier instances.
var Verifiers = map[string]Verifier{
data.KeySchemeEd25519: ed25519Verifier{},
data.KeySchemeECDSA_SHA2_P256: p256Verifier{},
data.KeySchemeEd25519: ed25519Verifier{},
data.KeySchemeECDSA_SHA2_P256: p256Verifier{},
data.KeySchemeRSASSA_PSS_SHA256: rsaVerifier{},
}

type ed25519Verifier struct{}
Expand Down Expand Up @@ -73,3 +77,35 @@ func (p256Verifier) ValidKey(k []byte) bool {
x, _ := elliptic.Unmarshal(elliptic.P256(), k)
return x != nil
}

type rsaVerifier struct{}

func (v rsaVerifier) Verify(key, msg, sig []byte) error {
digest := sha256.Sum256(msg)
pub, err := x509.ParsePKIXPublicKey(key)
if err != nil {
return ErrInvalid
}

rsaPub, ok := pub.(*rsa.PublicKey)
if !ok {
return ErrInvalid
}

if err = rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, digest[:], sig); err != nil {
return ErrInvalid
}
return nil
}

func (rsaVerifier) ValidKey(k []byte) bool {
pub, err := x509.ParsePKIXPublicKey(k)
if err != nil {
return false
}

if _, ok := pub.(*rsa.PublicKey); !ok {
return false
}
return true
}

0 comments on commit b51f4d6

Please sign in to comment.