sumdb/note: catch a Verifiers that returns the wrong Verifier
The Verifier method gets the name and hash of the signature, and is
supposed to only return a Verifier for that name and hash. If it
doesn't, we can catch it by double checking the KeyHash and Name method
return values against the signature.
Change-Id: I39b2e3616ac389718ebc7eaa6263a43b9152b2fa
Reviewed-on: https://go-review.googlesource.com/c/mod/+/364854
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Al Cutter <alcutter@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Filippo Valsorda authored 2 years ago
Filippo Valsorda committed 2 years ago
495 | 495 |
}
|
496 | 496 |
|
497 | 497 |
var (
|
498 | |
errMalformedNote = errors.New("malformed note")
|
499 | |
errInvalidSigner = errors.New("invalid signer")
|
|
498 |
errMalformedNote = errors.New("malformed note")
|
|
499 |
errInvalidSigner = errors.New("invalid signer")
|
|
500 |
errMismatchedVerifier = errors.New("verifier name or hash doesn't match signature")
|
500 | 501 |
|
501 | 502 |
sigSplit = []byte("\n\n")
|
502 | 503 |
sigPrefix = []byte("— ")
|
|
586 | 587 |
}
|
587 | 588 |
if err != nil {
|
588 | 589 |
return nil, err
|
|
590 |
}
|
|
591 |
|
|
592 |
// Check that known.Verifier returned the right verifier.
|
|
593 |
if v.Name() != name || v.KeyHash() != hash {
|
|
594 |
return nil, errMismatchedVerifier
|
589 | 595 |
}
|
590 | 596 |
|
591 | 597 |
// Drop repeated signatures by a single verifier.
|
294 | 294 |
|
295 | 295 |
func (e *errSigner) Sign([]byte) ([]byte, error) {
|
296 | 296 |
return nil, errSurprise
|
|
297 |
}
|
|
298 |
|
|
299 |
type fixedVerifier struct{ v Verifier }
|
|
300 |
|
|
301 |
func (v fixedVerifier) Verifier(name string, hash uint32) (Verifier, error) {
|
|
302 |
return v.v, nil
|
297 | 303 |
}
|
298 | 304 |
|
299 | 305 |
func TestOpen(t *testing.T) {
|
|
426 | 432 |
t.Fatalf("Open bad msg = %v, %v, want nil, malformed note error\nmsg:\n%s", n, err, msg)
|
427 | 433 |
}
|
428 | 434 |
}
|
|
435 |
|
|
436 |
// Verifiers returns a Verifier for the wrong name or hash.
|
|
437 |
misnamedSig := strings.Replace(peterSig, "PeterNeumann", "CarmenSandiego", -1)
|
|
438 |
_, err = Open([]byte(text+"\n"+misnamedSig), fixedVerifier{peterVerifier})
|
|
439 |
if err != errMismatchedVerifier {
|
|
440 |
t.Fatalf("Open with wrong Verifier, err=%v, want errMismatchedVerifier", err)
|
|
441 |
}
|
|
442 |
wrongHash := strings.Replace(peterSig, "x08g", "xxxx", -1)
|
|
443 |
_, err = Open([]byte(text+"\n"+wrongHash), fixedVerifier{peterVerifier})
|
|
444 |
if err != errMismatchedVerifier {
|
|
445 |
t.Fatalf("Open with wrong Verifier, err=%v, want errMismatchedVerifier", err)
|
|
446 |
}
|
429 | 447 |
}
|
430 | 448 |
|
431 | 449 |
func BenchmarkOpen(b *testing.B) {
|