sumdb/note: catch a Verifiers that returns the wrong Verifier
The Verifier method gets the name and hash of the signature, and is
supposed to only return a Verifier for that name and hash. If it
doesn't, we can catch it by double checking the KeyHash and Name method
return values against the signature.
Change-Id: I39b2e3616ac389718ebc7eaa6263a43b9152b2fa
Reviewed-on: https://go-review.googlesource.com/c/mod/+/364854
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Al Cutter <alcutter@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Filippo Valsorda authored 2 years ago
Filippo Valsorda committed 2 years ago
| 495 | 495 |
}
|
| 496 | 496 |
|
| 497 | 497 |
var (
|
| 498 | |
errMalformedNote = errors.New("malformed note")
|
| 499 | |
errInvalidSigner = errors.New("invalid signer")
|
|
498 |
errMalformedNote = errors.New("malformed note")
|
|
499 |
errInvalidSigner = errors.New("invalid signer")
|
|
500 |
errMismatchedVerifier = errors.New("verifier name or hash doesn't match signature")
|
| 500 | 501 |
|
| 501 | 502 |
sigSplit = []byte("\n\n")
|
| 502 | 503 |
sigPrefix = []byte("— ")
|
|
| 586 | 587 |
}
|
| 587 | 588 |
if err != nil {
|
| 588 | 589 |
return nil, err
|
|
590 |
}
|
|
591 |
|
|
592 |
// Check that known.Verifier returned the right verifier.
|
|
593 |
if v.Name() != name || v.KeyHash() != hash {
|
|
594 |
return nil, errMismatchedVerifier
|
| 589 | 595 |
}
|
| 590 | 596 |
|
| 591 | 597 |
// Drop repeated signatures by a single verifier.
|
| 294 | 294 |
|
| 295 | 295 |
func (e *errSigner) Sign([]byte) ([]byte, error) {
|
| 296 | 296 |
return nil, errSurprise
|
|
297 |
}
|
|
298 |
|
|
299 |
type fixedVerifier struct{ v Verifier }
|
|
300 |
|
|
301 |
func (v fixedVerifier) Verifier(name string, hash uint32) (Verifier, error) {
|
|
302 |
return v.v, nil
|
| 297 | 303 |
}
|
| 298 | 304 |
|
| 299 | 305 |
func TestOpen(t *testing.T) {
|
|
| 426 | 432 |
t.Fatalf("Open bad msg = %v, %v, want nil, malformed note error\nmsg:\n%s", n, err, msg)
|
| 427 | 433 |
}
|
| 428 | 434 |
}
|
|
435 |
|
|
436 |
// Verifiers returns a Verifier for the wrong name or hash.
|
|
437 |
misnamedSig := strings.Replace(peterSig, "PeterNeumann", "CarmenSandiego", -1)
|
|
438 |
_, err = Open([]byte(text+"\n"+misnamedSig), fixedVerifier{peterVerifier})
|
|
439 |
if err != errMismatchedVerifier {
|
|
440 |
t.Fatalf("Open with wrong Verifier, err=%v, want errMismatchedVerifier", err)
|
|
441 |
}
|
|
442 |
wrongHash := strings.Replace(peterSig, "x08g", "xxxx", -1)
|
|
443 |
_, err = Open([]byte(text+"\n"+wrongHash), fixedVerifier{peterVerifier})
|
|
444 |
if err != errMismatchedVerifier {
|
|
445 |
t.Fatalf("Open with wrong Verifier, err=%v, want errMismatchedVerifier", err)
|
|
446 |
}
|
| 429 | 447 |
}
|
| 430 | 448 |
|
| 431 | 449 |
func BenchmarkOpen(b *testing.B) {
|