verify: Don't assume signature method, use key type
It is unsafe to use the signature method field, as it could result
in a key confusion attack. Use the key type instead.
Also, don't assume that we're only working with Ed25519.
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
diff --git a/verify/verify.go b/verify/verify.go
index b0823c7..ee07210 100644
--- a/verify/verify.go
+++ b/verify/verify.go
@@ -7,7 +7,6 @@
"github.com/flynn/go-tuf/data"
"github.com/tent/canonical-json-go"
- "golang.org/x/crypto/ed25519"
)
type signedMeta struct {
@@ -62,15 +61,7 @@
}
valid := make(map[string]struct{})
- var sigBytes [ed25519.SignatureSize]byte
for _, sig := range s.Signatures {
- if _, ok := Verifiers[sig.Method]; !ok {
- return ErrWrongMethod
- }
- if len(sig.Signature) != len(sigBytes) {
- return ErrInvalid
- }
-
if !roleData.ValidKey(sig.KeyID) {
continue
}
@@ -79,8 +70,7 @@
continue
}
- copy(sigBytes[:], sig.Signature)
- if err := Verifiers[sig.Method].Verify(key.Value.Public, msg, sigBytes[:]); err != nil {
+ if err := Verifiers[key.Type].Verify(key.Value.Public, msg, sig.Signature); err != nil {
return err
}
valid[sig.KeyID] = struct{}{}