...
1 package keys
2
3 import (
4 "bytes"
5 "crypto/ecdsa"
6 "crypto/elliptic"
7 "crypto/sha256"
8 "encoding/json"
9 "errors"
10 "fmt"
11 "io"
12
13 "github.com/theupdateframework/go-tuf/data"
14 )
15
16 func NewDeprecatedEcdsaVerifier() Verifier {
17 return &ecdsaVerifierWithDeprecatedSupport{}
18 }
19
20 type ecdsaVerifierWithDeprecatedSupport struct {
21 key *data.PublicKey
22
23
24 Verifier
25 }
26
27 func (p *ecdsaVerifierWithDeprecatedSupport) UnmarshalPublicKey(key *data.PublicKey) error {
28 p.key = key
29 pemVerifier := &EcdsaVerifier{}
30 if err := pemVerifier.UnmarshalPublicKey(key); err != nil {
31
32 hexVerifier := &deprecatedP256Verifier{}
33 if err := hexVerifier.UnmarshalPublicKey(key); err != nil {
34 return err
35 }
36 p.Verifier = hexVerifier
37 return nil
38 }
39 p.Verifier = pemVerifier
40 return nil
41 }
42
43
49
50 type deprecatedP256Verifier struct {
51 PublicKey data.HexBytes `json:"public"`
52 key *data.PublicKey
53 }
54
55 func (p *deprecatedP256Verifier) Public() string {
56 return p.PublicKey.String()
57 }
58
59 func (p *deprecatedP256Verifier) Verify(msg, sigBytes []byte) error {
60 x, y := elliptic.Unmarshal(elliptic.P256(), p.PublicKey)
61 k := &ecdsa.PublicKey{
62 Curve: elliptic.P256(),
63 X: x,
64 Y: y,
65 }
66
67 hash := sha256.Sum256(msg)
68
69 if !ecdsa.VerifyASN1(k, hash[:], sigBytes) {
70 return errors.New("tuf: deprecated ecdsa signature verification failed")
71 }
72 return nil
73 }
74
75 func (p *deprecatedP256Verifier) MarshalPublicKey() *data.PublicKey {
76 return p.key
77 }
78
79 func (p *deprecatedP256Verifier) UnmarshalPublicKey(key *data.PublicKey) error {
80
81 dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
82
83
84 if err := dec.Decode(p); err != nil {
85 if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
86 return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
87 }
88 return err
89 }
90
91 curve := elliptic.P256()
92
93
94 x, _ := elliptic.Unmarshal(curve, p.PublicKey)
95 if x == nil {
96 return errors.New("tuf: invalid ecdsa public key point")
97 }
98
99 p.key = key
100 return nil
101 }
102
View as plain text