~welt/murse

ref: signing murse/crypto.go -rw-r--r-- 1.4 KiB
408fd8d8welt Fix garbage JSON when wrapping revisions. 2 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package main

import (
	"crypto/ecdsa"
	"crypto/md5"
	"crypto/sha256"
	"crypto/x509"
	"encoding/hex"
	"encoding/pem"
	"errors"
	"io"
)

func verifyContents(key *ecdsa.PublicKey, content []byte, signature []byte) bool {
	hash := sha256.Sum256(content)
	return ecdsa.VerifyASN1(key, hash[:], signature)
}

// First value is the signature check, the second is the MD5 check
func verifyReaderMD5(key *ecdsa.PublicKey, r io.Reader, signature []byte, md5h string) (bool, bool, error) {
	hasher := md5.New()
	tee := io.TeeReader(r, hasher)
	ok, err := verifyReader(key, tee, signature)
	if err != nil {
		return false, false, err
	}

	if hex.EncodeToString(hasher.Sum(nil)) != md5h {
		return ok, false, errors.New("file failed hash check")
	}

	return ok, true, err
}

func verifyReader(key *ecdsa.PublicKey, r io.Reader, signature []byte) (bool, error) {
	hasher := sha256.New()
	_, err := io.Copy(hasher, r)
	if err != nil {
		return false, err
	}

	return ecdsa.VerifyASN1(key, hasher.Sum(nil), signature), err
}

func readPublicKey(key []byte) (*ecdsa.PublicKey, error) {
	block, _ := pem.Decode(key)
	if block == nil || block.Type != "PUBLIC KEY" {
		return nil, errors.New("pem: invalid data")
	}

	unparsed, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}

	if parsed, ok := unparsed.(*ecdsa.PublicKey); ok {
		return parsed, nil
	}

	return nil, err
}