Skip to content

Commit

Permalink
Update in-toto-golang to pick up the latest interface changes. (#341)
Browse files Browse the repository at this point in the history 
Signed-off-by: Dan Lorenc <dlorenc@google.com>
  • Loading branch information
dlorenc authored Jun 28, 2021
1 parent cc11953 commit 428f264
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 17 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ require (
github.com/google/go-cmp v0.5.6
github.com/google/rpmpack v0.0.0-20210107155803-d6befbf05148
github.com/google/trillian v1.3.14-0.20210413093047-5e12fb368c8f
github.com/in-toto/in-toto-golang v0.1.1-0.20210528150343-f7dc21abaccf
github.com/in-toto/in-toto-golang v0.2.1-0.20210627200632-886210ae2ab9
github.com/jedisct1/go-minisign v0.0.0-20210106175330-e54e81d562c7
github.com/mediocregopher/radix/v4 v4.0.0-beta.1
github.com/mitchellh/go-homedir v1.1.0
Expand Down
7 changes: 4 additions & 3 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -695,8 +695,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:
github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/in-toto/in-toto-golang v0.1.1-0.20210528150343-f7dc21abaccf h1:yysOUUcpkuGZ0BZUtL+whU22H56Hqya/p636tGceacc=
github.com/in-toto/in-toto-golang v0.1.1-0.20210528150343-f7dc21abaccf/go.mod h1:kOcoAhaukFZpRm6D53dd2xB++q065UxKi938k81l1aM=
github.com/in-toto/in-toto-golang v0.2.1-0.20210627200632-886210ae2ab9 h1:j7klXz5kh0ydPmHkBtJ/Al27G1/au4sH7OkGhkgRJWg=
github.com/in-toto/in-toto-golang v0.2.1-0.20210627200632-886210ae2ab9/go.mod h1:Skbg04kmfB7IAnEIsspKPg/ny1eiFt/TgPr9SDCHusA=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
Expand Down Expand Up @@ -1444,8 +1444,9 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210503173754-0981d6026fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 h1:JWgyZ1qgdTaF3N3oxC+MdTV7qvEEgHo3otj+HB5CM7Q=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M=
Expand Down
15 changes: 5 additions & 10 deletions pkg/types/intoto/v0.0.1/entry.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,14 +151,9 @@ func (v *V001Entry) Validate() error {
return err
}

ok, err := sslVerifier.Verify(&v.env)
if err != nil {
if err := sslVerifier.Verify(&v.env); err != nil {
return err
}
if !ok {
return errors.New("invalid signature")
}

return nil
}

Expand Down Expand Up @@ -187,14 +182,14 @@ func (v *verifier) Sign(d []byte) ([]byte, string, error) {
return sig, "", nil
}

func (v *verifier) Verify(keyID string, data, sig []byte) (bool, error) {
func (v *verifier) Verify(keyID string, data, sig []byte) error {
af := pki.NewArtifactFactory("x509")
s, err := af.NewSignature(bytes.NewReader(sig))
if err != nil {
return false, err
return err
}
if err := s.Verify(bytes.NewReader(data), v.pub); err != nil {
return false, err
return err
}
return true, nil
return nil
}
9 changes: 6 additions & 3 deletions tests/x509.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"errors"
"io/ioutil"
"testing"

Expand Down Expand Up @@ -169,9 +170,11 @@ func (it *IntotoSigner) Sign(data []byte) ([]byte, string, error) {
return sig, "", nil
}

func (it *IntotoSigner) Verify(_ string, data, sig []byte) (bool, error) {
func (it *IntotoSigner) Verify(_ string, data, sig []byte) error {
h := sha256.Sum256(data)

ok := ecdsa.VerifyASN1(&it.priv.PublicKey, h[:], sig)
return ok, nil
if ok {
return nil
}
return errors.New("invalid signature")
}

0 comments on commit 428f264

Please sign in to comment.