Skip to content

Commit

Permalink
fix: Catch invalid signature length when verifying signature
Browse files Browse the repository at this point in the history
Signed-off-by: Joonas Bergius <[email protected]>
  • Loading branch information
joonas authored and brooksmtownsend committed Jul 19, 2024
1 parent 7e52c00 commit c01c462
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ pub enum ErrorKind {
InvalidPayload,
/// Thumbprint could not be calculated over the provided public key value
ThumbprintCalculationFailure,
/// Signature did not match the expected length (64 bytes)
InvalidSignatureLength,
}

/// A handy macro borrowed from the `signatory` crate that lets library-internal code generate
Expand All @@ -66,6 +68,7 @@ impl ErrorKind {
match self {
ErrorKind::InvalidPrefix => "Invalid byte prefix",
ErrorKind::InvalidKeyLength => "Invalid key length",
ErrorKind::InvalidSignatureLength => "Invalid signature length",
ErrorKind::VerifyError => "Signature verification failure",
ErrorKind::ChecksumFailure => "Checksum match failure",
ErrorKind::CodecFailure => "Codec failure",
Expand Down
17 changes: 17 additions & 0 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,13 @@ impl KeyPair {

/// Attempts to verify that the given signature is valid for the given input
pub fn verify(&self, input: &[u8], sig: &[u8]) -> Result<()> {
if sig.len() != ed25519::Signature::BYTE_SIZE {
return Err(err!(
InvalidSignatureLength,
"Signature did not match expected length"
));
}

let mut fixedsig = [0; ed25519::Signature::BYTE_SIZE];
fixedsig.copy_from_slice(sig);
let insig = ed25519::Signature::from_bytes(&fixedsig);
Expand Down Expand Up @@ -539,6 +546,16 @@ mod tests {
assert!(res.is_err());
}

#[test]
fn sign_and_verify_rejects_invalid_signature_length() {
let kp = KeyPair::new_user();
let res = kp.verify(&[], &[]);
assert!(res.is_err());
if let Err(e) = res {
assert_eq!(e.kind(), ErrorKind::InvalidSignatureLength);
}
}

#[test]
fn from_public_key_rejects_bad_length() {
let public_key = "ACARVGW77LDNWYXBAH62YKKQRVHYOTKKDDVVJVOISOU75WQPXOO7N3";
Expand Down

0 comments on commit c01c462

Please sign in to comment.