diff options
Diffstat (limited to 'updater/signify.go')
-rw-r--r-- | updater/signify.go | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/updater/signify.go b/updater/signify.go index d4605cbb..5fc16ba2 100644 --- a/updater/signify.go +++ b/updater/signify.go @@ -29,7 +29,6 @@ func readFileList(input []byte) (fileList, error) { if err != nil || len(publicKeyBytes) != ed25519.PublicKeySize+10 || publicKeyBytes[0] != 'E' || publicKeyBytes[1] != 'd' { return nil, errors.New("Invalid public key") } - publicKeyBytes = publicKeyBytes[10:] lines := bytes.SplitN(input, []byte{'\n'}, 3) if len(lines) != 3 { return nil, errors.New("Signature input has too few lines") @@ -41,11 +40,10 @@ func readFileList(input []byte) (fileList, error) { if err != nil { return nil, errors.New("Signature input is not valid base64") } - if len(signatureBytes) != ed25519.SignatureSize+10 || signatureBytes[0] != 'E' || signatureBytes[1] != 'd' { - return nil, errors.New("Signature input bytes are incorrect length or represent invalid signature type") + if len(signatureBytes) != ed25519.SignatureSize+10 || !bytes.Equal(signatureBytes[:10], publicKeyBytes[:10]) { + return nil, errors.New("Signature input bytes are incorrect length, type, or keyid") } - signatureBytes = signatureBytes[10:] - if !ed25519.Verify(publicKeyBytes, lines[2], signatureBytes) { + if !ed25519.Verify(publicKeyBytes[10:], lines[2], signatureBytes[10:]) { return nil, errors.New("Signature is invalid") } fileLines := strings.Split(string(lines[2]), "\n") |