mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 212 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12507 Commits
17 Branches
Tree: 0ac845042e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ac845042e'
${ noResults }
gitea/vendor/github.com/42wim/sshsig/verify.go

verify.go 1.7KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 
  1. //

  2. // Copyright 2021 The Sigstore Authors.

  3. //

  4. // Licensed under the Apache License, Version 2.0 (the "License");

  5. // you may not use this file except in compliance with the License.

  6. // You may obtain a copy of the License at

  7. //

  8. //     http://www.apache.org/licenses/LICENSE-2.0

  9. //

  10. // Unless required by applicable law or agreed to in writing, software

  11. // distributed under the License is distributed on an "AS IS" BASIS,

  12. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. // See the License for the specific language governing permissions and

  14. // limitations under the License.

  15. 

  16. package sshsig

  17. 

  18. import (

  19. 	"io"

  20. 

  21. 	"golang.org/x/crypto/ssh"

  22. )

  23. 

  24. // Verify verifies the signature of the given data and the armored signature using the given public key and the namespace.

  25. // If the namespace is empty, the default namespace (file) is used.

  26. func Verify(message io.Reader, armoredSignature []byte, publicKey []byte, namespace string) error {

  27. 	if namespace == "" {

  28. 		namespace = defaultNamespace

  29. 	}

  30. 

  31. 	decodedSignature, err := Decode(armoredSignature)

  32. 	if err != nil {

  33. 		return err

  34. 	}

  35. 

  36. 	desiredPk, _, _, _, err := ssh.ParseAuthorizedKey(publicKey)

  37. 	if err != nil {

  38. 		return err

  39. 	}

  40. 

  41. 	// Hash the message so we can verify it against the signature.

  42. 	h := supportedHashAlgorithms[decodedSignature.hashAlg]()

  43. 	if _, err := io.Copy(h, message); err != nil {

  44. 		return err

  45. 	}

  46. 	hm := h.Sum(nil)

  47. 

  48. 	toVerify := MessageWrapper{

  49. 		Namespace:     namespace,

  50. 		HashAlgorithm: decodedSignature.hashAlg,

  51. 		Hash:          string(hm),

  52. 	}

  53. 	signedMessage := ssh.Marshal(toVerify)

  54. 	signedMessage = append([]byte(magicHeader), signedMessage...)

  55. 	return desiredPk.Verify(signedMessage, decodedSignature.signature)

  56. }