diff options
| author | Roman Smrž <roman.smrz@seznam.cz> | 2019-05-07 21:40:53 +0200 |
|---|---|---|
| committer | Roman Smrž <roman.smrz@seznam.cz> | 2019-05-07 21:40:53 +0200 |
| commit | c6b4149a73d71e1b86575bae9c2615a2296c3091 (patch) | |
| tree | 783b321cef92b944ca90c9ab07aa6c2dd45ba180 | |
| parent | 24689927d9f4ecf38c4c68984ce601d84d24e49a (diff) | |
Verify signatures when loading from storage
| -rw-r--r-- | src/PubKey.hs | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/src/PubKey.hs b/src/PubKey.hs index af4d03b..787ada3 100644 --- a/src/PubKey.hs +++ b/src/PubKey.hs @@ -1,6 +1,6 @@ module PubKey ( PublicKey, SecretKey, - Signature(sigKey), Signed(..), + Signature(sigKey), Signed, signedData, signedSignature, generateKeys, sign, signAdd, ) where @@ -28,11 +28,17 @@ data Signature = Signature deriving (Show) data Signed a = Signed - { signedData :: Stored a - , signedSignature :: [Stored Signature] + { signedData_ :: Stored a + , signedSignature_ :: [Stored Signature] } deriving (Show) +signedData :: Signed a -> Stored a +signedData = signedData_ + +signedSignature :: Signed a -> [Stored Signature] +signedSignature = signedSignature_ + instance Storable PublicKey where store' (PublicKey pk) = storeRec $ do storeText "type" $ T.pack "ed25519" @@ -61,9 +67,14 @@ instance Storable a => Storable (Signed a) where storeRef "data" $ signedData sig mapM_ (storeRef "sig") $ signedSignature sig - load' = loadRec $ Signed - <$> loadRef "data" - <*> loadRefs "sig" + load' = loadRec $ do + sdata <- loadRef "data" + sigs <- loadRefs "sig" + forM_ sigs $ \sig -> do + let PublicKey pubkey = fromStored $ sigKey $ fromStored sig + when (not $ ED.verify pubkey (storedRef sdata) $ sigSignature $ fromStored sig) $ + throwError "signature verification failed" + return $ Signed sdata sigs generateKeys :: Storage -> IO (SecretKey, Stored PublicKey) |