From c6b4149a73d71e1b86575bae9c2615a2296c3091 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20Smr=C5=BE?= Date: Tue, 7 May 2019 21:40:53 +0200 Subject: Verify signatures when loading from storage --- src/PubKey.hs | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/PubKey.hs b/src/PubKey.hs index af4d03b..787ada3 100644 --- a/src/PubKey.hs +++ b/src/PubKey.hs @@ -1,6 +1,6 @@ module PubKey ( PublicKey, SecretKey, - Signature(sigKey), Signed(..), + Signature(sigKey), Signed, signedData, signedSignature, generateKeys, sign, signAdd, ) where @@ -28,11 +28,17 @@ data Signature = Signature deriving (Show) data Signed a = Signed - { signedData :: Stored a - , signedSignature :: [Stored Signature] + { signedData_ :: Stored a + , signedSignature_ :: [Stored Signature] } deriving (Show) +signedData :: Signed a -> Stored a +signedData = signedData_ + +signedSignature :: Signed a -> [Stored Signature] +signedSignature = signedSignature_ + instance Storable PublicKey where store' (PublicKey pk) = storeRec $ do storeText "type" $ T.pack "ed25519" @@ -61,9 +67,14 @@ instance Storable a => Storable (Signed a) where storeRef "data" $ signedData sig mapM_ (storeRef "sig") $ signedSignature sig - load' = loadRec $ Signed - <$> loadRef "data" - <*> loadRefs "sig" + load' = loadRec $ do + sdata <- loadRef "data" + sigs <- loadRefs "sig" + forM_ sigs $ \sig -> do + let PublicKey pubkey = fromStored $ sigKey $ fromStored sig + when (not $ ED.verify pubkey (storedRef sdata) $ sigSignature $ fromStored sig) $ + throwError "signature verification failed" + return $ Signed sdata sigs generateKeys :: Storage -> IO (SecretKey, Stored PublicKey) -- cgit v1.2.3