remove custom minisign implementation

This commit removes the custom (partial)
minisign implementation and instead relies
on `github.com/aead/minisign`.

This commit should not cause any behavior or
API changes.

Signed-off-by: Andreas Auernhammer <[email protected]>

Author: aead

go.mod

@@ -2,4 +2,7 @@ module github.com/minio/selfupdate
 
 go 1.14
 
-require golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b
+require (
+	aead.dev/minisign v0.2.0
+	golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b // indirect
+)

go.sum

@@ -1,10 +1,20 @@
+aead.dev/minisign v0.2.0 h1:kAWrq/hBRu4AARY6AlciO83xhNnW9UaC8YipS2uhLPk=
+aead.dev/minisign v0.2.0/go.mod h1:zdq6LdSd9TbuSxchxwhpA9zEb9YXcVGoE8JakuiGaIQ=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b h1:QAqMVf3pSa6eeTsuklijukjXBlj7Es2QQplab+/RbQ4=
 golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

minisign.go

@@ -1,137 +1,61 @@
 package selfupdate
 
-// Borrowed code directly from https://github.com/jedisct1/go-minisign
-// however modified to support reading signatures from remote URLs,
-// local file etc.
 import (
-	"encoding/base64"
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
-	"strings"
 
-	"golang.org/x/crypto/blake2b"
-	"golang.org/x/crypto/ed25519"
+	"aead.dev/minisign"
 )
 
 type Verifier struct {
-	publicKey publicKey
-	signature signature
+	publicKey minisign.PublicKey
+	signature minisign.Signature
 }
 
-type publicKey struct {
-	SignatureAlgorithm [2]byte
-	KeyID              [8]byte
-	Key                [32]byte
-}
-
-type signature struct {
-	UntrustedComment   string
-	SignatureAlgorithm [2]byte
-	KeyID              [8]byte
-	Signature          [64]byte
-	TrustedComment     string
-	GlobalSignature    [64]byte
-}
-
-func parsePublicKey(publicKeyStr string) (publicKey, error) {
-	var pkey publicKey
-	bin, err := base64.StdEncoding.DecodeString(publicKeyStr)
-	if err != nil || len(bin) != 42 {
-		return pkey, errors.New("Invalid encoded public key")
-	}
-	copy(pkey.SignatureAlgorithm[:], bin[0:2])
-	copy(pkey.KeyID[:], bin[2:10])
-	copy(pkey.Key[:], bin[10:42])
-	return pkey, nil
-}
-
-func trimCarriageReturn(input string) string {
-	return strings.TrimRight(input, "\r")
-}
-
-func decodeSignature(in string) (signature, error) {
-	var sign signature
-	lines := strings.SplitN(in, "\n", 4)
-	if len(lines) < 4 {
-		return sign, errors.New("Incomplete encoded signature")
-	}
-	sign.UntrustedComment = trimCarriageReturn(lines[0])
-	bin1, err := base64.StdEncoding.DecodeString(lines[1])
-	if err != nil || len(bin1) != 74 {
-		return sign, errors.New("Invalid encoded signature")
-	}
-	sign.TrustedComment = trimCarriageReturn(lines[2])
-	bin2, err := base64.StdEncoding.DecodeString(lines[3])
-	if err != nil || len(bin2) != 64 {
-		return sign, errors.New("Invalid encoded signature")
+func (v *Verifier) LoadFromURL(signatureURL string, passphrase string, transport http.RoundTripper) error {
+	var publicKey minisign.PublicKey
+	if err := publicKey.UnmarshalText([]byte(passphrase)); err != nil {
+		return err
 	}
-	copy(sign.SignatureAlgorithm[:], bin1[0:2])
-	copy(sign.KeyID[:], bin1[2:10])
-	copy(sign.Signature[:], bin1[10:74])
-	copy(sign.GlobalSignature[:], bin2)
-	return sign, nil
-}
 
-func parseSignatureFromURL(url string, transport http.RoundTripper) (signature, error) {
-	var sign signature
-	req, err := http.NewRequest(http.MethodGet, url, nil)
+	client := &http.Client{Transport: transport}
+	req, err := http.NewRequest(http.MethodGet, signatureURL, nil)
 	if err != nil {
-		return sign, err
+		return err
 	}
-	client := &http.Client{Transport: transport}
 	resp, err := client.Do(req)
 	if err != nil {
-		return sign, err
+		return err
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
-		return sign, errors.New(resp.Status)
-	}
-	bin, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return sign, err
+		return errors.New(resp.Status)
 	}
-	return decodeSignature(string(bin))
-}
-
-func parseSignatureFromFile(file string) (signature, error) {
-	bin, err := ioutil.ReadFile(file)
-	if err != nil {
-		return signature{}, err
-	}
-	return decodeSignature(string(bin))
-}
 
-func (v *Verifier) LoadFromURL(signatureURL string, passphrase string, transport http.RoundTripper) error {
-	pkey, err := parsePublicKey(passphrase)
+	const MaxSize = 1 << 20
+	b, err := io.ReadAll(io.LimitReader(resp.Body, MaxSize))
 	if err != nil {
 		return err
 	}
-	v.publicKey = pkey
-
-	sign, err := parseSignatureFromURL(signatureURL, transport)
-	if err != nil {
+	var signature minisign.Signature
+	if err = signature.UnmarshalText(b); err != nil {
 		return err
 	}
-
-	v.signature = sign
+	v.publicKey, v.signature = publicKey, signature
 	return nil
 }
 
 func (v *Verifier) LoadFromFile(signaturePath string, passphrase string) error {
-	pkey, err := parsePublicKey(passphrase)
-	if err != nil {
+	var publicKey minisign.PublicKey
+	if err := publicKey.UnmarshalText([]byte(passphrase)); err != nil {
 		return err
 	}
-	v.publicKey = pkey
-
-	sign, err := parseSignatureFromFile(signaturePath)
+	signature, err := minisign.SignatureFromFile(signaturePath)
 	if err != nil {
 		return err
 	}
-
-	v.signature = sign
+	v.publicKey, v.signature = publicKey, signature
 	return nil
 }
 
@@ -140,36 +64,12 @@ func NewVerifier() *Verifier {
 }
 
 func (v *Verifier) Verify(bin []byte) error {
-	if v.publicKey.SignatureAlgorithm != [2]byte{'E', 'd'} {
-		return errors.New("Incompatible signature algorithm")
-	}
-	prehashed := false
-	if v.signature.SignatureAlgorithm[0] == 0x45 && v.signature.SignatureAlgorithm[1] == 0x64 {
-		prehashed = false
-	} else if v.signature.SignatureAlgorithm[0] == 0x45 && v.signature.SignatureAlgorithm[1] == 0x44 {
-		prehashed = true
-	} else {
-		return errors.New("Unsupported signature algorithm")
-	}
-	if v.publicKey.KeyID != v.signature.KeyID {
-		return errors.New("Incompatible key identifiers")
-	}
-	if !strings.HasPrefix(v.signature.TrustedComment, "trusted comment: ") {
-		return errors.New("Unexpected format for the trusted comment")
-	}
-	if prehashed {
-		h, _ := blake2b.New512(nil)
-		h.Write(bin)
-		bin = h.Sum(nil)
-	}
-	if !ed25519.Verify(ed25519.PublicKey(v.publicKey.Key[:]), bin, v.signature.Signature[:]) {
-		return errors.New("Invalid signature")
+	signature, err := v.signature.MarshalText()
+	if err != nil {
+		return err
 	}
-	if !ed25519.Verify(ed25519.PublicKey(v.publicKey.Key[:]),
-		append(v.signature.Signature[:],
-			[]byte(v.signature.TrustedComment)[17:]...),
-		v.signature.GlobalSignature[:]) {
-		return errors.New("Invalid global signature")
+	if !minisign.Verify(v.publicKey, bin, signature) {
+		return errors.New("selfupdate: signature verification failed")
 	}
 	return nil
 }