Use the correct verifier for RSA PSS scheme keys #625
Conversation
|
I've tested it, and it solves the issue 😃 |
| if !ok { | ||
| return &ErrType{Msg: "failed to convert public key to RSA PSS key"} | ||
| } | ||
| verifier, err = signature.LoadRSAPSSVerifier(publicKeyRSAPSS, hash, &rsa.PSSOptions{Hash: crypto.SHA256}) |
There was a problem hiding this comment.
FYI, if you're using the Verifier interface, you can also load a verifier with a PSS option now - https://github.com/sigstore/sigstore/blob/main/pkg/signature/signerverifier_test.go#L30-L38
There was a problem hiding this comment.
Unfortunately this only seems true for SignerVerifier, not Verifier
Note that these are just examples essentially, definitely not an exhaustive list of the only schemes that can be supported: I would avoid removing support for the pkcs1v15 scheme if possible as removing optional features can be a real head ache for users... EDIT: the PR does not seem to remove the support, I just looked at comments originally and misunderstood |
|
Just as an idea... I would love a keytype support test in tuf-conformance: theupdateframework/tuf-conformance#159 -- implementing that would give you keytype test coverage "for free" in go-tuf and should not be more than 20 lines of code. EDIT: I did an initial test in tuf-conformance theupdateframework/tuf-conformance#167 |
See theupdateframework/go-tuf#625 Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
rdimitrov
force-pushed
the
fix-rsa-pss
branch
from
c73d95d
to
3c3db96
Compare
The following PR fixes an issue with go-tuf's support for RSA key types.
Details:
Apparently for RSA key types
signature.LoadVerifier()is defaulting to returning a verifier that isRSAPKCS1v15Verifierwhich corresponds to the RSA PKCS#1 scheme.Based on the latest TUF spec, TUF uses RSA PSS instead of PKCS#1. This manifests itself by causing go-tuf v2 TUF clients to fail metadata verification in case of RSA key types.
The fix for this is to invoke the proper verifier for the PSS scheme. This means that when we are verifying a metadata signed by an RSA key type, we should use
LoadRSAPSSVerifier()instead of the genericLoadVerifier().References:
Credits:
Thanks to @kairoaraujo for reaching out and helping track this together! 🚀 Cheers! 🍻
What's left: