TODO(mariano): try to guess the hash algorithm for RSA and RSA-PSS signatures looking at the length of the signature.
(ctx *cli.Context)
| 76 | // TODO(mariano): try to guess the hash algorithm for RSA and RSA-PSS signatures |
| 77 | // looking at the length of the signature. |
| 78 | func verifyAction(ctx *cli.Context) error { |
| 79 | if err := errs.MinMaxNumberOfArguments(ctx, 0, 1); err != nil { |
| 80 | return err |
| 81 | } |
| 82 | |
| 83 | keyFile := ctx.String("key") |
| 84 | if keyFile == "" { |
| 85 | return errs.RequiredFlag(ctx, "key") |
| 86 | } |
| 87 | |
| 88 | signature := ctx.String("signature") |
| 89 | if signature == "" { |
| 90 | return errs.RequiredFlag(ctx, "signature") |
| 91 | } |
| 92 | |
| 93 | var input string |
| 94 | switch ctx.NArg() { |
| 95 | case 0: |
| 96 | input = "-" |
| 97 | case 1: |
| 98 | input = ctx.Args().First() |
| 99 | default: |
| 100 | return errs.TooManyArguments(ctx) |
| 101 | } |
| 102 | |
| 103 | b, err := utils.ReadFile(input) |
| 104 | if err != nil { |
| 105 | return errs.FileError(err, input) |
| 106 | } |
| 107 | |
| 108 | sig, err := base64.StdEncoding.DecodeString(signature) |
| 109 | if err != nil { |
| 110 | return errors.Wrap(err, "error decoding base64 signature") |
| 111 | } |
| 112 | |
| 113 | key, err := pemutil.Read(keyFile) |
| 114 | if err != nil { |
| 115 | return err |
| 116 | } |
| 117 | |
| 118 | printAndReturn := func(b bool) error { |
| 119 | if b { |
| 120 | fmt.Println(b) |
| 121 | return nil |
| 122 | } |
| 123 | return errors.Errorf("%v", b) |
| 124 | } |
| 125 | |
| 126 | var digest []byte |
| 127 | switch k := key.(type) { |
| 128 | case *ecdsa.PublicKey: |
| 129 | switch k.Curve { |
| 130 | case elliptic.P224(): |
| 131 | digest = hash(crypto.SHA224, b) |
| 132 | case elliptic.P256(): |
| 133 | digest = hash(crypto.SHA256, b) |
| 134 | case elliptic.P384(): |
| 135 | digest = hash(crypto.SHA384, b) |