object: Update verify routine

Verify routine now supports public key field to check if integrity header contains correct signature of object header. Verify also have strict check that integrity header is last header in the list of headers.
2020-01-16 17:32:57 +03:00 · 2020-01-16 17:32:57 +03:00 · 81cdfcc502
commit 81cdfcc502
parent f1418ef79d
3 changed files with 64 additions and 15 deletions
--- a/object/verification.go
+++ b/object/verification.go
@ -68,24 +68,30 @@ func (m Object) Verify() error {
 	var (
 		err      error
 		checksum []byte
+		pubkey []byte
 	)
-	// Prepare structures
-	_, vh := m.LastHeader(HeaderType(VerifyHdr))
-	if vh == nil {
-		return ErrHeaderNotFound
-	}
-	verify := vh.Value.(*Header_Verify).Verify
-
-	_, ih := m.LastHeader(HeaderType(IntegrityHdr))
-	if ih == nil {
+	ind, ih := m.LastHeader(HeaderType(IntegrityHdr))
+	if ih == nil || ind != len(m.Headers) - 1{
 		return ErrHeaderNotFound
 	}
 	integrity := ih.Value.(*Header_Integrity).Integrity

+	// Prepare structures
+	_, vh := m.LastHeader(HeaderType(VerifyHdr))
+	if vh == nil {
+		_, pkh := m.LastHeader(HeaderType(PublicKeyHdr))
+		if pkh == nil {
+			return ErrHeaderNotFound
+		}
+		pubkey = pkh.Value.(*Header_PublicKey).PublicKey.Value
+	} else {
+		pubkey = vh.Value.(*Header_Verify).Verify.PublicKey
+	}
+
 	// Verify signature
-	err = m.verifySignature(verify.PublicKey, integrity)
+	err = m.verifySignature(pubkey, integrity)
 	if err != nil {
-		return errors.Wrapf(err, "public key: %x", verify.PublicKey)
+		return errors.Wrapf(err, "public key: %x", pubkey)
 	}

 	// Verify checksum of header