tka: use ts_omit_tailnetlock in another spot, for ed25519consensus
I noticed this while modularizing clientupdate. With this in first, moving clientupdate to be modular removes a bunch more stuff from the minimal build + tsnet. Updates #17115 Change-Id: I44bd055fca65808633fd3a848b0bbc09b00ad4fa Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
9ae8155bab
commit
e9dae5441e
-22
@@ -8,7 +8,6 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/hdevalence/ed25519consensus"
|
||||
"tailscale.com/types/tkatype"
|
||||
)
|
||||
|
||||
@@ -136,24 +135,3 @@ func (k Key) StaticValidate() error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Verify returns a nil error if the signature is valid over the
|
||||
// provided AUM BLAKE2s digest, using the given key.
|
||||
func signatureVerify(s *tkatype.Signature, aumDigest tkatype.AUMSigHash, key Key) error {
|
||||
// NOTE(tom): Even if we can compute the public from the KeyID,
|
||||
// its possible for the KeyID to be attacker-controlled
|
||||
// so we should use the public contained in the state machine.
|
||||
switch key.Kind {
|
||||
case Key25519:
|
||||
if len(key.Public) != ed25519.PublicKeySize {
|
||||
return fmt.Errorf("ed25519 key has wrong length: %d", len(key.Public))
|
||||
}
|
||||
if ed25519consensus.Verify(ed25519.PublicKey(key.Public), aumDigest[:], s.Signature) {
|
||||
return nil
|
||||
}
|
||||
return errors.New("invalid signature")
|
||||
|
||||
default:
|
||||
return fmt.Errorf("unhandled key type: %v", key.Kind)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user