"veyron/security/serialization": Bug fix
Modified NewVerifyingReader and NewSigningWriteCloser to:
1) always return a non-nil reader or writeCloser if the error
returned is nil
2) return an error immediately if either the signer or public key
is nil.
Change-Id: Ic286e1d34f8aca19e41ceb7ba3341664beb6c7e2
diff --git a/runtimes/google/security/publicid_store.go b/runtimes/google/security/publicid_store.go
index b7a3d92..7599143 100644
--- a/runtimes/google/security/publicid_store.go
+++ b/runtimes/google/security/publicid_store.go
@@ -263,9 +263,6 @@
if err != nil {
return nil, err
}
- if vr == nil {
- return nil, errors.New("could not construct VerifyingReader for reading params data")
- }
if err := vom.NewDecoder(vr).Decode(&store.state); err != nil {
return nil, err
}
diff --git a/security/serialization/serialization_test.go b/security/serialization/serialization_test.go
index 1b04be0..2a64a7d 100644
--- a/security/serialization/serialization_test.go
+++ b/security/serialization/serialization_test.go
@@ -142,3 +142,32 @@
}
}
}
+
+func TestEdgeCases(t *testing.T) {
+ var d, s io.ReadWriteCloser
+ var signer Signer
+ var key security.PublicKey
+
+ for i := 0; i < 3; i++ {
+ d, s = &bufferCloser{}, &bufferCloser{}
+ signer = newSigner()
+ key = signer.PublicKey()
+
+ switch i {
+ case 0:
+ d = nil
+ case 1:
+ s = nil
+ case 2:
+ signer = nil
+ key = nil
+ }
+ matchErr := "cannot be nil"
+ if _, err := NewSigningWriteCloser(d, s, signer, nil); !matchesErrorPattern(err, matchErr) {
+ t.Errorf("NewSigningWriter(%p, %p, %p, ...) returned: %v, want to match: %v", d, s, signer, err, matchErr)
+ }
+ if _, err := NewVerifyingReader(d, s, key); !matchesErrorPattern(err, matchErr) {
+ t.Errorf("NewVerifyingReader(%p, %p, %p) returned: %v, want to match: %v", d, s, key, err, matchErr)
+ }
+ }
+}
diff --git a/security/serialization/signing_writer.go b/security/serialization/signing_writer.go
index 3e86f96..85c71f7 100644
--- a/security/serialization/signing_writer.go
+++ b/security/serialization/signing_writer.go
@@ -4,7 +4,6 @@
"bytes"
"crypto/sha256"
"encoding/binary"
- "errors"
"fmt"
"hash"
"io"
@@ -90,8 +89,8 @@
// * A Close call writes a signature (computed using the provided signer) of
// all the hashes written, and then closes the data and signature WriteClosers.
func NewSigningWriteCloser(data, signature io.WriteCloser, s Signer, opts *Options) (io.WriteCloser, error) {
- if (data == nil) || (signature == nil) {
- return nil, errors.New("data or signature WriteCloser is nil")
+ if (data == nil) || (signature == nil) || (s == nil) {
+ return nil, fmt.Errorf("data:%v signature:%v signer:%v cannot be nil", data, signature, s)
}
w := &signingWriter{data: data, signature: signature, signer: s, signatureHash: sha256.New(), chunkSizeBytes: defaultChunkSizeBytes, sigEnc: vom.NewEncoder(signature)}
diff --git a/security/serialization/verifying_reader.go b/security/serialization/verifying_reader.go
index 67908a1..d70cd7d 100644
--- a/security/serialization/verifying_reader.go
+++ b/security/serialization/verifying_reader.go
@@ -44,11 +44,8 @@
// a signer corresponding to the provided public key), and has not been modified
// since (ensuring integrity and authenticity of data).
func NewVerifyingReader(data, signature io.Reader, key security.PublicKey) (io.Reader, error) {
- if (data == nil) && (signature == nil) {
- return nil, nil
- }
- if (data == nil) || (signature == nil) {
- return nil, errors.New("data or signature Reader is nil")
+ if (data == nil) || (signature == nil) || (key == nil) {
+ return nil, fmt.Errorf("data:%v signature:%v key:%v cannot be nil", data, signature, key)
}
r := &verifyingReader{data: data}
if err := r.verifySignature(signature, key); err != nil {
diff --git a/services/wsprd/identity/identity.go b/services/wsprd/identity/identity.go
index b7b0f32..d78cfe9 100644
--- a/services/wsprd/identity/identity.go
+++ b/services/wsprd/identity/identity.go
@@ -85,14 +85,14 @@
if err != nil {
return nil, err
}
+ if (data == nil) || (signature == nil) {
+ // No serialized data exists, returning an empty IDManager.
+ return result, nil
+ }
vr, err := serialization.NewVerifyingReader(data, signature, rt.Identity().PublicKey())
if err != nil {
return nil, err
}
- if vr == nil {
- // No serialized data exists, returning aan empty IDManager.
- return result, nil
- }
if err := vom.NewDecoder(vr).Decode(&result.state); err != nil {
return nil, err
}
