Handle malformed COSE and DSSE entries

cmd/cleanup-index/main.go

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 /*
-	cleanup-index checks what index entries are in the MySQL table and deletes those entries from the Redis databse.
+	cleanup-index checks what index entries are in the MySQL table and deletes those entries from the Redis database.
 	It does not go the other way
 
 	To run:

pkg/pki/minisign/minisign_test.go

@@ -391,7 +391,7 @@ func TestVerifySignature(t *testing.T) {
 		}
 
 		if err := s.Verify(dataFile, k); (err == nil) != tc.verified {
-			t.Errorf("%v: unexpected result in verifying sigature: %v", tc.caseDesc, err)
+			t.Errorf("%v: unexpected result in verifying signature: %v", tc.caseDesc, err)
 		}
 	}
 

pkg/pki/pgp/pgp_test.go

@@ -354,7 +354,7 @@ func TestEmailAddresses(t *testing.T) {
 
 	var k PublicKey
 	if len(k.Subjects()) != 0 {
-		t.Errorf("Subjects for unitialized key should give empty slice")
+		t.Errorf("Subjects for uninitialized key should give empty slice")
 	}
 	tests := []test{
 		{caseDesc: "Valid armored public key", inputFile: "testdata/valid_armored_public.pgp", subjects: []string{}, keys: 2},
@@ -447,7 +447,7 @@ func TestVerifySignature(t *testing.T) {
 		}
 
 		if err := s.Verify(dataFile, k); (err == nil) != tc.verified {
-			t.Errorf("%v: unexpected result in verifying sigature: %v", tc.caseDesc, err)
+			t.Errorf("%v: unexpected result in verifying signature: %v", tc.caseDesc, err)
 		}
 	}
 

pkg/pki/tuf/tuf_test.go

@@ -229,7 +229,7 @@ func TestVerifySignature(t *testing.T) {
 		}
 
 		if err := s.Verify(nil, k); (err == nil) != tc.verified {
-			t.Errorf("%v: unexpected result in verifying sigature: %v", tc.caseDesc, err)
+			t.Errorf("%v: unexpected result in verifying signature: %v", tc.caseDesc, err)
 		}
 	}
 

pkg/types/cose/v0.0.1/entry.go

@@ -83,6 +83,9 @@ func (v V001Entry) IndexKeys() ([]string, error) {
 	var result []string
 
 	// We add the key, the hash of the overall cose envelope, and the hash of the payload itself as keys.
+	if v.CoseObj.PublicKey == nil {
+		return nil, errors.New("missing public key")
+	}
 	keyObj, err := x509.NewPublicKey(bytes.NewReader(*v.CoseObj.PublicKey))
 	if err != nil {
 		return nil, err
@@ -169,6 +172,9 @@ func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
 		return err
 	}
 
+	if v.CoseObj.PublicKey == nil {
+		return errors.New("missing public key")
+	}
 	v.keyObj, err = x509.NewPublicKey(bytes.NewReader(*v.CoseObj.PublicKey))
 	if err != nil {
 		return err
@@ -199,8 +205,15 @@ func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
 
 func (v *V001Entry) Canonicalize(_ context.Context) ([]byte, error) {
 	if v.keyObj == nil {
-		return nil, errors.New("cannot canonicalze empty key")
+		return nil, errors.New("cannot canonicalize empty key")
 	}
+	if v.sign1Msg == nil {
+		return nil, errors.New("signed message uninitialized")
+	}
+	if v.sign1Msg.Payload == nil {
+		return nil, errors.New("payload empty")
+	}
+
 	pk, err := v.keyObj.CanonicalValue()
 	if err != nil {
 		return nil, err

pkg/types/cose/v0.0.1/entry_test.go

@@ -923,3 +923,53 @@ func TestInsertable(t *testing.T) {
 		})
 	}
 }
+
+func TestV001Entry_IndexKeys_MissingPublicKey(t *testing.T) {
+	v := V001Entry{
+		CoseObj: models.CoseV001Schema{
+			Data:      &models.CoseV001SchemaData{},
+			PublicKey: nil,
+		},
+	}
+	_, err := v.IndexKeys()
+	if err == nil {
+		t.Fatal("expected error")
+	}
+	if err.Error() != "missing public key" {
+		t.Errorf("expected 'missing public key' error, got %v", err)
+	}
+}
+
+func TestCanonicalizeHandlesInvalidInput(t *testing.T) {
+	v := &V001Entry{}
+
+	// 1. Missing keyObj
+	_, err := v.Canonicalize(context.TODO())
+	if err == nil || err.Error() != "cannot canonicalize empty key" {
+		t.Fatalf("expected error 'cannot canonicalize empty key', got %v", err)
+	}
+
+	// Setup valid keyObj for subsequent tests
+	priv, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	der, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey)
+	pub := pem.EncodeToMemory(&pem.Block{
+		Bytes: der,
+		Type:  "PUBLIC KEY",
+	})
+	keyObj, _ := sigx509.NewPublicKey(bytes.NewReader(pub))
+	v.keyObj = keyObj
+
+	// 2. Missing sign1Msg
+	_, err = v.Canonicalize(context.TODO())
+	if err == nil || err.Error() != "signed message uninitialized" {
+		t.Fatalf("expected error 'signed message uninitialized', got %v", err)
+	}
+
+	// 3. Missing Payload in sign1Msg
+	v.sign1Msg = gocose.NewSign1Message()
+	v.sign1Msg.Payload = nil
+	_, err = v.Canonicalize(context.TODO())
+	if err == nil || err.Error() != "payload empty" {
+		t.Fatalf("expected error 'payload empty', got %v", err)
+	}
+}

pkg/types/dsse/v0.0.1/entry.go

@@ -292,6 +292,9 @@ func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
 	}
 
 	env := &dsse.Envelope{}
+	if dsseObj.ProposedContent.Envelope == nil {
+		return errors.New("proposed content envelope is missing")
+	}
 	if err := json.Unmarshal([]byte(*dsseObj.ProposedContent.Envelope), env); err != nil {
 		return err
 	}
@@ -374,7 +377,7 @@ func (v *V001Entry) Canonicalize(_ context.Context) ([]byte, error) {
 	}
 
 	for _, s := range canonicalEntry.Signatures {
-		if s.Signature == nil {
+		if s == nil || s.Signature == nil {
 			return nil, errors.New("canonical entry missing required signature")
 		}
 	}

pkg/types/dsse/v0.0.1/entry_test.go

@@ -252,6 +252,15 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "missing envelope with verifiers",
+			it: &models.DSSEV001Schema{
+				ProposedContent: &models.DSSEV001SchemaProposedContent{
+					Verifiers: []strfmt.Base64{[]byte("verifier")},
+				},
+			},
+			wantErr: true,
+		},
 		{
 			env:  envelope(t, key, []byte(validPayload)),
 			name: "valid",
@@ -624,4 +633,10 @@ func TestCanonicalizeHandlesInvalidInput(t *testing.T) {
 	if err == nil {
 		t.Fatalf("expected error canonicalizing invalid input")
 	}
+
+	v.DSSEObj.Signatures = []*models.DSSEV001SchemaSignaturesItems0{nil}
+	_, err = v.Canonicalize(context.TODO())
+	if err == nil {
+		t.Fatalf("expected error canonicalizing nil signature")
+	}
 }