search

npm / documentation

Documentation for the npm registry, website, and command-line interface.
https://docs.npmjs.com/
Creative Commons Attribution 4.0 International
375 stars 2.7k forks source link

ECDSA registry signatures aren't reproducible #1237

Open Ekrekr opened 3 weeks ago

Ekrekr commented 3 weeks ago

I'm following the guide at https://docs.npmjs.com/about-registry-signatures, and I'm struggling to verify the ECDSA signatures that get published to the NPM registry.

Some example code, that shows things like which hashing algorithm is used for the contents of bundles (I'm just assuming that it's sha256 currently), and whether the keys are base64 encoded using the standard algorithm or the alternate under RFC 4648, would be immensely helpful.

I've written what I have so far below, and would appreciate some help getting it to work. Feel free to add it to your documentation once it does!

package main

import (
    "bytes"
    "crypto/ecdsa"
    "crypto/sha256"
    "crypto/x509"
    "encoding/base64"
    "fmt"
    "io"
    "net/http"
)

func downloadPackage(compressedPackage *bytes.Buffer) error {
    resp, err := http.Get("https://registry.npmjs.org/light-cycle/-/light-cycle-1.4.3.tgz")
    if err != nil {
        return fmt.Errorf("package download failed: %v", err)
    }
    defer resp.Body.Close()

    if resp.StatusCode != http.StatusOK {
        return fmt.Errorf("pacakge download bad status code: %s", resp.Status)
    }

    _, err = io.Copy(compressedPackage, resp.Body)
    if err != nil {
        return fmt.Errorf("failed to read package to buffer: %v", err)
    }

    return nil
}

func verifyPackage(compressedPackage *bytes.Buffer) error {
    // From https://registry.npmjs.org/light-cycle/1.4.3.
    versionSignature := "MEUCIQCX/49atNeSDYZP8betYWEqB0G8zZnIyB7ibC7nRNyMiQIgHosOKHhVTVNBI/6iUNSpDokOc44zsZ7TfybMKj8YdfY="

    // From https://registry.npmjs.org/-/npm/v1/keys.
    publicKey := "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg=="

    // Decode and parse the public key.
    publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKey)
    fmt.Printf("PUBLIC KEY BASE 64 BYTES: %x\n", publicKeyBytes)
    if err != nil {
        return fmt.Errorf("error decoding public key bytes: %v", err)
    }
    parsedPublicKeyUntyped, err := x509.ParsePKIXPublicKey(publicKeyBytes)
    parsedPublicKey := parsedPublicKeyUntyped.(*ecdsa.PublicKey)
    fmt.Printf("PARSED PUBLIC KEY X: %v, Y: %v\n", parsedPublicKey.X, parsedPublicKey.Y)
    if err != nil {
        return fmt.Errorf("error parsing public key: %v", err)
    }

    // Decode the signature.
    versionSignatureBytes, err := base64.StdEncoding.DecodeString(versionSignature)
    fmt.Printf("SIGNATURE BYTES: %x\n", versionSignatureBytes)
    if err != nil {
        return fmt.Errorf("error decoding signature bytes: %v", err)
    }

    // Verify the signature against the package's SHA256 sum.
    // presentSHA256Bytes := md5.Sum(compressedPackage.Bytes())
    presentSHA256Bytes := sha256.Sum256(compressedPackage.Bytes())
    fmt.Printf("PRESENT SHA256: %x\n", presentSHA256Bytes)
    if !ecdsa.VerifyASN1(parsedPublicKey, presentSHA256Bytes[:], versionSignatureBytes) {
        return fmt.Errorf("signature verification failed")
    }
    return nil
}

func main() {
    var compressedPackage bytes.Buffer
    if err := downloadPackage(&compressedPackage); err != nil {
        fmt.Printf("failed to download package: %v", err)
    }
    if err := verifyPackage(&compressedPackage); err != nil {
        fmt.Printf("failed to verify package: %v", err)
    }
}

Currently this outputs:

PUBLIC KEY BASE 64 BYTES: 3059301306072a8648ce3d020106082a8648ce3d03010703420004d4e95bdf3300145c572878889103b9709dd8865e62e943e9f8886eb5e0496ee1dc03952880aa34116b655b05ba29268aa1334460bec9942422567921064b5482
PARSED PUBLIC KEY X: 96302633342102462193322732537154456057293035750541189099858346903022946840289, Y: 99515156681666470022533827122417036293197994443229625834881400620927226172546
SIGNATURE BYTES: 304502210097ff8f5ab4d7920d864ff1b7ad61612a0741bccd99c8c81ee26c2ee744dc8c8902201e8b0e2878554d534123fea250d4a90e890e738e33b19ed37f26cc2a3f1875f6
PRESENT SHA256: a1b59bcdca7b8a6844c48fee7031842fcecec26fb028e4b5cbcb8c055ca0eeaa
failed to verify package: signature verification failed

Thank you for any help!

maxgtr992 commented 3 weeks ago

好用