fix(manifest): reject invalid public keys in verify

Co-Authored-By: Virgil <virgil@lethean.io>

manifest/loader_test.go

@@ -63,3 +63,17 @@ func TestLoadVerified_Bad_Tampered_Good(t *testing.T) {
 	_, err := LoadVerified(fs, ".", pub)
 	assert.Error(t, err)
 }
+
+func TestLoadVerified_Bad_InvalidPublicKey_Good(t *testing.T) {
+	fs := io.NewMockMedium()
+	fs.Files[".core/manifest.yaml"] = `
+code: signed-app
+name: Signed
+version: 1.0.0
+sign: c2ln
+`
+
+	_, err := LoadVerified(fs, ".", ed25519.PublicKey([]byte("short")))
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "invalid public key length")
+}

manifest/sign.go

@@ -45,6 +45,9 @@ func Verify(m *Manifest, pub ed25519.PublicKey) (bool, error) {
 	if m.Sign == "" {
 		return false, coreerr.E("manifest.Verify", "no signature present", nil)
 	}
+	if len(pub) != ed25519.PublicKeySize {
+		return false, coreerr.E("manifest.Verify", "invalid public key length", nil)
+	}
 	sig, err := base64.StdEncoding.DecodeString(m.Sign)
 	if err != nil {
 		return false, coreerr.E("manifest.Verify", "decode failed", err)

manifest/sign_test.go

@@ -73,3 +73,12 @@ func TestVerify_Bad_NilManifest_Good(t *testing.T) {
 	assert.False(t, ok)
 	assert.Contains(t, err.Error(), "nil manifest")
 }
+
+func TestVerify_Bad_InvalidPublicKey_Good(t *testing.T) {
+	m := &Manifest{Code: "test-app", Sign: "c2ln"}
+
+	ok, err := Verify(m, ed25519.PublicKey([]byte("short")))
+	assert.Error(t, err)
+	assert.False(t, ok)
+	assert.Contains(t, err.Error(), "invalid public key length")
+}