diff --git a/client/client_test.go b/client/client_test.go index 9ce10f05..767c8855 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -354,7 +354,7 @@ func (s *ClientSuite) TestNewRoot(c *C) { for _, id := range ids { key, err := client.db.GetKey(id) c.Assert(err, IsNil) - c.Assert(key.IDs(), DeepEquals, ids) + c.Assert(key.MarshalKey().IDs(), DeepEquals, ids) } role := client.db.GetRole(name) c.Assert(role, NotNil) @@ -413,7 +413,7 @@ func (s *ClientSuite) TestNewTimestampKey(c *C) { for _, newID := range newIDs { key, err := client.db.GetKey(newID) c.Assert(err, IsNil) - c.Assert(key.IDs(), DeepEquals, newIDs) + c.Assert(key.MarshalKey().IDs(), DeepEquals, newIDs) } role := client.db.GetRole("timestamp") c.Assert(role, NotNil) @@ -453,7 +453,7 @@ func (s *ClientSuite) TestNewSnapshotKey(c *C) { for _, newID := range newIDs { key, err := client.db.GetKey(newID) c.Assert(err, IsNil) - c.Assert(key.IDs(), DeepEquals, newIDs) + c.Assert(key.MarshalKey().IDs(), DeepEquals, newIDs) } role := client.db.GetRole("snapshot") c.Assert(role, NotNil) @@ -496,7 +496,7 @@ func (s *ClientSuite) TestNewTargetsKey(c *C) { for _, newID := range newIDs { key, err := client.db.GetKey(newID) c.Assert(err, IsNil) - c.Assert(key.IDs(), DeepEquals, newIDs) + c.Assert(key.MarshalKey().IDs(), DeepEquals, newIDs) } role := client.db.GetRole("targets") c.Assert(role, NotNil) diff --git a/client/testdata/go-tuf-transition-M3/generate.go b/client/testdata/go-tuf-transition-M3/generate.go index 116adf6e..08417b5b 100644 --- a/client/testdata/go-tuf-transition-M3/generate.go +++ b/client/testdata/go-tuf-transition-M3/generate.go @@ -74,7 +74,7 @@ func revokeKeys(repo *tuf.Repo, role string, keyList []*data.PrivateKey) { for _, key := range keyList { signer, err := keys.GetSigner(key) assertNotNil(err) - assertNotNil(repo.RevokeKeyWithExpires(role, signer.IDs()[0], expirationDate)) + assertNotNil(repo.RevokeKeyWithExpires(role, signer.PublicData().IDs()[0], expirationDate)) } } diff --git a/client/testdata/go-tuf/generator/generator.go b/client/testdata/go-tuf/generator/generator.go index b71b7445..b1966543 100644 --- a/client/testdata/go-tuf/generator/generator.go +++ b/client/testdata/go-tuf/generator/generator.go @@ -74,7 +74,7 @@ func revokeKeys(repo *tuf.Repo, role string, keyList []*data.PrivateKey) { for _, key := range keyList { signer, err := keys.GetSigner(key) assertNotNil(err) - assertNotNil(repo.RevokeKeyWithExpires(role, signer.IDs()[0], expirationDate)) + assertNotNil(repo.RevokeKeyWithExpires(role, signer.PublicData().IDs()[0], expirationDate)) } } diff --git a/keys/ecdsa.go b/keys/ecdsa.go index de78c2d6..4489e1a0 100644 --- a/keys/ecdsa.go +++ b/keys/ecdsa.go @@ -13,15 +13,11 @@ import ( ) func init() { - KeyMap.Store(data.KeyTypeECDSA_SHA2_P256, NewEcdsa) + VerifierMap.Store(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier) } -func NewEcdsa() SignerVerifier { - sv := SignerVerifier{ - Signer: nil, - Verifier: &p256Verifier{}, - } - return sv +func NewEcdsaVerifier() Verifier { + return &p256Verifier{} } type ecdsaSignature struct { @@ -58,7 +54,7 @@ func (p *p256Verifier) Verify(msg, sigBytes []byte) error { return nil } -func (p *p256Verifier) Key() *data.Key { +func (p *p256Verifier) MarshalKey() *data.Key { return p.key } diff --git a/keys/ed25519.go b/keys/ed25519.go index 110bfa2b..fa7f9290 100644 --- a/keys/ed25519.go +++ b/keys/ed25519.go @@ -5,21 +5,22 @@ import ( "crypto/rand" "encoding/json" "errors" - "sync" "github.com/theupdateframework/go-tuf/data" ) func init() { - KeyMap.Store(data.KeySchemeEd25519, NewP256) + SignerMap.Store(data.KeySchemeEd25519, NewP256Signer) + VerifierMap.Store(data.KeySchemeEd25519, NewP256Verifier) + } -func NewP256() SignerVerifier { - sv := SignerVerifier{ - Signer: &ed25519Signer{}, - Verifier: &ed25519Verifier{}, - } - return sv +func NewP256Signer() Signer { + return &ed25519Signer{} +} + +func NewP256Verifier() Verifier { + return &ed25519Verifier{} } type ed25519Verifier struct { @@ -38,7 +39,7 @@ func (e *ed25519Verifier) Verify(msg, sig []byte) error { return nil } -func (e *ed25519Verifier) Key() *data.Key { +func (e *ed25519Verifier) MarshalKey() *data.Key { return e.key } @@ -62,6 +63,14 @@ type ed25519PrivateKeyValue struct { Private data.HexBytes `json:"private"` } +type ed25519Signer struct { + ed25519.PrivateKey + + keyType string + keyScheme string + keyAlgorithms []string +} + func GenerateEd25519Key() (*ed25519Signer, error) { _, private, err := ed25519.GenerateKey(rand.Reader) if err != nil { @@ -78,7 +87,7 @@ func GenerateEd25519Key() (*ed25519Signer, error) { }, nil } -func (e *ed25519Signer) MarshalPrivate() (*data.PrivateKey, error) { +func (e *ed25519Signer) MarshalSigner() (*data.PrivateKey, error) { valueBytes, err := json.Marshal(ed25519PrivateKeyValue{ Public: data.HexBytes([]byte(e.PrivateKey.Public().(ed25519.PublicKey))), Private: data.HexBytes(e.PrivateKey), @@ -117,37 +126,3 @@ func (e *ed25519Signer) PublicData() *data.Key { Value: keyValBytes, } } - -type ed25519Signer struct { - ed25519.PrivateKey - - keyType string - keyScheme string - keyAlgorithms []string - ids []string - idOnce sync.Once -} - -// var _ Signer = &ed25519Signer{} - -func (s *ed25519Signer) IDs() []string { - s.idOnce.Do(func() { s.ids = s.PublicData().IDs() }) - return s.ids -} - -func (s *ed25519Signer) ContainsID(id string) bool { - for _, keyid := range s.IDs() { - if id == keyid { - return true - } - } - return false -} - -func (s *ed25519Signer) Type() string { - return s.keyType -} - -func (s *ed25519Signer) Scheme() string { - return s.keyScheme -} diff --git a/keys/ed25519_test.go b/keys/ed25519_test.go new file mode 100644 index 00000000..4048bc3a --- /dev/null +++ b/keys/ed25519_test.go @@ -0,0 +1,24 @@ +package keys + +import ( + "crypto" + "crypto/rand" + + . "gopkg.in/check.v1" +) + +type Ed25519Suite struct{} + +var _ = Suite(&Ed25519Suite{}) + +func (Ed25519Suite) TestSignVerify(c *C) { + key, err := GenerateEd25519Key() + c.Assert(err, IsNil) + msg := []byte("foo") + sig, err := key.Sign(rand.Reader, msg, crypto.Hash(0)) + c.Assert(err, IsNil) + publicData := key.PublicData() + pubKey, err := GetVerifier(publicData) + c.Assert(err, IsNil) + c.Assert(pubKey.Verify(msg, sig), IsNil) +} diff --git a/keys/keys.go b/keys/keys.go index 112c921c..e2002cf2 100644 --- a/keys/keys.go +++ b/keys/keys.go @@ -8,13 +8,11 @@ import ( "github.com/theupdateframework/go-tuf/data" ) -// KeyMap stores mapping between key type strings and verifier constructors. -var KeyMap sync.Map +// SignerMap stores mapping between key type strings and signer constructors. +var SignerMap sync.Map -type SignerVerifier struct { - Signer Signer - Verifier Verifier -} +// Verifier stores mapping between key type strings and verifier constructors. +var VerifierMap sync.Map var ( ErrInvalid = errors.New("tuf: signature verification failed") @@ -28,24 +26,21 @@ type Verifier interface { // to verify signatures. UnmarshalKey(key *data.Key) error + // Key returns the data.Key object associated with the verifier. + MarshalKey() *data.Key + // This is the public string used as a unique identifier for the verifier instance. Public() string - // IDs returns the TUF key ids - IDs() []string - // Verify takes a message and signature, all as byte slices, // and determines whether the signature is valid for the given // key and message. Verify(msg, sig []byte) error - - // Key returns the data.Key object associated with the verifier. - Key() *data.Key } type Signer interface { // Marshal into a private key. - MarshalPrivate() (*data.PrivateKey, error) + MarshalSigner() (*data.PrivateKey, error) // UnmarshalKey takes private key data to a working Signer implementation for the key type. UnmarshalSigner(key *data.PrivateKey) error @@ -53,18 +48,6 @@ type Signer interface { // Returns the public data.Key from the private key PublicData() *data.Key - // IDs returns the TUF key ids - IDs() []string - - // ContainsID returns if the signer contains the key id - ContainsID(id string) bool - - // Type returns the TUF key type - Type() string - - // Scheme returns the TUF key scheme - Scheme() string - // Signer is used to sign messages and provides access to the public key. // The signer is expected to do its own hashing, so the full message will be // provided as the message to Sign with a zero opts.HashFunc(). @@ -72,31 +55,25 @@ type Signer interface { } func GetVerifier(key *data.Key) (Verifier, error) { - st, ok := KeyMap.Load(key.Type) + st, ok := VerifierMap.Load(key.Type) if !ok { return nil, ErrInvalidKey } - s := st.(func() SignerVerifier)() - if s.Verifier == nil { + s := st.(func() Verifier)() + if err := s.UnmarshalKey(key); err != nil { return nil, ErrInvalidKey } - if err := s.Verifier.UnmarshalKey(key); err != nil { - return nil, ErrInvalidKey - } - return s.Verifier, nil + return s, nil } func GetSigner(key *data.PrivateKey) (Signer, error) { - st, ok := KeyMap.Load(key.Type) + st, ok := SignerMap.Load(key.Type) if !ok { return nil, ErrInvalidKey } - s := st.(func() SignerVerifier)() - if s.Signer == nil { - return nil, ErrInvalidKey - } - if err := s.Signer.UnmarshalSigner(key); err != nil { + s := st.(func() Signer)() + if err := s.UnmarshalSigner(key); err != nil { return nil, ErrInvalidKey } - return s.Signer, nil + return s, nil } diff --git a/keys/keys_test.go b/keys/keys_test.go index 481fc107..93b1d3bc 100644 --- a/keys/keys_test.go +++ b/keys/keys_test.go @@ -16,26 +16,23 @@ var _ = Suite(&KeysSuite{}) func (KeysSuite) TestSignerKeyIDs(c *C) { key, err := GenerateEd25519Key() c.Assert(err, IsNil) - c.Assert(key.PublicData().IDs(), DeepEquals, key.IDs()) // If we have a TUF-0.9 key, we won't have a scheme. key, err = GenerateEd25519Key() c.Assert(err, IsNil) - privKey, err := key.MarshalPrivate() + privKey, err := key.MarshalSigner() c.Assert(err, IsNil) privKey.Scheme = "" err = key.UnmarshalSigner(privKey) c.Assert(err, IsNil) - c.Assert(key.PublicData().IDs(), DeepEquals, key.IDs()) // Make sure we preserve ids if we don't have any // keyid_hash_algorithms. key, err = GenerateEd25519Key() c.Assert(err, IsNil) - privKey, err = key.MarshalPrivate() + privKey, err = key.MarshalSigner() c.Assert(err, IsNil) privKey.Algorithms = []string{} err = key.UnmarshalSigner(privKey) c.Assert(err, IsNil) - c.Assert(key.PublicData().IDs(), DeepEquals, key.IDs()) } diff --git a/repo.go b/repo.go index fb76a3a8..5c46c6b8 100644 --- a/repo.go +++ b/repo.go @@ -344,7 +344,7 @@ func (r *Repo) AddPrivateKeyWithExpires(keyRole string, key keys.Signer, expires return ErrInvalidExpires{expires} } - privKey, err := key.MarshalPrivate() + privKey, err := key.MarshalSigner() if err != nil { return err } @@ -640,7 +640,7 @@ func (r *Repo) getSigningKeys(name string) ([]keys.Signer, error) { } keys := make([]keys.Signer, 0, len(role.KeyIDs)) for _, key := range signingKeys { - for _, id := range key.IDs() { + for _, id := range key.PublicData().IDs() { if _, ok := role.KeyIDs[id]; ok { keys = append(keys, key) } diff --git a/repo_test.go b/repo_test.go index ee97c792..f02d307c 100644 --- a/repo_test.go +++ b/repo_test.go @@ -213,7 +213,7 @@ func (rs *RepoSuite) TestGenKey(c *C) { for _, keyID := range ids { rootKey, err := db.GetKey(keyID) c.Assert(err, IsNil) - c.Assert(rootKey.IDs(), DeepEquals, ids) + c.Assert(rootKey.MarshalKey().IDs(), DeepEquals, ids) role := db.GetRole("root") c.Assert(role.KeyIDs, DeepEquals, util.StringSliceToSet(ids)) @@ -221,13 +221,13 @@ func (rs *RepoSuite) TestGenKey(c *C) { localKeys, err := local.GetSigningKeys("root") c.Assert(err, IsNil) c.Assert(localKeys, HasLen, 1) - c.Assert(localKeys[0].IDs(), DeepEquals, ids) + c.Assert(localKeys[0].PublicData().IDs(), DeepEquals, ids) // check RootKeys() is correct rootKeys, err := r.RootKeys() c.Assert(err, IsNil) c.Assert(rootKeys, HasLen, 1) - c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.IDs()) + c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.MarshalKey().IDs()) pk, err := keys.GetVerifier(rootKeys[0]) c.Assert(err, IsNil) c.Assert(pk.Public(), DeepEquals, rootKey.Public()) @@ -262,7 +262,7 @@ func (rs *RepoSuite) TestGenKey(c *C) { } key, err := db.GetKey(id) c.Assert(err, IsNil) - c.Assert(key.Key().ContainsID(id), Equals, true) + c.Assert(key.MarshalKey().ContainsID(id), Equals, true) } role := db.GetRole("targets") c.Assert(role.KeyIDs, DeepEquals, targetKeyIDs) @@ -271,7 +271,7 @@ func (rs *RepoSuite) TestGenKey(c *C) { rootKeys, err := r.RootKeys() c.Assert(err, IsNil) c.Assert(rootKeys, HasLen, 1) - c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.IDs()) + c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.MarshalKey().IDs()) // check the keys were saved correctly localKeys, err := local.GetSigningKeys("targets") @@ -280,7 +280,7 @@ func (rs *RepoSuite) TestGenKey(c *C) { for _, key := range localKeys { found := false for _, id := range targetsRole.KeyIDs { - if key.ContainsID(id) { + if key.PublicData().ContainsID(id) { found = true break } @@ -376,7 +376,7 @@ func (rs *RepoSuite) TestAddPrivateKey(c *C) { for _, keyID := range ids { rootKey, err := db.GetKey(keyID) c.Assert(err, IsNil) - c.Assert(rootKey.IDs(), DeepEquals, ids) + c.Assert(rootKey.MarshalKey().IDs(), DeepEquals, ids) role := db.GetRole("root") c.Assert(role.KeyIDs, DeepEquals, util.StringSliceToSet(ids)) @@ -384,13 +384,13 @@ func (rs *RepoSuite) TestAddPrivateKey(c *C) { localKeys, err := local.GetSigningKeys("root") c.Assert(err, IsNil) c.Assert(localKeys, HasLen, 1) - c.Assert(localKeys[0].IDs(), DeepEquals, ids) + c.Assert(localKeys[0].PublicData().IDs(), DeepEquals, ids) // check RootKeys() is correct rootKeys, err := r.RootKeys() c.Assert(err, IsNil) c.Assert(rootKeys, HasLen, 1) - c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.IDs()) + c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.MarshalKey().IDs()) pk, err := keys.GetVerifier(rootKeys[0]) c.Assert(err, IsNil) c.Assert(pk.Public(), DeepEquals, rootKey.Public()) @@ -425,7 +425,7 @@ func (rs *RepoSuite) TestAddPrivateKey(c *C) { } key, err := db.GetKey(id) c.Assert(err, IsNil) - c.Assert(key.Key().ContainsID(id), Equals, true) + c.Assert(key.MarshalKey().ContainsID(id), Equals, true) } role := db.GetRole("targets") c.Assert(role.KeyIDs, DeepEquals, targetKeyIDs) @@ -434,7 +434,7 @@ func (rs *RepoSuite) TestAddPrivateKey(c *C) { rootKeys, err := r.RootKeys() c.Assert(err, IsNil) c.Assert(rootKeys, HasLen, 1) - c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.IDs()) + c.Assert(rootKeys[0].IDs(), DeepEquals, rootKey.MarshalKey().IDs()) // check the keys were saved correctly localKeys, err := local.GetSigningKeys("targets") @@ -443,7 +443,7 @@ func (rs *RepoSuite) TestAddPrivateKey(c *C) { for _, key := range localKeys { found := false for _, id := range targetsRole.KeyIDs { - if key.ContainsID(id) { + if key.PublicData().ContainsID(id) { found = true break } @@ -586,7 +586,7 @@ func (rs *RepoSuite) TestSign(c *C) { // signing with an available key generates a signature key, err := keys.GenerateEd25519Key() c.Assert(err, IsNil) - privateKey, err := key.MarshalPrivate() + privateKey, err := key.MarshalSigner() c.Assert(err, IsNil) c.Assert(local.SavePrivateKey("root", privateKey), IsNil) c.Assert(r.Sign("root.json"), IsNil) @@ -599,7 +599,7 @@ func (rs *RepoSuite) TestSign(c *C) { // signing with a new available key generates another signature newKey, err := keys.GenerateEd25519Key() c.Assert(err, IsNil) - newPrivateKey, err := newKey.MarshalPrivate() + newPrivateKey, err := newKey.MarshalSigner() c.Assert(err, IsNil) c.Assert(local.SavePrivateKey("root", newPrivateKey), IsNil) c.Assert(r.Sign("root.json"), IsNil) @@ -1224,14 +1224,14 @@ func (rs *RepoSuite) TestKeyPersistence(c *C) { for i, s := range signers { v, err := keys.GetSigner(expected[i]) c.Assert(err, IsNil) - c.Assert(s.IDs(), DeepEquals, v.IDs()) + c.Assert(s.PublicData().IDs(), DeepEquals, v.PublicData().IDs()) } } // save a key and check it gets encrypted key, err := keys.GenerateEd25519Key() c.Assert(err, IsNil) - privateKey, err := key.MarshalPrivate() + privateKey, err := key.MarshalSigner() c.Assert(err, IsNil) c.Assert(store.SavePrivateKey("root", privateKey), IsNil) assertKeys("root", true, []*data.PrivateKey{privateKey}) @@ -1239,7 +1239,7 @@ func (rs *RepoSuite) TestKeyPersistence(c *C) { // save another key and check it gets added to the existing keys newKey, err := keys.GenerateEd25519Key() c.Assert(err, IsNil) - newPrivateKey, err := newKey.MarshalPrivate() + newPrivateKey, err := newKey.MarshalSigner() c.Assert(err, IsNil) c.Assert(store.SavePrivateKey("root", newPrivateKey), IsNil) assertKeys("root", true, []*data.PrivateKey{privateKey, newPrivateKey}) @@ -1248,14 +1248,14 @@ func (rs *RepoSuite) TestKeyPersistence(c *C) { insecureStore := FileSystemStore(tmp.path, nil) key, err = keys.GenerateEd25519Key() c.Assert(err, IsNil) - privateKey, err = key.MarshalPrivate() + privateKey, err = key.MarshalSigner() c.Assert(err, IsNil) c.Assert(insecureStore.SavePrivateKey("root", privateKey), Equals, ErrPassphraseRequired{"root"}) // save a key to an insecure store and check it is not encrypted key, err = keys.GenerateEd25519Key() c.Assert(err, IsNil) - privateKey, err = key.MarshalPrivate() + privateKey, err = key.MarshalSigner() c.Assert(err, IsNil) c.Assert(insecureStore.SavePrivateKey("targets", privateKey), IsNil) assertKeys("targets", false, []*data.PrivateKey{privateKey}) @@ -1511,7 +1511,7 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) { c.Assert(err, IsNil) rootSig, err := rootKey.Sign(rand.Reader, rootMeta.Signed, crypto.Hash(0)) c.Assert(err, IsNil) - for _, id := range rootKey.IDs() { + for _, id := range rootKey.PublicData().IDs() { c.Assert(r.AddOrUpdateSignature("root.json", data.Signature{ KeyID: id, Signature: rootSig}), IsNil) @@ -1523,7 +1523,7 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) { c.Assert(err, IsNil) targetsSig, err := targetsKey.Sign(rand.Reader, targetsMeta.Signed, crypto.Hash(0)) c.Assert(err, IsNil) - for _, id := range targetsKey.IDs() { + for _, id := range targetsKey.PublicData().IDs() { r.AddOrUpdateSignature("targets.json", data.Signature{ KeyID: id, Signature: targetsSig}) @@ -1535,7 +1535,7 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) { c.Assert(err, IsNil) snapshotSig, err := snapshotKey.Sign(rand.Reader, snapshotMeta.Signed, crypto.Hash(0)) c.Assert(err, IsNil) - for _, id := range snapshotKey.IDs() { + for _, id := range snapshotKey.PublicData().IDs() { r.AddOrUpdateSignature("snapshot.json", data.Signature{ KeyID: id, Signature: snapshotSig}) @@ -1546,7 +1546,7 @@ func (rs *RepoSuite) TestAddOrUpdateSignatures(c *C) { c.Assert(err, IsNil) timestampSig, err := timestampKey.Sign(rand.Reader, timestampMeta.Signed, crypto.Hash(0)) c.Assert(err, IsNil) - for _, id := range timestampKey.IDs() { + for _, id := range timestampKey.PublicData().IDs() { r.AddOrUpdateSignature("timestamp.json", data.Signature{ KeyID: id, Signature: timestampSig}) @@ -1584,14 +1584,14 @@ func (rs *RepoSuite) TestBadAddOrUpdateSignatures(c *C) { c.Assert(err, IsNil) rootSig, err := rootKey.Sign(rand.Reader, rootMeta.Signed, crypto.Hash(0)) c.Assert(err, IsNil) - for _, id := range rootKey.IDs() { + for _, id := range rootKey.PublicData().IDs() { c.Assert(r.AddOrUpdateSignature("invalid_root.json", data.Signature{ KeyID: id, Signature: rootSig}), Equals, ErrInvalidRole{"invalid_root"}) } // add a root signature with an key ID that is for the targets role - for _, id := range targetsKey.IDs() { + for _, id := range targetsKey.PublicData().IDs() { c.Assert(r.AddOrUpdateSignature("root.json", data.Signature{ KeyID: id, Signature: rootSig}), Equals, verify.ErrInvalidKey) @@ -1600,14 +1600,14 @@ func (rs *RepoSuite) TestBadAddOrUpdateSignatures(c *C) { // attempt to add a bad signature to root badSig, err := rootKey.Sign(rand.Reader, []byte(""), crypto.Hash(0)) c.Assert(err, IsNil) - for _, id := range rootKey.IDs() { + for _, id := range rootKey.PublicData().IDs() { c.Assert(r.AddOrUpdateSignature("root.json", data.Signature{ KeyID: id, Signature: badSig}), Equals, verify.ErrInvalid) } // add the correct root signature - for _, id := range rootKey.IDs() { + for _, id := range rootKey.PublicData().IDs() { c.Assert(r.AddOrUpdateSignature("root.json", data.Signature{ KeyID: id, Signature: rootSig}), IsNil) @@ -1632,7 +1632,7 @@ func (rs *RepoSuite) TestBadAddOrUpdateSignatures(c *C) { // re-adding should not duplicate. this is checked by verifying // signature key IDs match with the map of role key IDs. - for _, id := range rootKey.IDs() { + for _, id := range rootKey.PublicData().IDs() { c.Assert(r.AddOrUpdateSignature("root.json", data.Signature{ KeyID: id, Signature: rootSig}), IsNil) diff --git a/sign/sign.go b/sign/sign.go index 1c8410c7..3029956f 100644 --- a/sign/sign.go +++ b/sign/sign.go @@ -10,7 +10,7 @@ import ( ) func Sign(s *data.Signed, k keys.Signer) error { - ids := k.IDs() + ids := k.PublicData().IDs() signatures := make([]data.Signature, 0, len(s.Signatures)+1) for _, sig := range s.Signatures { found := false diff --git a/verify/verify.go b/verify/verify.go index 3bcb4108..5c6476b0 100644 --- a/verify/verify.go +++ b/verify/verify.go @@ -93,7 +93,7 @@ func (db *DB) VerifySignatures(s *data.Signed, role string) error { // Only consider this key valid if we haven't seen any of it's // key ids before. if _, ok := seen[sig.KeyID]; !ok { - for _, id := range key.IDs() { + for _, id := range key.MarshalKey().IDs() { seen[id] = struct{}{} } diff --git a/verify/verify_test.go b/verify/verify_test.go index 440e2afa..833fd4c5 100644 --- a/verify/verify_test.go +++ b/verify/verify_test.go @@ -59,15 +59,7 @@ func (s ecdsaSigner) ContainsID(id string) bool { return s.PublicData().ContainsID(id) } -func (ecdsaSigner) Type() string { - return data.KeyTypeECDSA_SHA2_P256 -} - -func (ecdsaSigner) Scheme() string { - return data.KeySchemeECDSA_SHA2_P256 -} - -func (ecdsaSigner) MarshalPrivate() (*data.PrivateKey, error) { +func (ecdsaSigner) MarshalSigner() (*data.PrivateKey, error) { return nil, errors.New("not implemented") }