-
Notifications
You must be signed in to change notification settings - Fork 110
/
keys.go
79 lines (64 loc) · 2.31 KB
/
keys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package keys
import (
"errors"
"fmt"
"sync"
"github.com/theupdateframework/go-tuf/data"
)
// SignerMap stores mapping between key type strings and signer constructors.
var SignerMap sync.Map
// Verifier stores mapping between key type strings and verifier constructors.
var VerifierMap sync.Map
var (
ErrInvalid = errors.New("tuf: signature verification failed")
ErrInvalidKey = errors.New("invalid key")
)
// A Verifier verifies public key signatures.
type Verifier interface {
// UnmarshalPublicKey takes key data to a working verifier implementation for the key type.
// This performs any validation over the data.PublicKey to ensure that the verifier is usable
// to verify signatures.
UnmarshalPublicKey(key *data.PublicKey) error
// MarshalPublicKey returns the data.PublicKey object associated with the verifier.
MarshalPublicKey() *data.PublicKey
// This is the public string used as a unique identifier for the verifier instance.
Public() string
// Verify takes a message and signature, all as byte slices,
// and determines whether the signature is valid for the given
// key and message.
Verify(msg, sig []byte) error
}
type Signer interface {
// MarshalPrivateKey returns the private key data.
MarshalPrivateKey() (*data.PrivateKey, error)
// UnmarshalPrivateKey takes private key data to a working Signer implementation for the key type.
UnmarshalPrivateKey(key *data.PrivateKey) error
// Returns the public data.PublicKey from the private key
PublicData() *data.PublicKey
// Sign returns the signature of the message.
// The signer is expected to do its own hashing, so the full message will be
// provided as the message to Sign with a zero opts.HashFunc().
SignMessage(message []byte) ([]byte, error)
}
func GetVerifier(key *data.PublicKey) (Verifier, error) {
st, ok := VerifierMap.Load(key.Type)
if !ok {
return nil, ErrInvalidKey
}
s := st.(func() Verifier)()
if err := s.UnmarshalPublicKey(key); err != nil {
return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err)
}
return s, nil
}
func GetSigner(key *data.PrivateKey) (Signer, error) {
st, ok := SignerMap.Load(key.Type)
if !ok {
return nil, ErrInvalidKey
}
s := st.(func() Signer)()
if err := s.UnmarshalPrivateKey(key); err != nil {
return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err)
}
return s, nil
}