Origin: upstream, https://github.com/theupdateframework/notary/commit/d4f8e4a98e77d3d8ca20c5530530a3d996b0ae5e
From d4f8e4a98e77d3d8ca20c5530530a3d996b0ae5e Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Sun, 15 Apr 2018 23:42:06 +0100
Subject: [PATCH] Use golang/x/crypto for ed25519

This is now available in the official upstream packages, so stop
using independent implementation. Small changes in types.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 tuf/data/keys.go        |  8 ++++----
 tuf/signed/verifiers.go | 12 ++++++------
 tuf/utils/x509.go       |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

--- a/tuf/data/keys.go
+++ b/tuf/data/keys.go
@@ -11,11 +11,11 @@
 	"errors"
 	"io"
 	"math/big"
 
-	"github.com/agl/ed25519"
 	"github.com/docker/go/canonical/json"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/crypto/ed25519"
 )
 
 // PublicKey is the necessary interface for public keys
 type PublicKey interface {
@@ -483,11 +483,12 @@
 }
 
 // Sign creates an ed25519 signature
 func (k ED25519PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) {
-	priv := [ed25519.PrivateKeySize]byte{}
-	copy(priv[:], k.private[ed25519.PublicKeySize:])
-	return ed25519.Sign(&priv, msg)[:], nil
+	priv := make([]byte, ed25519.PrivateKeySize)
+	// The ed25519 key is serialized as public key then private key, so just use private key here.
+	copy(priv, k.private[ed25519.PublicKeySize:])
+	return ed25519.Sign(ed25519.PrivateKey(priv), msg)[:], nil
 }
 
 // Sign on an UnknownPrivateKey raises an error because the client does not
 // know how to sign with this key type.
--- a/tuf/signed/verifiers.go
+++ b/tuf/signed/verifiers.go
@@ -9,11 +9,11 @@
 	"encoding/pem"
 	"fmt"
 	"math/big"
 
-	"github.com/agl/ed25519"
 	"github.com/sirupsen/logrus"
 	"github.com/theupdateframework/notary/tuf/data"
+	"golang.org/x/crypto/ed25519"
 )
 
 const (
 	minRSAKeySizeBit  = 2048 // 2048 bits = 256 bytes
@@ -38,28 +38,28 @@
 func (v Ed25519Verifier) Verify(key data.PublicKey, sig []byte, msg []byte) error {
 	if key.Algorithm() != data.ED25519Key {
 		return ErrInvalidKeyType{}
 	}
-	var sigBytes [ed25519.SignatureSize]byte
+	sigBytes := make([]byte, ed25519.SignatureSize)
 	if len(sig) != ed25519.SignatureSize {
 		logrus.Debugf("signature length is incorrect, must be %d, was %d.", ed25519.SignatureSize, len(sig))
 		return ErrInvalid
 	}
-	copy(sigBytes[:], sig)
+	copy(sigBytes, sig)
 
-	var keyBytes [ed25519.PublicKeySize]byte
+	keyBytes := make([]byte, ed25519.PublicKeySize)
 	pub := key.Public()
 	if len(pub) != ed25519.PublicKeySize {
 		logrus.Errorf("public key is incorrect size, must be %d, was %d.", ed25519.PublicKeySize, len(pub))
 		return ErrInvalidKeyLength{msg: fmt.Sprintf("ed25519 public key must be %d bytes.", ed25519.PublicKeySize)}
 	}
-	n := copy(keyBytes[:], key.Public())
+	n := copy(keyBytes, key.Public())
 	if n < ed25519.PublicKeySize {
 		logrus.Errorf("failed to copy the key, must have %d bytes, copied %d bytes.", ed25519.PublicKeySize, n)
 		return ErrInvalid
 	}
 
-	if !ed25519.Verify(&keyBytes, msg, &sigBytes) {
+	if !ed25519.Verify(ed25519.PublicKey(keyBytes), msg, sigBytes) {
 		logrus.Debugf("failed ed25519 verification")
 		return ErrInvalid
 	}
 	return nil
--- a/tuf/utils/x509.go
+++ b/tuf/utils/x509.go
@@ -15,12 +15,12 @@
 	"io/ioutil"
 	"math/big"
 	"time"
 
-	"github.com/agl/ed25519"
 	"github.com/sirupsen/logrus"
 	"github.com/theupdateframework/notary"
 	"github.com/theupdateframework/notary/tuf/data"
+	"golang.org/x/crypto/ed25519"
 )
 
 // CanonicalKeyID returns the ID of the public bytes version of a TUF key.
 // On regular RSA/ECDSA TUF keys, this is just the key ID.  On X509 RSA/ECDSA