File: keys.go

package info (click to toggle)
golang-github-theupdateframework-go-tuf 2.0.2%2B0.7.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 8,908 kB
  • sloc: python: 164; makefile: 89; sh: 37
file content (82 lines) | stat: -rw-r--r-- 2,473 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
package keys

import (
	"errors"
	"fmt"
	"sync"

	"github.com/theupdateframework/go-tuf/data"
)

// MaxJSONKeySize defines the maximum length of a JSON payload.
const MaxJSONKeySize = 512 * 1024 // 512Kb

// SignerMap stores mapping between key type strings and signer constructors.
var SignerMap sync.Map

// Verifier stores mapping between key type strings and verifier constructors.
var VerifierMap sync.Map

var (
	ErrInvalid    = errors.New("tuf: signature verification failed")
	ErrInvalidKey = errors.New("invalid key")
)

// A Verifier verifies public key signatures.
type Verifier interface {
	// UnmarshalPublicKey takes key data to a working verifier implementation for the key type.
	// This performs any validation over the data.PublicKey to ensure that the verifier is usable
	// to verify signatures.
	UnmarshalPublicKey(key *data.PublicKey) error

	// MarshalPublicKey returns the data.PublicKey object associated with the verifier.
	MarshalPublicKey() *data.PublicKey

	// This is the public string used as a unique identifier for the verifier instance.
	Public() string

	// Verify takes a message and signature, all as byte slices,
	// and determines whether the signature is valid for the given
	// key and message.
	Verify(msg, sig []byte) error
}

type Signer interface {
	// MarshalPrivateKey returns the private key data.
	MarshalPrivateKey() (*data.PrivateKey, error)

	// UnmarshalPrivateKey takes private key data to a working Signer implementation for the key type.
	UnmarshalPrivateKey(key *data.PrivateKey) error

	// Returns the public data.PublicKey from the private key
	PublicData() *data.PublicKey

	// Sign returns the signature of the message.
	// The signer is expected to do its own hashing, so the full message will be
	// provided as the message to Sign with a zero opts.HashFunc().
	SignMessage(message []byte) ([]byte, error)
}

func GetVerifier(key *data.PublicKey) (Verifier, error) {
	st, ok := VerifierMap.Load(key.Type)
	if !ok {
		return nil, ErrInvalidKey
	}
	s := st.(func() Verifier)()
	if err := s.UnmarshalPublicKey(key); err != nil {
		return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err)
	}
	return s, nil
}

func GetSigner(key *data.PrivateKey) (Signer, error) {
	st, ok := SignerMap.Load(key.Type)
	if !ok {
		return nil, ErrInvalidKey
	}
	s := st.(func() Signer)()
	if err := s.UnmarshalPrivateKey(key); err != nil {
		return nil, fmt.Errorf("tuf: error unmarshalling key: %w", err)
	}
	return s, nil
}