1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
package sign
import (
"encoding/json"
"errors"
"github.com/secure-systems-lab/go-securesystemslib/cjson"
"github.com/theupdateframework/go-tuf/data"
"github.com/theupdateframework/go-tuf/pkg/keys"
)
const maxSignatures = 1024
// MakeSignatures creates data.Signatures for canonical using signer k.
//
// There will be one data.Signature for each of k's IDs, each wih the same
// signature data.
func MakeSignatures(canonical []byte, k keys.Signer) ([]data.Signature, error) {
sigData, err := k.SignMessage(canonical)
if err != nil {
return nil, err
}
ids := k.PublicData().IDs()
signatures := make([]data.Signature, 0, len(ids))
for _, id := range ids {
signatures = append(signatures, data.Signature{
KeyID: id,
Signature: sigData,
})
}
return signatures, nil
}
// Sign signs the to-be-signed part of s using the signer k.
//
// The new signature(s) (one for each of k's key IDs) are appended to
// s.Signatures. Existing signatures for the Key IDs are replaced.
func Sign(s *data.Signed, k keys.Signer) error {
canonical, err := cjson.EncodeCanonical(s.Signed)
if err != nil {
return err
}
size := len(s.Signatures)
if size > maxSignatures-1 {
return errors.New("value too large")
}
signatures := make([]data.Signature, 0, size+1)
for _, oldSig := range s.Signatures {
if !k.PublicData().ContainsID(oldSig.KeyID) {
signatures = append(signatures, oldSig)
}
}
newSigs, err := MakeSignatures(canonical, k)
if err != nil {
return err
}
signatures = append(signatures, newSigs...)
s.Signatures = signatures
return nil
}
func Marshal(v interface{}, keys ...keys.Signer) (*data.Signed, error) {
b, err := json.Marshal(v)
if err != nil {
return nil, err
}
s := &data.Signed{Signed: b, Signatures: make([]data.Signature, 0)}
for _, k := range keys {
if err := Sign(s, k); err != nil {
return nil, err
}
}
return s, nil
}
|
