commit 851dc5c82fe71db988917b629759bc1856c4fc8f
author Jonathan Rudenberg <jonathan@titanous.com> Tue Aug 09 15:20:04 2016 -0400
committer Jonathan Rudenberg <jonathan@titanous.com> Fri Aug 12 14:35:39 2016 -0400
tree 78f7a027acc41b27e456386a5e3757cf84e1965c
parent d65801fc7514ab264903db1fbef9e1b84a569886

Move public key validation logic to signed package

Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>

keys/db.go

diff --git a/keys/db.go b/keys/db.go
index 09b16f3..7613d5c 100644
--- a/keys/db.go
+++ b/keys/db.go
@@ -5,7 +5,7 @@
 	"errors"
 
 	"github.com/flynn/go-tuf/data"
-	"golang.org/x/crypto/ed25519"
+	"github.com/flynn/go-tuf/signed"
 )
 
 var (
@@ -54,13 +54,14 @@
 }
 
 func (db *DB) AddKey(id string, k *data.Key) error {
-	if k.Type != data.KeyTypeEd25519 {
+	v, ok := signed.Verifiers[k.Type]
+	if !ok {
 		return nil
 	}
 	if id != k.ID() {
 		return ErrWrongID
 	}
-	if len(k.Value.Public) != ed25519.PublicKeySize {
+	if !v.ValidKey(k.Value.Public) {
 		return ErrInvalidKey
 	}
 

signed/verifiers.go

diff --git a/signed/verifiers.go b/signed/verifiers.go
index fc26669..cb09345 100644
--- a/signed/verifiers.go
+++ b/signed/verifiers.go
@@ -5,18 +5,21 @@
 	"golang.org/x/crypto/ed25519"
 )
 
-// Verifier describes the verification interface. Implement this interface
-// to add additional verifiers to go-tuf.
+// A Verifier verifies public key signatures.
 type Verifier interface {
 	// Verify takes a key, message and signature, all as byte slices,
 	// and determines whether the signature is valid for the given
 	// key and message.
 	Verify(key, msg, sig []byte) error
+
+	// ValidKey returns true if the provided public key is valid and usable to
+	// verify signatures with this verifier.
+	ValidKey([]byte) bool
 }
 
 // Verifiers is used to map key types to Verifier instances.
 var Verifiers = map[string]Verifier{
-	data.KeyTypeEd25519: Ed25519Verifier{},
+	data.KeyTypeEd25519: ed25519Verifier{},
 }
 
 // RegisterVerifier provides a convenience function for init() functions
@@ -25,12 +28,15 @@
 	Verifiers[name] = v
 }
 
-// Ed25519Verifier is an implementation of a Verifier that verifies ed25519 signatures
-type Ed25519Verifier struct{}
+type ed25519Verifier struct{}
 
-func (v Ed25519Verifier) Verify(key []byte, msg []byte, sig []byte) error {
+func (ed25519Verifier) Verify(key, msg, sig []byte) error {
 	if !ed25519.Verify(key, msg, sig) {
 		return ErrInvalid
 	}
 	return nil
 }
+
+func (ed25519Verifier) ValidKey(k []byte) {
+	return len(k) == ed25519.PublicKeySize
+}