Move public key validation logic to signed package
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
diff --git a/keys/db.go b/keys/db.go
index 09b16f3..7613d5c 100644
--- a/keys/db.go
+++ b/keys/db.go
@@ -5,7 +5,7 @@
"errors"
"github.com/flynn/go-tuf/data"
- "golang.org/x/crypto/ed25519"
+ "github.com/flynn/go-tuf/signed"
)
var (
@@ -54,13 +54,14 @@
}
func (db *DB) AddKey(id string, k *data.Key) error {
- if k.Type != data.KeyTypeEd25519 {
+ v, ok := signed.Verifiers[k.Type]
+ if !ok {
return nil
}
if id != k.ID() {
return ErrWrongID
}
- if len(k.Value.Public) != ed25519.PublicKeySize {
+ if !v.ValidKey(k.Value.Public) {
return ErrInvalidKey
}
diff --git a/signed/verifiers.go b/signed/verifiers.go
index fc26669..cb09345 100644
--- a/signed/verifiers.go
+++ b/signed/verifiers.go
@@ -5,18 +5,21 @@
"golang.org/x/crypto/ed25519"
)
-// Verifier describes the verification interface. Implement this interface
-// to add additional verifiers to go-tuf.
+// A Verifier verifies public key signatures.
type Verifier interface {
// Verify takes a key, message and signature, all as byte slices,
// and determines whether the signature is valid for the given
// key and message.
Verify(key, msg, sig []byte) error
+
+ // ValidKey returns true if the provided public key is valid and usable to
+ // verify signatures with this verifier.
+ ValidKey([]byte) bool
}
// Verifiers is used to map key types to Verifier instances.
var Verifiers = map[string]Verifier{
- data.KeyTypeEd25519: Ed25519Verifier{},
+ data.KeyTypeEd25519: ed25519Verifier{},
}
// RegisterVerifier provides a convenience function for init() functions
@@ -25,12 +28,15 @@
Verifiers[name] = v
}
-// Ed25519Verifier is an implementation of a Verifier that verifies ed25519 signatures
-type Ed25519Verifier struct{}
+type ed25519Verifier struct{}
-func (v Ed25519Verifier) Verify(key []byte, msg []byte, sig []byte) error {
+func (ed25519Verifier) Verify(key, msg, sig []byte) error {
if !ed25519.Verify(key, msg, sig) {
return ErrInvalid
}
return nil
}
+
+func (ed25519Verifier) ValidKey(k []byte) {
+ return len(k) == ed25519.PublicKeySize
+}