Skip to content

Commit

Permalink
fix: Update the ecdsa key type to the latest spec (1.0.32). (#508)
Browse files Browse the repository at this point in the history
Update the ecdsa key type to the latest spec (1.0.32).
The old ecdsa key type is kept to be able to consume older metadata files.

Signed-off-by: Fredrik Skogman <[email protected]>
  • Loading branch information
kommendorkapten authored Jun 20, 2023
1 parent c844873 commit 2adcfe7
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
9 changes: 6 additions & 3 deletions data/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,12 @@ type HashAlgorithm string
const (
KeyIDLength = sha256.Size * 2

KeyTypeEd25519 KeyType = "ed25519"
KeyTypeECDSA_SHA2_P256 KeyType = "ecdsa-sha2-nistp256"
KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa"
KeyTypeEd25519 KeyType = "ed25519"
// From version 1.0.32, the reference implementation defines 'ecdsa',
// not 'ecdsa-sha2-nistp256' for NIST P-256 curves.
KeyTypeECDSA_SHA2_P256 KeyType = "ecdsa"
KeyTypeECDSA_SHA2_P256_OLD_FMT KeyType = "ecdsa-sha2-nistp256"
KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa"

KeySchemeEd25519 KeyScheme = "ed25519"
KeySchemeECDSA_SHA2_P256 KeyScheme = "ecdsa-sha2-nistp256"
Expand Down
2 changes: 2 additions & 0 deletions pkg/keys/ecdsa.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ func init() {
// Note: we use LoadOrStore here to prevent accidentally overriding the
// an explicit deprecated ECDSA verifier.
// TODO: When deprecated ECDSA is removed, this can switch back to Store.
VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, NewEcdsaVerifier)
VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier)
SignerMap.Store(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, newEcdsaSigner)
SignerMap.Store(data.KeyTypeECDSA_SHA2_P256, newEcdsaSigner)
}

Expand Down

0 comments on commit 2adcfe7

Please sign in to comment.