Skip to content

Commit

Permalink
Updated the default ecdsa p256 key type to not include any parameters. (
Browse files Browse the repository at this point in the history
theupdateframework#82)

Since TUF spec 1.0.32 the key type for ecdsa does not include the parameters,
they are only part of the key-scheme.
This commit updates the default keytype to not include the parameters, but
includes a compatibility key type to be able to accept metadata compliant
with older versions of the spec.

Signed-off-by: Fredrik Skogman <[email protected]>
  • Loading branch information
kommendorkapten authored and rdimitrov committed Jan 25, 2024
1 parent dd861e9 commit a6d533d
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions metadata/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@ import (
)

const (
KeyTypeEd25519 = "ed25519"
KeyTypeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
KeyTypeECDSA_SHA2_P256_SSLIB = "ecdsa"
KeyTypeRSASSA_PSS_SHA256 = "rsa"
KeySchemeEd25519 = "ed25519"
KeySchemeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
KeySchemeRSASSA_PSS_SHA256 = "rsassa-pss-sha256"
KeyTypeEd25519 = "ed25519"
KeyTypeECDSA_SHA2_P256_COMPAT = "ecdsa-sha2-nistp256"
KeyTypeECDSA_SHA2_P256 = "ecdsa"
KeyTypeRSASSA_PSS_SHA256 = "rsa"
KeySchemeEd25519 = "ed25519"
KeySchemeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
KeySchemeRSASSA_PSS_SHA256 = "rsassa-pss-sha256"
)

// ToPublicKey generate crypto.PublicKey from metadata type Key
Expand All @@ -52,7 +52,7 @@ func (k *Key) ToPublicKey() (crypto.PublicKey, error) {
return nil, err
}
return rsaKey, nil
case KeyTypeECDSA_SHA2_P256, KeyTypeECDSA_SHA2_P256_SSLIB: // handle "ecdsa" too as python-tuf/sslib keys are using it for keytype instead of https://theupdateframework.github.io/specification/latest/index.html#keytype-ecdsa-sha2-nistp256
case KeyTypeECDSA_SHA2_P256, KeyTypeECDSA_SHA2_P256_COMPAT: // handle "ecdsa" too as python-tuf/sslib keys are using it for keytype instead of https://theupdateframework.github.io/specification/latest/index.html#keytype-ecdsa-sha2-nistp256
publicKey, err := cryptoutils.UnmarshalPEMToPublicKey([]byte(k.Value.PublicKey))
if err != nil {
return nil, err
Expand Down

0 comments on commit a6d533d

Please sign in to comment.