fix: Update the ecdsa key type to the latest spec (1.0.32). (#508)

Update the ecdsa key type to the latest spec (1.0.32). The old ecdsa key type is kept to be able to consume older metadata files. Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
theupdateframework · Jun 20, 2023 · 2adcfe7 · 2adcfe7
1 parent c844873
commit 2adcfe7
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/data/types.go b/data/types.go
@@ -24,9 +24,12 @@ type HashAlgorithm string
 const (
 	KeyIDLength = sha256.Size * 2
 
-	KeyTypeEd25519           KeyType = "ed25519"
-	KeyTypeECDSA_SHA2_P256   KeyType = "ecdsa-sha2-nistp256"
-	KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa"
+	KeyTypeEd25519 KeyType = "ed25519"
+	// From version 1.0.32, the reference implementation defines 'ecdsa',
+	// not 'ecdsa-sha2-nistp256' for NIST P-256 curves.
+	KeyTypeECDSA_SHA2_P256         KeyType = "ecdsa"
+	KeyTypeECDSA_SHA2_P256_OLD_FMT KeyType = "ecdsa-sha2-nistp256"
+	KeyTypeRSASSA_PSS_SHA256       KeyType = "rsa"
 
 	KeySchemeEd25519           KeyScheme = "ed25519"
 	KeySchemeECDSA_SHA2_P256   KeyScheme = "ecdsa-sha2-nistp256"

diff --git a/pkg/keys/ecdsa.go b/pkg/keys/ecdsa.go
@@ -20,7 +20,9 @@ func init() {
 	// Note: we use LoadOrStore here to prevent accidentally overriding the
 	// an explicit deprecated ECDSA verifier.
 	// TODO: When deprecated ECDSA is removed, this can switch back to Store.
+	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, NewEcdsaVerifier)
 	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier)
+	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, newEcdsaSigner)
 	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256, newEcdsaSigner)
 }