From 2adcfe74e69d474d298a991d9643bed13da055d7 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Tue, 20 Jun 2023 17:15:10 +0200 Subject: [PATCH] fix: Update the ecdsa key type to the latest spec (1.0.32). (#508) Update the ecdsa key type to the latest spec (1.0.32). The old ecdsa key type is kept to be able to consume older metadata files. Signed-off-by: Fredrik Skogman --- data/types.go | 9 ++++++--- pkg/keys/ecdsa.go | 2 ++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/data/types.go b/data/types.go index 3e1806bd..eb00489b 100644 --- a/data/types.go +++ b/data/types.go @@ -24,9 +24,12 @@ type HashAlgorithm string const ( KeyIDLength = sha256.Size * 2 - KeyTypeEd25519 KeyType = "ed25519" - KeyTypeECDSA_SHA2_P256 KeyType = "ecdsa-sha2-nistp256" - KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa" + KeyTypeEd25519 KeyType = "ed25519" + // From version 1.0.32, the reference implementation defines 'ecdsa', + // not 'ecdsa-sha2-nistp256' for NIST P-256 curves. + KeyTypeECDSA_SHA2_P256 KeyType = "ecdsa" + KeyTypeECDSA_SHA2_P256_OLD_FMT KeyType = "ecdsa-sha2-nistp256" + KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa" KeySchemeEd25519 KeyScheme = "ed25519" KeySchemeECDSA_SHA2_P256 KeyScheme = "ecdsa-sha2-nistp256" diff --git a/pkg/keys/ecdsa.go b/pkg/keys/ecdsa.go index ee93e330..9740d1f3 100644 --- a/pkg/keys/ecdsa.go +++ b/pkg/keys/ecdsa.go @@ -20,7 +20,9 @@ func init() { // Note: we use LoadOrStore here to prevent accidentally overriding the // an explicit deprecated ECDSA verifier. // TODO: When deprecated ECDSA is removed, this can switch back to Store. + VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, NewEcdsaVerifier) VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier) + SignerMap.Store(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, newEcdsaSigner) SignerMap.Store(data.KeyTypeECDSA_SHA2_P256, newEcdsaSigner) }