57 lines
1.3 KiB
Go
57 lines
1.3 KiB
Go
package signerverifier
|
|
|
|
import (
|
|
"context"
|
|
"crypto"
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"fmt"
|
|
|
|
"github.com/docker/attest/internal/util"
|
|
"github.com/secure-systems-lab/go-securesystemslib/dsse"
|
|
)
|
|
|
|
type ECDSA256_SignerVerifier struct {
|
|
crypto.Signer
|
|
}
|
|
|
|
// implement keyid function
|
|
func (s *ECDSA256_SignerVerifier) KeyID() (string, error) {
|
|
keyid, err := KeyID(s.Signer.Public())
|
|
if err != nil {
|
|
return "", fmt.Errorf("error getting keyid: %w", err)
|
|
}
|
|
return keyid, nil
|
|
}
|
|
|
|
func (s *ECDSA256_SignerVerifier) Public() crypto.PublicKey {
|
|
return s.Signer.Public()
|
|
}
|
|
|
|
func (s *ECDSA256_SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
|
|
return s.Signer.Sign(rand.Reader, data, crypto.SHA256)
|
|
}
|
|
|
|
func (s *ECDSA256_SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error {
|
|
pub, ok := s.Signer.Public().(*ecdsa.PublicKey)
|
|
if !ok {
|
|
return fmt.Errorf("public key is not ecdsa")
|
|
}
|
|
ok = ecdsa.VerifyASN1(pub, util.S256(data), sig)
|
|
if !ok {
|
|
return fmt.Errorf("payload signature is not valid")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func GenKeyPair() (dsse.SignerVerifier, error) {
|
|
signer, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &ECDSA256_SignerVerifier{
|
|
Signer: signer,
|
|
}, nil
|
|
}
|