Skip to content

ECDSA verification support#98

Merged
titanous merged 2 commits intomasterfrom
ecdsa
Aug 13, 2016
Merged

ECDSA verification support#98
titanous merged 2 commits intomasterfrom
ecdsa

Conversation

@titanous
Copy link
Copy Markdown
Contributor

@titanous titanous commented Aug 12, 2016

  • verify: Don't assume signature method, use key type

    It is unsafe to use the signature method field, as it could result in a key confusion attack. Use the key type instead.
    Also, don't assume that we're only working with Ed25519.

  • verify: Add support for ecdsa-sha2-p256 signatures

@titanous
verify: Don't assume signature method, use key type
9e8df3c 
It is unsafe to use the signature method field, as it could result
in a key confusion attack. Use the key type instead.

Also, don't assume that we're only working with Ed25519.

Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
@titanous
verify: Add support for ecdsa-sha2-p256 signatures
596db52 
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
@titanous titanous changed the title Ecdsa ECDSA verification support Aug 12, 2016
lmars
lmars reviewed Aug 12, 2016
View reviewed changes
verify/verify_test.go
func (ecdsaSigner) Type() string {
return data.KeyTypeECDSA_SHA2_P256
}

Copy link
Copy Markdown
Contributor

@lmars lmars Aug 12, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these definitions belong in the test file?

Copy link
Copy Markdown
Contributor Author

@titanous titanous Aug 12, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. This patch intentionally implements only verification in the exposed code. This is in preparation for supporting ECDSA signing keys via PKCS11 in external devices like the Yubikey and HSMs. If you can store keys locally, Ed25519 should be used. We're only adding support for ECDSA because the dedicated hardware devices do not support Ed25519.

Copy link
Copy Markdown
Contributor

@lmars lmars Aug 12, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha.

@lmars
Copy link
Copy Markdown
Contributor

lmars commented Aug 12, 2016

LGTM

@titanous titanous merged commit 0b3fbb9 into master Aug 13, 2016
@titanous titanous deleted the ecdsa branch August 13, 2016 00:11
@titanous titanous mentioned this pull request Aug 25, 2016
Closed
@cce cce mentioned this pull request Oct 19, 2020
Closed
lebauce pushed a commit to lebauce/go-tuf that referenced this pull request Jul 26, 2021
@cce @lebauce
verify: Add rsassa-pss-sha256 verifier, based on RSAVerifier removed in
b51f4d6 
theupdateframework#96 and ECDSA support added in theupdateframework#98
lebauce pushed a commit to lebauce/go-tuf that referenced this pull request Jul 26, 2021
@cce @lebauce
verify: Add RSA verifier tests based on ECDSA verifier tests from the…
9edd5be 
…updateframework#98
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@titanous @lmars