notary/internal/note: replace NewVerifierFromEd25519Key with NewEd25519VerifierKey
This allows the caller to reuse the verifier key with external tools,
like notecheck.
Change-Id: Id8f166a2221a82aa2a65c4a03eb74da1debcb0d1
Reviewed-on: https://go-review.googlesource.com/c/exp/+/173337
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
diff --git a/notary/internal/note/note.go b/notary/internal/note/note.go
index ddb43f7..4b25773 100644
--- a/notary/internal/note/note.go
+++ b/notary/internal/note/note.go
@@ -382,24 +382,18 @@
return skey, vkey, nil
}
-// NewVerifierFromEd25519PublicKey constructs a new verifier from a server name
-// and a golang.org/x/crypto/ed25519 public key.
-func NewVerifierFromEd25519PublicKey(name string, pub ed25519.PublicKey) (Verifier, error) {
- if len(pub) != ed25519.PublicKeySize {
- return nil, fmt.Errorf("invalid public key size %d, expected %d", len(pub), ed25519.PublicKeySize)
+// NewEd25519VerifierKey returns an encoded verifier key using the given name
+// and Ed25519 public key.
+func NewEd25519VerifierKey(name string, key ed25519.PublicKey) (string, error) {
+ if len(key) != ed25519.PublicKeySize {
+ return "", fmt.Errorf("invalid public key size %d, expected %d", len(key), ed25519.PublicKeySize)
}
- pubkey := append([]byte{algEd25519}, pub...)
+ pubkey := append([]byte{algEd25519}, key...)
hash := keyHash(name, pubkey)
- v := &verifier{
- name: name,
- hash: uint32(hash),
- verify: func(msg, sig []byte) bool {
- return ed25519.Verify(pub, msg, sig)
- },
- }
- return v, nil
+ b64Key := base64.StdEncoding.EncodeToString(pubkey)
+ return fmt.Sprintf("%s+%08x+%s", name, hash, b64Key), nil
}
// A Verifiers is a collection of known verifier keys.
diff --git a/notary/internal/note/note_test.go b/notary/internal/note/note_test.go
index 66ecfc5..96c8c91 100644
--- a/notary/internal/note/note_test.go
+++ b/notary/internal/note/note_test.go
@@ -7,7 +7,6 @@
import (
"crypto/rand"
"errors"
- "fmt"
"strings"
"testing"
"testing/iotest"
@@ -147,21 +146,21 @@
if err != nil {
t.Fatalf("newSignerFromEd25519Seed: %v", err)
}
- verifier, err := NewVerifierFromEd25519PublicKey(Name, pub)
+ vkey, err := NewEd25519VerifierKey(Name, pub)
if err != nil {
- t.Fatalf("NewVerifierFromEd25519PublicKey: %v", err)
+ t.Fatalf("NewEd25519VerifierKey: %v", err)
+ }
+ verifier, err := NewVerifier(vkey)
+ if err != nil {
+ t.Fatalf("NewVerifier: %v", err)
}
testSignerAndVerifier(t, Name, signer, verifier)
// Check that wrong key sizes return errors.
- _, err = newSignerFromEd25519Seed(Name, priv)
+ _, err = NewEd25519VerifierKey(Name, pub[:len(pub)-1])
if err == nil {
- t.Errorf("newSignerFromEd25519Seed succeeded with a seed of the wrong size")
- }
- _, err = NewVerifierFromEd25519PublicKey(Name, pub[:len(pub)-1])
- if err == nil {
- t.Errorf("NewVerifierFromEd25519PublicKey succeeded with a seed of the wrong size")
+ t.Errorf("NewEd25519VerifierKey succeeded with a seed of the wrong size")
}
}
@@ -298,10 +297,6 @@
return nil, errSurprise
}
-func fmtSig(s Signature) string {
- return fmt.Sprintf("{%q %#08x %s}", s.Name, s.Hash, s.Base64)
-}
-
func TestOpen(t *testing.T) {
peterKey := "PeterNeumann+c74f20a3+ARpc2QcUPDhMQegwxbzhKqiBfsVkmqq/LDE4izWy10TW"
peterVerifier, err := NewVerifier(peterKey)