sign using SSHSIG; add test using ssh-keygen -Y sign

1 files changed, 13 insertions, 10 deletions

diff --git a/cmd/sigsum/cmd.go b/cmd/sigsum/cmd.go
index 01c1223..d882fb9 100644
--- a/cmd/sigsum/cmd.go
+++ b/cmd/sigsum/cmd.go
@@ -50,7 +50,7 @@ func cmdBundle(args []string, policy policy.Policy, optBundleType, optBundleKey,
 
 	var reqs []requests.Leaf
 	for _, path := range args {
-		checksum, err := fileHash(path)
+		preimage, err := fileHash(path)
 		if err != nil {
 			return fmt.Errorf("bundle: %v", err)
 		}
@@ -66,15 +66,18 @@ func cmdBundle(args []string, policy policy.Policy, optBundleType, optBundleKey,
 		}
 
 		req := requests.Leaf{
-			Statement: types.Statement{
-				ShardHint: policy.ShardHint(),
-				Checksum:  *checksum,
-			},
+			ShardHint:       policy.ShardHint(),
+			Preimage:        *preimage,
 			Signature:       *sig,
 			VerificationKey: *pub,
 			DomainHint:      optBundleDomainHint,
 		}
-		if !req.Statement.Verify(&req.VerificationKey, &req.Signature) {
+
+		stmt := types.Statement{
+			ShardHint: req.ShardHint,
+			Checksum:  *types.HashFn(req.Preimage[:]),
+		}
+		if !stmt.Verify(&req.VerificationKey, &req.Signature) {
 			return fmt.Errorf("bundle: invalid signature for file %q", path)
 		}
 		reqs = append(reqs, req)
@@ -99,16 +102,16 @@ func cmdFormat(args []string, policy policy.Policy) error {
 		return fmt.Errorf("format: need exactly one file")
 	}
 
-	checksum, err := fileHash(args[0])
+	preimage, err := fileHash(args[0])
 	if err != nil {
 		return fmt.Errorf("format: %v", err)
 	}
-	stm := types.Statement{
+	stmt := types.Statement{
 		ShardHint: policy.ShardHint(),
-		Checksum:  *checksum,
+		Checksum:  *types.HashFn(preimage[:]),
 	}
 
-	fmt.Printf("%s", stm.ToBinary())
+	fmt.Printf("%s", stmt.ToBinary())
 	return nil
 }