From 0a11cb0cb7953facd6393e0f5189164f112ade1c Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 28 Mar 2022 15:45:33 +0200 Subject: sign using SSHSIG; add test using ssh-keygen -Y sign --- cmd/sigsum/cmd.go | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'cmd/sigsum/cmd.go') diff --git a/cmd/sigsum/cmd.go b/cmd/sigsum/cmd.go index 01c1223..d882fb9 100644 --- a/cmd/sigsum/cmd.go +++ b/cmd/sigsum/cmd.go @@ -50,7 +50,7 @@ func cmdBundle(args []string, policy policy.Policy, optBundleType, optBundleKey, var reqs []requests.Leaf for _, path := range args { - checksum, err := fileHash(path) + preimage, err := fileHash(path) if err != nil { return fmt.Errorf("bundle: %v", err) } @@ -66,15 +66,18 @@ func cmdBundle(args []string, policy policy.Policy, optBundleType, optBundleKey, } req := requests.Leaf{ - Statement: types.Statement{ - ShardHint: policy.ShardHint(), - Checksum: *checksum, - }, + ShardHint: policy.ShardHint(), + Preimage: *preimage, Signature: *sig, VerificationKey: *pub, DomainHint: optBundleDomainHint, } - if !req.Statement.Verify(&req.VerificationKey, &req.Signature) { + + stmt := types.Statement{ + ShardHint: req.ShardHint, + Checksum: *types.HashFn(req.Preimage[:]), + } + if !stmt.Verify(&req.VerificationKey, &req.Signature) { return fmt.Errorf("bundle: invalid signature for file %q", path) } reqs = append(reqs, req) @@ -99,16 +102,16 @@ func cmdFormat(args []string, policy policy.Policy) error { return fmt.Errorf("format: need exactly one file") } - checksum, err := fileHash(args[0]) + preimage, err := fileHash(args[0]) if err != nil { return fmt.Errorf("format: %v", err) } - stm := types.Statement{ + stmt := types.Statement{ ShardHint: policy.ShardHint(), - Checksum: *checksum, + Checksum: *types.HashFn(preimage[:]), } - fmt.Printf("%s", stm.ToBinary()) + fmt.Printf("%s", stmt.ToBinary()) return nil } -- cgit v1.2.3