Skip to content

Commit

Permalink
Merge branch 'master' into dependabot/go_modules/github.com/sigstore/…
Browse files Browse the repository at this point in the history
…sigstore-1.8.3
  • Loading branch information
rdimitrov authored Apr 2, 2024
2 parents e8694c3 + a5740b4 commit 627be37
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
1 change: 1 addition & 0 deletions metadata/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ const (
KeyTypeRSASSA_PSS_SHA256 = "rsa"
KeySchemeEd25519 = "ed25519"
KeySchemeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
KeySchemeECDSA_SHA2_P384 = "ecdsa-sha2-nistp384"
KeySchemeRSASSA_PSS_SHA256 = "rsassa-pss-sha256"
)

Expand Down
9 changes: 8 additions & 1 deletion metadata/metadata.go
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,14 @@ func (meta *Metadata[T]) VerifyDelegate(delegatedRole string, delegatedMetadata
// use corresponding hash function for key type
hash := crypto.Hash(0)
if key.Type != KeyTypeEd25519 {
hash = crypto.SHA256
switch key.Scheme {
case KeySchemeECDSA_SHA2_P256:
hash = crypto.SHA256
case KeySchemeECDSA_SHA2_P384:
hash = crypto.SHA384
default:
hash = crypto.SHA256
}
}
// load a verifier based on that key
verifier, err := signature.LoadVerifier(publicKey, hash)
Expand Down

0 comments on commit 627be37

Please sign in to comment.