Signature types need to be parsed out of the key/signature information
that we are presented with from the files we download. We use that to
understand whicher signer we need to dispatch to.
The ECC signer is more-or-less lifted from pkg(8), with some changes to
slim it down for pkg(7).
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D48108
This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.
Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D48109
We already have to do this for reading the pubkey, just pull it out for
other uses. The ECC signer will use this to verify the bootstrap if
the PUBKEY mechanism is used.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D48107
This mirrors a change we made in pkg(8), and will be used to next add
another signer that does ECC.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D48106
We'll eventually add a pkgsign abstraction over these similar to how we do
in pkg(8), but start by isolating these parts.
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D48105
