LoadPublicKey() and VerifySignature() were too generic.
Let's rename them to be more precise in what they are achieving.

In this commit we add a LoadEd25519PublicKey func for loading
ed25519 keys in PrivateJSON format from a ed25519 public key file

The format of a public key is different
to the private key JSON format for ed25519 in-toto pubkeys.
Therefore we need another function for parsing ed25519 pub keys.

This commit adds more test material such like symmetric encrypted private keys.

This commit also changes the example keys in the documentation.
We use the keypair of "carol" (see test/data/carol{.pub}) now.

We use PKCS1 for parsing/loading RSA private keys.
This means we do not support ECDSA yet.

This adds support for signing byte data with rsassa-pss.
TODO: We need to verify if rsa.SignPSS(rand=nil,...) is secure!

We use the model.Sign() func for signing keys.
This commit also removes unrelated code in TestMetablockSignWithEd25519
because we **indeed** support RSA now.

This adds support for signing links in InTotoRun via a
specific key

In the past in-toto-keygen generated pubkeys did not have a public key ID in their JSON structure. This is going to change in the securesystemslib: secure-systems-lab/securesystemslib#250

This commit adds the key ID to all our public key tests + and the carol.pub key.

Table tests are easier to maintain, also we are testing
invalid paths and invalid keys now.

We need to cover signing with invalid keys and validating
private keys

In the past we always signed an empty Link{} artifact.
Now we are really signing something + testing for a valid signature
after signing real data.

In this commit we remove the keyId from the ed25519 pubkeys again,
because we decided to not support keyIds in key material.
Instead we are generating a keyId if the keyId is empty.

This commit integrates our new GenerateKeyId func into the LoadRSA* functions. More importantly it fixes a major security issue(!).
Before this commit we have calculated the the keyID of the private key with the private key **included**. The private key should never be used for calculating the keyID.

We need to infer the RSA Public Key from the RSA Private Key,
otherwise we can't a calculate a unique keyID for a RSA Private Key.

We need to make sure to trim spaces and newlines around the PEM blocks

mention that we follow the securesystemslib regarding key generation
for keeping interoperability.

With a generic LoadKey function we have several advantages.
First we can reduce our code surface, because we just need to
take care about one function for loading keys. Second the LoadKey
function will automatically infer the right pem and key type.
This makes the function very easy to use.

Make sure to use the new generic LoadKey function for all our test cases

Make sure to always add a return value description +
make the PEM parser section more readable.

We could move this block into an own function in the future
and maybe make a dispatch table out of it.

We are introducing two new error types "ErrFailedPEMParsing", "errNoPEMBlock"
and "ErrUnsupportedKeyType". We also use error wrapping as stated in:
https://blog.golang.org/go1.13-errors

Furthermore the parsing has its own function now.

The generic GeneratureSignature function will automatically
detect the right key, return an error if we have an invalid
key and sign the signable data. Also it utilizes our new error types.

TODO: implementing ed25519 signature. I am not sure yet, if we can store ed25519 PEM blocks in our in-memory key data. If yes, the part will be a little bit different to the current GenerateEd25519Signature function

Use the new LoadKey function for loading keys, this is not yet implemented for ed25519 keys, because our test keys are still in custom JSON format. This will be changed

We now have a generic VerifySignature that automatically retrieves
the key type based on the passed key. With this function we are now able to drop all tests that did RSA or ed25519 specific key operations

This fixes a few ed25519 tests by adding valid ed25519 keys
encoded as PEM (ASN.1 DER) Blocks.

Our generic ParseKey function returns an interface on ed25519.PrivateKey *not* on *ed25519.PrivateKey, therefore we have to use the right one. I've also modified the test data, because we have generated a new ed25519 key. Therefore our ID and signature didn't match anymore

We have changed our on-disk key format. So the bob test data is no longer necessary

For interoperability with the securesystemslib and the in-toto python
implementation we are defining an exception for the ed25519 key
and loading it hex encoded as string directly into memory.
For this we need to read the ed25519 key from the PEM on-disk format
and operate directly on the ed25519 key object

We need to mention, that we drop the rest of the pam.Decode()
call, because it does not represent a valid PEM block.
Additionally we do not care about other data, than the actual key

The TestMetaBlockSignWithEd25519 used our custom JSON format
and different loading functions, that do not exist anymore.
Therefore we can remove it.

We dropped support for the non generic key parsing functions.

This commit adds new PKCS8 and EC private/public key pairs for testing. Furthermore it adds a new README.md file in test/data
that lists all of our test artifacts + a description for them

Our new generic functions needed testing. This adds testing
for all generic functions, especially ed25519 and ecdsa unsupported key checking.

TODO: In the future we want to support ecdsa keys

This adds more test coverage for the Generate/Verify functions

Fix spelling for ErrNoPEMBlock

We just remove the slashes and make this test windows compatible.
Full paths should be covered. For the future we should use
path() for paths, for being consistent through different OS.

This adds a small test section for dumping and loading signed links.
It will dump a link to a file and load it. Looks like we have an
issue with our dump function, because the dumped file wrong.

This commit adds a new Byproducts struct as representation
for our byproducts. This is necessary, because Go
unmarshalls number interfaces values to float.

This reverts commit e43522d.

Before this commit we used []byte64 and int in our in-memory
link representation. This lead to numerous issues:

1. Using []byte64 for stderr/stdout meant, that we dump them as base64
in our JSON file. This was inconsistent to our in-toto python
implementation, that stores output as strings in JSON files.

2. Go unmarshalls a number as float64, therefore we can't easily
store the return-value as integer, although an integer would be a better
choice. Storing it as a integer, would cost rewrites of the complete
model and model testing.

This commit adds more documentation to our test functions and keylib functions

This commit adds support for the ecdsa key scheme.
We should support all FIPS 186-3 curves out of the box.
However, we must note, that if we ever upgrade our hashing
algorithm from SHA256, the code will get more complex, because
the hash size must satisfy the curve size, otherwise the
hash may get truncated. The latter could result in a security vulnerability (forming a hash, which truncated part is equal to the truncated part of the to verified bytes). Furthermore,
we do no curve detection here and just save the signature parts r and s into a byte slice without a fixed length. Also it's still unclear if r and s are always the same of the size

We can directly cast key.KeyVal.(Public|Private) to a byte slice.
No need, for the string reader.

This adds a missing case for ecdsa public key.
The RSA and ecdsa key cases can be merged, maybe.

Before this commit we used two times r instead of r and s.
Of course ecdsa validation failed, because of this.

This commit rewrites the keylib tests completely from scratch.
I have replaced all tests against table based testing methods
The LOC shrinked from over 500 to under 100.

We now use ASN1.DER for encoding the ecdsa signature parameters
r and s. This fixes our problems with different r and s lengths.
Furthermore it is the same way to deal with the signature
as in our securesystemslib and it is therefore the interoperable
way to handle an ecdsa signature. With Go 1.15 we might can switch
to new ecdsa ASN1Sign methods, if necessary.

this commit adds various new test cases for increasing the test
coverage. Sadly, we still need to use the legacy error string
comparing for a few. Maybe we can wrap them in an our own errors in the future?

Adds the "ecdsa" case to our Metablock.Sign function.
Also adds a test case for an invalid ed25519 key.

Our old key validation functions were not valid anymore. For example, we do compute the public key from a private key now. So every key object should have a public key. Furthermore this commit introduces our own error types for better error handling.

This commit adds more tests for key object validation,
also we *really* use the key object validation functions now, during
generating a keyID

frank.ec was only necessary for generating the ECDSA PEM keys.
Therefore we can delete it.

The switch block logic moved inside of the GenerateSignature function, thus we can drop this extra switch block inside of Metablock.Sign. This fixes also the long-time FIXME in it :)

The carol-invalid key is not necessary anymore, thus we can remove it.

Here we fix a small spelling issue and add more documentation
for a few functions, that were missing documentation

The keyID may be empty, so we check for an unitialized Key object instead. For this we prefer using reflect.ValueOf(key).IsZero()
over reflect.DeepEqual(), because DeepEqual is more resource intensive.

We can drop the legacy error string comparing via using
Go 1.13 errors.Is() function for comparing the unwrapped errors.

In this commit we fix various spelling errors,
deliver more detailed documentation and change the default error
message of ErrInvalidKeyType.

This commit introduces three new constants called:
rsaKeytype, ecdsaKeytype and ed25519KeyType. With these constants
we are able to easily change the keytype if necessary, without finding/replacing strings.

This bigger commit introduces new errors for key and scheme type
checking. We also have another helper function in utils.go for
checking for subsets in a superset of string slices.
Furthermore it adds various tests for the new functions

The decodeAndParse function decodes the given pemBytes and parses a key.

This commit adds a call to validateKey to the GenerateSignature
and ValidateSignature functions. This way we can ensure, that we are always dealing with a good key. This commit also provides modified tests and more test cases

This commit untangles validateKey and validateKeyVal.
We do not parse keys twice in GenerateSignature/ValidateSignature now. Instead we call validateKey for validating the key container and then using type assertions for checking for the right key type.

We now use constants for the supported Key schemes.

We can call a panic if we run into code, where we never should get.

This commit adds a key.Scheme switch in the GeneratureSignature and
VerifySignature functions. This only applies to ecdsa and rsa,
because ed25519 is SHA512 only, due to following the edDSA spec.

We should hide most of the functions in keylib.go. Devs using our
API should only use our exported functions LoadKey, GenerateSignature
and VerifySignature.

We set the correct ecdsa schemes as constants. Right now we don't
really differ between curves, because Go's crypto/(ecdsa|x509)
are fully transparent with curves. If we want to differ between
curves we might need to add addition logic, right now it's up
to the developer, to choose the right scheme for the right curve.

We have a few default cases, that were never reached due to
validateKey() at the beginning of the function.
Let's call a panic, if we run into such a situation.

This commit addresses various spelling issues, substantial mistakes
or adds more documentation.

This adds a short comment/todo to our subsetCheck function.
In the future we might want to use Sets for our constant getters.

This commits removes the misleading support for ecdsa-sha2-nistp384.

with this commit implements the validatePublicKey function, for
checking if we deal with a public key. If the private key value field
is not empty, it will fail with the error ErrNoPublicKey.
We also call this method in validateLayout from now on.

In this commit, we make Key.KeyIdHashAlgorithms optional.
We only check the field now, if the field has been initialized.
Furthermore this commit fixes a few tests and removes tests, that are
not needed anymore.

in-toto-golang behaves a little bit different to the securesystemslib.
We should mention, that we use ecdsa/ecdsa-sha2-nistp256 pairs
instead of ecdsa-sha2-nistp256 for key type and key scheme.

This adds the missing 'd' to the deadbeef test. We now check for a missing
keyfield there.

in-toto-golang now supports all signing methods from the reference
implementation and has a fully-fledged runlib, to generate signed
link metadata.

Big kudos to @shibumi!

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>