Add the Signer interface #319
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tests/test_signer.py
Outdated
| def test_sslib_sign(self): | ||
| # Test generation of RSA signatures. | ||
| sslib_signer = SSlibSigner(self.rsakey_dict) | ||
| rsa_sig_obj = sslib_signer.sign(self.DATA) |
There was a problem hiding this comment.
I like how simple it looks to use, judging by the code so far! 👏🏽
MVrachev
force-pushed
the
signer-interface
branch
3 times, most recently
from
384a053
to
0285e39
Compare
|
This interface is ready for a review @lukpueh! |
lukpueh
reviewed
Feb 10, 2021
MVrachev
force-pushed
the
signer-interface
branch
from
d18d92e
to
4fe7f9b
Compare
|
Updated the pr.
@lukpueh sorry for the obvious mistakes in the tests. I copied a lot from |
MVrachev
force-pushed
the
signer-interface
branch
from
4fe7f9b
to
3fd74d1
Compare
|
I rebased and squashed the commits where I address @lukpueh comments into the appropriate commits. |
lukpueh
requested changes
Feb 12, 2021
There was a problem hiding this comment.
I think we should use the same strategy to move away from legacy code style as we do in TUF (see ADR 5). So given that you are adding completely new modules I suggest you also follow the new style guideline, especially in regards to code documentation. What do you think?
I thought I should follow the style guidelines in the other parts in securesytemslib. It seems I am wrong. I will fix it on Monday. |
|
Your reasoning makes perfect sense, @MVrachev, especially if you read ADR 5 together with ADR 3. However, ADR 5 alone even prescribes the new style for "new files" and not only for "new files in a certain new directory". But regardless of ADR 5, I think it makes a lot of sense to use the new docstring format everywhere especially for classes / functions that should be public API (I even adopted it in an existing module recently, see #288). I am less passionate about most of the other style recommendations, but to make things easier I would just follow the "new style for new files" rule of thumb. |
MVrachev
force-pushed
the
signer-interface
branch
2 times, most recently
from
645ee74
to
2c403f8
Compare
|
I updated the pr with the new style guidelines. |
MVrachev
force-pushed
the
signer-interface
branch
3 times, most recently
from
da9148b
to
af0451d
Compare
|
I had to force push to resolve conflicts. |
lukpueh
requested changes
Feb 18, 2021
MVrachev
force-pushed
the
signer-interface
branch
from
af0451d
to
0978f5e
Compare
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
force-pushed
the
signer-interface
branch
from
62c9817
to
2bc36c9
Compare
|
Updated the pr:
I will need time to get used to the new code style guidelines. |
No worries, I need to look things up in the new guidelines too. ;) |
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Feb 24, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Feb 24, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Feb 25, 2021
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easly sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easly retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunatly, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Feb 25, 2021
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easily sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easily retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunately, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Merged
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Feb 26, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Feb 26, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Mar 5, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Mar 5, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Mar 5, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Mar 5, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/tuf
that referenced
this pull request
Mar 9, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
lukpueh
pushed a commit
to MVrachev/tuf
that referenced
this pull request
Mar 10, 2021
In the securesystemslib pr secure-systems-lab/securesystemslib#319 I added a new Signer interface with the purpose of supporting multiple signing implementations. Additionally, I added the SSlibSigner implementation of that interface which implements the signing operation for rsa, ed25519 and ecdsa schemes. With this commit, I integrate the SSlibSigner into the new API in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Apr 16, 2021
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easily sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easily retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunately, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Jan 18, 2022
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easily sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easily retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunately, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Feb 8, 2022
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easily sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easily retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunately, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Jun 27, 2022
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easily sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easily retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunately, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Jul 8, 2022
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easily sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easily retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunately, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev
added a commit
to MVrachev/securesystemslib
that referenced
this pull request
Jul 8, 2022
The GPGSigner is an implementation of the new "Signer" interface that was merged in secure-systems-lab#319 and could be found in securesystemslib.signer.py This is the next logical step given that securesystemslib supports GPG and we want this interface to have implementations for all signature types which are already supported by securesystemslib. While implementing the GPGSigner, I wanted to make sure that one can easily sign a portion of data, receive a Signature object and use the information stored in that object to verify the signature. To verifty a GPG signature, one have to use securesystemslib/gpg/functions.verifty_signature(). There, the signature_object argument should be in the securesystemslib.formats.GPG_SIGNATURE_SCHEMA format. I searched for a way to easily retrieve the additional fields in the GPG_SIGNATURE_SCHEMA -"other_headers" and "info" from the keyid stored in the "Signature" object returned by the "sign" operation. Unfortunately, right now there is no function that I can use for that purpose. The only option I was left with, was to create a new class: "GPGSignature" where we can store those additional fields returned from securesystemslib.gpg.functions.create_signature() which we call during the "sign" process. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: theupdateframework/python-tuf#1263
Description of the changes being introduced by the pull request:
Create a Signer interface with the purpose of supporting multiple signing implementations.
Read more on the issue above.
Please verify and check that the pull request fulfils the following requirements:
Signed-off-by: Martin Vrachev mvrachev@vmware.com