Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds keyid_hash_algorithms to returned key objects #37

Merged
merged 2 commits into from
Jun 14, 2017
Merged

Adds keyid_hash_algorithms to returned key objects #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3a688c7
Add optional keyid_hash_algo to PUBLIC_KEY_SCHEMA
lukpueh Jan 27, 2017
ceefa7c
Adds keyid_hash_algorithms to returned key objects
lukpueh Jan 27, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion securesystemslib/formats.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -237,10 +237,11 @@
keyval = KEYVAL_SCHEMA,
expires = SCHEMA.Optional(ISO8601_DATETIME_SCHEMA))

# Like KEY_SCHEMA, but requires keyval's private portion to be not set or empty
# Like ANYKEY_SCHEMA, but requires keyval's private portion to be not set or empty
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NOTE: I don't see any major issues with this pull request, but I will make minor edits to your pull request for any minor issues. I will share my in-line comments on this pull request for documentation purposes.

This SCHEMA is more like KEY_SCHEMA, since ANYKEY_SCHEMA contains an attribute (keyid) that ANYKEY_SCHEMA doesn't. PUBLIC_KEY_SCHEMA matches KEY_SCHEMA, and will now differ with the keyid_hash_algorithms and keyval attributes.

PUBLIC_KEY_SCHEMA = SCHEMA.Object(
object_name = 'KEY_SCHEMA',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrong object_name. Should be PUBLIC_KEY_SCHEMA.

keytype = SCHEMA.AnyString(),
keyid_hash_algorithms = SCHEMA.Optional(HASHALGORITHMS_SCHEMA),
keyval = PUBLIC_KEYVAL_SCHEMA,
expires = SCHEMA.Optional(ISO8601_DATETIME_SCHEMA))

Expand Down
12 changes: 11 additions & 1 deletion securesystemslib/interface.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
import random

import securesystemslib.formats
import securesystemslib.formats
import securesystemslib.settings
import securesystemslib.util
import securesystemslib.keys

Expand Down Expand Up @@ -525,6 +525,11 @@ def import_ed25519_privatekey_from_file(filepath, password=None):
message = 'Invalid key type loaded: ' + repr(key_object['keytype'])
raise securesystemslib.exceptions.FormatError(message)

# Add "keyid_hash_algorithms" so equal ed25519 keys with
# different keyids can be associated using supported keyid_hash_algorithms
key_object['keyid_hash_algorithms'] = \
securesystemslib.settings.HASH_ALGORITHMS

return key_object


Expand Down Expand Up @@ -745,6 +750,11 @@ def import_ecdsa_privatekey_from_file(filepath, password=None):
message = 'Invalid key type loaded: ' + repr(key_object['keytype'])
raise securesystemslib.exceptions.FormatError(message)

# Add "keyid_hash_algorithms" equal ecdsa keys with
# different keyids can be associated using supported keyid_hash_algorithms
key_object['keyid_hash_algorithms'] = \
securesystemslib.settings.HASH_ALGORITHMS

return key_object


Expand Down
25 changes: 25 additions & 0 deletions securesystemslib/keys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,11 @@ def generate_ecdsa_key(algorithm='ecdsa-sha2-nistp256'):
ecdsa_key['keyid'] = keyid
ecdsa_key['keyval'] = key_value

# Add "keyid_hash_algorithms" so equal ecdsa keys with
# different keyids can be associated using supported keyid_hash_algorithms
ecdsa_key['keyid_hash_algorithms'] = \
securesystemslib.settings.HASH_ALGORITHMS

return ecdsa_key


Expand Down Expand Up @@ -1245,6 +1250,11 @@ def import_rsakey_from_public_pem(pem):
rsakey_dict['keyid'] = keyid
rsakey_dict['keyval'] = key_value

# Add "keyid_hash_algorithms" so equal rsa keys with
# different keyids can be associated using supported keyid_hash_algorithms
rsakey_dict['keyid_hash_algorithms'] = \
securesystemslib.settings.HASH_ALGORITHMS

return rsakey_dict


Expand Down Expand Up @@ -1316,6 +1326,11 @@ def import_rsakey_from_pem(pem):
rsakey_dict['keyid'] = keyid
rsakey_dict['keyval'] = key_value

# Add "keyid_hash_algorithms" so equal ecdsa keys with
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be "so that equal RSA keys ..."

# different keyids can be associated using supported keyid_hash_algorithms
rsakey_dict['keyid_hash_algorithms'] = \
securesystemslib.settings.HASH_ALGORITHMS

return rsakey_dict


Expand Down Expand Up @@ -1894,6 +1909,11 @@ def import_ecdsakey_from_private_pem(pem, password=None):
ecdsakey_dict['keyid'] = keyid
ecdsakey_dict['keyval'] = key_value

# Add "keyid_hash_algorithms" so equal ecdsa keys with
# different keyids can be associated using supported keyid_hash_algorithms
ecdsakey_dict['keyid_hash_algorithms'] = \
securesystemslib.settings.HASH_ALGORITHMS

return ecdsakey_dict


Expand Down Expand Up @@ -1972,6 +1992,11 @@ def import_ecdsakey_from_public_pem(pem):
ecdsakey_dict['keyid'] = keyid
ecdsakey_dict['keyval'] = key_value

# Add "keyid_hash_algorithms" so equal ecdsa keys with
# different keyids can be associated using supported keyid_hash_algorithms
ecdsakey_dict['keyid_hash_algorithms'] = \
securesystemslib.settings.HASH_ALGORITHMS

return ecdsakey_dict


Expand Down