Skip to content

Commit b725693

Browse files
lukpuehlukpueh
committed
Update formats to support ecdsa-sha2-nistp384
Note: This commit tries to blend in with the current sslib design. In future work we should: - define securesystemslib-wide constants instead of hardcoding strings over and over again (see item 3 in secure-systems-lab#183) - re-think "key type" vs. "signature scheme" This commit also removes the obsolete REQUIRED_LIBRARIES_SCHEMA, which only used to be used in the long-gone check_crypto_libraries tuf function.
1 parent 3c0f8e4 commit b725693

File tree

1 file changed

+4
-11
lines changed

1 file changed

+4
-11
lines changed

securesystemslib/formats.py

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -164,9 +164,8 @@
164164
# http://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm#table1
165165
RSAKEYBITS_SCHEMA = SCHEMA.Integer(lo=2048)
166166

167-
# The supported ECDSA signature schemes (ecdsa-sha2-nistp256 is supported by
168-
# default).
169-
ECDSA_SCHEME_SCHEMA = SCHEMA.OneOf([SCHEMA.String('ecdsa-sha2-nistp256')])
167+
# The supported ECDSA signature schemes
168+
ECDSA_SCHEME_SCHEMA = SCHEMA.RegularExpression(r'ecdsa-sha2-nistp(256|384)')
170169

171170
# A pyca-cryptography signature.
172171
PYCACRYPTOSIGNATURE_SCHEMA = SCHEMA.AnyBytes()
@@ -201,7 +200,7 @@
201200
# Supported securesystemslib key types.
202201
KEYTYPE_SCHEMA = SCHEMA.OneOf(
203202
[SCHEMA.String('rsa'), SCHEMA.String('ed25519'),
204-
SCHEMA.String('ecdsa-sha2-nistp256')])
203+
SCHEMA.RegularExpression(r'ecdsa-sha2-nistp(256|384)')])
205204

206205
# A generic securesystemslib key. All securesystemslib keys should be saved to
207206
# metadata files in this format.
@@ -254,7 +253,7 @@
254253
# An ECDSA securesystemslib key.
255254
ECDSAKEY_SCHEMA = SCHEMA.Object(
256255
object_name = 'ECDSAKEY_SCHEMA',
257-
keytype = SCHEMA.String('ecdsa-sha2-nistp256'),
256+
keytype = SCHEMA.RegularExpression(r'ecdsa-sha2-nistp(256|384)'),
258257
scheme = ECDSA_SCHEME_SCHEMA,
259258
keyid = KEYID_SCHEMA,
260259
keyid_hash_algorithms = SCHEMA.Optional(HASHALGORITHMS_SCHEMA),
@@ -272,12 +271,6 @@
272271
# An ECDSA signature.
273272
ECDSASIGNATURE_SCHEMA = SCHEMA.AnyBytes()
274273

275-
# Required installation libraries expected by the repository tools and other
276-
# cryptography modules.
277-
REQUIRED_LIBRARIES_SCHEMA = SCHEMA.ListOf(SCHEMA.OneOf(
278-
[SCHEMA.String('general'), SCHEMA.String('ed25519'), SCHEMA.String('rsa'),
279-
SCHEMA.String('ecdsa-sha2-nistp256')]))
280-
281274
# Ed25519 signature schemes. The vanilla Ed25519 signature scheme is currently
282275
# supported.
283276
ED25519_SIG_SCHEMA = SCHEMA.OneOf([SCHEMA.String('ed25519')])

0 commit comments

Comments
 (0)