gpg: Remove a circular dependency

There is a circular dependency in
  gpg.constants -> gpg.rsa -> gpg.util -> gpg.constants

This is not a problem on python3 or python2 when the imports are done
with "import securesystemslib.<mod>" style. However with the
"from securesystemslib import <mod>" style python2 decides this is a
ImportError.

Remove the circular dependency by moving the module variables from
constants to another file.

Author: Jussi Kukkonen

securesystemslib/gpg/common.py

@@ -22,21 +22,21 @@
 import logging
 import collections
 
+from securesystemslib import formats
 from securesystemslib.gpg import util as gpg_util
 from securesystemslib.gpg.exceptions import (PacketVersionNotSupportedError,
     SignatureAlgorithmNotSupportedError, KeyNotFoundError, PacketParsingError)
-
 from securesystemslib.gpg.constants import (
     PACKET_TYPE_PRIMARY_KEY, PACKET_TYPE_USER_ID, PACKET_TYPE_USER_ATTR,
     PACKET_TYPE_SUB_KEY, PACKET_TYPE_SIGNATURE,
     SUPPORTED_PUBKEY_PACKET_VERSIONS, SIGNATURE_TYPE_BINARY,
     SIGNATURE_TYPE_CERTIFICATES, SIGNATURE_TYPE_SUB_KEY_BINDING,
-    SUPPORTED_SIGNATURE_PACKET_VERSIONS, SUPPORTED_SIGNATURE_ALGORITHMS,
-    SIGNATURE_HANDLERS, FULL_KEYID_SUBPACKET, PARTIAL_KEYID_SUBPACKET,
+    SUPPORTED_SIGNATURE_PACKET_VERSIONS,
+    FULL_KEYID_SUBPACKET, PARTIAL_KEYID_SUBPACKET,
     SHA1,SHA256, SHA512, KEY_EXPIRATION_SUBPACKET, PRIMARY_USERID_SUBPACKET,
     SIG_CREATION_SUBPACKET)
-
-from securesystemslib import formats
+from securesystemslib.gpg.handlers import (
+    SIGNATURE_HANDLERS, SUPPORTED_SIGNATURE_ALGORITHMS)
 
 log = logging.getLogger(__name__)
 

securesystemslib/gpg/constants.py

@@ -19,9 +19,6 @@
 import os
 
 from securesystemslib import process
-from securesystemslib.gpg import rsa
-from securesystemslib.gpg import dsa
-from securesystemslib.gpg import eddsa
 
 log = logging.getLogger(__name__)
 
@@ -81,31 +78,6 @@ def is_available_gnupg(gnupg):
 SUPPORTED_SIGNATURE_PACKET_VERSIONS = {0x04}
 SUPPORTED_PUBKEY_PACKET_VERSIONS = {0x04}
 
-# See section 9.1. (public-key algorithms) of RFC4880 (-bis8)
-SUPPORTED_SIGNATURE_ALGORITHMS = {
-    0x01: {
-      "type":"rsa",
-      "method": "pgp+rsa-pkcsv1.5",
-      "handler": rsa
-    },
-    0x11: {
-      "type": "dsa",
-      "method": "pgp+dsa-fips-180-2",
-      "handler": dsa
-    },
-    0x16: {
-      "type": "eddsa",
-      "method": "pgp+eddsa-ed25519",
-      "handler": eddsa
-    }
-}
-
-SIGNATURE_HANDLERS = {
-    "rsa": rsa,
-    "dsa": dsa,
-    "eddsa": eddsa
-}
-
 # The constants for hash algorithms are taken from section 9.4 of RFC4880.
 SHA1 = 0x02
 SHA256 = 0x08

securesystemslib/gpg/functions.py

@@ -30,7 +30,8 @@
     GPG_SIGN_COMMAND,
     HAVE_GPG,
     NO_GPG_MSG,
-    SHA256,
+    SHA256)
+from securesystemslib.gpg.handlers import (
     SIGNATURE_HANDLERS)
 
 from securesystemslib import process

securesystemslib/gpg/handlers.py

@@ -0,0 +1,46 @@
+"""
+<Module Name>
+  handlers.py
+
+<Author>
+  Santiago Torres-Arias <[email protected]>
+
+<Started>
+  Jan 15, 2020
+
+<Copyright>
+  See LICENSE for licensing information.
+
+<Purpose>
+  Provides links from signatures/algorithms to modules implementing
+  the signature verification and key parsing.
+"""
+
+from securesystemslib.gpg import rsa
+from securesystemslib.gpg import dsa
+from securesystemslib.gpg import eddsa
+
+# See section 9.1. (public-key algorithms) of RFC4880 (-bis8)
+SUPPORTED_SIGNATURE_ALGORITHMS = {
+    0x01: {
+      "type":"rsa",
+      "method": "pgp+rsa-pkcsv1.5",
+      "handler": rsa
+    },
+    0x11: {
+      "type": "dsa",
+      "method": "pgp+dsa-fips-180-2",
+      "handler": dsa
+    },
+    0x16: {
+      "type": "eddsa",
+      "method": "pgp+eddsa-ed25519",
+      "handler": eddsa
+    }
+}
+
+SIGNATURE_HANDLERS = {
+    "rsa": rsa,
+    "dsa": dsa,
+    "eddsa": eddsa
+}