secure-systems-lab
diff --git a/‎securesystemslib/ecdsa_keys.py
Lines changed: 0 additions & 95 deletions b/‎securesystemslib/ecdsa_keys.py
Lines changed: 0 additions & 95 deletions
diff --git a/‎securesystemslib/ed25519_keys.py
Lines changed: 0 additions & 104 deletions b/‎securesystemslib/ed25519_keys.py
Lines changed: 0 additions & 104 deletions
diff --git a/‎securesystemslib/keys.py
Lines changed: 0 additions & 136 deletions b/‎securesystemslib/keys.py
Lines changed: 0 additions & 136 deletions
@@ -165,101 +165,6 @@ def generate_public_and_private(scheme="ecdsa-sha2-nistp256"):
     return public_pem.decode("utf-8"), private_pem.decode("utf-8")
 
 
-def create_signature(
-    public_key, private_key, data, scheme="ecdsa-sha2-nistp256"
-):
-    """
-    <Purpose>
-      Return a (signature, scheme) tuple.
-
-      >>> requested_scheme = 'ecdsa-sha2-nistp256'
-      >>> public, private = generate_public_and_private(requested_scheme)
-      >>> data = b'The quick brown fox jumps over the lazy dog'
-      >>> signature, scheme = create_signature(public, private, data, requested_scheme)
-      >>> securesystemslib.formats.ECDSASIGNATURE_SCHEMA.matches(signature)
-      True
-      >>> requested_scheme == scheme
-      True
-
-    <Arguments>
-      public:
-        The ECDSA public key in PEM format.
-
-      private:
-        The ECDSA private key in PEM format.
-
-      data:
-        Byte data used by create_signature() to generate the signature returned.
-
-      scheme:
-        The signature scheme used to generate the signature.  For example:
-        'ecdsa-sha2-nistp256'.
-
-    <Exceptions>
-      securesystemslib.exceptions.FormatError, if the arguments are improperly
-      formatted.
-
-      securesystemslib.exceptions.CryptoError, if a signature cannot be created.
-
-      securesystemslib.exceptions.UnsupportedAlgorithmError, if 'scheme' is not
-      one of the supported signature schemes.
-
-      securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography
-      module is not available.
-
-    <Side Effects>
-      None.
-
-    <Returns>
-      A signature dictionary conformat to
-      'securesystemslib.format.SIGNATURE_SCHEMA'.  ECDSA signatures are XX bytes,
-      however, the hexlified signature is stored in the dictionary returned.
-    """
-
-    if not CRYPTO:  # pragma: no cover
-        raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
-
-    # Do 'public_key' and 'private_key' have the correct format?
-    # This check will ensure that the arguments conform to
-    # 'securesystemslib.formats.PEMECDSA_SCHEMA'.  Raise
-    # 'securesystemslib.exceptions.FormatError' if the check fails.
-    formats.PEMECDSA_SCHEMA.check_match(public_key)
-
-    # Is 'private_key' properly formatted?
-    formats.PEMECDSA_SCHEMA.check_match(private_key)
-
-    # Is 'scheme' properly formatted?
-    formats.ECDSA_SCHEME_SCHEMA.check_match(scheme)
-
-    # 'ecdsa-sha2-nistp256' is the only currently supported ECDSA scheme, so this
-    # if-clause isn't strictly needed.  Nevertheless, the conditional statement
-    # is included to accommodate multiple schemes that can potentially be added
-    # in the future.
-    if scheme == "ecdsa-sha2-nistp256":
-        try:
-            private_key = load_pem_private_key(
-                private_key.encode("utf-8"),
-                password=None,
-                backend=default_backend(),
-            )
-
-            signature = private_key.sign(data, ec.ECDSA(hashes.SHA256()))
-
-        except TypeError as e:
-            raise exceptions.CryptoError(
-                "Could not create" " signature: " + str(e)
-            )
-
-    # A defensive check for an invalid 'scheme'.  The
-    # ECDSA_SCHEME_SCHEMA.check_match() above should have already validated it.
-    else:  # pragma: no cover
-        raise exceptions.UnsupportedAlgorithmError(
-            "Unsupported" " signature scheme is specified: " + repr(scheme)
-        )
-
-    return signature, scheme
-
-
 def verify_signature(public_key, scheme, signature, data):
     """
     <Purpose>
 
@@ -144,110 +144,6 @@ def generate_public_and_private():
     return public, seed
 
 
-def create_signature(public_key, private_key, data, scheme):
-    """
-  <Purpose>
-    Return a (signature, scheme) tuple, where the signature scheme is 'ed25519'
-    and is always generated by PyNaCl (i.e., 'nacl').  The signature returned
-    conforms to 'securesystemslib.formats.ED25519SIGNATURE_SCHEMA', and has the
-    form:
-
-    '\xae\xd7\x9f\xaf\x95{bP\x9e\xa8YO Z\x86\x9d...'
-
-    A signature is a 64-byte string.
-
-    >>> public, private = generate_public_and_private()
-    >>> data = b'The quick brown fox jumps over the lazy dog'
-    >>> scheme = 'ed25519'
-    >>> signature, scheme = \
-        create_signature(public, private, data, scheme)
-    >>> securesystemslib.formats.ED25519SIGNATURE_SCHEMA.matches(signature)
-    True
-    >>> scheme == 'ed25519'
-    True
-    >>> signature, scheme = \
-        create_signature(public, private, data, scheme)
-    >>> securesystemslib.formats.ED25519SIGNATURE_SCHEMA.matches(signature)
-    True
-    >>> scheme == 'ed25519'
-    True
-
-  <Arguments>
-    public:
-      The ed25519 public key, which is a 32-byte string.
-
-    private:
-      The ed25519 private key, which is a 32-byte string.
-
-    data:
-      Data object used by create_signature() to generate the signature.
-
-    scheme:
-      The signature scheme used to generate the signature.
-
-  <Exceptions>
-    securesystemslib.exceptions.FormatError, if the arguments are improperly
-    formatted.
-
-    securesystemslib.exceptions.CryptoError, if a signature cannot be created.
-
-    securesystemslib.exceptions.UnsupportedLibraryError, if the PyNaCl ('nacl')
-    module is unavailable.
-
-  <Side Effects>
-    nacl.signing.SigningKey.sign() called to generate the actual signature.
-
-  <Returns>
-    A signature dictionary conformat to
-    'securesystemslib.format.SIGNATURE_SCHEMA'.  ed25519 signatures are 64
-    bytes, however, the hexlified signature is stored in the dictionary
-    returned.
-  """
-
-    if not NACL:  # pragma: no cover
-        raise exceptions.UnsupportedLibraryError(NO_NACL_MSG)
-
-    # Does 'public_key' have the correct format?
-    # This check will ensure 'public_key' conforms to
-    # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32
-    # bytes.  Raise 'securesystemslib.exceptions.FormatError' if the check fails.
-    formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
-
-    # Is 'private_key' properly formatted?
-    formats.ED25519SEED_SCHEMA.check_match(private_key)
-
-    # Is 'scheme' properly formatted?
-    formats.ED25519_SIG_SCHEMA.check_match(scheme)
-
-    # Signing the 'data' object requires a seed and public key.
-    # nacl.signing.SigningKey.sign() generates the signature.
-    signature = None
-
-    # An if-clause is not strictly needed here, since 'ed25519' is the only
-    # currently supported scheme.  Nevertheless, include the conditional
-    # statement to accommodate schemes that might be added in the future.
-    if scheme == "ed25519":
-        try:
-            nacl_key = SigningKey(private_key)
-            nacl_sig = nacl_key.sign(data)
-            signature = nacl_sig.signature
-
-        except (ValueError, TypeError, nacl_exceptions.CryptoError) as e:
-            raise exceptions.CryptoError(
-                'An "ed25519" signature'
-                " could not be created with PyNaCl." + str(e)
-            )
-
-    # This is a defensive check for a valid 'scheme', which should have already
-    # been validated in the check_match() above.
-    else:  # pragma: no cover
-        raise exceptions.UnsupportedAlgorithmError(
-            "Unsupported" " signature scheme is specified: " + repr(scheme)
-        )
-
-    return signature, scheme
-
-
 def verify_signature(public_key, scheme, signature, data):
     """
   <Purpose>
 
@@ -565,142 +565,6 @@ def _get_keyid(keytype, scheme, key_value, hash_algorithm="sha256"):
     return keyid
 
 
-def create_signature(key_dict, data):
-    """
-    <Purpose>
-      Return a signature dictionary of the form:
-      {'keyid': 'f30a0870d026980100c0573bd557394f8c1bbd6...',
-       'sig': '...'}.
-
-      The signing process will use the private key in
-      key_dict['keyval']['private'] and 'data' to generate the signature.
-
-      The following signature schemes are supported:
-
-      'RSASSA-PSS'
-      RFC3447 - RSASSA-PSS
-      http://www.ietf.org/rfc/rfc3447.
-
-      'ed25519'
-      ed25519 - high-speed high security signatures
-      http://ed25519.cr.yp.to/
-
-      Which signature to generate is determined by the key type of 'key_dict'
-      and the available cryptography library specified in 'settings'.
-
-      >>> ed25519_key = generate_ed25519_key()
-      >>> data = 'The quick brown fox jumps over the lazy dog'
-      >>> signature = create_signature(ed25519_key, data)
-      >>> securesystemslib.formats.SIGNATURE_SCHEMA.matches(signature)
-      True
-      >>> len(signature['sig'])
-      128
-      >>> rsa_key = generate_rsa_key(2048)
-      >>> signature = create_signature(rsa_key, data)
-      >>> securesystemslib.formats.SIGNATURE_SCHEMA.matches(signature)
-      True
-      >>> ecdsa_key = generate_ecdsa_key()
-      >>> signature = create_signature(ecdsa_key, data)
-      >>> securesystemslib.formats.SIGNATURE_SCHEMA.matches(signature)
-      True
-
-    <Arguments>
-      key_dict:
-        A dictionary containing the keys.  An example RSA key dict has the
-        form:
-
-        {'keytype': 'rsa',
-         'scheme': 'rsassa-pss-sha256',
-         'keyid': 'f30a0870d026980100c0573bd557394f8c1bbd6...',
-         'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                    'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-
-        The public and private keys are strings in PEM format.
-
-      data:
-        Data to be signed. This should be a bytes object; data should be
-        encoded/serialized before it is passed here.  The same value can be be
-        passed into securesystemslib.verify_signature() (along with the public
-        key) to later verify the signature.
-
-    <Exceptions>
-      securesystemslib.exceptions.FormatError, if 'key_dict' is improperly
-      formatted.
-
-      securesystemslib.exceptions.UnsupportedAlgorithmError, if 'key_dict'
-      specifies an unsupported key type or signing scheme.
-
-      securesystemslib.exceptions.CryptoError, if the signature cannot be
-      generated.
-
-      TypeError, if 'key_dict' contains an invalid keytype.
-
-    <Side Effects>
-      The cryptography library specified in 'settings' is called to perform the
-      actual signing routine.
-
-    <Returns>
-      A signature dictionary conformant to
-      'securesystemslib_format.SIGNATURE_SCHEMA'.
-    """
-
-    # Does 'key_dict' have the correct format?
-    # This check will ensure 'key_dict' has the appropriate number of objects
-    # and object types, and that all dict keys are properly named.
-    # Raise 'securesystemslib.exceptions.FormatError' if the check fails.
-    # The key type of 'key_dict' must be either 'rsa' or 'ed25519'.
-    formats.ANYKEY_SCHEMA.check_match(key_dict)
-
-    # Signing the 'data' object requires a private key. Signing schemes that are
-    # currently supported are: 'ed25519', 'ecdsa-sha2-nistp256',
-    # 'ecdsa-sha2-nistp384' and rsa schemes defined in
-    # `securesystemslib.keys.RSA_SIGNATURE_SCHEMES`.
-    # RSASSA-PSS and RSA-PKCS1v15 keys and signatures can be generated and
-    # verified by rsa_keys.py, and Ed25519 keys by PyNaCl and PyCA's
-    # optimized, pure python implementation of Ed25519.
-    signature = {}
-    keytype = key_dict["keytype"]
-    scheme = key_dict["scheme"]
-    public = key_dict["keyval"]["public"]
-    private = key_dict["keyval"]["private"]
-    keyid = key_dict["keyid"]
-    sig = None
-
-    if keytype == "rsa":
-        if scheme in RSA_SIGNATURE_SCHEMES:
-            private = private.replace("\r\n", "\n")
-            sig, scheme = rsa_keys.create_rsa_signature(private, data, scheme)
-
-        else:
-            raise exceptions.UnsupportedAlgorithmError(
-                "Unsupported" " RSA signature scheme specified: " + repr(scheme)
-            )
-
-    elif keytype == "ed25519":
-        public = binascii.unhexlify(public.encode("utf-8"))
-        private = binascii.unhexlify(private.encode("utf-8"))
-        sig, scheme = ed25519_keys.create_signature(
-            public, private, data, scheme
-        )
-
-    # Continue to support keytypes of ecdsa-sha2-nistp256 and ecdsa-sha2-nistp384
-    # for backwards compatibility with older securesystemslib releases
-    elif keytype in ["ecdsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384"]:
-        sig, scheme = ecdsa_keys.create_signature(public, private, data, scheme)
-
-    # 'securesystemslib.formats.ANYKEY_SCHEMA' should have detected invalid key
-    # types.  This is a defensive check against an invalid key type.
-    else:  # pragma: no cover
-        raise TypeError("Invalid key type.")
-
-    # Build the signature dictionary to be returned.
-    # The hexadecimal representation of 'sig' is stored in the signature.
-    signature["keyid"] = keyid
-    signature["sig"] = binascii.hexlify(sig).decode()
-
-    return signature
-
-
 def verify_signature(
     key_dict, signature, data
 ):  # pylint: disable=too-many-branches