secure-systems-lab
diff --git a/‎securesystemslib/ecdsa_keys.py
Lines changed: 410 additions & 391 deletions b/‎securesystemslib/ecdsa_keys.py
Lines changed: 410 additions & 391 deletions
diff --git a/‎securesystemslib/ed25519_keys.py
Lines changed: 144 additions & 138 deletions b/‎securesystemslib/ed25519_keys.py
Lines changed: 144 additions & 138 deletions
@@ -64,10 +64,11 @@
 NACL = True
 NO_NACL_MSG = "ed25519 key support requires the nacl library"
 try:
-  from nacl.encoding import RawEncoder
-  from nacl.signing import (SigningKey, VerifyKey)
-  # avoid conflicts with own exceptions of same name
-  from nacl import exceptions as nacl_exceptions
+    from nacl.encoding import RawEncoder
+    from nacl.signing import SigningKey, VerifyKey
+
+    # avoid conflicts with own exceptions of same name
+    from nacl import exceptions as nacl_exceptions
 except ImportError:
     NACL = False
 
@@ -84,67 +85,66 @@
 # modules are currently supported in the creation of 'ed25519' signatures.
 # Previously, a distinction was made between signatures made by the pure Python
 # implementation and PyNaCl.
-_SUPPORTED_ED25519_SIGNING_SCHEMES = ['ed25519']
+_SUPPORTED_ED25519_SIGNING_SCHEMES = ["ed25519"]
 
 
 def generate_public_and_private():
-  """
-  <Purpose>
-    Generate a pair of ed25519 public and private keys with PyNaCl.  The public
-    and private keys returned conform to
-    'securesystemslib.formats.ED25519PUBLIC_SCHEMA' and
-    'securesystemslib.formats.ED25519SEED_SCHEMA', respectively.
+    """
+    <Purpose>
+      Generate a pair of ed25519 public and private keys with PyNaCl.  The public
+      and private keys returned conform to
+      'securesystemslib.formats.ED25519PUBLIC_SCHEMA' and
+      'securesystemslib.formats.ED25519SEED_SCHEMA', respectively.
 
-    An ed25519 seed key is a random 32-byte string.  Public keys are also 32
-    bytes.
+      An ed25519 seed key is a random 32-byte string.  Public keys are also 32
+      bytes.
 
-    >>> public, private = generate_public_and_private()
-    >>> securesystemslib.formats.ED25519PUBLIC_SCHEMA.matches(public)
-    True
-    >>> securesystemslib.formats.ED25519SEED_SCHEMA.matches(private)
-    True
+      >>> public, private = generate_public_and_private()
+      >>> securesystemslib.formats.ED25519PUBLIC_SCHEMA.matches(public)
+      True
+      >>> securesystemslib.formats.ED25519SEED_SCHEMA.matches(private)
+      True
 
-  <Arguments>
-    None.
+    <Arguments>
+      None.
 
-  <Exceptions>
-    securesystemslib.exceptions.UnsupportedLibraryError, if the PyNaCl ('nacl')
-    module is unavailable.
+    <Exceptions>
+      securesystemslib.exceptions.UnsupportedLibraryError, if the PyNaCl ('nacl')
+      module is unavailable.
 
-    NotImplementedError, if a randomness source is not found by 'os.urandom'.
+      NotImplementedError, if a randomness source is not found by 'os.urandom'.
 
-  <Side Effects>
-    The ed25519 keys are generated by first creating a random 32-byte seed
-    with os.urandom() and then calling PyNaCl's nacl.signing.SigningKey().
+    <Side Effects>
+      The ed25519 keys are generated by first creating a random 32-byte seed
+      with os.urandom() and then calling PyNaCl's nacl.signing.SigningKey().
 
-  <Returns>
-    A (public, private) tuple that conform to
-    'securesystemslib.formats.ED25519PUBLIC_SCHEMA' and
-    'securesystemslib.formats.ED25519SEED_SCHEMA', respectively.
-  """
+    <Returns>
+      A (public, private) tuple that conform to
+      'securesystemslib.formats.ED25519PUBLIC_SCHEMA' and
+      'securesystemslib.formats.ED25519SEED_SCHEMA', respectively.
+    """
 
-  if not NACL: # pragma: no cover
-    raise exceptions.UnsupportedLibraryError(NO_NACL_MSG)
+    if not NACL:  # pragma: no cover
+        raise exceptions.UnsupportedLibraryError(NO_NACL_MSG)
 
-  # Generate ed25519's seed key by calling os.urandom().  The random bytes
-  # returned should be suitable for cryptographic use and is OS-specific.
-  # Raise 'NotImplementedError' if a randomness source is not found.
-  # ed25519 seed keys are fixed at 32 bytes (256-bit keys).
-  # http://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
-  seed = os.urandom(32)
-  public = None
+    # Generate ed25519's seed key by calling os.urandom().  The random bytes
+    # returned should be suitable for cryptographic use and is OS-specific.
+    # Raise 'NotImplementedError' if a randomness source is not found.
+    # ed25519 seed keys are fixed at 32 bytes (256-bit keys).
+    # http://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
+    seed = os.urandom(32)
+    public = None
 
-  # Generate the public key.  PyNaCl (i.e., 'nacl' module) performs the actual
-  # key generation.
-  nacl_key = SigningKey(seed)
-  public = nacl_key.verify_key.encode(encoder=RawEncoder())
-
-  return public, seed
+    # Generate the public key.  PyNaCl (i.e., 'nacl' module) performs the actual
+    # key generation.
+    nacl_key = SigningKey(seed)
+    public = nacl_key.verify_key.encode(encoder=RawEncoder())
 
+    return public, seed
 
 
 def create_signature(public_key, private_key, data, scheme):
-  """
+    """
   <Purpose>
     Return a (signature, scheme) tuple, where the signature scheme is 'ed25519'
     and is always generated by PyNaCl (i.e., 'nacl').  The signature returned
@@ -203,52 +203,52 @@ def create_signature(public_key, private_key, data, scheme):
     returned.
   """
 
-  if not NACL: # pragma: no cover
-    raise exceptions.UnsupportedLibraryError(NO_NACL_MSG)
+    if not NACL:  # pragma: no cover
+        raise exceptions.UnsupportedLibraryError(NO_NACL_MSG)
 
-  # Does 'public_key' have the correct format?
-  # This check will ensure 'public_key' conforms to
-  # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32
-  # bytes.  Raise 'securesystemslib.exceptions.FormatError' if the check fails.
-  formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
+    # Does 'public_key' have the correct format?
+    # This check will ensure 'public_key' conforms to
+    # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32
+    # bytes.  Raise 'securesystemslib.exceptions.FormatError' if the check fails.
+    formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
 
-  # Is 'private_key' properly formatted?
-  formats.ED25519SEED_SCHEMA.check_match(private_key)
+    # Is 'private_key' properly formatted?
+    formats.ED25519SEED_SCHEMA.check_match(private_key)
 
-  # Is 'scheme' properly formatted?
-  formats.ED25519_SIG_SCHEMA.check_match(scheme)
+    # Is 'scheme' properly formatted?
+    formats.ED25519_SIG_SCHEMA.check_match(scheme)
 
-  # Signing the 'data' object requires a seed and public key.
-  # nacl.signing.SigningKey.sign() generates the signature.
-  signature = None
+    # Signing the 'data' object requires a seed and public key.
+    # nacl.signing.SigningKey.sign() generates the signature.
+    signature = None
 
-  # An if-clause is not strictly needed here, since 'ed25519' is the only
-  # currently supported scheme.  Nevertheless, include the conditional
-  # statement to accommodate schemes that might be added in the future.
-  if scheme == 'ed25519':
-    try:
-      nacl_key = SigningKey(private_key)
-      nacl_sig = nacl_key.sign(data)
-      signature = nacl_sig.signature
-
-    except (ValueError, TypeError, nacl_exceptions.CryptoError) as e:
-      raise exceptions.CryptoError('An "ed25519" signature'
-          ' could not be created with PyNaCl.' + str(e))
-
-  # This is a defensive check for a valid 'scheme', which should have already
-  # been validated in the check_match() above.
-  else: #pragma: no cover
-    raise exceptions.UnsupportedAlgorithmError('Unsupported'
-      ' signature scheme is specified: ' + repr(scheme))
-
-  return signature, scheme
+    # An if-clause is not strictly needed here, since 'ed25519' is the only
+    # currently supported scheme.  Nevertheless, include the conditional
+    # statement to accommodate schemes that might be added in the future.
+    if scheme == "ed25519":
+        try:
+            nacl_key = SigningKey(private_key)
+            nacl_sig = nacl_key.sign(data)
+            signature = nacl_sig.signature
 
+        except (ValueError, TypeError, nacl_exceptions.CryptoError) as e:
+            raise exceptions.CryptoError(
+                'An "ed25519" signature'
+                " could not be created with PyNaCl." + str(e)
+            )
 
+    # This is a defensive check for a valid 'scheme', which should have already
+    # been validated in the check_match() above.
+    else:  # pragma: no cover
+        raise exceptions.UnsupportedAlgorithmError(
+            "Unsupported" " signature scheme is specified: " + repr(scheme)
+        )
 
+    return signature, scheme
 
 
 def verify_signature(public_key, scheme, signature, data):
-  """
+    """
   <Purpose>
     Determine whether the private key corresponding to 'public_key' produced
     'signature'.  verify_signature() will use the public key, the 'scheme' and
@@ -299,58 +299,64 @@ def verify_signature(public_key, scheme, signature, data):
     Boolean.  True if the signature is valid, False otherwise.
   """
 
-  # Does 'public_key' have the correct format?
-  # This check will ensure 'public_key' conforms to
-  # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32
-  # bytes.  Raise 'securesystemslib.exceptions.FormatError' if the check fails.
-  formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
-
-  # Is 'scheme' properly formatted?
-  formats.ED25519_SIG_SCHEMA.check_match(scheme)
-
-  # Is 'signature' properly formatted?
-  formats.ED25519SIGNATURE_SCHEMA.check_match(signature)
-
-  # Verify 'signature'.  Before returning the Boolean result, ensure 'ed25519'
-  # was used as the signature scheme.
-  public = public_key
-  valid_signature = False
-
-  if scheme in _SUPPORTED_ED25519_SIGNING_SCHEMES:
-    if NACL:
-      try:
-        nacl_verify_key = VerifyKey(public)
-        nacl_verify_key.verify(data, signature)
-        valid_signature = True
-
-      except nacl_exceptions.BadSignatureError:
-        pass
-
-    # Verify 'ed25519' signature with the pure Python implementation.
-    else:
-      try:
-        python_ed25519.checkvalid(signature, data, public)
-        valid_signature = True
-
-      # The pure Python implementation raises 'Exception' if 'signature' is
-      # invalid.
-      except Exception:
-        pass
-
-  # This is a defensive check for a valid 'scheme', which should have already
-  # been validated in the ED25519_SIG_SCHEMA.check_match(scheme) above.
-  else: #pragma: no cover
-    message = 'Unsupported ed25519 signature scheme: ' + repr(scheme) + '.\n' + \
-      'Supported schemes: ' + repr(_SUPPORTED_ED25519_SIGNING_SCHEMES) + '.'
-    raise exceptions.UnsupportedAlgorithmError(message)
-
-  return valid_signature
-
-
-
-if __name__ == '__main__':
-  # The interactive sessions of the documentation strings can
-  # be tested by running 'ed25519_keys.py' as a standalone module.
-  # python -B ed25519_keys.py
-  import doctest
-  doctest.testmod()
+    # Does 'public_key' have the correct format?
+    # This check will ensure 'public_key' conforms to
+    # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32
+    # bytes.  Raise 'securesystemslib.exceptions.FormatError' if the check fails.
+    formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
+
+    # Is 'scheme' properly formatted?
+    formats.ED25519_SIG_SCHEMA.check_match(scheme)
+
+    # Is 'signature' properly formatted?
+    formats.ED25519SIGNATURE_SCHEMA.check_match(signature)
+
+    # Verify 'signature'.  Before returning the Boolean result, ensure 'ed25519'
+    # was used as the signature scheme.
+    public = public_key
+    valid_signature = False
+
+    if scheme in _SUPPORTED_ED25519_SIGNING_SCHEMES:
+        if NACL:
+            try:
+                nacl_verify_key = VerifyKey(public)
+                nacl_verify_key.verify(data, signature)
+                valid_signature = True
+
+            except nacl_exceptions.BadSignatureError:
+                pass
+
+        # Verify 'ed25519' signature with the pure Python implementation.
+        else:
+            try:
+                python_ed25519.checkvalid(signature, data, public)
+                valid_signature = True
+
+            # The pure Python implementation raises 'Exception' if 'signature' is
+            # invalid.
+            except Exception:
+                pass
+
+    # This is a defensive check for a valid 'scheme', which should have already
+    # been validated in the ED25519_SIG_SCHEMA.check_match(scheme) above.
+    else:  # pragma: no cover
+        message = (
+            "Unsupported ed25519 signature scheme: "
+            + repr(scheme)
+            + ".\n"
+            + "Supported schemes: "
+            + repr(_SUPPORTED_ED25519_SIGNING_SCHEMES)
+            + "."
+        )
+        raise exceptions.UnsupportedAlgorithmError(message)
+
+    return valid_signature
+
+
+if __name__ == "__main__":
+    # The interactive sessions of the documentation strings can
+    # be tested by running 'ed25519_keys.py' as a standalone module.
+    # python -B ed25519_keys.py
+    import doctest
+
+    doctest.testmod()