Signer interface: initial version

MVrachev · MVrachev · commit af02805a18f5 · 2021-02-03T18:39:57.000+02:00
Signed-off-by: Martin Vrachev &lt;mvrachev@vmware.com&gt;
diff --git a/securesystemslib/signer.py b/securesystemslib/signer.py
@@ -0,0 +1,131 @@
+"""
+<Program Name>
+  signer.py
+
+<Author>
+  Martin Vrachev <mvrachev@vmware.com>
+
+<Started>
+  Januart 27, 2021.
+
+<Copyright>
+  See LICENSE for licensing information.
+
+<Purpose>
+  The goal of this module is to provide signing interface supporting multiple
+  signing implementations.
+"""
+
+import abc
+import securesystemslib.keys as sslib_keys
+
+class Signature:
+  """
+  <Purpose>
+    Storage class containing information about a signature and metadata about
+    the key used to generate the signature.
+    The key metadata that is stored is needed for later verification for the
+    signature.
+
+  <Attributes>
+    keyid: HEX string used as a unique identifier of the key.
+    signature: HEX string representing the signature.
+  """
+  def __init__(self, keyid, signature):
+    self.keyid = keyid
+    self.signature = signature
+
+
+  def to_dict(self):
+    """
+    <Purpose>
+      Returns the JSON-serializable dictionary representation of self.
+    """
+    return {
+      "keyid": self.keyid,
+      "sig": self.signature
+      }
+
+
+
+class Signer:
+  """
+  <Purpose>
+    Signer interface created to support multiple signing implementations.
+  """
+
+  __metaclass__ = abc.ABCMeta
+
+  @abc.abstractmethod
+  def sign(payload):
+    """
+    <Purpose>
+      Abstract function used for signig a given payload.
+
+    <Arguments>
+      payload: bytes to be signed
+
+    <Returns>
+      Returns a "Signature" class instance containing the signature and the
+      metadata related to the key needed for verification (e.g. keyid).
+    """
+    pass
+
+
+
+class SSlibSigner(Signer):
+  """
+    <Purpose>
+      Securesystemlib default implementation of the "Signer" interface.
+      With this implementation the following signature schemas are supported:
+
+      'RSASSA-PSS'
+      RFC3447 - RSASSA-PSS
+      http://www.ietf.org/rfc/rfc3447.
+
+      'ed25519'
+      ed25519 - high-speed high security signatures
+      http://ed25519.cr.yp.to/
+
+    <Attributes>
+      key_dict:
+        A dictionary containing the keys. Both private and public keys are
+        needed. An example RSA key dict has the form:
+
+        {'keytype': 'rsa',
+        'scheme': 'rsassa-pss-sha256',
+        'keyid': 'f30a0870d026980100c0573bd557394f8c1bbd6...',
+        'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
+                    'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
+
+        The public and private keys are strings in PEM format.
+  """
+  def __init__(self, key_dict):
+    self.key_dict = key_dict
+
+
+  def sign(self, payload):
+    """
+    <Purpose>
+      Used for signig a given payload.
+
+    <Arguments>
+      payload: bytes to be signed
+
+    <Returns>
+      Returns a "Signature" class instance containing the signature and the
+      metadata related to the key needed for verification (e.g. keyid).
+    """
+    signiture_dict = sslib_keys.create_signature(self.key_dict, payload)
+    return Signature(signiture_dict['keyid'], signiture_dict['sig'])
+
+
+
+class GPGSigner(Signer):
+  """Implement GPG signer"""
+
+  def __init__(self, gpg_keyid):
+    pass
+
+  def sign(self, payload):
+    pass
