Support nistp384 in ecdsa scheme and key formats

Support nistp384 in addition to nistp256 in ECDSA signing scheme and key formats, required for PEP458. This commit also removes the related but obsolete REQUIRED_LIBRARIES_SCHEMA, which was only used in the long-gone check_crypto_libraries tuf function. Note: This commit tries to blend in with the current sslib design. I future work we should: - define securesystemslib-wide constants instead of hardcoding strings over and over again (see item 3 in #183) - re-think "key type" vs. "signature scheme"
secure-systems-lab · Apr 6, 2020 · 761aded · 761aded
1 parent 7a9e620
commit 761aded
Showing 1 changed file with 4 additions and 11 deletions.
diff --git a/securesystemslib/formats.py b/securesystemslib/formats.py
@@ -164,9 +164,8 @@
 # http://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm#table1
 RSAKEYBITS_SCHEMA = SCHEMA.Integer(lo=2048)
 
-# The supported ECDSA signature schemes (ecdsa-sha2-nistp256 is supported by
-# default).
-ECDSA_SCHEME_SCHEMA = SCHEMA.OneOf([SCHEMA.String('ecdsa-sha2-nistp256')])
+# The supported ECDSA signature schemes
+ECDSA_SCHEME_SCHEMA = SCHEMA.RegularExpression(r'ecdsa-sha2-nistp(256|384)')
 
 # A pyca-cryptography signature.
 PYCACRYPTOSIGNATURE_SCHEMA = SCHEMA.AnyBytes()
@@ -201,7 +200,7 @@
 # Supported securesystemslib key types.
 KEYTYPE_SCHEMA = SCHEMA.OneOf(
   [SCHEMA.String('rsa'), SCHEMA.String('ed25519'),
-   SCHEMA.String('ecdsa-sha2-nistp256')])
+   SCHEMA.RegularExpression(r'ecdsa-sha2-nistp(256|384)')])
 
 # A generic securesystemslib key.  All securesystemslib keys should be saved to
 # metadata files in this format.
@@ -254,7 +253,7 @@
 # An ECDSA securesystemslib key.
 ECDSAKEY_SCHEMA = SCHEMA.Object(
   object_name = 'ECDSAKEY_SCHEMA',
-  keytype = SCHEMA.String('ecdsa-sha2-nistp256'),
+  keytype = SCHEMA.RegularExpression(r'ecdsa-sha2-nistp(256|384)'),
   scheme = ECDSA_SCHEME_SCHEMA,
   keyid = KEYID_SCHEMA,
   keyid_hash_algorithms = SCHEMA.Optional(HASHALGORITHMS_SCHEMA),
@@ -272,12 +271,6 @@
 # An ECDSA signature.
 ECDSASIGNATURE_SCHEMA = SCHEMA.AnyBytes()
 
-# Required installation libraries expected by the repository tools and other
-# cryptography modules.
-REQUIRED_LIBRARIES_SCHEMA = SCHEMA.ListOf(SCHEMA.OneOf(
-  [SCHEMA.String('general'), SCHEMA.String('ed25519'), SCHEMA.String('rsa'),
-   SCHEMA.String('ecdsa-sha2-nistp256')]))
-
 # Ed25519 signature schemes.  The vanilla Ed25519 signature scheme is currently
 # supported.
 ED25519_SIG_SCHEMA = SCHEMA.OneOf([SCHEMA.String('ed25519')])