Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TUF expiry contains microseconds #103

Closed
jku opened this issue Feb 14, 2022 · 5 comments · Fixed by #197 or #276
Closed

TUF expiry contains microseconds #103

jku opened this issue Feb 14, 2022 · 5 comments · Fixed by #197 or #276
Labels
bug Something isn't working

Comments

@jku
Copy link
Member

jku commented Feb 14, 2022

From TUF specification:

The expected format of the combined date and time string is "YYYY-MM-DDTHH:MM:SSZ". Time is always in UTC, and the "Z" time zone designator is attached to indicate a zero UTC offset. An example date-time string is "1985-10-21T01:21:00Z".

To me this says that the expiry string should not contain microseconds. Current sigstore metadata contains microseconds: https://github.com/sigstore/root-signing/blob/main/repository/repository/2.root.json#L27

I'm not sure if defining expiry this strictly in the spec is useful but the definition seems clear and in python-tuf we currently implement the spec strictly so fail to deserialize this metadata.

The related python-tuf issue (we'll have to decide if we should support msecs or not): theupdateframework/python-tuf#1858
@jku jku added the bug Something isn't working label Feb 14, 2022
@jku jku mentioned this issue Feb 14, 2022
Open
@asraa
Copy link
Contributor

asraa commented Feb 14, 2022

Oooh nice! Thank you for finding this -- I can set to truncate at seconds

@tetsuo-cpp
Copy link

tetsuo-cpp commented Apr 8, 2022
edited

@jku When you truncated to seconds, did you end up getting this error in python-tuf?

ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=151584876, lib=9, reason=108, reason_text=b'error:0909006C:PEM routines:get_name:no start line')])

I'm just wondering whether that's what caused you to open theupdateframework/python-tuf#1866 or whether I'm hitting a different issue.

@tetsuo-cpp tetsuo-cpp mentioned this issue Apr 8, 2022
Closed
@jku
Copy link
Member Author

jku commented Apr 8, 2022
edited

I mean yes I found both issues while I was doing a manual interop testing round -- the issue you found is a related one: our error handling was quite poor.

Current state to my knowledge is:

@tetsuo-cpp
Copy link

Ah thanks @jku, that makes sense. I missed the key format issues.

@asraa asraa mentioned this issue May 6, 2022
Merged
@asraa
Copy link
Contributor

asraa commented May 6, 2022

Going to make a separate issue about the ECDSA key format -- this will be tough because root keys will have different key IDs if we immediately switching the encodings.

@asraa asraa mentioned this issue May 6, 2022
Closed
@asraa asraa mentioned this issue Jun 6, 2022
Merged
@asraa asraa mentioned this issue Jul 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@jku @asraa @tetsuo-cpp