Remove uses of keyid_hash_algorithms #1014
Conversation
joshuagl
added
the
securesystemslib
There was a problem hiding this comment.
Thanks for the submission Marina! Am I correct in thinking the behavioural changes introduced by this PR are that:
- a client no longer recalculates keyids, and instead trusts the values in the metadata
- when loading an existing repository with repository_tool, keyids are not calculated and instead the keyids from the metadata are used
I'd like to see the additional test for a duplicate keyid enabled, or removed from this PR. I also pointed had some minor comments inline about not passing the default value for an argument and what appears to be unnecessarily assigning a value to a dictionary field.
NOTE: the required securesystemslib change has been merged and is available in release 0.15.0, which we already depend on in py-TUF.
tests/test_keydb.py
Outdated
| # New key with a duplicate keyid | ||
| #rsakey4 = KEYS[1] | ||
| #keyid4 = KEYS[3]['keyid'] | ||
| #keydict[keyid4] = rsakey4 |
There was a problem hiding this comment.
Should this test work? If not, what's preventing it from working? Should we be addressing it in this PR?
There was a problem hiding this comment.
As keyids are no longer calculated before use, the client will want a different way to verify that all keys applied to a threshold are unique. I think this may be better left to a separate pr (which I've documented in #1084) for 2 reasons:
- This is a larger change that will require creating a standardized representation for keys
- It is only an issue if the delegating metadata makes a mistake or in the case of multi-role delegations (which are not currently in the reference implementation). Also, this issue already exists with the current implementation if multiple
keyid_hash_algorithmsare used
That being said, I have started looking into this issue and could include the fix here if that would be more clear. Otherwise I'll remove this test for now.
tests/test_keydb.py
Outdated
| self.assertRaises(tuf.exceptions.UnknownKeyError, tuf.keydb.get_key, keyid3) | ||
| #self.assertRaises(tuf.exceptions.UnknownKeyError, tuf.keydb.get_key, keyid4) |
There was a problem hiding this comment.
Can we enable this part of the test?
tuf/keydb.py
Outdated
| # keyids, otherwise add_key() will have no reference to it. | ||
| key_dict['keyid'] = keyid | ||
| add_key(key_dict, keyid=None, repository_name=repository_name) | ||
| key_dict['keyid'] = keyid |
There was a problem hiding this comment.
I think key_dict['keyid'] should already be set to keyid here, because we pass it in as the default_keyid in format_metadata_to_key?
tuf/repository_lib.py
Outdated
| key_object['keyid'] = keyid | ||
| tuf.keydb.add_key(key_object, keyid=None, | ||
| repository_name=repository_name) | ||
| key_object['keyid'] = keyid |
There was a problem hiding this comment.
Again, I think this is already set correctly by format_metadata_to_key()?
|
Note the DCO check is failing because none of the commits have a
|
… as the keyid is provided in signed metadata. Removing this check allows the client to avoid use of the keyid_hash_algorithm field during verification. Note that this change requires a small change to the securesystemslib api. Signed-off-by: marinamoore <mmoore32@calpoly.edu>
…eyid. Check that this keyid matches the keyid listed in the key for consistent behavior. Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
…e keyid provided in the delegation. Note that this requires a change to securesystems lib. Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Co-authored-by: Joshua Lock <jlock@vmware.com> Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
Signed-off-by: marinamoore <mmoore32@calpoly.edu>
mnm678
force-pushed
the
remove-keyid_hash_algorithms
branch
from
8fe9ef7
to
376590d
Compare
Thanks for the review! Yes, those are the main behavioural changes. These changes will help both with the TAP 12 implementation and with the removal of |
|
The failing test looks like a timeout issue that should be unrelated to this pr. |
Co-authored-by: Joshua Lock <jlock@vmware.com> Signed-off-by: marinamoore <mmoore32@calpoly.edu>
mnm678
force-pushed
the
remove-keyid_hash_algorithms
branch
from
0c1ee76
to
f96cf50
Compare
Is this setting used by other securesystemslib users, especially intoto? @SantiagoTorres @lukpueh |
Based on a quick |
PR theupdateframework#1014 removed uses of keyid_hash_algorithms in favour of using the calculated keyid values from the metadata. A few instances of this removal were unintentionally reintroduced in PR theupdateframework#1016, when changing to explicitly passing a list of hash algorithms rather than changing securesystemslib settings values. This change removes uneccessary uses of keyid_hash_algorithms. Signed-off-by: Joshua Lock <jlock@vmware.com>
PR theupdateframework#1014 removed uses of keyid_hash_algorithms in favour of using the calculated keyid values from the metadata. A few instances of this removal were unintentionally reintroduced in PR theupdateframework#1016, when changing to explicitly passing a list of hash algorithms rather than changing securesystemslib settings values. This change removes uneccessary uses of keyid_hash_algorithms. Signed-off-by: Joshua Lock <jlock@vmware.com>
|
Hi @lorenzo-blasa! What exactly are you trying to achieve? Maybe taking a look at the corresponding PR (#1014) helps to better understand the commit (3c78d67)? |
|
@lukpueh many thanks! That PR definitely helps. I'm currently working on having a TUF reference implementation written in JavaScript. The effort started last year and only last week I resumed. So I was running the local JavaScript tests and comparing that with the version I had in Python and I found it was also failing but maybe because the unit tests were actually referring the TUF package installed instead of the local copy. Running It's all good now :) |
|
@lorenzo-blasa A tuf.js has been a dream of mine for a while now... you might look at my toy reimplementation tuf-on-a-plane to get a few more clarifications or ideas. Thanks for your feedback! |
|
@trishankatdatadog thanks for sharing that! The intention I have with the JS implementation is to open source it as soon as possible, being complete and going through necessary approvals. So it's great to know there's more people interested in it. |
|
@lorenzo-blasa, tuf.js sounds exciting, please keep us posted! And of course, feel free to ping us if you have any questions regarding the TUF spec or this reference implementation. |
This is a first step toward removing keyid_hash_algorithms from the reference implementation as discussed in #848. This pr removes all uses of this field during the client verification by using the keyids provided in the metadata instead of recalculating keyids using the keyid_hash_algorithms.
This pr requires changes to securesystemslib that are is a pull request at secure-systems-lab/securesystemslib#225.