Merge pull request #1453 from avelichka/develop

Add 'ecdsa' to the list of supported key types
theupdateframework · Jun 23, 2021 · b860ad8 · b860ad8
2 parents e6f743b + 06c8fb8
commit b860ad8
Show file tree

Hide file tree

Showing 8 changed files with 9 additions and 9 deletions.
diff --git a/tests/repository_data/keystore/root_key3 b/tests/repository_data/keystore/root_key3
@@ -1 +1 @@
-ce4624d30171067445ed3fa863f66127@@@@100000@@@@f10f918e9e895ba72fb784e2dccc1b09e4cbc17ff23eda55687e272e217bb09f@@@@63982fe353cdb82ed7825e9569804f0e@@@@9bd085924cbbfff9fbf4cad01f8119a3726b734ea46c573e4d39239c238285a332a73fe1d3e9966a6e958c387f4eec40a0b3e7883b6d347f5506d64f3acf06148261afeca9585e7fd71e2726373a481627bd82c545fdf031bbde9bb3db986e6de29efcad3fc5d7ae5c274d4e0e9b521af6e34263965fa7e5b7e10c7dee4c880424930d4f698ff5a0531ab4a430c74fe6bb831db7c40b0c097c6c22c6cae2b25c712cbf02638cee3cdfea9854ef690b4707e27851ed5e63cda60925e3e4e49467ef031e31dd9524b51e635697d3049cec09ea86cebf60fb2082247e784d48b0c71ef79a4fc4807ad2905140c051795f904baaacee334e34a4d82a78befe735810a77ac40d1a977460026f8513dbccd7fd5c980cc5397d223adc132a6b7230448685f6f1aec40e2a9d6ab39d818c94c7ace66e6a87cc94b690a2018fb3b376010c05ac0587631122d6979b0f575d18655d
+a3d266f446cb23c0248feed240a8a85a@@@@100000@@@@61ea41c73d4b1d8bd7566a9884a2fdb88c1d4e48550341e532768f98c8f4bd3c@@@@46b15764c50c934fcfc041a5fa207337@@@@d84b8c473d5f42d2bbceca28b0087c2c5908673b2a92eb8f1ca91dacc27c1cfac24c98d06191f6f54633dd428e9ca0987f183e8f34322a104dc38a0f4fefcc168f21e203e3abc5842f132df2dcb61d6b31dc19d0ecb50e898655f81e9b8a9730f2bff4c5ca4b6fc0b572a7e3672b6dc814ed127c964d960a57155c29eccf44824442d3c6761662ed2d8a1c48a3222d0f0cb1a58f543ccd852c247522595d987d95d1bf49dfdffaf33f18085460dac791d81347cc576a83c6ebca2625d26ddd294e74fa67f676a02d533b52fc9702237b2c898469a30753d98b091cd6aa713aa7b0c4c741684674084b27862e64adf4b1e88fa22cfcf6eeae8608dd818a4cba020058fa7271028ea9d9a7302c9e50e82972a82ac2080201c0fb9f2fb1cadfe97d62470414428227add1c40594f5135a8169d0d7d0889cb4a1949b015e65f5dc656204c58c463acc5b7872f4a078d0bc5a09a7795187e360e7b225892601aa9065086b24397f653d20e59a656ec86ef94e64d5baf16080f12a7f2461b92f99dfb5bf2e4dadec91cc72d8eede952449fd586c863734d84f31e036ecc96c55ab7baa9b049c20b8281a7c28f5ca42d9cfad6498f51ee907bfd9dc17e2a1bc9b69145ee82a86a90817394c01770581727889d3ba1791592c7ac2e74753485f1811cc4477078732873185240fc1572927d2fef210066bdf015471bd9d1683e8074b3fb6957246589dc62dea4843a17a7c734ae45ae20d31f0083a32d3310fae459fe3fbf7c763e5e4ead4acd9b0233e45237f4465576e85ff707fe316488f329d5bc73596b104cc28b926d6b1f5a3d26a0a6ec534a3cbc54cab97f5cea51f17b8d7f1cc6c9977275c34ee4942dd3e22a19ae1e4252199226cc4fd60
diff --git a/tests/repository_data/keystore/root_key3.pub b/tests/repository_data/keystore/root_key3.pub
@@ -1 +1 @@
-{"keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "e68d6e173fe21d8bc4a558606784abdbb71f31cd13fa2aeef29972f60f5c5809"}}
+{"keytype": "ecdsa", "scheme": "ecdsa-sha2-nistp256", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4huWFUZelzzZk2xLwnLqyc2q7cfI\nIqgg3qOWSddQ3Q/GBXCzgg7zqNqS+xSt+D3gy3mMBbkeo+6OVm8/W9BrqQ=="}}
diff --git a/tests/test_updater_root_rotation_integration.py b/tests/test_updater_root_rotation_integration.py
@@ -643,7 +643,7 @@ def _load_role_keys(keystore_directory):
   role_keys['root2']['public'] = \
     repo_tool.import_ed25519_publickey_from_file(root2_key_file+'.pub')
   role_keys['root3']['public'] = \
-    repo_tool.import_ed25519_publickey_from_file(root3_key_file+'.pub')
+    repo_tool.import_ecdsa_publickey_from_file(root3_key_file+'.pub')
   role_keys['targets']['public'] = \
     repo_tool.import_ed25519_publickey_from_file(targets_key_file+'.pub')
   role_keys['snapshot']['public'] = \
@@ -661,7 +661,7 @@ def _load_role_keys(keystore_directory):
     repo_tool.import_ed25519_privatekey_from_file(root2_key_file,
                                               EXPECTED_KEYFILE_PASSWORD)
   role_keys['root3']['private'] = \
-    repo_tool.import_ed25519_privatekey_from_file(root3_key_file,
+    repo_tool.import_ecdsa_privatekey_from_file(root3_key_file,
                                               EXPECTED_KEYFILE_PASSWORD)
   role_keys['targets']['private'] = \
     repo_tool.import_ed25519_privatekey_from_file(targets_key_file,

diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -416,7 +416,7 @@ class Key:
             the metadata it is used in. This implementation does not verify
             that keyid is the hash of a specific representation of the key.
         keytype: A string denoting a public key signature system,
-            such as "rsa", "ed25519", and "ecdsa-sha2-nistp256".
+            such as "rsa", "ed25519", "ecdsa" and "ecdsa-sha2-nistp256".
         scheme: A string denoting a corresponding signature scheme. For example:
             "rsassa-pss-sha256", "ed25519", and "ecdsa-sha2-nistp256".
         keyval: A dictionary containing the public portion of the key.

diff --git a/tuf/client/updater.py b/tuf/client/updater.py
@@ -952,7 +952,7 @@ def _import_delegations(self, parent_role):
 
     # Iterate the keys of the delegated roles of 'parent_role' and load them.
     for keyid, keyinfo in keys_info.items():
-      if keyinfo['keytype'] in ['rsa', 'ed25519', 'ecdsa-sha2-nistp256']:
+      if keyinfo['keytype'] in ['rsa', 'ed25519', 'ecdsa', 'ecdsa-sha2-nistp256']:
 
         # We specify the keyid to ensure that it's the correct keyid
         # for the key.

diff --git a/tuf/keydb.py b/tuf/keydb.py
@@ -45,7 +45,7 @@
 from tuf import formats
 
 # List of strings representing the key types supported by TUF.
-_SUPPORTED_KEY_TYPES = ['rsa', 'ed25519', 'ecdsa-sha2-nistp256']
+_SUPPORTED_KEY_TYPES = ['rsa', 'ed25519', 'ecdsa', 'ecdsa-sha2-nistp256']
 
 # See 'log.py' to learn how logging is handled in TUF.
 logger = logging.getLogger(__name__)

diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py
@@ -75,7 +75,7 @@
 TIMESTAMP_EXPIRES_WARN_SECONDS = 86400
 
 # Supported key types.
-SUPPORTED_KEY_TYPES = ['rsa', 'ed25519', 'ecdsa-sha2-nistp256']
+SUPPORTED_KEY_TYPES = ['rsa', 'ed25519', 'ecdsa', 'ecdsa-sha2-nistp256']
 
 # The algorithm used by the repository to generate the path hash prefixes
 # of hashed bin delegations.  Please see delegate_hashed_bins()

diff --git a/tuf/scripts/repo.py b/tuf/scripts/repo.py
@@ -183,7 +183,7 @@
 # The supported keytype strings (as they appear in metadata) are listed here
 # because they won't necessarily match the key types supported by
 # securesystemslib.
-SUPPORTED_KEY_TYPES = ('ed25519', 'ecdsa-sha2-nistp256', 'rsa')
+SUPPORTED_KEY_TYPES = ('rsa', 'ed25519', 'ecdsa', 'ecdsa-sha2-nistp256')
 
 # pylint: disable=protected-access
 # ... to allow use of sslib _generate_and_write_*_keypair convenience methods