From 1f0cb9cd520b78b992372121fee220aa09287c6a Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Thu, 5 Mar 2020 10:41:54 +0000 Subject: [PATCH] Add new setting for file hashing algorithms Using securesystemslib.settings.HASH_ALGORITHMS is undersirable, because it binds tuf to an implementation detail of the underlying library. In this specific instance of file hashing algorithms it's even more undesirable because it's overloading the intended use of the setting which is "algorithm(s) [...] used to generate key IDs". Add a new setting tuf.settings.FILE_HASH_ALGORITHMS, with a default value of ['sha256', 'sha512'] (that matches the current value of securesystemslib.settings.HASH_ALGORITHMS), to be used for file hashing operations in tuf. Signed-off-by: Joshua Lock --- tuf/repository_lib.py | 2 +- tuf/settings.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index 3ca381ec..15e2f750 100755 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -974,7 +974,7 @@ def get_metadata_fileinfo(filename, custom=None): # file information, such as the file's author, version/revision # numbers, etc. filesize, filehashes = securesystemslib.util.get_file_details(filename, - securesystemslib.settings.HASH_ALGORITHMS) + tuf.settings.FILE_HASH_ALGORITHMS) return tuf.formats.make_fileinfo(filesize, filehashes, custom=custom) diff --git a/tuf/settings.py b/tuf/settings.py index 0fb80464..eb8ae34a 100755 --- a/tuf/settings.py +++ b/tuf/settings.py @@ -102,6 +102,9 @@ # the securesystemslib external library. DEFAULT_HASH_ALGORITHM = 'sha256' +# The hashing algorithms used to compute file hashes +FILE_HASH_ALGORITHMS = ['sha256', 'sha512'] + # The client's update procedure (contained within a while-loop) can potentially # hog the CPU. The following setting can be used to force the update sequence # to suspend execution for a specified amount of time. See