From 46d07be5adb93e1a19792bc338decee2cef0658f Mon Sep 17 00:00:00 2001 From: vladdd Date: Wed, 9 Oct 2013 08:15:09 -0400 Subject: [PATCH] Continue configurable crypto changes: add keys.py doctest --- tuf/conf.py | 4 +-- tuf/keys.py | 73 ++++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 60 insertions(+), 17 deletions(-) diff --git a/tuf/conf.py b/tuf/conf.py index 9d271b86..060101bc 100755 --- a/tuf/conf.py +++ b/tuf/conf.py @@ -68,5 +68,5 @@ # # Supported Cryptography libraries: -# 'pycrypto', 'ed25519'. -CRYPTO_LIBRARY = 'ed25519' +# 'pycrypto', 'ed25519-python', 'ed25519-pynacl'. +CRYPTO_LIBRARY = 'pycrypto' diff --git a/tuf/keys.py b/tuf/keys.py index a347a5d1..acc84c49 100755 --- a/tuf/keys.py +++ b/tuf/keys.py @@ -35,21 +35,22 @@ key (i.e., rsakey['keyid']). """ -# Required for hexadecimal conversions. Signatures are hexlified. +# Required for hexadecimal conversions. Signatures and public/private keys are +# hexlified. import binascii # -_SUPPORTED_CRYPTO_LIBRARIES = \ - ['pycrypto', 'ed25519'] +_SUPPORTED_CRYPTO_LIBRARIES = ['pycrypto', 'ed25519-python', 'ed25519-pynacl'] # _available_crypto_libraries = ['ed25519-python'] try: - import Crypto + #import Crypto import tuf.pycrypto_keys.py _available_crypto_libraries.append('pycrypto') except ImportError: + print('Could not import pycrypto') pass try: @@ -100,6 +101,14 @@ def generate_rsa_key(bits=_DEFAULT_RSA_KEY_BITS): generate() enforces a minimum key size of 2048 bits. If 'bits' is unspecified, a 3072-bit RSA key is generated, which is the key size recommended by TUF. + + >>> rsa_key = generate_rsa_key(bits=2048) + >>> tuf.formats.RSAKEY_SCHEMA.matches(rsa_key) + True + >>> len(ed25519_key['keyval']['public']) + 64 + >>> len(ed25519_key['keyval']['private']) + 64 bits: @@ -151,13 +160,13 @@ def generate_rsa_key(bits=_DEFAULT_RSA_KEY_BITS): # Generate the keyid for the RSA key. 'key_value' corresponds to the # 'keyval' entry of the 'RSAKEY_SCHEMA' dictionary. The private key # information is not included in the generation of the 'keyid' identifier. - key_value = {'public': public, + key_value = {'public': binascii.hexlify(public), 'private': ''} keyid = _get_keyid(key_value) # Build the 'rsakey_dict' dictionary. Update 'key_value' with the RSA # private key prior to adding 'key_value' to 'rsakey_dict'. - key_value['private'] = private + key_value['private'] = binascii.hexlify(private) rsakey_dict['keytype'] = keytype rsakey_dict['keyid'] = keyid @@ -187,11 +196,17 @@ def generate_ed25519_key(): unspecified, a 3072-bit RSA key is generated, which is the key size recommended by TUF. - - bits: - The key size, or key length, of the RSA key. 'bits' must be 2048, or - greater, and a multiple of 256. + >>> ed25519_key = generate_ed25519_key() + >>> tuf.formats.ED25519KEY_SCHEMA.matches(ed25519_key) + True + >>> len(ed25519_key['keyval']['public']) + 64 + >>> len(ed25519_key['keyval']['private']) + 64 + + None. + ValueError, if an exception occurs after calling the RSA key generation routine. 'bits' must be a multiple of 256. The 'ValueError' exception is @@ -234,13 +249,13 @@ def generate_ed25519_key(): # Generate the keyid for the RSA key. 'key_value' corresponds to the # 'keyval' entry of the 'RSAKEY_SCHEMA' dictionary. The private key # information is not included in the generation of the 'keyid' identifier. - key_value = {'public': public, + key_value = {'public': binascii.hexlify(public), 'private': ''} keyid = _get_keyid(key_value) # Build the 'rsakey_dict' dictionary. Update 'key_value' with the RSA # private key prior to adding 'key_value' to 'rsakey_dict'. - key_value['private'] = private + key_value['private'] = binascii.hexlify(private) ed25519_key['keytype'] = keytype ed25519_key['keyid'] = keyid @@ -272,6 +287,12 @@ def create_in_metadata_format(key_type, key_value, private=False): RSA keys are stored in Metadata files (e.g., root.txt) in the format returned by this function. + + >>> ed25519_key = generate_ed25519_key() + >>> key_val = ed25519_key['keyval'] + >>> ed25519_metadata = create_in_metadata_format(key_val, private=True) + >>> tuf.formats.KEY_SCHEMA.matches(ed25519_metadata) + True key_type: @@ -337,6 +358,15 @@ def create_from_metadata_format(key_metadata): metadata files and needs converting. Generate() creates an entirely new key and returns it in the format appropriate for 'keydb.py' and 'keystore.py'. + + >>> ed25519_key = generate_ed25519_key() + >>> key_val = ed25519_key['keyval'] + >>> ed25519_metadata = create_in_metadata_format(key_val, private=True) + >>> ed25519_key_2 = create_from_metadata_format(ed25519_metadata) + >>> tuf.formats.ED25519KEY_SCHEMA.matches(ed25519_key_2) + True + >>> ed25519_key == ed25519_key_2 + True key_metadata: @@ -419,9 +449,9 @@ def _check_crypto_library(): 'Supported crypto libraries: '+repr(_SUPPORTED_CRYPTO_LIBRARIES)+'.' raise tuf.CryptoError(message) - if _CRYPTO_LIBRARY not in _AVAILABLE_CRYPTO_LIBRARIES: + if _CRYPTO_LIBRARY not in _available_crypto_libraries: message = 'The '+repr(_CRYPTO_LIBRARY)+' crypto library specified'+ \ - 'in "tuf.conf.CRYPTO_LIBRARY" could not be imported.' + ' in "tuf.conf.CRYPTO_LIBRARY" could not be imported.' raise tuf.CryptoError(message) @@ -440,7 +470,20 @@ def create_signature(key_dict, data): rsakey_dict['keyval']['private'] and 'data' to generate the signature. RFC3447 - RSASSA-PSS - http://www.ietf.org/rfc/rfc3447.txt + http://www.ietf.org/rfc/rfc3447. + + >>> ed25519_key_dict = generate_ed25519_key() + >>> data = 'The quick brown fox jumps over the lazy dog.' + >>> signature = create_signature(ed25519_key_dict, data) + >>> tuf.formats.SIGNATURE_SCHEMA.matches(signature) + True + >>> len(signature['sig']) + 128 + >>> rsa_key_dict = generate_rsaed25519_key() + >>> data = 'The quick brown fox jumps over the lazy dog.' + >>> signature = create_signature(ed25519_key_dict, data) + >>> tuf.formats.SIGNATURE_SCHEMA.matches(signature) + True key_dict: