* Start linting securesystemslib calls
(this requires new securesystemslib)
* Fix various issues that suddenly popup
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
securesystemslib.hash is a small wrapper around hashlib, which serves
two main purposes:
* provide helper function to hash a file
* translate custom hash algorithm name "blake2b-256" to "blake2b" with
(digest_size=32).
In preparation for the removal of securesystemslib.hash, this patch ports
above behavior to tuf and uses the builtin hashlib directly where
possible.
related secure-systems-lab/securesystemslib#943
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This allows using some more nice annotations from 3.10
while still being compatible with even Python 3.8.
These are all annotation changes, should not modify any functionality.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Remove exectuable flag from a couple of files
* Half of the test files have a shebang (but are
still not executable): remove the shebang
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* API changes covered:
* keys and interface modules removed
* SSlibSigner removed
* CryptoSigner added: this replaces the removed functionality
* DSSE "signatures" container type changed
* Currently pins a securesystemslib main branch commit:
this shoudl be reverted before merging, when securesystemslib
has made a release
* tests/generated_data/generate_md.py was simplified
* Encrypted test keys in tests/repository_data/keystore were replaced
with the unencrypted PEM versions of the same keys
* The public test keys in tests/repository_data/keystore were removed
as they were not used anymore
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Most importantly use strftime() to serialize the datetime
* Force the timezone as UTC when deserializing
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Add API tests for SimpleEnvelope
This is not as comprehensive as Metadata API. The latter also includes
tests for all payload classes, which should cover the same scenarios as
if used with SimpleEnvelope.
* Add unit test for newly added simple envelope load helper function in
trusted metadata set.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This does much the same tests as test_signed_get_verification_result()
above it does, just using two root roles.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Changes are
* expected result changes (like the handling of keyids without keys)
* test refactoring to have access to the Key
* Removal of union test
* use the fact that VerificationResult is Truthy in asserts
(to get 1 more line of coverage)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The method returns detailed information about signature verification of
a delegated role metadata.
Its implementation is taken from the verify_delegate method and slightly
updated. verify_delegate now is a thin wrapper on top of
get_verification_result.
fixes#2449
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-authored-by: Jussi Kukkonen <jkukkonen@google.com>
fixes#2444
SSlibSigner was changed recently (secure-stystems-lab/securesystemslib#604)
to fail on bad input data (keydict) at init instead of when signing.
The patched test used to trigger expects a Signer.sign error from an
SSlibSigner, which is no longer possible.
To still get the desired error, the test uses a custom signer, which
does raise on sign.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.
This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385).
Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
commit).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Avoid Metadata.verify_delegate() now that it's deprecated.
Note that this commit does not try to make any code cleanups
that are now possible: this is the minimal change to use the new
API.
Future improvements can make code in TrustedMetadataSet and
Updater slightly easier to read: as an example there's no need for
TrustedMetadataSet to actually store or expose actual Metadata in its
cache -- Signed is all that's needed.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Use the same solution for producing the paths as we already do in ngclient
* Fix linting issues
* Modify the test results according to new code (I believe these are
correct, although some cases are so edge cases that disagreement may
exist. Most importantly I think the method should always return as
many paths as there are hashes listed
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
verify_delegate() unfortunately needs an almost complete rewrite
as the Key.verify_signature() API change affects it quite a bit.
Refactoring the role and key lookup into a separate method makes the
code readable again.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Key.verify_signature() API has changed:
* argument is bytes, not metadata
* raised error now comes from securesystemslib
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
New Securesystemslib Keys can now be instantiated in two ways:
* deserialize via Key.from_dict() as before
* generate new keys via implementation specific methods
Fix all cases where we call Key() or Key.from_securesystemslib_key()
and use SSlibKey methods instead. Fix related tests.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Add a test case when there is a bin name with the desired prefix, but
which cannot be cast to a hexadecimal number.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Here is the list of all breaking API changes:
1) The "role" and "key" arguments in "Root.add_key()" are in reverse
order - "key" becomes first and "role" second.
2) "Root.remove_key()" has been renamed to "Root.revoke_key()".
3) The "role" and "keyid" arguments in "Root.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
4) The "role" and "key" arguments in "Targets.add_key()" are in reverse
order - "key" becomes first and "role" second.
5) "Targets.remove_key()" has been renamed to "Targets.revoke_key()".
6) The "role" and "keyid" arguments in "Targets.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
7) In both methods "Targets.add_key()" and "Targets.revoke_key()" the
"role" argument becomes an optional with a default value of None.
Those changes are made in an effort to make those methods logical
for both cases when standard roles and succinct_roles are used.
The "Root" API change was done in order to preserve naming and argument
order consistency with "Targets" API.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This commit contains 2 API changes in "Delegations" class from
tuf/api/metadata.py:
1. roles argment is made optional
2. unrecognized_fields argument becomes the 4-th rather than the 3-rd
as it used to be
In this commit, I add support for succinct_roles roles inside
Delegations class. This change is related to TAP 15 proposal.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Add two helper methods in SuccinctRoles.
Those methods proved useful in the testing code, but I believe they have
a potential value for production code as well.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
Move the duplicating signatures tests from test_metadata_base function
in test_api.py into test_metadata_serialization.py.
This is a more logical place to store this test case as
test_metadata_base is actually focused on testing
Metadata.signed.is_expired.
That also is the reason why I renamed test_metadata_base to
test_metadata_signed_is_expired.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
If a securesystemslib.FormatError is raised inside
Key.from_securesystemslib_key() then reraise ValueError.
This is done so that our users don't have to import securesystemslib
in order to handle the error and because the securesystemslib error
itself is securesystemslib implementation-specific.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
