rsa_key.py was modified to generate and verify RSASSA-PSS signatures instead of RSASSA-PKCS1-v1_5. Optional functions to read and save passphrase-protected PEM files also added to rsa_key.py. keystore.py was modified to generate encrypted .key files (similar scheme as before) with PyCrypto to support uniform encryption of varied key types. User passwords are no longer temporarily stored, but used to derive a symmetric key with PBKDF2. The derived key is then used with AES-256-Mode-CTR to generate the encrypted key data. Affected unit tests updated.
Previously, logging messages were written to "tuf.log" *and* and the console, by default. Modules had to explicitly disable the logger to silence console messages. TUF, when integrated by a software updater, should not log messages to console by default. The design change now forces modules to call tuf.log.add_console_handler() to enable logging messages to console. The logger, file, and console handlers may have independent logging levels.
tuf-spec.txt was updated to include the latest metadata changes, such as version numbers, and the "lazy bin walk" scheme was implemented in updater.py.
This update addresses issue #86. It begins by removing the wholesale downloading of all targets metadata and only downloads & verifies the metadata for the roles it only needs; the "lazy walk" scheme.
Previously, _make_delegated_metadata() attempted to minimize the number of target directories in the "paths" field
of delegations by calculating common root-most directories. This bahavior was found to be unsafe and removed, and as a result,
the sort of delegated targets is no longer needed.
aggregate_tests now loads all the unit tests into one suite and runs them together,
so that any failures and errors show up together in a concise report.
A directory listed under the "paths" field of a parent metadata delegation is understood to mean all
subdirectories and files the delegated role is trusted to update. The delegated role has the option
of specifying multiple, arbitrary, and explicit file paths & directories. The previous implementation
allowed explicit file paths in the "paths" field of the parent role metadata. This commit modified
this behaviour to allow directories (replicating wildcards) to minimize the size of parent metadata.
Add comments to make it clearer how the self.Repository.refresh() call in test_5_all_targets() successfully returns the metadata for all the roles. _mock_download_url_to_tempfileobj() is set up to allow mock downloads of the "all_role_paths" files in order.Relative filepaths were incorrectly calculated when
directories were specified as target paths in the --makedelegation command-line option for signercli.py.
His code splits tuf.download.download_url_to_tempfileobj into two major
pieces. The first piece opens a connection to a URL, and computes
the required and reported lengths for downloading data from that given
URL. The second piece downloads data from the given URL in such a way
that we can defend against endless data and slow retrieval attacks.
