Expect bytes in create_ and verify_signature; do not serialize

The caller knows what their data is and how to serialize it (including whether or not to canonicalize it in some fashion); ssl.keys is too low level to be doing this. (I talked this over with Lukas and it serves his interests for in-toto as well.) Updated testing. Did not touch code style, even though I'd love to.... Signed-off-by: Sebastien Awwad <[email protected]>
lukpueh · Jan 10, 2019 · 0baedd3 · 0baedd3
1 parent 23008b4
commit 0baedd3
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 22 deletions.
diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py
@@ -662,7 +662,10 @@ def create_signature(key_dict, data):
       The public and private keys are strings in PEM format.
 
     data:
-      Data object used by create_signature() to generate the signature.
+      Data to be signed. This should be a bytes object; data should be
+      encoded/serialized before it is passed here.  The same value can be be
+      passed into securesystemslib.verify_signature() (along with the public
+      key) to later verify the signature.
 
   <Exceptions>
     securesystemslib.exceptions.FormatError, if 'key_dict' is improperly
@@ -702,17 +705,11 @@ def create_signature(key_dict, data):
   keyid = key_dict['keyid']
   sig = None
 
-  # Convert 'data' to canonical JSON format so that repeatable signatures are
-  # generated across different platforms and Python key dictionaries.  The
-  # resulting 'data' is a string encoded in UTF-8 and compatible with the input
-  # expected by the cryptography functions called below.
-  data = securesystemslib.formats.encode_canonical(data)
-
   if keytype == 'rsa':
     if scheme == 'rsassa-pss-sha256':
       private = private.replace('\r\n', '\n')
-      sig, scheme = securesystemslib.pyca_crypto_keys.create_rsa_signature(private,
-        data.encode('utf-8'), scheme)
+      sig, scheme = securesystemslib.pyca_crypto_keys.create_rsa_signature(
+          private, data, scheme)
 
     else:
       raise securesystemslib.exceptions.UnsupportedAlgorithmError('Unsupported'
@@ -721,12 +718,12 @@ def create_signature(key_dict, data):
   elif keytype == 'ed25519':
     public = binascii.unhexlify(public.encode('utf-8'))
     private = binascii.unhexlify(private.encode('utf-8'))
-    sig, scheme = securesystemslib.ed25519_keys.create_signature(public,
-      private, data.encode('utf-8'), scheme)
+    sig, scheme = securesystemslib.ed25519_keys.create_signature(
+        public, private, data, scheme)
 
   elif keytype == 'ecdsa-sha2-nistp256':
-    sig, scheme = securesystemslib.ecdsa_keys.create_signature(public, private,
-      data.encode('utf-8'), scheme)
+    sig, scheme = securesystemslib.ecdsa_keys.create_signature(
+        public, private, data, scheme)
 
   # 'securesystemslib.formats.ANYKEY_SCHEMA' should have detected invalid key
   # types.  This is a defensive check against an invalid key type.
@@ -795,8 +792,10 @@ def verify_signature(key_dict, signature, data):
       Conformant to 'securesystemslib.formats.SIGNATURE_SCHEMA'.
 
     data:
-      Data object used by securesystemslib.rsa_key.create_signature() to
-      generate 'signature'.  'data' is needed here to verify the signature.
+      Data that the signature is expected to be over.  This should be a bytes
+      object; data should be encoded/serialized before it is passed here.)
+      This is the same value that can be passed into
+      securesystemslib.create_signature() in order to create the signature.
 
   <Exceptions>
     securesystemslib.exceptions.FormatError, raised if either 'key_dict' or
@@ -846,11 +845,6 @@ def verify_signature(key_dict, signature, data):
   scheme = key_dict['scheme']
   valid_signature = False
 
-  # Convert 'data' to canonical JSON format so that repeatable signatures are
-  # generated across different platforms and Python key dictionaries.  The
-  # resulting 'data' is a string encoded in UTF-8 and compatible with the input
-  # expected by the cryptography functions called below.
-  data = securesystemslib.formats.encode_canonical(data).encode('utf-8')
 
   if keytype == 'rsa':
     if scheme == 'rsassa-pss-sha256':

diff --git a/tests/test_keys.py b/tests/test_keys.py
@@ -39,7 +39,8 @@
 KEYS = securesystemslib.keys
 FORMAT_ERROR_MSG = 'securesystemslib.exceptions.FormatError was raised!' + \
   '  Check object\'s format.'
-DATA = 'SOME DATA REQUIRING AUTHENTICITY.'
+DATA_STR = 'SOME DATA REQUIRING AUTHENTICITY.'
+DATA = securesystemslib.formats.encode_canonical(DATA_STR).encode('utf-8')
 
 
 
@@ -332,7 +333,8 @@ def test_verify_signature(self):
     # 'rsa_signature'. Function should return 'False'.
 
     # Modifying 'DATA'.
-    _DATA = '1111' + DATA + '1111'
+    _DATA_STR = '1111' + DATA_STR + '1111'
+    _DATA = securesystemslib.formats.encode_canonical(_DATA_STR).encode('utf-8')
 
     # Verifying the 'signature' of modified '_DATA'.
     verified = KEYS.verify_signature(self.rsakey_dict, rsa_signature, _DATA)