Update doc for ecdsa-sha2-nistp384 schema

Update the documentation regarding the supported older versions of the ecdsa schemas. The function documentation of securesystemslib.keys.create_signature() doesn't mention the support for the older 'ecdsa-sha2-nistp256' schema. Another problem is the comments in the code suggest we are supporting the creation of 'ecdsa-sha2-nistp384' signatures which is not true. If you read the securesystemslib.ecdsa_keys.create_signature() function you will find we only support 'ecdsa-sha2-nistp256'. Signed-off-by: Martin Vrachev <[email protected]>
secure-systems-lab · Feb 10, 2021 · 61fd02a · 61fd02a
1 parent 0285e39
commit 61fd02a
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py
@@ -619,6 +619,9 @@ def create_signature(key_dict, data):
     ed25519 - high-speed high security signatures
     http://ed25519.cr.yp.to/
 
+    'ecdsa-sha2-nistp256'
+    https://tools.ietf.org/html/rfc5656
+
     Which signature to generate is determined by the key type of 'key_dict'
     and the available cryptography library specified in 'settings'.
 
@@ -684,7 +687,7 @@ def create_signature(key_dict, data):
 
   # Signing the 'data' object requires a private key. Signing schemes that are
   # currently supported are: 'ed25519', 'ecdsa-sha2-nistp256',
-  # 'ecdsa-sha2-nistp384' and rsa schemes defined in
+  # and rsa schemes defined in
   # `securesystemslib.keys.RSA_SIGNATURE_SCHEMES`.
   # RSASSA-PSS and RSA-PKCS1v15 keys and signatures can be generated and
   # verified by rsa_keys.py, and Ed25519 keys by PyNaCl and PyCA's
@@ -713,9 +716,9 @@ def create_signature(key_dict, data):
     sig, scheme = securesystemslib.ed25519_keys.create_signature(
         public, private, data, scheme)
 
-  # Continue to support keytypes of ecdsa-sha2-nistp256 and ecdsa-sha2-nistp384
+  # Continue to support keytypes of ecdsa-sha2-nistp256
   # for backwards compatibility with older securesystemslib releases
-  elif keytype in ['ecdsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384']:
+  elif keytype in ['ecdsa', 'ecdsa-sha2-nistp256',]:
     sig, scheme = securesystemslib.ecdsa_keys.create_signature(
         public, private, data, scheme)