From 61fd02a89edb34a36a55959d68afb51c41ab432c Mon Sep 17 00:00:00 2001
From: Martin Vrachev <mvrachev@vmware.com>
Date: Wed, 10 Feb 2021 22:16:48 +0200
Subject: [PATCH] Update doc for ecdsa-sha2-nistp384 schema

Update the documentation regarding the supported older versions
of the ecdsa schemas.

The function documentation of
securesystemslib.keys.create_signature() doesn't mention the support
for the older 'ecdsa-sha2-nistp256' schema.

Another problem is the comments in the code suggest we are supporting
the creation of 'ecdsa-sha2-nistp384' signatures which is not true.
If you read the securesystemslib.ecdsa_keys.create_signature()
function you will find we only support 'ecdsa-sha2-nistp256'.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
---
 securesystemslib/keys.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py
index e04f4c89a..37c992770 100755
--- a/securesystemslib/keys.py
+++ b/securesystemslib/keys.py
@@ -619,6 +619,9 @@ def create_signature(key_dict, data):
     ed25519 - high-speed high security signatures
     http://ed25519.cr.yp.to/
 
+    'ecdsa-sha2-nistp256'
+    https://tools.ietf.org/html/rfc5656
+
     Which signature to generate is determined by the key type of 'key_dict'
     and the available cryptography library specified in 'settings'.
 
@@ -684,7 +687,7 @@ def create_signature(key_dict, data):
 
   # Signing the 'data' object requires a private key. Signing schemes that are
   # currently supported are: 'ed25519', 'ecdsa-sha2-nistp256',
-  # 'ecdsa-sha2-nistp384' and rsa schemes defined in
+  # and rsa schemes defined in
   # `securesystemslib.keys.RSA_SIGNATURE_SCHEMES`.
   # RSASSA-PSS and RSA-PKCS1v15 keys and signatures can be generated and
   # verified by rsa_keys.py, and Ed25519 keys by PyNaCl and PyCA's
@@ -713,9 +716,9 @@ def create_signature(key_dict, data):
     sig, scheme = securesystemslib.ed25519_keys.create_signature(
         public, private, data, scheme)
 
-  # Continue to support keytypes of ecdsa-sha2-nistp256 and ecdsa-sha2-nistp384
+  # Continue to support keytypes of ecdsa-sha2-nistp256
   # for backwards compatibility with older securesystemslib releases
-  elif keytype in ['ecdsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384']:
+  elif keytype in ['ecdsa', 'ecdsa-sha2-nistp256',]:
     sig, scheme = securesystemslib.ecdsa_keys.create_signature(
         public, private, data, scheme)