From aef86c64e44dab96a31061e98612f15a77130d34 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Tue, 9 Apr 2024 11:27:43 +0200 Subject: [PATCH] Remove unused function and schema checks in hash In prepartion for the removal of schema.py (#183), this patch removes schema checks of function arguments in hash.py and one entire function. The removed checks are obfuscated "is string" checks, and without them invalid args are still caught in the `digest` function, where they all end up and raise a more meaningful UnsupportedLibraryError or UnsupportedAlgorithmError if invalid. The removed function `digest_from_rsa_scheme` doesn't seem to be used anywhere (according to sourcegraph.com) not even in securesystemslib.signer, where the same functionality is replicated several times (see #594). Removing it here allows to ignore a slightly more complex schema check. Signed-off-by: Lukas Puehringer --- securesystemslib/hash.py | 69 +--------------------------------------- tests/test_hash.py | 29 ----------------- 2 files changed, 1 insertion(+), 97 deletions(-) diff --git a/securesystemslib/hash.py b/securesystemslib/hash.py index 59aaace4..55c874ed 100755 --- a/securesystemslib/hash.py +++ b/securesystemslib/hash.py @@ -23,7 +23,7 @@ import hashlib -from securesystemslib import exceptions, formats +from securesystemslib import exceptions from securesystemslib.storage import FilesystemBackend DEFAULT_CHUNK_SIZE = 4096 @@ -145,9 +145,6 @@ def digest(algorithm=DEFAULT_HASH_ALGORITHM, hash_library=DEFAULT_HASH_LIBRARY): The crypto library to use for the given hash algorithm (e.g., 'hashlib'). - securesystemslib.exceptions.FormatError, if the arguments are - improperly formatted. - securesystemslib.exceptions.UnsupportedAlgorithmError, if an unsupported hashing algorithm is specified, or digest could not be generated with given the algorithm. @@ -166,11 +163,6 @@ def digest(algorithm=DEFAULT_HASH_ALGORITHM, hash_library=DEFAULT_HASH_LIBRARY): PycaDiggestWrapper object """ - # Are the arguments properly formatted? If not, raise - # 'securesystemslib.exceptions.FormatError'. - formats.NAME_SCHEMA.check_match(algorithm) - formats.NAME_SCHEMA.check_match(hash_library) - # Was a hashlib digest object requested and is it supported? # If so, return the digest object. if hash_library == "hashlib" and hash_library in SUPPORTED_LIBRARIES: @@ -260,12 +252,6 @@ def digest_fileobject( hashlib.new(algorithm) or PycaDiggestWrapper object """ - - # Are the arguments properly formatted? If not, raise - # 'securesystemslib.exceptions.FormatError'. - formats.NAME_SCHEMA.check_match(algorithm) - formats.NAME_SCHEMA.check_match(hash_library) - # Digest object returned whose hash will be updated using 'file_object'. # digest() raises: # securesystemslib.exceptions.UnsupportedAlgorithmError @@ -340,9 +326,6 @@ def digest_filename( passed a FilesystemBackend will be instantiated and used. - securesystemslib.exceptions.FormatError, if the arguments are - improperly formatted. - securesystemslib.exceptions.UnsupportedAlgorithmError, if the given 'algorithm' is unsupported. @@ -361,12 +344,6 @@ def digest_filename( hashlib.new(algorithm) or PycaDiggestWrapper object """ - # Are the arguments properly formatted? If not, raise - # 'securesystemslib.exceptions.FormatError'. - formats.PATH_SCHEMA.check_match(filename) - formats.NAME_SCHEMA.check_match(algorithm) - formats.NAME_SCHEMA.check_match(hash_library) - digest_object = None if storage_backend is None: @@ -383,47 +360,3 @@ def digest_filename( ) return digest_object - - -def digest_from_rsa_scheme(scheme, hash_library=DEFAULT_HASH_LIBRARY): - """ - - Get digest object from RSA scheme. - - - scheme: - A string that indicates the signature scheme used to generate - 'signature'. - - hash_library: - The crypto library to use for the given hash algorithm (e.g., 'hashlib'). - - - securesystemslib.exceptions.FormatError, if the arguments are - improperly formatted. - - securesystemslib.exceptions.UnsupportedAlgorithmError, if an unsupported - hashing algorithm is specified, or digest could not be generated with given - the algorithm. - - securesystemslib.exceptions.UnsupportedLibraryError, if an unsupported - library was requested via 'hash_library'. - - - None. - - - Digest object - - e.g. - hashlib.new(algorithm) or - PycaDiggestWrapper object - """ - # Are the arguments properly formatted? If not, raise - # 'securesystemslib.exceptions.FormatError'. - formats.RSA_SCHEME_SCHEMA.check_match(scheme) - - # Get hash algorithm from rsa scheme (hash algorithm id is specified after - # the last dash; e.g. rsassa-pss-sha256 -> sha256) - hash_algorithm = scheme.split("-")[-1] - return digest(hash_algorithm, hash_library) diff --git a/tests/test_hash.py b/tests/test_hash.py index b69a1947..fa91e2ae 100755 --- a/tests/test_hash.py +++ b/tests/test_hash.py @@ -256,35 +256,6 @@ def _do_update_file_obj( # to always seek to the beginning. self.assertEqual(digest_object_truth.digest(), digest_object.digest()) - def test_digest_from_rsa_scheme(self): - self._run_with_all_hash_libraries( - self._do_get_digest_from_rsa_valid_schemes, "sha256" - ) - self._run_with_all_hash_libraries( - self._do_get_digest_from_rsa_non_valid_schemes, "sha256" - ) - - def _do_get_digest_from_rsa_valid_schemes(self, library, algorithm): - scheme = "rsassa-pss-sha256" - expected_digest_cls = type( - securesystemslib.hash.digest(algorithm, library) - ) - - self.assertIsInstance( - securesystemslib.hash.digest_from_rsa_scheme(scheme, library), - expected_digest_cls, - ) - - def _do_get_digest_from_rsa_non_valid_schemes( - self, library, algorithm - ): # pylint: disable=unused-argument - self.assertRaises( - securesystemslib.exceptions.FormatError, - securesystemslib.hash.digest_from_rsa_scheme, - "rsassa-pss-sha123", - library, - ) - def test_unsupported_digest_algorithm_and_library(self): self.assertRaises( securesystemslib.exceptions.UnsupportedAlgorithmError,