Add the Signer interface and the SSlibSigner

Signed-off-by: Martin Vrachev <[email protected]>
secure-systems-lab · Feb 9, 2021 · 919b3d2 · 919b3d2
1 parent cd841cd
commit 919b3d2
Showing 1 changed file with 127 additions and 0 deletions.
diff --git a/securesystemslib/signer.py b/securesystemslib/signer.py
@@ -0,0 +1,127 @@
+"""
+<Program Name>
+  signer.py
+
+<Author>
+  Martin Vrachev <[email protected]>
+
+<Started>
+  Januart 27, 2021.
+
+<Copyright>
+  See LICENSE for licensing information.
+
+<Purpose>
+  The goal of this module is to provide signing interface supporting multiple
+  signing implementations.
+"""
+
+import abc
+import securesystemslib.keys as sslib_keys
+
+
+
+class Signature:
+  """
+  <Purpose>
+    Storage class containing information about a signature and the keyid
+    uniquely identifying the key used to generate the signature.
+
+  <Attributes>
+    keyid: HEX string used as a unique identifier of the key.
+    signature: HEX string representing the signature.
+  """
+  def __init__(self, keyid, sig):
+    self.keyid = keyid
+    self.signature = sig
+
+
+  def to_dict(self):
+    """
+    <Purpose>
+      Returns the JSON-serializable dictionary representation of self.
+    """
+    return {
+      "keyid": self.keyid,
+      "sig": self.signature
+      }
+
+
+
+class Signer:
+  """
+  <Purpose>
+    Signer interface created to support multiple signing implementations.
+  """
+
+  __metaclass__ = abc.ABCMeta
+
+  @abc.abstractmethod
+  def sign(payload):
+    """
+    <Purpose>
+      Abstract function used for signig a given payload by the key assigned
+      to the Signer instance.
+
+    <Arguments>
+      payload: bytes to be signed
+
+    <Returns>
+      Returns a "Signature" class instance containing the signature and the
+      the keyid which uniquely identifies the key used for signature generation.
+    """
+    pass
+
+
+
+class SSlibSigner(Signer):
+  """
+    <Purpose>
+      Securesystemslib default implementation of the "Signer" interface.
+      With this implementation the following signature schemas are supported:
+
+      'RSASSA-PSS'
+      RFC3447 - RSASSA-PSS
+      http://www.ietf.org/rfc/rfc3447.
+
+      'ed25519'
+      ed25519 - high-speed high security signatures
+      http://ed25519.cr.yp.to/
+
+    <Attributes>
+      key_dict:
+        A dictionary containing the keys. Both private and public keys are
+        needed.
+        Which signature to generate is determined by the key type of 'key_dict'
+        and the available cryptography library specified in 'settings'.
+
+        An example RSA key dict has the form:
+
+        {'keytype': 'rsa',
+        'scheme': 'rsassa-pss-sha256',
+        'keyid': 'f30a0870d026980100c0573bd557394f8c1bbd6...',
+        'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
+                    'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
+
+        The public and private keys are strings in PEM format.
+  """
+  def __init__(self, key_dict):
+    self.key_dict = key_dict
+
+
+  def sign(self, payload):
+    """
+    <Purpose>
+      Used for signing a given payload by the key assigned to the
+      SSlibSigner instance.
+
+    <Arguments>
+      payload: bytes to be signed
+
+    <Returns>
+      Returns a "Signature" class instance containing the signature and the
+      the keyid which uniquely identifies the key used for signature generation.
+    """
+
+    sig_dict = sslib_keys.create_signature(self.key_dict, payload)
+    return Signature(**sig_dict)