From 919b3d25482c3a54008adfe7668cac2a9583b11b Mon Sep 17 00:00:00 2001 From: Martin Vrachev Date: Wed, 3 Feb 2021 18:39:57 +0200 Subject: [PATCH] Add the Signer interface and the SSlibSigner Signed-off-by: Martin Vrachev --- securesystemslib/signer.py | 127 +++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 securesystemslib/signer.py diff --git a/securesystemslib/signer.py b/securesystemslib/signer.py new file mode 100644 index 000000000..ceedadd83 --- /dev/null +++ b/securesystemslib/signer.py @@ -0,0 +1,127 @@ +""" + + signer.py + + + Martin Vrachev + + + Januart 27, 2021. + + + See LICENSE for licensing information. + + + The goal of this module is to provide signing interface supporting multiple + signing implementations. +""" + +import abc +import securesystemslib.keys as sslib_keys + + + +class Signature: + """ + + Storage class containing information about a signature and the keyid + uniquely identifying the key used to generate the signature. + + + keyid: HEX string used as a unique identifier of the key. + signature: HEX string representing the signature. + """ + def __init__(self, keyid, sig): + self.keyid = keyid + self.signature = sig + + + def to_dict(self): + """ + + Returns the JSON-serializable dictionary representation of self. + """ + return { + "keyid": self.keyid, + "sig": self.signature + } + + + +class Signer: + """ + + Signer interface created to support multiple signing implementations. + """ + + __metaclass__ = abc.ABCMeta + + @abc.abstractmethod + def sign(payload): + """ + + Abstract function used for signig a given payload by the key assigned + to the Signer instance. + + + payload: bytes to be signed + + + Returns a "Signature" class instance containing the signature and the + the keyid which uniquely identifies the key used for signature generation. + """ + pass + + + +class SSlibSigner(Signer): + """ + + Securesystemslib default implementation of the "Signer" interface. + With this implementation the following signature schemas are supported: + + 'RSASSA-PSS' + RFC3447 - RSASSA-PSS + http://www.ietf.org/rfc/rfc3447. + + 'ed25519' + ed25519 - high-speed high security signatures + http://ed25519.cr.yp.to/ + + + key_dict: + A dictionary containing the keys. Both private and public keys are + needed. + Which signature to generate is determined by the key type of 'key_dict' + and the available cryptography library specified in 'settings'. + + An example RSA key dict has the form: + + {'keytype': 'rsa', + 'scheme': 'rsassa-pss-sha256', + 'keyid': 'f30a0870d026980100c0573bd557394f8c1bbd6...', + 'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...', + 'private': '-----BEGIN RSA PRIVATE KEY----- ...'}} + + The public and private keys are strings in PEM format. + """ + def __init__(self, key_dict): + self.key_dict = key_dict + + + def sign(self, payload): + """ + + Used for signing a given payload by the key assigned to the + SSlibSigner instance. + + + payload: bytes to be signed + + + Returns a "Signature" class instance containing the signature and the + the keyid which uniquely identifies the key used for signature generation. + """ + + sig_dict = sslib_keys.create_signature(self.key_dict, payload) + return Signature(**sig_dict)