Remove pubkey arg from spx_keys.create_signature

To create a signature the public key is not required.
secure-systems-lab · Jun 18, 2019 · a67a6b3 · a67a6b3
1 parent 335199d
commit a67a6b3
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 25 deletions.
diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py
@@ -798,11 +798,9 @@ def create_signature(key_dict, data):
         public, private, data, scheme)
 
   elif keytype == 'spx':
-    public = binascii.unhexlify(public.encode('utf-8'))
     private = binascii.unhexlify(private.encode('utf-8'))
-    sig, scheme = securesystemslib.spx_keys.create_signature(public,
-      private, data.encode('utf-8'), scheme)
-
+    sig, scheme = securesystemslib.spx_keys.create_signature(private,
+        data.encode('utf-8'), scheme)
 
   elif keytype == 'ecdsa-sha2-nistp256':
     sig, scheme = securesystemslib.ecdsa_keys.create_signature(

diff --git a/securesystemslib/spx_keys.py b/securesystemslib/spx_keys.py
@@ -114,7 +114,7 @@ def generate_public_and_private():
 
 
 
-def create_signature(public_key, private_key, data, scheme):
+def create_signature(private_key, data, scheme):
   """
   <Purpose>
     Return a (signature, scheme) tuple, where the signature scheme is 'spx'
@@ -125,22 +125,19 @@ def create_signature(public_key, private_key, data, scheme):
     >>> data = b'The quick brown fox jumps over the lazy dog'
     >>> scheme = 'spx'
     >>> signature, scheme = \
-        create_signature(public, private, data, scheme)
+        create_signature(private, data, scheme)
     >>> SPX_SIG_BYTES_SCHEMA.matches(signature)
     True
     >>> scheme == 'spx'
     True
     >>> signature, scheme = \
-        create_signature(public, private, data, scheme)
+        create_signature(private, data, scheme)
     >>> SPX_SIG_BYTES_SCHEMA.matches(signature)
     True
     >>> scheme == 'spx'
     True
 
   <Arguments>
-    public:
-      The spx public key, a simple byte string
-
     private:
       The spx private key, a simple byte string
 
@@ -163,13 +160,9 @@ def create_signature(public_key, private_key, data, scheme):
     A signature dictionary conformat to 'securesystemslib.format.SIGNATURE_SCHEMA'.  
   """
   # Validate arguments
-  SPX_PUBLIC_BYTES_SCHEMA.check_match(public_key)
   SPX_PRIVATE_BYTES_SCHEMA.check_match(private_key)
   securesystemslib.formats.SPX_SIG_SCHEMA.check_match(scheme)
 
-  # Signing the 'data' object requires a seed and public key.
-  # spx.signing.SigningKey.sign() generates the signature.
-  public = public_key
   private = private_key
 
   signature = None

diff --git a/tests/test_spx_keys.py b/tests/test_spx_keys.py
@@ -54,11 +54,10 @@ def test_generate_public_and_private(self):
 
 
   def test_create_signature(self):
-    global public
     global private
     data = b'The quick brown fox jumps over the lazy dog'
     scheme = 'spx'
-    signature, scheme = securesystemslib.spx_keys.create_signature(public,
+    signature, scheme = securesystemslib.spx_keys.create_signature(
         private, data, scheme)
 
     # Verify format of returned values.
@@ -70,16 +69,12 @@ def test_create_signature(self):
 
     # Check for improperly formatted argument.
     self.assertRaises(securesystemslib.exceptions.FormatError,
-        securesystemslib.spx_keys.create_signature, 123, private, data,
-        scheme)
-
-    self.assertRaises(securesystemslib.exceptions.FormatError,
-        securesystemslib.spx_keys.create_signature, public, 123, data,
+        securesystemslib.spx_keys.create_signature, 123, data,
         scheme)
 
     # Check for invalid 'data'.
     self.assertRaises(securesystemslib.exceptions.CryptoError,
-        securesystemslib.spx_keys.create_signature, public, private, 123,
+        securesystemslib.spx_keys.create_signature, private, 123,
         scheme)
 
 
@@ -88,8 +83,8 @@ def test_verify_signature(self):
     global private
     data = b'The quick brown fox jumps over the lazy dog'
     scheme = 'spx'
-    signature, scheme = securesystemslib.spx_keys.create_signature(public,
-        private, data, scheme)
+    signature, scheme = securesystemslib.spx_keys.create_signature(private,
+        data, scheme)
 
     valid_signature = securesystemslib.spx_keys.verify_signature(public,
         scheme, signature, data)
@@ -132,7 +127,7 @@ def test_verify_signature(self):
 
     # Generated signature created with different data.
     new_signature, scheme = securesystemslib.spx_keys.create_signature(
-        public, private, b'mismatched data', scheme)
+        private, b'mismatched data', scheme)
 
     self.assertEqual(False, securesystemslib.spx_keys.verify_signature(
         public, scheme, new_signature, data))