Merge pull request #554 from ckilcoin/remove-old-schemes

Drop md5 and sha1 schemes from supported key schemes

securesystemslib/formats.py

@@ -141,8 +141,6 @@
 HASHALGORITHMS_SCHEMA = SCHEMA.ListOf(
     SCHEMA.OneOf(
         [
-            SCHEMA.String("md5"),
-            SCHEMA.String("sha1"),
             SCHEMA.String("sha224"),
             SCHEMA.String("sha256"),
             SCHEMA.String("sha384"),
@@ -252,12 +250,8 @@
 # RSA signature schemes.
 RSA_SCHEME_SCHEMA = SCHEMA.OneOf(
     [
-        SCHEMA.RegularExpression(
-            r"rsassa-pss-(md5|sha1|sha224|sha256|sha384|sha512)"
-        ),
-        SCHEMA.RegularExpression(
-            r"rsa-pkcs1v15-(md5|sha1|sha224|sha256|sha384|sha512)"
-        ),
+        SCHEMA.RegularExpression(r"rsassa-pss-(sha224|sha256|sha384|sha512)"),
+        SCHEMA.RegularExpression(r"rsa-pkcs1v15-(sha224|sha256|sha384|sha512)"),
     ]
 )
 

securesystemslib/hash.py

@@ -41,8 +41,6 @@
 
     # Dictionary of `pyca/cryptography` supported hash algorithms.
     PYCA_DIGEST_OBJECTS_CACHE = {
-        "md5": _pyca_hashes.MD5,
-        "sha1": _pyca_hashes.SHA1,
         "sha224": _pyca_hashes.SHA224,
         "sha256": _pyca_hashes.SHA256,
         "sha384": _pyca_hashes.SHA384,
@@ -142,7 +140,7 @@ def digest(algorithm=DEFAULT_HASH_ALGORITHM, hash_library=DEFAULT_HASH_LIBRARY):
 
     <Arguments>
       algorithm:
-        The hash algorithm (e.g., 'md5', 'sha1', 'sha256').
+        The hash algorithm (e.g., 'sha256', 'sha512').
 
       hash_library:
         The crypto library to use for the given hash algorithm (e.g., 'hashlib').
@@ -230,7 +228,7 @@ def digest_fileobject(
         to update the hash of a digest object to be returned.
 
       algorithm:
-        The hash algorithm (e.g., 'md5', 'sha1', 'sha256').
+        The hash algorithm (e.g., 'sha256', 'sha512').
 
       hash_library:
         The library providing the hash algorithms (e.g., 'hashlib').
@@ -329,7 +327,7 @@ def digest_filename(
         The filename belonging to the file object to be used.
 
       algorithm:
-        The hash algorithm (e.g., 'md5', 'sha1', 'sha256').
+        The hash algorithm (e.g., 'sha256', 'sha512').
 
       hash_library:
         The library providing the hash algorithms (e.g., 'hashlib').

securesystemslib/keys.py

@@ -73,14 +73,10 @@
 
 
 RSA_SIGNATURE_SCHEMES = [
-    "rsassa-pss-md5",
-    "rsassa-pss-sha1",
     "rsassa-pss-sha224",
     "rsassa-pss-sha256",
     "rsassa-pss-sha384",
     "rsassa-pss-sha512",
-    "rsa-pkcs1v15-md5",
-    "rsa-pkcs1v15-sha1",
     "rsa-pkcs1v15-sha224",
     "rsa-pkcs1v15-sha256",
     "rsa-pkcs1v15-sha384",

securesystemslib/signer/__init__.py

@@ -36,14 +36,10 @@
         ("ecdsa-sha2-nistp256", "ecdsa-sha2-nistp256"): SSlibKey,
         ("ecdsa-sha2-nistp384", "ecdsa-sha2-nistp384"): SSlibKey,
         ("ed25519", "ed25519"): SSlibKey,
-        ("rsa", "rsassa-pss-md5"): SSlibKey,
-        ("rsa", "rsassa-pss-sha1"): SSlibKey,
         ("rsa", "rsassa-pss-sha224"): SSlibKey,
         ("rsa", "rsassa-pss-sha256"): SSlibKey,
         ("rsa", "rsassa-pss-sha384"): SSlibKey,
         ("rsa", "rsassa-pss-sha512"): SSlibKey,
-        ("rsa", "rsa-pkcs1v15-md5"): SSlibKey,
-        ("rsa", "rsa-pkcs1v15-sha1"): SSlibKey,
         ("rsa", "rsa-pkcs1v15-sha224"): SSlibKey,
         ("rsa", "rsa-pkcs1v15-sha256"): SSlibKey,
         ("rsa", "rsa-pkcs1v15-sha384"): SSlibKey,

tests/test_formats.py

@@ -107,50 +107,34 @@ def test_schemas(self):
                 {"public": "pubkey", "private": ""},
             ),
             "RSA_SCHEME_SCHEMA_RSASSA_PSS": (
-                securesystemslib.formats.RSA_SCHEME_SCHEMA,
-                "rsassa-pss-md5",
-            ),
-            "RSA_SCHEME_SCHEMA_RSASSA_PSS_2": (
-                securesystemslib.formats.RSA_SCHEME_SCHEMA,
-                "rsassa-pss-sha1",
-            ),
-            "RSA_SCHEME_SCHEMA_RSASSA_PSS_3": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsassa-pss-sha224",
             ),
-            "RSA_SCHEME_SCHEMA_RSASSA_PSS_4": (
+            "RSA_SCHEME_SCHEMA_RSASSA_PSS_2": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsassa-pss-sha256",
             ),
-            "RSA_SCHEME_SCHEMA_RSASSA_PSS_5": (
+            "RSA_SCHEME_SCHEMA_RSASSA_PSS_3": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsassa-pss-sha384",
             ),
-            "RSA_SCHEME_SCHEMA_RSASSA_PSS_6": (
+            "RSA_SCHEME_SCHEMA_RSASSA_PSS_4": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsassa-pss-sha512",
             ),
             "RSA_SCHEME_SCHEMA_PKCS1v15": (
-                securesystemslib.formats.RSA_SCHEME_SCHEMA,
-                "rsa-pkcs1v15-md5",
-            ),
-            "RSA_SCHEME_SCHEMA_PKCS1v15_2": (
-                securesystemslib.formats.RSA_SCHEME_SCHEMA,
-                "rsa-pkcs1v15-sha1",
-            ),
-            "RSA_SCHEME_SCHEMA_PKCS1v15_3": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsa-pkcs1v15-sha224",
             ),
-            "RSA_SCHEME_SCHEMA_PKCS1v15_4": (
+            "RSA_SCHEME_SCHEMA_PKCS1v15_2": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsa-pkcs1v15-sha256",
             ),
-            "RSA_SCHEME_SCHEMA_PKCS1v15_5": (
+            "RSA_SCHEME_SCHEMA_PKCS1v15_3": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsa-pkcs1v15-sha384",
             ),
-            "RSA_SCHEME_SCHEMA_PKCS1v15_6": (
+            "RSA_SCHEME_SCHEMA_PKCS1v15_4": (
                 securesystemslib.formats.RSA_SCHEME_SCHEMA,
                 "rsa-pkcs1v15-sha512",
             ),

tests/test_hash.py

@@ -50,8 +50,6 @@ def _run_with_all_algos_and_libs(
         self, test_func
     ):  # pylint: disable=missing-function-docstring
         algorithms = [
-            "md5",
-            "sha1",
             "sha224",
             "sha256",
             "sha384",
@@ -97,18 +95,6 @@ def _do_algorithm_update(
                 "2b68156e70f71280f7ad021f74620446ee49613a7ed34f5220da7b1dbae9adb2",
                 "2b68156e70f71280f7ad021f74620446ee49613a7ed34f5220da7b1dbae9adb2",
             ],
-            "md5": [
-                "d41d8cd98f00b204e9800998ecf8427e",
-                "0cc175b9c0f1b6a831c399e269772661",
-                "f034e93091235adbb5d2781908e2b313",
-                "f034e93091235adbb5d2781908e2b313",
-            ],
-            "sha1": [
-                "da39a3ee5e6b4b0d3255bfef95601890afd80709",
-                "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8",
-                "d7bfa42fc62b697bf6cf1cda9af1fb7f40a27817",
-                "d7bfa42fc62b697bf6cf1cda9af1fb7f40a27817",
-            ],
             "sha224": [
                 "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f",
                 "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5",
@@ -155,12 +141,6 @@ def test_blake2b_256_update(self):
             self._do_algorithm_update, "blake2b-256"
         )
 
-    def test_md5_update(self):
-        self._run_with_all_hash_libraries(self._do_algorithm_update, "md5")
-
-    def test_sha1_update(self):
-        self._run_with_all_hash_libraries(self._do_algorithm_update, "sha1")
-
     def test_sha224_update(self):
         self._run_with_all_hash_libraries(self._do_algorithm_update, "sha224")
 
@@ -193,8 +173,6 @@ def _do_digest_size(
         self, library, algorithm
     ):  # pylint: disable=missing-function-docstring
         digest_sizes = {
-            "md5": 16,
-            "sha1": 20,
             "sha224": 28,
             "sha256": 32,
             "sha384": 48,