-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signer: deduplicate signing scheme dissection #594
Labels
Comments
lukpueh
added a commit
to lukpueh/securesystemslib
that referenced
this issue
Apr 9, 2024
The function "digest_from_rsa_scheme" doesn't seem to be used anywhere (according to sourcegraph.com), not even in securesystemslib.signer, where the same functionality is replicated several times (see secure-systems-lab#594).
lukpueh
added a commit
to lukpueh/securesystemslib
that referenced
this issue
Apr 9, 2024
The function "digest_from_rsa_scheme" doesn't seem to be used anywhere (according to sourcegraph.com), not even in securesystemslib.signer, where the same functionality is replicated several times (see secure-systems-lab#594).
lukpueh
added a commit
to lukpueh/securesystemslib
that referenced
this issue
Apr 10, 2024
In prepartion for the removal of schema.py (secure-systems-lab#183), this patch removes schema checks of function arguments in hash.py and one entire function. The removed checks are obfuscated "is string" checks, and without them invalid args are still caught in the `digest` function, where they all end up and raise a more meaningful UnsupportedLibraryError or UnsupportedAlgorithmError if invalid. The removed function `digest_from_rsa_scheme` doesn't seem to be used anywhere (according to sourcegraph.com) not even in securesystemslib.signer, where the same functionality is replicated several times (see secure-systems-lab#594). Removing it here allows to ignore a slightly more complex schema check. Signed-off-by: Lukas Puehringer <[email protected]>
lukpueh
added a commit
to lukpueh/securesystemslib
that referenced
this issue
Apr 15, 2024
In prepartion for the removal of schema.py (secure-systems-lab#183), this patch removes schema checks of function arguments in hash.py and one entire function. The removed checks are obfuscated "is string" checks, and without them invalid args are still caught in the `digest` function, where they all end up and raise a more meaningful UnsupportedLibraryError or UnsupportedAlgorithmError if invalid. The removed function `digest_from_rsa_scheme` doesn't seem to be used anywhere (according to sourcegraph.com) not even in securesystemslib.signer, where the same functionality is replicated several times (see secure-systems-lab#594). Removing it here allows to ignore a slightly more complex schema check. Signed-off-by: Lukas Puehringer <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is some duplicate code in
securesystemslib.signer
to dissect signing schemes, in order to figure out theIt would be nice to provide a signer-wide helper function or map.
hint: the code can be found by grepping for
split
, also in pending PRs: #585, #588, #590. Note that we usually first extract the substring (which is the same for all schemes) and then map them e.g. to specific hash constants or objects (which differs between signers).related: #593
The text was updated successfully, but these errors were encountered: