Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Signature class instances #409

Closed
wants to merge 3 commits into from
Closed

Add support for Signature class instances #409

wants to merge 3 commits into from

Conversation

PradyumnaKrishna
Copy link
Contributor

Fixes: #360

Description of the changes being introduced by the pull request:

Currently, verify_siganture() method takes a signature dictionary as parameter and there is no implementation for Signature class present in securesystemslib.signer. This Pull Request adds support for Signature class object in create_signature() and verify_signature() methods.

Please verify and check that the pull request fulfils the following requirements:

  • The code follows the Code Style Guidelines
  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@PradyumnaKrishna
Use signature object in create and verify methods
fb32269 
Returns signature object in create_signature()
Accepts signature object in verify_signature()
Update SSlibSigner sign method
Update tests
@PradyumnaKrishna
Update signature methods documentation
f943741 
Changes to docstring in verify_signature() and create_signature() method
in effect to accept and return signature class instance in respective
functions.
@jku
Copy link
Collaborator

jku commented Jun 2, 2022

Nice work. I think the high level issue here is that this is public API that is being used. So while I think something like this is indeed a good path forward -- in my opinion public API arguments and return values should be better defined than "it's a dict!" -- securesystemslib might not want to just change the API... But I'm just assuming: hopefully actual maintainers have opinions here.

@PradyumnaKrishna
Update check_public_interfaces.py test
c35619e 
Update test_keys() in tests.check_public_interfaces.py to send
signature object instead of a dict
@lukpueh
Copy link
Member

lukpueh commented Jun 3, 2022

Impeccable work, @PradyumnaKrishna. There is nothing for me to comment on in the patch. 💯

But @jku is right that we need to consider carefully if we want to merge (now) and thus disrupt in-toto/tuf operations in the next release.

I suggest we hold off with merging until we have a clear plan for #270.

cc @adityasaky, @SantiagoTorres

adityasaky
adityasaky reviewed Jun 3, 2022
View reviewed changes
Copy link
Member

@adityasaky adityasaky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the changes here, but I'm indeed wary about this breaking in-toto / python-tuf. That said, I suspect (I haven't had a chance to look) modifying both in parallel to switch away from the dict shouldn't be too difficult or a breaking change by any means. @PradyumnaKrishna, can I ask you to take a look at what it would mean to make that change? :)

securesystemslib/keys.py
{'keyid': 'f30a0870d026980100c0573bd557394f8c1bbd6...',
'sig': sig}.
keyid = 'f30a0870d026980100c0573bd557394f8c1bbd6...',
sig = sig
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps a better description / example here? sig = sig just looks a little funny hehe.

@PradyumnaKrishna
Copy link
Contributor Author

@adityasaky In in-toto, Metablock uses these functions in sign and verify_signature methods. in-toto metadata has a list of signatures, which also consist GPG Signatures in format of dict.
Simplest way to achieve this is by converting the Signature object to dict in sign function while converting the stored dict into a signature object in verify function of Metablock.

@adityasaky
Copy link
Member

@lukpueh @SantiagoTorres thoughts on modifying in-toto simultaneously?

@lukpueh
Copy link
Member

lukpueh commented Jun 21, 2022

I gave this more thought and would like to suggest to not touch keys.{create, verify}_signature for the time being. Let's instead settle on a good alternative first, start using it in tuf and in-toto, and only then deprecate/refactor the current signing/verifying API.

Good alternatives:

@lukpueh lukpueh mentioned this pull request Jun 21, 2022
Closed
MVrachev
MVrachev reviewed Jun 27, 2022
View reviewed changes
Copy link
Collaborator

@MVrachev MVrachev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the changes, good work!

securesystemslib/keys.py
@@ -803,14 +801,15 @@ def verify_signature(key_dict, signature, data):
formats.ANYKEY_SCHEMA.check_match(key_dict)

# Does 'signature' have the correct format?
formats.SIGNATURE_SCHEMA.check_match(signature)
if not isinstance(signature, signer.Signature):
raise exceptions.FormatError("Wanted a Signature object.")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit, feel free to ignore if you decide:
A comment I once got a while ago: Don't add dots or exclamation marks at the end of an exception message.

@lukpueh lukpueh mentioned this pull request Jul 6, 2022
Open
@jku
Copy link
Collaborator

jku commented Nov 14, 2022

My late review and links to related work -- I believe this mostly duplicates lukas last comment:

I think modifying keys module API is not a good idea:

  • it is a (hard) breaking change for all current users
  • keys module is not a great API as a whole, so getting it to a good place with small tweaks... is going to require a lot of small tweaks. So this would not be the last API break
  • I think the Signer + Key approach that was taken in the intoto branch (and in my related PR) are better: the create a better API on top of the current functionality. This allows us to see if the new API is good and if it is, then start deprecating and improving the implementation underneath -- requiring only one deprecation and API break. Whether signature verification is implemented in Key or Signature I don't care so much, but I do think keys module API should not change

Links:

  • intoto fork: this is a combination of Key changes, signer changes and a new DSSE enveloper implementation
  • My draft PR with Key + Signer improvements, partly overlapping with the above

I think this PR should maybe be closed?

@lukpueh
Copy link
Member

lukpueh commented Nov 15, 2022

Closing in favor of new API work (see #409 (comment), #409 (comment) and #270)

@lukpueh lukpueh closed this Nov 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MVrachev MVrachev MVrachev left review comments

@adityasaky adityasaky adityasaky left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

accept Signature in verify_signature()
5 participants
@PradyumnaKrishna @jku @lukpueh @adityasaky @MVrachev