Add ecdsa-sha2-nistp384 support to keys.verify_sig

Support nistp384 in addition to nistp256 in the public keys.verify_signature interface. Note: This commit tries to blend in with the current sslib design. In future work we should: - define securesystemslib-wide constants instead of hardcoding strings over and over again (see item 3 in #183) - re-think "key type" vs. "signature scheme"
secure-systems-lab · Apr 6, 2020 · efe9afe · efe9afe
1 parent 3e8a3d9
commit efe9afe
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py
@@ -847,8 +847,8 @@ def verify_signature(key_dict, signature, data):
       raise securesystemslib.exceptions.UnsupportedAlgorithmError('Unsupported'
           ' signature scheme is specified: ' + repr(scheme))
 
-  elif keytype == 'ecdsa-sha2-nistp256':
-    if scheme == 'ecdsa-sha2-nistp256':
+  elif keytype in ['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384']:
+    if scheme in ['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384']:
       valid_signature = securesystemslib.ecdsa_keys.verify_signature(public,
         scheme, sig, data)