From efe9afe9fcaa4dc3a42b7f22f6a062159908df9f Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Mon, 6 Apr 2020 18:03:36 +0200 Subject: [PATCH] Add ecdsa-sha2-nistp384 support to keys.verify_sig Support nistp384 in addition to nistp256 in the public keys.verify_signature interface. Note: This commit tries to blend in with the current sslib design. In future work we should: - define securesystemslib-wide constants instead of hardcoding strings over and over again (see item 3 in #183) - re-think "key type" vs. "signature scheme" --- securesystemslib/keys.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py index 44262d0c..ac995894 100755 --- a/securesystemslib/keys.py +++ b/securesystemslib/keys.py @@ -847,8 +847,8 @@ def verify_signature(key_dict, signature, data): raise securesystemslib.exceptions.UnsupportedAlgorithmError('Unsupported' ' signature scheme is specified: ' + repr(scheme)) - elif keytype == 'ecdsa-sha2-nistp256': - if scheme == 'ecdsa-sha2-nistp256': + elif keytype in ['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384']: + if scheme in ['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384']: valid_signature = securesystemslib.ecdsa_keys.verify_signature(public, scheme, sig, data)