Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nistp384 signature verification support #228

Merged
merged 3 commits into from
Apr 9, 2020
Merged

Add nistp384 signature verification support #228

merged 3 commits into from
Apr 9, 2020

Conversation

lukpueh
Copy link
Member

@lukpueh lukpueh commented Apr 6, 2020

Fixes issue #:
Required for PEP 458

Description of the changes being introduced by the pull request:

  • Update public keys and internal ecdsa_keys modules to support verification of nistp384 signatures.
  • Update formats relevant for ecdsa keys and signature to support nistp384 in addition to the already supported nistp256.

Testing will be added in a subsequent PR that adds HSM signing and pubkey export functionality.

Please verify and check that the pull request fulfils the following
requirements:

  • The code follows the Code Style Guidelines
  • Tests have been added for the bug fix or new feature
  • Docs have been added for the bug fix or new feature

@lukpueh
Support nistp384 in ecdsa scheme and key formats
761aded 
Support nistp384 in addition to nistp256 in ECDSA signing scheme
and key formats, required for PEP458.

This commit also removes the related but obsolete
REQUIRED_LIBRARIES_SCHEMA, which was only used in the
long-gone check_crypto_libraries tuf function.

Note: This commit tries to blend in with the current sslib design.
I future work we should:
- define securesystemslib-wide constants instead of hardcoding
  strings over and over again (see item 3 in secure-systems-lab#183)
- re-think "key type" vs. "signature scheme"
@lukpueh
Use hash algo per ecdsa curve and add nistp384
3e8a3d9 
This commit adds support for verifying ecdsa signature on the
nistp384 curve with sha384 digests to the internal ecdsa_keys
module.

It does so by adding module global helper dictionary to map schemes
to hash algorithms.

Note: This commit tries to blend in with the current sslib design.
In future work we should:
- define securesystemslib-wide constants instead of hardcoding
  strings over and over again (see item 3 in secure-systems-lab#183)
@lukpueh
Add ecdsa-sha2-nistp384 support to keys.verify_sig
efe9afe 
Support nistp384 in addition to nistp256 in the
public keys.verify_signature interface.

Note: This commit tries to blend in with the current sslib design.
In future work we should:
- define securesystemslib-wide constants instead of hardcoding
  strings over and over again (see item 3 in secure-systems-lab#183)
- re-think "key type" vs. "signature scheme"
@coveralls
Copy link

coveralls commented Apr 6, 2020
edited
Loading

Coverage Status

Coverage remained the same at 98.714% when pulling efe9afe on lukpueh:add-nistp384-support into 7a9e620 on secure-systems-lab:master.

@lukpueh lukpueh requested a review from joshuagl April 6, 2020 16:33
@lukpueh lukpueh mentioned this pull request Apr 6, 2020
Closed
3 tasks
joshuagl
joshuagl approved these changes Apr 8, 2020
View reviewed changes
Copy link
Collaborator

@joshuagl joshuagl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the change Lukas. I appreciate you documenting why you made the changes this way and how you'd like to improve in future. This small series makes a good case for some of the changes suggested in #183

@lukpueh lukpueh merged commit 967c16b into secure-systems-lab:master Apr 9, 2020
@joshuagl joshuagl mentioned this pull request May 12, 2020
Merged
@lukpueh lukpueh mentioned this pull request Aug 20, 2020
Merged
3 tasks
@lukpueh lukpueh mentioned this pull request Feb 11, 2021
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshuagl joshuagl joshuagl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lukpueh @coveralls @joshuagl