-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: sphincs+ support, for post-quantum crypto #160
Conversation
Only the passing case was copied from ed25519, and inserted between the passing and failure case. This effectively removed error handling for incorrect ed25519 schemes.
I think that it's important that sphincs support and the use of pyspx (which is a bit new and could use more testing) be optional (not a requirement for ssl installation). What do you think, @SantiagoTorres? |
@@ -900,6 +900,260 @@ def import_ecdsa_privatekey_from_file(filepath, password=None): | |||
return key_object | |||
|
|||
|
|||
def generate_and_write_spx_keypair(filepath=None, password=None): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sidenote (doesn't have to be done for this PR): much of the code in this function is duplicated in multiple places: generate_and_write_..._keypair
. This makes it clear that we should modularize the generate functions and do things like argument checking, password prompting and format validation, temp file creation, writing, etc. in one place used by all the generate_...
functions.
The same goes for import_..._privatekey_...
.
|
||
|
||
|
||
def import_spx_publickey_from_file(filepath): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment requiring no change to this PR: this function can be generalized across all keytypes.
ACK,
How time-sensitive is this review? :)
Thanks!
-Santiago.
…On Tue, Nov 20, 2018 at 09:12:54AM -0800, Sebastien Awwad wrote:
I think that it's important that sphincs support and the use of pyspx (which is a bit new and could use more testing) be optional (not a requirement for ssl installation). What do you think, @SantiagoTorres?
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#160 (comment)
|
Just wanted to know if you have thoughts on optional-vs-required. No rush on that question. |
@cryptojedi and @joostrijneveld: This looks good. I'll make more comments later, but I very much appreciate the effort to make this fit the style of the code and include good docstrings. If you don't mind, I think I have to make a few edits to make the use of the sphincs+ implementation and pyspx optional before I can merge this. That'll entail a few edits after Thanksgiving (back on Monday). The thinking there is that pyspx is still pretty fresh and not heavily tested, and I don't think I should require folks using TUF to include it -- just allow them to use it optionally. |
# Generate the keyid of the Ed25519 key. 'key_value' corresponds to the | ||
# 'keyval' entry of the 'Ed25519KEY_SCHEMA' dictionary. The private key | ||
# Generate the keyid of the ECDSA key. 'key_value' corresponds to the | ||
# 'keyval' entry of the 'ECDSAKEY_SCHEMA' dictionary. The private key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
^_^ Thanks for the typo fix.
@awwad Sounds great, thanks! We didn’t really give making the dependency optional much thought (other than checking for potentially unsuccessful imports), but that definitely sounds like a good idea. I completely agree w.r.t the status of pyspx; I’ll make sure to add some more comprehensive tests. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a lot of the lines broken due to length could be refactored into multiple statements instead. A lot of the multiline string literals could be made a bit neater by using \n
escapes instead of literal new lines.
securesystemslib/formats.py
Outdated
@@ -227,7 +235,7 @@ | |||
# Supported TUF key types. | |||
KEYTYPE_SCHEMA = SCHEMA.OneOf( | |||
[SCHEMA.String('rsa'), SCHEMA.String('ed25519'), | |||
SCHEMA.String('ecdsa-sha2-nistp256')]) | |||
SCHEMA.String('ecdsa-sha2-nistp256'),SCHEMA.String('spx')]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't there be a space after the "," to be consistent with the previous line?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right; fixed!
# worry about leaking sensitive information about the key's location. | ||
# However, care should be taken when including the full path in exceptions | ||
# and log files. | ||
password = get_password('Enter a password for the SPX' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Multi-line strings like this are kind of confusing to mentally parse when combined with string concatenation. Is there maybe a more compact way to write these?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This addition is an artifact of code duplication, which seems out of scope for this pull request.
# to a programmer who can call the function with or without a 'password'. | ||
# Hence, we treat an empty password here, as if no 'password' was passed. | ||
password = get_password('Enter a password for an encrypted RSA' | ||
' file \'' + Fore.RED + filepath + Fore.RESET + '\': ', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the reason you chose single quotes for these literals instead of using double quotes such as in " file '" + ...
vs. 'file \''
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This addition is an artifact of code duplication, which seems out of scope for this pull request.
# If the JSON could not be decoded, it is very likely, but not necessarily, | ||
# due to a non-empty password. | ||
except securesystemslib.exceptions.Error: | ||
raise securesystemslib.exceptions\ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How come you broke the line before the "." instead of after like in previous statements?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This addition is an artifact of code duplication, which seems out of scope for this pull request.
|
||
signature = None | ||
|
||
# An if-clause is not strictly needed here, since 'spx' is the only |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we are bothering to handle the error with an else:
clause, wouldn't you agree that the if
check actually does matter? Maybe the comment could be reworded to reflect this if so.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This addition is an artifact of code duplication, which seems out of scope for this pull request.
Looks like the remaining issues are very minor code changes. @lukpueh would you kindly take a look? If it's very minor edits, please just make them and we can merge... |
Continued in #169. Closing here. |
This PR is to create a place to discuss the changes that @cryptojedi and @joostrijneveld have recommended for adding sphincs+ post-quantum crypto support to secure-systems-lib as a means to allow TUF and in-toto to make use of it.