Merge branch 'lukpueh-update-import-keys'

Author: vladimir-v-diaz

securesystemslib/formats.py

@@ -237,10 +237,13 @@
   keyval = KEYVAL_SCHEMA,
   expires = SCHEMA.Optional(ISO8601_DATETIME_SCHEMA))
 
-# Like KEY_SCHEMA, but requires keyval's private portion to be not set or empty
+# Like KEY_SCHEMA, but requires keyval's private portion to be unset or empty,
+# and optionally includes the supported keyid hash algorithms used to generate
+# the key's keyid.
 PUBLIC_KEY_SCHEMA = SCHEMA.Object(
-  object_name = 'KEY_SCHEMA',
+  object_name = 'PUBLIC_KEY_SCHEMA',
   keytype = SCHEMA.AnyString(),
+  keyid_hash_algorithms = SCHEMA.Optional(HASHALGORITHMS_SCHEMA),
   keyval = PUBLIC_KEYVAL_SCHEMA,
   expires = SCHEMA.Optional(ISO8601_DATETIME_SCHEMA))
 

securesystemslib/interface.py

@@ -42,7 +42,7 @@
 import random
 
 import securesystemslib.formats
-import securesystemslib.formats
+import securesystemslib.settings
 import securesystemslib.util
 import securesystemslib.keys
 
@@ -525,6 +525,11 @@ def import_ed25519_privatekey_from_file(filepath, password=None):
     message = 'Invalid key type loaded: ' + repr(key_object['keytype'])
     raise securesystemslib.exceptions.FormatError(message)
 
+  # Add "keyid_hash_algorithms" so that equal ed25519 keys with
+  # different keyids can be associated using supported keyid_hash_algorithms.
+  key_object['keyid_hash_algorithms'] = \
+      securesystemslib.settings.HASH_ALGORITHMS
+
   return key_object
 
 
@@ -745,6 +750,11 @@ def import_ecdsa_privatekey_from_file(filepath, password=None):
     message = 'Invalid key type loaded: ' + repr(key_object['keytype'])
     raise securesystemslib.exceptions.FormatError(message)
 
+  # Add "keyid_hash_algorithms" so that equal ecdsa keys with different keyids
+  # can be associated using supported keyid_hash_algorithms.
+  key_object['keyid_hash_algorithms'] = \
+      securesystemslib.settings.HASH_ALGORITHMS
+
   return key_object
 
 

securesystemslib/keys.py

@@ -358,6 +358,11 @@ def generate_ecdsa_key(algorithm='ecdsa-sha2-nistp256'):
   ecdsa_key['keyid'] = keyid
   ecdsa_key['keyval'] = key_value
 
+  # Add "keyid_hash_algorithms" so that equal ECDSA keys with different keyids
+  # can be associated using supported keyid_hash_algorithms.
+  ecdsa_key['keyid_hash_algorithms'] = \
+      securesystemslib.settings.HASH_ALGORITHMS
+
   return ecdsa_key
 
 
@@ -1244,6 +1249,11 @@ def import_rsakey_from_public_pem(pem):
   rsakey_dict['keyid'] = keyid
   rsakey_dict['keyval'] = key_value
 
+  # Add "keyid_hash_algorithms" so that equal RSA keys with different keyids
+  # can be associated using supported keyid_hash_algorithms.
+  rsakey_dict['keyid_hash_algorithms'] = \
+      securesystemslib.settings.HASH_ALGORITHMS
+
   return rsakey_dict
 
 
@@ -1315,6 +1325,11 @@ def import_rsakey_from_pem(pem):
   rsakey_dict['keyid'] = keyid
   rsakey_dict['keyval'] = key_value
 
+  # Add "keyid_hash_algorithms" so that equal RSA keys with
+  # different keyids can be associated using supported keyid_hash_algorithms.
+  rsakey_dict['keyid_hash_algorithms'] = \
+      securesystemslib.settings.HASH_ALGORITHMS
+
   return rsakey_dict
 
 
@@ -1893,6 +1908,11 @@ def import_ecdsakey_from_private_pem(pem, password=None):
   ecdsakey_dict['keyid'] = keyid
   ecdsakey_dict['keyval'] = key_value
 
+  # Add "keyid_hash_algorithms" so equal ECDSA keys with
+  # different keyids can be associated using supported keyid_hash_algorithms
+  ecdsakey_dict['keyid_hash_algorithms'] = \
+    securesystemslib.settings.HASH_ALGORITHMS
+
   return ecdsakey_dict
 
 
@@ -1971,6 +1991,11 @@ def import_ecdsakey_from_public_pem(pem):
   ecdsakey_dict['keyid'] = keyid
   ecdsakey_dict['keyval'] = key_value
 
+  # Add "keyid_hash_algorithms" so that equal ECDSA keys with different keyids
+  # can be associated using supported keyid_hash_algorithms.
+  ecdsakey_dict['keyid_hash_algorithms'] = \
+      securesystemslib.settings.HASH_ALGORITHMS
+
   return ecdsakey_dict