signer: move spx keygen, sign and verify API

This was previously part of the `securesystemslib.keys` interface.
To prepare for deprecation of this interface, and use of the new
signer API as replacement, spx-related functionality and test are
moved.

This is a backwards incompatible change and a slight feature
degradation:

- spx is now no longer available via the keys module, and
thus no longer available SSlibSigner/SSlibKey (i.e. the legacy
API bridge). Given that spx was added recently, support via the legacy
API does not seem necessary. The advantage is more modular code and
less case-handling, also wrt different optional dependencies.

- Currently, SpxSigner does not implement from_priv_key_uri, which
was previously available via SSlibSigner, and supported loading
signers from file or envvar. Support may be added back later.

- The default keyid is computed differently than before (see
6c29cae)

See usage example in docstring.

Signed-off-by: Lukas Puehringer <[email protected]>

securesystemslib/formats.py

@@ -206,7 +206,6 @@
         SCHEMA.String("ed25519"),
         SCHEMA.String("ecdsa"),
         SCHEMA.RegularExpression(r"ecdsa-sha2-nistp(256|384)"),
-        SCHEMA.String("sphincs"),
     ]
 )
 
@@ -283,27 +282,18 @@
 # An ED25519 raw public key, which must be 32 bytes.
 ED25519PUBLIC_SCHEMA = SCHEMA.LengthBytes(32)
 
-SPHINCSPUBLIC_SCHEMA = SCHEMA.LengthBytes(32)
-
 # An ED25519 raw seed key, which must be 32 bytes.
 ED25519SEED_SCHEMA = SCHEMA.LengthBytes(32)
 
-SPHINCSPRIVATE_SCHEMA = SCHEMA.LengthBytes(64)
-
 # An ED25519 raw signature, which must be 64 bytes.
 ED25519SIGNATURE_SCHEMA = SCHEMA.LengthBytes(64)
-
-SPHINCSSIGNATURE_SCHEMA = SCHEMA.LengthBytes(7_856)
-
 # An ECDSA signature.
 ECDSASIGNATURE_SCHEMA = SCHEMA.AnyBytes()
 
 # Ed25519 signature schemes.  The vanilla Ed25519 signature scheme is currently
 # supported.
 ED25519_SIG_SCHEMA = SCHEMA.OneOf([SCHEMA.String("ed25519")])
 
-SPHINCS_SIG_SCHEMA = SCHEMA.OneOf([SCHEMA.String("sphincs-shake-128s")])
-
 # An ed25519 key.
 ED25519KEY_SCHEMA = SCHEMA.Object(
     object_name="ED25519KEY_SCHEMA",

securesystemslib/keys.py

@@ -57,7 +57,6 @@
     formats,
     rsa_keys,
     settings,
-    sphincs_keys,
     util,
 )
 from securesystemslib.hash import digest
@@ -344,33 +343,6 @@ def generate_ed25519_key(scheme="ed25519"):
     return ed25519_key
 
 
-def generate_sphincs_key(scheme="sphincs-shake-128s"):
-    """Generate a SPHINCS+ key pair.
-    Arguments:
-          scheme (str): Name of the scheme as defined in formats.py.
-    Returns:
-        dict: A dictionary containing the SPHINCS+ keys.
-    Raises:
-        UnsupportedLibraryError: In case pyspx is not available.
-    """
-    formats.SPHINCS_SIG_SCHEMA.check_match(scheme)
-
-    sphincs_key = {}
-    keytype = "sphincs"
-    public, private = sphincs_keys.generate_public_and_private()
-
-    key_value = {"public": public.hex(), "private": private.hex()}
-    keyid = _get_keyid(keytype, scheme, key_value)
-
-    sphincs_key["keytype"] = keytype
-    sphincs_key["scheme"] = scheme
-    sphincs_key["keyid"] = keyid
-    sphincs_key["keyid_hash_algorithms"] = settings.HASH_ALGORITHMS
-    sphincs_key["keyval"] = key_value
-
-    return sphincs_key
-
-
 def format_keyval_to_metadata(keytype, scheme, key_value, private=False):
     """
   <Purpose>
@@ -716,11 +688,6 @@ def create_signature(key_dict, data):
     elif keytype in ["ecdsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384"]:
         sig, scheme = ecdsa_keys.create_signature(public, private, data, scheme)
 
-    elif keytype == "sphincs":
-        sig, scheme = sphincs_keys.create_signature(
-            bytes.fromhex(public), bytes.fromhex(private), data, scheme
-        )
-
     # 'securesystemslib.formats.ANYKEY_SCHEMA' should have detected invalid key
     # types.  This is a defensive check against an invalid key type.
     else:  # pragma: no cover
@@ -879,15 +846,6 @@ def verify_signature(
             raise exceptions.UnsupportedAlgorithmError(
                 "Unsupported" " signature scheme is specified: " + repr(scheme)
             )
-    elif keytype == "sphincs":
-        if scheme == "sphincs-shake-128s":
-            valid_signature = sphincs_keys.verify_signature(
-                bytes.fromhex(public), scheme, sig, data
-            )
-        else:
-            raise exceptions.UnsupportedAlgorithmError(
-                "Unsupported" " signature scheme is specified: " + repr(scheme)
-            )
 
     # 'securesystemslib.formats.ANYKEY_SCHEMA' should have detected invalid key
     # types.  This is a defensive check against an invalid key type.

securesystemslib/signer/__init__.py

@@ -16,6 +16,7 @@
     SSlibSigner,
 )
 from securesystemslib.signer._sigstore_signer import SigstoreKey, SigstoreSigner
+from securesystemslib.signer._spx_signer import SpxKey, SpxSigner
 
 # Register supported private key uri schemes and the Signers implementing them
 SIGNER_FOR_URI_SCHEME.update(
@@ -44,7 +45,7 @@
         ("rsa", "rsa-pkcs1v15-sha256"): SSlibKey,
         ("rsa", "rsa-pkcs1v15-sha384"): SSlibKey,
         ("rsa", "rsa-pkcs1v15-sha512"): SSlibKey,
-        ("sphincs", "sphincs-shake-128s"): SSlibKey,
+        ("sphincs", "sphincs-shake-128s"): SpxKey,
         ("rsa", "pgp+rsa-pkcsv1.5"): GPGKey,
         ("dsa", "pgp+dsa-fips-180-2"): GPGKey,
         ("eddsa", "pgp+eddsa-ed25519"): GPGKey,

securesystemslib/signer/_key.py

@@ -119,7 +119,7 @@ def verify_signature(self, signature: Signature, data: bytes) -> None:
 
 
 class SSlibKey(Key):
-    """Key implementation for RSA, Ed25519, ECDSA and Sphincs keys"""
+    """Key implementation for RSA, Ed25519, ECDSA keys"""
 
     def to_securesystemslib_key(self) -> Dict[str, Any]:
         """Internal helper, returns a classic securesystemslib keydict"""

securesystemslib/signer/_spx_signer.py

@@ -0,0 +1,140 @@
+"""Signer implementation for project  SPHINCS+ post-quantum signature support.
+
+"""
+import logging
+import os
+from typing import Any, Dict, Optional
+
+from securesystemslib.exceptions import (
+    UnsupportedLibraryError,
+    UnverifiedSignatureError,
+    VerificationError,
+)
+from securesystemslib.signer._key import Key
+from securesystemslib.signer._signature import Signature
+from securesystemslib.signer._signer import SecretsHandler, Signer
+from securesystemslib.signer._sigstore_signer import SigstoreSigner
+
+SPX_IMPORT_ERROR = None
+try:
+    from pyspx import shake_128s
+except ImportError:
+    SPX_IMPORT_ERROR = "spinhcs+ key support requires the pyspx library"
+
+_SHAKE_SEED_LEN = 48
+
+logger = logging.getLogger(__name__)
+
+
+class SpxKey(Key):
+    """SPHINCS+ verifier."""
+
+    DEFAULT_KEY_TYPE = "sphincs"
+    DEFAULT_SCHEME = "sphincs-shake-128s"
+
+    @classmethod
+    def from_dict(cls, keyid: str, key_dict: Dict[str, Any]) -> "SpxKey":
+        keytype = key_dict.pop("keytype")
+        scheme = key_dict.pop("scheme")
+        keyval = key_dict.pop("keyval")
+
+        return cls(keyid, keytype, scheme, keyval, key_dict)
+
+    def to_dict(self) -> Dict[str, Any]:
+        return {
+            "keytype": self.keytype,
+            "scheme": self.scheme,
+            "keyval": self.keyval,
+            **self.unrecognized_fields,
+        }
+
+    def verify_signature(self, signature: Signature, data: bytes) -> None:
+        valid = None
+        try:
+            if SPX_IMPORT_ERROR:
+                raise UnsupportedLibraryError(SPX_IMPORT_ERROR)
+
+            key = bytes.fromhex(self.keyval["public"])
+            sig = bytes.fromhex(signature.signature)
+
+            valid = shake_128s.verify(data, sig, key)
+
+        except Exception as e:
+            logger.info("Key %s failed to verify sig: %s", self.keyid, str(e))
+            raise VerificationError(
+                f"Unknown failure to verify signature by {self.keyid}"
+            ) from e
+
+        if not valid:
+            raise UnverifiedSignatureError(
+                f"Failed to verify signature by {self.keyid}"
+            )
+
+
+class SpxSigner(Signer):
+    """SPHINCS+ signer.
+
+    Usage::
+
+        signer = SpxSigner.new_()
+        signature = signer.sign(b"payload")
+
+        # Use public_key.to_dict() / Key.from_dict() to transport public key data
+        public_key = signer.public_key
+        public_key.verify_signature(signature, b"payload")
+
+    """
+
+    def __init__(self, private: bytes, public: SpxKey):
+        self.private_key = private
+        self.public_key = public
+
+    @classmethod
+    def new_(cls) -> "SpxSigner":
+        """Generate new SPHINCS+ key pair and return as SpxSigner.
+
+        NOTE: The Signer API is still experimental and key generation in
+        particular (see #466).
+        """
+        if SPX_IMPORT_ERROR:
+            raise UnsupportedLibraryError(SPX_IMPORT_ERROR)
+
+        seed = os.urandom(_SHAKE_SEED_LEN)
+        public, private = shake_128s.generate_keypair(seed)
+
+        keytype = SpxKey.DEFAULT_KEY_TYPE
+        scheme = SpxKey.DEFAULT_SCHEME
+        keyval = {"public": public.hex()}
+        # TODO: Create generic helper
+        keyid = SigstoreSigner._get_keyid(keytype, scheme, keyval)
+        public_key = SpxKey(keyid, keytype, scheme, keyval)
+
+        return cls(private, public_key)
+
+    @classmethod
+    def from_priv_key_uri(
+        cls,
+        priv_key_uri: str,
+        public_key: Key,
+        secrets_handler: Optional[SecretsHandler] = None,
+    ) -> "SpxSigner":
+        raise NotImplementedError
+
+    def sign(self, payload: bytes) -> Signature:
+        """Signs payload with SPHINCS+ private key on the instance.
+
+        Arguments:
+            payload: bytes to be signed.
+
+        Raises:
+            UnsupportedLibraryError: PySPX is not available.
+
+        Returns:
+            Signature.
+
+        """
+        if SPX_IMPORT_ERROR:
+            raise UnsupportedLibraryError(SPX_IMPORT_ERROR)
+
+        raw = shake_128s.sign(payload, self.private_key)
+        return Signature(self.public_key.keyid, raw.hex())