Pass canonicalized bytest to sslib signature funcs

secure-systems-lab/securesystemslib#162 removes data canonicalization and encoding from signature creation/verification functions and leaves it to the caller. This commit changes invocation of sslib signature creation/verification functions to pass the pre-canonicalized and -encoded bytes representation of a signable instead of its dictionary representation, which aligns with the way it calls gpg signature creation/verification functions. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh · Sep 3, 2019 · 864d4e2 · 864d4e2
1 parent 9c374a9
commit 864d4e2
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/in_toto/models/metadata.py b/in_toto/models/metadata.py
@@ -158,7 +158,7 @@ def sign(self, key):
  securesystemslib.formats.KEY_SCHEMA.check_match(key)
 
  signature = securesystemslib.keys.create_signature(key,
- self.signed.signable_dict)
+ self.signed.signable_bytes)
 
  self.signatures.append(signature)
 
@@ -268,7 +268,7 @@ def verify_signature(self, verification_key):
 
  elif securesystemslib.formats.SIGNATURE_SCHEMA.matches(signature):
  valid = securesystemslib.keys.verify_signature(
- verification_key, signature, self.signed.signable_dict)
+ verification_key, signature, self.signed.signable_bytes)
 
  else:
  valid = False