Remove/re-word TUF code comments

Author: Lukas Puehringer

securesystemslib/ed25519_keys.py

@@ -100,7 +100,7 @@
   except (ImportError, IOError): # pragma: no cover
     pass
 
-# The optimized pure Python implementation of Ed25519 provided by TUF.  If
+# The optimized pure Python implementation of Ed25519.  If
 # PyNaCl cannot be imported and an attempt to use is made in this module, a
 # 'securesystemslib.exceptions.UnsupportedLibraryError' exception is raised.
 import securesystemslib._vendor.ed25519.ed25519

securesystemslib/formats.py

@@ -15,14 +15,14 @@
   See LICENSE for licensing information.
 
 <Purpose>
-  A central location for all format-related checking of TUF objects.
-  Note: 'formats.py' depends heavily on 'schema.py', so the 'schema.py'
-  module should be read and understood before tackling this module.
+  A central location for all format-related checking of securesystemslib
+  objects. Note: 'formats.py' depends heavily on 'schema.py', so the
+  'schema.py' module should be read and understood before tackling this module.
 
   'formats.py' can be broken down into three sections.  (1) Schemas and object
   matching.  (2) Classes that represent Role Metadata and help produce
-  correctly formatted files.  (3) Functions that help produce or verify TUF
-  objects.
+  correctly formatted files.  (3) Functions that help produce or verify
+  securesystemslib objects.
 
   The first section deals with schemas and object matching based on format.
   There are two ways of checking the format of objects.  The first method
@@ -57,7 +57,7 @@
   schema to ensure correctly formatted metadata.
 
   The last section contains miscellaneous functions related to the format of
-  TUF objects.
+  securesystemslib objects.
   Example:
 
   signable_object = make_signable(unsigned_object)
@@ -148,7 +148,7 @@
    SCHEMA.String('sha224'), SCHEMA.String('sha256'),
    SCHEMA.String('sha384'), SCHEMA.String('sha512')]))
 
-# The contents of an encrypted TUF key.  Encrypted TUF keys are saved to files
+# The contents of an encrypted key.  Encrypted keys are saved to files
 # in this format.
 ENCRYPTEDKEY_SCHEMA = SCHEMA.AnyString()
 
@@ -194,13 +194,13 @@
   public = SCHEMA.AnyString(),
   private = SCHEMA.Optional(SCHEMA.String("")))
 
-# Supported TUF key types.
+# Supported securesystemslib key types.
 KEYTYPE_SCHEMA = SCHEMA.OneOf(
   [SCHEMA.String('rsa'), SCHEMA.String('ed25519'),
    SCHEMA.String('ecdsa-sha2-nistp256')])
 
-# A generic TUF key.  All TUF keys should be saved to metadata files in this
-# format.
+# A generic securesystemslib key.  All securesystemslib keys should be saved to
+# metadata files in this format.
 KEY_SCHEMA = SCHEMA.Object(
   object_name = 'KEY_SCHEMA',
   keytype = SCHEMA.AnyString(),
@@ -218,8 +218,9 @@
   keyval = PUBLIC_KEYVAL_SCHEMA,
   expires = SCHEMA.Optional(ISO8601_DATETIME_SCHEMA))
 
-# A TUF key object.  This schema simplifies validation of keys that may be one
-# of the supported key types.  Supported key types: 'rsa', 'ed25519'.
+# A securesystemslib key object.  This schema simplifies validation of keys
+# that may be one of the supported key types.  Supported key types: 'rsa',
+# 'ed25519'.
 ANYKEY_SCHEMA = SCHEMA.Object(
   object_name = 'ANYKEY_SCHEMA',
   keytype = KEYTYPE_SCHEMA,
@@ -229,15 +230,15 @@
   keyval = KEYVAL_SCHEMA,
   expires = SCHEMA.Optional(ISO8601_DATETIME_SCHEMA))
 
-# A list of TUF key objects.
+# A list of securesystemslib key objects.
 ANYKEYLIST_SCHEMA = SCHEMA.ListOf(ANYKEY_SCHEMA)
 
 # RSA signature schemes.
 RSA_SCHEME_SCHEMA = SCHEMA.OneOf([
   SCHEMA.RegularExpression(r'rsassa-pss-(md5|sha1|sha224|sha256|sha384|sha512)'),
   SCHEMA.RegularExpression(r'rsa-pkcs1v15-(md5|sha1|sha224|sha256|sha384|sha512)')])
 
-# An RSA TUF key.
+# An RSA securesystemslib key.
 RSAKEY_SCHEMA = SCHEMA.Object(
   object_name = 'RSAKEY_SCHEMA',
   keytype = SCHEMA.String('rsa'),
@@ -246,7 +247,7 @@
   keyid_hash_algorithms = SCHEMA.Optional(HASHALGORITHMS_SCHEMA),
   keyval = KEYVAL_SCHEMA)
 
-# An ECDSA TUF key.
+# An ECDSA securesystemslib key.
 ECDSAKEY_SCHEMA = SCHEMA.Object(
   object_name = 'ECDSAKEY_SCHEMA',
   keytype = SCHEMA.String('ecdsa-sha2-nistp256'),
@@ -277,7 +278,7 @@
 # supported.
 ED25519_SIG_SCHEMA = SCHEMA.OneOf([SCHEMA.String('ed25519')])
 
-# An ed25519 TUF key.
+# An ed25519 key.
 ED25519KEY_SCHEMA = SCHEMA.Object(
   object_name = 'ED25519KEY_SCHEMA',
   keytype = SCHEMA.String('ed25519'),
@@ -543,13 +544,13 @@ def encode_canonical(object, output_function=None):
     or joined into a string and returned.
 
     Note: This function should be called prior to computing the hash or
-    signature of a JSON object in TUF.  For example, generating a signature
-    of a signing role object such as 'ROOT_SCHEMA' is required to ensure
-    repeatable hashes are generated across different json module versions
-    and platforms.  Code elsewhere is free to dump JSON objects in any format
-    they wish (e.g., utilizing indentation and single quotes around object
-    keys).  These objects are only required to be in "canonical JSON" format
-    when their hashes or signatures are needed.
+    signature of a JSON object in securesystemslib.  For example, generating a
+    signature of a signing role object such as 'ROOT_SCHEMA' is required to
+    ensure repeatable hashes are generated across different json module
+    versions and platforms.  Code elsewhere is free to dump JSON objects in any
+    format they wish (e.g., utilizing indentation and single quotes around
+    object keys).  These objects are only required to be in "canonical JSON"
+    format when their hashes or signatures are needed.
 
     >>> encode_canonical("")
     '""'

securesystemslib/hash.py

@@ -14,12 +14,12 @@
 
 <Purpose>
   Support secure hashing and message digests. Any hash-related routines that
-  TUF requires should be located in this module.  Simplifying the creation of
-  digest objects, and providing a central location for hash routines are the
-  main goals of this module.  Support routines implemented include functions to
-  create digest objects given a filename or file object.  Only the standard
-  hashlib library is currently supported, but pyca/cryptography support will be
-  added in the future.
+  securesystemslib requires should be located in this module.  Simplifying the
+  creation of digest objects, and providing a central location for hash
+  routines are the main goals of this module.  Support routines implemented
+  include functions to create digest objects given a filename or file object.
+  Only the standard hashlib library is currently supported, but
+  pyca/cryptography support will be added in the future.
 """
 
 # Help with Python 3 compatibility, where the print statement is a function, an

securesystemslib/pyca_crypto_keys.py

@@ -40,8 +40,8 @@
   https://en.wikipedia.org/wiki/PBKDF
   http://en.wikipedia.org/wiki/Scrypt
 
-  TUF key files are encrypted with the AES-256-CTR-Mode symmetric key
-  algorithm.  User passwords are strengthened with PBKDF2, currently set to
+  securesystemslib key files are encrypted with the AES-256-CTR-Mode symmetric
+  key algorithm.  User passwords are strengthened with PBKDF2, currently set to
   100,000 passphrase iterations.  The previous evpy implementation used 1,000
   iterations.
 
@@ -98,7 +98,7 @@
 # Import pyca/cryptography's Key Derivation Function (KDF) module.
 # 'securesystemslib.keys.py' needs this module to derive a secret key according
 # to the Password-Based Key Derivation Function 2 specification.  The derived
-# key is used as the symmetric key to encrypt TUF key information.
+# key is used as the symmetric key to encrypt securesystemslib key information.
 # PKCS#5 v2.0 PBKDF2 specification: http://tools.ietf.org/html/rfc2898#section-5.2
 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
 
@@ -573,7 +573,7 @@ def create_rsa_public_and_private_from_pem(pem, passphrase=None):
     strengthened'passphrase', and 3DES with CBC mode for encryption/decryption.
     Alternatively, key data may be encrypted with AES-CTR-Mode and the
     passphrase strengthened with PBKDF2+SHA256, although this method is used
-    only with TUF encrypted key files.
+    only with securesystemslib encrypted key files.
 
     >>> public, private = generate_rsa_public_and_private(2048)
     >>> passphrase = 'secret'
@@ -679,16 +679,16 @@ def encrypt_key(key_object, password):
     Return a string containing 'key_object' in encrypted form. Encrypted
     strings may be safely saved to a file.  The corresponding decrypt_key()
     function can be applied to the encrypted string to restore the original key
-    object.  'key_object' is a TUF key (e.g., RSAKEY_SCHEMA,
+    object.  'key_object' is a securesystemslib key (e.g., RSAKEY_SCHEMA,
     ED25519KEY_SCHEMA).  This function calls the pyca/cryptography library to
     perform the encryption and derive a suitable encryption key.
 
     Whereas an encrypted PEM file uses the Triple Data Encryption Algorithm
     (3DES), the Cipher-block chaining (CBC) mode of operation, and the Password
     Based Key Derivation Function 1 (PBKF1) + MD5 to strengthen 'password',
-    encrypted TUF keys use AES-256-CTR-Mode and passwords strengthened with
-    PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in
-    'settings.PBKDF2_ITERATIONS' by the user).
+    encrypted securesystemslib keys use AES-256-CTR-Mode and passwords
+    strengthened with PBKDF2-HMAC-SHA256 (100K iterations by default, but may
+    be overriden in 'settings.PBKDF2_ITERATIONS' by the user).
 
     http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
     http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29
@@ -709,8 +709,8 @@ def encrypt_key(key_object, password):
 
   <Arguments>
     key_object:
-      The TUF key object that should contain the private portion of the ED25519
-      key.
+      The securesystemslib key object that should contain the private portion
+      of the ED25519 key.
 
     password:
       The password, or passphrase, to encrypt the private part of the RSA
@@ -722,8 +722,8 @@ def encrypt_key(key_object, password):
     improperly formatted or 'key_object' does not contain the private portion
     of the key.
 
-    securesystemslib.exceptions.CryptoError, if an Ed25519 key in encrypted TUF
-    format cannot be created.
+    securesystemslib.exceptions.CryptoError, if an Ed25519 key in encrypted
+    securesystemslib format cannot be created.
 
   <Side Effects>
     pyca/Cryptography cryptographic operations called to perform the actual
@@ -774,13 +774,13 @@ def decrypt_key(encrypted_key, password):
   <Purpose>
     Return a string containing 'encrypted_key' in non-encrypted form.
     The decrypt_key() function can be applied to the encrypted string to restore
-    the original key object, a TUF key (e.g., RSAKEY_SCHEMA, ED25519KEY_SCHEMA).
-    This function calls the appropriate cryptography module (i.e.,
-    pyca_crypto_keys.py) to perform the decryption.
+    the original key object, a securesystemslib key (e.g., RSAKEY_SCHEMA,
+    ED25519KEY_SCHEMA). This function calls the appropriate cryptography module
+    (i.e., pyca_crypto_keys.py) to perform the decryption.
 
-    Encrypted TUF keys use AES-256-CTR-Mode and passwords strengthened with
-    PBKDF2-HMAC-SHA256 (100K iterations be default, but may be overriden in
-    'settings.py' by the user).
+    Encrypted securesystemslib keys use AES-256-CTR-Mode and passwords
+    strengthened with PBKDF2-HMAC-SHA256 (100K iterations be default, but may
+    be overriden in 'settings.py' by the user).
 
     http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
     http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29
@@ -804,9 +804,9 @@ def decrypt_key(encrypted_key, password):
 
   <Arguments>
     encrypted_key:
-      An encrypted TUF key (additional data is also included, such as salt,
-      number of password iterations used for the derived encryption key, etc)
-      of the form 'securesystemslib.formats.ENCRYPTEDKEY_SCHEMA'.
+      An encrypted securesystemslib key (additional data is also included, such
+      as salt, number of password iterations used for the derived encryption
+      key, etc) of the form 'securesystemslib.formats.ENCRYPTEDKEY_SCHEMA'.
       'encrypted_key' should have been generated with encrypted_key().
 
     password:
@@ -818,11 +818,11 @@ def decrypt_key(encrypted_key, password):
     securesystemslib.exceptions.FormatError, if the arguments are improperly
     formatted.
 
-    securesystemslib.exceptions.CryptoError, if a TUF key cannot be decrypted
-    from 'encrypted_key'.
+    securesystemslib.exceptions.CryptoError, if a securesystemslib key cannot
+    be decrypted from 'encrypted_key'.
 
-    securesystemslib.exceptions.Error, if a valid TUF key object is not found in
-    'encrypted_key'.
+    securesystemslib.exceptions.Error, if a valid securesystemslib key object
+    is not found in 'encrypted_key'.
 
   <Side Effects>
     The pyca/cryptography is library called to perform the actual decryption

securesystemslib/schema.py

@@ -38,8 +38,8 @@
 
   'schema.py' provides additional schemas for testing objects based on other
   criteria.  See 'securesystemslib.formats.py' and the rest of this module for
-  extensive examples.  Anything related to the checking of TUF objects and
-  their formats can be found in 'formats.py'.
+  extensive examples.  Anything related to the checking of securesystemslib
+  objects and their formats can be found in 'formats.py'.
 """
 
 # Help with Python 3 compatibility, where the print statement is a function, an

securesystemslib/util.py

@@ -44,7 +44,6 @@
 # to the filenames of consistent snapshots.
 HASH_FUNCTION = 'sha256'
 
-# See 'log.py' to learn how logging is handled in TUF.
 logger = logging.getLogger('securesystemslib_util')
 
 
@@ -470,12 +469,12 @@ def file_in_confined_directories(filepath, confined_directories):
       return True
 
     # Normalized paths needed, to account for up-level references, etc.
-    # TUF clients have the option of setting the list of directories in
+    # callers have the option of setting the list of directories in
     # 'confined_directories'.
     filepath = os.path.normpath(filepath)
     confined_directory = os.path.normpath(confined_directory)
 
-    # A TUF client may restrict himself to specific directories on the
+    # A caller may restrict himself to specific directories on the
     # remote repository.  The list of paths in 'confined_path', not including
     # each path's subdirectories, are the only directories the client will
     # download targets from.
@@ -557,11 +556,11 @@ def import_json():
     return _json_module
 
   else:
+    # TODO: Drop Python < 2.6 case handling
     try:
       module = __import__('json')
-
     # The 'json' module is available in Python > 2.6, and thus this exception
-    # should not occur in all supported Python installations (> 2.6) of TUF.
+    # should not occur in all supported Python installations (> 2.6).
     except ImportError: #pragma: no cover
       raise ImportError('Could not import the json module')
 

setup.py

@@ -16,9 +16,9 @@
 <Purpose>
   BUILD SOURCE DISTRIBUTION
 
-  The following shell command generates a TUF source archive that can be
-  distributed to other users.  The packaged source is saved to the 'dist'
-  folder in the current directory.
+  The following shell command generates a securesystemslib source archive that
+  can be distributed to other users.  The packaged source is saved to the
+  'dist' folder in the current directory.
 
   $ python setup.py sdist
 
@@ -54,7 +54,7 @@
   Note: The last two installation options may require modification of
   Python's search path (i.e., 'sys.path') or updating an OS environment
   variable.  For example, installing to the user site-packages directory might
-  result in the installation of TUF scripts to '~/.local/bin'.  The user may
+  result in the installation of scripts to '~/.local/bin'.  The user may
   then be required to update his $PATH variable:
   $ export PATH=$PATH:~/.local/bin
 """