packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sign: fixes for ed25519 for loading public keys from files 

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
This commit is contained in:
Denis Pynkin 2019-08-26 21:59:34 +03:00
parent fe3a839ae7
commit 2831028c41
1 changed files with 31 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/libostree/ostree-sign-ed25519.c
View File

@ -30,6 +30,7 @@
#include <sodium.h> #include <sodium.h>
#endif #endif
#undef G_LOG_DOMAIN
#define G_LOG_DOMAIN "OSTreeSign" #define G_LOG_DOMAIN "OSTreeSign"
#define OSTREE_SIGN_ED25519_NAME "ed25519" #define OSTREE_SIGN_ED25519_NAME "ed25519"
@ -73,28 +74,10 @@ ostree_sign_ed25519_iface_init (OstreeSignInterface *self)
self->load_pk = ostree_sign_ed25519_load_pk; self->load_pk = ostree_sign_ed25519_load_pk;
} }
static void
ostree_sign_ed25519_finalize (GObject *object)
{
g_debug ("%s enter", __FUNCTION__);
#if 0
OstreeSignEd25519 *self = OSTREE_SIGN_ED25519 (object);
if (self->public_keys != NULL)
g_list_free_full (self->public_keys, g_object_unref);
if (self->secret_key != NULL)
free(self->secret_key);
#endif
G_OBJECT_CLASS (ostree_sign_ed25519_parent_class)->finalize (object);
}
static void static void
ostree_sign_ed25519_class_init (OstreeSignEd25519Class *self) ostree_sign_ed25519_class_init (OstreeSignEd25519Class *self)
{ {
g_debug ("%s enter", __FUNCTION__); g_debug ("%s enter", __FUNCTION__);
GObjectClass *object_class = G_OBJECT_CLASS (self);
object_class->finalize = ostree_sign_ed25519_finalize;
} }
static void static void
@ -154,7 +137,6 @@ gboolean ostree_sign_ed25519_data (OstreeSign *self,
goto err; goto err;
} }
g_debug ("sign: data hash = 0x%x", g_bytes_hash(data));
*signature = g_bytes_new (sig, sig_size); *signature = g_bytes_new (sig, sig_size);
return TRUE; return TRUE;
#endif /* HAVE_LIBSODIUM */ #endif /* HAVE_LIBSODIUM */
@ -216,7 +198,7 @@ gboolean ostree_sign_ed25519_metadata_verify (OstreeSign *self,
goto err; goto err;
} }
if ((sign->initialized != TRUE) || (sign->public_keys == NULL)) if (sign->initialized != TRUE)
{ {
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Not able to verify: libsodium library isn't initialized properly"); "Not able to verify: libsodium library isn't initialized properly");
@ -224,6 +206,20 @@ gboolean ostree_sign_ed25519_metadata_verify (OstreeSign *self,
} }
#ifdef HAVE_LIBSODIUM #ifdef HAVE_LIBSODIUM
/* If no keys pre-loaded then,
* try to load public keys from storage(s) */
if (sign->public_keys == NULL)
{
g_autoptr (GVariantBuilder) builder = NULL;
g_autoptr (GVariant) options = NULL;
builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
options = g_variant_builder_end (builder);
if (!ostree_sign_ed25519_load_pk (self, options, error))
goto err;
}
g_debug ("verify: data hash = 0x%x", g_bytes_hash(data)); g_debug ("verify: data hash = 0x%x", g_bytes_hash(data));
for (gsize i = 0; i < g_variant_n_children(signatures); i++) for (gsize i = 0; i < g_variant_n_children(signatures); i++)
@ -397,7 +393,7 @@ err:
static gboolean static gboolean
load_pk_from_stream (OstreeSign *self, GDataInputStream *key_data_in, GError **error) _load_pk_from_stream (OstreeSign *self, GDataInputStream *key_data_in, GError **error)
{ {
g_return_val_if_fail (key_data_in, FALSE); g_return_val_if_fail (key_data_in, FALSE);
#ifdef HAVE_LIBSODIUM #ifdef HAVE_LIBSODIUM
@ -496,7 +492,6 @@ ostree_sign_ed25519_load_pk (OstreeSign *self,
g_autoptr (GFileInputStream) key_stream_in = NULL; g_autoptr (GFileInputStream) key_stream_in = NULL;
g_autoptr (GDataInputStream) key_data_in = NULL; g_autoptr (GDataInputStream) key_data_in = NULL;
const gchar *remote_name = NULL;
const gchar *filename = NULL; const gchar *filename = NULL;
/* Clear already loaded keys */ /* Clear already loaded keys */
@ -506,16 +501,19 @@ ostree_sign_ed25519_load_pk (OstreeSign *self,
sign->public_keys = NULL; sign->public_keys = NULL;
} }
/* Check if the name of remote is provided */
if (! g_variant_lookup (options, "remote", "&s", &remote_name))
remote_name = OSTREE_SIGN_ALL_REMOTES;
/* Read filename or use will-known if not provided */ /* Read filename or use will-known if not provided */
if (! g_variant_lookup (options, "filename", "&s", &filename)) if (! g_variant_lookup (options, "filename", "&s", &filename))
{ {
// TODO: define well-known places and load file(s) /* TODO: define well-known places to read */
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, /* TODO: scan directories */
"Please provide a filename to load"); filename = "/etc/ostree/trusted.ed25519";
}
if (!g_file_test (filename, G_FILE_TEST_IS_REGULAR))
{
g_debug ("Can't open file '%s' with pulic keys", filename);
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"File object '%s' is not a regular file", filename);
goto err; goto err;
} }
@ -527,7 +525,7 @@ ostree_sign_ed25519_load_pk (OstreeSign *self,
key_data_in = g_data_input_stream_new (G_INPUT_STREAM(key_stream_in)); key_data_in = g_data_input_stream_new (G_INPUT_STREAM(key_stream_in));
g_assert (key_data_in != NULL); g_assert (key_data_in != NULL);
if (!load_pk_from_stream (self, key_data_in, error)) if (!_load_pk_from_stream (self, key_data_in, error))
goto err; goto err;
return TRUE; return TRUE;