lib/sign: add ostree_seign_clear_keys function
Add the function for implicit cleanup of all loaded keys. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
This commit is contained in:
Denis Pynkin
parent
eb8e501ece
commit
ceaf6d7f54
|
|
@ -719,6 +719,7 @@ ostree_sign_data_verify
|
||||||
ostree_sign_get_by_name
|
ostree_sign_get_by_name
|
||||||
ostree_sign_get_name
|
ostree_sign_get_name
|
||||||
ostree_sign_add_pk
|
ostree_sign_add_pk
|
||||||
|
ostree_sign_clear_keys
|
||||||
ostree_sign_load_pk
|
ostree_sign_load_pk
|
||||||
ostree_sign_set_pk
|
ostree_sign_set_pk
|
||||||
ostree_sign_set_sk
|
ostree_sign_set_sk
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@ global:
|
||||||
ostree_sign_data_verify;
|
ostree_sign_data_verify;
|
||||||
ostree_sign_get_by_name;
|
ostree_sign_get_by_name;
|
||||||
ostree_sign_get_name;
|
ostree_sign_get_name;
|
||||||
|
ostree_sign_clear_keys;
|
||||||
ostree_sign_load_pk;
|
ostree_sign_load_pk;
|
||||||
ostree_sign_set_pk;
|
ostree_sign_set_pk;
|
||||||
ostree_sign_add_pk;
|
ostree_sign_add_pk;
|
||||||
|
|
|
||||||
|
|
@ -62,6 +62,7 @@ ostree_sign_ed25519_iface_init (OstreeSignInterface *self)
|
||||||
self->get_name = ostree_sign_ed25519_get_name;
|
self->get_name = ostree_sign_ed25519_get_name;
|
||||||
self->metadata_key = ostree_sign_ed25519_metadata_key;
|
self->metadata_key = ostree_sign_ed25519_metadata_key;
|
||||||
self->metadata_format = ostree_sign_ed25519_metadata_format;
|
self->metadata_format = ostree_sign_ed25519_metadata_format;
|
||||||
|
self->clear_keys = ostree_sign_ed25519_clear_keys;
|
||||||
self->set_sk = ostree_sign_ed25519_set_sk;
|
self->set_sk = ostree_sign_ed25519_set_sk;
|
||||||
self->set_pk = ostree_sign_ed25519_set_pk;
|
self->set_pk = ostree_sign_ed25519_set_pk;
|
||||||
self->add_pk = ostree_sign_ed25519_add_pk;
|
self->add_pk = ostree_sign_ed25519_add_pk;
|
||||||
|
|
@ -253,6 +254,36 @@ const gchar * ostree_sign_ed25519_metadata_format (OstreeSign *self)
|
||||||
return OSTREE_SIGN_METADATA_ED25519_TYPE;
|
return OSTREE_SIGN_METADATA_ED25519_TYPE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
gboolean ostree_sign_ed25519_clear_keys (OstreeSign *self,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_debug ("%s enter", __FUNCTION__);
|
||||||
|
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
|
||||||
|
|
||||||
|
#ifdef HAVE_LIBSODIUM
|
||||||
|
OstreeSignEd25519 *sign = ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
|
||||||
|
|
||||||
|
/* Clear secret key */
|
||||||
|
if (sign->secret_key != NULL)
|
||||||
|
{
|
||||||
|
memset (sign->secret_key, 0, crypto_sign_SECRETKEYBYTES);
|
||||||
|
g_free (sign->secret_key);
|
||||||
|
sign->secret_key = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Clear already loaded trusted keys */
|
||||||
|
if (sign->public_keys != NULL)
|
||||||
|
{
|
||||||
|
g_list_free_full (sign->public_keys, g_free);
|
||||||
|
sign->public_keys = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
|
#endif /* HAVE_LIBSODIUM */
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
/* Support 2 representations:
|
/* Support 2 representations:
|
||||||
* base64 ascii -- secret key is passed as string
|
* base64 ascii -- secret key is passed as string
|
||||||
* raw key -- key is passed as bytes array
|
* raw key -- key is passed as bytes array
|
||||||
|
|
@ -267,7 +298,7 @@ gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
|
||||||
#ifdef HAVE_LIBSODIUM
|
#ifdef HAVE_LIBSODIUM
|
||||||
OstreeSignEd25519 *sign = ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
|
OstreeSignEd25519 *sign = ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
|
||||||
|
|
||||||
g_free (sign->secret_key);
|
ostree_sign_ed25519_clear_keys (self, error);
|
||||||
|
|
||||||
gsize n_elements = 0;
|
gsize n_elements = 0;
|
||||||
|
|
||||||
|
|
@ -315,12 +346,7 @@ gboolean ostree_sign_ed25519_set_pk (OstreeSign *self,
|
||||||
|
|
||||||
OstreeSignEd25519 *sign = ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
|
OstreeSignEd25519 *sign = ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
|
||||||
|
|
||||||
/* Substitute the key(s) with a new one */
|
ostree_sign_ed25519_clear_keys (self, error);
|
||||||
if (sign->public_keys != NULL)
|
|
||||||
{
|
|
||||||
g_list_free_full (sign->public_keys, g_free);
|
|
||||||
sign->public_keys = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return ostree_sign_ed25519_add_pk (self, public_key, error);
|
return ostree_sign_ed25519_add_pk (self, public_key, error);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,9 @@ const gchar * ostree_sign_ed25519_get_name (OstreeSign *self);
|
||||||
const gchar * ostree_sign_ed25519_metadata_key (OstreeSign *self);
|
const gchar * ostree_sign_ed25519_metadata_key (OstreeSign *self);
|
||||||
const gchar * ostree_sign_ed25519_metadata_format (OstreeSign *self);
|
const gchar * ostree_sign_ed25519_metadata_format (OstreeSign *self);
|
||||||
|
|
||||||
|
gboolean ostree_sign_ed25519_clear_keys (OstreeSign *self,
|
||||||
|
GError **error);
|
||||||
|
|
||||||
gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
|
gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
|
||||||
GVariant *secret_key,
|
GVariant *secret_key,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
|
||||||
|
|
@ -87,6 +87,17 @@ const gchar * ostree_sign_metadata_format (OstreeSign *self)
|
||||||
return OSTREE_SIGN_GET_IFACE (self)->metadata_format (self);
|
return OSTREE_SIGN_GET_IFACE (self)->metadata_format (self);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
gboolean ostree_sign_clear_keys (OstreeSign *self,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_debug ("%s enter", __FUNCTION__);
|
||||||
|
|
||||||
|
if (OSTREE_SIGN_GET_IFACE (self)->clear_keys == NULL)
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
|
return OSTREE_SIGN_GET_IFACE (self)->clear_keys (self, error);
|
||||||
|
}
|
||||||
|
|
||||||
gboolean ostree_sign_set_sk (OstreeSign *self,
|
gboolean ostree_sign_set_sk (OstreeSign *self,
|
||||||
GVariant *secret_key,
|
GVariant *secret_key,
|
||||||
GError **error)
|
GError **error)
|
||||||
|
|
|
||||||
|
|
@ -59,6 +59,8 @@ struct _OstreeSignInterface
|
||||||
GError **error);
|
GError **error);
|
||||||
const gchar *(* metadata_key) (OstreeSign *self);
|
const gchar *(* metadata_key) (OstreeSign *self);
|
||||||
const gchar *(* metadata_format) (OstreeSign *self);
|
const gchar *(* metadata_format) (OstreeSign *self);
|
||||||
|
gboolean (* clear_keys) (OstreeSign *self,
|
||||||
|
GError **error);
|
||||||
gboolean (* set_sk) (OstreeSign *self,
|
gboolean (* set_sk) (OstreeSign *self,
|
||||||
GVariant *secret_key,
|
GVariant *secret_key,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
@ -109,6 +111,10 @@ gboolean ostree_sign_commit_verify (OstreeSign *self,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
|
_OSTREE_PUBLIC
|
||||||
|
gboolean ostree_sign_clear_keys (OstreeSign *self,
|
||||||
|
GError **error);
|
||||||
|
|
||||||
_OSTREE_PUBLIC
|
_OSTREE_PUBLIC
|
||||||
gboolean ostree_sign_set_sk (OstreeSign *self,
|
gboolean ostree_sign_set_sk (OstreeSign *self,
|
||||||
GVariant *secret_key,
|
GVariant *secret_key,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue