packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/sign: allow to add keys as base64 string for ed25519 

Allow to add public and secret key for ed25519 module as based64 string.
This allows to use common API for pulling and builtins without knowledge
of used signature algorithm.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
This commit is contained in:
Denis Pynkin 2019-10-07 23:37:08 +03:00
parent bc4488692c
commit f0181adff3
4 changed files with 56 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/libostree/ostree-repo-pull.c
View File

@ -1567,20 +1567,7 @@ ostree_verify_unwritten_commit (OtPullData *pull_data,
&pk_ascii, NULL);
if (pk_ascii != NULL)
{
g_autoptr (GVariant) pk = NULL;
if (!g_strcmp0(ostree_sign_get_name(sign), "dummy"))
{
// Just use the string as signature
pk = g_variant_new_string(pk_ascii);
}
else if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519"))
{
gsize key_len = 0;
g_autofree guchar *key = g_base64_decode (pk_ascii, &key_len);
pk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar));
}
g_autoptr (GVariant) pk = g_variant_new_string(pk_ascii);
if (!ostree_sign_set_pk (sign, pk, &local_error))
continue;
}
@ -1976,18 +1963,8 @@ scan_commit_object (OtPullData *pull_data,
{
g_autoptr (GVariant) pk = NULL;
if (!g_strcmp0(ostree_sign_get_name(sign), "dummy"))
{
// Just use the string as signature
pk = g_variant_new_string(pk_ascii);
}
else if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519"))
{
gsize key_len = 0;
g_autofree guchar *key = g_base64_decode (pk_ascii, &key_len);
pk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar));
}
// Just use the string as signature
pk = g_variant_new_string(pk_ascii);
if (!ostree_sign_set_pk (sign, pk, &local_error))
continue;
}
@ -4853,11 +4830,10 @@ ostree_repo_pull_with_options (OstreeRepo *self,
else
gpg_verify_state = (pull_data->gpg_verify ? "commit" : "disabled");
g_string_append_printf (msg, "\nsecurity: GPG: %s ", gpg_verify_state);
#else
gpg_verify_state = "disabled";
g_string_append_printf (msg, "\nsecurity: %s ", gpg_verify_state);
#endif /* OSTREE_DISABLE_GPGME */
g_string_append_printf (msg, "\nsecurity: GPG: %s ", gpg_verify_state);
const char *sign_verify_state;
sign_verify_state = (pull_data->sign_verify ? "commit" : "disabled");

47
src/libostree/ostree-sign-ed25519.c
View File

@ -253,6 +253,10 @@ const gchar * ostree_sign_ed25519_metadata_format (OstreeSign *self)
return OSTREE_SIGN_METADATA_ED25519_TYPE;
}
/* Support 2 representations:
* base64 ascii -- secret key is passed as string
* raw key -- key is passed as bytes array
* */
gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
GVariant *secret_key,
GError **error)
@ -266,7 +270,23 @@ gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
g_free (sign->secret_key);
gsize n_elements = 0;
sign->secret_key = (guchar *) g_variant_get_fixed_array (secret_key, &n_elements, sizeof(guchar));
if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_STRING))
{
const gchar *sk_ascii = g_variant_get_string (secret_key, NULL);
sign->secret_key = g_base64_decode (sk_ascii, &n_elements);
}
else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING))
{
sign->secret_key = (guchar *) g_variant_get_fixed_array (secret_key, &n_elements, sizeof(guchar));
}
else
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Unknown ed25519 secret key type");
goto err;
}
if (n_elements != crypto_sign_SECRETKEYBYTES)
{
@ -282,6 +302,10 @@ err:
return FALSE;
}
/* Support 2 representations:
* base64 ascii -- public key is passed as string
* raw key -- key is passed as bytes array
* */
gboolean ostree_sign_ed25519_set_pk (OstreeSign *self,
GVariant *public_key,
GError **error)
@ -301,6 +325,10 @@ gboolean ostree_sign_ed25519_set_pk (OstreeSign *self,
return ostree_sign_ed25519_add_pk (self, public_key, error);
}
/* Support 2 representations:
* base64 ascii -- public key is passed as string
* raw key -- key is passed as bytes array
* */
gboolean ostree_sign_ed25519_add_pk (OstreeSign *self,
GVariant *public_key,
GError **error)
@ -314,7 +342,22 @@ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self,
gpointer key = NULL;
gsize n_elements = 0;
key = (gpointer) g_variant_get_fixed_array (public_key, &n_elements, sizeof(guchar));
if (g_variant_is_of_type (public_key, G_VARIANT_TYPE_STRING))
{
const gchar *pk_ascii = g_variant_get_string (public_key, NULL);
key = g_base64_decode (pk_ascii, &n_elements);
}
else if (g_variant_is_of_type (public_key, G_VARIANT_TYPE_BYTESTRING))
{
key = (gpointer) g_variant_get_fixed_array (public_key, &n_elements, sizeof(guchar));
}
else
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Unknown ed25519 public key type");
goto err;
}
hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1);
g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements));

12
src/ostree/ot-builtin-commit.c
View File

@ -855,17 +855,7 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio
const char *keyid = *iter;
g_autoptr (GVariant) secret_key = NULL;
if (!g_strcmp0(ostree_sign_get_name (sign), "dummy"))
{
secret_key = g_variant_new_string (keyid);
}
else if (!g_strcmp0 (ostree_sign_get_name (sign), "ed25519"))
{
gsize key_len = 0;
g_autofree guchar *key = g_base64_decode (keyid, &key_len);
secret_key = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar));
}
secret_key = g_variant_new_string (keyid);
if (!ostree_sign_set_sk (sign, secret_key, error))
goto out;

45
src/ostree/ot-builtin-sign.c
View File

@ -72,11 +72,6 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation,
char **key_ids;
int n_key_ids, ii;
gboolean ret = FALSE;
#if defined(HAVE_LIBSODIUM)
g_autoptr (GVariant) ed25519_sk = NULL;
g_autoptr (GVariant) ed25519_pk = NULL;
#endif
context = g_option_context_new ("COMMIT KEY-ID...");
@ -119,25 +114,14 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation,
{
g_autoptr (GVariant) sk = NULL;
g_autoptr (GVariant) pk = NULL;
g_autofree guchar *key = NULL;
if (!g_strcmp0(ostree_sign_get_name(sign), "dummy"))
{
// Just use the string as signature
sk = g_variant_new_string(key_ids[ii]);
pk = g_variant_new_string(key_ids[ii]);
}
if (opt_verify)
{
g_autoptr (GError) local_error = NULL;
if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519"))
{
gsize key_len = 0;
g_autofree guchar *key = g_base64_decode (key_ids[ii], &key_len);
pk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar));
}
// Pass the key as a string
pk = g_variant_new_string(key_ids[ii]);
if (!ostree_sign_set_pk (sign, pk, &local_error))
continue;
@ -151,13 +135,8 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation,
}
else
{
if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519"))
{
gsize key_len = 0;
g_autofree guchar *key = g_base64_decode (key_ids[ii], &key_len);
sk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar));
}
// Pass the key as a string
sk = g_variant_new_string(key_ids[ii]);
if (!ostree_sign_set_sk (sign, sk, error))
{
ret = FALSE;
@ -238,20 +217,8 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation,
break;
if (!g_strcmp0(ostree_sign_get_name(sign), "dummy"))
{
// Just use the string as signature
sk = g_variant_new_string(line);
}
if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519"))
{
gsize key_len = 0;
g_autofree guchar *key = g_base64_decode (line, &key_len);
sk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar));
}
// Pass the key as a string
sk = g_variant_new_string(line);
if (!ostree_sign_set_sk (sign, sk, error))
{
ret = FALSE;