diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c index 1a4e64da..f3f13ed3 100644 --- a/src/libostree/ostree-repo-pull.c +++ b/src/libostree/ostree-repo-pull.c @@ -1567,20 +1567,7 @@ ostree_verify_unwritten_commit (OtPullData *pull_data, &pk_ascii, NULL); if (pk_ascii != NULL) { - g_autoptr (GVariant) pk = NULL; - - if (!g_strcmp0(ostree_sign_get_name(sign), "dummy")) - { - // Just use the string as signature - pk = g_variant_new_string(pk_ascii); - } - else if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519")) - { - gsize key_len = 0; - g_autofree guchar *key = g_base64_decode (pk_ascii, &key_len); - pk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar)); - } - + g_autoptr (GVariant) pk = g_variant_new_string(pk_ascii); if (!ostree_sign_set_pk (sign, pk, &local_error)) continue; } @@ -1976,18 +1963,8 @@ scan_commit_object (OtPullData *pull_data, { g_autoptr (GVariant) pk = NULL; - if (!g_strcmp0(ostree_sign_get_name(sign), "dummy")) - { - // Just use the string as signature - pk = g_variant_new_string(pk_ascii); - } - else if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519")) - { - gsize key_len = 0; - g_autofree guchar *key = g_base64_decode (pk_ascii, &key_len); - pk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar)); - } - + // Just use the string as signature + pk = g_variant_new_string(pk_ascii); if (!ostree_sign_set_pk (sign, pk, &local_error)) continue; } @@ -4853,11 +4830,10 @@ ostree_repo_pull_with_options (OstreeRepo *self, else gpg_verify_state = (pull_data->gpg_verify ? "commit" : "disabled"); - g_string_append_printf (msg, "\nsecurity: GPG: %s ", gpg_verify_state); #else gpg_verify_state = "disabled"; - g_string_append_printf (msg, "\nsecurity: %s ", gpg_verify_state); #endif /* OSTREE_DISABLE_GPGME */ + g_string_append_printf (msg, "\nsecurity: GPG: %s ", gpg_verify_state); const char *sign_verify_state; sign_verify_state = (pull_data->sign_verify ? "commit" : "disabled"); diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c index 2bf10cf1..f90a310c 100644 --- a/src/libostree/ostree-sign-ed25519.c +++ b/src/libostree/ostree-sign-ed25519.c @@ -253,6 +253,10 @@ const gchar * ostree_sign_ed25519_metadata_format (OstreeSign *self) return OSTREE_SIGN_METADATA_ED25519_TYPE; } +/* Support 2 representations: + * base64 ascii -- secret key is passed as string + * raw key -- key is passed as bytes array + * */ gboolean ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **error) @@ -266,7 +270,23 @@ gboolean ostree_sign_ed25519_set_sk (OstreeSign *self, g_free (sign->secret_key); gsize n_elements = 0; - sign->secret_key = (guchar *) g_variant_get_fixed_array (secret_key, &n_elements, sizeof(guchar)); + + if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_STRING)) + { + const gchar *sk_ascii = g_variant_get_string (secret_key, NULL); + sign->secret_key = g_base64_decode (sk_ascii, &n_elements); + } + else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING)) + { + sign->secret_key = (guchar *) g_variant_get_fixed_array (secret_key, &n_elements, sizeof(guchar)); + } + else + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "Unknown ed25519 secret key type"); + goto err; + } + if (n_elements != crypto_sign_SECRETKEYBYTES) { @@ -282,6 +302,10 @@ err: return FALSE; } +/* Support 2 representations: + * base64 ascii -- public key is passed as string + * raw key -- key is passed as bytes array + * */ gboolean ostree_sign_ed25519_set_pk (OstreeSign *self, GVariant *public_key, GError **error) @@ -301,6 +325,10 @@ gboolean ostree_sign_ed25519_set_pk (OstreeSign *self, return ostree_sign_ed25519_add_pk (self, public_key, error); } +/* Support 2 representations: + * base64 ascii -- public key is passed as string + * raw key -- key is passed as bytes array + * */ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self, GVariant *public_key, GError **error) @@ -314,7 +342,22 @@ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self, gpointer key = NULL; gsize n_elements = 0; - key = (gpointer) g_variant_get_fixed_array (public_key, &n_elements, sizeof(guchar)); + + if (g_variant_is_of_type (public_key, G_VARIANT_TYPE_STRING)) + { + const gchar *pk_ascii = g_variant_get_string (public_key, NULL); + key = g_base64_decode (pk_ascii, &n_elements); + } + else if (g_variant_is_of_type (public_key, G_VARIANT_TYPE_BYTESTRING)) + { + key = (gpointer) g_variant_get_fixed_array (public_key, &n_elements, sizeof(guchar)); + } + else + { + g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "Unknown ed25519 public key type"); + goto err; + } hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES*2 + 1); g_debug ("Read ed25519 public key = %s", sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, key, n_elements)); diff --git a/src/ostree/ot-builtin-commit.c b/src/ostree/ot-builtin-commit.c index 7d412639..606af2be 100644 --- a/src/ostree/ot-builtin-commit.c +++ b/src/ostree/ot-builtin-commit.c @@ -855,17 +855,7 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio const char *keyid = *iter; g_autoptr (GVariant) secret_key = NULL; - if (!g_strcmp0(ostree_sign_get_name (sign), "dummy")) - { - secret_key = g_variant_new_string (keyid); - } - else if (!g_strcmp0 (ostree_sign_get_name (sign), "ed25519")) - { - gsize key_len = 0; - g_autofree guchar *key = g_base64_decode (keyid, &key_len); - - secret_key = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar)); - } + secret_key = g_variant_new_string (keyid); if (!ostree_sign_set_sk (sign, secret_key, error)) goto out; diff --git a/src/ostree/ot-builtin-sign.c b/src/ostree/ot-builtin-sign.c index b1c9a73b..f673631d 100644 --- a/src/ostree/ot-builtin-sign.c +++ b/src/ostree/ot-builtin-sign.c @@ -72,11 +72,6 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation, char **key_ids; int n_key_ids, ii; gboolean ret = FALSE; -#if defined(HAVE_LIBSODIUM) - g_autoptr (GVariant) ed25519_sk = NULL; - g_autoptr (GVariant) ed25519_pk = NULL; -#endif - context = g_option_context_new ("COMMIT KEY-ID..."); @@ -119,25 +114,14 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation, { g_autoptr (GVariant) sk = NULL; g_autoptr (GVariant) pk = NULL; - g_autofree guchar *key = NULL; - if (!g_strcmp0(ostree_sign_get_name(sign), "dummy")) - { - // Just use the string as signature - sk = g_variant_new_string(key_ids[ii]); - pk = g_variant_new_string(key_ids[ii]); - } if (opt_verify) { g_autoptr (GError) local_error = NULL; - if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519")) - { - gsize key_len = 0; - g_autofree guchar *key = g_base64_decode (key_ids[ii], &key_len); - pk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar)); - } + // Pass the key as a string + pk = g_variant_new_string(key_ids[ii]); if (!ostree_sign_set_pk (sign, pk, &local_error)) continue; @@ -151,13 +135,8 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation, } else { - if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519")) - { - gsize key_len = 0; - g_autofree guchar *key = g_base64_decode (key_ids[ii], &key_len); - sk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar)); - } - + // Pass the key as a string + sk = g_variant_new_string(key_ids[ii]); if (!ostree_sign_set_sk (sign, sk, error)) { ret = FALSE; @@ -238,20 +217,8 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation, break; - if (!g_strcmp0(ostree_sign_get_name(sign), "dummy")) - { - // Just use the string as signature - sk = g_variant_new_string(line); - } - - - if (!g_strcmp0(ostree_sign_get_name(sign), "ed25519")) - { - gsize key_len = 0; - g_autofree guchar *key = g_base64_decode (line, &key_len); - sk = g_variant_new_fixed_array (G_VARIANT_TYPE_BYTE, key, key_len, sizeof(guchar)); - } - + // Pass the key as a string + sk = g_variant_new_string(line); if (!ostree_sign_set_sk (sign, sk, error)) { ret = FALSE;