Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sign: Support x509 signature type #3278

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile-libostree-defines.am
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ libostree_public_headers = \
src/libostree/ostree-kernel-args.h \
src/libostree/ostree-sign.h \
src/libostree/ostree-sign-ed25519.h \
src/libostree/ostree-blob-reader.h \
$(NULL)

# This one is generated via configure.ac, and the gtk-doc
Expand Down
17 changes: 14 additions & 3 deletions Makefile-libostree.am
Original file line number Diff line number Diff line change
Expand Up @@ -175,9 +175,9 @@ endif # USE_GPGME
symbol_files = $(top_srcdir)/src/libostree/libostree-released.sym

# Uncomment this include when adding new development symbols.
#if BUILDOPT_IS_DEVEL_BUILD
#symbol_files += $(top_srcdir)/src/libostree/libostree-devel.sym
#endif
if BUILDOPT_IS_DEVEL_BUILD
symbol_files += $(top_srcdir)/src/libostree/libostree-devel.sym
endif

# http://blog.jgc.org/2007/06/escaping-comma-and-space-in-gnu-make.html
wl_versionscript_arg = -Wl,--version-script=
Expand Down Expand Up @@ -261,7 +261,18 @@ libostree_1_la_SOURCES += \
src/libostree/ostree-sign-dummy.h \
src/libostree/ostree-sign-ed25519.c \
src/libostree/ostree-sign-ed25519.h \
src/libostree/ostree-sign-spki.c \
src/libostree/ostree-sign-spki.h \
src/libostree/ostree-sign-private.h \
src/libostree/ostree-blob-reader.c \
src/libostree/ostree-blob-reader.h \
src/libostree/ostree-blob-reader-base64.c \
src/libostree/ostree-blob-reader-base64.h \
src/libostree/ostree-blob-reader-raw.c \
src/libostree/ostree-blob-reader-raw.h \
src/libostree/ostree-blob-reader-pem.c \
src/libostree/ostree-blob-reader-pem.h \
src/libostree/ostree-blob-reader-private.h \
$(NULL)

if USE_COMPOSEFS
Expand Down
1 change: 1 addition & 0 deletions Makefile-otcore.am
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ libotcore_la_SOURCES = \
src/libotcore/otcore.h \
src/libotcore/otcore-ed25519-verify.c \
src/libotcore/otcore-prepare-root.c \
src/libotcore/otcore-spki-verify.c \
$(NULL)

libotcore_la_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/libglnx -I$(srcdir)/src/libotutil -DLOCALEDIR=\"$(datadir)/locale\" $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_INTERNAL_GPGME_CFLAGS) $(OT_DEP_CRYPTO_LIBS) $(LIBSYSTEMD_CFLAGS)
Expand Down
22 changes: 20 additions & 2 deletions Makefile-tests.am
Original file line number Diff line number Diff line change
Expand Up @@ -156,12 +156,24 @@ _installed_or_uninstalled_test_scripts = \
tests/test-summary-collections.sh \
tests/test-pull-collections.sh \
tests/test-config.sh \
tests/test-signed-commit.sh \
tests/test-signed-commit-dummy.sh \
tests/test-signed-pull.sh \
tests/test-pre-signed-pull.sh \
tests/test-signed-pull-summary.sh \
$(NULL)

if HAVE_ED25519
_installed_or_uninstalled_test_scripts += \
tests/test-signed-commit-ed25519.sh \
$(NULL)
endif

if HAVE_SPKI
_installed_or_uninstalled_test_scripts += \
tests/test-signed-commit-spki.sh \
$(NULL)
endif

if USE_GPGME
_installed_or_uninstalled_test_scripts += \
tests/test-remote-gpg-import.sh \
Expand Down Expand Up @@ -270,7 +282,7 @@ _installed_or_uninstalled_test_programs = tests/test-varint tests/test-ot-unix-u
tests/test-keyfile-utils tests/test-ot-opt-utils tests/test-ot-tool-util \
tests/test-checksum tests/test-lzma tests/test-rollsum \
tests/test-basic-c tests/test-sysroot-c tests/test-pull-c tests/test-repo tests/test-include-ostree-h tests/test-kargs \
tests/test-rfc2616-dates
tests/test-rfc2616-dates tests/test-pem

if USE_GPGME
_installed_or_uninstalled_test_programs += \
Expand Down Expand Up @@ -403,6 +415,12 @@ tests_test_rfc2616_dates_SOURCES = \
tests_test_rfc2616_dates_CFLAGS = $(TESTS_CFLAGS)
tests_test_rfc2616_dates_LDADD = $(TESTS_LDADD)

tests_test_pem_SOURCES = \
src/libostree/ostree-blob-reader-pem.c \
tests/test-pem.c
tests_test_pem_CFLAGS = $(TESTS_CFLAGS)
tests_test_pem_LDADD = $(TESTS_LDADD)

noinst_PROGRAMS += tests/test-commit-sign-sh-ext
tests_test_commit_sign_sh_ext_CFLAGS = $(TESTS_CFLAGS)
tests_test_commit_sign_sh_ext_LDADD = $(TESTS_LDADD)
Expand Down
9 changes: 9 additions & 0 deletions apidoc/ostree-sections.txt
Original file line number Diff line number Diff line change
Expand Up @@ -767,6 +767,15 @@ ostree_sign_metadata_key
ostree_sign_set_pk
ostree_sign_set_sk
ostree_sign_summary
ostree_sign_read_pk
ostree_sign_read_sk
<SUBSECTION Standard>
ostree_sign_get_type
</SECTION>

<SECTION>
<FILE>ostree-blob-reader</FILE>
ostree_blob_reader_read_blob
<SUBSECTION Standard>
ostree_blob_reader_get_type
</SECTION>
15 changes: 12 additions & 3 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -452,10 +452,19 @@ if test x$with_openssl != xno; then OSTREE_FEATURES="$OSTREE_FEATURES openssl";
AM_CONDITIONAL(USE_OPENSSL, test $with_openssl != no)
dnl end openssl

if test x$with_openssl != xno || test x$with_ed25519_libsodium != xno; then
AM_CONDITIONAL([HAVE_ED25519], [test x$with_openssl != xno || test x$with_ed25519_libsodium != xno])

AM_COND_IF([HAVE_ED25519], [
AC_DEFINE([HAVE_ED25519], 1, [Define if ed25519 is supported ])
OSTREE_FEATURES="$OSTREE_FEATURES sign-ed25519"
fi
])

AM_CONDITIONAL([HAVE_SPKI], [test x$with_openssl != xno])

AM_COND_IF([HAVE_SPKI], [
AC_DEFINE([HAVE_SPKI], 1, [Define if spki is supported ])
OSTREE_FEATURES="$OSTREE_FEATURES sign-spki"
])

dnl begin gnutls; in contrast to openssl this one only
dnl supports --with-crypto=gnutls
Expand Down Expand Up @@ -697,7 +706,7 @@ echo "
systemd: $with_libsystemd
libmount: $with_libmount
libsodium (ed25519 signatures): $with_ed25519_libsodium
openssl (ed25519 signatures): $with_openssl
openssl (ed25519 and spki signatures): $with_openssl
libarchive (parse tar files directly): $with_libarchive
static deltas: yes (always enabled now)
O_TMPFILE: $enable_otmpfile
Expand Down
7 changes: 4 additions & 3 deletions man/ostree-commit.xml
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
<term><option>-s, --sign-type</option></term>
<listitem><para>
Use particular signature engine. Currently
available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
available <arg choice="plain">ed25519</arg>, <arg choice="plain">spki</arg>, and <arg choice="plain">dummy</arg>
signature types.

The default is <arg choice="plain">ed25519</arg>.
Expand All @@ -323,7 +323,8 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
<varlistentry>
<term><option>--sign-from-file</option>="PATH"</term>
<listitem><para>
This will read a key (corresponding to the provided <literal>--sign-type</literal> from the provided path. The key should be base64 encoded.
This will read a key (corresponding to the provided <literal>--sign-type</literal> from the provided path. The encoding of the key depends on
signature engine. For ed25519 the key should be base64 encoded, for spki it should be in PEM format, and for dummy it should be an ASCII-string.
</para></listitem>
</varlistentry>

Expand All @@ -337,7 +338,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
The <literal>KEY-ID</literal> is:
<variablelist>
<varlistentry>
<term><option>for ed25519:</option></term>
<term><option>for ed25519 and spki:</option></term>
<listitem><para>
<literal>base64</literal>-encoded secret key for commit signing.
</para></listitem>
Expand Down
28 changes: 15 additions & 13 deletions man/ostree-sign.xml
Original file line number Diff line number Diff line change
Expand Up @@ -64,26 +64,28 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
</para>

<para>
There are several "well-known" system places for `ed25519` trusted and revoked public keys -- expected single <literal>base64</literal>-encoded key per line.
For `ed25519` and `spki`, there are several "well-known" system places for trusted and revoked public keys as listed below.
</para>

<para>Files:
<itemizedlist>
<listitem><para><filename>/etc/ostree/trusted.ed25519</filename></para></listitem>
<listitem><para><filename>/etc/ostree/revoked.ed25519</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/trusted.ed25519</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/revoked.ed25519</filename></para></listitem>
<listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
<listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
</itemizedlist>
</para>

<para>Directories containing files with keys:
<itemizedlist>
<listitem><para><filename>/etc/ostree/trusted.ed25519.d</filename></para></listitem>
<listitem><para><filename>/etc/ostree/revoked.ed25519.d</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/trusted.ed25519.d</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/rvokeded.ed25519.d</filename></para></listitem>
<listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
<listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
<listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
</itemizedlist>
</para>

<para>The format of those files depends on the signature mechanism; for `ed25519`, keys are stored in the <literal>base64</literal> encoding per line, while for `spki` they are stored in the PEM "PUBLIC KEY" encoding.</para>
</refsect1>

<refsect1>
Expand All @@ -95,7 +97,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
<listitem><para>
<variablelist>
<varlistentry>
<term><option>for ed25519:</option></term>
<term><option>for ed25519 and spki:</option></term>
<listitem><para>
<literal>base64</literal>-encoded secret (for signing) or public key (for verifying).
</para></listitem>
Expand All @@ -120,7 +122,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
<term><option>-s, --sign-type</option></term>
<listitem><para>
Use particular signature mechanism. Currently
available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
available <arg choice="plain">ed25519</arg>, <arg choice="plain">spki</arg>, and <arg choice="plain">dummy</arg>
signature types.

The default is <arg choice="plain">ed25519</arg>.
Expand All @@ -133,8 +135,8 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
</para></listitem>

<listitem><para>
Valid for <literal>ed25519</literal> signature type.
For <literal>ed25519</literal> this file must contain <literal>base64</literal>-encoded
Valid for <literal>ed25519</literal> and <literal>spki</literal> signature types.
This file must contain <literal>base64</literal>-encoded
secret key(s) (for signing) or public key(s) (for verifying) per line.
</para></listitem>
</varlistentry>
Expand Down
1 change: 1 addition & 0 deletions rust-bindings/sys/tests/constant.c
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ main ()
PRINT_CONSTANT (OSTREE_SHA256_DIGEST_LEN);
PRINT_CONSTANT (OSTREE_SHA256_STRING_LEN);
PRINT_CONSTANT (OSTREE_SIGN_NAME_ED25519);
PRINT_CONSTANT (OSTREE_SIGN_NAME_SPKI);
PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_LOWLATENCY);
PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_MAJOR);
PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_INDEX_FLAGS_NONE);
Expand Down
8 changes: 8 additions & 0 deletions src/libostree/libostree-devel.sym
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,14 @@
- uncomment the include in Makefile-libostree.am
*/

LIBOSTREE_2024.8 {
global:
ostree_sign_read_pk;
ostree_sign_read_sk;
ostree_blob_reader_get_type;
ostree_blob_reader_read_blob;
} LIBOSTREE_2024.7;

/* Stub section for the stable release *after* this development one; don't
* edit this other than to update the year. This is just a copy/paste
* source. Replace $LASTSTABLE with the last stable version, and $NEWVERSION
Expand Down
80 changes: 80 additions & 0 deletions src/libostree/ostree-blob-reader-base64.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
/*
* Copyright (C) 2024 Red Hat, Inc.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <https://www.gnu.org/licenses/>.
*/

#include "config.h"

#include "ostree-blob-reader-base64.h"

struct _OstreeBlobReaderBase64
{
GDataInputStream parent_instance;
};

static void ostree_blob_reader_base64_iface_init (OstreeBlobReaderInterface *iface);

G_DEFINE_TYPE_WITH_CODE (OstreeBlobReaderBase64, _ostree_blob_reader_base64,
G_TYPE_DATA_INPUT_STREAM,
G_IMPLEMENT_INTERFACE (OSTREE_TYPE_BLOB_READER,
ostree_blob_reader_base64_iface_init));

static void
ostree_blob_reader_base64_iface_init (OstreeBlobReaderInterface *iface)
{
iface->read_blob = ostree_blob_reader_base64_read_blob;
}

static void
_ostree_blob_reader_base64_class_init (OstreeBlobReaderBase64Class *klass)
{
}

static void
_ostree_blob_reader_base64_init (OstreeBlobReaderBase64 *self)
{
}

OstreeBlobReaderBase64 *
_ostree_blob_reader_base64_new (GInputStream *stream)
{
return g_object_new (OSTREE_TYPE_BLOB_READER_BASE64, "base-stream", stream, NULL);
}

GBytes *
ostree_blob_reader_base64_read_blob (OstreeBlobReader *self, GCancellable *cancellable,
GError **error)
{
gsize len = 0;
g_autoptr (GError) local_error = NULL;
g_autofree char *line
= g_data_input_stream_read_line (G_DATA_INPUT_STREAM (self), &len, cancellable, &local_error);
if (local_error != NULL)
{
g_propagate_error (error, g_steal_pointer (&local_error));
return NULL;
}

if (line == NULL)
return NULL;

gsize n_elements;
g_base64_decode_inplace (line, &n_elements);
explicit_bzero (line + n_elements, len - n_elements);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is worthy of the same comment you have in a similar place /* Don't leak the trailing encoded bytes */ later in the code (maybe also worthy of a shared helper function?).

But also...I don't fully grasp the threat model here...aren't the decoded bytes equally sensitive? In what cases would the trailing data in the malloc buffer be somehow accessible when the full buffer wouldn't?

Don't get me wrong, not arguing against it, but I would just like to understand a little bit more.


return g_bytes_new_take (g_steal_pointer (&line), n_elements);
}
39 changes: 39 additions & 0 deletions src/libostree/ostree-blob-reader-base64.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
* Copyright (C) 2024 Red Hat, Inc.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <https://www.gnu.org/licenses/>.
*/

#pragma once

#include "ostree-blob-reader.h"

G_BEGIN_DECLS

#define OSTREE_TYPE_BLOB_READER_BASE64 (_ostree_blob_reader_base64_get_type ())

_OSTREE_PUBLIC
G_DECLARE_FINAL_TYPE (OstreeBlobReaderBase64, _ostree_blob_reader_base64, OSTREE,
BLOB_READER_BASE64, GDataInputStream);

_OSTREE_PUBLIC
OstreeBlobReaderBase64 *_ostree_blob_reader_base64_new (GInputStream *stream);

_OSTREE_PUBLIC
GBytes *ostree_blob_reader_base64_read_blob (OstreeBlobReader *self, GCancellable *cancellable,
GError **error);

G_END_DECLS
Loading
Loading