sign-ed25519: Drop some uses of libsodium

This adds some defines for ed25519 key sizes and drops uses of the libsodium defines for these, as well as replacing sodium_bin2hex use with ot_bin2hex. Some code that wes optionally built before are now always built. The goal for this is to support both libsodium and openssl. Also fixes return value of _load_pk_from_stream(). It used to always return FALSE.
ostreedev · Jul 7, 2023 · 501575c · 501575c
1 parent 5b72775
commit 501575c
Showing 1 changed file with 32 additions and 48 deletions.
diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
@@ -25,6 +25,7 @@
 
 #include "ostree-sign-ed25519.h"
 #include <libglnx.h>
+#include <ot-checksum-utils.h>
 #ifdef HAVE_LIBSODIUM
 #include <sodium.h>
 #endif
@@ -37,6 +38,12 @@
 #define OSTREE_SIGN_METADATA_ED25519_KEY "ostree.sign.ed25519"
 #define OSTREE_SIGN_METADATA_ED25519_TYPE "aay"
 
+#define OSTREE_SIGN_ED25519_SIG_SIZE 64U
+#define OSTREE_SIGN_ED25519_PUBKEY_SIZE 32U
+#define OSTREE_SIGN_ED25519_SEED_SIZE 32U
+#define OSTREE_SIGN_ED25519_SECKEY_SIZE \
+  (OSTREE_SIGN_ED25519_SEED_SIZE + OSTREE_SIGN_ED25519_PUBKEY_SIZE)
+
 typedef enum
 {
   ED25519_OK,
@@ -151,13 +158,11 @@ ostree_sign_ed25519_data (OstreeSign *self, GBytes *data, GBytes **signature,
   return FALSE;
 }
 
-#ifdef HAVE_LIBSODIUM
 static gint
 _compare_ed25519_keys (gconstpointer a, gconstpointer b)
 {
-  return memcmp (a, b, crypto_sign_PUBLICKEYBYTES);
+  return memcmp (a, b, OSTREE_SIGN_ED25519_PUBKEY_SIZE);
 }
-#endif
 
 gboolean
 ostree_sign_ed25519_data_verify (OstreeSign *self, GBytes *data, GVariant *signatures,
@@ -179,7 +184,6 @@ ostree_sign_ed25519_data_verify (OstreeSign *self, GBytes *data, GVariant *signa
   if (!g_variant_is_of_type (signatures, (GVariantType *)OSTREE_SIGN_METADATA_ED25519_TYPE))
     return glnx_throw (error, "ed25519: wrong type passed for verification");
 
-#ifdef HAVE_LIBSODIUM
   /* If no keys pre-loaded then,
    * try to load public keys from storage(s) */
   if (sign->public_keys == NULL)
@@ -204,13 +208,13 @@ ostree_sign_ed25519_data_verify (OstreeSign *self, GBytes *data, GVariant *signa
       g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
       g_autoptr (GBytes) signature = g_variant_get_data_as_bytes (child);
 
-      if (g_bytes_get_size (signature) != crypto_sign_BYTES)
-        return glnx_throw (error,
-                           "Invalid signature length of %" G_GSIZE_FORMAT
-                           " bytes, expected %" G_GSIZE_FORMAT,
-                           (gsize)g_bytes_get_size (signature), (gsize)crypto_sign_BYTES);
+      if (g_bytes_get_size (signature) != OSTREE_SIGN_ED25519_SIG_SIZE)
+        return glnx_throw (
+            error,
+            "Invalid signature length of %" G_GSIZE_FORMAT " bytes, expected %" G_GSIZE_FORMAT,
+            (gsize)g_bytes_get_size (signature), (gsize)OSTREE_SIGN_ED25519_SIG_SIZE);
 
-      g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES * 2 + 1);
+      g_autofree char *hex = g_malloc0 (OSTREE_SIGN_ED25519_PUBKEY_SIZE * 2 + 1);
 
       g_debug ("Read signature %d: %s", (gint)i, g_variant_print (child, TRUE));
 
@@ -221,9 +225,8 @@ ostree_sign_ed25519_data_verify (OstreeSign *self, GBytes *data, GVariant *signa
           if (g_list_find_custom (sign->revoked_keys, public_key->data, _compare_ed25519_keys)
               != NULL)
             {
-              g_debug ("Skip revoked key '%s'",
-                       sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES * 2 + 1, public_key->data,
-                                       crypto_sign_PUBLICKEYBYTES));
+              ot_bin2hex (hex, public_key->data, OSTREE_SIGN_ED25519_PUBKEY_SIZE);
+              g_debug ("Skip revoked key '%s'", hex);
               continue;
             }
 
@@ -238,19 +241,16 @@ ostree_sign_ed25519_data_verify (OstreeSign *self, GBytes *data, GVariant *signa
               else
                 g_string_append (invalid_signatures, "; ");
               n_invalid_signatures++;
-              g_string_append_printf (invalid_signatures, "key '%s'",
-                                      sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES * 2 + 1,
-                                                      public_key->data,
-                                                      crypto_sign_PUBLICKEYBYTES));
+              ot_bin2hex (hex, public_key->data, OSTREE_SIGN_ED25519_PUBKEY_SIZE);
+              g_string_append_printf (invalid_signatures, "key '%s'", hex);
             }
           else
             {
               if (out_success_message)
                 {
+                  ot_bin2hex (hex, public_key->data, OSTREE_SIGN_ED25519_PUBKEY_SIZE);
                   *out_success_message = g_strdup_printf (
-                      "ed25519: Signature verified successfully with key '%s'",
-                      sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES * 2 + 1, public_key->data,
-                                      crypto_sign_PUBLICKEYBYTES));
+                      "ed25519: Signature verified successfully with key '%s'", hex);
                 }
               return TRUE;
             }
@@ -270,9 +270,6 @@ ostree_sign_ed25519_data_verify (OstreeSign *self, GBytes *data, GVariant *signa
                          invalid_signatures->str);
     }
   return glnx_throw (error, "ed25519: no signatures found");
-#endif /* HAVE_LIBSODIUM */
-
-  return FALSE;
 }
 
 const gchar *
@@ -307,11 +304,10 @@ ostree_sign_ed25519_clear_keys (OstreeSign *self, GError **error)
   if (!_ostree_sign_ed25519_is_initialized (sign, error))
     return FALSE;
 
-#ifdef HAVE_LIBSODIUM
   /* Clear secret key */
   if (sign->secret_key != NULL)
     {
-      memset (sign->secret_key, 0, crypto_sign_SECRETKEYBYTES);
+      memset (sign->secret_key, 0, OSTREE_SIGN_ED25519_SECKEY_SIZE);
       g_free (sign->secret_key);
       sign->secret_key = NULL;
     }
@@ -331,9 +327,6 @@ ostree_sign_ed25519_clear_keys (OstreeSign *self, GError **error)
     }
 
   return TRUE;
-#endif /* HAVE_LIBSODIUM */
-
-  return FALSE;
 }
 
 /* Support 2 representations:
@@ -348,7 +341,6 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err
   if (!ostree_sign_ed25519_clear_keys (self, error))
     return FALSE;
 
-#ifdef HAVE_LIBSODIUM
   OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private (OSTREE_SIGN_ED25519 (self));
 
   gsize n_elements = 0;
@@ -368,13 +360,10 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err
       return glnx_throw (error, "Unknown ed25519 secret key type");
     }
 
-  if (n_elements != crypto_sign_SECRETKEYBYTES)
+  if (n_elements != OSTREE_SIGN_ED25519_SECKEY_SIZE)
     return glnx_throw (error, "Incorrect ed25519 secret key");
 
   return TRUE;
-#endif /* HAVE_LIBSODIUM */
-
-  return FALSE;
 }
 
 /* Support 2 representations:
@@ -406,7 +395,6 @@ ostree_sign_ed25519_add_pk (OstreeSign *self, GVariant *public_key, GError **err
   if (!_ostree_sign_ed25519_is_initialized (sign, error))
     return FALSE;
 
-#ifdef HAVE_LIBSODIUM
   gpointer key = NULL;
   gsize n_elements = 0;
 
@@ -424,24 +412,22 @@ ostree_sign_ed25519_add_pk (OstreeSign *self, GVariant *public_key, GError **err
       return glnx_throw (error, "Unknown ed25519 public key type");
     }
 
-  if (n_elements != crypto_sign_PUBLICKEYBYTES)
+  if (n_elements != OSTREE_SIGN_ED25519_PUBKEY_SIZE)
     return glnx_throw (error, "Incorrect ed25519 public key");
 
-  g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES * 2 + 1);
-  g_debug ("Read ed25519 public key = %s",
-           sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES * 2 + 1, key, n_elements));
+  g_autofree char *hex = g_malloc0 (OSTREE_SIGN_ED25519_PUBKEY_SIZE * 2 + 1);
+  ot_bin2hex (hex, key, n_elements);
+  g_debug ("Read ed25519 public key = %s", hex);
 
   if (g_list_find_custom (sign->public_keys, key, _compare_ed25519_keys) == NULL)
     {
       gpointer newkey = g_memdup2 (key, n_elements);
       sign->public_keys = g_list_prepend (sign->public_keys, newkey);
     }
 
-#endif /* HAVE_LIBSODIUM */
   return TRUE;
 }
 
-#ifdef HAVE_LIBSODIUM
 /* Add revoked public key */
 static gboolean
 _ed25519_add_revoked (OstreeSign *self, GVariant *revoked_key, GError **error)
@@ -457,14 +443,14 @@ _ed25519_add_revoked (OstreeSign *self, GVariant *revoked_key, GError **error)
   gsize n_elements = 0;
   gpointer key = g_base64_decode (rk_ascii, &n_elements);
 
-  if (n_elements != crypto_sign_PUBLICKEYBYTES)
+  if (n_elements != OSTREE_SIGN_ED25519_PUBKEY_SIZE)
     {
       return glnx_throw (error, "Incorrect ed25519 revoked key");
     }
 
-  g_autofree char *hex = g_malloc0 (crypto_sign_PUBLICKEYBYTES * 2 + 1);
-  g_debug ("Read ed25519 revoked key = %s",
-           sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES * 2 + 1, key, n_elements));
+  g_autofree char *hex = g_malloc0 (OSTREE_SIGN_ED25519_PUBKEY_SIZE * 2 + 1);
+  ot_bin2hex (hex, key, n_elements);
+  g_debug ("Read ed25519 revoked key = %s", hex);
 
   if (g_list_find_custom (sign->revoked_keys, key, _compare_ed25519_keys) == NULL)
     {
@@ -474,7 +460,6 @@ _ed25519_add_revoked (OstreeSign *self, GVariant *revoked_key, GError **error)
 
   return TRUE;
 }
-#endif /* HAVE_LIBSODIUM */
 
 static gboolean
 _load_pk_from_stream (OstreeSign *self, GDataInputStream *key_data_in, gboolean trusted,
@@ -483,7 +468,6 @@ _load_pk_from_stream (OstreeSign *self, GDataInputStream *key_data_in, gboolean
   if (key_data_in == NULL)
     return glnx_throw (error, "ed25519: unable to read from NULL key-data input stream");
 
-#ifdef HAVE_LIBSODIUM
   gboolean ret = FALSE;
 
   /* Use simple file format with just a list of base64 public keys per line */
@@ -519,8 +503,8 @@ _load_pk_from_stream (OstreeSign *self, GDataInputStream *key_data_in, gboolean
       if (added)
         ret = TRUE;
     }
-#endif /* HAVE_LIBSODIUM */
-  return FALSE;
+
+  return ret;
 }
 
 static gboolean