sign: Support x509 signature type

The current "ed25519" signing type assumes raw Ed25519 key format for both public and private keys. That requires custom processing of keys after generated with openssl tools, and also lacks cryptographic agility[1]; when Ed25519 becomes vulnerable, it would not be straightforward to migrate to other algorithms. This patch adds a new signature type "x509" to use the key formats natively supported by OpenSSL (PKCS#8 and SubjectPublicKeyInfo) and capable of embedding algorithm identifier in an X.509 format, while the support for the original key format is preserved for backward compatibility. As a PoC of the feature, this adds a couple of new tests using Ed448, instead of Ed25519, in tests/test-signed-commit.sh. 1. https://en.wikipedia.org/wiki/Cryptographic_agility Signed-off-by: Daiki Ueno <dueno@redhat.com>
ostreedev · Aug 9, 2024 · d8a7c74 · d8a7c74
1 parent 97fdd9c
commit d8a7c74
Show file tree

Hide file tree

Showing 16 changed files with 1,110 additions and 59 deletions.
diff --git a/Makefile-libostree.am b/Makefile-libostree.am
@@ -262,6 +262,8 @@ libostree_1_la_SOURCES += \
 	src/libostree/ostree-sign-ed25519.c \
 	src/libostree/ostree-sign-ed25519.h \
 	src/libostree/ostree-sign-private.h \
+	src/libostree/ostree-sign-x509.c \
+	src/libostree/ostree-sign-x509.h \
 	$(NULL)
 
 if USE_COMPOSEFS

diff --git a/Makefile-otcore.am b/Makefile-otcore.am
@@ -19,6 +19,7 @@ libotcore_la_SOURCES = \
 	src/libotcore/otcore.h \
     src/libotcore/otcore-ed25519-verify.c \
     src/libotcore/otcore-prepare-root.c \
+    src/libotcore/otcore-x509-verify.c \
 	$(NULL)
 
 libotcore_la_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/libglnx -I$(srcdir)/src/libotutil -DLOCALEDIR=\"$(datadir)/locale\" $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_INTERNAL_GPGME_CFLAGS) $(OT_DEP_CRYPTO_LIBS) $(LIBSYSTEMD_CFLAGS)

diff --git a/Makefile-tests.am b/Makefile-tests.am
@@ -155,12 +155,24 @@ _installed_or_uninstalled_test_scripts = \
 	tests/test-summary-collections.sh \
 	tests/test-pull-collections.sh \
 	tests/test-config.sh \
-	tests/test-signed-commit.sh \
+	tests/test-signed-commit-dummy.sh \
 	tests/test-signed-pull.sh \
 	tests/test-pre-signed-pull.sh \
 	tests/test-signed-pull-summary.sh \
 	$(NULL)
 
+if HAVE_ED25519
+_installed_or_uninstalled_test_scripts += \
+	tests/test-signed-commit-ed25519.sh \
+	$(NULL)
+endif
+
+if HAVE_X509
+_installed_or_uninstalled_test_scripts += \
+	tests/test-signed-commit-x509.sh \
+	$(NULL)
+endif
+
 if USE_GPGME
 _installed_or_uninstalled_test_scripts += \
 	tests/test-remote-gpg-import.sh \

diff --git a/configure.ac b/configure.ac
@@ -452,10 +452,19 @@ if test x$with_openssl != xno; then OSTREE_FEATURES="$OSTREE_FEATURES openssl";
 AM_CONDITIONAL(USE_OPENSSL, test $with_openssl != no)
 dnl end openssl
 
-if test x$with_openssl != xno || test x$with_ed25519_libsodium != xno; then
+AM_CONDITIONAL([HAVE_ED25519], [test x$with_openssl != xno || test x$with_ed25519_libsodium != xno])
+
+AM_COND_IF([HAVE_ED25519], [
    AC_DEFINE([HAVE_ED25519], 1, [Define if ed25519 is supported ])
    OSTREE_FEATURES="$OSTREE_FEATURES sign-ed25519"
-fi
+])
+
+AM_CONDITIONAL([HAVE_X509], [test x$with_openssl != xno])
+
+AM_COND_IF([HAVE_X509], [
+   AC_DEFINE([HAVE_X509], 1, [Define if x509 is supported ])
+   OSTREE_FEATURES="$OSTREE_FEATURES sign-x509"
+])
 
 dnl begin gnutls; in contrast to openssl this one only
 dnl supports --with-crypto=gnutls
@@ -697,7 +706,7 @@ echo "
     systemd:                                      $with_libsystemd
     libmount:                                     $with_libmount
     libsodium (ed25519 signatures):               $with_ed25519_libsodium
-    openssl (ed25519 signatures):                 $with_openssl
+    openssl (ed25519 and x509 signatures):        $with_openssl
     libarchive (parse tar files directly):        $with_libarchive
     static deltas:                                yes (always enabled now)
     O_TMPFILE:                                    $enable_otmpfile

diff --git a/man/ostree-sign.xml b/man/ostree-sign.xml
@@ -64,24 +64,24 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
         </para>
 
         <para>
-            There are several "well-known" system places for `ed25519` trusted and revoked public keys -- expected single <literal>base64</literal>-encoded key per line.
+            For `ed25519` and `x509`, there are several "well-known" system places trusted and revoked public keys -- expected single <literal>base64</literal>-encoded key per line.
         </para>
 
         <para>Files:
             <itemizedlist>
-                <listitem><para><filename>/etc/ostree/trusted.ed25519</filename></para></listitem>
-                <listitem><para><filename>/etc/ostree/revoked.ed25519</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/trusted.ed25519</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/revoked.ed25519</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
             </itemizedlist>
         </para>
 
         <para>Directories containing files with keys:
             <itemizedlist>
-                <listitem><para><filename>/etc/ostree/trusted.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/etc/ostree/revoked.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/trusted.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/rvokeded.ed25519.d</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
             </itemizedlist>
         </para>
     </refsect1>
@@ -95,7 +95,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 <listitem><para>
                         <variablelist>
                             <varlistentry>
-                                <term><option>for ed25519:</option></term>
+                                <term><option>for ed25519 and x509:</option></term>
                                 <listitem><para>
                                         <literal>base64</literal>-encoded secret (for signing) or public key (for verifying).
                                 </para></listitem>
@@ -120,7 +120,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 <term><option>-s, --sign-type</option></term>
                 <listitem><para>
                     Use particular signature mechanism. Currently
-                    available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
+                    available <arg choice="plain">ed25519</arg>, <arg choice="plain">x509</arg>, and <arg choice="plain">dummy</arg>
                     signature types.
 
                     The default is <arg choice="plain">ed25519</arg>.
@@ -133,8 +133,8 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 </para></listitem>
 
                 <listitem><para>
-                    Valid for <literal>ed25519</literal> signature type.
-                    For <literal>ed25519</literal> this file must contain <literal>base64</literal>-encoded
+                    Valid for <literal>ed25519</literal> and <literal>x509</literal> signature types.
+                    This file must contain <literal>base64</literal>-encoded
                     secret key(s) (for signing) or public key(s) (for verifying) per line.
                 </para></listitem>
             </varlistentry>

diff --git a/rust-bindings/sys/tests/constant.c b/rust-bindings/sys/tests/constant.c
@@ -157,6 +157,7 @@ main ()
   PRINT_CONSTANT (OSTREE_SHA256_DIGEST_LEN);
   PRINT_CONSTANT (OSTREE_SHA256_STRING_LEN);
   PRINT_CONSTANT (OSTREE_SIGN_NAME_ED25519);
+  PRINT_CONSTANT (OSTREE_SIGN_NAME_X509);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_LOWLATENCY);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_MAJOR);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_INDEX_FLAGS_NONE);