sign: Support spki signature type

The current "ed25519" signing type assumes raw Ed25519 key format for both public and private keys. That requires custom processing of keys after generated with openssl tools, and also lacks cryptographic agility[1]; when Ed25519 becomes vulnerable, it would not be straightforward to migrate to other algorithms, such as post-quantum signature algorithms. This patch adds a new signature type "spki" which uses the X.509 SubjectPublicKeyInfo format for public keys. Keys in this format can easily be created with openssl tools and provide crypto agility as the format embeds algorithm identifier. Currently, the corresponding private keys shall be in the PKCS#8 format, while future extensions may support other format such as opaque key handles on a hardware token. The "spki" signature type prefers keys to be encoded in the PEM format on disk, while it still accepts base64 encoded keys when given through the command-line. 1. https://en.wikipedia.org/wiki/Cryptographic_agility Signed-off-by: Daiki Ueno <[email protected]>
ostreedev · Sep 17, 2024 · e83eda0 · e83eda0
1 parent 5583563
commit e83eda0
Show file tree

Hide file tree

Showing 17 changed files with 1,128 additions and 61 deletions.
diff --git a/Makefile-libostree.am b/Makefile-libostree.am
@@ -261,6 +261,8 @@ libostree_1_la_SOURCES += \
 	src/libostree/ostree-sign-dummy.h \
 	src/libostree/ostree-sign-ed25519.c \
 	src/libostree/ostree-sign-ed25519.h \
+	src/libostree/ostree-sign-spki.c \
+	src/libostree/ostree-sign-spki.h \
 	src/libostree/ostree-sign-private.h \
 	src/libostree/ostree-blob-reader.c \
 	src/libostree/ostree-blob-reader.h \

diff --git a/Makefile-otcore.am b/Makefile-otcore.am
@@ -19,6 +19,7 @@ libotcore_la_SOURCES = \
 	src/libotcore/otcore.h \
     src/libotcore/otcore-ed25519-verify.c \
     src/libotcore/otcore-prepare-root.c \
+    src/libotcore/otcore-spki-verify.c \
 	$(NULL)
 
 libotcore_la_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/libglnx -I$(srcdir)/src/libotutil -DLOCALEDIR=\"$(datadir)/locale\" $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_INTERNAL_GPGME_CFLAGS) $(OT_DEP_CRYPTO_LIBS) $(LIBSYSTEMD_CFLAGS)

diff --git a/Makefile-tests.am b/Makefile-tests.am
@@ -156,12 +156,24 @@ _installed_or_uninstalled_test_scripts = \
 	tests/test-summary-collections.sh \
 	tests/test-pull-collections.sh \
 	tests/test-config.sh \
-	tests/test-signed-commit.sh \
+	tests/test-signed-commit-dummy.sh \
 	tests/test-signed-pull.sh \
 	tests/test-pre-signed-pull.sh \
 	tests/test-signed-pull-summary.sh \
 	$(NULL)
 
+if HAVE_ED25519
+_installed_or_uninstalled_test_scripts += \
+	tests/test-signed-commit-ed25519.sh \
+	$(NULL)
+endif
+
+if HAVE_SPKI
+_installed_or_uninstalled_test_scripts += \
+	tests/test-signed-commit-spki.sh \
+	$(NULL)
+endif
+
 if USE_GPGME
 _installed_or_uninstalled_test_scripts += \
 	tests/test-remote-gpg-import.sh \

diff --git a/configure.ac b/configure.ac
@@ -452,10 +452,19 @@ if test x$with_openssl != xno; then OSTREE_FEATURES="$OSTREE_FEATURES openssl";
 AM_CONDITIONAL(USE_OPENSSL, test $with_openssl != no)
 dnl end openssl
 
-if test x$with_openssl != xno || test x$with_ed25519_libsodium != xno; then
+AM_CONDITIONAL([HAVE_ED25519], [test x$with_openssl != xno || test x$with_ed25519_libsodium != xno])
+
+AM_COND_IF([HAVE_ED25519], [
    AC_DEFINE([HAVE_ED25519], 1, [Define if ed25519 is supported ])
    OSTREE_FEATURES="$OSTREE_FEATURES sign-ed25519"
-fi
+])
+
+AM_CONDITIONAL([HAVE_SPKI], [test x$with_openssl != xno])
+
+AM_COND_IF([HAVE_SPKI], [
+   AC_DEFINE([HAVE_SPKI], 1, [Define if spki is supported ])
+   OSTREE_FEATURES="$OSTREE_FEATURES sign-spki"
+])
 
 dnl begin gnutls; in contrast to openssl this one only
 dnl supports --with-crypto=gnutls
@@ -697,7 +706,7 @@ echo "
     systemd:                                      $with_libsystemd
     libmount:                                     $with_libmount
     libsodium (ed25519 signatures):               $with_ed25519_libsodium
-    openssl (ed25519 signatures):                 $with_openssl
+    openssl (ed25519 and spki signatures):        $with_openssl
     libarchive (parse tar files directly):        $with_libarchive
     static deltas:                                yes (always enabled now)
     O_TMPFILE:                                    $enable_otmpfile

diff --git a/man/ostree-commit.xml b/man/ostree-commit.xml
@@ -312,7 +312,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 <term><option>-s, --sign-type</option></term>
                 <listitem><para>
                     Use particular signature engine. Currently
-                    available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
+                    available <arg choice="plain">ed25519</arg>, <arg choice="plain">spki</arg>, and <arg choice="plain">dummy</arg>
                     signature types.
 
                     The default is <arg choice="plain">ed25519</arg>.
@@ -323,7 +323,8 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
             <varlistentry>
                 <term><option>--sign-from-file</option>="PATH"</term>
                 <listitem><para>
-                        This will read a key (corresponding to the provided <literal>--sign-type</literal> from the provided path.  The key should be base64 encoded.
+                        This will read a key (corresponding to the provided <literal>--sign-type</literal> from the provided path.  The encoding of the key depends on
+			signature engine. For ed25519 the key should be base64 encoded, for spki it should be in PEM format, and for dummy it should be an ASCII-string.
                 </para></listitem>
             </varlistentry>
 
@@ -337,7 +338,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                         The <literal>KEY-ID</literal> is:
                         <variablelist>
                             <varlistentry>
-                                <term><option>for ed25519:</option></term>
+                                <term><option>for ed25519 and spki:</option></term>
                                 <listitem><para>
                                         <literal>base64</literal>-encoded secret key for commit signing.
                                 </para></listitem>

diff --git a/man/ostree-sign.xml b/man/ostree-sign.xml
@@ -64,26 +64,28 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
         </para>
 
         <para>
-            There are several "well-known" system places for `ed25519` trusted and revoked public keys -- expected single <literal>base64</literal>-encoded key per line.
+            For `ed25519` and `spki`, there are several "well-known" system places for trusted and revoked public keys as listed below.
         </para>
 
         <para>Files:
             <itemizedlist>
-                <listitem><para><filename>/etc/ostree/trusted.ed25519</filename></para></listitem>
-                <listitem><para><filename>/etc/ostree/revoked.ed25519</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/trusted.ed25519</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/revoked.ed25519</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
             </itemizedlist>
         </para>
 
         <para>Directories containing files with keys:
             <itemizedlist>
-                <listitem><para><filename>/etc/ostree/trusted.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/etc/ostree/revoked.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/trusted.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/revoked.ed25519.d</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
             </itemizedlist>
         </para>
+
+	<para>The format of those files depends on the signature mechanism; for `ed25519`, keys are stored in the <literal>base64</literal> encoding per line, while for `spki` they are stored in the PEM "PUBLIC KEY" encoding.</para>
     </refsect1>
 
     <refsect1>
@@ -95,7 +97,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 <listitem><para>
                         <variablelist>
                             <varlistentry>
-                                <term><option>for ed25519:</option></term>
+                                <term><option>for ed25519 and spki:</option></term>
                                 <listitem><para>
                                         <literal>base64</literal>-encoded secret (for signing) or public key (for verifying).
                                 </para></listitem>
@@ -120,7 +122,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 <term><option>-s, --sign-type</option></term>
                 <listitem><para>
                     Use particular signature mechanism. Currently
-                    available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
+                    available <arg choice="plain">ed25519</arg>, <arg choice="plain">spki</arg>, and <arg choice="plain">dummy</arg>
                     signature types.
 
                     The default is <arg choice="plain">ed25519</arg>.
@@ -133,8 +135,8 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 </para></listitem>
 
                 <listitem><para>
-                    Valid for <literal>ed25519</literal> signature type.
-                    For <literal>ed25519</literal> this file must contain <literal>base64</literal>-encoded
+                    Valid for <literal>ed25519</literal> and <literal>spki</literal> signature types.
+                    This file must contain <literal>base64</literal>-encoded
                     secret key(s) (for signing) or public key(s) (for verifying) per line.
                 </para></listitem>
             </varlistentry>

diff --git a/rust-bindings/sys/tests/constant.c b/rust-bindings/sys/tests/constant.c
@@ -157,6 +157,7 @@ main ()
   PRINT_CONSTANT (OSTREE_SHA256_DIGEST_LEN);
   PRINT_CONSTANT (OSTREE_SHA256_STRING_LEN);
   PRINT_CONSTANT (OSTREE_SIGN_NAME_ED25519);
+  PRINT_CONSTANT (OSTREE_SIGN_NAME_SPKI);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_LOWLATENCY);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_MAJOR);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_INDEX_FLAGS_NONE);