sign: Support x509 signature type

The current "ed25519" signing type assumes raw Ed25519 key format for
both public and private keys. That requires custom processing of keys
after generated with openssl tools, and also lacks cryptographic
agility[1]; when Ed25519 becomes vulnerable, it would not be
straightforward to migrate to other algorithms.

This patch adds a new signature type "x509" to use the key formats
natively supported by OpenSSL (PKCS#8 and SubjectPublicKeyInfo) and
capable of embedding algorithm identifier in an X.509 format, while
the support for the original key format is preserved for backward
compatibility.

As a PoC of the feature, this adds a couple of new tests using Ed448,
instead of Ed25519, in tests/test-signed-commit.sh.

1. https://en.wikipedia.org/wiki/Cryptographic_agility

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: ueno

Makefile-libostree.am

@@ -262,6 +262,8 @@ libostree_1_la_SOURCES += \
 	src/libostree/ostree-sign-ed25519.c \
 	src/libostree/ostree-sign-ed25519.h \
 	src/libostree/ostree-sign-private.h \
+	src/libostree/ostree-sign-x509.c \
+	src/libostree/ostree-sign-x509.h \
 	$(NULL)
 
 if USE_COMPOSEFS

Makefile-otcore.am

@@ -19,6 +19,7 @@ libotcore_la_SOURCES = \
 	src/libotcore/otcore.h \
     src/libotcore/otcore-ed25519-verify.c \
     src/libotcore/otcore-prepare-root.c \
+    src/libotcore/otcore-x509-verify.c \
 	$(NULL)
 
 libotcore_la_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/libglnx -I$(srcdir)/src/libotutil -DLOCALEDIR=\"$(datadir)/locale\" $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_INTERNAL_GPGME_CFLAGS) $(OT_DEP_CRYPTO_LIBS) $(LIBSYSTEMD_CFLAGS)

Makefile-tests.am

@@ -155,12 +155,24 @@ _installed_or_uninstalled_test_scripts = \
 	tests/test-summary-collections.sh \
 	tests/test-pull-collections.sh \
 	tests/test-config.sh \
-	tests/test-signed-commit.sh \
+	tests/test-signed-commit-dummy.sh \
 	tests/test-signed-pull.sh \
 	tests/test-pre-signed-pull.sh \
 	tests/test-signed-pull-summary.sh \
 	$(NULL)
 
+if HAVE_ED25519
+_installed_or_uninstalled_test_scripts += \
+	tests/test-signed-commit-ed25519.sh \
+	$(NULL)
+endif
+
+if HAVE_X509
+_installed_or_uninstalled_test_scripts += \
+	tests/test-signed-commit-x509.sh \
+	$(NULL)
+endif
+
 if USE_GPGME
 _installed_or_uninstalled_test_scripts += \
 	tests/test-remote-gpg-import.sh \

configure.ac

@@ -452,10 +452,19 @@ if test x$with_openssl != xno; then OSTREE_FEATURES="$OSTREE_FEATURES openssl";
 AM_CONDITIONAL(USE_OPENSSL, test $with_openssl != no)
 dnl end openssl
 
-if test x$with_openssl != xno || test x$with_ed25519_libsodium != xno; then
+AM_CONDITIONAL([HAVE_ED25519], [test x$with_openssl != xno || test x$with_ed25519_libsodium != xno])
+
+AM_COND_IF([HAVE_ED25519], [
    AC_DEFINE([HAVE_ED25519], 1, [Define if ed25519 is supported ])
    OSTREE_FEATURES="$OSTREE_FEATURES sign-ed25519"
-fi
+])
+
+AM_CONDITIONAL([HAVE_X509], [test x$with_openssl != xno])
+
+AM_COND_IF([HAVE_X509], [
+   AC_DEFINE([HAVE_X509], 1, [Define if x509 is supported ])
+   OSTREE_FEATURES="$OSTREE_FEATURES sign-x509"
+])
 
 dnl begin gnutls; in contrast to openssl this one only
 dnl supports --with-crypto=gnutls
@@ -697,7 +706,7 @@ echo "
     systemd:                                      $with_libsystemd
     libmount:                                     $with_libmount
     libsodium (ed25519 signatures):               $with_ed25519_libsodium
-    openssl (ed25519 signatures):                 $with_openssl
+    openssl (ed25519 and x509 signatures):        $with_openssl
     libarchive (parse tar files directly):        $with_libarchive
     static deltas:                                yes (always enabled now)
     O_TMPFILE:                                    $enable_otmpfile

man/ostree-sign.xml

@@ -64,24 +64,24 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
         </para>
 
         <para>
-            There are several "well-known" system places for `ed25519` trusted and revoked public keys -- expected single <literal>base64</literal>-encoded key per line.
+            For `ed25519` and `x509`, there are several "well-known" system places trusted and revoked public keys -- expected single <literal>base64</literal>-encoded key per line.
         </para>
 
         <para>Files:
             <itemizedlist>
-                <listitem><para><filename>/etc/ostree/trusted.ed25519</filename></para></listitem>
-                <listitem><para><filename>/etc/ostree/revoked.ed25519</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/trusted.ed25519</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/revoked.ed25519</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable></filename></para></listitem>
             </itemizedlist>
         </para>
 
         <para>Directories containing files with keys:
             <itemizedlist>
-                <listitem><para><filename>/etc/ostree/trusted.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/etc/ostree/revoked.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/trusted.ed25519.d</filename></para></listitem>
-                <listitem><para><filename>/usr/share/ostree/rvokeded.ed25519.d</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/etc/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/trusted.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
+                <listitem><para><filename>/usr/share/ostree/revoked.<replaceable>SIGN-TYPE</replaceable>.d</filename></para></listitem>
             </itemizedlist>
         </para>
     </refsect1>
@@ -95,7 +95,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 <listitem><para>
                         <variablelist>
                             <varlistentry>
-                                <term><option>for ed25519:</option></term>
+                                <term><option>for ed25519 and x509:</option></term>
                                 <listitem><para>
                                         <literal>base64</literal>-encoded secret (for signing) or public key (for verifying).
                                 </para></listitem>
@@ -120,7 +120,7 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 <term><option>-s, --sign-type</option></term>
                 <listitem><para>
                     Use particular signature mechanism. Currently
-                    available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
+                    available <arg choice="plain">ed25519</arg>, <arg choice="plain">x509</arg>, and <arg choice="plain">dummy</arg>
                     signature types.
 
                     The default is <arg choice="plain">ed25519</arg>.
@@ -133,8 +133,8 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
                 </para></listitem>
 
                 <listitem><para>
-                    Valid for <literal>ed25519</literal> signature type.
-                    For <literal>ed25519</literal> this file must contain <literal>base64</literal>-encoded
+                    Valid for <literal>ed25519</literal> and <literal>x509</literal> signature types.
+                    This file must contain <literal>base64</literal>-encoded
                     secret key(s) (for signing) or public key(s) (for verifying) per line.
                 </para></listitem>
             </varlistentry>

rust-bindings/sys/tests/constant.c

@@ -157,6 +157,7 @@ main ()
   PRINT_CONSTANT (OSTREE_SHA256_DIGEST_LEN);
   PRINT_CONSTANT (OSTREE_SHA256_STRING_LEN);
   PRINT_CONSTANT (OSTREE_SIGN_NAME_ED25519);
+  PRINT_CONSTANT (OSTREE_SIGN_NAME_X509);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_LOWLATENCY);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_GENERATE_OPT_MAJOR);
   PRINT_CONSTANT ((gint)OSTREE_STATIC_DELTA_INDEX_FLAGS_NONE);