summaryrefslogtreecommitdiff
path: root/src/libostree/ostree-sign-ed25519.c
diff options
context:
space:
mode:
authorDenis Pynkin <denis.pynkin@collabora.com>2019-12-06 15:04:14 +0300
committerDenis Pynkin <denis.pynkin@collabora.com>2020-03-25 15:23:55 +0300
commitdd27461e221748c745ad3e63f787cf3f8b98cdde (patch)
tree30c6ce9b8f04e877d37a339809d238049976f260 /src/libostree/ostree-sign-ed25519.c
parentb4050b4a34721f1302ade2f6a82a1148a243b46c (diff)
downloadostree-dd27461e221748c745ad3e63f787cf3f8b98cdde.tar.gz
lib/sign: better error handling of ed25519 initialization
Add more precise error handling for ed25519 initialization. Check the initialization status at the beginning of every public function provided by ed25519 engine. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
Diffstat (limited to 'src/libostree/ostree-sign-ed25519.c')
-rw-r--r--src/libostree/ostree-sign-ed25519.c98
1 files changed, 69 insertions, 29 deletions
diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
index d28a5c32..6bf0b10b 100644
--- a/src/libostree/ostree-sign-ed25519.c
+++ b/src/libostree/ostree-sign-ed25519.c
@@ -39,10 +39,17 @@
#define OSTREE_SIGN_METADATA_ED25519_KEY "ostree.sign.ed25519"
#define OSTREE_SIGN_METADATA_ED25519_TYPE "aay"
+typedef enum
+{
+ ED25519_OK,
+ ED25519_NOT_SUPPORTED,
+ ED25519_FAILED_INITIALIZATION
+} ed25519_state;
+
struct _OstreeSignEd25519
{
GObject parent;
- gboolean initialized;
+ ed25519_state state;
guchar *secret_key;
GList *public_keys;
GList *revoked_keys;
@@ -86,22 +93,39 @@ _ostree_sign_ed25519_init (OstreeSignEd25519 *self)
{
g_debug ("%s enter", __FUNCTION__);
- self->initialized = TRUE;
+ self->state = ED25519_OK;
self->secret_key = NULL;
self->public_keys = NULL;
self->revoked_keys = NULL;
#ifdef HAVE_LIBSODIUM
if (sodium_init() < 0)
- {
- self->initialized = FALSE;
- g_warning ("libsodium library couldn't be initialized");
- }
+ self->state = ED25519_FAILED_INITIALIZATION;
#else
- g_error ("ed25519 signature isn't supported");
+ self->state = ED25519_NOT_SUPPORTED;
#endif /* HAVE_LIBSODIUM */
}
+static gboolean
+_ostree_sign_ed25519_is_initialized (OstreeSignEd25519 *self, GError **error)
+{
+ switch (self->state)
+ {
+ case ED25519_OK:
+ break;
+ case ED25519_NOT_SUPPORTED:
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+ "ed25519: engine is not supported");
+ return FALSE;
+ case ED25519_FAILED_INITIALIZATION:
+ g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+ "ed25519: libsodium library isn't initialized properly");
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
gboolean ostree_sign_ed25519_data (OstreeSign *self,
GBytes *data,
GBytes **signature,
@@ -117,10 +141,13 @@ gboolean ostree_sign_ed25519_data (OstreeSign *self,
guchar *sig = NULL;
#endif
- if ((sign->initialized != TRUE) || (sign->secret_key == NULL))
+ if (!_ostree_sign_ed25519_is_initialized (sign, error))
+ goto err;
+
+ if (sign->secret_key == NULL)
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Not able to sign: libsodium library isn't initialized properly");
+ "secret key is not set");
goto err;
}
#ifdef HAVE_LIBSODIUM
@@ -135,7 +162,7 @@ gboolean ostree_sign_ed25519_data (OstreeSign *self,
sign->secret_key))
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Not able to sign the object");
+ "fail to sign the object");
goto err;
}
@@ -143,6 +170,7 @@ gboolean ostree_sign_ed25519_data (OstreeSign *self,
return TRUE;
#endif /* HAVE_LIBSODIUM */
err:
+ g_prefix_error (error, "Not able to sign: ");
return FALSE;
}
@@ -165,11 +193,14 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
+ if (!_ostree_sign_ed25519_is_initialized (sign, error))
+ goto out;
+
if (signatures == NULL)
{
g_set_error_literal (error,
G_IO_ERROR, G_IO_ERROR_FAILED,
- "signature: ed25519: commit have no signatures of my type");
+ "ed25519: commit have no signatures of my type");
goto out;
}
@@ -177,14 +208,7 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
{
g_set_error_literal (error,
G_IO_ERROR, G_IO_ERROR_FAILED,
- "signature: ed25519: wrong type passed for verification");
- goto out;
- }
-
- if (sign->initialized != TRUE)
- {
- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Not able to verify: libsodium library isn't initialized properly");
+ "ed25519: wrong type passed for verification");
goto out;
}
@@ -248,10 +272,12 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
if (ret != TRUE)
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
- "Not able to verify: no valid signatures found");
+ "no valid signatures found");
#endif /* HAVE_LIBSODIUM */
out:
+ if (ret != TRUE)
+ g_prefix_error (error, "Not able to verify: ");
return ret;
}
@@ -283,9 +309,12 @@ gboolean ostree_sign_ed25519_clear_keys (OstreeSign *self,
g_debug ("%s enter", __FUNCTION__);
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
-#ifdef HAVE_LIBSODIUM
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
+ if (!_ostree_sign_ed25519_is_initialized (sign, error))
+ goto err;
+
+#ifdef HAVE_LIBSODIUM
/* Clear secret key */
if (sign->secret_key != NULL)
{
@@ -309,8 +338,9 @@ gboolean ostree_sign_ed25519_clear_keys (OstreeSign *self,
}
return TRUE;
-
#endif /* HAVE_LIBSODIUM */
+
+err:
return FALSE;
}
@@ -325,11 +355,13 @@ gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
g_debug ("%s enter", __FUNCTION__);
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
+
+ if (!ostree_sign_ed25519_clear_keys (self, error))
+ goto err;
+
#ifdef HAVE_LIBSODIUM
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
- ostree_sign_ed25519_clear_keys (self, error);
-
gsize n_elements = 0;
if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_STRING))
@@ -357,9 +389,9 @@ gboolean ostree_sign_ed25519_set_sk (OstreeSign *self,
}
return TRUE;
+#endif /* HAVE_LIBSODIUM */
err:
-#endif /* HAVE_LIBSODIUM */
return FALSE;
}
@@ -374,7 +406,8 @@ gboolean ostree_sign_ed25519_set_pk (OstreeSign *self,
g_debug ("%s enter", __FUNCTION__);
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
- ostree_sign_ed25519_clear_keys (self, error);
+ if (!ostree_sign_ed25519_clear_keys (self, error))
+ return FALSE;
return ostree_sign_ed25519_add_pk (self, public_key, error);
}
@@ -390,11 +423,14 @@ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self,
g_debug ("%s enter", __FUNCTION__);
g_return_val_if_fail (OSTREE_IS_SIGN (self), FALSE);
-#ifdef HAVE_LIBSODIUM
OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
+
+ if (!_ostree_sign_ed25519_is_initialized (sign, error))
+ goto err;
+
+#ifdef HAVE_LIBSODIUM
g_autofree char * hex = NULL;
gpointer key = NULL;
-
gsize n_elements = 0;
if (g_variant_is_of_type (public_key, G_VARIANT_TYPE_STRING))
@@ -430,9 +466,9 @@ gboolean ostree_sign_ed25519_add_pk (OstreeSign *self,
}
return TRUE;
+#endif /* HAVE_LIBSODIUM */
err:
-#endif /* HAVE_LIBSODIUM */
return FALSE;
}
@@ -679,6 +715,10 @@ ostree_sign_ed25519_load_pk (OstreeSign *self,
const gchar *filename = NULL;
+ OstreeSignEd25519 *sign = _ostree_sign_ed25519_get_instance_private(OSTREE_SIGN_ED25519(self));
+ if (!_ostree_sign_ed25519_is_initialized (sign, error))
+ return FALSE;
+
/* Read keys only from single file provided */
if (g_variant_lookup (options, "filename", "&s", &filename))
return _load_pk_from_file (self, filename, TRUE, error);
View Lorry Controller Status