sign/ed25519: Output failed signatures in error message

author Colin Walters <walters@verbum.org>

Tue, 16 Jun 2020 13:18:07 +0000 (13:18 +0000)

committer Denis Pynkin <denis.pynkin@collabora.com>

Tue, 16 Jun 2020 15:20:54 +0000 (18:20 +0300)
author Colin Walters <walters@verbum.org>
Tue, 16 Jun 2020 13:18:07 +0000 (13:18 +0000)
committer Denis Pynkin <denis.pynkin@collabora.com>
Tue, 16 Jun 2020 15:20:54 +0000 (18:20 +0300)
diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c

index 4d984d1e3bfc75afce9d28b90b9566a453bf5a87..05fbe5ebfd710e50f6a046095fd0b2efb431f71b 100644 (file)
--- a/src/libostree/ostree-sign-ed25519.c
+++ b/src/libostree/ostree-sign-ed25519.c
@@ -202,6 +202,9 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
  
    g_debug ("verify: data hash = 0x%x", g_bytes_hash(data));
  
+  g_autoptr(GString) invalid_signatures = NULL;
+  guint n_invalid_signatures = 0;
+
    for (gsize i = 0; i < g_variant_n_children(signatures); i++)
      {
        g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
@@ -230,8 +233,13 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
                                             public_key->data) != 0)
              {
                /* Incorrect signature! */
-              g_debug("Signature couldn't be verified with key '%s'",
-                      sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
+              if (invalid_signatures == NULL)
+                invalid_signatures = g_string_new ("");
+              else
+                g_string_append (invalid_signatures, "; ");
+              n_invalid_signatures++;
+              g_string_append_printf (invalid_signatures, "key '%s'",
+                                      sodium_bin2hex (hex, crypto_sign_PUBLICKEYBYTES*2+1, public_key->data, crypto_sign_PUBLICKEYBYTES));
              }
            else
              {
@@ -242,7 +250,17 @@ gboolean ostree_sign_ed25519_data_verify (OstreeSign *self,
          }
      }
  
-  return glnx_throw (error, "no valid ed25519 signatures found");
+  if (invalid_signatures)
+    {
+      g_assert_cmpuint (n_invalid_signatures, >, 0);
+      /* The test suite has a key ring with 100 keys.  This seems insane, let's
+       * cap a reasonable error message at 3.
+       */
+      if (n_invalid_signatures > 3)
+        return glnx_throw (error, "ed25519: Signature couldn't be verified; tried %u keys", n_invalid_signatures);
+      return glnx_throw (error, "ed25519: Signature couldn't be verified with: %s", invalid_signatures->str);
+    }
+  return glnx_throw (error, "ed25519: no signatures found");
  #endif /* HAVE_LIBSODIUM */
  
    return FALSE;
diff --git a/tests/test-pre-signed-pull.sh b/tests/test-pre-signed-pull.sh

index ae4e26f9742f58252b8727018fa2913e13d9564f..20f2b5973df4c337ed09a17e17b9967896772974 100755 (executable)
--- a/tests/test-pre-signed-pull.sh
+++ b/tests/test-pre-signed-pull.sh
@@ -48,5 +48,5 @@ ostree --repo=repo remote add badupstream --set=gpg-verify=false --sign-verify=e
  if ostree --repo=repo pull badupstream:testref 2>err.txt; then
      fatal "pulled with wrong key"
  fi
-assert_file_has_content err.txt 'error:.* no valid ed25519 signatures found'
+assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified with: key'
  echo "ok pre-signed pull"
diff --git a/tests/test-signed-commit.sh b/tests/test-signed-commit.sh

index 4dcf38a4871e05d5bc703eaca545626093dc8436..6bdbfdd60927efc9f74ce12566d074a4463440d4 100755 (executable)
--- a/tests/test-signed-commit.sh
+++ b/tests/test-signed-commit.sh
@@ -148,9 +148,10 @@ for((i=0;i<100;i++)); do
      gen_ed25519_random_public
  done > ${PUBKEYS}
  # Check if file contain no valid signatures
-if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT}; then
-    exit 1
+if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} 2>err.txt; then
+    fatal "validated with no signatures"
  fi
+assert_file_has_content err.txt 'error:.* ed25519: Signature couldn.t be verified; tried 100 keys'
  # Check if no valid signatures provided via args&file
  if ${CMD_PREFIX} ostree --repo=${test_tmpdir}/repo sign --verify --sign-type=ed25519 --keys-file=${PUBKEYS} ${COMMIT} ${WRONG_PUBLIC}; then
      exit 1
diff --git a/tests/test-signed-pull-summary.sh b/tests/test-signed-pull-summary.sh

index 6a2406351c3044fca46cd0c874e010a046a6e171..e953f2ea556801598960e74c61abaeb486e6c02d 100755 (executable)
--- a/tests/test-signed-pull-summary.sh
+++ b/tests/test-signed-pull-summary.sh
@@ -226,7 +226,7 @@ cp ${test_tmpdir}/ostree-srv/gnomerepo/summary.sig{.2,}
  if ${OSTREE} --repo=repo pull origin main 2>err.txt; then
      assert_not_reached "Successful pull with old summary"
  fi
-assert_file_has_content err.txt "no valid ed25519 signatures found"
+assert_file_has_content err.txt "ed25519: Signature couldn't be verified with: key"
  assert_has_file repo/tmp/cache/summaries/origin
  assert_has_file repo/tmp/cache/summaries/origin.sig
  cmp repo/tmp/cache/summaries/origin ${test_tmpdir}/ostree-srv/gnomerepo/summary.1 >&2
author	Colin Walters <walters@verbum.org>
	Tue, 16 Jun 2020 13:18:07 +0000 (13:18 +0000)
committer	Denis Pynkin <denis.pynkin@collabora.com>
	Tue, 16 Jun 2020 15:20:54 +0000 (18:20 +0300)
src/libostree/ostree-sign-ed25519.c		patch \| blob \| history
tests/test-pre-signed-pull.sh		patch \| blob \| history
tests/test-signed-commit.sh		patch \| blob \| history
tests/test-signed-pull-summary.sh		patch \| blob \| history