From e339fdbbd0b81dc1fcdc2032e861b8a5fa6e062d Mon Sep 17 00:00:00 2001

From: Jes Sorensen <jsorensen@fb.com>

Date: Mon, 20 Apr 2020 13:40:26 -0400

Subject: [PATCH 26/33] fsverity - add tag for fsverity algorithm

The default algorith is SHA256, but fsverity allows for other

algorithms, so add a tag to handle this.

Signed-off-by: Jes Sorensen <jsorensen@fb.com>

---

 lib/package.c        |  1 +

 lib/rpmfi.c          |  2 ++

 lib/rpmtag.h         |  2 ++

 sign/rpmsignverity.c | 32 ++++++++++++++++++++++++++++----

 4 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/lib/package.c b/lib/package.c

index c6108f686..3c761d365 100644

--- a/lib/package.c

+++ b/lib/package.c

@@ -46,6 +46,7 @@ struct taglate_s {

     { RPMSIGTAG_FILESIGNATURES, RPMTAG_FILESIGNATURES, 0, 1 },

     { RPMSIGTAG_FILESIGNATURELENGTH, RPMTAG_FILESIGNATURELENGTH, 1, 1 },

     { RPMSIGTAG_VERITYSIGNATURES, RPMTAG_VERITYSIGNATURES, 0, 0 },

+    { RPMSIGTAG_VERITYSIGNATUREALGO, RPMTAG_VERITYSIGNATUREALGO, 1, 0 },

     { RPMSIGTAG_SHA1, RPMTAG_SHA1HEADER, 1, 0 },

     { RPMSIGTAG_SHA256, RPMTAG_SHA256HEADER, 1, 0 },

     { RPMSIGTAG_DSA, RPMTAG_DSAHEADER, 0, 0 },

diff --git a/lib/rpmfi.c b/lib/rpmfi.c

index 5fdbe02a2..70f05f509 100644

--- a/lib/rpmfi.c

+++ b/lib/rpmfi.c

@@ -118,6 +118,7 @@ struct rpmfiles_s {

     int digestalgo;		/*!< File digest algorithm */

     uint32_t *signatureoffs;	/*!< File signature offsets */

     int veritysiglength;	/*!< Verity signature length */

+    uint16_t verityalgo;	/*!< Verity algorithm */

     unsigned char * digests;	/*!< File digests in binary. */

     unsigned char * signatures; /*!< File signatures in binary. */

     unsigned char * veritysigs; /*!< Verity signatures in binary. */

@@ -1667,6 +1668,7 @@ static int rpmfilesPopulate(rpmfiles fi, Header h, rpmfiFlags flags)

     fi->veritysigs = NULL;

     if (!(flags & RPMFI_NOVERITYSIGNATURES)) {

+	fi->verityalgo = headerGetNumber(h, RPMTAG_VERITYSIGNATUREALGO);

 	fi->veritysigs = base2bin(h, RPMTAG_VERITYSIGNATURES,

 				  totalfc, &fi->veritysiglength);

     }

diff --git a/lib/rpmtag.h b/lib/rpmtag.h

index 478457ecb..8d1efcc79 100644

--- a/lib/rpmtag.h

+++ b/lib/rpmtag.h

@@ -68,6 +68,7 @@ typedef enum rpmTag_e {

     /* RPMTAG_SIG_BASE+18 reserved for RPMSIGTAG_FILESIGNATURES */

     /* RPMTAG_SIG_BASE+19 reserved for RPMSIGTAG_FILESIGNATURELENGTH */

     RPMTAG_VERITYSIGNATURES	= RPMTAG_SIG_BASE+20,	/* s[] */

+    RPMTAG_VERITYSIGNATUREALGO	= RPMTAG_SIG_BASE+21,	/* i */

     RPMTAG_NAME  		= 1000,	/* s */

 #define	RPMTAG_N	RPMTAG_NAME	/* s */

@@ -431,6 +432,7 @@ typedef enum rpmSigTag_e {

     RPMSIGTAG_FILESIGNATURES		= RPMTAG_SIG_BASE + 18,

     RPMSIGTAG_FILESIGNATURELENGTH	= RPMTAG_SIG_BASE + 19,

     RPMSIGTAG_VERITYSIGNATURES		= RPMTAG_VERITYSIGNATURES,

+    RPMSIGTAG_VERITYSIGNATUREALGO	= RPMTAG_VERITYSIGNATUREALGO,

 } rpmSigTag;

diff --git a/sign/rpmsignverity.c b/sign/rpmsignverity.c

index 445e1197c..55096e732 100644

--- a/sign/rpmsignverity.c

+++ b/sign/rpmsignverity.c

@@ -35,7 +35,7 @@ static int rpmVerityRead(void *opaque, void *buf, size_t size)

 }

 static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key,

-			       char *keypass, char *cert)

+			       char *keypass, char *cert, uint16_t algo)

 {

     struct libfsverity_merkle_tree_params params;

     struct libfsverity_signature_params sig_params;

@@ -52,7 +52,7 @@ static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key,

     memset(&params, 0, sizeof(struct libfsverity_merkle_tree_params));

     params.version = 1;

-    params.hash_algorithm = FS_VERITY_HASH_ALG_SHA256;

+    params.hash_algorithm = algo;

     params.block_size = RPM_FSVERITY_BLKSZ;

     params.salt_size = 0 /* salt_size */;

     params.salt = NULL /* salt */;

@@ -111,6 +111,8 @@ rpmRC rpmSignVerity(FD_t fd, Header sigh, Header h, char *key,

     char **signatures = NULL;

     size_t sig_size;

     int nr_files, idx;

+    uint16_t algo;

+    uint32_t algo32;

     Fseek(fd, 0, SEEK_SET);

     rpmtsSetVSFlags(ts, RPMVSF_MASK_NODIGESTS | RPMVSF_MASK_NOSIGNATURES |

@@ -142,6 +144,7 @@ rpmRC rpmSignVerity(FD_t fd, Header sigh, Header h, char *key,

      * Should this be sigh from the cloned fd or the sigh we received?

      */

     headerDel(sigh, RPMSIGTAG_VERITYSIGNATURES);

+    headerDel(sigh, RPMSIGTAG_VERITYSIGNATUREALGO);

     /*

      * The payload doesn't include special files, like ghost files, and

@@ -153,20 +156,24 @@ rpmRC rpmSignVerity(FD_t fd, Header sigh, Header h, char *key,

     nr_files = rpmfiFC(hfi);

     signatures = xcalloc(nr_files, sizeof(char *));

+    algo = FS_VERITY_HASH_ALG_SHA256;

+

     rpmlog(RPMLOG_DEBUG, _("file count - header: %i, payload %i\n"),

 	   nr_files, rpmfiFC(fi));

     while (rpmfiNext(fi) >= 0) {

 	idx = rpmfiFX(fi);

-	signatures[idx] = rpmVeritySignFile(fi, &sig_size, key, keypass, cert);

+	signatures[idx] = rpmVeritySignFile(fi, &sig_size, key, keypass, cert,

+					    algo);

     }

     while (rpmfiNext(hfi) >= 0) {

 	idx = rpmfiFX(hfi);

 	if (signatures[idx])

 	    continue;

-	signatures[idx] = rpmVeritySignFile(hfi, &sig_size, key, keypass, cert);

+	signatures[idx] = rpmVeritySignFile(hfi, &sig_size, key, keypass, cert,

+					    algo);

     }

     rpmtdReset(&td);

@@ -187,6 +194,23 @@ rpmRC rpmSignVerity(FD_t fd, Header sigh, Header h, char *key,

 	signatures[idx] = NULL;

     }

+    if (sig_size == 0) {

+	rpmlog(RPMLOG_ERR, _("Zero length fsverity signature\n"));

+	rc = RPMRC_FAIL;

+	goto out;

+    }

+

+    rpmtdReset(&td);

+

+    /* RPM doesn't like new 16 bit types, so use a 32 bit tag */

+    algo32 = algo;

+    rpmtdReset(&td);

+    td.tag = RPMSIGTAG_VERITYSIGNATUREALGO;

+    td.type = RPM_INT32_TYPE;

+    td.data = &algo32;

+    td.count = 1;

+    headerPut(sigh, &td, HEADERPUT_DEFAULT);

+

     rpmlog(RPMLOG_DEBUG, _("sigh size: %i\n"), headerSizeof(sigh, 0));

     rc = RPMRC_OK;

-- 

2.27.0