[Rpm-maint] [rpm-software-management/rpm] OpenPGP Backend based on Sequoia (Issue #1978)

nwalfield notifications at github.com
Wed Apr 13 07:57:30 UTC 2022 

The patch is now tiny.  It changes `configure.ac` to check for [`rpm-sequoia`](https://gitlab.com/sequoia-pgp/rpm-sequoia), which is also the default OpenPGP backend, and it sets a few compiler / linker flags.

I'd like to better document the build instructures, but it seems like the README is not the right place for that.  Where should I mention `rpm-sequoia`'s location?

The test suite fails in two ways for me:

```
267: rpmkeys --import rsa (rpmdb)                    FAILED (rpmsigdig.at:196)
269: rpmkeys --import invalid keys                   FAILED (rpmsigdig.at:304)
```

267 fails this way:

```
...
runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
runroot rpm -qi gpg-pubkey-1964c5fc-58e63918|grep -v Date|grep -v Version:
runroot rpm -q --provides gpg-pubkey-1964c5fc-58e63918

--- -	2022-04-13 07:47:25.043536656 +0000
+++ /home/us/neal/work/pep/rpm/b/tests/rpmtests.dir/at-groups/267/stdout	2022-04-13 07:47:25.030411393 +0000
@@ -44,4 +44,6 @@
 gpg(rpm.org RSA testkey <rsa at rpm.org>) = 4:4344591e1964c5fc-58e63918
 gpg(1964c5fc) = 4:4344591e1964c5fc-58e63918
 gpg(4344591e1964c5fc) = 4:4344591e1964c5fc-58e63918
+gpg(f00650f8) = 4:185e6146f00650f8-58e63918
+gpg(185e6146f00650f8) = 4:185e6146f00650f8-58e63918
 
267. rpmsigdig.at:194: 267. rpmkeys --import rsa (rpmdb) (rpmsigdig.at:194): FAILED (rpmsigdig.at:196)
```

The Sequoia backend returns the f00650f8 subkey, which the internal parser does not:

```
$ sq inspect rpm.org-rsa-2048-test.pub
rpm.org-rsa-2048-test.pub: OpenPGP Certificate.

    Fingerprint: 771B18D3D7BAA28734333C424344591E1964C5FC
Public-key algo: RSA (Encrypt or Sign)
Public-key size: 2048 bits
  Creation time: 2017-04-06 12:48:24 UTC
      Key flags: certification, signing

         Subkey: B31E5AA680AF713915901533185E6146F00650F8
Public-key algo: RSA (Encrypt or Sign)
Public-key size: 2048 bits
  Creation time: 2017-04-06 12:48:24 UTC
      Key flags: transport encryption, data-at-rest encryption

         UserID: rpm.org RSA testkey <rsa at rpm.org>
```

This is because the Sequoia backend returns all subkeys and [checks for validity when checking a signature](https://gitlab.com/sequoia-pgp/rpm-sequoia/-/blob/2e4005b2/src/lib.rs#L376-398).

269 fails in a similar way:

```
runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc

--- -	2022-04-13 07:47:37.877968868 +0000
+++ /home/us/neal/work/pep/rpm/b/tests/rpmtests.dir/at-groups/269/stderr	2022-04-13 07:47:37.866432615 +0000
@@ -1,2 +1 @@
-error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.
 
../../tests/rpmsigdig.at:304: exit code was 0, expected 1
269. rpmsigdig.at:300: 269. rpmkeys --import invalid keys (rpmsigdig.at:300): FAILED (rpmsigdig.at:304)
```

Again, the Sequoia backend returns an invalid subkey, which it would refuse to use to verify a message.

Note: this approach is sensible as some of the validity checks depend on the current time.  By checking these variants at signature verification time, we avoid a potential TOCTOU bug.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1978#issuecomment-1097677144
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/1978/1097677144 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220413/9eaf6b1b/attachment.html>

More information about the Rpm-maint mailing list