[PATCH 1 of 4] (issue181) Fix hardcoded values for RSA codesigning key size
Wald Commits
scm-commit at wald.intevation.org
Mon Jan 19 15:45:34 CET 2015
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1421678540 -3600
# Node ID f3e2df6b49bae98facc0c30278bc8a6f61d17d3d
# Parent c64b6c56ce96e1b01095bb54bafe23273ab80598
(issue181) Fix hardcoded values for RSA codesigning key size.
diff -r c64b6c56ce96 -r f3e2df6b49ba common/binverify.c
--- a/common/binverify.c Thu Jan 15 16:46:36 2015 +0100
+++ b/common/binverify.c Mon Jan 19 15:42:20 2015 +0100
@@ -11,11 +11,7 @@
#include "strhelp.h"
#include "logging.h"
#include "listutil.h"
-#ifdef RELEASE_BUILD
-#include "pubkey-release.h"
-#else
-#include "pubkey-test.h"
-#endif
+#include "pubkey.h"
bin_verify_result
verify_binary(const char *filename, size_t name_len)
diff -r c64b6c56ce96 -r f3e2df6b49ba common/pubkey.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/common/pubkey.h Mon Jan 19 15:42:20 2015 +0100
@@ -0,0 +1,10 @@
+#ifndef PUBKEY_H
+#define PUBKEY_H
+
+#ifdef RELEASE_BUILD
+#include "pubkey-release.h"
+#else
+#include "pubkey-test.h"
+#endif
+
+#endif // PUBKEY_H
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/createcertlistdialog.cpp
--- a/ui/createcertlistdialog.cpp Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/createcertlistdialog.cpp Mon Jan 19 15:42:20 2015 +0100
@@ -9,6 +9,8 @@
#include "sslhelp.h"
#include "administratorwindow.h"
+#include "pubkey.h"
+
#include <QDebug>
#include <QMessageBox>
#include <QDir>
@@ -142,10 +144,11 @@
return;
}
- /* Check that it is a 3072 bit RSA key as specified */
- if (!mPk->pk_info || pk_get_size(mPk) != 3072 ||
+ /* Check that it is a RSA key of the specified size */
+ if (!mPk->pk_info || pk_get_size(mPk) != TRUSTBRIDGE_RSA_KEY_SIZE ||
mPk->pk_info->type != POLARSSL_PK_RSA) {
- showErrorMessage(tr("Only 3072 bit RSA keys are supported by the current format."));
+ showErrorMessage(tr("Only %1 bit RSA keys are supported by the current format.").arg(
+ TRUSTBRIDGE_RSA_KEY_SIZE));
pk_free(mPk);
delete mPk;
mPk = NULL;
@@ -198,7 +201,7 @@
}
QByteArray signature = rsaSignSHA256Hash(sha256sum(listData), pk);
- if (signature.size() != 3072 / 8) {
+ if (signature.size() != TRUSTBRIDGE_RSA_KEY_SIZE / 8) {
qDebug() << "Signature creation returned signature of invalid size.";
return false;
}
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/createinstallerdialog.cpp
--- a/ui/createinstallerdialog.cpp Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/createinstallerdialog.cpp Mon Jan 19 15:42:20 2015 +0100
@@ -7,6 +7,7 @@
*/
#include "createinstallerdialog.h"
#include "sslhelp.h"
+#include "pubkey.h"
#include <QDebug>
#include <QTextEdit>
@@ -524,15 +525,16 @@
return false;
}
- /* Check that it is a 3072 bit RSA key as specified */
- if (!pk.pk_info || pk_get_size(&pk) != 3072 ||
+ /* Check that it is an RSA key that matches the size */
+ if (!pk.pk_info || pk_get_size(&pk) != TRUSTBRIDGE_RSA_CODESIGN_SIZE ||
pk.pk_info->type != POLARSSL_PK_RSA) {
if (pk.pk_info) {
qDebug() << pk.pk_info->type << "type";
}
qDebug() << POLARSSL_PK_RSA << "rsa";
qDebug() << "size " << pk_get_size(&pk);
- showErrorMessage(tr("Only 3072 bit RSA keys are supported by the current format."));
+ showErrorMessage(tr("Only %1 bit RSA keys are supported by the current format.").arg(
+ TRUSTBRIDGE_RSA_CODESIGN_SIZE));
pk_free(&pk);
return false;
}
@@ -563,7 +565,7 @@
const QByteArray signature = rsaSignSHA256Hash(sha256sum(inputContent), &pk);
pk_free(&pk);
- if (signature.size() != 3072 / 8) {
+ if (signature.size() != TRUSTBRIDGE_RSA_CODESIGN_SIZE / 8) {
qDebug() << "Signature creation returned signature of invalid size.";
return false;
}
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/l10n/administrator_de_DE.ts
--- a/ui/l10n/administrator_de_DE.ts Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/l10n/administrator_de_DE.ts Mon Jan 19 15:42:20 2015 +0100
@@ -260,111 +260,115 @@
<context>
<name>CreateCertListDialog</name>
<message>
- <location filename="../createcertlistdialog.cpp" line="30"/>
- <location filename="../createcertlistdialog.cpp" line="52"/>
+ <location filename="../createcertlistdialog.cpp" line="32"/>
+ <location filename="../createcertlistdialog.cpp" line="54"/>
<source>Save certificate list</source>
<translation>Zertifikatsliste speichern</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="54"/>
+ <location filename="../createcertlistdialog.cpp" line="56"/>
<source>Save all managed root certificates in a new, signed certificate list.</source>
<translation>Eine neue, signierte Zertifikatsliste erstellen.</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="84"/>
+ <location filename="../createcertlistdialog.cpp" line="86"/>
<source>In addition, each certificate list will be saved automatically in the archive directory:
</source>
<translation>Zusätzlich wird jede Zertifikatsliste automatisch in diesem Ordner Archiviert:
</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="94"/>
+ <location filename="../createcertlistdialog.cpp" line="96"/>
<source>Save list</source>
<translation>Liste speichern</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="96"/>
+ <location filename="../createcertlistdialog.cpp" line="98"/>
<source>Cancel</source>
<translation>Abbrechen</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="121"/>
+ <location filename="../createcertlistdialog.cpp" line="123"/>
<source>Error!</source>
<translation>Fehler!</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="159"/>
+ <location filename="../createcertlistdialog.cpp" line="150"/>
+ <source>Only %1 bit RSA keys are supported by the current format.</source>
+ <translation type="unfinished"></translation>
+ </message>
+ <message>
+ <location filename="../createcertlistdialog.cpp" line="162"/>
<source>Select certificate</source>
<translation>Zertifikat auswählen</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="244"/>
+ <location filename="../createcertlistdialog.cpp" line="247"/>
<source>Failed to write list to: %1</source>
<translation>Fehler beim schreiben der Liste in Datei: %1</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="137"/>
+ <location filename="../createcertlistdialog.cpp" line="139"/>
<source>Failed to load certificate: %1</source>
<translatorcomment>English wording is wrong</translatorcomment>
<translation>Fehler beim laden des Schlüssels: %1</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="65"/>
+ <location filename="../createcertlistdialog.cpp" line="67"/>
<source>Select signing key:</source>
<translation>Signaturschlüssel auswählen:</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="66"/>
+ <location filename="../createcertlistdialog.cpp" line="68"/>
<source>Select output folder:</source>
<translation>Ausgabeverzeichnis auswählen:</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="148"/>
<source>Only 3072 bit RSA keys are supported by the current format.</source>
- <translation>Nur 3027 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
+ <translation type="vanished">Nur 3027 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="172"/>
+ <location filename="../createcertlistdialog.cpp" line="175"/>
<source>Select target location</source>
<translation>Zielordner auswählen</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="228"/>
+ <location filename="../createcertlistdialog.cpp" line="231"/>
<source>Please select a valid rsa key.</source>
<translation>Kein Signaturschlüssel ausgewählt.</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="231"/>
+ <location filename="../createcertlistdialog.cpp" line="234"/>
<source>Please select an output location first.</source>
<translation>Kein Zielordner angegeben.</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="252"/>
+ <location filename="../createcertlistdialog.cpp" line="255"/>
<source>Failed to create archive location.</source>
<translation>Fehler beim erstellen des Archivordners.</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="257"/>
+ <location filename="../createcertlistdialog.cpp" line="260"/>
<source>Failed Archive a copy.</source>
<translation>Fehler beim speichern der Archivkopie.</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="265"/>
+ <location filename="../createcertlistdialog.cpp" line="268"/>
<source>Failed to update current_certificates.txt</source>
<translation>Fehler beim Aktualisieren von current_certificates.txt</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="271"/>
+ <location filename="../createcertlistdialog.cpp" line="274"/>
<source>Failed to write current_certificates file.</source>
<translation>Fehler beim schreiben der Datei "current_certificates".</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="284"/>
+ <location filename="../createcertlistdialog.cpp" line="287"/>
<source>Failed to calculate key hash.</source>
<translation>Fehler bei der Berechnung des Schlüsselfingerabdrucks.</translation>
</message>
<message>
- <location filename="../createcertlistdialog.cpp" line="302"/>
+ <location filename="../createcertlistdialog.cpp" line="305"/>
<source>Saved certificate list:
%1</source>
<translation>Zertifikatsliste gespeichert: %1</translation>
@@ -373,58 +377,58 @@
<context>
<name>CreateInstallerDialog</name>
<message>
- <location filename="../createinstallerdialog.cpp" line="48"/>
- <location filename="../createinstallerdialog.cpp" line="73"/>
+ <location filename="../createinstallerdialog.cpp" line="49"/>
+ <location filename="../createinstallerdialog.cpp" line="74"/>
<source>Create binary installer</source>
<translation>Installationspaket erstellen</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="75"/>
+ <location filename="../createinstallerdialog.cpp" line="76"/>
<source>Create and sign a TrustBridge binary installer.</source>
<translation>Erzeugt und signiert ein TrustBridge-Installationspaket.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="86"/>
+ <location filename="../createinstallerdialog.cpp" line="87"/>
<source>Select binary folder:</source>
<translation>Binärverzeichnis auswählen:</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="87"/>
+ <location filename="../createinstallerdialog.cpp" line="88"/>
<source>Select code signing certificate:</source>
<translation>Code-Signing-Zertifikat auswählen:</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="88"/>
+ <location filename="../createinstallerdialog.cpp" line="89"/>
<source>Select output folder:</source>
<translation>Ausgabeverzeichnis auswählen:</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="117"/>
+ <location filename="../createinstallerdialog.cpp" line="118"/>
<source>Create installer</source>
<translation>Installationspaket erzeugen</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="119"/>
+ <location filename="../createinstallerdialog.cpp" line="120"/>
<source>Cancel</source>
<translation>Abbrechen</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="262"/>
+ <location filename="../createinstallerdialog.cpp" line="263"/>
<source>Creating installer package...</source>
<translation>Installationspaket wird erstellt...</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="150"/>
+ <location filename="../createinstallerdialog.cpp" line="151"/>
<source>Select certificate</source>
<translation>Zertifikat auswählen</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="161"/>
+ <location filename="../createinstallerdialog.cpp" line="162"/>
<source>Select binary folder</source>
<translation>Binärverzeichnis auswählen</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="179"/>
+ <location filename="../createinstallerdialog.cpp" line="180"/>
<source>Error!</source>
<translation>Fehler!</translation>
</message>
@@ -433,141 +437,145 @@
<translation type="vanished">Installationspaket erstellt in %1.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="189"/>
+ <location filename="../createinstallerdialog.cpp" line="190"/>
<source>Signing installer package...</source>
<translation>Installationspaket signieren...</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="191"/>
+ <location filename="../createinstallerdialog.cpp" line="192"/>
<source>Failed to sign installer package.</source>
<translation>Fehler beim Signieren des Installationspakets.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="266"/>
+ <location filename="../createinstallerdialog.cpp" line="267"/>
<source>Please select an existing input folder.</source>
<translation>Bitte wählen Sie ein existierendes Eingabeverzeichnis.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="270"/>
+ <location filename="../createinstallerdialog.cpp" line="271"/>
<source>Please select a codesigning certificate.</source>
<translation>Bitte wählen Sie ein Code-Signing-Zertifikat.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="274"/>
+ <location filename="../createinstallerdialog.cpp" line="275"/>
<source>Please select a output folder.</source>
<translation>Bitte wählen Sie ein Ausgabeverzeichnis.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="281"/>
+ <location filename="../createinstallerdialog.cpp" line="282"/>
<source>Folder %1 does not appear to contain a meta.ini</source>
<translation>Das Verzeichnis %1 enthält keine meta.ini Datei</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="288"/>
+ <location filename="../createinstallerdialog.cpp" line="289"/>
<source>Failed to find the directory for linux binaries: %1</source>
<translation>Verzeichnis der Linux Anwendung '%1' konnte nicht gefunden werden.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="296"/>
+ <location filename="../createinstallerdialog.cpp" line="297"/>
<source>Failed to find a readable *.sh file in: %1</source>
<translation>Keine lesbare *.sh Datei in '%1' gefunden.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="500"/>
+ <location filename="../createinstallerdialog.cpp" line="501"/>
<source>Failed to sign binaries with osslsigncode.
Please check that %1 is a valid code signing certificate and that osslsigncode can be found in the PATH.</source>
<translation>Fehler beim Signieren der Binärpakete mit osslsigncode.
Bitte prüfen Sie, dass %1 ein gültiges Code-Signing-Zertifikat ist und osslsigncode im PATH gefunden wird.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="302"/>
+ <location filename="../createinstallerdialog.cpp" line="303"/>
<source>Signing Linux package...</source>
<translation>Signieren des Linux Pakets...</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="195"/>
+ <location filename="../createinstallerdialog.cpp" line="196"/>
<source>Calculating checksums...</source>
<translation>Prüfsummen berechnen...</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="196"/>
+ <location filename="../createinstallerdialog.cpp" line="197"/>
<source>Checksums:</source>
<translation>Prüfsummen:</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="206"/>
+ <location filename="../createinstallerdialog.cpp" line="207"/>
<source>Failed to open file "%1".</source>
<translation>Die Datei "%1" konnte nicht geöffnet werden.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="212"/>
+ <location filename="../createinstallerdialog.cpp" line="213"/>
<source>Failed to read file "%1".</source>
<translation>Die Datei "%1" konnte nicht gelesen werden.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="219"/>
+ <location filename="../createinstallerdialog.cpp" line="220"/>
<source>Failed to calculate checksums for "%1".</source>
<translation>Die Prüfsumme für "%1" konnte nicht berechnet werden.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="241"/>
+ <location filename="../createinstallerdialog.cpp" line="242"/>
<source>Successfully created the installation packages in "%1".</source>
<translation>Die Installationspakete wurden erfolgreich im Ordner: "%1" erstellt.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="322"/>
+ <location filename="../createinstallerdialog.cpp" line="323"/>
<source>Failed to sign linux package: %1</source>
<translation>Fehler beim signieren des Linux Paketes: %1</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="338"/>
+ <location filename="../createinstallerdialog.cpp" line="339"/>
<source>Creating NSIS package...</source>
<translation>NSIS-Paket wird erstellt...</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="377"/>
+ <location filename="../createinstallerdialog.cpp" line="378"/>
<source>Failed to find installer script at: %1 </source>
<translation>Installer skript konnte nicht unter: %1 gefunden werden</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="387"/>
+ <location filename="../createinstallerdialog.cpp" line="388"/>
<source>Failed to start makensis.
Please ensure that makensis is installed and in your PATH variable.</source>
<translation>Fehler beim Starten von makensis.
Bitte versichern Sie sich, dass makensis korrekt installiert und in der PATH-Variable enthalten ist.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="481"/>
+ <location filename="../createinstallerdialog.cpp" line="482"/>
<source>Signing binaries...</source>
<translation>Binärpakete werden signiert...</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="488"/>
+ <location filename="../createinstallerdialog.cpp" line="489"/>
<source>Failed to copy binaries to temporary location.</source>
<translation>Fehler beim Kopieren der Binärdaten in temporären Ort.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="521"/>
+ <location filename="../createinstallerdialog.cpp" line="522"/>
<source>Failed to load certificate: %1</source>
<translation>Fehler beim laden des Schlüssels: %1</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="535"/>
- <source>Only 3072 bit RSA keys are supported by the current format.</source>
- <translation>Nur 3072 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
+ <location filename="../createinstallerdialog.cpp" line="536"/>
+ <source>Only %1 bit RSA keys are supported by the current format.</source>
+ <translation type="unfinished"></translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="541"/>
+ <source>Only 3072 bit RSA keys are supported by the current format.</source>
+ <translation type="vanished">Nur 3072 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
+ </message>
+ <message>
+ <location filename="../createinstallerdialog.cpp" line="543"/>
<source>Failed to open input file: %1</source>
<translation>Fehler beim öffnen der Datei: %1</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="558"/>
+ <location filename="../createinstallerdialog.cpp" line="560"/>
<source>Failed to read input file: %1</source>
<translation>Fehler beim lesen der Datei: %1</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="171"/>
+ <location filename="../createinstallerdialog.cpp" line="172"/>
<source>Select target location</source>
<translation>Zielort auswählen</translation>
</message>
@@ -575,22 +583,22 @@
<context>
<name>FinishedDialog</name>
<message>
- <location filename="../createinstallerdialog.cpp" line="595"/>
+ <location filename="../createinstallerdialog.cpp" line="597"/>
<source>Successfully created installation package</source>
<translation>Installationspaket erfolgreich erstellt.</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="599"/>
+ <location filename="../createinstallerdialog.cpp" line="601"/>
<source>Error!</source>
<translation>Fehler!</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="610"/>
+ <location filename="../createinstallerdialog.cpp" line="612"/>
<source>Details</source>
<translation>Details</translation>
</message>
<message>
- <location filename="../createinstallerdialog.cpp" line="614"/>
+ <location filename="../createinstallerdialog.cpp" line="616"/>
<source>OK</source>
<translation>OK</translation>
</message>
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/sslhelp.cpp
--- a/ui/sslhelp.cpp Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/sslhelp.cpp Mon Jan 19 15:42:20 2015 +0100
@@ -76,10 +76,5 @@
return QByteArray();
}
- if (sig_len != 3072 / 8) {
- qDebug() << "Invalid size of signature: " << sig_len;
- return QByteArray();
- }
-
return QByteArray((const char *)sig, (int)sig_len);
}
More information about the Trustbridge-commits
mailing list