[PATCH 1 of 4] (issue181) Fix hardcoded values for RSA codesigning key size

Wald Commits scm-commit at wald.intevation.org
Mon Jan 19 15:45:34 CET 2015


# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1421678540 -3600
# Node ID f3e2df6b49bae98facc0c30278bc8a6f61d17d3d
# Parent  c64b6c56ce96e1b01095bb54bafe23273ab80598
(issue181) Fix hardcoded values for RSA codesigning key size.

diff -r c64b6c56ce96 -r f3e2df6b49ba common/binverify.c
--- a/common/binverify.c	Thu Jan 15 16:46:36 2015 +0100
+++ b/common/binverify.c	Mon Jan 19 15:42:20 2015 +0100
@@ -11,11 +11,7 @@
 #include "strhelp.h"
 #include "logging.h"
 #include "listutil.h"
-#ifdef RELEASE_BUILD
-#include "pubkey-release.h"
-#else
-#include "pubkey-test.h"
-#endif
+#include "pubkey.h"
 
 bin_verify_result
 verify_binary(const char *filename, size_t name_len)
diff -r c64b6c56ce96 -r f3e2df6b49ba common/pubkey.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/pubkey.h	Mon Jan 19 15:42:20 2015 +0100
@@ -0,0 +1,10 @@
+#ifndef PUBKEY_H
+#define PUBKEY_H
+
+#ifdef RELEASE_BUILD
+#include "pubkey-release.h"
+#else
+#include "pubkey-test.h"
+#endif
+
+#endif // PUBKEY_H
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/createcertlistdialog.cpp
--- a/ui/createcertlistdialog.cpp	Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/createcertlistdialog.cpp	Mon Jan 19 15:42:20 2015 +0100
@@ -9,6 +9,8 @@
 #include "sslhelp.h"
 #include "administratorwindow.h"
 
+#include "pubkey.h"
+
 #include <QDebug>
 #include <QMessageBox>
 #include <QDir>
@@ -142,10 +144,11 @@
         return;
     }
 
-    /* Check that it is a 3072 bit RSA key as specified */
-    if (!mPk->pk_info || pk_get_size(mPk) != 3072 ||
+    /* Check that it is a RSA key of the specified size */
+    if (!mPk->pk_info || pk_get_size(mPk) != TRUSTBRIDGE_RSA_KEY_SIZE ||
             mPk->pk_info->type != POLARSSL_PK_RSA) {
-        showErrorMessage(tr("Only 3072 bit RSA keys are supported by the current format."));
+        showErrorMessage(tr("Only %1 bit RSA keys are supported by the current format.").arg(
+                    TRUSTBRIDGE_RSA_KEY_SIZE));
         pk_free(mPk);
         delete mPk;
         mPk = NULL;
@@ -198,7 +201,7 @@
     }
 
     QByteArray signature = rsaSignSHA256Hash(sha256sum(listData), pk);
-    if (signature.size() != 3072 / 8) {
+    if (signature.size() != TRUSTBRIDGE_RSA_KEY_SIZE / 8) {
         qDebug() << "Signature creation returned signature of invalid size.";
         return false;
     }
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/createinstallerdialog.cpp
--- a/ui/createinstallerdialog.cpp	Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/createinstallerdialog.cpp	Mon Jan 19 15:42:20 2015 +0100
@@ -7,6 +7,7 @@
  */
 #include "createinstallerdialog.h"
 #include "sslhelp.h"
+#include "pubkey.h"
 
 #include <QDebug>
 #include <QTextEdit>
@@ -524,15 +525,16 @@
         return false;
     }
 
-    /* Check that it is a 3072 bit RSA key as specified */
-    if (!pk.pk_info || pk_get_size(&pk) != 3072 ||
+    /* Check that it is an RSA key that matches the size */
+    if (!pk.pk_info || pk_get_size(&pk) != TRUSTBRIDGE_RSA_CODESIGN_SIZE ||
             pk.pk_info->type != POLARSSL_PK_RSA) {
         if (pk.pk_info) {
             qDebug() << pk.pk_info->type << "type";
         }
         qDebug() << POLARSSL_PK_RSA << "rsa";
         qDebug() << "size " << pk_get_size(&pk);
-        showErrorMessage(tr("Only 3072 bit RSA keys are supported by the current format."));
+        showErrorMessage(tr("Only %1 bit RSA keys are supported by the current format.").arg(
+                    TRUSTBRIDGE_RSA_CODESIGN_SIZE));
         pk_free(&pk);
         return false;
     }
@@ -563,7 +565,7 @@
     const QByteArray signature = rsaSignSHA256Hash(sha256sum(inputContent), &pk);
 
     pk_free(&pk);
-    if (signature.size() != 3072 / 8) {
+    if (signature.size() != TRUSTBRIDGE_RSA_CODESIGN_SIZE / 8) {
         qDebug() << "Signature creation returned signature of invalid size.";
         return false;
     }
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/l10n/administrator_de_DE.ts
--- a/ui/l10n/administrator_de_DE.ts	Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/l10n/administrator_de_DE.ts	Mon Jan 19 15:42:20 2015 +0100
@@ -260,111 +260,115 @@
 <context>
     <name>CreateCertListDialog</name>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="30"/>
-        <location filename="../createcertlistdialog.cpp" line="52"/>
+        <location filename="../createcertlistdialog.cpp" line="32"/>
+        <location filename="../createcertlistdialog.cpp" line="54"/>
         <source>Save certificate list</source>
         <translation>Zertifikatsliste speichern</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="54"/>
+        <location filename="../createcertlistdialog.cpp" line="56"/>
         <source>Save all managed root certificates in a new, signed certificate list.</source>
         <translation>Eine neue, signierte Zertifikatsliste erstellen.</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="84"/>
+        <location filename="../createcertlistdialog.cpp" line="86"/>
         <source>In addition, each certificate list will be saved automatically in the archive directory:
 </source>
         <translation>Zusätzlich wird jede Zertifikatsliste automatisch in diesem Ordner Archiviert:
 </translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="94"/>
+        <location filename="../createcertlistdialog.cpp" line="96"/>
         <source>Save list</source>
         <translation>Liste speichern</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="96"/>
+        <location filename="../createcertlistdialog.cpp" line="98"/>
         <source>Cancel</source>
         <translation>Abbrechen</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="121"/>
+        <location filename="../createcertlistdialog.cpp" line="123"/>
         <source>Error!</source>
         <translation>Fehler!</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="159"/>
+        <location filename="../createcertlistdialog.cpp" line="150"/>
+        <source>Only %1 bit RSA keys are supported by the current format.</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../createcertlistdialog.cpp" line="162"/>
         <source>Select certificate</source>
         <translation>Zertifikat auswählen</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="244"/>
+        <location filename="../createcertlistdialog.cpp" line="247"/>
         <source>Failed to write list to: %1</source>
         <translation>Fehler beim schreiben der Liste in Datei: %1</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="137"/>
+        <location filename="../createcertlistdialog.cpp" line="139"/>
         <source>Failed to load certificate: %1</source>
         <translatorcomment>English wording is wrong</translatorcomment>
         <translation>Fehler beim laden des Schlüssels: %1</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="65"/>
+        <location filename="../createcertlistdialog.cpp" line="67"/>
         <source>Select signing key:</source>
         <translation>Signaturschlüssel auswählen:</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="66"/>
+        <location filename="../createcertlistdialog.cpp" line="68"/>
         <source>Select output folder:</source>
         <translation>Ausgabeverzeichnis auswählen:</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="148"/>
         <source>Only 3072 bit RSA keys are supported by the current format.</source>
-        <translation>Nur 3027 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
+        <translation type="vanished">Nur 3027 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="172"/>
+        <location filename="../createcertlistdialog.cpp" line="175"/>
         <source>Select target location</source>
         <translation>Zielordner auswählen</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="228"/>
+        <location filename="../createcertlistdialog.cpp" line="231"/>
         <source>Please select a valid rsa key.</source>
         <translation>Kein Signaturschlüssel ausgewählt.</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="231"/>
+        <location filename="../createcertlistdialog.cpp" line="234"/>
         <source>Please select an output location first.</source>
         <translation>Kein Zielordner angegeben.</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="252"/>
+        <location filename="../createcertlistdialog.cpp" line="255"/>
         <source>Failed to create archive location.</source>
         <translation>Fehler beim erstellen des Archivordners.</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="257"/>
+        <location filename="../createcertlistdialog.cpp" line="260"/>
         <source>Failed Archive a copy.</source>
         <translation>Fehler beim speichern der Archivkopie.</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="265"/>
+        <location filename="../createcertlistdialog.cpp" line="268"/>
         <source>Failed to update current_certificates.txt</source>
         <translation>Fehler beim Aktualisieren von current_certificates.txt</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="271"/>
+        <location filename="../createcertlistdialog.cpp" line="274"/>
         <source>Failed to write current_certificates file.</source>
         <translation>Fehler beim schreiben der Datei "current_certificates".</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="284"/>
+        <location filename="../createcertlistdialog.cpp" line="287"/>
         <source>Failed to calculate key hash.</source>
         <translation>Fehler bei der Berechnung des Schlüsselfingerabdrucks.</translation>
     </message>
     <message>
-        <location filename="../createcertlistdialog.cpp" line="302"/>
+        <location filename="../createcertlistdialog.cpp" line="305"/>
         <source>Saved certificate list:
 %1</source>
         <translation>Zertifikatsliste gespeichert: %1</translation>
@@ -373,58 +377,58 @@
 <context>
     <name>CreateInstallerDialog</name>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="48"/>
-        <location filename="../createinstallerdialog.cpp" line="73"/>
+        <location filename="../createinstallerdialog.cpp" line="49"/>
+        <location filename="../createinstallerdialog.cpp" line="74"/>
         <source>Create binary installer</source>
         <translation>Installationspaket erstellen</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="75"/>
+        <location filename="../createinstallerdialog.cpp" line="76"/>
         <source>Create and sign a TrustBridge binary installer.</source>
         <translation>Erzeugt und signiert ein TrustBridge-Installationspaket.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="86"/>
+        <location filename="../createinstallerdialog.cpp" line="87"/>
         <source>Select binary folder:</source>
         <translation>Binärverzeichnis auswählen:</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="87"/>
+        <location filename="../createinstallerdialog.cpp" line="88"/>
         <source>Select code signing certificate:</source>
         <translation>Code-Signing-Zertifikat auswählen:</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="88"/>
+        <location filename="../createinstallerdialog.cpp" line="89"/>
         <source>Select output folder:</source>
         <translation>Ausgabeverzeichnis auswählen:</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="117"/>
+        <location filename="../createinstallerdialog.cpp" line="118"/>
         <source>Create installer</source>
         <translation>Installationspaket erzeugen</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="119"/>
+        <location filename="../createinstallerdialog.cpp" line="120"/>
         <source>Cancel</source>
         <translation>Abbrechen</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="262"/>
+        <location filename="../createinstallerdialog.cpp" line="263"/>
         <source>Creating installer package...</source>
         <translation>Installationspaket wird erstellt...</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="150"/>
+        <location filename="../createinstallerdialog.cpp" line="151"/>
         <source>Select certificate</source>
         <translation>Zertifikat auswählen</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="161"/>
+        <location filename="../createinstallerdialog.cpp" line="162"/>
         <source>Select binary folder</source>
         <translation>Binärverzeichnis auswählen</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="179"/>
+        <location filename="../createinstallerdialog.cpp" line="180"/>
         <source>Error!</source>
         <translation>Fehler!</translation>
     </message>
@@ -433,141 +437,145 @@
         <translation type="vanished">Installationspaket erstellt in %1.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="189"/>
+        <location filename="../createinstallerdialog.cpp" line="190"/>
         <source>Signing installer package...</source>
         <translation>Installationspaket signieren...</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="191"/>
+        <location filename="../createinstallerdialog.cpp" line="192"/>
         <source>Failed to sign installer package.</source>
         <translation>Fehler beim Signieren des Installationspakets.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="266"/>
+        <location filename="../createinstallerdialog.cpp" line="267"/>
         <source>Please select an existing input folder.</source>
         <translation>Bitte wählen Sie ein existierendes Eingabeverzeichnis.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="270"/>
+        <location filename="../createinstallerdialog.cpp" line="271"/>
         <source>Please select a codesigning certificate.</source>
         <translation>Bitte wählen Sie ein Code-Signing-Zertifikat.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="274"/>
+        <location filename="../createinstallerdialog.cpp" line="275"/>
         <source>Please select a output folder.</source>
         <translation>Bitte wählen Sie ein Ausgabeverzeichnis.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="281"/>
+        <location filename="../createinstallerdialog.cpp" line="282"/>
         <source>Folder %1 does not appear to contain a meta.ini</source>
         <translation>Das Verzeichnis %1 enthält keine meta.ini Datei</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="288"/>
+        <location filename="../createinstallerdialog.cpp" line="289"/>
         <source>Failed to find the directory for linux binaries: %1</source>
         <translation>Verzeichnis der Linux Anwendung '%1' konnte nicht gefunden werden.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="296"/>
+        <location filename="../createinstallerdialog.cpp" line="297"/>
         <source>Failed to find a readable *.sh file in: %1</source>
         <translation>Keine lesbare *.sh Datei in '%1' gefunden.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="500"/>
+        <location filename="../createinstallerdialog.cpp" line="501"/>
         <source>Failed to sign binaries with osslsigncode.
 Please check that %1 is a valid code signing certificate and that osslsigncode can be found in the PATH.</source>
         <translation>Fehler beim Signieren der Binärpakete mit osslsigncode.
 Bitte prüfen Sie, dass %1 ein gültiges Code-Signing-Zertifikat ist und osslsigncode im PATH gefunden wird.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="302"/>
+        <location filename="../createinstallerdialog.cpp" line="303"/>
         <source>Signing Linux package...</source>
         <translation>Signieren des Linux Pakets...</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="195"/>
+        <location filename="../createinstallerdialog.cpp" line="196"/>
         <source>Calculating checksums...</source>
         <translation>Prüfsummen berechnen...</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="196"/>
+        <location filename="../createinstallerdialog.cpp" line="197"/>
         <source>Checksums:</source>
         <translation>Prüfsummen:</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="206"/>
+        <location filename="../createinstallerdialog.cpp" line="207"/>
         <source>Failed to open file "%1".</source>
         <translation>Die Datei "%1" konnte nicht geöffnet werden.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="212"/>
+        <location filename="../createinstallerdialog.cpp" line="213"/>
         <source>Failed to read file "%1".</source>
         <translation>Die Datei "%1" konnte nicht gelesen werden.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="219"/>
+        <location filename="../createinstallerdialog.cpp" line="220"/>
         <source>Failed to calculate checksums for "%1".</source>
         <translation>Die Prüfsumme für "%1" konnte nicht berechnet werden.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="241"/>
+        <location filename="../createinstallerdialog.cpp" line="242"/>
         <source>Successfully created the installation packages in "%1".</source>
         <translation>Die Installationspakete wurden erfolgreich im Ordner: "%1" erstellt.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="322"/>
+        <location filename="../createinstallerdialog.cpp" line="323"/>
         <source>Failed to sign linux package: %1</source>
         <translation>Fehler beim signieren des Linux Paketes: %1</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="338"/>
+        <location filename="../createinstallerdialog.cpp" line="339"/>
         <source>Creating NSIS package...</source>
         <translation>NSIS-Paket wird erstellt...</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="377"/>
+        <location filename="../createinstallerdialog.cpp" line="378"/>
         <source>Failed to find installer script at: %1 </source>
         <translation>Installer skript konnte nicht unter: %1 gefunden werden</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="387"/>
+        <location filename="../createinstallerdialog.cpp" line="388"/>
         <source>Failed to start makensis.
 Please ensure that makensis is installed and in your PATH variable.</source>
         <translation>Fehler beim Starten von makensis.
 Bitte versichern Sie sich, dass makensis korrekt installiert und in der PATH-Variable enthalten ist.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="481"/>
+        <location filename="../createinstallerdialog.cpp" line="482"/>
         <source>Signing binaries...</source>
         <translation>Binärpakete werden signiert...</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="488"/>
+        <location filename="../createinstallerdialog.cpp" line="489"/>
         <source>Failed to copy binaries to temporary location.</source>
         <translation>Fehler beim Kopieren der Binärdaten in temporären Ort.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="521"/>
+        <location filename="../createinstallerdialog.cpp" line="522"/>
         <source>Failed to load certificate: %1</source>
         <translation>Fehler beim laden des Schlüssels: %1</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="535"/>
-        <source>Only 3072 bit RSA keys are supported by the current format.</source>
-        <translation>Nur 3072 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
+        <location filename="../createinstallerdialog.cpp" line="536"/>
+        <source>Only %1 bit RSA keys are supported by the current format.</source>
+        <translation type="unfinished"></translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="541"/>
+        <source>Only 3072 bit RSA keys are supported by the current format.</source>
+        <translation type="vanished">Nur 3072 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation>
+    </message>
+    <message>
+        <location filename="../createinstallerdialog.cpp" line="543"/>
         <source>Failed to open input file: %1</source>
         <translation>Fehler beim öffnen der Datei: %1</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="558"/>
+        <location filename="../createinstallerdialog.cpp" line="560"/>
         <source>Failed to read input file: %1</source>
         <translation>Fehler beim lesen der Datei: %1</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="171"/>
+        <location filename="../createinstallerdialog.cpp" line="172"/>
         <source>Select target location</source>
         <translation>Zielort auswählen</translation>
     </message>
@@ -575,22 +583,22 @@
 <context>
     <name>FinishedDialog</name>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="595"/>
+        <location filename="../createinstallerdialog.cpp" line="597"/>
         <source>Successfully created installation package</source>
         <translation>Installationspaket erfolgreich erstellt.</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="599"/>
+        <location filename="../createinstallerdialog.cpp" line="601"/>
         <source>Error!</source>
         <translation>Fehler!</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="610"/>
+        <location filename="../createinstallerdialog.cpp" line="612"/>
         <source>Details</source>
         <translation>Details</translation>
     </message>
     <message>
-        <location filename="../createinstallerdialog.cpp" line="614"/>
+        <location filename="../createinstallerdialog.cpp" line="616"/>
         <source>OK</source>
         <translation>OK</translation>
     </message>
diff -r c64b6c56ce96 -r f3e2df6b49ba ui/sslhelp.cpp
--- a/ui/sslhelp.cpp	Thu Jan 15 16:46:36 2015 +0100
+++ b/ui/sslhelp.cpp	Mon Jan 19 15:42:20 2015 +0100
@@ -76,10 +76,5 @@
         return QByteArray();
     }
 
-    if (sig_len != 3072 / 8) {
-        qDebug() << "Invalid size of signature: " << sig_len;
-        return QByteArray();
-    }
-
     return QByteArray((const char *)sig, (int)sig_len);
 }


More information about the Trustbridge-commits mailing list