From bd9b8640625d0c4d2c52a5ddeacadd0c04dae6db Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Sat, 8 Jul 2023 15:56:24 -0400
Subject: [PATCH] fixup! ostree-prepare-root: Validate signatures when
 requested

---
 Makefile-switchroot.am               | 16 ++--------
 src/switchroot/ostree-prepare-root.c | 44 +++++-----------------------
 2 files changed, 10 insertions(+), 50 deletions(-)

diff --git a/Makefile-switchroot.am b/Makefile-switchroot.am
index 9833f7e0d0..6b7cca08de 100644
--- a/Makefile-switchroot.am
+++ b/Makefile-switchroot.am
@@ -49,20 +49,10 @@ ostree-prepare-root : $(ostree_prepare_root_SOURCES)
 CLEANFILES += ostree-prepare-root
 else
 ostree_boot_PROGRAMS += ostree-prepare-root
-ostree_prepare_root_CFLAGS += $(AM_CFLAGS) -Isrc/switchroot -I$(srcdir)/composefs -I$(srcdir)/src/libostree -I$(srcdir)/src/libotutil
+ostree_prepare_root_CFLAGS += $(AM_CFLAGS) -Isrc/switchroot -I$(srcdir)/composefs -I$(srcdir)/src/libostree -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil
 ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root.c
-ostree_prepare_root_CPPFLAGS += $(OT_INTERNAL_GIO_UNIX_CFLAGS) -I $(srcdir)/libglnx
-ostree_prepare_root_LDADD += $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) libotutil.la libglnx.la
-if USE_LIBSODIUM
-ostree_prepare_root_CFLAGS += $(OT_DEP_LIBSODIUM_CFLAGS)
-ostree_prepare_root_LDADD += $(OT_DEP_LIBSODIUM_LIBS)
-else
-if USE_OPENSSL
-ostree_prepare_root_CFLAGS += $(OT_DEP_CRYPTO_CFLAGS)
-ostree_prepare_root_LDADD += $(OT_DEP_CRYPTO_LIBS)
-endif # USE_OPENSSL
-endif # USE_LIBSODIUM
-
+ostree_prepare_root_CPPFLAGS += $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_CRYPTO_CFLAGS) -I $(srcdir)/libglnx
+ostree_prepare_root_LDADD += $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) $(OT_DEP_CRYPTO_LIBS) libotcore.la libotutil.la libglnx.la
 endif # BUILDOPT_USE_STATIC_COMPILER
 
 
diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
index 8c007da8f5..6b373cc918 100644
--- a/src/switchroot/ostree-prepare-root.c
+++ b/src/switchroot/ostree-prepare-root.c
@@ -73,17 +73,7 @@
 #include <ostree-core.h>
 #include <ostree-repo-private.h>
 
-#ifdef HAVE_LIBSODIUM
-#include <sodium.h>
-#define USE_LIBSODIUM
-#else
-
-#if defined(HAVE_OPENSSL)
-#include <openssl/evp.h>
-#define USE_OPENSSL
-#endif
-
-#endif
+#include "otcore.h"
 
 /* We can't include both linux/fs.h and sys/mount.h, so define these directly */
 #define FS_VERITY_FL 0x00100000 /* Verity protected inode */
@@ -229,37 +219,17 @@ load_commit_for_deploy (const char *root_mountpoint, const char *deploy_path, GV
 static gboolean
 validate_signature (GBytes *data, GVariant *signatures, const guchar *pubkey, size_t pubkey_size)
 {
-#if defined(USE_LIBSODIUM)
-  if (sodium_init () < 0)
-    err (EXIT_FAILURE, "Failed to init libsodiume");
-#endif
+  g_autoptr(GBytes) pubkey_buf = g_bytes_new_static (pubkey, pubkey_size);
 
   for (gsize i = 0; i < g_variant_n_children (signatures); i++)
     {
+      g_autoptr(GError) local_error = NULL;
       g_autoptr (GVariant) child = g_variant_get_child_value (signatures, i);
       g_autoptr (GBytes) signature = g_variant_get_data_as_bytes (child);
-      gboolean valid = FALSE;
-
-#if defined(USE_LIBSODIUM)
-      valid = crypto_sign_verify_detached (g_bytes_get_data (signature, NULL),
-                                           g_bytes_get_data (data, NULL), g_bytes_get_size (data),
-                                           pubkey)
-              == 0;
-#elif defined(USE_OPENSSL)
-      EVP_MD_CTX *ctx = EVP_MD_CTX_new ();
-      EVP_PKEY *pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_ED25519, NULL, pubkey, pubkey_size);
-      valid = ctx != NULL && pkey != NULL && EVP_DigestVerifyInit (ctx, NULL, NULL, NULL, pkey) != 0
-              && EVP_DigestVerify (ctx, g_bytes_get_data (signature, NULL),
-                                   g_bytes_get_size (signature), g_bytes_get_data (data, NULL),
-                                   g_bytes_get_size (data))
-                     != 0;
-      if (pkey)
-        EVP_PKEY_free (pkey);
-      if (ctx)
-        EVP_MD_CTX_free (ctx);
-#else
-      errx (EXIT_FAILURE, "Signature validation requested, but support not compiled in");
-#endif
+      bool valid = false;
+
+      if (!otcore_validate_ed25519_signature (data, pubkey_buf, signature, &valid, &local_error))
+        errx (EXIT_FAILURE, "signature verification failed: %s", local_error->message);
       if (valid)
         return TRUE;
     }