Mercurial > trustbridge
changeset 1390:f3e2df6b49ba
(issue181) Fix hardcoded values for RSA codesigning key size.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 19 Jan 2015 15:42:20 +0100 |
| parents | c64b6c56ce96 |
| children | ebf65c2fd007 |
| files | common/binverify.c common/pubkey.h ui/createcertlistdialog.cpp ui/createinstallerdialog.cpp ui/l10n/administrator_de_DE.ts ui/sslhelp.cpp |
| diffstat | 6 files changed, 100 insertions(+), 86 deletions(-) [+] |
line wrap: on
line diff
--- a/common/binverify.c Thu Jan 15 16:46:36 2015 +0100 +++ b/common/binverify.c Mon Jan 19 15:42:20 2015 +0100 @@ -11,11 +11,7 @@ #include "strhelp.h" #include "logging.h" #include "listutil.h" -#ifdef RELEASE_BUILD -#include "pubkey-release.h" -#else -#include "pubkey-test.h" -#endif +#include "pubkey.h" bin_verify_result verify_binary(const char *filename, size_t name_len)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/pubkey.h Mon Jan 19 15:42:20 2015 +0100 @@ -0,0 +1,10 @@ +#ifndef PUBKEY_H +#define PUBKEY_H + +#ifdef RELEASE_BUILD +#include "pubkey-release.h" +#else +#include "pubkey-test.h" +#endif + +#endif // PUBKEY_H
--- a/ui/createcertlistdialog.cpp Thu Jan 15 16:46:36 2015 +0100 +++ b/ui/createcertlistdialog.cpp Mon Jan 19 15:42:20 2015 +0100 @@ -9,6 +9,8 @@ #include "sslhelp.h" #include "administratorwindow.h" +#include "pubkey.h" + #include <QDebug> #include <QMessageBox> #include <QDir> @@ -142,10 +144,11 @@ return; } - /* Check that it is a 3072 bit RSA key as specified */ - if (!mPk->pk_info || pk_get_size(mPk) != 3072 || + /* Check that it is a RSA key of the specified size */ + if (!mPk->pk_info || pk_get_size(mPk) != TRUSTBRIDGE_RSA_KEY_SIZE || mPk->pk_info->type != POLARSSL_PK_RSA) { - showErrorMessage(tr("Only 3072 bit RSA keys are supported by the current format.")); + showErrorMessage(tr("Only %1 bit RSA keys are supported by the current format.").arg( + TRUSTBRIDGE_RSA_KEY_SIZE)); pk_free(mPk); delete mPk; mPk = NULL; @@ -198,7 +201,7 @@ } QByteArray signature = rsaSignSHA256Hash(sha256sum(listData), pk); - if (signature.size() != 3072 / 8) { + if (signature.size() != TRUSTBRIDGE_RSA_KEY_SIZE / 8) { qDebug() << "Signature creation returned signature of invalid size."; return false; }
--- a/ui/createinstallerdialog.cpp Thu Jan 15 16:46:36 2015 +0100 +++ b/ui/createinstallerdialog.cpp Mon Jan 19 15:42:20 2015 +0100 @@ -7,6 +7,7 @@ */ #include "createinstallerdialog.h" #include "sslhelp.h" +#include "pubkey.h" #include <QDebug> #include <QTextEdit> @@ -524,15 +525,16 @@ return false; } - /* Check that it is a 3072 bit RSA key as specified */ - if (!pk.pk_info || pk_get_size(&pk) != 3072 || + /* Check that it is an RSA key that matches the size */ + if (!pk.pk_info || pk_get_size(&pk) != TRUSTBRIDGE_RSA_CODESIGN_SIZE || pk.pk_info->type != POLARSSL_PK_RSA) { if (pk.pk_info) { qDebug() << pk.pk_info->type << "type"; } qDebug() << POLARSSL_PK_RSA << "rsa"; qDebug() << "size " << pk_get_size(&pk); - showErrorMessage(tr("Only 3072 bit RSA keys are supported by the current format.")); + showErrorMessage(tr("Only %1 bit RSA keys are supported by the current format.").arg( + TRUSTBRIDGE_RSA_CODESIGN_SIZE)); pk_free(&pk); return false; } @@ -563,7 +565,7 @@ const QByteArray signature = rsaSignSHA256Hash(sha256sum(inputContent), &pk); pk_free(&pk); - if (signature.size() != 3072 / 8) { + if (signature.size() != TRUSTBRIDGE_RSA_CODESIGN_SIZE / 8) { qDebug() << "Signature creation returned signature of invalid size."; return false; }
--- a/ui/l10n/administrator_de_DE.ts Thu Jan 15 16:46:36 2015 +0100 +++ b/ui/l10n/administrator_de_DE.ts Mon Jan 19 15:42:20 2015 +0100 @@ -260,111 +260,115 @@ <context> <name>CreateCertListDialog</name> <message> - <location filename="../createcertlistdialog.cpp" line="30"/> - <location filename="../createcertlistdialog.cpp" line="52"/> + <location filename="../createcertlistdialog.cpp" line="32"/> + <location filename="../createcertlistdialog.cpp" line="54"/> <source>Save certificate list</source> <translation>Zertifikatsliste speichern</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="54"/> + <location filename="../createcertlistdialog.cpp" line="56"/> <source>Save all managed root certificates in a new, signed certificate list.</source> <translation>Eine neue, signierte Zertifikatsliste erstellen.</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="84"/> + <location filename="../createcertlistdialog.cpp" line="86"/> <source>In addition, each certificate list will be saved automatically in the archive directory: </source> <translation>Zusätzlich wird jede Zertifikatsliste automatisch in diesem Ordner Archiviert: </translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="94"/> + <location filename="../createcertlistdialog.cpp" line="96"/> <source>Save list</source> <translation>Liste speichern</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="96"/> + <location filename="../createcertlistdialog.cpp" line="98"/> <source>Cancel</source> <translation>Abbrechen</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="121"/> + <location filename="../createcertlistdialog.cpp" line="123"/> <source>Error!</source> <translation>Fehler!</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="159"/> + <location filename="../createcertlistdialog.cpp" line="150"/> + <source>Only %1 bit RSA keys are supported by the current format.</source> + <translation type="unfinished"></translation> + </message> + <message> + <location filename="../createcertlistdialog.cpp" line="162"/> <source>Select certificate</source> <translation>Zertifikat auswählen</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="244"/> + <location filename="../createcertlistdialog.cpp" line="247"/> <source>Failed to write list to: %1</source> <translation>Fehler beim schreiben der Liste in Datei: %1</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="137"/> + <location filename="../createcertlistdialog.cpp" line="139"/> <source>Failed to load certificate: %1</source> <translatorcomment>English wording is wrong</translatorcomment> <translation>Fehler beim laden des Schlüssels: %1</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="65"/> + <location filename="../createcertlistdialog.cpp" line="67"/> <source>Select signing key:</source> <translation>Signaturschlüssel auswählen:</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="66"/> + <location filename="../createcertlistdialog.cpp" line="68"/> <source>Select output folder:</source> <translation>Ausgabeverzeichnis auswählen:</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="148"/> <source>Only 3072 bit RSA keys are supported by the current format.</source> - <translation>Nur 3027 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation> + <translation type="vanished">Nur 3027 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="172"/> + <location filename="../createcertlistdialog.cpp" line="175"/> <source>Select target location</source> <translation>Zielordner auswählen</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="228"/> + <location filename="../createcertlistdialog.cpp" line="231"/> <source>Please select a valid rsa key.</source> <translation>Kein Signaturschlüssel ausgewählt.</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="231"/> + <location filename="../createcertlistdialog.cpp" line="234"/> <source>Please select an output location first.</source> <translation>Kein Zielordner angegeben.</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="252"/> + <location filename="../createcertlistdialog.cpp" line="255"/> <source>Failed to create archive location.</source> <translation>Fehler beim erstellen des Archivordners.</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="257"/> + <location filename="../createcertlistdialog.cpp" line="260"/> <source>Failed Archive a copy.</source> <translation>Fehler beim speichern der Archivkopie.</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="265"/> + <location filename="../createcertlistdialog.cpp" line="268"/> <source>Failed to update current_certificates.txt</source> <translation>Fehler beim Aktualisieren von current_certificates.txt</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="271"/> + <location filename="../createcertlistdialog.cpp" line="274"/> <source>Failed to write current_certificates file.</source> <translation>Fehler beim schreiben der Datei "current_certificates".</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="284"/> + <location filename="../createcertlistdialog.cpp" line="287"/> <source>Failed to calculate key hash.</source> <translation>Fehler bei der Berechnung des Schlüsselfingerabdrucks.</translation> </message> <message> - <location filename="../createcertlistdialog.cpp" line="302"/> + <location filename="../createcertlistdialog.cpp" line="305"/> <source>Saved certificate list: %1</source> <translation>Zertifikatsliste gespeichert: %1</translation> @@ -373,58 +377,58 @@ <context> <name>CreateInstallerDialog</name> <message> - <location filename="../createinstallerdialog.cpp" line="48"/> - <location filename="../createinstallerdialog.cpp" line="73"/> + <location filename="../createinstallerdialog.cpp" line="49"/> + <location filename="../createinstallerdialog.cpp" line="74"/> <source>Create binary installer</source> <translation>Installationspaket erstellen</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="75"/> + <location filename="../createinstallerdialog.cpp" line="76"/> <source>Create and sign a TrustBridge binary installer.</source> <translation>Erzeugt und signiert ein TrustBridge-Installationspaket.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="86"/> + <location filename="../createinstallerdialog.cpp" line="87"/> <source>Select binary folder:</source> <translation>Binärverzeichnis auswählen:</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="87"/> + <location filename="../createinstallerdialog.cpp" line="88"/> <source>Select code signing certificate:</source> <translation>Code-Signing-Zertifikat auswählen:</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="88"/> + <location filename="../createinstallerdialog.cpp" line="89"/> <source>Select output folder:</source> <translation>Ausgabeverzeichnis auswählen:</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="117"/> + <location filename="../createinstallerdialog.cpp" line="118"/> <source>Create installer</source> <translation>Installationspaket erzeugen</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="119"/> + <location filename="../createinstallerdialog.cpp" line="120"/> <source>Cancel</source> <translation>Abbrechen</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="262"/> + <location filename="../createinstallerdialog.cpp" line="263"/> <source>Creating installer package...</source> <translation>Installationspaket wird erstellt...</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="150"/> + <location filename="../createinstallerdialog.cpp" line="151"/> <source>Select certificate</source> <translation>Zertifikat auswählen</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="161"/> + <location filename="../createinstallerdialog.cpp" line="162"/> <source>Select binary folder</source> <translation>Binärverzeichnis auswählen</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="179"/> + <location filename="../createinstallerdialog.cpp" line="180"/> <source>Error!</source> <translation>Fehler!</translation> </message> @@ -433,141 +437,145 @@ <translation type="vanished">Installationspaket erstellt in %1.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="189"/> + <location filename="../createinstallerdialog.cpp" line="190"/> <source>Signing installer package...</source> <translation>Installationspaket signieren...</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="191"/> + <location filename="../createinstallerdialog.cpp" line="192"/> <source>Failed to sign installer package.</source> <translation>Fehler beim Signieren des Installationspakets.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="266"/> + <location filename="../createinstallerdialog.cpp" line="267"/> <source>Please select an existing input folder.</source> <translation>Bitte wählen Sie ein existierendes Eingabeverzeichnis.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="270"/> + <location filename="../createinstallerdialog.cpp" line="271"/> <source>Please select a codesigning certificate.</source> <translation>Bitte wählen Sie ein Code-Signing-Zertifikat.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="274"/> + <location filename="../createinstallerdialog.cpp" line="275"/> <source>Please select a output folder.</source> <translation>Bitte wählen Sie ein Ausgabeverzeichnis.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="281"/> + <location filename="../createinstallerdialog.cpp" line="282"/> <source>Folder %1 does not appear to contain a meta.ini</source> <translation>Das Verzeichnis %1 enthält keine meta.ini Datei</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="288"/> + <location filename="../createinstallerdialog.cpp" line="289"/> <source>Failed to find the directory for linux binaries: %1</source> <translation>Verzeichnis der Linux Anwendung '%1' konnte nicht gefunden werden.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="296"/> + <location filename="../createinstallerdialog.cpp" line="297"/> <source>Failed to find a readable *.sh file in: %1</source> <translation>Keine lesbare *.sh Datei in '%1' gefunden.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="500"/> + <location filename="../createinstallerdialog.cpp" line="501"/> <source>Failed to sign binaries with osslsigncode. Please check that %1 is a valid code signing certificate and that osslsigncode can be found in the PATH.</source> <translation>Fehler beim Signieren der Binärpakete mit osslsigncode. Bitte prüfen Sie, dass %1 ein gültiges Code-Signing-Zertifikat ist und osslsigncode im PATH gefunden wird.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="302"/> + <location filename="../createinstallerdialog.cpp" line="303"/> <source>Signing Linux package...</source> <translation>Signieren des Linux Pakets...</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="195"/> + <location filename="../createinstallerdialog.cpp" line="196"/> <source>Calculating checksums...</source> <translation>Prüfsummen berechnen...</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="196"/> + <location filename="../createinstallerdialog.cpp" line="197"/> <source>Checksums:</source> <translation>Prüfsummen:</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="206"/> + <location filename="../createinstallerdialog.cpp" line="207"/> <source>Failed to open file "%1".</source> <translation>Die Datei "%1" konnte nicht geöffnet werden.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="212"/> + <location filename="../createinstallerdialog.cpp" line="213"/> <source>Failed to read file "%1".</source> <translation>Die Datei "%1" konnte nicht gelesen werden.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="219"/> + <location filename="../createinstallerdialog.cpp" line="220"/> <source>Failed to calculate checksums for "%1".</source> <translation>Die Prüfsumme für "%1" konnte nicht berechnet werden.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="241"/> + <location filename="../createinstallerdialog.cpp" line="242"/> <source>Successfully created the installation packages in "%1".</source> <translation>Die Installationspakete wurden erfolgreich im Ordner: "%1" erstellt.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="322"/> + <location filename="../createinstallerdialog.cpp" line="323"/> <source>Failed to sign linux package: %1</source> <translation>Fehler beim signieren des Linux Paketes: %1</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="338"/> + <location filename="../createinstallerdialog.cpp" line="339"/> <source>Creating NSIS package...</source> <translation>NSIS-Paket wird erstellt...</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="377"/> + <location filename="../createinstallerdialog.cpp" line="378"/> <source>Failed to find installer script at: %1 </source> <translation>Installer skript konnte nicht unter: %1 gefunden werden</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="387"/> + <location filename="../createinstallerdialog.cpp" line="388"/> <source>Failed to start makensis. Please ensure that makensis is installed and in your PATH variable.</source> <translation>Fehler beim Starten von makensis. Bitte versichern Sie sich, dass makensis korrekt installiert und in der PATH-Variable enthalten ist.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="481"/> + <location filename="../createinstallerdialog.cpp" line="482"/> <source>Signing binaries...</source> <translation>Binärpakete werden signiert...</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="488"/> + <location filename="../createinstallerdialog.cpp" line="489"/> <source>Failed to copy binaries to temporary location.</source> <translation>Fehler beim Kopieren der Binärdaten in temporären Ort.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="521"/> + <location filename="../createinstallerdialog.cpp" line="522"/> <source>Failed to load certificate: %1</source> <translation>Fehler beim laden des Schlüssels: %1</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="535"/> - <source>Only 3072 bit RSA keys are supported by the current format.</source> - <translation>Nur 3072 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation> + <location filename="../createinstallerdialog.cpp" line="536"/> + <source>Only %1 bit RSA keys are supported by the current format.</source> + <translation type="unfinished"></translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="541"/> + <source>Only 3072 bit RSA keys are supported by the current format.</source> + <translation type="vanished">Nur 3072 bit RSA Schlüssel werden vom aktuellen Format unterstützt.</translation> + </message> + <message> + <location filename="../createinstallerdialog.cpp" line="543"/> <source>Failed to open input file: %1</source> <translation>Fehler beim öffnen der Datei: %1</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="558"/> + <location filename="../createinstallerdialog.cpp" line="560"/> <source>Failed to read input file: %1</source> <translation>Fehler beim lesen der Datei: %1</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="171"/> + <location filename="../createinstallerdialog.cpp" line="172"/> <source>Select target location</source> <translation>Zielort auswählen</translation> </message> @@ -575,22 +583,22 @@ <context> <name>FinishedDialog</name> <message> - <location filename="../createinstallerdialog.cpp" line="595"/> + <location filename="../createinstallerdialog.cpp" line="597"/> <source>Successfully created installation package</source> <translation>Installationspaket erfolgreich erstellt.</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="599"/> + <location filename="../createinstallerdialog.cpp" line="601"/> <source>Error!</source> <translation>Fehler!</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="610"/> + <location filename="../createinstallerdialog.cpp" line="612"/> <source>Details</source> <translation>Details</translation> </message> <message> - <location filename="../createinstallerdialog.cpp" line="614"/> + <location filename="../createinstallerdialog.cpp" line="616"/> <source>OK</source> <translation>OK</translation> </message>
--- a/ui/sslhelp.cpp Thu Jan 15 16:46:36 2015 +0100 +++ b/ui/sslhelp.cpp Mon Jan 19 15:42:20 2015 +0100 @@ -76,10 +76,5 @@ return QByteArray(); } - if (sig_len != 3072 / 8) { - qDebug() << "Invalid size of signature: " << sig_len; - return QByteArray(); - } - return QByteArray((const char *)sig, (int)sig_len); }