EdDSA-signed RPMs signable but not installable - Githubissues

rpm-software-management / rpm

The RPM package manager

http://rpm.org

Other

511 stars 370 forks source link

EdDSA-signed RPMs signable but not installable #1877

Closed jengelh closed 2 years ago

jengelh commented 2 years ago

I'm on rpm-4.17.0 and gpg2-2.3.4 on openSUSE Tumbleweed.

$ gpg --list-keys
pub   ed25519/0xF76EFE5D0C223A8F 2022-01-03 [SC] [expires: 2027-01-02]
      Key fingerprint = BCA0 C5C3 09CA C569 E74A  921C F76E FE5D 0C22 3A8F
$ gpg -a --export 0xF76EFE5D0C223A8F >1.key
# rpm --import 1.key

$ echo "%_gpg_name 0xF76EFE5D0C223A8F" >>~/.rpmmacros
$ rpm --resign xbomb-2.2b-1.24.x86_64.rpm
(any rpm file will do)
Please enter the passphrase...[...]
# rpm -Uhv xbomb-2.2b-1.24.x86_64.rpm
error: xbomb-2.2b-1.24.x86_64.rpm: Header V4 EdDSA/SHA512 Signature, key ID 0c223a8f: BAD
error: xbomb-2.2b-1.24.x86_64.rpm cannot be installed

DemiMarie commented 2 years ago

I was not able to reproduce this locally (Fedora 35 IIRC)

mlschroe commented 2 years ago

Maybe it's a bug in rpm's libgcrypt code. AFAIK SUSE uses libgcrypt whereas Fedora uses openssl.

DemiMarie commented 2 years ago

libgcrypt is not a good choice; I would prefer the kernel crypto API or Nettle.

mlschroe commented 2 years ago

Well, this is only about signature verification so side channel attacks don't matter. And the library has to be FIPS certified.

DemiMarie commented 2 years ago

Well, this is only about signature verification so side channel attacks don't matter. And the library has to be FIPS certified.

Which both Nettle and the kernel crypto API are.

mlschroe commented 2 years ago

Nettle has a FIPS certification? I can't find anything on the web, can you give me a pointer?

DemiMarie commented 2 years ago

Nettle has a FIPS certification? I can't find anything on the web, can you give me a pointer?

Let me rephrase that: I presume that the Nettle provided by Red Hat Enterprise Linux is FIPS certified. And Fedora/CentOS Stream/etc do not have certified OpenSSL or libgcrypt libraries unless I have missed something.

DemiMarie commented 2 years ago

@jengelh can you post the output of rpm -qv libgcrypt?

jengelh commented 2 years ago

Name        : libgcrypt20
Version     : 1.9.4
Release     : 3.3
Architecture: x86_64
Install Date: Tue 22 Feb 2022 03:12:16 PM CET
Group       : System/Libraries
Size        : 1328155
License     : GPL-2.0-or-later AND LGPL-2.1-or-later
Signature   : RSA/SHA256, Sat 19 Feb 2022 11:06:26 PM CET, Key ID b88b2fd43dbdc284
Source RPM  : libgcrypt-1.9.4-3.3.src.rpm
Build Date  : Sat 19 Feb 2022 11:01:31 PM CET
Build Host  : cloud124
Packager    : https://bugs.opensuse.org
Vendor      : openSUSE
URL         : https://gnupg.org/software/libgcrypt
Summary     : The GNU Crypto Library
Description :
Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version).
Distribution: openSUSE Tumbleweed

DemiMarie commented 2 years ago

@jengelh what is your default hash algorithm? If your RPM does not contain a1fac5beef99969f2a4ff28a8f916b30bdaea8b5 and you are using SHA-384 or SHA-512 this will be the result. I suggest filing a bug report with openSUSE asking for a backport of a1fac5beef99969f2a4ff28a8f916b30bdaea8b5.

jengelh commented 2 years ago

Indeed my gnupg.conf has this part

personal-digest-preferences SHA512 SHA384 ...
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 ...

pmatilai commented 2 years ago

Okay so this is already fixed (by a1fac5beef99969f2a4ff28a8f916b30bdaea8b5) and also headed for 4.17.1 (#2089), closing.