remove date from signify zsig

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

remove date from signify zsig

Ted Unangst-6
signify -z adds a date= line to the header, but nothing reads it. It's also
not very useful, since it's outside the signature. It would still not be
useful, because nothing about the signify design cares about when something
was signed. It does cause trouble, however, because signing the same thing
twice results in two different files. Normal signify operation produces
consistent signatures.


Index: zsig.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/zsig.c,v
retrieving revision 1.15
diff -u -p -r1.15 zsig.c
--- zsig.c 11 Jul 2017 23:52:05 -0000 1.15
+++ zsig.c 23 Feb 2019 22:55:59 -0000
@@ -242,8 +242,6 @@ zsign(const char *seckeyfile, const char
  char *p;
  uint8_t *buffer;
  uint8_t *sighdr;
- char date[80];
- time_t clock;
 
  fdin = xopen(msgfile, O_RDONLY, 0);
  if (fstat(fdin, &sb) == -1 || !S_ISREG(sb.st_mode))
@@ -261,14 +259,11 @@ zsign(const char *seckeyfile, const char
 
  msg = xmalloc(space);
  buffer = xmalloc(bufsize);
- time(&clock);
- strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock));
  snprintf(msg, space,
-    "date=%s\n"
     "key=%s\n"
     "algorithm=SHA512/256\n"
     "blocksize=%zu\n\n",
-    date, seckeyfile, bufsize);
+    seckeyfile, bufsize);
  p = strchr(msg, 0);
 
  while (1) {

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Stuart Henderson
On 2019/02/23 18:02, Ted Unangst wrote:
> signify -z adds a date= line to the header, but nothing reads it. It's also
> not very useful, since it's outside the signature. It would still not be
> useful, because nothing about the signify design cares about when something
> was signed. It does cause trouble, however, because signing the same thing
> twice results in two different files. Normal signify operation produces
> consistent signatures.

pkg_add reads this header and copies to the @digital-signature line
in the +CONTENTS file. It is directly user visible too, for the "always
updated" quirks package, the @digital-signature line is read and displayed:

# pkg_add -u quirks
quirks-3.104 signed on 2019-02-23T23:46:16Z

And at least some users make use of this to know when the package
build was done.

I'm not sure what you mean "outside the signature", changing the
date string does cause validation to fail, so it must be covered by
the signature?

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Ted Unangst-6
Stuart Henderson wrote:

> On 2019/02/23 18:02, Ted Unangst wrote:
> > signify -z adds a date= line to the header, but nothing reads it. It's also
> > not very useful, since it's outside the signature. It would still not be
> > useful, because nothing about the signify design cares about when something
> > was signed. It does cause trouble, however, because signing the same thing
> > twice results in two different files. Normal signify operation produces
> > consistent signatures.
>
> pkg_add reads this header and copies to the @digital-signature line
> in the +CONTENTS file. It is directly user visible too, for the "always
> updated" quirks package, the @digital-signature line is read and displayed:

I was trying to find such code, but obviously failed.

> I'm not sure what you mean "outside the signature", changing the
> date string does cause validation to fail, so it must be covered by
> the signature?

Ah, it is. Never mind then.

The context is that some people are trying to use signify in a determinisitic
reproducible way, and the dates keep changing. At first this looked like an
unnecessary addition, but if we're using it, then that's how things are.

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Andre Stoebe
Hi,

I, too, would like to have a way of signing the gzip archive in a
reproducible way, so here's a diff that uses -n, similar to gzip(1).

However, if that's a bad idea, I'm fine with continuing to use an
unsigned gzip archive and creating a sigfile with signify.

Regards
Andre

Index: signify.1
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.1,v
retrieving revision 1.44
diff -u -p -r1.44 signify.1
--- signify.1 10 Aug 2018 20:27:01 -0000 1.44
+++ signify.1 25 Feb 2019 11:55:57 -0000
@@ -35,7 +35,7 @@
 .Fl s Ar seckey
 .Nm signify
 .Fl S
-.Op Fl ez
+.Op Fl enz
 .Op Fl x Ar sigfile
 .Fl s Ar seckey
 .Fl m Ar message
@@ -91,10 +91,15 @@ When verifying with
 .Fl e ,
 the file to create.
 .It Fl n
-Do not ask for a passphrase during key generation.
+When generating a key pair, do not ask for a passphrase.
 Otherwise,
 .Nm
 will prompt the user for a passphrase to protect the secret key.
+When signing with
+.Fl z ,
+do not store the time stamp in the
+.Xr gzip 1
+header.
 .It Fl p Ar pubkey
 Public key produced by
 .Fl G ,
Index: signify.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.130
diff -u -p -r1.130 signify.c
--- signify.c 17 Jan 2019 05:40:10 -0000 1.130
+++ signify.c 25 Feb 2019 11:55:57 -0000
@@ -80,7 +80,7 @@ usage(const char *error)
 #ifndef VERIFYONLY
     "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
     "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
-    "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
+    "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
 #endif
     "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n",
     getprogname());
@@ -878,7 +878,7 @@ main(int argc, char **argv)
  if (gzip) {
  if (!msgfile || !seckeyfile || !sigfile)
  usage("must specify message sigfile seckey");
- zsign(seckeyfile, msgfile, sigfile);
+ zsign(seckeyfile, msgfile, sigfile, rounds);
  } else {
  if (!msgfile || !seckeyfile)
  usage("must specify message and seckey");
Index: signify.h
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.h,v
retrieving revision 1.1
diff -u -p -r1.1 signify.h
--- signify.h 2 Sep 2016 16:10:56 -0000 1.1
+++ signify.h 25 Feb 2019 11:55:57 -0000
@@ -19,7 +19,7 @@
 #ifndef signify_h
 #define signify_h
 extern void zverify(const char *, const char *, const char *, const char *);
-extern void zsign(const char *, const char *, const char *);
+extern void zsign(const char *, const char *, const char *, int);
 
 extern void *xmalloc(size_t);
 extern void writeall(int, const void *, size_t, const char *);
Index: zsig.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/zsig.c,v
retrieving revision 1.15
diff -u -p -r1.15 zsig.c
--- zsig.c 11 Jul 2017 23:52:05 -0000 1.15
+++ zsig.c 25 Feb 2019 11:55:57 -0000
@@ -231,7 +231,8 @@ zverify(const char *pubkeyfile, const ch
 }
 
 void
-zsign(const char *seckeyfile, const char *msgfile, const char *sigfile)
+zsign(const char *seckeyfile, const char *msgfile, const char *sigfile,
+    int storedate)
 {
  size_t bufsize = MYBUFSIZE;
  int fdin, fdout;
@@ -242,8 +243,6 @@ zsign(const char *seckeyfile, const char
  char *p;
  uint8_t *buffer;
  uint8_t *sighdr;
- char date[80];
- time_t clock;
 
  fdin = xopen(msgfile, O_RDONLY, 0);
  if (fstat(fdin, &sb) == -1 || !S_ISREG(sb.st_mode))
@@ -261,14 +260,24 @@ zsign(const char *seckeyfile, const char
 
  msg = xmalloc(space);
  buffer = xmalloc(bufsize);
- time(&clock);
- strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock));
- snprintf(msg, space,
-    "date=%s\n"
-    "key=%s\n"
-    "algorithm=SHA512/256\n"
-    "blocksize=%zu\n\n",
-    date, seckeyfile, bufsize);
+ if (storedate) {
+ char date[80];
+ time_t clock;
+ time(&clock);
+ strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ",
+    gmtime(&clock));
+ snprintf(msg, space,
+    "date=%s\n"
+    "key=%s\n"
+    "algorithm=SHA512/256\n"
+    "blocksize=%zu\n\n",
+    date, seckeyfile, bufsize);
+ } else
+ snprintf(msg, space,
+    "key=%s\n"
+    "algorithm=SHA512/256\n"
+    "blocksize=%zu\n\n",
+    seckeyfile, bufsize);
  p = strchr(msg, 0);
 
  while (1) {

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Ted Unangst-6
Andre Stoebe wrote:
> Hi,
>
> I, too, would like to have a way of signing the gzip archive in a
> reproducible way, so here's a diff that uses -n, similar to gzip(1).
>
> However, if that's a bad idea, I'm fine with continuing to use an
> unsigned gzip archive and creating a sigfile with signify.

Let me think on this for a bit. Seems reasonable, though.

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Marc Espie-2
On Mon, Feb 25, 2019 at 03:02:42PM -0500, Ted Unangst wrote:

> Andre Stoebe wrote:
> > Hi,
> >
> > I, too, would like to have a way of signing the gzip archive in a
> > reproducible way, so here's a diff that uses -n, similar to gzip(1).
> >
> > However, if that's a bad idea, I'm fine with continuing to use an
> > unsigned gzip archive and creating a sigfile with signify.
>
> Let me think on this for a bit. Seems reasonable, though.

If you want something simpler, just set the date from outside through an
env variable, so you'll have a reproducible date line for when you absolutely
need it.

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Ted Unangst-6
Marc Espie wrote:

> On Mon, Feb 25, 2019 at 03:02:42PM -0500, Ted Unangst wrote:
> > Andre Stoebe wrote:
> > > Hi,
> > >
> > > I, too, would like to have a way of signing the gzip archive in a
> > > reproducible way, so here's a diff that uses -n, similar to gzip(1).
> > >
> > > However, if that's a bad idea, I'm fine with continuing to use an
> > > unsigned gzip archive and creating a sigfile with signify.
> >
> > Let me think on this for a bit. Seems reasonable, though.
>
> If you want something simpler, just set the date from outside through an
> env variable, so you'll have a reproducible date line for when you absolutely
> need it.

Like TZ? I don't think there's a way to change the time that way. Is there?

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Marc Espie-2
On Mon, Feb 25, 2019 at 05:11:54PM -0500, Ted Unangst wrote:

> Marc Espie wrote:
> > On Mon, Feb 25, 2019 at 03:02:42PM -0500, Ted Unangst wrote:
> > > Andre Stoebe wrote:
> > > > Hi,
> > > >
> > > > I, too, would like to have a way of signing the gzip archive in a
> > > > reproducible way, so here's a diff that uses -n, similar to gzip(1).
> > > >
> > > > However, if that's a bad idea, I'm fine with continuing to use an
> > > > unsigned gzip archive and creating a sigfile with signify.
> > >
> > > Let me think on this for a bit. Seems reasonable, though.
> >
> > If you want something simpler, just set the date from outside through an
> > env variable, so you'll have a reproducible date line for when you absolutely
> > need it.
>
> Like TZ? I don't think there's a way to change the time that way. Is there?

No, but instead of an extra option, a specific env variable ? might make more
sense... or less. I don't know.

I'm surprised this surfaced again, as the subject was broached a few months
ago and dismissed, because yep, we do want the timestamp to mean something
for pkg_add.

Especially relating to our keys having a shelf life.

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Ted Unangst-6
In reply to this post by Andre Stoebe
Andre Stoebe wrote:
> Hi,
>
> I, too, would like to have a way of signing the gzip archive in a
> reproducible way, so here's a diff that uses -n, similar to gzip(1).

Thanks. I think it's more consistent to store a zero time stamp. This diff is
a little simpler and avoids some variable reabuse.


Index: signify.1
===================================================================
RCS file: /home/cvs/src/usr.bin/signify/signify.1,v
retrieving revision 1.45
diff -u -p -r1.45 signify.1
--- signify.1 26 Feb 2019 22:24:41 -0000 1.45
+++ signify.1 18 Mar 2019 19:47:05 -0000
@@ -35,7 +35,7 @@
 .Fl s Ar seckey
 .Nm signify
 .Fl S
-.Op Fl ez
+.Op Fl enz
 .Op Fl x Ar sigfile
 .Fl s Ar seckey
 .Fl m Ar message
@@ -91,10 +91,15 @@ When verifying with
 .Fl e ,
 the file to create.
 .It Fl n
-Do not ask for a passphrase during key generation.
+When generating a key pair, do not ask for a passphrase.
 Otherwise,
 .Nm
 will prompt the user for a passphrase to protect the secret key.
+When signing with
+.Fl z ,
+store a zero time stamp in the
+.Xr gzip 1
+header.
 .It Fl p Ar pubkey
 Public key produced by
 .Fl G ,
Index: signify.c
===================================================================
RCS file: /home/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.130
diff -u -p -r1.130 signify.c
--- signify.c 17 Jan 2019 05:40:10 -0000 1.130
+++ signify.c 18 Mar 2019 19:41:05 -0000
@@ -80,7 +80,7 @@ usage(const char *error)
 #ifndef VERIFYONLY
     "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
     "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
-    "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
+    "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
 #endif
     "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n",
     getprogname());
@@ -754,7 +754,8 @@ main(int argc, char **argv)
  char sigfilebuf[PATH_MAX];
  const char *comment = "signify";
  char *keytype = NULL;
- int ch, rounds;
+ int ch;
+ int none = 0;
  int embedded = 0;
  int quiet = 0;
  int gzip = 0;
@@ -769,8 +770,6 @@ main(int argc, char **argv)
  if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
  err(1, "pledge");
 
- rounds = 42;
-
  while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
  switch (ch) {
 #ifndef VERIFYONLY
@@ -808,7 +807,7 @@ main(int argc, char **argv)
  msgfile = optarg;
  break;
  case 'n':
- rounds = 0;
+ none = 1;
  break;
  case 'p':
  pubkeyfile = optarg;
@@ -871,14 +870,14 @@ main(int argc, char **argv)
  if (!pubkeyfile || !seckeyfile)
  usage("must specify pubkey and seckey");
  check_keyname_compliance(pubkeyfile, seckeyfile);
- generate(pubkeyfile, seckeyfile, rounds, comment);
+ generate(pubkeyfile, seckeyfile, none ? 0 : 42, comment);
  break;
  case SIGN:
  /* no pledge */
  if (gzip) {
  if (!msgfile || !seckeyfile || !sigfile)
  usage("must specify message sigfile seckey");
- zsign(seckeyfile, msgfile, sigfile);
+ zsign(seckeyfile, msgfile, sigfile, none);
  } else {
  if (!msgfile || !seckeyfile)
  usage("must specify message and seckey");
Index: signify.h
===================================================================
RCS file: /home/cvs/src/usr.bin/signify/signify.h,v
retrieving revision 1.1
diff -u -p -r1.1 signify.h
--- signify.h 2 Sep 2016 16:10:56 -0000 1.1
+++ signify.h 18 Mar 2019 19:38:33 -0000
@@ -19,7 +19,7 @@
 #ifndef signify_h
 #define signify_h
 extern void zverify(const char *, const char *, const char *, const char *);
-extern void zsign(const char *, const char *, const char *);
+extern void zsign(const char *, const char *, const char *, int);
 
 extern void *xmalloc(size_t);
 extern void writeall(int, const void *, size_t, const char *);
Index: zsig.c
===================================================================
RCS file: /home/cvs/src/usr.bin/signify/zsig.c,v
retrieving revision 1.15
diff -u -p -r1.15 zsig.c
--- zsig.c 11 Jul 2017 23:52:05 -0000 1.15
+++ zsig.c 18 Mar 2019 19:43:08 -0000
@@ -231,7 +231,8 @@ zverify(const char *pubkeyfile, const ch
 }
 
 void
-zsign(const char *seckeyfile, const char *msgfile, const char *sigfile)
+zsign(const char *seckeyfile, const char *msgfile, const char *sigfile,
+    int skipdate)
 {
  size_t bufsize = MYBUFSIZE;
  int fdin, fdout;
@@ -261,7 +262,11 @@ zsign(const char *seckeyfile, const char
 
  msg = xmalloc(space);
  buffer = xmalloc(bufsize);
- time(&clock);
+ if (skipdate) {
+ clock = 0;
+ } else {
+ time(&clock);
+ }
  strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock));
  snprintf(msg, space,
     "date=%s\n"

Reply | Threaded
Open this post in threaded view
|

Re: remove date from signify zsig

Andre Stoebe
On 18.03.2019 20:49, Ted Unangst wrote:
> Andre Stoebe wrote:
>> Hi,
>>
>> I, too, would like to have a way of signing the gzip archive in a
>> reproducible way, so here's a diff that uses -n, similar to gzip(1).
>
> Thanks. I think it's more consistent to store a zero time stamp. This diff is
> a little simpler and avoids some variable reabuse.

Hi Ted,

I agree, this diff is pretty elegant. And it works fine here.

Regards
Andre

> Index: signify.1
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/signify.1,v
> retrieving revision 1.45
> diff -u -p -r1.45 signify.1
> --- signify.1 26 Feb 2019 22:24:41 -0000 1.45
> +++ signify.1 18 Mar 2019 19:47:05 -0000
> @@ -35,7 +35,7 @@
>  .Fl s Ar seckey
>  .Nm signify
>  .Fl S
> -.Op Fl ez
> +.Op Fl enz
>  .Op Fl x Ar sigfile
>  .Fl s Ar seckey
>  .Fl m Ar message
> @@ -91,10 +91,15 @@ When verifying with
>  .Fl e ,
>  the file to create.
>  .It Fl n
> -Do not ask for a passphrase during key generation.
> +When generating a key pair, do not ask for a passphrase.
>  Otherwise,
>  .Nm
>  will prompt the user for a passphrase to protect the secret key.
> +When signing with
> +.Fl z ,
> +store a zero time stamp in the
> +.Xr gzip 1
> +header.
>  .It Fl p Ar pubkey
>  Public key produced by
>  .Fl G ,
> Index: signify.c
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/signify.c,v
> retrieving revision 1.130
> diff -u -p -r1.130 signify.c
> --- signify.c 17 Jan 2019 05:40:10 -0000 1.130
> +++ signify.c 18 Mar 2019 19:41:05 -0000
> @@ -80,7 +80,7 @@ usage(const char *error)
>  #ifndef VERIFYONLY
>      "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
>      "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
> -    "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
> +    "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
>  #endif
>      "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n",
>      getprogname());
> @@ -754,7 +754,8 @@ main(int argc, char **argv)
>   char sigfilebuf[PATH_MAX];
>   const char *comment = "signify";
>   char *keytype = NULL;
> - int ch, rounds;
> + int ch;
> + int none = 0;
>   int embedded = 0;
>   int quiet = 0;
>   int gzip = 0;
> @@ -769,8 +770,6 @@ main(int argc, char **argv)
>   if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
>   err(1, "pledge");
>  
> - rounds = 42;
> -
>   while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
>   switch (ch) {
>  #ifndef VERIFYONLY
> @@ -808,7 +807,7 @@ main(int argc, char **argv)
>   msgfile = optarg;
>   break;
>   case 'n':
> - rounds = 0;
> + none = 1;
>   break;
>   case 'p':
>   pubkeyfile = optarg;
> @@ -871,14 +870,14 @@ main(int argc, char **argv)
>   if (!pubkeyfile || !seckeyfile)
>   usage("must specify pubkey and seckey");
>   check_keyname_compliance(pubkeyfile, seckeyfile);
> - generate(pubkeyfile, seckeyfile, rounds, comment);
> + generate(pubkeyfile, seckeyfile, none ? 0 : 42, comment);
>   break;
>   case SIGN:
>   /* no pledge */
>   if (gzip) {
>   if (!msgfile || !seckeyfile || !sigfile)
>   usage("must specify message sigfile seckey");
> - zsign(seckeyfile, msgfile, sigfile);
> + zsign(seckeyfile, msgfile, sigfile, none);
>   } else {
>   if (!msgfile || !seckeyfile)
>   usage("must specify message and seckey");
> Index: signify.h
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/signify.h,v
> retrieving revision 1.1
> diff -u -p -r1.1 signify.h
> --- signify.h 2 Sep 2016 16:10:56 -0000 1.1
> +++ signify.h 18 Mar 2019 19:38:33 -0000
> @@ -19,7 +19,7 @@
>  #ifndef signify_h
>  #define signify_h
>  extern void zverify(const char *, const char *, const char *, const char *);
> -extern void zsign(const char *, const char *, const char *);
> +extern void zsign(const char *, const char *, const char *, int);
>  
>  extern void *xmalloc(size_t);
>  extern void writeall(int, const void *, size_t, const char *);
> Index: zsig.c
> ===================================================================
> RCS file: /home/cvs/src/usr.bin/signify/zsig.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 zsig.c
> --- zsig.c 11 Jul 2017 23:52:05 -0000 1.15
> +++ zsig.c 18 Mar 2019 19:43:08 -0000
> @@ -231,7 +231,8 @@ zverify(const char *pubkeyfile, const ch
>  }
>  
>  void
> -zsign(const char *seckeyfile, const char *msgfile, const char *sigfile)
> +zsign(const char *seckeyfile, const char *msgfile, const char *sigfile,
> +    int skipdate)
>  {
>   size_t bufsize = MYBUFSIZE;
>   int fdin, fdout;
> @@ -261,7 +262,11 @@ zsign(const char *seckeyfile, const char
>  
>   msg = xmalloc(space);
>   buffer = xmalloc(bufsize);
> - time(&clock);
> + if (skipdate) {
> + clock = 0;
> + } else {
> + time(&clock);
> + }
>   strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock));
>   snprintf(msg, space,
>      "date=%s\n"
>