Commit Graph

12 Commits (0d5980747188ca54f5e9b2611a6d1b783fd615d2)

Author SHA1 Message Date
Aydin Mercan 0b7d6dfbf2
crypto: start seperating public/private key usage
Digests now use bearssl + libsodium instead of openssl + libsodium.
It fits better with the API looking more similar and I don't think it
will be that much of a bottleneck.

Instead of a apk_pkey that mimicks the EVP_PKEY semantics, have seperate
public and private key structures. However, apk is broken because of it
and needs fixing. The rest of the code might compile but won't work
as I haven't handled the cases where pkey corressponds to public/private
keys in codebase properly. Also, DSA signatures are removed.

Public and private keys impls' now use a static array of vtables
internally. The indicies correspond to the signature scheme version and
checking `< APK_*_MAX` should be enough? I tried to make so that higher
values correspond to more desirable constructs, this might come in handy.

Signing/verifying start is free from keys as it isn't used though it
might be brought back for domain seperated hashes, ability to get
timestamps involved with epheremal keys in the future etc.

`apk_crypto.h` is free from openssl includes although some headers still
use them for now.
2022-08-24 10:15:14 +03:00
Aydin Mercan 2727846361
crypto: start tinkering
Start working on "cute" signatures because why not? Cute signatures are
inspired/ripped of from the signify and minisign design:

Key (URL-Safe, padded base64):
- 2 bytes of version tag (specifies the algorithm)
- 16 bytes of key ID
- Public/Private key (size depending on the version tag)

Signature (raw):
- 2 bytes of version tag (specifies the algorithm)
- Signature depending (size depending on the version tag)

The new scheme uses libsodium and thus the work of
abstracting cryptographic operations from libcrypto should also be
completed. Also, since the key of the signature is provided in the
filename, there shouldn't be a need for ID

There is also the possibility of using epheremal keys for signatures and
sign the package's public key, signature and signing timestamp in the header
such as:

- 2 bytes of version tag
- signing timestamp
- epheremal public key used
- epheremal signature
- signature of the previous sections
2022-08-24 10:13:22 +03:00
Ariadne Conill a7a0c0a6ca portability: implement skeleton with memrchr function 2021-12-29 20:11:17 +02:00
Ariadne Conill 336a133b76 meson: define _FILE_OFFSET_BITS=64 for glibc 2021-12-29 07:52:48 +00:00
Timo Teräs 010497cb5a add separate vertest applet for version string testing
start adding meson based tests
2020-10-09 16:09:19 +03:00
Timo Teräs 2156107afc minor performance improvements on build and code 2020-10-09 16:09:19 +03:00
Timo Teräs e9caeff22b build: adopt meson build for v3 branch 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 1b168696aa build: use tabs for meson files 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 1bbdc8eb37 build: add option to build apk.static binary 2020-10-09 16:09:19 +03:00
Rasmus Thomsen f6795011ca build: allow building without help in meson 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 718e07f78a build: build help.h with meson 2020-10-09 16:09:19 +03:00
Rasmus Thomsen fe1de720d0 build: add support for building with meson 2020-10-09 16:09:19 +03:00