11 #define _RPMGC_INTERNAL
12 #if defined(WITH_GCRYPT)
13 #define _RPMPGP_INTERNAL
19 #if defined(WITH_GCRYPT)
33 static int _rpmgc_debug;
35 #define SPEW(_t, _rc, _dig) \
36 { if ((_t) || _rpmgc_debug || _pgp_debug < 0) \
37 fprintf(stderr, "<-- %s(%p) %s\t%s/%s\n", __FUNCTION__, (_dig), \
38 ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN, (_dig)->hash_algoN); \
47 unsigned char nibble(
char c)
50 if (c >=
'0' && c <=
'9')
51 return (
unsigned char) (c -
'0');
52 if (c >=
'A' && c <=
'F')
53 return (
unsigned char)((int)(c -
'A') + 10);
54 if (c >=
'a' && c <=
'f')
55 return (
unsigned char)((int)(c -
'a') + 10);
56 return (
unsigned char)
'\0';
65 make_flagged_int(
unsigned long value,
unsigned char *
b,
size_t nb)
74 for (more = 0, shift = 28; shift > 0; shift -= 7) {
75 if (more || value >= (1UL << shift)) {
76 b[nb++] = 0x80 | (value >> shift);
77 value -= (value >> shift) << shift;
95 int openpgp_oid_from_str(
const char * s, gcry_mpi_t * r_mpi)
98 size_t ns = (s ? strlen(s) : 0);
99 unsigned char * b =
xmalloc(ns + 2 + 1);
103 unsigned long val1 = 0;
109 if (s == NULL || s[0] ==
'\0')
114 val = strtoul(se, (
char **) &endp, 10);
115 if (!
xisdigit(*se) || !(*endp ==
'.' || *endp ==
'\0'))
131 b[nb++] = val1 * 40 + val;
134 nb = make_flagged_int(val, b, nb);
138 nb = make_flagged_int(val, b, nb);
141 }
while (*endp ==
'.');
143 if (arcno == 1 || nb < 2 || nb > 254)
147 *r_mpi = gcry_mpi_set_opaque(NULL, b, nb * 8);
162 char *openpgp_oid_to_str(gcry_mpi_t a)
164 unsigned int nbits = 0;
165 const unsigned char * b = (a && gcry_mpi_get_flag(a, GCRYMPI_FLAG_OPAQUE))
166 ? gcry_mpi_get_opaque(a, &nbits)
168 size_t nb = (nbits + 7) / 8;
170 size_t nt = (2 + ((nb ? nb-1 : 0) * (3+1)) + 1);
174 unsigned long valmask = (
unsigned long) 0xfe << (8 * (
sizeof(valmask) - 1));
180 if (b == NULL || nb == 0 || *b++ != --nb)
185 te += sprintf(te,
"0.%d", b[ix]);
187 te += sprintf(te,
"1.%d", b[ix] - 40);
190 while ((b[ix] & 0x80) && ++ix < nb) {
197 te += sprintf(te,
"2.%lu", val);
202 for (ix++; ix < nb; ix++) {
204 while ((b[ix] & 0x80) && ++ix < nb) {
210 te += sprintf(te,
".%lu", val);
224 t =
xstrdup(
"1.3.6.1.4.1.11591.2.12242973");
239 static void fail(
const char *format, ...)
243 va_start(arg_ptr, format);
244 vfprintf(stderr, format, arg_ptr);
250 void rpmgcDump(
const char * msg, gcry_sexp_t sexp)
254 size_t nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
255 char * buf = (
char *)
alloca(nb+1);
257 nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, buf, nb);
259 fprintf(stderr,
"========== %s:\n%s", msg, buf);
265 gcry_error_t rpmgcErr(
rpmgc gc,
const char * msg, gcry_error_t
err)
269 if (err && gcry_err_code(err) != gc->badok)
270 fprintf (stderr,
"rpmgc: %s(0x%0x): %s/%s\n",
271 msg, (
unsigned)err, gcry_strsource(err), gcry_strerror(err));
281 const char * hash_algo_name = NULL;
288 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
290 switch (sigp->hash_algo) {
292 hash_algo_name =
"md5";
295 hash_algo_name =
"sha1";
298 hash_algo_name =
"ripemd160";
301 hash_algo_name =
"md2";
304 hash_algo_name =
"tiger";
308 hash_algo_name =
"haval";
312 hash_algo_name =
"sha256";
315 hash_algo_name =
"sha384";
318 hash_algo_name =
"sha512";
321 hash_algo_name =
"sha224";
326 if (hash_algo_name == NULL)
330 err = rpmgcErr(gc,
"RSA c",
331 gcry_sexp_build(&gc->hash, NULL,
332 "(data (flags pkcs1) (hash %s %b))", hash_algo_name, gc->digestlen, gc->digest) );
333 if (
_pgp_debug < 0) rpmgcDump(
"gc->hash", gc->hash);
336 rc = memcmp(gc->digest, sigp->signhash16,
sizeof(sigp->signhash16));
339 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
360 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
364 { gcry_mpi_t c = NULL;
367 (gc->digestlen > gc->qbits/8 ? gc->qbits/8 : gc->digestlen);
368 err = rpmgcErr(gc,
"DSA c",
369 gcry_mpi_scan(&c, GCRYMPI_FMT_USG, gc->digest, dlen, NULL));
370 err = rpmgcErr(gc,
"DSA gc->hash",
371 gcry_sexp_build(&gc->hash, NULL,
372 "(data (flags raw) (value %m))", c) );
374 if (
_pgp_debug < 0) rpmgcDump(
"gc->hash", gc->hash);
379 rc = memcmp(gc->digest, sigp->signhash16,
sizeof(sigp->signhash16));
382 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
402 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
406 { gcry_mpi_t c = NULL;
408 err = rpmgcErr(gc,
"ELG c",
409 gcry_mpi_scan(&c, GCRYMPI_FMT_USG, gc->digest, 160/8, NULL));
410 err = rpmgcErr(gc,
"ELG gc->hash",
411 gcry_sexp_build(&gc->hash, NULL,
412 "(data (flags raw) (value %m))", c) );
414 if (1 ||
_pgp_debug < 0) rpmgcDump(
"gc->hash", gc->hash);
419 rc = memcmp(gc->digest, sigp->signhash16,
sizeof(sigp->signhash16));
422 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
442 gc->digest =
_free(gc->digest);
444 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
447 { gcry_mpi_t c = NULL;
448 err = rpmgcErr(gc,
"ECDSA c",
449 gcry_mpi_scan(&c, GCRYMPI_FMT_USG, gc->digest, gc->digestlen, NULL));
451 gcry_sexp_release(gc->hash); gc->hash = NULL;
453 err = rpmgcErr(gc,
"ECDSA gc->hash",
454 gcry_sexp_build(&gc->hash, NULL,
455 "(data (flags raw) (value %m))", c) );
457 if (
_pgp_debug < 0) rpmgcDump(
"gc->hash", gc->hash);
461 rc = memcmp(gc->digest, sigp->signhash16,
sizeof(sigp->signhash16));
464 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
471 static int rpmgcErrChk(
pgpDig dig,
const char * msg,
int rc,
unsigned expected)
475 rc = (gcry_err_code(gc->err) != expected);
477 fail(
"%s failed: %s\n", msg, gpg_strerror(gc->err));
482 static int rpmgcAvailable(
rpmgc gc,
int algo,
int rc)
485 if (rc && !gc->in_fips_mode)
493 fprintf(stderr,
" algorithm %d not available in fips mode\n", algo);
498 static int rpmgcAvailableCipher(
pgpDig dig,
int algo)
501 return rpmgcAvailable(gc, algo, gcry_cipher_test_algo(algo));
504 static int rpmgcAvailableDigest(
pgpDig dig,
int algo)
508 rc = rpmgcAvailable(gc, algo,
513 static int rpmgcAvailablePubkey(
pgpDig dig,
int algo)
517 rc = rpmgcAvailable(gc, algo, gcry_pk_test_algo(algo));
522 int rpmgcVerify(
pgpDig dig)
531 if (gc->sig == NULL) {
533 switch (pubp->pubkey_algo) {
536 gc->err = rpmgcErr(gc,
"RSA gc->sig",
537 gcry_sexp_build(&gc->sig, NULL,
538 "(sig-val (RSA (s %m)))", gc->c) );
543 gc->err = rpmgcErr(gc,
"DSA gc->sig",
544 gcry_sexp_build(&gc->sig, NULL,
545 "(sig-val (DSA (r %m) (s %m)))", gc->r, gc->s) );
550 gc->err = rpmgcErr(gc,
"ELG gc->sig",
551 gcry_sexp_build(&gc->sig, NULL,
552 "(sig-val (ELG (r %m) (s %m)))", gc->r, gc->s) );
557 gc->err = rpmgcErr(gc,
"ECDSA gc->sig",
558 gcry_sexp_build(&gc->sig, NULL,
559 "(sig-val (ECDSA (r %m) (s %m)))", gc->r, gc->s) );
566 rpmgcDump(
"gc->sig", gc->sig);
569 if (gc->pub_key == NULL) {
571 switch (pubp->pubkey_algo) {
579 gc->err = rpmgcErr(gc,
"RSA gc->pub_key",
580 gcry_sexp_build(&gc->pub_key, NULL,
581 "(public-key (RSA (n %m) (e %m)))", gc->n, gc->e) );
589 gc->err = rpmgcErr(gc,
"DSA gc->pub_key",
590 gcry_sexp_build(&gc->pub_key, NULL,
591 "(public-key (DSA (p %m) (q %m) (g %m) (y %m)))",
592 gc->p, gc->q, gc->g, gc->y) );
599 gc->err = rpmgcErr(gc,
"ELG gc->pub_key",
600 gcry_sexp_build(&gc->pub_key, NULL,
601 "(public-key (ELG (p %m) (g %m) (y %m)))",
602 gc->p, gc->g, gc->y) );
613 {
char *t =
rpmExpand(
"(public-key (ECDSA (curve \"", gc->curve,
"\")",
615 gc->err = rpmgcErr(gc,
"ECDSA gc->pub_key",
616 gcry_sexp_build(&gc->pub_key, NULL, t, gc->q));
624 rpmgcDump(
"gc->pub_key", gc->pub_key);
628 gc->err = rpmgcErr(gc,
"gcry_pk_verify",
629 gcry_pk_verify (gc->sig, gc->hash, gc->pub_key));
648 gc->err = rpmgcErr(gc,
"gcry_pk_sign",
649 gcry_pk_sign (&gc->sig, gc->hash, gc->sec_key));
658 int rpmgcGenerate(
pgpDig dig)
665 assert(pubp->pubkey_algo);
666 assert(sigp->hash_algo);
669 switch (pubp->pubkey_algo) {
671 if (gc->nbits == 0) gc->nbits = 2048;
672 gc->err = rpmgcErr(gc,
"gc->key_spec",
673 gcry_sexp_build(&gc->key_spec, NULL,
675 ?
"(genkey (RSA (nbits %d)))"
676 :
"(genkey (RSA (nbits %d)(transient-key)))",
682 switch (sigp->hash_algo) {
696 case 160: gc->nbits = 1024;
break;
697 case 224: gc->nbits = 2048;
break;
698 case 256: gc->nbits = 3072;
break;
700 case 384: gc->nbits = 7680;
break;
701 case 512: gc->nbits = 15360;
break;
703 case 384: gc->nbits = 2048;
break;
704 case 512: gc->nbits = 2048;
break;
708 gc->err = rpmgcErr(gc,
"gc->key_spec",
709 gcry_sexp_build(&gc->key_spec, NULL,
711 ?
"(genkey (DSA (nbits %d)))"
712 :
"(genkey (DSA (nbits %d)(transient-key)))",
716 if (gc->nbits == 0) gc->nbits = 1024;
717 gc->err = rpmgcErr(gc,
"gc->key_spec",
718 gcry_sexp_build(&gc->key_spec, NULL,
720 ?
"(genkey (ELG (nbits %d)))"
721 :
"(genkey (ELG (nbits %d)(transient-key)))",
727 switch (sigp->hash_algo) {
736 if (gc->curve == NULL)
738 case 192: gc->curve =
xstrdup(
"NIST P-192");
break;
739 case 224: gc->curve =
xstrdup(
"NIST P-224");
break;
743 case 256: gc->curve =
xstrdup(
"NIST P-256");
break;
744 case 384: gc->curve =
xstrdup(
"NIST P-384");
break;
745 case 521: gc->curve =
xstrdup(
"NIST P-521");
break;
750 gc->err = rpmgcErr(gc,
"gc->key_spec",
751 gcry_sexp_build(&gc->key_spec, NULL,
753 ?
"(genkey (ECDSA (nbits %d)))"
754 :
"(genkey (ECDSA (nbits %d)(transient-key)))",
758 {
char * t =
rpmExpand(
"(genkey (ECDSA (curve \"", gc->curve,
"\")",
759 gc->in_fips_mode ?
"" :
"(transient-key)",
761 gc->err = rpmgcErr(gc,
"gc->key_spec",
762 gcry_sexp_build(&gc->key_spec, NULL, t));
773 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->key_spec) rpmgcDump(
"gc->key_spec", gc->key_spec);
776 gc->err = rpmgcErr(gc,
"gc->key_pair",
777 gcry_pk_genkey(&gc->key_pair, gc->key_spec));
780 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->key_pair) rpmgcDump(
"gc->key_pair", gc->key_pair);
783 gc->pub_key = gcry_sexp_find_token(gc->key_pair,
"public-key", 0);
784 if (gc->pub_key == NULL)
787 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->pub_key) rpmgcDump(
"gc->pub_key", gc->pub_key);
789 gc->sec_key = gcry_sexp_find_token(gc->key_pair,
"private-key", 0);
790 if (gc->sec_key == NULL)
793 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->sec_key) rpmgcDump(
"gc->sec_key", gc->sec_key);
797 rc = (gc->err == 0 && gc->pub_key && gc->sec_key);
800 gcry_sexp_release(gc->key_spec);
804 gcry_sexp_release(gc->key_pair);
814 int rpmgcMpiItem(
const char * pre,
pgpDig dig,
int itemno,
821 unsigned int nb = (pend >= p ? (pend - p) : 0);
822 unsigned int mbits = (((8 * (nb - 2)) + 0x1f) & ~0x1f);
823 const char * mpiname =
"";
824 gcry_mpi_t * mpip = NULL;
833 mpiname =
"RSA m**d"; mpip = &gc->c;
837 mpiname =
"DSA r"; mpip = &gc->r;
840 assert(mbits == gc->qbits);
841 mpiname =
"DSA s"; mpip = &gc->s;
845 mpiname =
"RSA n"; mpip = &gc->n;
848 mpiname =
"RSA e"; mpip = &gc->e;
852 mpiname =
"DSA p"; mpip = &gc->p;
856 mpiname =
"DSA q"; mpip = &gc->q;
859 assert(mbits == gc->nbits);
860 mpiname =
"DSA g"; mpip = &gc->g;
863 assert(mbits == gc->nbits);
864 mpiname =
"DSA y"; mpip = &gc->y;
868 mpiname =
"ECDSA r"; mpip = &gc->r;
871 assert(mbits == gc->qbits);
872 mpiname =
"ECDSA s"; mpip = &gc->s;
876 if (!strcasecmp(s,
"2a8648ce3d030101"))
878 else if (!strcasecmp(s,
"2b81040021"))
880 else if (!strcasecmp(s,
"2a8648ce3d030107"))
882 else if (!strcasecmp(s,
"2b81040022"))
884 else if (!strcasecmp(s,
"2b81040023"))
890 assert(gc->nbits > 0);
892 case 192: gc->curve =
xstrdup(
"NIST P-192");
break;
893 case 224: gc->curve =
xstrdup(
"NIST P-224");
break;
897 case 256: gc->curve =
xstrdup(
"NIST P-256");
break;
898 case 384: gc->curve =
xstrdup(
"NIST P-384");
break;
899 case 521: gc->curve =
xstrdup(
"NIST P-521");
break;
901 assert(gc->curve != NULL);
905 mpiname =
"ECDSA Q"; mpip = &gc->q;
915 gc->err = rpmgcErr(gc, mpiname,
916 gcry_mpi_scan(mpip, GCRYMPI_FMT_PGP, p, nb, &nscan) );
922 {
unsigned nbits = gcry_mpi_get_nbits(*mpip);
923 unsigned char * hex = NULL;
925 gc->err = rpmgcErr(gc,
"MPI print",
926 gcry_mpi_aprint(GCRYMPI_FMT_HEX, &hex, &nhex, *mpip) );
927 fprintf(stderr,
"*** %s\t%5d:%s\n", mpiname, (
int)nbits, hex);
938 void rpmgcClean(
void * impl)
947 gc->digest =
_free(gc->digest);
950 assert(gc->key_spec == NULL);
952 gcry_sexp_release(gc->key_spec);
954 assert(gc->key_pair == NULL);
956 gcry_sexp_release(gc->key_pair);
959 gcry_sexp_release(gc->pub_key);
962 gcry_sexp_release(gc->sec_key);
965 gcry_sexp_release(gc->hash);
968 gcry_sexp_release(gc->sig);
972 gcry_mpi_release(gc->c);
975 gcry_mpi_release(gc->p);
978 gcry_mpi_release(gc->q);
981 gcry_mpi_release(gc->g);
984 gcry_mpi_release(gc->y);
988 gcry_mpi_release(gc->r);
991 gcry_mpi_release(gc->s);
994 gcry_mpi_release(gc->n);
997 gcry_mpi_release(gc->e);
1000 gcry_mpi_release(gc->a);
1003 gcry_mpi_release(gc->b);
1006 gc->oid =
_free(gc->oid);
1007 gc->curve =
_free(gc->curve);
1015 static int rpmgc_initialized;
1018 void * rpmgcFree(
void * impl)
1026 if (--rpmgc_initialized == 0) {
1030 gc->err = rpmgcErr(gc,
"CLEAR_DEBUG_FLAGS",
1031 gcry_control(GCRYCTL_CLEAR_DEBUG_FLAGS, 3));
1032 gc->err = rpmgcErr(gc,
"SET_VERBOSITY",
1033 gcry_control(GCRYCTL_SET_VERBOSITY, 0) );
1039 gc->err = rpmgcErr(gc,
"DUMP_RANDOM_STATS",
1040 gcry_control(GCRYCTL_DUMP_RANDOM_STATS) );
1041 gc->err = rpmgcErr(gc,
"DUMP_MEMORY_STATS",
1042 gcry_control(GCRYCTL_DUMP_MEMORY_STATS) );
1043 gc->err = rpmgcErr(gc,
"DUMP_SECMEM_STATS",
1044 gcry_control(GCRYCTL_DUMP_MEMORY_STATS) );
1055 _p The argument provided
in the call to gcry_set_progress_handler.
1056 what A
string identifying the
type of the progress
output.
1057 The following values
for what are defined:
1058 need_entropy -- Not enough entropy is available.
1059 total holds the number of required bytes.
1060 wait_dev_random -- Waiting to re-open a random device.
1061 total gives the number of seconds
until the
next try.
1062 primegen -- Values
for printchar:
1064 ! Need to refresh the
pool of prime numbers.
1065 <,> Number of bits adjusted.
1066 ^ Searching
for a generator.
1067 . Fermat test on 10 candidates failed.
1068 : Restart with a
new random value.
1069 + Rabin Miller test passed.
1071 static void rpmgcProgress(
void * _p,
const char * what,
1072 int printchar,
int current,
int total)
1076 if (!strcmp(what,
"need_entropy"))
1077 rpmlog(msglvl,
D_(
"Waiting for %d bytes of entropy ...\n"), total);
1078 else if (!strcmp(what,
"wait_dev_random"))
1079 rpmlog(msglvl,
D_(
"Waiting on random device re-open in %d secs ...\n"), total);
1081 else if (!strcmp(what,
"primegen"))
1086 static int lvl2log(
int lvl)
1093 case GCRY_LOG_ERROR: lvl =
RPMLOG_ERR;
break;
1101 static void rpmgcFatal(
void * opaque,
int lvl,
const char * msg)
1103 rpmlog(lvl2log(lvl), msg);
1106 static void rpmgcLog(
void * opaque,
int lvl,
const char * fmt, va_list ap)
1109 vrpmlog(lvl2log(lvl), fmt, ap);
1113 void * rpmgcInit(
void)
1119 if (rpmgc_initialized++ == 0) {
1123 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
1125 gc->err = rpmgcErr(gc,
"SET_ENFORCED_FIPS_FLAG",
1126 gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG) );
1127 gc->err = rpmgcErr(gc,
"FORCE_FIPS_MODE",
1128 gcry_control(GCRYCTL_FORCE_FIPS_MODE) );
1131 gcry_set_progress_handler((gcry_handler_progress_t)rpmgcProgress, NULL);
1133 gcry_set_fatalerror_handler((gcry_handler_error_t)rpmgcFatal, NULL);
1134 gcry_set_log_handler((gcry_handler_log_t)rpmgcLog, NULL);
1137 gc->err = rpmgcErr(gc,
"SET_VERBOSITY",
1138 gcry_control(GCRYCTL_SET_VERBOSITY, 3) );
1139 gc->err = rpmgcErr(gc,
"SET_DEBUG_FLAGS",
1140 gcry_control(GCRYCTL_SET_DEBUG_FLAGS, 3) );
1144 if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
1145 gc->err = rpmgcErr(gc,
"GCRYPT_VERSION",
1146 gcry_check_version (GCRYPT_VERSION) == 0 );
1148 gc->err = rpmgcErr(gc,
"DISABLE_PRIV_DROP",
1149 gcry_control(GCRYCTL_DISABLE_PRIV_DROP) );
1150 gc->err = rpmgcErr(gc,
"USE_SECURE_RNDPOOL",
1151 gcry_control(GCRYCTL_USE_SECURE_RNDPOOL) );
1153 gc->err = rpmgcErr(gc,
"SUSPEND_SECMEM_WARN",
1154 gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN) );
1155 gc->err = rpmgcErr(gc,
"INIT_SECMEM",
1156 gcry_control(GCRYCTL_INIT_SECMEM, 16384) );
1157 gc->err = rpmgcErr(gc,
"RESUME_SECMEM_WARN",
1158 gcry_control(GCRYCTL_RESUME_SECMEM_WARN) );
1159 gc->err = rpmgcErr(gc,
"DISABLE_SECMEM_WARN",
1160 gcry_control(GCRYCTL_DISABLE_SECMEM_WARN) );
1163 gc->err = rpmgcErr(gc,
"SET_PREFERRED_RNG_TYPE",
1164 gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM) );
1167 gc->err = rpmgcErr(gc,
"INITIALIZATION_FINISHED",
1168 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0) );
1170 gc->err = rpmgcErr(gc,
"PRINT_CONFIG",
1171 gcry_control (GCRYCTL_PRINT_CONFIG, NULL) );
1180 "Gcrypt " GCRYPT_VERSION,
1187 rpmgcAvailableCipher, rpmgcAvailableDigest, rpmgcAvailablePubkey,
1188 rpmgcVerify, rpmgcSign, rpmgcGenerate,
1190 rpmgcMpiItem, rpmgcClean,
1191 rpmgcFree, rpmgcInit
1199 time_t now =
time(NULL);
1216 *be++ = pubp->pubkey_algo;
1218 switch (pubp->pubkey_algo) {
1223 if (gc->pub_key) rpmgcDump(__FUNCTION__, gc->pub_key);
1224 assert(gc->pub_key);
1225 xx = gcry_sexp_extract_param (gc->pub_key, NULL,
"+n +e", &gc->n, &gc->e, NULL);
1228 nb =
sizeof(pkt) - (be - pkt);
1230 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->n);
1233 nb =
sizeof(pkt) - (be - pkt);
1235 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->e);
1239 if (gc->pub_key) rpmgcDump(__FUNCTION__, gc->pub_key);
1240 assert(gc->pub_key);
1241 xx = gcry_sexp_extract_param (gc->pub_key, NULL,
"+p +q +g +y", &gc->p, &gc->q, &gc->g, &gc->y, NULL);
1246 nb =
sizeof(pkt) - (be - pkt);
1248 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->p);
1251 nb =
sizeof(pkt) - (be - pkt);
1253 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->q);
1256 nb =
sizeof(pkt) - (be - pkt);
1258 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->g);
1261 nb =
sizeof(pkt) - (be - pkt);
1263 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->y);
1267 if (gc->pub_key) rpmgcDump(__FUNCTION__, gc->pub_key);
1268 assert(gc->pub_key);
1273 switch (gc->nbits) {
1274 case 192: s =
"2a8648ce3d030101";
break;
1275 case 224: s =
"2b81040021";
break;
1277 case 256: s =
"2a8648ce3d030107";
break;
1278 case 384: s =
"2b81040022";
break;
1280 case 521: s =
"2b81040023";
break;
1284 for (i = 0; i <
ns; i += 2)
1289 assert(gc->pub_key);
1290 xx = gcry_sexp_extract_param (gc->pub_key, NULL,
"+q", &gc->q, NULL);
1292 nb =
sizeof(pkt) - (be - pkt);
1294 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->q);
1299 pktlen = (be - pkt);
1306 dig->pub = memcpy(
xmalloc(pktlen), pkt, pktlen);
1307 dig->publen = pktlen;
1320 time_t now =
time(NULL);
1331 *be++ = 0x80 | (sigp->tag << 2) | 0x01;
1335 *be++ = sigp->version = 0x04;
1337 *be++ = sigp->pubkey_algo = pubp->pubkey_algo;
1338 *be++ = sigp->hash_algo;
1346 *be++ = sigp->time[0] = (bt >> 24);
1347 *be++ = sigp->time[1] = (bt >> 16);
1348 *be++ = sigp->time[2] = (bt >> 8);
1349 *be++ = sigp->time[3] = (bt );
1353 bt = 30 * 24 * 60 * 60;
1354 *be++ = sigp->expire[0] = (bt >> 24);
1355 *be++ = sigp->expire[1] = (bt >> 16);
1356 *be++ = sigp->expire[2] = (bt >> 8);
1357 *be++ = sigp->expire[3] = (bt );
1371 sigp->hashlen = (be - h);
1372 h[-2] = (sigp->hashlen >> 8);
1373 h[-1] = (sigp->hashlen );
1376 if (sigp->hash != NULL)
1381 trailer[0] = sigp->version;
1383 trailer[2] = (sigp->hashlen >> 24);
1384 trailer[3] = (sigp->hashlen >> 16);
1385 trailer[4] = (sigp->hashlen >> 8);
1386 trailer[5] = (sigp->hashlen );
1390 sigp->signhash16[0] = 0x00;
1391 sigp->signhash16[1] = 0x00;
1392 switch (pubp->pubkey_algo) {
1406 h = (uint8_t *) gc->digest;
1407 sigp->signhash16[0] = h[0];
1408 sigp->signhash16[1] = h[1];
1419 *be++ = pubp->signid[0];
1420 *be++ = pubp->signid[1];
1421 *be++ = pubp->signid[2];
1422 *be++ = pubp->signid[3];
1423 *be++ = pubp->signid[4];
1424 *be++ = pubp->signid[5];
1425 *be++ = pubp->signid[6];
1426 *be++ = pubp->signid[7];
1432 *be++ = sigp->signhash16[0];
1433 *be++ = sigp->signhash16[1];
1435 switch (pubp->pubkey_algo) {
1440 if (gc->sig) rpmgcDump(__FUNCTION__, gc->sig);
1442 xx = gcry_sexp_extract_param (gc->sig, NULL,
"+s", &gc->c, NULL);
1444 nb =
sizeof(pkt) - (be - pkt);
1446 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->c);
1450 if (gc->sig) rpmgcDump(__FUNCTION__, gc->sig);
1452 xx = gcry_sexp_extract_param (gc->sig, NULL,
"+r +s", &gc->r, &gc->s, NULL);
1455 nb =
sizeof(pkt) - (be - pkt);
1457 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->r);
1460 nb =
sizeof(pkt) - (be - pkt);
1462 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, 1024, &nw, gc->s);
1466 if (gc->sig) rpmgcDump(__FUNCTION__, gc->sig);
1468 xx = gcry_sexp_extract_param (gc->sig, NULL,
"+r +s", &gc->r, &gc->s, NULL);
1471 nb =
sizeof(pkt) - (be - pkt);
1473 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, nb, &nw, gc->r);
1476 nb =
sizeof(pkt) - (be - pkt);
1478 xx = gcry_mpi_print(GCRYMPI_FMT_PGP, be, 1024, &nw, gc->s);
1483 pktlen = (be - pkt);
1488 dig->sig = memcpy(
xmalloc(pktlen), pkt, pktlen);
1489 dig->siglen = pktlen;
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
char * xstrdup(const char *str)
struct pgpDigParams_s * pgpDigParams
int rpmgcExportSignature(pgpDig dig, DIGEST_CTX ctx)
static unsigned char nibble(char c)
Convert hex to binary nibble.
static void rpmlog(int code, const char *fmt,...)
static int pgpImplSign(pgpDig dig)
const char * pgpPubkeyAlgo2Name(uint32_t algo)
static int pgpImplSetDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
Yet Another syslog(3) API clone.
void * xcalloc(size_t nmemb, size_t size)
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
void vrpmlog(unsigned code, const char *fmt, va_list ap)
Same as _rpmlog with stdarg argument list.
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
pgpHashAlgo rpmDigestAlgo(DIGEST_CTX ctx)
Return digest algorithm identifier.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
static int pgpImplSetECDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
int rpmgcExportPubkey(pgpDig dig)
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
static int pgpImplSetRSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
static void output(int indent, int *offset, const char *fmt,...)
static unsigned int pgpMpiLen(const rpmuint8_t *p)
Return no.
static int xisdigit(int c)
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
pgpImplVecs_t rpmgcImplVecs
Implementation specific parameter storage.
const char * pgpHashAlgo2Name(uint32_t algo)
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.