rpm  5.4.15
rpmpgp.c
Go to the documentation of this file.
1 
6 #include "system.h"
7 
8 #define _RPMIOB_INTERNAL
9 #include <rpmiotypes.h>
10 
11 #include <rpmio.h>
12 #include <rpmmacro.h>
13 
14 #define _RPMPGP_INTERNAL
15 #include <rpmbc.h> /* XXX still needs base64 goop */
16 #if defined(WITH_GCRYPT)
17 #include <rpmgc.h>
18 #endif
19 #if defined(WITH_NSS)
20 #include <rpmnss.h>
21 #endif
22 #if defined(WITH_OPENSSL)
23 #include <rpmssl.h>
24 #endif
25 #if defined(WITH_CDSA)
26 #include <rpmcdsa.h>
27 #endif
28 #if defined(WITH_TOMCRYPT)
29 #include <rpmltc.h>
30 #endif
31 #include "debug.h"
32 
33 /*@access pgpDig @*/
34 /*@access pgpDigParams @*/
35 /*@access pgpPkt @*/
36 /*@access rpmiob @*/
37 
38 #ifdef __cplusplus
39 GENpair(rpmuint8_t **)
40 #endif /* __cplusplus */
41 /*@unchecked@*/
43 
44 /*@unchecked@*/
46 
47 /*@unchecked@*/
49 
50 /*@unchecked@*/
52  /* explicit selection (order DOES NOT matter here) */
53 #if defined(USE_CRYPTO_BEECRYPT) && defined(WITH_BEECRYPT)
55 #elif defined(USE_CRYPTO_GCRYPT) && defined(WITH_GCRYPT)
57 #elif defined(USE_CRYPTO_NSS) && defined(WITH_NSS)
59 #elif defined(USE_CRYPTO_OPENSSL) && defined(WITH_SSL)
61 #elif defined(USE_CRYPTO_TOMCRYPT) && defined(WITH_TOMCRYPT)
63 #elif defined(USE_CRYPTO_CDSA) && defined(WITH_CDSA)
64  &rpmcdsaImplVecs;
65  /* implict selection (order DOES matter) */
66 #elif defined(WITH_BEECRYPT)
68 #elif defined(WITH_GCRYPT)
70 #elif defined(WITH_NSS)
72 #elif defined(WITH_SSL)
74 #elif defined(WITH_TOMCRYPT)
76 #elif defined(WITH_CDSA)
77  &rpmcdsaImplVecs;
78 #else
79 #error INTERNAL ERROR: no suitable Cryptography library available
80 #endif
81 
82 /*@unchecked@*/ /*@refcounted@*/ /*@relnull@*/
83 static pgpDig _dig = NULL;
84 
85 /*@unchecked@*/ /*@null@*/
86 static pgpDigParams _digp = NULL;
87 
88 #ifdef DYING
89 struct pgpPkt_s {
90  pgpTag tag;
91  unsigned int pktlen;
92  const rpmuint8_t * h;
93  unsigned int hlen;
94 };
95 #endif
96 
98  { PGPSIGTYPE_BINARY, "BINARY" },
99  { PGPSIGTYPE_TEXT, "TEXT" },
100  { PGPSIGTYPE_STANDALONE, "STANDALONE" },
101  { PGPSIGTYPE_GENERIC_CERT, "GENERIC" },
102  { PGPSIGTYPE_PERSONA_CERT, "PERSONA" },
103  { PGPSIGTYPE_CASUAL_CERT, "CASUAL" },
104  { PGPSIGTYPE_POSITIVE_CERT, "POSITIVE" },
105  { PGPSIGTYPE_SUBKEY_BINDING,"SUBKEY_BIND" },
106  { PGPSIGTYPE_KEY_BINDING, "KEY_BIND" },
107  { PGPSIGTYPE_SIGNED_KEY, "KEY" },
108  { PGPSIGTYPE_KEY_REVOKE, "KEY_REVOKE" },
109  { PGPSIGTYPE_SUBKEY_REVOKE, "SUBKEY_REVOKE" },
110  { PGPSIGTYPE_CERT_REVOKE, "CERT_REVOKE" },
111  { PGPSIGTYPE_TIMESTAMP, "TIMESTAMP" },
112  { PGPSIGTYPE_CONFIRM, "CONFIRM" },
113  { -1, "SIG_UNKNOWN" },
114 };
115 
117  { PGPPUBKEYALGO_RSA, "RSA" },
118  { PGPPUBKEYALGO_RSA_E, "RSA_E" },
119  { PGPPUBKEYALGO_RSA_S, "RSA_S" },
120  { PGPPUBKEYALGO_ELGAMAL_E, "ELG_E" },
121  { PGPPUBKEYALGO_DSA, "DSA" },
122  { PGPPUBKEYALGO_ECDH, "ECDH" },
123  { PGPPUBKEYALGO_ECDSA, "ECDSA" },
124  { PGPPUBKEYALGO_ELGAMAL, "ELG" },
125  { PGPPUBKEYALGO_EDDSA, "EDDSA" },
126  { -1, "KEY_UNKNOWN" },
127 };
128 
130  { PGPSYMKEYALGO_PLAINTEXT, "Plaintext" },
131  { PGPSYMKEYALGO_IDEA, "IDEA" },
132  { PGPSYMKEYALGO_TRIPLE_DES, "3DES" },
133  { PGPSYMKEYALGO_CAST5, "CAST5" },
134  { PGPSYMKEYALGO_BLOWFISH, "BLOWFISH" },
135  { PGPSYMKEYALGO_SAFER, "SAFER" },
136  { PGPSYMKEYALGO_DES_SK, "DES/SK" },
137  { PGPSYMKEYALGO_AES_128, "AES(128-bit key)" },
138  { PGPSYMKEYALGO_AES_192, "AES(192-bit key)" },
139  { PGPSYMKEYALGO_AES_256, "AES(256-bit key)" },
140  { PGPSYMKEYALGO_TWOFISH, "TWOFISH(256-bit key)" },
141  { PGPSYMKEYALGO_CAMELLIA_128, "CAMELLIA(128-bit key)" },
142  { PGPSYMKEYALGO_CAMELLIA_192, "CAMELLIA(192-bit key)" },
143  { PGPSYMKEYALGO_CAMELLIA_256, "CAMELLIA(256-bit key)" },
144  { PGPSYMKEYALGO_NOENCRYPT, "no encryption" },
145  { -1, "SYM_UNKNOWN" },
146 };
147 
149  { PGPCOMPRESSALGO_NONE, "Uncompressed" },
150  { PGPCOMPRESSALGO_ZIP, "ZIP" },
151  { PGPCOMPRESSALGO_ZLIB, "ZLIB" },
152  { PGPCOMPRESSALGO_BZIP2, "BZIP2" },
153  { -1, "Unknown compression algorithm" },
154 };
155 
157  { PGPHASHALGO_MD5, "MD5" },
158  { PGPHASHALGO_SHA1, "SHA1" },
159  { PGPHASHALGO_RIPEMD160, "RIPEMD160" },
160  { PGPHASHALGO_MD2, "MD2" },
161  { PGPHASHALGO_TIGER192, "TIGER192" },
162  { PGPHASHALGO_HAVAL_5_160, "HAVAL-5-160" },
163  { PGPHASHALGO_SHA224, "SHA224" },
164  { PGPHASHALGO_SHA256, "SHA256" },
165  { PGPHASHALGO_SHA384, "SHA384" },
166  { PGPHASHALGO_SHA512, "SHA512" },
167  { -1, "MD_UNKNOWN" },
168 };
169 
170 /*@-exportlocal -exportheadervar@*/
171 /*@observer@*/ /*@unchecked@*/
173  { 0x80, "No-modify" },
174  { -1, "Unknown key server preference" },
175 };
176 /*@=exportlocal =exportheadervar@*/
177 
179  { PGPSUBTYPE_SIG_CREATE_TIME,"created" },
180  { PGPSUBTYPE_SIG_EXPIRE_TIME,"expires" },
181  { PGPSUBTYPE_EXPORTABLE_CERT,"exportable" },
182  { PGPSUBTYPE_TRUST_SIG, "trust signature" },
183  { PGPSUBTYPE_REGEX, "regular expression" },
184  { PGPSUBTYPE_REVOCABLE, "revocable" },
185  { PGPSUBTYPE_KEY_EXPIRE_TIME,"key expiration time" },
186  { PGPSUBTYPE_ARR, "additional recipient request" },
187  { PGPSUBTYPE_PREFER_SYMKEY, "preferred symmetric algorithms" },
188  { PGPSUBTYPE_REVOKE_KEY, "revocation key" },
189  { PGPSUBTYPE_ISSUER_KEYID, "issuer" },
190  { PGPSUBTYPE_NOTATION, "notation data" },
191  { PGPSUBTYPE_PREFER_HASH, "preferred hash algorithms" },
192  { PGPSUBTYPE_PREFER_COMPRESS,"preferred compression algorithms" },
193  { PGPSUBTYPE_KEYSERVER_PREFERS,"key server preferences" },
194  { PGPSUBTYPE_PREFER_KEYSERVER,"preferred key server" },
195  { PGPSUBTYPE_PRIMARY_USERID,"primary user id" },
196  { PGPSUBTYPE_POLICY_URL, "policy URL" },
197  { PGPSUBTYPE_KEY_FLAGS, "key flags" },
198  { PGPSUBTYPE_SIGNER_USERID, "signer's user id" },
199  { PGPSUBTYPE_REVOKE_REASON, "reason for revocation" },
200  { PGPSUBTYPE_FEATURES, "features" },
201  { PGPSUBTYPE_SIG_TARGET, "signature target" },
202  { PGPSUBTYPE_EMBEDDED_SIG, "embedded signature" },
203 
204  { PGPSUBTYPE_INTERNAL_100, "internal subpkt type 100" },
205  { PGPSUBTYPE_INTERNAL_101, "internal subpkt type 101" },
206  { PGPSUBTYPE_INTERNAL_102, "internal subpkt type 102" },
207  { PGPSUBTYPE_INTERNAL_103, "internal subpkt type 103" },
208  { PGPSUBTYPE_INTERNAL_104, "internal subpkt type 104" },
209  { PGPSUBTYPE_INTERNAL_105, "internal subpkt type 105" },
210  { PGPSUBTYPE_INTERNAL_106, "internal subpkt type 106" },
211  { PGPSUBTYPE_INTERNAL_107, "internal subpkt type 107" },
212  { PGPSUBTYPE_INTERNAL_108, "internal subpkt type 108" },
213  { PGPSUBTYPE_INTERNAL_109, "internal subpkt type 109" },
214  { PGPSUBTYPE_INTERNAL_110, "internal subpkt type 110" },
215  { -1, "Unknown signature subkey type" },
216 };
217 
218 struct pgpValTbl_s pgpTagTbl[] = {
219  { PGPTAG_PUBLIC_SESSION_KEY,"Public-Key Encrypted Session Key" },
220  { PGPTAG_SIGNATURE, "Signature" },
221  { PGPTAG_SYMMETRIC_SESSION_KEY,"Symmetric-Key Encrypted Session Key" },
222  { PGPTAG_ONEPASS_SIGNATURE, "One-Pass Signature" },
223  { PGPTAG_SECRET_KEY, "Secret Key" },
224  { PGPTAG_PUBLIC_KEY, "Public Key" },
225  { PGPTAG_SECRET_SUBKEY, "Secret Subkey" },
226  { PGPTAG_COMPRESSED_DATA, "Compressed Data" },
227  { PGPTAG_SYMMETRIC_DATA, "Symmetrically Encrypted Data" },
228  { PGPTAG_MARKER, "Marker" },
229  { PGPTAG_LITERAL_DATA, "Literal Data" },
230  { PGPTAG_TRUST, "Trust" },
231  { PGPTAG_USER_ID, "User ID" },
232  { PGPTAG_PUBLIC_SUBKEY, "Public Subkey" },
233  { PGPTAG_COMMENT_OLD, "Comment (from OpenPGP draft)" },
234  { PGPTAG_PHOTOID, "PGP's photo ID" },
235  { PGPTAG_ENCRYPTED_MDC, "Integrity protected encrypted data" },
236  { PGPTAG_MDC, "Manipulaion detection code packet" },
237  { PGPTAG_PRIVATE_60, "Private #60" },
238  { PGPTAG_COMMENT, "Comment" },
239  { PGPTAG_PRIVATE_62, "Private #62" },
240  { PGPTAG_CONTROL, "Control (GPG)" },
241  { -1, "TAG_UNKNOWN" },
242 };
243 
245  { PGPARMOR_MESSAGE, "MESSAGE" },
246  { PGPARMOR_PUBKEY, "PUBLIC KEY BLOCK" },
247  { PGPARMOR_SIGNATURE, "SIGNATURE" },
248  { PGPARMOR_SIGNED_MESSAGE, "SIGNED MESSAGE" },
249  { PGPARMOR_FILE, "ARMORED FILE" },
250  { PGPARMOR_PRIVKEY, "PRIVATE KEY BLOCK" },
251  { PGPARMOR_SECKEY, "SECRET KEY BLOCK" },
252  { -1, "Unknown armor block" }
253 };
254 
256  { PGPARMORKEY_VERSION, "Version: " },
257  { PGPARMORKEY_COMMENT, "Comment: " },
258  { PGPARMORKEY_MESSAGEID, "MessageID: " },
259  { PGPARMORKEY_HASH, "Hash: " },
260  { PGPARMORKEY_CHARSET, "Charset: " },
261  { -1, "Unknown armor key" }
262 };
263 
264 static void pgpPrtNL(void)
265  /*@globals fileSystem @*/
266  /*@modifies fileSystem @*/
267 {
268  if (!_pgp_print) return;
269  fprintf(stderr, "\n");
270 }
271 
272 static void pgpPrtInt(const char *pre, int i)
273  /*@globals fileSystem @*/
274  /*@modifies fileSystem @*/
275 {
276  if (!_pgp_print) return;
277  if (pre && *pre)
278  fprintf(stderr, "%s", pre);
279  fprintf(stderr, " %d", i);
280 }
281 
282 static void pgpPrtStr(const char *pre, const char *s)
283  /*@globals fileSystem @*/
284  /*@modifies fileSystem @*/
285 {
286  if (!_pgp_print) return;
287  if (pre && *pre)
288  fprintf(stderr, "%s", pre);
289  fprintf(stderr, " %s", s);
290 }
291 
292 static void pgpPrtHex(const char *pre, const rpmuint8_t * p, size_t plen)
293  /*@globals fileSystem @*/
294  /*@modifies fileSystem @*/
295 {
296  if (!_pgp_print) return;
297  if (pre && *pre)
298  fprintf(stderr, "%s", pre);
299  fprintf(stderr, " %s", pgpHexStr(p, plen));
300 }
301 
302 void pgpPrtVal(const char * pre, pgpValTbl vs, rpmuint8_t val)
303  /*@globals fileSystem @*/
304  /*@modifies fileSystem @*/
305 {
306  if (!_pgp_print) return;
307  if (pre && *pre)
308  fprintf(stderr, "%s", pre);
309  fprintf(stderr, "%s(%u)", pgpValStr(vs, val), (unsigned)val);
310 }
311 
312 int pgpPrtSubType(const rpmuint8_t * h, size_t hlen, pgpSigType sigtype)
313 {
314  const rpmuint8_t * p = h;
315  unsigned plen;
316  unsigned i;
317 
318  while (hlen > 0) {
319  i = pgpLen(p, &plen);
320  p += i;
321  hlen -= i;
322 
323  pgpPrtVal(" ", pgpSubTypeTbl, (p[0]&(~PGPSUBTYPE_CRITICAL)));
324  if ((p[0] & PGPSUBTYPE_CRITICAL) != (rpmuint8_t)0)
325  if (_pgp_print)
326  fprintf(stderr, " *CRITICAL*");
327  switch (*p) {
328  case PGPSUBTYPE_PREFER_SYMKEY: /* preferred symmetric algorithms */
329  for (i = 1; i < plen; i++)
330  pgpPrtVal(" ", pgpSymkeyTbl, p[i]);
331  /*@switchbreak@*/ break;
332  case PGPSUBTYPE_PREFER_HASH: /* preferred hash algorithms */
333  for (i = 1; i < plen; i++)
334  pgpPrtVal(" ", pgpHashTbl, p[i]);
335  /*@switchbreak@*/ break;
336  case PGPSUBTYPE_PREFER_COMPRESS:/* preferred compression algorithms */
337  for (i = 1; i < plen; i++)
338  pgpPrtVal(" ", pgpCompressionTbl, p[i]);
339  /*@switchbreak@*/ break;
340  case PGPSUBTYPE_KEYSERVER_PREFERS:/* key server preferences */
341  for (i = 1; i < plen; i++)
342  pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]);
343  /*@switchbreak@*/ break;
345 /*@-mods -mayaliasunique @*/
346  if (_digp && !(_digp->saved & PGPDIG_SAVED_TIME) &&
347  (sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))
348  {
349  _digp->saved |= PGPDIG_SAVED_TIME;
350  memcpy(_digp->time, p+1, sizeof(_digp->time));
351  }
352 /*@=mods =mayaliasunique @*/
353  if ((plen - 1) == 4) {
354  time_t t = pgpGrab(p+1, plen-1);
355  if (_pgp_print)
356  fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
357  } else
358  pgpPrtHex("", p+1, plen-1);
359  /*@switchbreak@*/ break;
361  case PGPSUBTYPE_KEY_EXPIRE_TIME: /* XXX only on self-signature */
362  if ((plen - 1) == 4) {
363  time_t t = pgpGrab(p+1, plen-1);
364  if (t == 0) {
365  if (_pgp_print)
366  fprintf(stderr, " never(0x%08x)", (unsigned)t);
367  } else if (_digp && _digp->saved & PGPDIG_SAVED_TIME) {
368  t += pgpGrab(_digp->time, sizeof(_digp->time));
369  if (_pgp_print)
370  fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
371  } else {
372  if (_pgp_print)
373  fprintf(stderr, " creation+secs(0x%08x)", (unsigned)t);
374  }
375  } else
376  pgpPrtHex("", p+1, plen-1);
377  /*@switchbreak@*/ break;
378 
379  case PGPSUBTYPE_ISSUER_KEYID: /* issuer key ID */
380 /*@-mods -mayaliasunique @*/
381  if (_digp && !(_digp->saved & PGPDIG_SAVED_ID) &&
382  (sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))
383  {
384  _digp->saved |= PGPDIG_SAVED_ID;
385  memcpy(_digp->signid, p+1, sizeof(_digp->signid));
386  }
387 /*@=mods =mayaliasunique @*/
388  /*@fallthrough@*/
391  case PGPSUBTYPE_REGEX:
393  case PGPSUBTYPE_ARR:
395  case PGPSUBTYPE_NOTATION:
402  case PGPSUBTYPE_FEATURES:
416  default:
417  pgpPrtHex("", p+1, plen-1);
418  /*@switchbreak@*/ break;
419  }
420  pgpPrtNL();
421  p += plen;
422  hlen -= plen;
423  }
424  return 0;
425 }
426 
427 /*@-varuse =readonlytrans -nullassign @*/
428 /*@observer@*/ /*@unchecked@*/
429 static const char * pgpSigRSA[] = {
430  " m**d =",
431  NULL,
432 };
433 
434 /*@observer@*/ /*@unchecked@*/
435 static const char * pgpSigDSA[] = {
436  " r =",
437  " s =",
438  NULL,
439 };
440 
441 /*@observer@*/ /*@unchecked@*/
442 static const char * pgpSigECDSA[] = {
443  " r =",
444  " s =",
445  NULL,
446 };
447 /*@=varuse =readonlytrans =nullassign @*/
448 
449 int pgpPrtSigParams(pgpDig dig, const pgpPkt pp, pgpPubkeyAlgo pubkey_algo,
450  pgpSigType sigtype, const rpmuint8_t * p)
451 {
452  const rpmuint8_t * pend = pp->u.h + pp->hlen;
453  int xx;
454  int i;
455 
456  for (i = 0; p < pend; i++, p += pgpMpiLen(p)) {
457  if (pubkey_algo == PGPPUBKEYALGO_RSA) {
458  if (i >= 1) break;
459  if (dig &&
460  (dig != _dig || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT))
461  {
462  xx = 0;
463  switch (i) {
464  case 0: /* m**d */
465  xx = pgpImplMpiItem(pgpSigRSA[i], dig, 10+i, p, p+pgpMpiLen(p));
466  /*@switchbreak@*/ break;
467  default:
468  xx = 1;
469  /*@switchbreak@*/ break;
470  }
471  if (xx) return xx;
472  }
473  pgpPrtStr("", pgpSigRSA[i]);
474  } else if (pubkey_algo == PGPPUBKEYALGO_DSA) {
475  if (i >= 2) break;
476  if (dig &&
477  (dig != _dig || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT))
478  {
479  xx = 0;
480  switch (i) {
481  case 0: /* r */
482  xx = pgpImplMpiItem(pgpSigDSA[i], dig, 20+i, p, p+pgpMpiLen(p));
483  /*@switchbreak@*/ break;
484  case 1: /* s */
485  xx = pgpImplMpiItem(pgpSigDSA[i], dig, 20+i, p, p+pgpMpiLen(p));
486  /*@switchbreak@*/ break;
487  default:
488  xx = 1;
489  /*@switchbreak@*/ break;
490  }
491  if (xx) return xx;
492  }
493  pgpPrtStr("", pgpSigDSA[i]);
494  } else if (pubkey_algo == PGPPUBKEYALGO_ECDSA) {
495  if (i >= 2) break;
496  if (dig &&
497  (dig != _dig || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT))
498  {
499  xx = 0;
500  switch (i) {
501  case 0: /* r */
502  xx = pgpImplMpiItem(pgpSigECDSA[i], dig, 50+i, p, p+pgpMpiLen(p));
503  /*@switchbreak@*/ break;
504  case 1: /* s */
505  xx = pgpImplMpiItem(pgpSigECDSA[i], dig, 50+i, p, p+pgpMpiLen(p));
506  /*@switchbreak@*/ break;
507  default:
508  xx = 1;
509  /*@switchbreak@*/ break;
510  }
511  if (xx) return xx;
512  }
513  pgpPrtStr("", pgpSigECDSA[i]);
514  } else {
515  if (_pgp_print)
516  fprintf(stderr, "%7d", i);
517  }
518  pgpPrtStr("", pgpMpiStr(p));
519  pgpPrtNL();
520  }
521 
522  return 0;
523 }
524 
525 int pgpPrtSig(const pgpPkt pp)
526  /*@globals _digp @*/
527  /*@modifies *_digp @*/
528 {
529  rpmuint8_t version = pp->u.h[0];
530  rpmuint8_t * p;
531  unsigned plen;
532  int rc;
533 
534  switch (version) {
535  case 3:
536  { pgpPktSigV3 v = (pgpPktSigV3)pp->u.h;
537  time_t t;
538 
539  if (v->hashlen != (rpmuint8_t)5)
540  return 1;
541 
542  pgpPrtVal("V3 ", pgpTagTbl, (rpmuint8_t)pp->tag);
543  pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
544  pgpPrtVal(" ", pgpHashTbl, v->hash_algo);
545  pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
546  pgpPrtNL();
547  t = pgpGrab(v->time, sizeof(v->time));
548  if (_pgp_print)
549  fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
550  pgpPrtNL();
551  pgpPrtHex(" signer keyid", v->signid, sizeof(v->signid));
552  plen = pgpGrab(v->signhash16, sizeof(v->signhash16));
553  pgpPrtHex(" signhash16", v->signhash16, sizeof(v->signhash16));
554  pgpPrtNL();
555 
556  if (_digp && _digp->pubkey_algo == (rpmuint8_t)0) {
557  _digp->version = v->version;
558  _digp->hashlen = (size_t) v->hashlen;
559  _digp->sigtype = v->sigtype;
560  _digp->hash = &v->sigtype;
561  memcpy(_digp->time, v->time, sizeof(_digp->time));
562  memcpy(_digp->signid, v->signid, sizeof(_digp->signid));
563  _digp->pubkey_algo = v->pubkey_algo;
564  _digp->hash_algo = v->hash_algo;
565  memcpy(_digp->signhash16, v->signhash16, sizeof(_digp->signhash16));
566  }
567 
568  p = ((rpmuint8_t *)v) + sizeof(*v);
569  rc = pgpPrtSigParams(_dig, pp, (pgpPubkeyAlgo)v->pubkey_algo,
570  (pgpSigType)v->sigtype, p);
571  } break;
572  case 4:
573  { pgpPktSigV4 v = (pgpPktSigV4)pp->u.h;
574 
575  pgpPrtVal("V4 ", pgpTagTbl, (rpmuint8_t)pp->tag);
576  pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
577  pgpPrtVal(" ", pgpHashTbl, v->hash_algo);
578  pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
579  pgpPrtNL();
580 
581  p = &v->hashlen[0];
582  plen = pgpGrab(v->hashlen, sizeof(v->hashlen));
583  p += sizeof(v->hashlen);
584 
585  if ((p + plen) > (pp->u.h + pp->hlen))
586  return 1;
587 
588 if (_pgp_debug && _pgp_print)
589 fprintf(stderr, " hash[%u] -- %s\n", plen, pgpHexStr(p, plen));
590  if (_digp && _digp->pubkey_algo == (rpmuint8_t)0) {
591  _digp->hashlen = sizeof(*v) + plen;
592  _digp->hash = pp->u.h;
593  }
594  (void) pgpPrtSubType(p, plen, (pgpSigType)v->sigtype);
595  p += plen;
596 
597  plen = pgpGrab(p, 2);
598  p += 2;
599 
600  if ((p + plen) > (pp->u.h + pp->hlen))
601  return 1;
602 
603 if (_pgp_debug && _pgp_print)
604 fprintf(stderr, " unhash[%u] -- %s\n", plen, pgpHexStr(p, plen));
605  (void) pgpPrtSubType(p, plen, (pgpSigType)v->sigtype);
606  p += plen;
607 
608  plen = pgpGrab(p,2);
609  pgpPrtHex(" signhash16", p, 2);
610  pgpPrtNL();
611 
612  if (_digp && _digp->pubkey_algo == (rpmuint8_t)0) {
613  _digp->version = v->version;
614  _digp->sigtype = v->sigtype;
615  _digp->pubkey_algo = v->pubkey_algo;
616  _digp->hash_algo = v->hash_algo;
617  memcpy(_digp->signhash16, p, sizeof(_digp->signhash16));
618  }
619 
620  p += 2;
621  if (p > (pp->u.h + pp->hlen))
622  return 1;
623 
624  rc = pgpPrtSigParams(_dig, pp, (pgpPubkeyAlgo)v->pubkey_algo,
625  (pgpSigType)v->sigtype, p);
626  } break;
627  default:
628  rc = 1;
629  break;
630  }
631  return rc;
632 }
633 
634 /*@-varuse =readonlytrans -nullassign @*/
635 /*@observer@*/ /*@unchecked@*/
636 static const char * pgpPublicRSA[] = {
637  " n =",
638  " e =",
639  NULL,
640 };
641 
642 #ifdef NOTYET
643 /*@observer@*/ /*@unchecked@*/
644 static const char * pgpSecretRSA[] = {
645  " d =",
646  " p =",
647  " q =",
648  " u =",
649  NULL,
650 };
651 #endif
652 
653 /*@observer@*/ /*@unchecked@*/
654 static const char * pgpPublicDSA[] = {
655  " p =",
656  " q =",
657  " g =",
658  " y =",
659  NULL,
660 };
661 
662 #ifdef NOTYET
663 /*@observer@*/ /*@unchecked@*/
664 static const char * pgpSecretDSA[] = {
665  " x =",
666  NULL,
667 };
668 #endif
669 
670 /*@observer@*/ /*@unchecked@*/
671 static const char * pgpPublicECDSA[] = {
672  " Q =",
673  NULL,
674 };
675 
676 #ifdef NOTYET
677 /*@observer@*/ /*@unchecked@*/
678 static const char * pgpSecretECDSA[] = {
679  " d =",
680  NULL,
681 };
682 #endif
683 
684 /*@observer@*/ /*@unchecked@*/
685 static const char * pgpPublicECDH[] = {
686  " Q =",
687  NULL,
688 };
689 
690 #ifdef NOTYET
691 /*@observer@*/ /*@unchecked@*/
692 static const char * pgpSecretECDH[] = {
693  " d =",
694  NULL,
695 };
696 #endif
697 
698 /*@observer@*/ /*@unchecked@*/
699 static const char * pgpPublicELGAMAL[] = {
700  " p =",
701  " g =",
702  " y =",
703  NULL,
704 };
705 
706 #ifdef NOTYET
707 /*@observer@*/ /*@unchecked@*/
708 static const char * pgpSecretELGAMAL[] = {
709  " x =",
710  NULL,
711 };
712 #endif
713 /*@=varuse =readonlytrans =nullassign @*/
714 
716  pgpPubkeyAlgo pubkey_algo, /*@returned@*/ const rpmuint8_t * p)
717 {
718  const rpmuint8_t * pend = pp->u.h + pp->hlen;
719  int i;
720 
721  for (i = 0; p < pend; i++, p += pgpMpiLen(p)) {
722  if (pubkey_algo == PGPPUBKEYALGO_RSA) {
723  if (i >= 2) break;
724  if (dig) {
725  switch (i) {
726  case 0: /* n */
727  (void) pgpImplMpiItem(pgpPublicRSA[i], dig, 30+i, p, p+pgpMpiLen(p));
728  /*@switchbreak@*/ break;
729  case 1: /* e */
730  (void) pgpImplMpiItem(pgpPublicRSA[i], dig, 30+i, p, p+pgpMpiLen(p));
731  /*@switchbreak@*/ break;
732  default:
733  /*@switchbreak@*/ break;
734  }
735  }
736  pgpPrtStr("", pgpPublicRSA[i]);
737  } else if (pubkey_algo == PGPPUBKEYALGO_DSA) {
738  if (i >= 4) break;
739  if (dig) {
740  switch (i) {
741  case 0: /* p */
742  (void) pgpImplMpiItem(pgpPublicDSA[i], dig, 40+i, p, p+pgpMpiLen(p));
743  /*@switchbreak@*/ break;
744  case 1: /* q */
745  (void) pgpImplMpiItem(pgpPublicDSA[i], dig, 40+i, p, p+pgpMpiLen(p));
746  /*@switchbreak@*/ break;
747  case 2: /* g */
748  (void) pgpImplMpiItem(pgpPublicDSA[i], dig, 40+i, p, p+pgpMpiLen(p));
749  /*@switchbreak@*/ break;
750  case 3: /* y */
751  (void) pgpImplMpiItem(pgpPublicDSA[i], dig, 40+i, p, p+pgpMpiLen(p));
752  /*@switchbreak@*/ break;
753  default:
754  /*@switchbreak@*/ break;
755  }
756  }
757  pgpPrtStr("", pgpPublicDSA[i]);
758  } else if (pubkey_algo == PGPPUBKEYALGO_ECDSA) {
759  if (i >= 1) break;
760  if (dig) {
761  switch (i) {
762  case 0: /* curve_oid & Q */
763  (void) pgpImplMpiItem(pgpPublicECDSA[i], dig, 60, p+1, p+1+p[0]);
764  (void) pgpImplMpiItem(pgpPublicECDSA[i], dig, 61, p+1+p[0], p+pgpMpiLen(p));
765  /*@switchbreak@*/ break;
766  default:
767  /*@switchbreak@*/ break;
768  }
769  }
770  if (i == 0) {
771  pgpPrtHex("Curve = [ OID]:", p+1, p[0]);
772  pgpPrtNL();
773  p += p[0] + 1;
774  pgpPrtStr(pgpPublicECDSA[i], pgpMpiStr(p));
775  pgpPrtNL();
776  break; /* XXX FIXME: early exit */
777  }
778  pgpPrtStr("", pgpPublicECDSA[i]);
779  } else if (pubkey_algo == PGPPUBKEYALGO_ECDH) {
780  if (i >= 1) break;
781  if (dig) {
782  switch (i) {
783  case 0: /* curve_oid & Q */
784  (void) pgpImplMpiItem(pgpPublicECDH[i], dig, 60, p+1, p+1+p[0]);
785  (void) pgpImplMpiItem(pgpPublicECDH[i], dig, 61, p+1+p[0], p+pgpMpiLen(p));
786  /*@switchbreak@*/ break;
787  default:
788  /*@switchbreak@*/ break;
789  }
790  }
791  if (i == 0) {
792  pgpPrtHex("Curve = [ OID]:", p+1, p[0]);
793  p += p[0] + 1;
794  pgpPrtNL();
795  pgpPrtStr(pgpPublicECDH[i], pgpMpiStr(p));
796  p += pgpMpiLen(p);
797  pgpPrtHex(" KDF params:", p+1, p[0]);
798  p += p[0] + 1;
799  pgpPrtNL();
800  break; /* XXX FIXME: early exit */
801  }
802  } else if (pubkey_algo == PGPPUBKEYALGO_ELGAMAL_E) {
803  if (i >= 3) break;
804  pgpPrtStr("", pgpPublicELGAMAL[i]);
805  } else {
806  if (_pgp_print)
807  fprintf(stderr, "%7d", i);
808  }
809  pgpPrtStr("", pgpMpiStr(p));
810  pgpPrtNL();
811  }
812 
813  return p;
814 }
815 
816 static const rpmuint8_t * pgpPrtSeckeyParams(const pgpPkt pp,
817  /*@unused@*/ rpmuint8_t pubkey_algo,
818  /*@returned@*/ const rpmuint8_t *p)
819  /*@globals fileSystem @*/
820  /*@modifies fileSystem @*/
821 {
822  int i;
823 
824  switch (*p) {
825  case 0:
826  pgpPrtVal(" ", pgpSymkeyTbl, *p);
827  break;
828  case 255:
829  p++;
830  pgpPrtVal(" ", pgpSymkeyTbl, *p);
831  switch (p[1]) {
832  case 0x00:
833  pgpPrtVal(" simple ", pgpHashTbl, p[2]);
834  p += 2;
835  /*@innerbreak@*/ break;
836  case 0x01:
837  pgpPrtVal(" salted ", pgpHashTbl, p[2]);
838  pgpPrtHex("", p+3, 8);
839  p += 10;
840  /*@innerbreak@*/ break;
841  case 0x03:
842  pgpPrtVal(" iterated/salted ", pgpHashTbl, p[2]);
843  i = (16 + ((unsigned)p[11] & 0xf)) << (((unsigned)p[11] >> 4U) + 6);
844  pgpPrtHex("", p+3, 8);
845  pgpPrtInt(" iter", i);
846  p += 11;
847  /*@innerbreak@*/ break;
848  }
849  break;
850  default:
851  pgpPrtVal(" ", pgpSymkeyTbl, *p);
852  pgpPrtHex(" IV", p+1, 8);
853  p += 8;
854  break;
855  }
856  pgpPrtNL();
857 
858  p++;
859 
860 #ifdef NOTYET /* XXX encrypted MPI's need to be handled. */
861  for (i = 0; p < &pp->u.h[pp->hlen]; i++, p += pgpMpiLen(p)) {
862  if (pubkey_algo == PGPPUBKEYALGO_RSA) {
863  if (pgpSecretRSA[i] == NULL) break;
864  pgpPrtStr("", pgpSecretRSA[i]);
865  } else if (pubkey_algo == PGPPUBKEYALGO_DSA) {
866  if (pgpSecretDSA[i] == NULL) break;
867  pgpPrtStr("", pgpSecretDSA[i]);
868  } else if (pubkey_algo == PGPPUBKEYALGO_ECDSA) {
869  if (pgpSecretECDSA[i] == NULL) break;
870  pgpPrtStr("", pgpSecretECDSA[i]);
871  } else if (pubkey_algo == PGPPUBKEYALGO_ELGAMAL_E) {
872  if (pgpSecretELGAMAL[i] == NULL) break;
873  pgpPrtStr("", pgpSecretELGAMAL[i]);
874  } else {
875  if (_pgp_print)
876  fprintf(stderr, "%7d", i);
877  }
878  pgpPrtStr("", pgpMpiStr(p));
879  pgpPrtNL();
880  }
881 #else
882  pgpPrtHex(" secret", p, (pp->hlen - (p - pp->u.h) - 2));
883  pgpPrtNL();
884  p += (pp->hlen - (p - pp->u.h) - 2);
885 #endif
886  pgpPrtHex(" checksum", p, 2);
887  pgpPrtNL();
888 
889  return p;
890 }
891 
892 int pgpPrtKey(const pgpPkt pp)
893  /*@globals _digp @*/
894  /*@modifies *_digp @*/
895 {
896  rpmuint8_t version = pp->u.h[0];
897  const rpmuint8_t * p;
898  unsigned plen;
899  time_t t;
900  int rc;
901 
902  switch (version) {
903  case 3:
904  { pgpPktKeyV3 v = (pgpPktKeyV3)pp->u.h;
905  pgpPrtVal("V3 ", pgpTagTbl, (rpmuint8_t)pp->tag);
906  pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
907  t = pgpGrab(v->time, sizeof(v->time));
908  if (_pgp_print)
909  fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
910  plen = pgpGrab(v->valid, sizeof(v->valid));
911  if (plen != 0)
912  fprintf(stderr, " valid %u days", plen);
913  pgpPrtNL();
914 
915  if (_digp && _digp->tag == (rpmuint8_t)pp->tag) {
916  _digp->version = v->version;
917  memcpy(_digp->time, v->time, sizeof(_digp->time));
918  _digp->pubkey_algo = v->pubkey_algo;
919  }
920 
921  p = ((rpmuint8_t *)v) + sizeof(*v);
922  p = pgpPrtPubkeyParams(_dig, pp, (pgpPubkeyAlgo)v->pubkey_algo, p);
923  rc = 0;
924  } break;
925  case 4:
926  { pgpPktKeyV4 v = (pgpPktKeyV4)pp->u.h;
927  pgpPrtVal("V4 ", pgpTagTbl, (rpmuint8_t)pp->tag);
928  pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
929  t = pgpGrab(v->time, sizeof(v->time));
930  if (_pgp_print)
931  fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
932  pgpPrtNL();
933 
934  if (_digp && _digp->tag == (rpmuint8_t)pp->tag) {
935  _digp->version = v->version;
936  memcpy(_digp->time, v->time, sizeof(_digp->time));
937  _digp->pubkey_algo = v->pubkey_algo;
938  }
939 
940  p = ((rpmuint8_t *)v) + sizeof(*v);
941  p = pgpPrtPubkeyParams(_dig, pp, (pgpPubkeyAlgo)v->pubkey_algo, p);
942  if (!(pp->tag == PGPTAG_PUBLIC_KEY || pp->tag == PGPTAG_PUBLIC_SUBKEY))
943  p = pgpPrtSeckeyParams(pp, v->pubkey_algo, p);
944  rc = 0;
945  } break;
946  default:
947  rc = 1;
948  break;
949  }
950  return rc;
951 }
952 
953 int pgpPrtUserID(const pgpPkt pp)
954  /*@globals _digp @*/
955  /*@modifies *_digp @*/
956 {
957  pgpPrtVal("", pgpTagTbl, (rpmuint8_t)pp->tag);
958  if (_pgp_print)
959  fprintf(stderr, " \"%.*s\"", (int)pp->hlen, (const char *)pp->u.h);
960  pgpPrtNL();
961  if (_digp) {
962  char * t = (char *) memcpy(xmalloc(pp->hlen+1), pp->u.h, pp->hlen);
963  t[pp->hlen] = '\0';
964  _digp->userid = _free(_digp->userid);
965  _digp->userid = t;
966  }
967  return 0;
968 }
969 
970 int pgpPrtComment(const pgpPkt pp)
971 {
972  const rpmuint8_t * h = pp->u.h;
973  int i = pp->hlen;
974 
975  pgpPrtVal("", pgpTagTbl, (rpmuint8_t)pp->tag);
976  if (_pgp_print)
977  fprintf(stderr, " ");
978  while (i > 0) {
979  int j;
980  if (*h >= (rpmuint8_t)' ' && *h <= (rpmuint8_t)'z') {
981  j = 0;
982  while (j < i && h[j] != (rpmuint8_t)'\0')
983  j++;
984  while (j < i && h[j] == (rpmuint8_t)'\0')
985  j++;
986  if (_pgp_print && j)
987  fprintf(stderr, "%.*s", (int)strlen((const char *)h), (const char *)h);
988  } else {
989  pgpPrtHex("", h, i);
990  j = i;
991  }
992  i -= j;
993  h += j;
994  }
995  pgpPrtNL();
996  return 0;
997 }
998 
999 int pgpPktLen(const rpmuint8_t *pkt, size_t pleft, pgpPkt pp)
1000 {
1001  unsigned int val = (unsigned int)*pkt;
1002  unsigned int plen;
1003 
1004  memset(pp, 0, sizeof(*pp));
1005  /* XXX can't deal with these. */
1006  if (!(val & 0x80))
1007  return -1;
1008 
1009  if (val & 0x40) {
1010  pp->tag = (pgpTag) (val & 0x3f);
1011  plen = pgpLen(pkt+1, &pp->hlen);
1012  } else {
1013  pp->tag = (pgpTag) ((val >> 2) & 0xf);
1014  plen = (1 << (val & 0x3));
1015  pp->hlen = pgpGrab(pkt+1, plen);
1016  }
1017 
1018  pp->pktlen = 1 + plen + pp->hlen;
1019  if (pleft > 0 && pp->pktlen > (unsigned)pleft)
1020  return -1;
1021 
1022 /*@-assignexpose -temptrans @*/
1023  pp->u.h = pkt + 1 + plen;
1024 /*@=assignexpose =temptrans @*/
1025 
1026  return pp->pktlen;
1027 }
1028 
1029 int pgpPubkeyFingerprint(const rpmuint8_t * pkt, size_t pktlen, rpmuint8_t * keyid)
1030 {
1031  pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
1032  int rc = pgpPktLen(pkt, pktlen, pp);
1033 
1034  if (!(pp->tag == PGPTAG_PUBLIC_KEY || pp->tag == PGPTAG_PUBLIC_SUBKEY))
1035  return -1;
1036 
1037  /* Choose the correct keyid. */
1038  switch (pp->u.h[0]) {
1039  default: return -1;
1040  case 3:
1041  { pgpPktKeyV3 v = (pgpPktKeyV3) (pp->u.h);
1042  const rpmuint8_t *se = (rpmuint8_t *)(v + 1);
1043  switch (v->pubkey_algo) {
1044  default: return -1;
1045  case PGPPUBKEYALGO_RSA:
1046  se += pgpMpiLen(se);
1047  memmove(keyid, (se-8), 8);
1048  /*@innerbreak@*/ break;
1049  }
1050  } break;
1051  case 4:
1052  { rpmuint8_t * d = NULL;
1053  size_t dlen = 0;
1054 
1055  switch (*pkt) {
1056  default: assert(0);
1057  case 0x99: case 0x98: case 0xb9: case 0xb8: break;
1058  }
1059 
1061  rpmuint8_t goop[3];
1062  goop[0] = 0x99;
1063  goop[1] = (pp->hlen >> 8) & 0xff;
1064  goop[2] = (pp->hlen ) & 0xff;
1065  (void) rpmDigestUpdate(ctx, goop, 3);
1066  (void) rpmDigestUpdate(ctx, pp->u.h, pp->hlen);
1067  (void) rpmDigestFinal(ctx, &d, &dlen, 0);
1068  }
1069  memmove(keyid, (d + (dlen-8)), 8);
1070  d = _free(d);
1071  } break;
1072  }
1073  rc = 0;
1074  return rc;
1075 }
1076 
1077 int pgpExtractPubkeyFingerprint(const char * b64pkt, rpmuint8_t * keyid)
1078 {
1079  const rpmuint8_t * pkt;
1080  size_t pktlen;
1081 
1082  if (b64decode(b64pkt, (void **)&pkt, &pktlen))
1083  return -1; /* on error */
1084  (void) pgpPubkeyFingerprint(pkt, (unsigned int)pktlen, keyid);
1085  pkt = _free(pkt);
1086  return 8; /* no. of bytes of pubkey signid */
1087 }
1088 
1089 int pgpPrtPkt(const rpmuint8_t * pkt, size_t pleft)
1090 {
1091  pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
1092  int rc = pgpPktLen(pkt, pleft, pp);
1093 
1094  if (rc < 0)
1095  return rc;
1096 
1097  switch (pp->tag) {
1098  case PGPTAG_SIGNATURE:
1099  rc = pgpPrtSig(pp);
1100  break;
1101  case PGPTAG_PUBLIC_KEY:
1102  /* Get the public key fingerprint. */
1103  if (_digp) {
1104 /*@-mods@*/
1105  if (!pgpPubkeyFingerprint(pkt, pp->pktlen, _digp->signid))
1106  _digp->saved |= PGPDIG_SAVED_ID;
1107  else
1108  memset(_digp->signid, 0, sizeof(_digp->signid));
1109 /*@=mods@*/
1110  }
1111  /*@fallthrough@*/
1112  case PGPTAG_PUBLIC_SUBKEY:
1113  rc = pgpPrtKey(pp);
1114  break;
1115  case PGPTAG_SECRET_KEY:
1116  case PGPTAG_SECRET_SUBKEY:
1117  rc = pgpPrtKey(pp);
1118  break;
1119  case PGPTAG_USER_ID:
1120  rc = pgpPrtUserID(pp);
1121  break;
1122  case PGPTAG_COMMENT:
1123  case PGPTAG_COMMENT_OLD:
1124  rc = pgpPrtComment(pp);
1125  break;
1126 
1127  case PGPTAG_RESERVED:
1131  case PGPTAG_SYMMETRIC_DATA:
1132  case PGPTAG_MARKER:
1133  case PGPTAG_LITERAL_DATA:
1134  case PGPTAG_TRUST:
1135  case PGPTAG_PHOTOID:
1136  case PGPTAG_ENCRYPTED_MDC:
1137  case PGPTAG_MDC:
1138  case PGPTAG_PRIVATE_60:
1139  case PGPTAG_PRIVATE_62:
1140  case PGPTAG_CONTROL:
1141  default:
1142  pgpPrtVal("", pgpTagTbl, (rpmuint8_t)pp->tag);
1143  pgpPrtHex("", pp->u.h, pp->hlen);
1144  pgpPrtNL();
1145  rc = 0;
1146  break;
1147  }
1148 
1149  return (rc ? -1 : (int)pp->pktlen);
1150 }
1151 
1152 /*@unchecked@*/
1154 
1156 {
1157  if (dig != NULL) {
1158  dig->signature.userid = _free(dig->signature.userid);
1159  dig->pubkey.userid = _free(dig->pubkey.userid);
1160  dig->build_sign = _free(dig->build_sign);
1161  dig->pubkey_algoN = NULL;
1162  dig->hash_algoN = NULL;
1163  memset(&dig->dops, 0, sizeof(dig->dops));
1164  memset(&dig->sops, 0, sizeof(dig->sops));
1165  dig->ppkts = _free(dig->ppkts);
1166  dig->npkts = 0;
1167  dig->signature.hash = NULL;
1168  dig->signature.hashlen = 0;
1169  dig->pubkey.hash = NULL;
1170  dig->pubkey.hashlen = 0;
1171 
1172  memset(&dig->signature, 0, sizeof(dig->signature));
1173  memset(&dig->pubkey, 0, sizeof(dig->pubkey));
1174 
1175  dig->md5 = _free(dig->md5);
1176  dig->md5len = 0;
1177  dig->sha1 = _free(dig->sha1);
1178  dig->sha1len = 0;
1179 
1180  pgpImplClean(dig->impl);
1181 
1182  }
1183 /*@-nullstate@*/
1184  return;
1185 /*@=nullstate@*/
1186 }
1187 
1188 const char * pgpHashAlgo2Name(uint32_t algo)
1189 {
1190  return pgpValStr(pgpHashTbl, (rpmuint8_t)algo);
1191 }
1192 
1193 const char * pgpPubkeyAlgo2Name(uint32_t algo)
1194 {
1195  return pgpValStr(pgpPubkeyTbl, (rpmuint8_t)algo);
1196 }
1197 
1199 {
1200  return pgpStrVal(pgpHashTbl, name);
1201 }
1202 
1204 {
1205  return pgpStrVal(pgpPubkeyTbl, name);
1206 }
1207 
1209 {
1210 pgpDigParams pubp = pgpGetPubkey(dig);
1211 pgpDigParams sigp = pgpGetSignature(dig);
1212  char * t, * te;
1213  int rc = 0;
1214 
1215  t = rpmExpand("%{?_build_sign}", NULL);
1216  if (!(t && *t)) {
1217  t = _free(t); /* coverity #1214094 */
1218  t = xstrdup("DSA");
1219  }
1220  dig->build_sign = t;
1221 
1222  if ((te = strrchr(t, '/')) != NULL)
1223  *te++ = '\0';
1224  else
1225  te = (!strcasecmp(t, "ECDSA") ? "SHA256" : "SHA1");
1226 
1227  dig->pubkey_algoN = t;
1228  dig->hash_algoN = te;
1229 
1230  if ((pubp->pubkey_algo = pgpPubkeyName2Algo(dig->pubkey_algoN)) == 0) {
1231  pubp->pubkey_algo = PGPPUBKEYALGO_DSA;
1232  sigp->hash_algo = PGPHASHALGO_SHA1;
1233  } else
1234  if ((sigp->hash_algo = pgpHashName2Algo(dig->hash_algoN)) == 0)
1235  sigp->hash_algo = PGPHASHALGO_SHA1;
1236 
1237  sigp->pubkey_algo = pubp->pubkey_algo;
1238  pubp->hash_algo = sigp->hash_algo;
1239 
1240  return rc;
1241 }
1242 
1243 static void pgpDigFini(void * __dig)
1244  /*@globals fileSystem, internalState @*/
1245  /*@modifies __dig, fileSystem, internalState @*/
1246 {
1247  pgpDig dig = (pgpDig) __dig;
1248 
1249  dig->sig = _free(dig->sig);
1250  dig->siglen = 0;
1251  dig->pub = _free(dig->pub);
1252  dig->publen = 0;
1253 
1254  /* XXX there's a recursion here ... release and reacquire the lock */
1255 #ifndef BUGGY
1256  yarnRelease(dig->_item.use);
1257 #endif
1258  /* Dump the signature/pubkey data. */
1259  pgpDigClean(dig);
1260 #ifndef BUGGY
1261  yarnPossess(dig->_item.use);
1262 #endif
1263 
1264  if (dig->hrsa != NULL)
1265  (void) rpmDigestFinal(dig->hrsa, NULL, NULL, 0);
1266  dig->hrsa = NULL;
1267 
1268  if (dig->hdsa != NULL)
1269  (void) rpmDigestFinal(dig->hdsa, NULL, NULL, 0);
1270  dig->hdsa = NULL;
1271 
1272  if (dig->hecdsa != NULL)
1273  (void) rpmDigestFinal(dig->hecdsa, NULL, NULL, 0);
1274  dig->hecdsa = NULL;
1275 
1276  if (dig->hsha != NULL)
1277  (void) rpmDigestFinal(dig->hsha, NULL, NULL, 0);
1278  dig->hsha = NULL;
1279 
1280 #ifdef NOTYET
1281  if (dig->hdrmd5ctx != NULL)
1282  (void) rpmDigestFinal(dig->hdrmd5ctx, NULL, NULL, 0);
1283  dig->hdrmd5ctx = NULL;
1284 #endif
1285 
1286  if (dig->md5ctx != NULL)
1287  (void) rpmDigestFinal(dig->md5ctx, NULL, NULL, 0);
1288  dig->md5ctx = NULL;
1289 
1290  dig->impl = pgpImplFree(dig->impl);
1291 
1292 }
1293 
1294 /*@unchecked@*/ /*@only@*/ /*@null@*/
1296 
1297 static pgpDig digGetPool(/*@null@*/ rpmioPool pool)
1298  /*@globals _digPool, fileSystem @*/
1299  /*@modifies pool, _digPool, fileSystem @*/
1300 {
1301  pgpDig dig;
1302 
1303  if (_digPool == NULL) {
1304  _digPool = rpmioNewPool("dig", sizeof(*dig), -1, _pgp_debug,
1305  NULL, NULL, pgpDigFini);
1306  pool = _digPool;
1307  }
1308 
1309  dig = (pgpDig) rpmioGetPool(pool, sizeof(*dig));
1310  memset(((char *)dig)+sizeof(dig->_item), 0, sizeof(*dig)-sizeof(dig->_item));
1311  return dig;
1312 }
1313 
1315 {
1316  pgpDig dig = pgpDigLink( digGetPool(_digPool) );
1317  pgpDigParams pubp = pgpGetPubkey(dig);
1318  pgpDigParams sigp = pgpGetSignature(dig);
1319  int xx;
1320 
1321  /* XXX FIXME: always set default flags, ignore the arg. */
1322  dig->vsflags = (vsflags != RPMVSF_DEFAULT ? vsflags : pgpDigVSFlags);
1323  dig->impl = pgpImplInit();
1324 
1325  /* XXX FIXME: always set default pubkey_algo, ignore the arg. */
1326  pubp->pubkey_algo = pubkey_algo;
1327  sigp->pubkey_algo = pubkey_algo;
1328 
1329  if (pubp->pubkey_algo) {
1330  xx = pgpDigSetAlgos(dig);
1331  xx = pgpImplGenerate(dig);
1332 assert(xx == 1);
1333  xx = pgpExportPubkey(dig);
1334  }
1335  return dig;
1336 }
1337 
1339 {
1340  int rc = 0; /* assume failure */
1341 
1342 #if defined(WITH_BEECRYPT)
1343  if (pgpImplVecs == &rpmbcImplVecs)
1344  rc = rpmbcExportPubkey(dig);
1345 #endif
1346 #if defined(WITH_SSL)
1347  if (pgpImplVecs == &rpmsslImplVecs)
1348  rc = rpmsslExportPubkey(dig);
1349 #endif
1350 #if defined(WITH_NSS)
1351  if (pgpImplVecs == &rpmnssImplVecs)
1352  rc = rpmnssExportPubkey(dig);
1353 #endif
1354 #if defined(WITH_GCRYPT)
1355  if (pgpImplVecs == &rpmgcImplVecs)
1356  rc = rpmgcExportPubkey(dig);
1357 #endif
1358 #if defined(WITH_TOMCRYPT)
1359  if (pgpImplVecs == &rpmltcImplVecs)
1360  rc = rpmltcExportPubkey(dig);
1361 #endif
1362  return rc;
1363 }
1364 
1366 {
1367  int rc = 0; /* assume failure */
1368 
1369 #if defined(WITH_BEECRYPT)
1370  if (pgpImplVecs == &rpmbcImplVecs)
1371  rc = rpmbcExportSignature(dig, ctx);
1372 #endif
1373 #if defined(WITH_SSL)
1374  if (pgpImplVecs == &rpmsslImplVecs)
1375  rc = rpmsslExportSignature(dig, ctx);
1376 #endif
1377 #if defined(WITH_NSS)
1378  if (pgpImplVecs == &rpmnssImplVecs)
1379  rc = rpmnssExportSignature(dig, ctx);
1380 #endif
1381 #if defined(WITH_GCRYPT)
1382  if (pgpImplVecs == &rpmgcImplVecs)
1383  rc = rpmgcExportSignature(dig, ctx);
1384 #endif
1385 #if defined(WITH_TOMCRYPT)
1386  if (pgpImplVecs == &rpmltcImplVecs)
1387  rc = rpmltcExportSignature(dig, ctx);
1388 #endif
1389  return rc;
1390 }
1391 
1393 {
1394  return (dig ? &dig->signature : NULL);
1395 }
1396 
1398 {
1399  return (dig ? &dig->pubkey : NULL);
1400 }
1401 
1403 {
1404  return (dig ? dig->sigtag : 0);
1405 }
1406 
1408 {
1409  return (dig ? dig->sigtype : 0);
1410 }
1411 
1412 const void * pgpGetSig(pgpDig dig)
1413 {
1414  return (dig ? dig->sig : NULL);
1415 }
1416 
1418 {
1419  return (dig ? dig->siglen : 0);
1420 }
1421 
1423  rpmuint32_t sigtag, rpmuint32_t sigtype, const void * sig, rpmuint32_t siglen)
1424 {
1425  if (dig != NULL) {
1426  dig->sigtag = sigtag;
1427  dig->sigtype = (sig ? sigtype : 0);
1428 /*@-assignexpose -kepttrans@*/
1429  dig->sig = sig;
1430 /*@=assignexpose =kepttrans@*/
1431  dig->siglen = siglen;
1432  }
1433  return 0;
1434 }
1435 
1436 void * pgpStatsAccumulator(pgpDig dig, int opx)
1437 {
1438  void * sw = NULL;
1439  switch (opx) {
1440  case 10: /* RPMTS_OP_DIGEST */
1441  sw = &dig->dops;
1442  break;
1443  case 11: /* RPMTS_OP_SIGNATURE */
1444  sw = &dig->sops;
1445  break;
1446  }
1447  return sw;
1448 }
1449 
1451  int (*findPubkey) (void *ts, /*@null@*/ void *dig), void * _ts)
1452 {
1453  if (dig) {
1454 /*@-assignexpose@*/
1455  dig->findPubkey = findPubkey;
1456 /*@=assignexpose@*/
1457 /*@-dependenttrans@*/
1458  dig->_ts = _ts;
1459 /*@=dependenttrans@*/
1460  }
1461  return 0;
1462 }
1463 
1465 {
1466  int rc = 1; /* XXX RPMRC_NOTFOUND */
1467  if (dig && dig->findPubkey && dig->_ts)
1468  rc = (*dig->findPubkey) (dig->_ts, dig);
1469  return rc;
1470 }
1471 
1472 int pgpGrabPkts(const rpmuint8_t * pkts, size_t pktlen,
1473  /*@out@*/ rpmuint8_t *** pppkts, /*@out@*/ int * pnpkts)
1474  /*@modifies *pppkts, *pnpkts @*/
1475 {
1476  pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
1477  const rpmuint8_t * p;
1478  size_t pleft;
1479  size_t len;
1480  int npkts = 0;
1481  rpmuint8_t ** ppkts;
1482 
1483  for (p = pkts, pleft = pktlen; p < (pkts + pktlen); p += len, pleft -= len) {
1484  if (pgpPktLen(p, pleft, pp) < 0)
1485  return -1;
1486  len = pp->pktlen;
1487  npkts++;
1488  }
1489  if (npkts <= 0)
1490  return -2;
1491 
1492  ppkts = (rpmuint8_t **) xcalloc(npkts+1, sizeof(*ppkts));
1493 
1494  npkts = 0;
1495  for (p = pkts, pleft = pktlen; p < (pkts + pktlen); p += len, pleft -= len) {
1496 
1497  if (pgpPktLen(p, pleft, pp) < 0) {
1498  if (ppkts) ppkts = _free(ppkts);
1499  return -1;
1500  }
1501  len = pp->pktlen;
1502  ppkts[npkts++] = (rpmuint8_t *) p;
1503  }
1504  ppkts[npkts] = NULL;
1505 
1506  if (pppkts != NULL)
1507  *pppkts = ppkts;
1508  else
1509  ppkts = _free(ppkts);
1510 
1511  if (pnpkts != NULL)
1512  *pnpkts = npkts;
1513 
1514  return 0;
1515 }
1516 
1517 /*@-globstate -incondefs -nullderef @*/ /* _dig annotations are not correct. */
1518 int pgpPrtPkts(const rpmuint8_t * pkts, size_t pktlen, pgpDig dig, int printing)
1519  /*@globals _dig, _digp, _pgp_print @*/
1520  /*@modifies _dig, _digp, *_digp, _pgp_print @*/
1521 {
1522  pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
1523  unsigned int val = (unsigned int)*pkts;
1524  size_t pleft;
1525  int len;
1526  rpmuint8_t ** ppkts = NULL;
1527  int npkts;
1528  int i;
1529 
1530  _pgp_print = printing;
1531  _dig = pgpDigLink(dig);
1532  if (dig != NULL && (val & 0x80)) {
1533  pgpTag tag = (pgpTag)((val & 0x40) ? (val & 0x3f) : ((val >> 2) & 0xf));
1534  _digp = (tag == PGPTAG_SIGNATURE) ? &_dig->signature : &_dig->pubkey;
1535  _digp->tag = (rpmuint8_t)tag;
1536  } else
1537  _digp = NULL;
1538 
1539  if (pgpGrabPkts(pkts, pktlen, &ppkts, &npkts) || ppkts == NULL) {
1540  _dig = pgpDigFree(_dig);
1541  return -1;
1542  }
1543 
1544  if (ppkts != NULL)
1545  for (i = 0, pleft = pktlen; i < npkts; i++, pleft -= len) {
1546  len = pgpPktLen(ppkts[i], pleft, pp);
1547  len = pgpPrtPkt(ppkts[i], pp->pktlen);
1548  }
1549 
1550  if (dig != NULL) {
1551  dig->ppkts = _free(dig->ppkts); /* XXX memory leak plugged. */
1552  dig->ppkts = ppkts;
1553  dig->npkts = npkts;
1554  } else
1555  ppkts = _free(ppkts);
1556 
1557  (void) pgpDigFree(_dig);
1558  _dig = NULL;
1559 
1560  return 0;
1561 }
1562 /*@=globstate =incondefs =nullderef @*/
1563 
1564 pgpArmor pgpArmorUnwrap(rpmiob iob, rpmuint8_t ** pkt, size_t * pktlen)
1565 {
1566  const char * enc = NULL;
1567  const char * crcenc = NULL;
1568  rpmuint8_t * dec;
1569  rpmuint8_t * crcdec;
1570  size_t declen;
1571  size_t crclen;
1572  rpmuint32_t crcpkt, crc;
1573  const char * armortype = NULL;
1574  char * t, * te;
1575  int pstate = 0;
1576  pgpArmor ec = PGPARMOR_ERR_NO_BEGIN_PGP; /* XXX assume failure */
1577  pgpTag tag = (pgpTag)0;
1578  int rc;
1579 
1580  if (iob == NULL)
1581  goto exit;
1582 
1583  /* Read unarmored packets. */
1584  if (pgpIsPkt(iob->b, &tag)) {
1585  switch (tag) {
1586  default: ec = PGPARMOR_NONE; break;
1587  case PGPTAG_PUBLIC_KEY: ec = PGPARMOR_PUBKEY; break;
1588  case PGPTAG_SIGNATURE: ec = PGPARMOR_SIGNATURE; break;
1589 #ifdef NOTYET
1590  case PGPTAG_SECRET_KEY: ec = PGPARMOR_SECKEY; break;
1591  case PGPTAG_FOO: ec = PGPARMOR_MESSAGE; break;
1592  case PGPTAG_FOO: ec = PGPARMOR_SIGNED_MESSAGE; break;
1593  case PGPTAG_FOO: ec = PGPARMOR_FILE; break;
1594  case PGPTAG_FOO: ec = PGPARMOR_PRIVKEY; break;
1595 #endif
1596  }
1597  if (ec != PGPARMOR_NONE) {
1598  pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
1599 #ifdef DYING
1600  /* XXX Truncate blen to actual no. of octets in first packet. */
1601  iob->blen = pgpPktLen(iob->b, iob->blen, pp);
1602 #else
1603  (void) pgpPktLen(iob->b, iob->blen, pp);
1604 #endif
1605  }
1606  goto exit;
1607  }
1608 
1609 #define TOKEQ(_s, _tok) (!strncmp((_s), (_tok), sizeof(_tok)-1))
1610 
1611  /* Read armored packets, converting to binary. */
1612  for (t = (char *)iob->b; t && *t; t = te) {
1613  if ((te = strchr(t, '\n')) == NULL)
1614  te = t + strlen(t);
1615  else
1616  te++;
1617 
1618  switch (pstate) {
1619  case 0:
1620  armortype = NULL;
1621  if (!TOKEQ(t, "-----BEGIN PGP "))
1622  continue;
1623  t += sizeof("-----BEGIN PGP ")-1;
1624 
1625  rc = pgpValTok(pgpArmorTbl, t, te);
1626  if (rc < 0) {
1628  goto exit;
1629  }
1630  /* XXX Ignore clear signed message start. */
1631  if (rc == PGPARMOR_SIGNED_MESSAGE)
1632  continue;
1633  ec = (pgpArmor)rc; /* Save the packet type as exit code. */
1634  armortype = t;
1635 
1636  t = strchr(t, '\n');
1637  if (t == NULL)
1638  continue;
1639  if (t[-1] == '\r')
1640  --t;
1641  t -= (sizeof("-----")-1);
1642  if (!TOKEQ(t, "-----"))
1643  continue;
1644  *t = '\0';
1645  pstate++;
1646  /*@switchbreak@*/ break;
1647  case 1:
1648  enc = NULL;
1649  rc = pgpValTok(pgpArmorKeyTbl, t, te);
1650  if (rc >= 0)
1651  continue;
1652  if (!(*t == '\n' || *t == '\r')) {
1653  pstate = 0;
1654  continue;
1655  }
1656  enc = te; /* Start of encoded packets */
1657  pstate++;
1658  /*@switchbreak@*/ break;
1659  case 2:
1660  crcenc = NULL;
1661  if (*t != '=')
1662  continue;
1663  *t++ = '\0'; /* Terminate encoded packets */
1664  crcenc = t; /* Start of encoded crc */
1665  pstate++;
1666  /*@switchbreak@*/ break;
1667  case 3:
1668  pstate = 0;
1669  if (!TOKEQ(t, "-----END PGP ")) {
1671  goto exit;
1672  }
1673  *t = '\0'; /* Terminate encoded crc */
1674  t += sizeof("-----END PGP ")-1;
1675  if (t >= te) continue;
1676 
1677  if (armortype == NULL) /* XXX can't happen */
1678  continue;
1679  rc = strncmp(t, armortype, strlen(armortype));
1680  if (rc)
1681  continue;
1682 
1683  t += strlen(armortype);
1684  if (t >= te) continue;
1685 
1686  if (!TOKEQ(t, "-----")) {
1688  goto exit;
1689  }
1690  t += (sizeof("-----")-1);
1691  if (t >= te) continue;
1692  /* XXX permitting \r here is not RFC-2440 compliant <shrug> */
1693  if (!(*t == '\n' || *t == '\r')) continue;
1694 
1695  crcdec = NULL;
1696  crclen = 0;
1697  if (b64decode(crcenc, (void **)&crcdec, &crclen) != 0) {
1699  goto exit;
1700  }
1701  crcpkt = pgpGrab(crcdec, crclen);
1702  crcdec = _free(crcdec);
1703  dec = NULL;
1704  declen = 0;
1705  if (b64decode(enc, (void **)&dec, &declen) != 0) {
1707  goto exit;
1708  }
1709  crc = pgpCRC(dec, declen);
1710  if (crcpkt != crc) {
1712  dec = _free(dec); /* XXX coverity #1035921 */
1713  declen = 0;
1714  goto exit;
1715  }
1716  iob->b = _free(iob->b);
1717  iob->b = dec;
1718  iob->blen = declen;
1719  dec = NULL;
1720  declen = 0;
1721  goto exit;
1722  /*@notreached@*/ /*@switchbreak@*/ break;
1723  }
1724  }
1725  ec = PGPARMOR_NONE;
1726 
1727 exit:
1728  if (ec > PGPARMOR_NONE) {
1729  if (pkt) *pkt = iob->b;
1730  if (pktlen) *pktlen = iob->blen;
1731  iob->b = NULL; /* XXX iob->b has been stolen */
1732  } else {
1733  if (pkt) *pkt = NULL;
1734  if (pktlen) *pktlen = 0;
1735  }
1736  return ec;
1737 }
1738 
1739 pgpArmor pgpReadPkts(const char * fn, rpmuint8_t ** pkt, size_t * pktlen)
1740 {
1741  rpmiob iob = NULL;
1742  pgpArmor ec = !rpmiobSlurp(fn, &iob)
1743  ? pgpArmorUnwrap(iob, pkt, pktlen)
1745  iob = rpmiobFree(iob);
1746  return ec;
1747 }
1748 
1749 char * pgpArmorWrap(rpmuint8_t atype, const unsigned char * s, size_t ns)
1750 {
1751  const char * enc;
1752  char * t;
1753  size_t nt;
1754  char * val;
1755  int lc;
1756 
1757  nt = ((ns + 2) / 3) * 4;
1758  /*@-globs@*/
1759  /* Add additional bytes necessary for eol string(s). */
1760  if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) {
1761  lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line;
1762  if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0)
1763  ++lc;
1764  nt += lc * strlen(b64encode_eolstr);
1765  }
1766  /*@=globs@*/
1767 
1768  nt += 512; /* XXX slop for armor and crc */
1769 
1770  val = t = (char *) xmalloc(nt + 1);
1771  *t = '\0';
1772  t = stpcpy(t, "-----BEGIN PGP ");
1773  t = stpcpy(t, pgpValStr(pgpArmorTbl, atype));
1774  /*@-globs@*/
1775  t = stpcpy( stpcpy(t, "-----\nVersion: RPM "), VERSION);
1776  /*@=globs@*/
1777 
1778  if (pgpImplVecs->_pgpNV && pgpImplVecs->_pgpNV[0]) {
1779  t = stpcpy(t, " (");
1780  t = stpcpy(t, pgpImplVecs->_pgpNV);
1781  t = stpcpy(t, ")");
1782  }
1783 
1784  t = stpcpy(t, "\n\n");
1785 
1786  if ((enc = b64encode(s, ns)) != NULL) {
1787  t = stpcpy(t, enc);
1788  enc = _free(enc);
1789  if ((enc = b64crc(s, ns)) != NULL) {
1790  *t++ = '=';
1791  t = stpcpy(t, enc);
1792  enc = _free(enc);
1793  }
1794  }
1795 
1796  t = stpcpy(t, "-----END PGP ");
1797  t = stpcpy(t, pgpValStr(pgpArmorTbl, atype));
1798  t = stpcpy(t, "-----\n");
1799 
1800 /*@-globstate@*/ /* XXX b64encode_eolstr needs annotation. */
1801  return val;
1802 /*@=globstate@*/
1803 }
1804 
1805 pgpHashAlgo pgpHashAlgoStringToNumber(const char *name, size_t name_len)
1806 {
1807  size_t i;
1808 
1809  if (name == NULL)
1810  return (pgpHashAlgo) -1;
1811  if (name_len == 0)
1812  name_len = strlen(name);
1813  for (i = 0; i < sizeof(pgpHashTbl)/sizeof(pgpHashTbl[0]); i++)
1814  if (xstrncasecmp(name, pgpHashTbl[i].str, name_len) == 0)
1815  return (pgpHashAlgo) pgpHashTbl[i].val;
1816  return PGPHASHALGO_ERROR;
1817 }
1818 
static const char * pgpSigDSA[]
Definition: rpmpgp.c:435
rpmuint8_t pubkey_algo
Definition: rpmpgp.h:722
const char const double d
Definition: bson.h:800
static int pgpValTok(pgpValTbl vs, const char *s, const char *se)
Return value of an OpenPGP string.
Definition: rpmpgp.h:1222
static void pgpPrtInt(const char *pre, int i)
Definition: rpmpgp.c:272
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
Definition: rpmpgp.c:1397
rpmuint8_t sigtype
Definition: rpmpgp.h:378
5.5.1.
Definition: rpmpgp.h:681
const rpmuint8_t * pgpPrtPubkeyParams(pgpDig dig, const pgpPkt pp, pgpPubkeyAlgo pubkey_algo, const rpmuint8_t *p)
Definition: rpmpgp.c:715
pgpImplVecs_t * pgpImplVecs
Definition: rpmpgp.c:51
struct pgpImplVecs_s rpmbcImplVecs
Definition: rpmbc.c:695
rpmuint8_t hash_algo
Definition: rpmpgp.h:380
int pgpSetFindPubkey(pgpDig dig, int(*findPubkey)(void *ts, void *dig), void *_ts)
Set find pubkey vector.
Definition: rpmpgp.c:1450
static const char * pgpValStr(pgpValTbl vs, rpmuint8_t val)
Return string representation of an OpenPGP value.
Definition: rpmpgp.h:1159
static const rpmuint8_t * pgpPrtSeckeyParams(const pgpPkt pp, rpmuint8_t pubkey_algo, const rpmuint8_t *p)
Definition: rpmpgp.c:816
pgpDig pgpDigFree(pgpDig dig)
Destroy a container for parsed OpenPGP packates.
static unsigned int pgpCRC(const rpmuint8_t *octets, size_t len)
Return CRC of a buffer.
Definition: rpmpgp.h:1673
const char const char size_t len
Definition: bson.h:823
const char bson_timestamp_t * ts
Definition: bson.h:1004
rpmuint32_t pgpGetSiglen(pgpDig dig)
Get signature tag data length, i.e.
Definition: rpmpgp.c:1417
int pgpPktLen(const rpmuint8_t *pkt, size_t pleft, pgpPkt pp)
Definition: rpmpgp.c:999
void yarnPossess(yarnLock bolt)
Definition: yarn.c:262
const void * pgpGetSig(pgpDig dig)
Get signature tag data, i.e.
Definition: rpmpgp.c:1412
char * xstrdup(const char *str)
Definition: rpmmalloc.c:321
struct pgpValTbl_s pgpCompressionTbl[]
Compression (string, value) pairs.
Definition: rpmpgp.c:148
struct pgpDigParams_s * pgpDigParams
Definition: rpmiotypes.h:101
static unsigned int pgpLen(const rpmuint8_t *s, unsigned int *lenp)
Return length of an OpenPGP packet.
Definition: rpmpgp.h:1053
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest context.
Definition: digest.c:247
int rpmgcExportSignature(pgpDig dig, DIGEST_CTX ctx)
int pgpExtractPubkeyFingerprint(const char *b64pkt, rpmuint8_t *keyid)
Extract OpenPGP public key fingerprint from base64 encoded packet.
Definition: rpmpgp.c:1077
struct pgpValTbl_s pgpHashTbl[]
Hash (string, value) pairs.
Definition: rpmpgp.c:156
struct pgpValTbl_s pgpArmorKeyTbl[]
Armor key (string, value) pairs.
Definition: rpmpgp.c:255
int xstrncasecmp(const char *s1, const char *s2, size_t n)
Locale insensitive strncasecmp(3).
Definition: strcasecmp.c:30
static unsigned int pgpGrab(const rpmuint8_t *s, size_t nbytes)
Return (native-endian) integer from big-endian representation.
Definition: rpmpgp.h:1036
enum pgpHashAlgo_e pgpHashAlgo
9.4.
pgpImplVecs_t rpmltcImplVecs
Implementation specific parameter storage.
int pgpDigSetAlgos(pgpDig dig)
Definition: rpmpgp.c:1208
static const char * pgpPublicELGAMAL[]
Definition: rpmpgp.c:699
#define VERSION
Definition: config.h:1306
static rpmVSFlags vsflags
Definition: rpmcache.c:547
char * pgpArmorWrap(rpmuint8_t atype, const unsigned char *s, size_t ns)
Wrap a OpenPGP packets in ascii armor for transport.
Definition: rpmpgp.c:1749
int pgpSetSig(pgpDig dig, rpmuint32_t sigtag, rpmuint32_t sigtype, const void *sig, rpmuint32_t siglen)
Set signature tag info, i.e.
Definition: rpmpgp.c:1422
5.2.3.
Definition: rpmpgp.h:376
rpmiob rpmiobFree(rpmiob iob)
Destroy a I/O buffer instance.
rpmuint8_t pgpPubkeyName2Algo(const char *name)
Definition: rpmpgp.c:1203
enum pgpSigType_e pgpSigType
5.2.1.
pgpDig pgpDigLink(pgpDig dig)
Reference a signature parameters instance.
rpmuint8_t pubkey_algo
Definition: rpmpgp.h:379
static int pgpImplGenerate(pgpDig dig)
Definition: rpmpgp.h:1878
pgpImplVecs_t rpmnssImplVecs
struct pgpValTbl_s pgpTagTbl[]
Definition: rpmpgp.c:218
static const char * pgpPublicECDH[]
Definition: rpmpgp.c:685
const char * pgpPubkeyAlgo2Name(uint32_t algo)
Definition: rpmpgp.c:1193
pgpArmor pgpArmorUnwrap(rpmiob iob, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from an iob.
Definition: rpmpgp.c:1564
int pgpExportPubkey(pgpDig dig)
Definition: rpmpgp.c:1338
int rpmltcExportPubkey(pgpDig dig)
int rpmiobSlurp(const char *fn, rpmiob *iobp)
Definition: rpmiob.c:129
5.2.2.
Definition: rpmpgp.h:344
static void pgpDigFini(void *__dig)
Definition: rpmpgp.c:1243
static const char * pgpPublicRSA[]
Definition: rpmpgp.c:636
char * alloca()
static int pgpIsPkt(const rpmuint8_t *p, pgpTag *tagp)
Is buffer at beginning of an OpenPGP packet?
Definition: rpmpgp.h:1612
rpmuint8_t hashlen
Definition: rpmpgp.h:346
const char * str
Definition: bson.h:593
rpmuint32_t pgpGetSigtype(pgpDig dig)
Get signature tag type.
Definition: rpmpgp.c:1407
pgpArmor pgpReadPkts(const char *fn, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from a file.
Definition: rpmpgp.c:1739
static void * pgpImplFree(void *impl)
Definition: rpmpgp.h:1911
static void * pgpImplInit(void)
Definition: rpmpgp.h:1920
unsigned int rpmuint32_t
Definition: rpmiotypes.h:28
pgpVSFlags pgpDigVSFlags
Disabler bits(s) for signature/digest checking.
Definition: rpmpgp.c:1153
static int crc(FD_t fd, uint32_t *cval, uint32_t *clen)
Definition: rpmmtree.c:515
void * xcalloc(size_t nmemb, size_t size)
Definition: rpmmalloc.c:300
int pgpPrtPkt(const rpmuint8_t *pkt, size_t pleft)
Return lenth of a OpenPGP packet.
Definition: rpmpgp.c:1089
int _pgp_print
Definition: rpmpgp.c:45
const char const bson_bool_t v
Definition: bson.h:919
struct pgpPktSigV4_s * pgpPktSigV4
5.2.3.
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
Definition: digest.c:986
int pgpFindPubkey(pgpDig dig)
Call find pubkey vector.
Definition: rpmpgp.c:1464
rpmioItem rpmioGetPool(rpmioPool pool, size_t size)
Get unused item from pool, or alloc a new item.
Definition: rpmmalloc.c:220
struct pgpValTbl_s pgpSymkeyTbl[]
Symmetric key (string, value) pairs.
Definition: rpmpgp.c:129
rpmioPool _digPool
Definition: rpmpgp.c:1295
int pgpPrtSigParams(pgpDig dig, const pgpPkt pp, pgpPubkeyAlgo pubkey_algo, pgpSigType sigtype, const rpmuint8_t *p)
Definition: rpmpgp.c:449
rpmuint8_t version
Definition: rpmpgp.h:720
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
Definition: rpmiotypes.h:26
static const char * pgpMpiStr(const rpmuint8_t *p)
Return hex formatted representation of a multiprecision integer.
Definition: rpmpgp.h:1140
enum pgpVSFlags_e pgpVSFlags
Bit(s) to control digest and signature verification.
struct pgpPkt_s * pgpPkt
Definition: rpmiotypes.h:93
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
Definition: rpmpgp.c:1392
int _pgp_error_count
Definition: rpmpgp.c:48
int rpmsslExportSignature(pgpDig dig, DIGEST_CTX ctx)
rpmuint8_t valid[2]
Definition: rpmpgp.h:684
struct pgpValTbl_s pgpArmorTbl[]
Armor (string, value) pairs.
Definition: rpmpgp.c:244
rpmuint32_t pgpGetSigtag(pgpDig dig)
Get signature tag.
Definition: rpmpgp.c:1402
Digest private data.
Definition: digest.c:130
struct pgpDig_s * pgpDig
Definition: rpmiotypes.h:97
pgpImplVecs_t rpmsslImplVecs
Implementation specific parameter storage.
struct pgpValTbl_s pgpSubTypeTbl[]
Subtype (string, value) pairs.
Definition: rpmpgp.c:178
rpmuint8_t sigtype
Definition: rpmpgp.h:347
int rpmgcExportPubkey(pgpDig dig)
rpmuint8_t version
Definition: rpmpgp.h:345
static rpmuint8_t pgpStrVal(pgpValTbl vs, const char *str)
Return byte value of an OpenPGP string.
Definition: rpmpgp.h:1204
static void pgpPrtHex(const char *pre, const rpmuint8_t *p, size_t plen)
Definition: rpmpgp.c:292
rpmuint8_t time[4]
Definition: rpmpgp.h:683
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
Definition: macro.c:3238
pgpHashAlgo pgpHashAlgoStringToNumber(const char *name, size_t name_len)
Convert a hash algorithm "foo" to the internal PGPHASHALGO_FOO number.
Definition: rpmpgp.c:1805
void pgpDigClean(pgpDig dig)
Release (malloc'd) data from container.
Definition: rpmpgp.c:1155
struct pgpPktKeyV4_s * pgpPktKeyV4
The version 4 format is similar to the version 3 format except for the absence of a validity period...
int _pgp_debug
Definition: rpmpgp.c:42
static void pgpPrtStr(const char *pre, const char *s)
Definition: rpmpgp.c:282
static const char * pgpPublicECDSA[]
Definition: rpmpgp.c:671
void yarnRelease(yarnLock bolt)
Definition: yarn.c:270
int rpmbcExportSignature(pgpDig dig, DIGEST_CTX ctx)
Definition: rpmbc.c:818
struct pgpValTbl_s pgpSigTypeTbl[]
Definition: rpmpgp.c:97
int pgpGrabPkts(const rpmuint8_t *pkts, size_t pktlen, rpmuint8_t ***pppkts, int *pnpkts)
Return array of packet pointers.
Definition: rpmpgp.c:1472
struct pgpValTbl_s pgpPubkeyTbl[]
Definition: rpmpgp.c:116
enum pgpPubkeyAlgo_e pgpPubkeyAlgo
9.1.
rpmuint8_t time[4]
Definition: rpmpgp.h:721
pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
Create a container for parsed OpenPGP packates.
Definition: rpmpgp.c:1314
static unsigned int pgpMpiLen(const rpmuint8_t *p)
Return no.
Definition: rpmpgp.h:1087
int pgpPrtSubType(const rpmuint8_t *h, size_t hlen, pgpSigType sigtype)
Definition: rpmpgp.c:312
const char const int i
Definition: bson.h:778
int pgpPrtComment(const pgpPkt pp)
Definition: rpmpgp.c:970
static void pgpImplClean(void *impl)
Definition: rpmpgp.h:1899
rpmioPool rpmioNewPool(const char *name, size_t size, int limit, int flags, char *(*dbg)(void *item), void(*init)(void *item), void(*fini)(void *item))
Create a memory pool.
Definition: rpmmalloc.c:109
static pgpDig digGetPool(rpmioPool pool)
Definition: rpmpgp.c:1297
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
Definition: rpmpgp.c:1029
char * stpcpy(char *dest, const char *src)
struct pgpPktSigV3_s * pgpPktSigV3
5.2.2.
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Definition: rpmiotypes.h:756
struct rpmiob_s * rpmiob
Definition: rpmiotypes.h:60
int pgpPrtUserID(const pgpPkt pp)
Definition: rpmpgp.c:953
static const char * pgpPublicDSA[]
Definition: rpmpgp.c:654
int rpmsslExportPubkey(pgpDig dig)
rpmuint8_t signhash16[2]
Definition: rpmpgp.h:352
pgpImplVecs_t rpmgcImplVecs
Implementation specific parameter storage.
rpmuint8_t time[4]
Definition: rpmpgp.h:348
enum pgpArmor_e pgpArmor
const char * _pgpNV
Definition: rpmpgp.h:1746
enum pgpTag_e pgpTag
4.3.
int val
Definition: rpmpgp.h:120
rpmuint8_t version
Definition: rpmpgp.h:377
struct pgpValTbl_s pgpKeyServerPrefsTbl[]
Definition: rpmpgp.c:172
const char * pgpHashAlgo2Name(uint32_t algo)
Definition: rpmpgp.c:1188
int pgpPrtPkts(const rpmuint8_t *pkts, size_t pktlen, pgpDig dig, int printing)
Print/parse a OpenPGP packet(s).
Definition: rpmpgp.c:1518
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
Definition: digest.c:1000
static const char * name
rpmuint8_t version
Definition: rpmpgp.h:682
#define xmalloc
Definition: system.h:32
rpmuint8_t pubkey_algo
Definition: rpmpgp.h:350
int rpmnssExportSignature(pgpDig dig, DIGEST_CTX ctx)
rpmuint8_t hash_algo
Definition: rpmpgp.h:351
static int pgpImplMpiItem(const char *pre, pgpDig dig, int itemno, const rpmuint8_t *p, const rpmuint8_t *pend)
Definition: rpmpgp.h:1889
int rpmltcExportSignature(pgpDig dig, DIGEST_CTX ctx)
int rpmbcExportPubkey(pgpDig dig)
Definition: rpmbc.c:710
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.
Definition: rpmpgp.h:1124
#define TOKEQ(_s, _tok)
rpmuint8_t hashlen[2]
Definition: rpmpgp.h:381
static const char * pgpSigRSA[]
Definition: rpmpgp.c:429
void * pgpStatsAccumulator(pgpDig dig, int opx)
Return pgpDig container accumulator structure.
Definition: rpmpgp.c:1436
rpmuint8_t pubkey_algo
Definition: rpmpgp.h:685
struct pgpPktKeyV3_s * pgpPktKeyV3
5.5.1.
static const char * pgpSigECDSA[]
Definition: rpmpgp.c:442
The version 4 format is similar to the version 3 format except for the absence of a validity period...
Definition: rpmpgp.h:719
int pgpPrtSig(const pgpPkt pp)
Definition: rpmpgp.c:525
static void pgpPrtNL(void)
Definition: rpmpgp.c:264
rpmuint8_t pgpHashName2Algo(const char *name)
Definition: rpmpgp.c:1198
rpmuint8_t signid[8]
Definition: rpmpgp.h:349
int pgpPrtKey(const pgpPkt pp)
Definition: rpmpgp.c:892
int rpmnssExportPubkey(pgpDig dig)
int pgpExportSignature(pgpDig dig, DIGEST_CTX ctx)
Definition: rpmpgp.c:1365
int j
Definition: mongo.h:438
void pgpPrtVal(const char *pre, pgpValTbl vs, rpmuint8_t val)
Print an OpenPGP value.
Definition: rpmpgp.c:302
static pgpDigParams _digp
Definition: rpmpgp.c:86
const char * ns
Definition: mongo.h:326