8 #define _RPMIOB_INTERNAL
13 #define _RPMPGP_INTERNAL
40 #if defined(USE_CRYPTO_BEECRYPT) && defined(WITH_BEECRYPT)
42 #elif defined(USE_CRYPTO_GCRYPT) && defined(WITH_GCRYPT)
44 #elif defined(USE_CRYPTO_NSS) && defined(WITH_NSS)
46 #elif defined(USE_CRYPTO_OPENSSL) && defined(WITH_SSL)
48 #elif defined(USE_CRYPTO_CDSA) && defined(WITH_CDSA)
50 #elif defined(USE_CRYPTO_TOMCRYPT) && defined(WITH_TOMCRYPT)
53 #elif defined(WITH_BEECRYPT)
55 #elif defined(WITH_NSS)
57 #elif defined(WITH_GCRYPT)
59 #elif defined(WITH_SSL)
61 #elif defined(WITH_CDSA)
63 #elif defined(WITH_TOMCRYPT)
66 #error INTERNAL ERROR: no suitable Cryptography library available
100 { -1,
"SIG_UNKNOWN" },
113 { -1,
"KEY_UNKNOWN" },
132 { -1,
"SYM_UNKNOWN" },
140 { -1,
"Unknown compression algorithm" },
154 { -1,
"MD_UNKNOWN" },
160 { 0x80,
"No-modify" },
161 { -1,
"Unknown key server preference" },
202 { -1,
"Unknown signature subkey type" },
223 {
PGPTAG_MDC,
"Manipulaion detection code packet" },
228 { -1,
"TAG_UNKNOWN" },
239 { -1,
"Unknown armor block" }
248 { -1,
"Unknown armor key" }
255 if (!_pgp_print)
return;
263 if (!_pgp_print)
return;
273 if (!_pgp_print)
return;
283 if (!_pgp_print)
return;
293 if (!_pgp_print)
return;
313 fprintf(stderr,
" *CRITICAL*");
316 for (i = 1; i < plen; i++)
320 for (i = 1; i < plen; i++)
324 for (i = 1; i < plen; i++)
328 for (i = 1; i < plen; i++)
329 pgpPrtVal(
" ", pgpKeyServerPrefsTbl, p[i]);
333 if (_digp && !(_digp->saved & PGPDIG_SAVED_TIME) &&
336 _digp->saved |= PGPDIG_SAVED_TIME;
337 memcpy(_digp->time, p+1,
sizeof(_digp->time));
340 if ((plen - 1) == 4) {
343 fprintf(stderr,
" %-24.24s(0x%08x)", ctime(&t), (
unsigned)t);
349 if ((plen - 1) == 4) {
351 if (_digp->saved & PGPDIG_SAVED_TIME)
352 t +=
pgpGrab(_digp->time,
sizeof(_digp->time));
354 fprintf(stderr,
" %-24.24s(0x%08x)", ctime(&t), (
unsigned)t);
361 if (_digp && !(_digp->saved & PGPDIG_SAVED_ID) &&
364 _digp->saved |= PGPDIG_SAVED_ID;
365 memcpy(_digp->signid, p+1,
sizeof(_digp->signid));
436 for (i = 0; p < pend; i++, p +=
pgpMpiLen(p)) {
529 fprintf(stderr,
" %-24.24s(0x%08x)", ctime(&
t), (
unsigned)
t);
536 if (_digp && _digp->pubkey_algo == (
rpmuint8_t)0) {
538 _digp->hashlen = (size_t) v->
hashlen;
541 memcpy(_digp->time, v->
time,
sizeof(_digp->time));
542 memcpy(_digp->signid, v->
signid,
sizeof(_digp->signid));
545 memcpy(_digp->signhash16, v->
signhash16,
sizeof(_digp->signhash16));
565 if ((p + plen) > (pp->u.h + pp->hlen))
568 if (_pgp_debug && _pgp_print)
570 if (_digp && _digp->pubkey_algo == (
rpmuint8_t)0) {
571 _digp->hashlen =
sizeof(*v) + plen;
572 _digp->hash = pp->u.h;
580 if ((p + plen) > (pp->u.h + pp->hlen))
583 if (_pgp_debug && _pgp_print)
592 if (_digp && _digp->pubkey_algo == (
rpmuint8_t)0) {
597 memcpy(_digp->signhash16, p,
sizeof(_digp->signhash16));
601 if (p > (pp->u.h + pp->hlen))
624 static const char * pgpSecretRSA[] = {
644 static const char * pgpSecretDSA[] = {
658 static const char * pgpSecretECDSA[] = {
674 static const char * pgpSecretELGAMAL[] = {
687 for (i = 0; p < pend; i++, p +=
pgpMpiLen(p)) {
737 pgpPrtHex(
" Curve = [ OID]:", p+1, p[0]);
782 pgpPrtVal(
" iterated/salted ", pgpHashTbl, p[2]);
783 i = (16 + ((
unsigned)p[11] & 0xf)) << (((
unsigned)p[11] >> 4U) + 6);
801 for (i = 0; p < &pp->u.h[pp->hlen]; i++, p +=
pgpMpiLen(p)) {
803 if (pgpSecretRSA[i] ==
NULL)
break;
806 if (pgpSecretDSA[i] ==
NULL)
break;
809 if (pgpSecretECDSA[i] ==
NULL)
break;
812 if (pgpSecretELGAMAL[i] ==
NULL)
break;
822 pgpPrtHex(
" secret", p, (pp->hlen - (p - pp->u.h) - 2));
824 p += (pp->hlen - (p - pp->u.h) - 2);
849 fprintf(stderr,
" %-24.24s(0x%08x)", ctime(&t), (
unsigned)t);
852 fprintf(stderr,
" valid %u days", plen);
855 if (_digp && _digp->tag == (
rpmuint8_t)pp->tag) {
857 memcpy(_digp->time, v->
time,
sizeof(_digp->time));
871 fprintf(stderr,
" %-24.24s(0x%08x)", ctime(&t), (
unsigned)t);
874 if (_digp && _digp->tag == (
rpmuint8_t)pp->tag) {
876 memcpy(_digp->time, v->
time,
sizeof(_digp->time));
899 fprintf(stderr,
" \"%.*s\"", (
int)pp->hlen, (
const char *)pp->u.h);
902 char *
t = (
char *) memcpy(
xmalloc(pp->hlen+1), pp->u.h, pp->hlen);
904 _digp->userid =
_free(_digp->userid);
927 fprintf(stderr,
"%.*s", (
int)strlen((
const char *)h), (
const char *)h);
941 unsigned int val = (
unsigned int)*pkt;
944 memset(pp, 0,
sizeof(*pp));
950 pp->tag = (
pgpTag) (val & 0x3f);
951 plen =
pgpLen(pkt+1, &pp->hlen);
953 pp->tag = (
pgpTag) ((val >> 2) & 0xf);
954 plen = (1 << (val & 0x3));
955 pp->hlen =
pgpGrab(pkt+1, plen);
958 pp->pktlen = 1 + plen + pp->hlen;
959 if (pleft > 0 && pp->pktlen > (
unsigned)pleft)
963 pp->u.h = pkt + 1 + plen;
980 switch (pp->u.h[0]) {
989 memmove(keyid, (se-8), 8);
1002 for (i = 0; i < 2; i++)
1006 for (i = 0; i < 4; i++)
1011 for (i = 0; i < 1; i++)
1020 memmove(keyid, (d + (dlen-8)), 8);
1033 if (b64decode(b64pkt, (
void **)&pkt, &pktlen))
1057 _digp->saved |= PGPDIG_SAVED_ID;
1059 memset(_digp->signid, 0,
sizeof(_digp->signid));
1100 return (rc ? -1 : (
int)pp->pktlen);
1109 dig->signature.userid =
_free(dig->signature.userid);
1110 dig->pubkey.userid =
_free(dig->pubkey.userid);
1111 dig->pubkey_algoN =
NULL;
1112 dig->hash_algoN =
NULL;
1113 memset(&dig->dops, 0,
sizeof(dig->dops));
1114 memset(&dig->sops, 0,
sizeof(dig->sops));
1115 dig->ppkts =
_free(dig->ppkts);
1117 dig->signature.hash =
NULL;
1118 dig->signature.hashlen = 0;
1119 dig->pubkey.hash =
NULL;
1120 dig->pubkey.hashlen = 0;
1122 memset(&dig->signature, 0,
sizeof(dig->signature));
1123 memset(&dig->pubkey, 0,
sizeof(dig->pubkey));
1125 dig->md5 =
_free(dig->md5);
1127 dig->sha1 =
_free(dig->sha1);
1144 dig->sig =
_free(dig->sig);
1146 dig->pub =
_free(dig->pub);
1151 yarnRelease(dig->_item.use);
1156 yarnPossess(dig->_item.use);
1159 if (dig->hdrctx !=
NULL)
1163 if (dig->hdrsha1ctx !=
NULL)
1165 dig->hdrsha1ctx =
NULL;
1167 if (dig->sha1ctx !=
NULL)
1169 dig->sha1ctx =
NULL;
1172 if (dig->hdrmd5ctx !=
NULL)
1174 dig->hdrmd5ctx =
NULL;
1177 if (dig->md5ctx !=
NULL)
1194 if (_digPool ==
NULL) {
1195 _digPool =
rpmioNewPool(
"dig",
sizeof(*dig), -1, _pgp_debug,
1201 memset(((
char *)dig)+
sizeof(dig->_item), 0,
sizeof(*dig)-
sizeof(dig->_item));
1214 pubp->pubkey_algo = pubkey_algo;
1216 if (pubp->pubkey_algo) {
1228 return (dig ? &dig->signature :
NULL);
1233 return (dig ? &dig->pubkey :
NULL);
1238 return (dig ? dig->sigtag : 0);
1243 return (dig ? dig->sigtype : 0);
1248 return (dig ? dig->sig :
NULL);
1253 return (dig ? dig->siglen : 0);
1260 dig->sigtag = sigtag;
1261 dig->sigtype = (sig ? sigtype : 0);
1285 int (*findPubkey) (
void *ts,
void *dig),
void *
_ts)
1289 dig->findPubkey = findPubkey;
1301 if (dig && dig->findPubkey && dig->_ts)
1302 rc = (*dig->findPubkey) (dig->_ts, dig);
1317 for (p = pkts, pleft = pktlen; p < (pkts +
pktlen); p +=
len, pleft -=
len) {
1329 for (p = pkts, pleft = pktlen; p < (pkts +
pktlen); p +=
len, pleft -=
len) {
1332 if (ppkts) ppkts =
_free(ppkts);
1338 ppkts[npkts] =
NULL;
1343 ppkts =
_free(ppkts);
1357 unsigned int val = (
unsigned int)*pkts;
1364 _pgp_print = printing;
1366 if (dig !=
NULL && (val & 0x80)) {
1367 pgpTag tag = (
pgpTag)((val & 0x40) ? (val & 0x3f) : ((val >> 2) & 0xf));
1379 for (i = 0, pleft = pktlen; i < npkts; i++, pleft -=
len) {
1385 dig->ppkts =
_free(dig->ppkts);
1389 ppkts =
_free(ppkts);
1400 const char * enc =
NULL;
1401 const char * crcenc =
NULL;
1407 const char * armortype =
NULL;
1434 iob->blen =
pgpPktLen(iob->b, iob->blen, pp);
1439 #define TOKEQ(_s, _tok) (!strncmp((_s), (_tok), sizeof(_tok)-1))
1442 for (t = (
char *)iob->b; t && *t; t = te) {
1443 if ((te = strchr(t,
'\n')) ==
NULL)
1451 if (!
TOKEQ(t,
"-----BEGIN PGP "))
1453 t +=
sizeof(
"-----BEGIN PGP ")-1;
1466 t = strchr(t,
'\n');
1471 t -= (
sizeof(
"-----")-1);
1472 if (!
TOKEQ(t,
"-----"))
1482 if (!(*t ==
'\n' || *t ==
'\r')) {
1499 if (!
TOKEQ(t,
"-----END PGP ")) {
1504 t +=
sizeof(
"-----END PGP ")-1;
1505 if (t >= te)
continue;
1507 if (armortype ==
NULL)
1509 rc = strncmp(t, armortype, strlen(armortype));
1513 t += strlen(armortype);
1514 if (t >= te)
continue;
1516 if (!
TOKEQ(t,
"-----")) {
1520 t += (
sizeof(
"-----")-1);
1521 if (t >= te)
continue;
1523 if (!(*t ==
'\n' || *t ==
'\r'))
continue;
1527 if (b64decode(crcenc, (
void **)&crcdec, &crclen) != 0) {
1531 crcpkt =
pgpGrab(crcdec, crclen);
1532 crcdec =
_free(crcdec);
1535 if (b64decode(enc, (
void **)&dec, &declen) != 0) {
1539 crc =
pgpCRC(dec, declen);
1540 if (crcpkt != crc) {
1546 iob->b =
_free(iob->b);
1559 if (pkt) *pkt = iob->b;
1560 if (pktlen) *pktlen = iob->blen;
1563 if (pkt) *pkt =
NULL;
1564 if (pktlen) *pktlen = 0;
1587 nt = ((ns + 2) / 3) * 4;
1590 if (b64encode_chars_per_line > 0 && b64encode_eolstr !=
NULL) {
1591 lc = (nt + b64encode_chars_per_line - 1) / b64encode_chars_per_line;
1592 if (((nt + b64encode_chars_per_line - 1) % b64encode_chars_per_line) != 0)
1594 nt += lc * strlen(b64encode_eolstr);
1600 val = t = (
char *)
xmalloc(nt + 1);
1602 t =
stpcpy(t,
"-----BEGIN PGP ");
1607 t =
stpcpy(t,
" (BeeCrypt)\n\n");
1609 if ((enc = b64encode(s, ns)) !=
NULL) {
1612 if ((enc = b64crc(s, ns)) !=
NULL) {
1619 t =
stpcpy(t,
"-----END PGP ");
1621 t =
stpcpy(t,
"-----\n");
1635 name_len = strlen(name);
1636 for (i = 0; i <
sizeof(
pgpHashTbl)/
sizeof(pgpHashTbl[0]); i++)
static const char * pgpSigDSA[]
static void pgpPrtInt(const char *pre, int i)
const rpmuint8_t * pgpPrtPubkeyParams(pgpDig dig, const pgpPkt pp, pgpPubkeyAlgo pubkey_algo, const rpmuint8_t *p)
pgpImplVecs_t * pgpImplVecs
struct pgpImplVecs_s rpmbcImplVecs
void pgpPrtVal(const char *pre, pgpValTbl vs, rpmuint8_t val)
Print an OpenPGP value.
enum pgpPubkeyAlgo_e pgpPubkeyAlgo
9.1.
int pgpGrabPkts(const rpmuint8_t *pkts, size_t pktlen, rpmuint8_t ***pppkts, int *pnpkts)
Return array of packet pointers.
struct pgpPktSigV4_s * pgpPktSigV4
5.2.3.
static const rpmuint8_t * pgpPrtSeckeyParams(const pgpPkt pp, rpmuint8_t pubkey_algo, const rpmuint8_t *p)
pgpImplVecs_t rpmnssImplVecs
int pgpPktLen(const rpmuint8_t *pkt, size_t pleft, pgpPkt pp)
int pgpExtractPubkeyFingerprint(const char *b64pkt, rpmuint8_t *keyid)
Extract OpenPGP public key fingerprint from base64 encoded packet.
struct pgpPktKeyV3_s * pgpPktKeyV3
5.5.1.
int pgpPrtPkt(const rpmuint8_t *pkt, size_t pleft)
Return lenth of a OpenPGP packet.
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
static const char * pgpPublicELGAMAL[]
int pgpFindPubkey(pgpDig dig)
Call find pubkey vector.
struct pgpPktKeyV4_s * pgpPktKeyV4
The version 4 format is similar to the version 3 format except for the absence of a validity period...
rpmiob rpmiobFree(rpmiob iob)
Destroy a I/O buffer instance.
static int pgpImplGenerate(pgpDig dig)
void pgpDigClean(pgpDig dig)
Release (malloc'd) data from container.
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
int xstrncasecmp(const char *s1, const char *s2, size_t n)
Locale insensitive strncasecmp(3).
int rpmiobSlurp(const char *fn, rpmiob *iobp)
static void pgpDigFini(void *__dig)
pgpArmor pgpReadPkts(const char *fn, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from a file.
static const char * pgpPublicRSA[]
pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
Create a container for parsed OpenPGP packates.
static unsigned int pgpCRC(const rpmuint8_t *octets, size_t len)
Return CRC of a buffer.
memset(_r, 0, sizeof(*_r))
struct pgpValTbl_s pgpTagTbl[]
static void * pgpImplFree(void *impl)
static void * pgpImplInit(void)
static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *static PyObject *size_t dlen
pgpVSFlags pgpDigVSFlags
Disabler bits(s) for signature/digest checking.
void * xcalloc(size_t nmemb, size_t size)
assert(key->size==sizeof(hdrNum))
struct pgpValTbl_s pgpHashTbl[]
Hash (string, value) pairs.
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.
rpmioItem rpmioGetPool(rpmioPool pool, size_t size)
Get unused item from pool, or alloc a new item.
fprintf(stderr,"--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, rsactx, sig, sigp)
int pgpPrtSigParams(pgpDig dig, const pgpPkt pp, pgpPubkeyAlgo pubkey_algo, pgpSigType sigtype, const rpmuint8_t *p)
enum pgpHashAlgo_e pgpHashAlgo
9.4.
void * pgpStatsAccumulator(pgpDig dig, int opx)
Return pgpDig container accumulator structure.
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
enum pgpVSFlags_e pgpVSFlags
Bit(s) to control digest and signature verification.
int pgpPrtPkts(const rpmuint8_t *pkts, size_t pktlen, pgpDig dig, int printing)
Print/parse a OpenPGP packet(s).
pgpDig pgpDigFree(pgpDig dig)
Destroy a container for parsed OpenPGP packates.
pgpImplVecs_t rpmsslImplVecs
Implementation specific parameter storage.
struct pgpValTbl_s pgpArmorTbl[]
Armor (string, value) pairs.
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest.
pgpDig pgpDigLink(pgpDig dig)
Reference a signature parameters instance.
static void pgpPrtHex(const char *pre, const rpmuint8_t *p, size_t plen)
static const char * pgpMpiStr(const rpmuint8_t *p)
Return hex formatted representation of a multiprecision integer.
rpmuint32_t pgpGetSigtype(pgpDig dig)
Get signature tag type.
char * pgpArmorWrap(rpmuint8_t atype, const unsigned char *s, size_t ns)
Wrap a OpenPGP packets in ascii armor for transport.
static void pgpPrtStr(const char *pre, const char *s)
static const char * pgpPublicECDSA[]
static unsigned int pgpLen(const rpmuint8_t *s, unsigned int *lenp)
Return length of an OpenPGP packet.
rpmuint32_t pgpGetSigtag(pgpDig dig)
Get signature tag.
struct pgpPktSigV3_s * pgpPktSigV3
5.2.2.
int pgpPrtSubType(const rpmuint8_t *h, size_t hlen, pgpSigType sigtype)
int pgpPrtComment(const pgpPkt pp)
struct pgpValTbl_s pgpArmorKeyTbl[]
Armor key (string, value) pairs.
static void pgpImplClean(void *impl)
static int pgpIsPkt(const rpmuint8_t *p, pgpTag *tagp)
Is buffer at beginning of an OpenPGP packet?
static unsigned int pgpMpiLen(const rpmuint8_t *p)
Return no.
rpmioPool rpmioNewPool(const char *name, size_t size, int limit, int flags, char *(*dbg)(void *item), void(*init)(void *item), void(*fini)(void *item))
Create a memory pool.
static pgpDig digGetPool(rpmioPool pool)
int pgpSetFindPubkey(pgpDig dig, int(*findPubkey)(void *ts, void *dig), void *_ts)
Set find pubkey vector.
struct pgpValTbl_s pgpSubTypeTbl[]
Subtype (string, value) pairs.
char * stpcpy(char *dest, const char *src)
const void * pgpGetSig(pgpDig dig)
Get signature tag data, i.e.
int pgpPrtUserID(const pgpPkt pp)
static const char * pgpPublicDSA[]
pgpImplVecs_t rpmgcImplVecs
Implementation specific parameter storage.
struct pgpDigParams_s * pgpDigParams
struct pgpValTbl_s pgpSymkeyTbl[]
Symmetric key (string, value) pairs.
struct pgpValTbl_s pgpKeyServerPrefsTbl[]
static const char * pgpValStr(pgpValTbl vs, rpmuint8_t val)
Return string representation of am OpenPGP value.
pgpHashAlgo pgpHashAlgoStringToNumber(const char *name, size_t name_len)
Convert a hash algorithm "foo" to the internal PGPHASHALGO_FOO number.
static void
Print copy of spec file, filling in Group/Description/Summary from specspo.
int pgpSetSig(pgpDig dig, rpmuint32_t sigtag, rpmuint32_t sigtype, const void *sig, rpmuint32_t siglen)
Set signature tag info, i.e.
rpmuint32_t pgpGetSiglen(pgpDig dig)
Get signature tag data length, i.e.
enum pgpSigType_e pgpSigType
5.2.1.
static PyObject *unsigned char * pkt
int
Save source and expand field into target.
static unsigned int pgpGrab(const rpmuint8_t *s, size_t nbytes)
Return (native-endian) integer from big-endian representation.
void rpmDigestFinal(rpmDigestDup(md5ctx),&md5sum,&md5len, 0)
static int pgpImplMpiItem(const char *pre, pgpDig dig, int itemno, const rpmuint8_t *p, const rpmuint8_t *pend)
int rpmbcExportPubkey(pgpDig dig)
static const char * pgpSigRSA[]
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
static int pgpValTok(pgpValTbl vs, const char *s, const char *se)
Return value of an OpenPGP string.
pgpArmor pgpArmorUnwrap(rpmiob iob, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from an iob.
static const char * pgpSigECDSA[]
The version 4 format is similar to the version 3 format except for the absence of a validity period...
int pgpPrtSig(const pgpPkt pp)
static void pgpPrtNL(void)
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
struct pgpValTbl_s pgpCompressionTbl[]
Compression (string, value) pairs.
struct pgpValTbl_s pgpPubkeyTbl[]
int pgpPrtKey(const pgpPkt pp)
struct pgpValTbl_s pgpSigTypeTbl[]
static pgpDigParams _digp