2000-08-28 03:27:03 +08:00
|
|
|
/** \ingroup signature
|
|
|
|
|
* \file lib/signature.c
|
|
|
|
|
*/
|
|
|
|
|
|
1998-07-26 05:00:26 +08:00
|
|
|
#include "system.h"
|
1997-01-18 00:22:08 +08:00
|
|
|
|
2007-11-16 23:37:54 +08:00
|
|
|
#include "digest.h"
|
2007-11-23 13:46:19 +08:00
|
|
|
#include <rpmlib.h>
|
|
|
|
|
#include <rpmmacro.h> /* XXX for rpmGetPath() */
|
|
|
|
|
#include <rpmdb.h>
|
1996-02-19 10:32:11 +08:00
|
|
|
|
2007-11-23 13:46:19 +08:00
|
|
|
#include <rpmts.h>
|
2002-04-12 00:55:19 +08:00
|
|
|
|
2007-11-23 13:46:19 +08:00
|
|
|
#include <rpmlog.h>
|
2001-06-18 06:18:03 +08:00
|
|
|
#include "misc.h" /* XXX for dosetenv() and makeTempFile() */
|
2001-10-22 05:43:32 +08:00
|
|
|
#include "legacy.h" /* XXX for mdbinfile() */
|
1996-06-29 02:48:34 +08:00
|
|
|
#include "rpmlead.h"
|
1996-10-15 11:15:30 +08:00
|
|
|
#include "signature.h"
|
2002-09-01 06:39:34 +08:00
|
|
|
#include "header_internal.h"
|
2000-12-13 04:03:45 +08:00
|
|
|
#include "debug.h"
|
1996-02-19 10:32:11 +08:00
|
|
|
|
2005-01-05 03:31:31 +08:00
|
|
|
#if !defined(__GLIBC__) && !defined(__APPLE__)
|
2002-04-09 06:52:45 +08:00
|
|
|
char ** environ = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-03-23 01:31:53 +08:00
|
|
|
int rpmLookupSignatureType(int action)
|
1996-06-20 11:10:44 +08:00
|
|
|
{
|
1999-09-11 07:48:56 +08:00
|
|
|
static int disabled = 0;
|
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
|
|
switch (action) {
|
|
|
|
|
case RPMLOOKUPSIG_DISABLE:
|
|
|
|
|
disabled = -2;
|
|
|
|
|
break;
|
|
|
|
|
case RPMLOOKUPSIG_ENABLE:
|
|
|
|
|
disabled = 0;
|
|
|
|
|
case RPMLOOKUPSIG_QUERY:
|
|
|
|
|
if (disabled)
|
|
|
|
|
break; /* Disabled */
|
2002-01-11 03:16:54 +08:00
|
|
|
{ const char *name = rpmExpand("%{?_signature}", NULL);
|
|
|
|
|
if (!(name && *name != '\0'))
|
1999-03-23 01:31:53 +08:00
|
|
|
rc = 0;
|
2001-01-04 04:19:27 +08:00
|
|
|
else if (!xstrcasecmp(name, "none"))
|
1999-09-11 07:48:56 +08:00
|
|
|
rc = 0;
|
2001-01-04 04:19:27 +08:00
|
|
|
else if (!xstrcasecmp(name, "pgp"))
|
1999-09-11 07:48:56 +08:00
|
|
|
rc = RPMSIGTAG_PGP;
|
2001-01-04 04:19:27 +08:00
|
|
|
else if (!xstrcasecmp(name, "pgp5")) /* XXX legacy */
|
1999-09-11 07:48:56 +08:00
|
|
|
rc = RPMSIGTAG_PGP;
|
2001-01-04 04:19:27 +08:00
|
|
|
else if (!xstrcasecmp(name, "gpg"))
|
1999-09-11 07:48:56 +08:00
|
|
|
rc = RPMSIGTAG_GPG;
|
|
|
|
|
else
|
|
|
|
|
rc = -1; /* Invalid %_signature spec in macro file */
|
2001-04-29 09:05:43 +08:00
|
|
|
name = _free(name);
|
1999-09-11 07:48:56 +08:00
|
|
|
} break;
|
1999-03-23 01:31:53 +08:00
|
|
|
}
|
1999-03-21 05:09:47 +08:00
|
|
|
return rc;
|
1996-06-20 11:10:44 +08:00
|
|
|
}
|
|
|
|
|
|
1999-03-22 02:43:22 +08:00
|
|
|
/* rpmDetectPGPVersion() returns the absolute path to the "pgp" */
|
|
|
|
|
/* executable of the requested version, or NULL when none found. */
|
|
|
|
|
|
2001-02-12 06:02:29 +08:00
|
|
|
const char * rpmDetectPGPVersion(pgpVersion * pgpVer)
|
1999-03-22 02:43:22 +08:00
|
|
|
{
|
2001-10-19 21:51:20 +08:00
|
|
|
/* Actually this should support having more then one pgp version. */
|
1999-03-22 02:43:22 +08:00
|
|
|
/* At the moment only one version is possible since we only */
|
1999-03-23 01:31:53 +08:00
|
|
|
/* have one %_pgpbin and one %_pgp_path. */
|
1999-03-22 02:43:22 +08:00
|
|
|
|
1999-09-11 07:48:56 +08:00
|
|
|
static pgpVersion saved_pgp_version = PGP_UNKNOWN;
|
2002-01-11 03:16:54 +08:00
|
|
|
const char *pgpbin = rpmGetPath("%{?_pgpbin}", NULL);
|
1999-03-22 02:43:22 +08:00
|
|
|
|
1999-09-11 07:48:56 +08:00
|
|
|
if (saved_pgp_version == PGP_UNKNOWN) {
|
1999-03-22 02:43:22 +08:00
|
|
|
char *pgpvbin;
|
2000-12-13 04:03:45 +08:00
|
|
|
struct stat st;
|
2001-10-19 21:51:20 +08:00
|
|
|
|
2002-01-11 03:16:54 +08:00
|
|
|
if (!(pgpbin && pgpbin[0] != '\0')) {
|
2002-03-07 07:17:31 +08:00
|
|
|
pgpbin = _free(pgpbin);
|
|
|
|
|
saved_pgp_version = -1;
|
|
|
|
|
return NULL;
|
1999-03-22 02:43:22 +08:00
|
|
|
}
|
2000-10-29 01:16:25 +08:00
|
|
|
pgpvbin = (char *)alloca(strlen(pgpbin) + sizeof("v"));
|
|
|
|
|
(void)stpcpy(stpcpy(pgpvbin, pgpbin), "v");
|
1999-03-22 02:43:22 +08:00
|
|
|
|
2000-12-13 04:03:45 +08:00
|
|
|
if (stat(pgpvbin, &st) == 0)
|
2002-03-07 07:17:31 +08:00
|
|
|
saved_pgp_version = PGP_5;
|
2000-12-13 04:03:45 +08:00
|
|
|
else if (stat(pgpbin, &st) == 0)
|
2002-03-07 07:17:31 +08:00
|
|
|
saved_pgp_version = PGP_2;
|
1999-03-22 02:43:22 +08:00
|
|
|
else
|
2002-03-07 07:17:31 +08:00
|
|
|
saved_pgp_version = PGP_NOTDETECTED;
|
1999-03-22 02:43:22 +08:00
|
|
|
}
|
|
|
|
|
|
2001-05-04 05:00:18 +08:00
|
|
|
if (pgpVer && pgpbin)
|
1999-09-11 07:48:56 +08:00
|
|
|
*pgpVer = saved_pgp_version;
|
|
|
|
|
return pgpbin;
|
1999-03-22 02:43:22 +08:00
|
|
|
}
|
|
|
|
|
|
2001-02-13 03:02:15 +08:00
|
|
|
/**
|
2002-09-01 06:39:34 +08:00
|
|
|
* Print package size.
|
2001-02-13 03:02:15 +08:00
|
|
|
* @todo rpmio: use fdSize rather than fstat(2) to get file size.
|
|
|
|
|
* @param fd package file handle
|
|
|
|
|
* @param siglen signature header size
|
|
|
|
|
* @param pad signature padding
|
|
|
|
|
* @param datalen length of header+payload
|
|
|
|
|
* @return rpmRC return code
|
|
|
|
|
*/
|
2002-09-01 06:39:34 +08:00
|
|
|
static inline rpmRC printSize(FD_t fd, int siglen, int pad, int datalen)
|
1999-07-14 07:33:02 +08:00
|
|
|
{
|
2000-12-13 04:03:45 +08:00
|
|
|
struct stat st;
|
2004-11-06 04:43:10 +08:00
|
|
|
int fdno = Fileno(fd);
|
1999-07-14 07:33:02 +08:00
|
|
|
|
2004-11-06 04:43:10 +08:00
|
|
|
/* HACK: workaround for davRead wiring. */
|
|
|
|
|
if (fdno == 123456789) {
|
|
|
|
|
st.st_size = 0;
|
|
|
|
|
st.st_size -= sizeof(struct rpmlead)+siglen+pad+datalen;
|
|
|
|
|
} else if (fstat(fdno, &st) < 0)
|
2001-02-13 03:02:15 +08:00
|
|
|
return RPMRC_FAIL;
|
1999-07-14 07:33:02 +08:00
|
|
|
|
2007-10-09 19:48:04 +08:00
|
|
|
rpmlog(RPMLOG_DEBUG,
|
2000-12-13 04:03:45 +08:00
|
|
|
_("Expected size: %12d = lead(%d)+sigs(%d)+pad(%d)+data(%d)\n"),
|
2001-04-29 09:05:43 +08:00
|
|
|
(int)sizeof(struct rpmlead)+siglen+pad+datalen,
|
|
|
|
|
(int)sizeof(struct rpmlead), siglen, pad, datalen);
|
2007-10-09 19:48:04 +08:00
|
|
|
rpmlog(RPMLOG_DEBUG,
|
2001-04-29 09:05:43 +08:00
|
|
|
_(" Actual size: %12d\n"), (int)st.st_size);
|
2000-12-13 04:03:45 +08:00
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
return RPMRC_OK;
|
1999-07-14 07:33:02 +08:00
|
|
|
}
|
|
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
static unsigned char header_magic[8] = {
|
|
|
|
|
0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00
|
|
|
|
|
};
|
|
|
|
|
|
2002-09-17 04:10:20 +08:00
|
|
|
rpmRC rpmReadSignature(FD_t fd, Header * sighp, sigType sig_type,
|
|
|
|
|
const char ** msg)
|
1996-02-19 10:32:11 +08:00
|
|
|
{
|
2002-09-17 04:10:20 +08:00
|
|
|
char buf[BUFSIZ];
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t block[4];
|
|
|
|
|
int32_t il;
|
|
|
|
|
int32_t dl;
|
|
|
|
|
int32_t * ei = NULL;
|
2002-09-01 06:39:34 +08:00
|
|
|
entryInfo pe;
|
2002-09-17 04:10:20 +08:00
|
|
|
size_t nb;
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t ril = 0;
|
2002-09-01 06:39:34 +08:00
|
|
|
indexEntry entry = memset(alloca(sizeof(*entry)), 0, sizeof(*entry));
|
|
|
|
|
entryInfo info = memset(alloca(sizeof(*info)), 0, sizeof(*info));
|
2002-09-17 04:10:20 +08:00
|
|
|
unsigned char * dataStart;
|
|
|
|
|
unsigned char * dataEnd = NULL;
|
2002-09-01 06:39:34 +08:00
|
|
|
Header sigh = NULL;
|
2001-02-13 03:02:15 +08:00
|
|
|
rpmRC rc = RPMRC_FAIL; /* assume failure */
|
2002-09-01 06:39:34 +08:00
|
|
|
int xx;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (sighp)
|
|
|
|
|
*sighp = NULL;
|
|
|
|
|
|
2002-09-17 04:10:20 +08:00
|
|
|
buf[0] = '\0';
|
|
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
if (sig_type != RPMSIGTYPE_HEADERSIG)
|
|
|
|
|
goto exit;
|
|
|
|
|
|
2002-09-17 23:21:03 +08:00
|
|
|
memset(block, 0, sizeof(block));
|
2007-07-11 20:29:30 +08:00
|
|
|
if ((xx = timedRead(fd, (void *)block, sizeof(block))) != sizeof(block)) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-10-10 03:07:43 +08:00
|
|
|
_("sigh size(%d): BAD, read returned %d\n"), (int)sizeof(block), xx);
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
|
|
|
|
if (memcmp(block, header_magic, sizeof(header_magic))) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("sigh magic: BAD\n"));
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
2002-09-01 06:39:34 +08:00
|
|
|
il = ntohl(block[2]);
|
2002-09-17 04:10:20 +08:00
|
|
|
if (il < 0 || il > 32) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("sigh tags: BAD, no. of tags(%d) out of range\n"), il);
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
2002-09-01 06:39:34 +08:00
|
|
|
dl = ntohl(block[3]);
|
2002-09-17 04:10:20 +08:00
|
|
|
if (dl < 0 || dl > 8192) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("sigh data: BAD, no. of bytes(%d) out of range\n"), dl);
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
2002-09-01 06:39:34 +08:00
|
|
|
|
|
|
|
|
nb = (il * sizeof(struct entryInfo_s)) + dl;
|
|
|
|
|
ei = xmalloc(sizeof(il) + sizeof(dl) + nb);
|
2002-09-17 04:10:20 +08:00
|
|
|
ei[0] = block[2];
|
|
|
|
|
ei[1] = block[3];
|
2002-09-01 06:39:34 +08:00
|
|
|
pe = (entryInfo) &ei[2];
|
2002-09-17 04:10:20 +08:00
|
|
|
dataStart = (unsigned char *) (pe + il);
|
2007-07-11 20:29:30 +08:00
|
|
|
if ((xx = timedRead(fd, (void *)pe, nb)) != nb) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-10-10 03:07:43 +08:00
|
|
|
_("sigh blob(%d): BAD, read returned %d\n"), (int)nb, xx);
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
2002-09-01 06:39:34 +08:00
|
|
|
|
2002-09-17 04:10:20 +08:00
|
|
|
/* Check (and convert) the 1st tag element. */
|
|
|
|
|
xx = headerVerifyInfo(1, dl, pe, &entry->info, 0);
|
|
|
|
|
if (xx != -1) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
|
|
|
|
|
0, entry->info.tag, entry->info.type,
|
|
|
|
|
entry->info.offset, entry->info.count);
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Is there an immutable header region tag? */
|
|
|
|
|
if (entry->info.tag == RPMTAG_HEADERSIGNATURES
|
|
|
|
|
&& entry->info.type == RPM_BIN_TYPE
|
|
|
|
|
&& entry->info.count == REGION_TAG_COUNT)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (entry->info.offset >= dl) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("region offset: BAD, tag %d type %d offset %d count %d\n"),
|
|
|
|
|
entry->info.tag, entry->info.type,
|
|
|
|
|
entry->info.offset, entry->info.count);
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Is there an immutable header region tag trailer? */
|
|
|
|
|
dataEnd = dataStart + entry->info.offset;
|
|
|
|
|
(void) memcpy(info, dataEnd, REGION_TAG_COUNT);
|
2005-06-07 07:35:24 +08:00
|
|
|
/* XXX Really old packages have HEADER_IMAGE, not HEADER_SIGNATURES. */
|
|
|
|
|
if (info->tag == htonl(RPMTAG_HEADERIMAGE)) {
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t stag = htonl(RPMTAG_HEADERSIGNATURES);
|
2005-06-07 07:35:24 +08:00
|
|
|
info->tag = stag;
|
|
|
|
|
memcpy(dataEnd, &stag, sizeof(stag));
|
|
|
|
|
}
|
2002-09-17 04:10:20 +08:00
|
|
|
dataEnd += REGION_TAG_COUNT;
|
|
|
|
|
|
|
|
|
|
xx = headerVerifyInfo(1, dl, info, &entry->info, 1);
|
|
|
|
|
if (xx != -1 ||
|
2007-04-16 20:31:04 +08:00
|
|
|
!((entry->info.tag == RPMTAG_HEADERSIGNATURES || entry->info.tag == RPMTAG_HEADERIMAGE)
|
2002-09-17 04:10:20 +08:00
|
|
|
&& entry->info.type == RPM_BIN_TYPE
|
|
|
|
|
&& entry->info.count == REGION_TAG_COUNT))
|
|
|
|
|
{
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("region trailer: BAD, tag %d type %d offset %d count %d\n"),
|
|
|
|
|
entry->info.tag, entry->info.type,
|
|
|
|
|
entry->info.offset, entry->info.count);
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
memset(info, 0, sizeof(*info));
|
|
|
|
|
|
|
|
|
|
/* Is the no. of tags in the region less than the total no. of tags? */
|
|
|
|
|
ril = entry->info.offset/sizeof(*pe);
|
|
|
|
|
if ((entry->info.offset % sizeof(*pe)) || ril > il) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("region size: BAD, ril(%d) > il(%d)\n"), ril, il);
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
/* Sanity check signature tags */
|
|
|
|
|
memset(info, 0, sizeof(*info));
|
2002-09-17 04:10:20 +08:00
|
|
|
for (i = 1; i < il; i++) {
|
2002-09-01 06:39:34 +08:00
|
|
|
xx = headerVerifyInfo(1, dl, pe+i, &entry->info, 0);
|
2002-09-17 04:10:20 +08:00
|
|
|
if (xx != -1) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("sigh tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
|
|
|
|
|
i, entry->info.tag, entry->info.type,
|
|
|
|
|
entry->info.offset, entry->info.count);
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
2002-09-01 06:39:34 +08:00
|
|
|
}
|
1996-07-08 06:19:32 +08:00
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
/* OK, blob looks sane, load the header. */
|
|
|
|
|
sigh = headerLoad(ei);
|
2002-09-17 04:10:20 +08:00
|
|
|
if (sigh == NULL) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf), _("sigh load: BAD\n"));
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
2002-09-01 06:39:34 +08:00
|
|
|
sigh->flags |= HEADERFLAG_ALLOCATED;
|
2000-12-30 05:44:37 +08:00
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
{ int sigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
|
|
|
|
|
int pad = (8 - (sigSize % 8)) % 8; /* 8-byte pad */
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t * archSize = NULL;
|
1996-02-19 10:32:11 +08:00
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
/* Position at beginning of header. */
|
2007-07-11 20:29:30 +08:00
|
|
|
if (pad && (xx = timedRead(fd, (void *)block, pad)) != pad) {
|
2002-09-17 23:21:03 +08:00
|
|
|
(void) snprintf(buf, sizeof(buf),
|
2002-09-17 04:10:20 +08:00
|
|
|
_("sigh pad(%d): BAD, read %d bytes\n"), pad, xx);
|
2002-09-01 06:39:34 +08:00
|
|
|
goto exit;
|
2002-09-17 04:10:20 +08:00
|
|
|
}
|
2002-03-11 03:00:31 +08:00
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
/* Print package component sizes. */
|
2004-11-06 04:43:10 +08:00
|
|
|
if (headerGetEntry(sigh, RPMSIGTAG_SIZE, NULL,(void **)&archSize, NULL)) {
|
2002-09-01 06:39:34 +08:00
|
|
|
rc = printSize(fd, sigSize, pad, *archSize);
|
2004-11-06 04:43:10 +08:00
|
|
|
if (rc != RPMRC_OK)
|
|
|
|
|
(void) snprintf(buf, sizeof(buf),
|
|
|
|
|
_("sigh sigSize(%d): BAD, fstat(2) failed\n"), sigSize);
|
|
|
|
|
}
|
2002-09-01 06:39:34 +08:00
|
|
|
}
|
2000-11-07 21:16:43 +08:00
|
|
|
|
2002-09-01 06:39:34 +08:00
|
|
|
exit:
|
2002-09-17 23:21:03 +08:00
|
|
|
if (sighp && sigh && rc == RPMRC_OK)
|
2002-09-01 06:39:34 +08:00
|
|
|
*sighp = headerLink(sigh);
|
|
|
|
|
sigh = headerFree(sigh);
|
2002-09-17 04:10:20 +08:00
|
|
|
|
|
|
|
|
if (msg != NULL) {
|
|
|
|
|
buf[sizeof(buf)-1] = '\0';
|
|
|
|
|
*msg = xstrdup(buf);
|
|
|
|
|
}
|
|
|
|
|
|
2000-11-07 21:16:43 +08:00
|
|
|
return rc;
|
1996-02-19 10:32:11 +08:00
|
|
|
}
|
|
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
int rpmWriteSignature(FD_t fd, Header sigh)
|
1996-02-20 14:02:32 +08:00
|
|
|
{
|
2001-12-09 01:21:36 +08:00
|
|
|
static byte buf[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
2001-02-12 06:02:29 +08:00
|
|
|
int sigSize, pad;
|
|
|
|
|
int rc;
|
2001-10-19 21:51:20 +08:00
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
rc = headerWrite(fd, sigh, HEADER_MAGIC_YES);
|
1999-08-24 23:18:43 +08:00
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
sigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
|
1996-07-08 06:19:32 +08:00
|
|
|
pad = (8 - (sigSize % 8)) % 8;
|
|
|
|
|
if (pad) {
|
1999-11-11 06:09:49 +08:00
|
|
|
if (Fwrite(buf, sizeof(buf[0]), pad, fd) != pad)
|
1999-08-24 23:18:43 +08:00
|
|
|
rc = 1;
|
1996-06-29 02:48:34 +08:00
|
|
|
}
|
2007-10-09 19:48:04 +08:00
|
|
|
rpmlog(RPMLOG_DEBUG, _("Signature: size(%d)+pad(%d)\n"), sigSize, pad);
|
1999-08-24 23:18:43 +08:00
|
|
|
return rc;
|
1996-07-08 06:19:32 +08:00
|
|
|
}
|
1996-06-29 02:48:34 +08:00
|
|
|
|
1996-11-19 02:02:36 +08:00
|
|
|
Header rpmNewSignature(void)
|
1996-07-08 06:19:32 +08:00
|
|
|
{
|
2005-03-09 21:22:48 +08:00
|
|
|
Header sigh = headerNew();
|
|
|
|
|
return sigh;
|
1996-07-08 06:19:32 +08:00
|
|
|
}
|
|
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
Header rpmFreeSignature(Header sigh)
|
1996-07-08 06:19:32 +08:00
|
|
|
{
|
2005-03-09 21:22:48 +08:00
|
|
|
return headerFree(sigh);
|
1996-07-08 06:19:32 +08:00
|
|
|
}
|
|
|
|
|
|
2002-03-07 07:17:31 +08:00
|
|
|
/**
|
2005-03-09 21:22:48 +08:00
|
|
|
* Generate PGP signature(s) for a header+payload file.
|
2002-03-07 07:17:31 +08:00
|
|
|
* @param file header+payload file name
|
2005-03-09 21:22:48 +08:00
|
|
|
* @retval *sigTagp signature tag
|
|
|
|
|
* @retval *pktp signature packet(s)
|
|
|
|
|
* @retval *pktlenp signature packet(s) length
|
2002-03-07 07:17:31 +08:00
|
|
|
* @param passPhrase private key pass phrase
|
|
|
|
|
* @return 0 on success, 1 on failure
|
|
|
|
|
*/
|
2007-10-26 19:24:14 +08:00
|
|
|
static int makePGPSignature(const char * file, int32_t * sigTagp,
|
|
|
|
|
byte ** pktp, int32_t * pktlenp,
|
2007-09-12 01:07:39 +08:00
|
|
|
const char * passPhrase)
|
1996-02-19 10:32:11 +08:00
|
|
|
{
|
2001-02-12 06:02:29 +08:00
|
|
|
char * sigfile = alloca(1024);
|
1996-07-08 06:19:32 +08:00
|
|
|
int pid, status;
|
1998-11-19 05:41:05 +08:00
|
|
|
int inpipe[2];
|
2000-12-13 04:03:45 +08:00
|
|
|
struct stat st;
|
2002-01-11 03:16:54 +08:00
|
|
|
const char * cmd;
|
|
|
|
|
char *const *av;
|
2007-07-10 16:00:04 +08:00
|
|
|
#ifdef NOTYET
|
2005-03-09 21:22:48 +08:00
|
|
|
pgpDig dig = NULL;
|
|
|
|
|
pgpDigParams sigp = NULL;
|
2007-07-10 16:00:04 +08:00
|
|
|
#endif
|
2002-01-11 03:16:54 +08:00
|
|
|
int rc;
|
1996-02-19 10:32:11 +08:00
|
|
|
|
2001-02-12 06:02:29 +08:00
|
|
|
(void) stpcpy( stpcpy(sigfile, file), ".sig");
|
1996-02-19 10:32:11 +08:00
|
|
|
|
2002-01-11 03:16:54 +08:00
|
|
|
addMacro(NULL, "__plaintext_filename", NULL, file, -1);
|
|
|
|
|
addMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
|
|
|
|
|
1999-09-18 05:08:32 +08:00
|
|
|
inpipe[0] = inpipe[1] = 0;
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) pipe(inpipe);
|
2001-10-19 21:51:20 +08:00
|
|
|
|
1996-02-19 10:32:11 +08:00
|
|
|
if (!(pid = fork())) {
|
2002-01-11 03:16:54 +08:00
|
|
|
const char *pgp_path = rpmExpand("%{?_pgp_path}", NULL);
|
1999-03-22 02:43:22 +08:00
|
|
|
const char *path;
|
1999-09-11 07:48:56 +08:00
|
|
|
pgpVersion pgpVer;
|
1999-03-21 05:09:47 +08:00
|
|
|
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) close(STDIN_FILENO);
|
|
|
|
|
(void) dup2(inpipe[0], 3);
|
|
|
|
|
(void) close(inpipe[1]);
|
1999-03-21 05:09:47 +08:00
|
|
|
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) dosetenv("PGPPASSFD", "3", 1);
|
2002-01-11 03:16:54 +08:00
|
|
|
if (pgp_path && *pgp_path != '\0')
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) dosetenv("PGPPATH", pgp_path, 1);
|
1999-03-21 05:09:47 +08:00
|
|
|
|
1996-12-24 22:02:21 +08:00
|
|
|
/* dosetenv("PGPPASS", passPhrase, 1); */
|
1999-03-22 02:43:22 +08:00
|
|
|
|
2002-08-20 06:27:44 +08:00
|
|
|
unsetenv("MALLOC_CHECK_");
|
1999-09-11 07:48:56 +08:00
|
|
|
if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
|
|
|
|
|
switch(pgpVer) {
|
|
|
|
|
case PGP_2:
|
2002-01-11 03:16:54 +08:00
|
|
|
cmd = rpmExpand("%{?__pgp_sign_cmd}", NULL);
|
|
|
|
|
rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
|
|
|
|
if (!rc)
|
|
|
|
|
rc = execve(av[0], av+1, environ);
|
1999-03-22 02:43:22 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case PGP_5:
|
2002-01-11 03:16:54 +08:00
|
|
|
cmd = rpmExpand("%{?__pgp5_sign_cmd}", NULL);
|
|
|
|
|
rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
|
|
|
|
if (!rc)
|
|
|
|
|
rc = execve(av[0], av+1, environ);
|
1999-03-22 02:43:22 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case PGP_UNKNOWN:
|
|
|
|
|
case PGP_NOTDETECTED:
|
2002-01-11 03:16:54 +08:00
|
|
|
errno = ENOENT;
|
1999-09-11 07:48:56 +08:00
|
|
|
break;
|
1999-03-22 02:43:22 +08:00
|
|
|
}
|
|
|
|
|
}
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "pgp",
|
2002-01-11 03:16:54 +08:00
|
|
|
strerror(errno));
|
2007-11-19 22:25:24 +08:00
|
|
|
_exit(RPMLOG_ERR);
|
1996-02-19 10:32:11 +08:00
|
|
|
}
|
|
|
|
|
|
2002-01-11 03:16:54 +08:00
|
|
|
delMacro(NULL, "__plaintext_filename");
|
|
|
|
|
delMacro(NULL, "__signature_filename");
|
|
|
|
|
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) close(inpipe[0]);
|
2001-05-04 05:00:18 +08:00
|
|
|
if (passPhrase)
|
|
|
|
|
(void) write(inpipe[1], passPhrase, strlen(passPhrase));
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) write(inpipe[1], "\n", 1);
|
|
|
|
|
(void) close(inpipe[1]);
|
1996-02-19 10:32:11 +08:00
|
|
|
|
1998-11-17 05:40:28 +08:00
|
|
|
(void)waitpid(pid, &status, 0);
|
1996-02-19 10:32:11 +08:00
|
|
|
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("pgp failed\n"));
|
1996-02-19 10:32:11 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2000-12-13 04:03:45 +08:00
|
|
|
if (stat(sigfile, &st)) {
|
1996-02-25 13:05:52 +08:00
|
|
|
/* PGP failed to write signature */
|
2001-05-04 05:00:18 +08:00
|
|
|
if (sigfile) (void) unlink(sigfile); /* Just in case */
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("pgp failed to write signature\n"));
|
1996-02-25 13:05:52 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
1996-06-20 11:10:44 +08:00
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
*pktlenp = st.st_size;
|
2007-10-09 19:48:04 +08:00
|
|
|
rpmlog(RPMLOG_DEBUG, _("PGP sig size: %d\n"), *pktlenp);
|
2005-03-09 21:22:48 +08:00
|
|
|
*pktp = xmalloc(*pktlenp);
|
2001-10-19 21:51:20 +08:00
|
|
|
|
1999-01-11 01:10:17 +08:00
|
|
|
{ FD_t fd;
|
2002-01-11 03:16:54 +08:00
|
|
|
|
|
|
|
|
rc = 0;
|
1999-11-05 05:26:08 +08:00
|
|
|
fd = Fopen(sigfile, "r.fdio");
|
2001-05-04 05:00:18 +08:00
|
|
|
if (fd != NULL && !Ferror(fd)) {
|
2007-07-11 20:29:30 +08:00
|
|
|
rc = timedRead(fd, (void *)*pktp, *pktlenp);
|
2001-05-04 05:00:18 +08:00
|
|
|
if (sigfile) (void) unlink(sigfile);
|
|
|
|
|
(void) Fclose(fd);
|
|
|
|
|
}
|
2005-03-09 21:22:48 +08:00
|
|
|
if (rc != *pktlenp) {
|
|
|
|
|
*pktp = _free(*pktp);
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("unable to read the signature\n"));
|
1999-01-11 01:10:17 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
1996-06-20 11:10:44 +08:00
|
|
|
}
|
1996-02-19 10:32:11 +08:00
|
|
|
|
2007-10-09 19:48:04 +08:00
|
|
|
rpmlog(RPMLOG_DEBUG, _("Got %d bytes of PGP sig\n"), *pktlenp);
|
2001-10-19 21:51:20 +08:00
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
#ifdef NOTYET
|
|
|
|
|
/* Parse the signature, change signature tag as appropriate. */
|
|
|
|
|
dig = pgpNewDig();
|
|
|
|
|
|
2005-03-13 00:36:28 +08:00
|
|
|
(void) pgpPrtPkts(*pktp, *pktlenp, dig, 0);
|
2005-03-09 21:22:48 +08:00
|
|
|
sigp = &dig->signature;
|
|
|
|
|
|
|
|
|
|
dig = pgpFreeDig(dig);
|
|
|
|
|
#endif
|
|
|
|
|
|
1996-02-19 10:32:11 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-07 07:17:31 +08:00
|
|
|
/**
|
2005-03-09 21:22:48 +08:00
|
|
|
* Generate GPG signature(s) for a header+payload file.
|
2002-03-07 07:17:31 +08:00
|
|
|
* @param file header+payload file name
|
2005-03-09 21:22:48 +08:00
|
|
|
* @retval *sigTagp signature tag
|
|
|
|
|
* @retval *pktp signature packet(s)
|
|
|
|
|
* @retval *pktlenp signature packet(s) length
|
2002-03-07 07:17:31 +08:00
|
|
|
* @param passPhrase private key pass phrase
|
|
|
|
|
* @return 0 on success, 1 on failure
|
1999-01-09 08:24:02 +08:00
|
|
|
*/
|
2007-10-26 19:24:14 +08:00
|
|
|
static int makeGPGSignature(const char * file, int32_t * sigTagp,
|
|
|
|
|
byte ** pktp, int32_t * pktlenp,
|
2007-09-12 01:07:39 +08:00
|
|
|
const char * passPhrase)
|
1999-01-09 08:24:02 +08:00
|
|
|
{
|
2005-03-09 21:22:48 +08:00
|
|
|
char * sigfile = alloca(strlen(file)+sizeof(".sig"));
|
1999-01-09 08:24:02 +08:00
|
|
|
int pid, status;
|
|
|
|
|
int inpipe[2];
|
2001-02-12 06:02:29 +08:00
|
|
|
FILE * fpipe;
|
2000-12-13 04:03:45 +08:00
|
|
|
struct stat st;
|
2002-01-11 03:16:54 +08:00
|
|
|
const char * cmd;
|
|
|
|
|
char *const *av;
|
2005-03-09 21:22:48 +08:00
|
|
|
pgpDig dig = NULL;
|
|
|
|
|
pgpDigParams sigp = NULL;
|
2002-01-11 03:16:54 +08:00
|
|
|
int rc;
|
1999-01-09 08:24:02 +08:00
|
|
|
|
2001-02-12 06:02:29 +08:00
|
|
|
(void) stpcpy( stpcpy(sigfile, file), ".sig");
|
1999-01-09 08:24:02 +08:00
|
|
|
|
2002-01-11 03:16:54 +08:00
|
|
|
addMacro(NULL, "__plaintext_filename", NULL, file, -1);
|
|
|
|
|
addMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
|
|
|
|
|
1999-09-18 05:08:32 +08:00
|
|
|
inpipe[0] = inpipe[1] = 0;
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) pipe(inpipe);
|
2001-10-19 21:51:20 +08:00
|
|
|
|
1999-01-09 08:24:02 +08:00
|
|
|
if (!(pid = fork())) {
|
2002-01-11 03:16:54 +08:00
|
|
|
const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
1999-03-21 05:09:47 +08:00
|
|
|
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) close(STDIN_FILENO);
|
|
|
|
|
(void) dup2(inpipe[0], 3);
|
|
|
|
|
(void) close(inpipe[1]);
|
1999-03-21 05:09:47 +08:00
|
|
|
|
2002-01-11 03:16:54 +08:00
|
|
|
if (gpg_path && *gpg_path != '\0')
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) dosetenv("GNUPGHOME", gpg_path, 1);
|
2007-04-16 20:31:04 +08:00
|
|
|
(void) dosetenv("LC_ALL", "C", 1);
|
2002-01-11 03:16:54 +08:00
|
|
|
|
2002-08-20 06:27:44 +08:00
|
|
|
unsetenv("MALLOC_CHECK_");
|
2002-01-11 03:16:54 +08:00
|
|
|
cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
|
|
|
|
|
rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
|
|
|
|
if (!rc)
|
|
|
|
|
rc = execve(av[0], av+1, environ);
|
|
|
|
|
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
|
2002-01-11 03:16:54 +08:00
|
|
|
strerror(errno));
|
2007-11-19 22:25:24 +08:00
|
|
|
_exit(RPMLOG_ERR);
|
1999-01-09 08:24:02 +08:00
|
|
|
}
|
|
|
|
|
|
2002-01-11 03:16:54 +08:00
|
|
|
delMacro(NULL, "__plaintext_filename");
|
|
|
|
|
delMacro(NULL, "__signature_filename");
|
|
|
|
|
|
1999-01-09 08:24:02 +08:00
|
|
|
fpipe = fdopen(inpipe[1], "w");
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) close(inpipe[0]);
|
2001-05-04 05:00:18 +08:00
|
|
|
if (fpipe) {
|
|
|
|
|
fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : ""));
|
|
|
|
|
(void) fclose(fpipe);
|
|
|
|
|
}
|
1999-01-09 08:24:02 +08:00
|
|
|
|
2002-01-11 03:16:54 +08:00
|
|
|
(void) waitpid(pid, &status, 0);
|
1999-01-09 08:24:02 +08:00
|
|
|
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("gpg exec failed (%d)\n"), WEXITSTATUS(status));
|
1999-01-09 08:24:02 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2000-12-13 04:03:45 +08:00
|
|
|
if (stat(sigfile, &st)) {
|
1999-01-09 08:24:02 +08:00
|
|
|
/* GPG failed to write signature */
|
2001-05-04 05:00:18 +08:00
|
|
|
if (sigfile) (void) unlink(sigfile); /* Just in case */
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("gpg failed to write signature\n"));
|
1999-01-09 08:24:02 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
*pktlenp = st.st_size;
|
2007-10-09 19:48:04 +08:00
|
|
|
rpmlog(RPMLOG_DEBUG, _("GPG sig size: %d\n"), *pktlenp);
|
2005-03-09 21:22:48 +08:00
|
|
|
*pktp = xmalloc(*pktlenp);
|
2001-10-19 21:51:20 +08:00
|
|
|
|
1999-01-09 08:24:02 +08:00
|
|
|
{ FD_t fd;
|
2002-01-11 03:16:54 +08:00
|
|
|
|
|
|
|
|
rc = 0;
|
1999-11-05 05:26:08 +08:00
|
|
|
fd = Fopen(sigfile, "r.fdio");
|
2001-05-04 05:00:18 +08:00
|
|
|
if (fd != NULL && !Ferror(fd)) {
|
2007-07-11 20:29:30 +08:00
|
|
|
rc = timedRead(fd, (void *)*pktp, *pktlenp);
|
2001-05-04 05:00:18 +08:00
|
|
|
if (sigfile) (void) unlink(sigfile);
|
|
|
|
|
(void) Fclose(fd);
|
|
|
|
|
}
|
2005-03-09 21:22:48 +08:00
|
|
|
if (rc != *pktlenp) {
|
|
|
|
|
*pktp = _free(*pktp);
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("unable to read the signature\n"));
|
1999-01-09 08:24:02 +08:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-09 19:48:04 +08:00
|
|
|
rpmlog(RPMLOG_DEBUG, _("Got %d bytes of GPG sig\n"), *pktlenp);
|
2001-10-19 21:51:20 +08:00
|
|
|
|
2005-03-09 21:22:48 +08:00
|
|
|
/* Parse the signature, change signature tag as appropriate. */
|
|
|
|
|
dig = pgpNewDig();
|
|
|
|
|
|
2005-03-13 00:36:28 +08:00
|
|
|
(void) pgpPrtPkts(*pktp, *pktlenp, dig, 0);
|
2005-03-09 21:22:48 +08:00
|
|
|
sigp = &dig->signature;
|
|
|
|
|
|
|
|
|
|
switch (*sigTagp) {
|
|
|
|
|
case RPMSIGTAG_SIZE:
|
|
|
|
|
case RPMSIGTAG_MD5:
|
|
|
|
|
case RPMSIGTAG_SHA1:
|
|
|
|
|
break;
|
|
|
|
|
case RPMSIGTAG_GPG:
|
|
|
|
|
/* XXX check MD5 hash too? */
|
|
|
|
|
if (sigp->pubkey_algo == PGPPUBKEYALGO_RSA)
|
|
|
|
|
*sigTagp = RPMSIGTAG_PGP;
|
|
|
|
|
break;
|
|
|
|
|
case RPMSIGTAG_PGP5: /* XXX legacy */
|
|
|
|
|
case RPMSIGTAG_PGP:
|
|
|
|
|
if (sigp->pubkey_algo == PGPPUBKEYALGO_DSA)
|
|
|
|
|
*sigTagp = RPMSIGTAG_GPG;
|
|
|
|
|
break;
|
|
|
|
|
case RPMSIGTAG_DSA:
|
|
|
|
|
/* XXX check MD5 hash too? */
|
|
|
|
|
if (sigp->pubkey_algo == PGPPUBKEYALGO_RSA)
|
|
|
|
|
*sigTagp = RPMSIGTAG_RSA;
|
|
|
|
|
break;
|
|
|
|
|
case RPMSIGTAG_RSA:
|
|
|
|
|
if (sigp->pubkey_algo == PGPPUBKEYALGO_DSA)
|
|
|
|
|
*sigTagp = RPMSIGTAG_DSA;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dig = pgpFreeDig(dig);
|
|
|
|
|
|
1999-01-09 08:24:02 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-07 07:17:31 +08:00
|
|
|
/**
|
|
|
|
|
* Generate header only signature(s) from a header+payload file.
|
2005-03-09 21:22:48 +08:00
|
|
|
* @param sigh signature header
|
2002-03-07 07:17:31 +08:00
|
|
|
* @param file header+payload file name
|
|
|
|
|
* @param sigTag type of signature(s) to add
|
|
|
|
|
* @param passPhrase private key pass phrase
|
|
|
|
|
* @return 0 on success, -1 on failure
|
|
|
|
|
*/
|
2007-10-26 19:24:14 +08:00
|
|
|
static int makeHDRSignature(Header sigh, const char * file, int32_t sigTag,
|
2007-09-12 01:07:39 +08:00
|
|
|
const char * passPhrase)
|
2002-03-07 07:17:31 +08:00
|
|
|
{
|
|
|
|
|
Header h = NULL;
|
|
|
|
|
FD_t fd = NULL;
|
|
|
|
|
byte * pkt;
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t pktlen;
|
2002-03-07 07:17:31 +08:00
|
|
|
const char * fn = NULL;
|
2002-07-22 06:06:19 +08:00
|
|
|
const char * SHA1 = NULL;
|
2002-03-07 07:17:31 +08:00
|
|
|
int ret = -1; /* assume failure. */
|
|
|
|
|
|
|
|
|
|
switch (sigTag) {
|
|
|
|
|
case RPMSIGTAG_SIZE:
|
|
|
|
|
case RPMSIGTAG_MD5:
|
|
|
|
|
case RPMSIGTAG_PGP5: /* XXX legacy */
|
|
|
|
|
case RPMSIGTAG_PGP:
|
|
|
|
|
case RPMSIGTAG_GPG:
|
|
|
|
|
goto exit;
|
2007-09-12 01:07:39 +08:00
|
|
|
break;
|
2002-03-07 07:17:31 +08:00
|
|
|
case RPMSIGTAG_SHA1:
|
|
|
|
|
fd = Fopen(file, "r.fdio");
|
|
|
|
|
if (fd == NULL || Ferror(fd))
|
|
|
|
|
goto exit;
|
|
|
|
|
h = headerRead(fd, HEADER_MAGIC_YES);
|
|
|
|
|
if (h == NULL)
|
|
|
|
|
goto exit;
|
|
|
|
|
(void) Fclose(fd); fd = NULL;
|
|
|
|
|
|
|
|
|
|
if (headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) {
|
|
|
|
|
DIGEST_CTX ctx;
|
|
|
|
|
void * uh;
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t uht, uhc;
|
2002-03-07 07:17:31 +08:00
|
|
|
|
|
|
|
|
if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc)
|
2002-06-20 10:19:21 +08:00
|
|
|
|| uh == NULL)
|
2002-03-07 07:17:31 +08:00
|
|
|
{
|
2002-07-14 03:08:51 +08:00
|
|
|
h = headerFree(h);
|
2002-03-07 07:17:31 +08:00
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
|
|
|
|
|
(void) rpmDigestUpdate(ctx, header_magic, sizeof(header_magic));
|
|
|
|
|
(void) rpmDigestUpdate(ctx, uh, uhc);
|
2002-07-22 06:06:19 +08:00
|
|
|
(void) rpmDigestFinal(ctx, (void **)&SHA1, NULL, 1);
|
2002-03-07 07:17:31 +08:00
|
|
|
uh = headerFreeData(uh, uht);
|
|
|
|
|
}
|
2002-07-14 03:08:51 +08:00
|
|
|
h = headerFree(h);
|
2002-03-07 07:17:31 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (SHA1 == NULL)
|
2002-03-07 07:17:31 +08:00
|
|
|
goto exit;
|
2005-03-09 21:22:48 +08:00
|
|
|
if (!headerAddEntry(sigh, RPMSIGTAG_SHA1, RPM_STRING_TYPE, SHA1, 1))
|
2002-03-07 07:17:31 +08:00
|
|
|
goto exit;
|
|
|
|
|
ret = 0;
|
|
|
|
|
break;
|
|
|
|
|
case RPMSIGTAG_DSA:
|
|
|
|
|
fd = Fopen(file, "r.fdio");
|
|
|
|
|
if (fd == NULL || Ferror(fd))
|
|
|
|
|
goto exit;
|
|
|
|
|
h = headerRead(fd, HEADER_MAGIC_YES);
|
|
|
|
|
if (h == NULL)
|
|
|
|
|
goto exit;
|
|
|
|
|
(void) Fclose(fd); fd = NULL;
|
|
|
|
|
if (makeTempFile(NULL, &fn, &fd))
|
|
|
|
|
goto exit;
|
|
|
|
|
if (headerWrite(fd, h, HEADER_MAGIC_YES))
|
|
|
|
|
goto exit;
|
|
|
|
|
(void) Fclose(fd); fd = NULL;
|
2005-03-09 21:22:48 +08:00
|
|
|
if (makeGPGSignature(fn, &sigTag, &pkt, &pktlen, passPhrase)
|
|
|
|
|
|| !headerAddEntry(sigh, sigTag, RPM_BIN_TYPE, pkt, pktlen))
|
2002-03-07 07:17:31 +08:00
|
|
|
goto exit;
|
|
|
|
|
ret = 0;
|
|
|
|
|
break;
|
2002-03-07 10:17:59 +08:00
|
|
|
case RPMSIGTAG_RSA:
|
|
|
|
|
fd = Fopen(file, "r.fdio");
|
|
|
|
|
if (fd == NULL || Ferror(fd))
|
|
|
|
|
goto exit;
|
|
|
|
|
h = headerRead(fd, HEADER_MAGIC_YES);
|
|
|
|
|
if (h == NULL)
|
|
|
|
|
goto exit;
|
|
|
|
|
(void) Fclose(fd); fd = NULL;
|
|
|
|
|
if (makeTempFile(NULL, &fn, &fd))
|
|
|
|
|
goto exit;
|
|
|
|
|
if (headerWrite(fd, h, HEADER_MAGIC_YES))
|
|
|
|
|
goto exit;
|
|
|
|
|
(void) Fclose(fd); fd = NULL;
|
2005-03-09 21:22:48 +08:00
|
|
|
if (makePGPSignature(fn, &sigTag, &pkt, &pktlen, passPhrase)
|
|
|
|
|
|| !headerAddEntry(sigh, sigTag, RPM_BIN_TYPE, pkt, pktlen))
|
2002-03-07 10:17:59 +08:00
|
|
|
goto exit;
|
|
|
|
|
ret = 0;
|
|
|
|
|
break;
|
2002-03-07 07:17:31 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
exit:
|
|
|
|
|
if (fn) {
|
|
|
|
|
(void) unlink(fn);
|
|
|
|
|
fn = _free(fn);
|
|
|
|
|
}
|
2002-07-22 06:06:19 +08:00
|
|
|
SHA1 = _free(SHA1);
|
2002-07-14 03:08:51 +08:00
|
|
|
h = headerFree(h);
|
2003-01-24 04:23:24 +08:00
|
|
|
if (fd != NULL) (void) Fclose(fd);
|
2002-03-07 07:17:31 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-26 19:24:14 +08:00
|
|
|
int rpmAddSignature(Header sigh, const char * file, int32_t sigTag,
|
2001-10-24 00:48:20 +08:00
|
|
|
const char * passPhrase)
|
1996-06-29 02:48:34 +08:00
|
|
|
{
|
2000-12-13 04:03:45 +08:00
|
|
|
struct stat st;
|
2002-03-07 07:17:31 +08:00
|
|
|
byte * pkt;
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t pktlen;
|
2002-03-07 07:17:31 +08:00
|
|
|
int ret = -1; /* assume failure. */
|
2001-10-19 21:51:20 +08:00
|
|
|
|
1996-07-08 11:27:05 +08:00
|
|
|
switch (sigTag) {
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_SIZE:
|
2002-03-07 07:17:31 +08:00
|
|
|
if (stat(file, &st) != 0)
|
|
|
|
|
break;
|
|
|
|
|
pktlen = st.st_size;
|
2005-03-09 21:22:48 +08:00
|
|
|
if (!headerAddEntry(sigh, sigTag, RPM_INT32_TYPE, &pktlen, 1))
|
2002-03-07 07:17:31 +08:00
|
|
|
break;
|
1999-07-14 07:33:02 +08:00
|
|
|
ret = 0;
|
1996-07-08 06:19:32 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_MD5:
|
2002-03-07 07:17:31 +08:00
|
|
|
pktlen = 16;
|
2003-12-23 14:25:04 +08:00
|
|
|
pkt = memset(alloca(pktlen), 0, pktlen);
|
2002-06-21 01:17:23 +08:00
|
|
|
if (domd5(file, pkt, 0, NULL)
|
2005-03-09 21:22:48 +08:00
|
|
|
|| !headerAddEntry(sigh, sigTag, RPM_BIN_TYPE, pkt, pktlen))
|
2002-03-07 07:17:31 +08:00
|
|
|
break;
|
|
|
|
|
ret = 0;
|
1996-07-08 06:19:32 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_PGP5: /* XXX legacy */
|
|
|
|
|
case RPMSIGTAG_PGP:
|
2005-03-09 21:22:48 +08:00
|
|
|
if (makePGPSignature(file, &sigTag, &pkt, &pktlen, passPhrase)
|
|
|
|
|
|| !headerAddEntry(sigh, sigTag, RPM_BIN_TYPE, pkt, pktlen))
|
2002-03-07 07:17:31 +08:00
|
|
|
break;
|
2002-03-08 06:54:43 +08:00
|
|
|
#ifdef NOTYET /* XXX needs hdrmd5ctx, like hdrsha1ctx. */
|
2002-03-07 10:17:59 +08:00
|
|
|
/* XXX Piggyback a header-only RSA signature as well. */
|
2005-03-09 21:22:48 +08:00
|
|
|
ret = makeHDRSignature(sigh, file, RPMSIGTAG_RSA, passPhrase);
|
2002-03-08 06:54:43 +08:00
|
|
|
#endif
|
2002-03-07 07:17:31 +08:00
|
|
|
ret = 0;
|
1996-07-08 06:19:32 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_GPG:
|
2005-03-09 21:22:48 +08:00
|
|
|
if (makeGPGSignature(file, &sigTag, &pkt, &pktlen, passPhrase)
|
|
|
|
|
|| !headerAddEntry(sigh, sigTag, RPM_BIN_TYPE, pkt, pktlen))
|
2002-03-07 07:17:31 +08:00
|
|
|
break;
|
|
|
|
|
/* XXX Piggyback a header-only DSA signature as well. */
|
2005-03-09 21:22:48 +08:00
|
|
|
ret = makeHDRSignature(sigh, file, RPMSIGTAG_DSA, passPhrase);
|
1999-01-09 08:24:02 +08:00
|
|
|
break;
|
2002-03-07 10:17:59 +08:00
|
|
|
case RPMSIGTAG_RSA:
|
2002-03-07 07:17:31 +08:00
|
|
|
case RPMSIGTAG_DSA:
|
|
|
|
|
case RPMSIGTAG_SHA1:
|
2005-03-09 21:22:48 +08:00
|
|
|
ret = makeHDRSignature(sigh, file, sigTag, passPhrase);
|
2002-03-04 07:09:49 +08:00
|
|
|
break;
|
1996-07-08 11:27:05 +08:00
|
|
|
}
|
|
|
|
|
|
1999-07-14 07:33:02 +08:00
|
|
|
return ret;
|
1996-07-08 11:27:05 +08:00
|
|
|
}
|
|
|
|
|
|
2001-02-12 06:02:29 +08:00
|
|
|
static int checkPassPhrase(const char * passPhrase, const int sigTag)
|
1996-02-19 10:32:11 +08:00
|
|
|
{
|
1996-06-20 11:10:44 +08:00
|
|
|
int passPhrasePipe[2];
|
|
|
|
|
int pid, status;
|
2002-01-11 03:16:54 +08:00
|
|
|
int rc;
|
2002-03-11 03:00:31 +08:00
|
|
|
int xx;
|
1996-02-19 10:32:11 +08:00
|
|
|
|
1999-09-18 05:08:32 +08:00
|
|
|
passPhrasePipe[0] = passPhrasePipe[1] = 0;
|
2002-03-11 03:00:31 +08:00
|
|
|
xx = pipe(passPhrasePipe);
|
1996-06-20 11:10:44 +08:00
|
|
|
if (!(pid = fork())) {
|
2002-03-11 03:00:31 +08:00
|
|
|
const char * cmd;
|
|
|
|
|
char *const *av;
|
|
|
|
|
int fdno;
|
|
|
|
|
|
|
|
|
|
xx = close(STDIN_FILENO);
|
|
|
|
|
xx = close(STDOUT_FILENO);
|
|
|
|
|
xx = close(passPhrasePipe[1]);
|
|
|
|
|
if (! rpmIsVerbose())
|
|
|
|
|
xx = close(STDERR_FILENO);
|
|
|
|
|
if ((fdno = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
|
|
|
|
|
xx = dup2(fdno, STDIN_FILENO);
|
|
|
|
|
xx = close(fdno);
|
1996-06-20 11:10:44 +08:00
|
|
|
}
|
2002-03-11 03:00:31 +08:00
|
|
|
if ((fdno = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
|
|
|
|
|
xx = dup2(fdno, STDOUT_FILENO);
|
|
|
|
|
xx = close(fdno);
|
1996-06-20 11:10:44 +08:00
|
|
|
}
|
2002-03-11 03:00:31 +08:00
|
|
|
xx = dup2(passPhrasePipe[0], 3);
|
1999-01-09 08:24:02 +08:00
|
|
|
|
2002-08-20 06:27:44 +08:00
|
|
|
unsetenv("MALLOC_CHECK_");
|
1999-03-22 03:11:29 +08:00
|
|
|
switch (sigTag) {
|
2002-03-04 07:09:49 +08:00
|
|
|
case RPMSIGTAG_DSA:
|
1999-03-21 05:09:47 +08:00
|
|
|
case RPMSIGTAG_GPG:
|
2002-01-11 03:16:54 +08:00
|
|
|
{ const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
|
|
|
|
|
|
|
|
|
if (gpg_path && *gpg_path != '\0')
|
|
|
|
|
(void) dosetenv("GNUPGHOME", gpg_path, 1);
|
|
|
|
|
|
|
|
|
|
cmd = rpmExpand("%{?__gpg_check_password_cmd}", NULL);
|
|
|
|
|
rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
|
|
|
|
if (!rc)
|
|
|
|
|
rc = execve(av[0], av+1, environ);
|
|
|
|
|
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
|
2002-01-11 03:16:54 +08:00
|
|
|
strerror(errno));
|
2007-09-12 01:07:39 +08:00
|
|
|
} break;
|
2002-03-07 10:17:59 +08:00
|
|
|
case RPMSIGTAG_RSA:
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_PGP5: /* XXX legacy */
|
1999-03-21 05:09:47 +08:00
|
|
|
case RPMSIGTAG_PGP:
|
2002-01-11 03:16:54 +08:00
|
|
|
{ const char *pgp_path = rpmExpand("%{?_pgp_path}", NULL);
|
1999-03-22 02:43:22 +08:00
|
|
|
const char *path;
|
1999-09-11 07:48:56 +08:00
|
|
|
pgpVersion pgpVer;
|
1999-03-22 02:43:22 +08:00
|
|
|
|
2001-05-01 06:32:22 +08:00
|
|
|
(void) dosetenv("PGPPASSFD", "3", 1);
|
2002-01-11 03:16:54 +08:00
|
|
|
if (pgp_path && *pgp_path != '\0')
|
2002-03-11 03:00:31 +08:00
|
|
|
xx = dosetenv("PGPPATH", pgp_path, 1);
|
1999-03-22 02:43:22 +08:00
|
|
|
|
1999-09-11 07:48:56 +08:00
|
|
|
if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
|
|
|
|
|
switch(pgpVer) {
|
|
|
|
|
case PGP_2:
|
2002-01-11 03:16:54 +08:00
|
|
|
cmd = rpmExpand("%{?__pgp_check_password_cmd}", NULL);
|
|
|
|
|
rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
|
|
|
|
if (!rc)
|
|
|
|
|
rc = execve(av[0], av+1, environ);
|
2007-09-12 01:07:39 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case PGP_5: /* XXX legacy */
|
2002-01-11 03:16:54 +08:00
|
|
|
cmd = rpmExpand("%{?__pgp5_check_password_cmd}", NULL);
|
|
|
|
|
rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
|
|
|
|
if (!rc)
|
|
|
|
|
rc = execve(av[0], av+1, environ);
|
2007-09-12 01:07:39 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case PGP_UNKNOWN:
|
|
|
|
|
case PGP_NOTDETECTED:
|
2007-09-12 01:07:39 +08:00
|
|
|
break;
|
1999-03-22 02:43:22 +08:00
|
|
|
}
|
|
|
|
|
}
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "pgp",
|
2002-01-11 03:16:54 +08:00
|
|
|
strerror(errno));
|
2007-11-19 22:25:24 +08:00
|
|
|
_exit(RPMLOG_ERR);
|
2007-09-12 01:07:39 +08:00
|
|
|
} break;
|
1999-03-21 05:09:47 +08:00
|
|
|
default: /* This case should have been screened out long ago. */
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("Invalid %%_signature spec in macro file\n"));
|
|
|
|
|
_exit(RPMLOG_ERR);
|
2007-09-12 01:07:39 +08:00
|
|
|
break;
|
1999-03-21 05:09:47 +08:00
|
|
|
}
|
1996-02-19 10:32:11 +08:00
|
|
|
}
|
|
|
|
|
|
2002-03-11 03:00:31 +08:00
|
|
|
xx = close(passPhrasePipe[0]);
|
|
|
|
|
xx = write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
|
|
|
|
|
xx = write(passPhrasePipe[1], "\n", 1);
|
|
|
|
|
xx = close(passPhrasePipe[1]);
|
1996-06-20 11:10:44 +08:00
|
|
|
|
2002-03-11 03:00:31 +08:00
|
|
|
(void) waitpid(pid, &status, 0);
|
1996-06-20 11:10:44 +08:00
|
|
|
|
2002-03-11 03:00:31 +08:00
|
|
|
return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
|
1996-02-19 10:32:11 +08:00
|
|
|
}
|
1999-07-14 07:33:02 +08:00
|
|
|
|
2001-05-04 05:00:18 +08:00
|
|
|
char * rpmGetPassPhrase(const char * prompt, const int sigTag)
|
1999-07-14 07:33:02 +08:00
|
|
|
{
|
2005-03-08 07:52:44 +08:00
|
|
|
char *pass = NULL;
|
|
|
|
|
int aok = 0;
|
1999-07-14 07:33:02 +08:00
|
|
|
|
|
|
|
|
switch (sigTag) {
|
2002-03-04 07:09:49 +08:00
|
|
|
case RPMSIGTAG_DSA:
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_GPG:
|
2002-01-11 03:16:54 +08:00
|
|
|
{ const char *name = rpmExpand("%{?_gpg_name}", NULL);
|
|
|
|
|
aok = (name && *name != '\0');
|
2001-04-29 09:05:43 +08:00
|
|
|
name = _free(name);
|
1999-07-14 07:33:02 +08:00
|
|
|
}
|
2005-03-08 07:52:44 +08:00
|
|
|
if (aok)
|
|
|
|
|
break;
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR,
|
2001-01-16 07:09:42 +08:00
|
|
|
_("You must set \"%%_gpg_name\" in your macro file\n"));
|
1999-07-14 07:33:02 +08:00
|
|
|
break;
|
2002-03-07 10:17:59 +08:00
|
|
|
case RPMSIGTAG_RSA:
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_PGP5: /* XXX legacy */
|
2001-10-19 21:51:20 +08:00
|
|
|
case RPMSIGTAG_PGP:
|
2002-01-11 03:16:54 +08:00
|
|
|
{ const char *name = rpmExpand("%{?_pgp_name}", NULL);
|
|
|
|
|
aok = (name && *name != '\0');
|
2001-04-29 09:05:43 +08:00
|
|
|
name = _free(name);
|
1999-07-14 07:33:02 +08:00
|
|
|
}
|
2005-03-08 07:52:44 +08:00
|
|
|
if (aok)
|
|
|
|
|
break;
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR,
|
2001-01-16 07:09:42 +08:00
|
|
|
_("You must set \"%%_pgp_name\" in your macro file\n"));
|
1999-07-14 07:33:02 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
default:
|
1999-07-14 07:33:02 +08:00
|
|
|
/* Currently the calling function (rpm.c:main) is checking this and
|
|
|
|
|
* doing a better job. This section should never be accessed.
|
|
|
|
|
*/
|
2007-11-19 22:25:24 +08:00
|
|
|
rpmlog(RPMLOG_ERR, _("Invalid %%_signature spec in macro file\n"));
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
1999-07-14 07:33:02 +08:00
|
|
|
}
|
|
|
|
|
|
2005-03-08 07:52:44 +08:00
|
|
|
if (aok) {
|
|
|
|
|
pass = getpass( (prompt ? prompt : "") );
|
1999-07-14 07:33:02 +08:00
|
|
|
|
2005-03-08 07:52:44 +08:00
|
|
|
if (checkPassPhrase(pass, sigTag))
|
|
|
|
|
pass = NULL;
|
|
|
|
|
}
|
1999-07-14 07:33:02 +08:00
|
|
|
|
|
|
|
|
return pass;
|
|
|
|
|
}
|
|
|
|
|
|
2007-09-12 01:07:39 +08:00
|
|
|
static const char * rpmSigString(rpmRC res)
|
2001-10-24 04:52:51 +08:00
|
|
|
{
|
|
|
|
|
const char * str;
|
|
|
|
|
switch (res) {
|
2002-08-24 05:01:59 +08:00
|
|
|
case RPMRC_OK: str = "OK"; break;
|
|
|
|
|
case RPMRC_FAIL: str = "BAD"; break;
|
|
|
|
|
case RPMRC_NOKEY: str = "NOKEY"; break;
|
|
|
|
|
case RPMRC_NOTTRUSTED: str = "NOTRUSTED"; break;
|
2002-03-11 03:00:31 +08:00
|
|
|
default:
|
2002-08-24 05:01:59 +08:00
|
|
|
case RPMRC_NOTFOUND: str = "UNKNOWN"; break;
|
2001-10-24 04:52:51 +08:00
|
|
|
}
|
|
|
|
|
return str;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-24 05:01:59 +08:00
|
|
|
static rpmRC
|
2007-09-12 01:07:39 +08:00
|
|
|
verifySizeSignature(const rpmts ts, char * t)
|
2001-10-20 03:51:18 +08:00
|
|
|
{
|
2002-07-22 06:06:19 +08:00
|
|
|
const void * sig = rpmtsSig(ts);
|
|
|
|
|
pgpDig dig = rpmtsDig(ts);
|
2002-08-24 05:01:59 +08:00
|
|
|
rpmRC res;
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t size = 0x7fffffff;
|
2001-10-20 03:51:18 +08:00
|
|
|
|
|
|
|
|
*t = '\0';
|
2001-10-25 09:36:32 +08:00
|
|
|
t = stpcpy(t, _("Header+Payload size: "));
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (sig == NULL || dig == NULL || dig->nbytes == 0) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
memcpy(&size, sig, sizeof(size));
|
2001-10-24 04:52:51 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (size != dig->nbytes) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_FAIL;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
2002-10-10 03:07:43 +08:00
|
|
|
sprintf(t, " Expected(%d) != (%d)\n", (int)size, (int)dig->nbytes);
|
2001-10-20 03:51:18 +08:00
|
|
|
} else {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_OK;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
2002-10-10 03:07:43 +08:00
|
|
|
sprintf(t, " (%d)", (int)dig->nbytes);
|
2001-10-20 03:51:18 +08:00
|
|
|
}
|
|
|
|
|
|
2002-03-04 07:09:49 +08:00
|
|
|
exit:
|
|
|
|
|
t = stpcpy(t, "\n");
|
2001-10-20 03:51:18 +08:00
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-24 05:01:59 +08:00
|
|
|
static rpmRC
|
2007-09-12 01:07:39 +08:00
|
|
|
verifyMD5Signature(const rpmts ts, char * t,
|
|
|
|
|
DIGEST_CTX md5ctx)
|
2001-10-20 03:51:18 +08:00
|
|
|
{
|
2002-07-22 06:06:19 +08:00
|
|
|
const void * sig = rpmtsSig(ts);
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t siglen = rpmtsSiglen(ts);
|
2002-07-22 06:06:19 +08:00
|
|
|
pgpDig dig = rpmtsDig(ts);
|
2002-08-24 05:01:59 +08:00
|
|
|
rpmRC res;
|
2001-10-20 03:51:18 +08:00
|
|
|
byte * md5sum = NULL;
|
|
|
|
|
size_t md5len = 0;
|
2001-10-24 04:52:51 +08:00
|
|
|
|
|
|
|
|
*t = '\0';
|
2001-10-25 09:36:32 +08:00
|
|
|
t = stpcpy(t, _("MD5 digest: "));
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (md5ctx == NULL || sig == NULL || dig == NULL) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
2002-03-07 07:17:31 +08:00
|
|
|
(void) rpmDigestFinal(rpmDigestDup(md5ctx),
|
2001-10-20 03:51:18 +08:00
|
|
|
(void **)&md5sum, &md5len, 0);
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
2004-10-15 08:14:29 +08:00
|
|
|
rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (md5len != siglen || memcmp(md5sum, sig, md5len)) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_FAIL;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
t = stpcpy(t, " Expected(");
|
2002-07-22 06:06:19 +08:00
|
|
|
(void) pgpHexCvt(t, sig, siglen);
|
2001-10-20 03:51:18 +08:00
|
|
|
t += strlen(t);
|
|
|
|
|
t = stpcpy(t, ") != (");
|
|
|
|
|
} else {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_OK;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
t = stpcpy(t, " (");
|
2001-10-20 03:51:18 +08:00
|
|
|
}
|
|
|
|
|
(void) pgpHexCvt(t, md5sum, md5len);
|
|
|
|
|
t += strlen(t);
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, ")");
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2002-03-04 07:09:49 +08:00
|
|
|
exit:
|
2001-10-20 03:51:18 +08:00
|
|
|
md5sum = _free(md5sum);
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, "\n");
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-07 07:17:31 +08:00
|
|
|
/**
|
|
|
|
|
* Verify header immutable region SHA1 digest.
|
|
|
|
|
* @param ts transaction set
|
|
|
|
|
* @retval t verbose success/failure text
|
2002-04-09 02:56:01 +08:00
|
|
|
* @param sha1ctx
|
2002-08-24 05:01:59 +08:00
|
|
|
* @return RPMRC_OK on success
|
2002-03-07 07:17:31 +08:00
|
|
|
*/
|
2002-08-24 05:01:59 +08:00
|
|
|
static rpmRC
|
2007-09-12 01:07:39 +08:00
|
|
|
verifySHA1Signature(const rpmts ts, char * t,
|
|
|
|
|
DIGEST_CTX sha1ctx)
|
2002-03-04 07:09:49 +08:00
|
|
|
{
|
2002-07-22 06:06:19 +08:00
|
|
|
const void * sig = rpmtsSig(ts);
|
|
|
|
|
#ifdef NOTYET
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t siglen = rpmtsSiglen(ts);
|
2002-07-22 06:06:19 +08:00
|
|
|
#endif
|
|
|
|
|
pgpDig dig = rpmtsDig(ts);
|
2002-08-24 05:01:59 +08:00
|
|
|
rpmRC res;
|
2002-07-22 06:06:19 +08:00
|
|
|
const char * SHA1 = NULL;
|
2002-03-04 07:09:49 +08:00
|
|
|
|
|
|
|
|
*t = '\0';
|
2002-03-07 07:17:31 +08:00
|
|
|
t = stpcpy(t, _("Header SHA1 digest: "));
|
2002-03-04 07:09:49 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (sha1ctx == NULL || sig == NULL || dig == NULL) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
2002-03-07 07:17:31 +08:00
|
|
|
(void) rpmDigestFinal(rpmDigestDup(sha1ctx),
|
2002-07-22 06:06:19 +08:00
|
|
|
(void **)&SHA1, NULL, 1);
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
2002-03-04 07:09:49 +08:00
|
|
|
|
2002-07-22 06:37:14 +08:00
|
|
|
if (SHA1 == NULL || strlen(SHA1) != strlen(sig) || strcmp(SHA1, sig)) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_FAIL;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
t = stpcpy(t, " Expected(");
|
2002-07-22 06:06:19 +08:00
|
|
|
t = stpcpy(t, sig);
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, ") != (");
|
|
|
|
|
} else {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_OK;
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
t = stpcpy(t, " (");
|
|
|
|
|
}
|
2002-07-22 06:06:19 +08:00
|
|
|
if (SHA1)
|
|
|
|
|
t = stpcpy(t, SHA1);
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, ")");
|
|
|
|
|
|
|
|
|
|
exit:
|
2002-07-22 06:06:19 +08:00
|
|
|
SHA1 = _free(SHA1);
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, "\n");
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-08 06:54:43 +08:00
|
|
|
/**
|
|
|
|
|
* Convert hex to binary nibble.
|
|
|
|
|
* @param c hex character
|
|
|
|
|
* @return binary nibble
|
|
|
|
|
*/
|
|
|
|
|
static inline unsigned char nibble(char c)
|
|
|
|
|
{
|
|
|
|
|
if (c >= '0' && c <= '9')
|
|
|
|
|
return (c - '0');
|
|
|
|
|
if (c >= 'A' && c <= 'F')
|
|
|
|
|
return (c - 'A') + 10;
|
|
|
|
|
if (c >= 'a' && c <= 'f')
|
|
|
|
|
return (c - 'a') + 10;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-07 07:17:31 +08:00
|
|
|
/**
|
2005-03-08 07:52:44 +08:00
|
|
|
* Verify RSA signature.
|
2002-03-07 07:17:31 +08:00
|
|
|
* @param ts transaction set
|
|
|
|
|
* @retval t verbose success/failure text
|
2002-04-09 02:56:01 +08:00
|
|
|
* @param md5ctx
|
2002-08-24 05:01:59 +08:00
|
|
|
* @return RPMRC_OK on success
|
2002-03-07 07:17:31 +08:00
|
|
|
*/
|
2002-08-24 05:01:59 +08:00
|
|
|
static rpmRC
|
2007-09-12 01:07:39 +08:00
|
|
|
verifyRSASignature(rpmts ts, char * t,
|
|
|
|
|
DIGEST_CTX md5ctx)
|
2001-10-20 03:51:18 +08:00
|
|
|
{
|
2002-07-22 06:06:19 +08:00
|
|
|
const void * sig = rpmtsSig(ts);
|
|
|
|
|
#ifdef NOTYET
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t siglen = rpmtsSiglen(ts);
|
2002-07-22 06:06:19 +08:00
|
|
|
#endif
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t sigtag = rpmtsSigtag(ts);
|
2002-07-22 06:06:19 +08:00
|
|
|
pgpDig dig = rpmtsDig(ts);
|
|
|
|
|
pgpDigParams sigp = rpmtsSignature(ts);
|
2007-11-02 16:02:40 +08:00
|
|
|
SECOidTag sigalg;
|
2005-03-13 09:39:19 +08:00
|
|
|
rpmRC res = RPMRC_OK;
|
2001-10-24 04:52:51 +08:00
|
|
|
int xx;
|
2007-11-02 16:02:40 +08:00
|
|
|
SECItem digest;
|
2001-10-20 03:51:18 +08:00
|
|
|
|
|
|
|
|
*t = '\0';
|
2005-03-13 00:00:15 +08:00
|
|
|
if (dig != NULL && dig->hdrmd5ctx == md5ctx)
|
|
|
|
|
t = stpcpy(t, _("Header "));
|
|
|
|
|
*t++ = 'V';
|
|
|
|
|
switch (sigp->version) {
|
|
|
|
|
case 3: *t++ = '3'; break;
|
|
|
|
|
case 4: *t++ = '4'; break;
|
|
|
|
|
}
|
2001-10-25 09:36:32 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (md5ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2002-03-04 07:09:49 +08:00
|
|
|
}
|
|
|
|
|
|
2005-03-08 07:52:44 +08:00
|
|
|
/* Verify the desired signature match. */
|
|
|
|
|
switch (sigp->pubkey_algo) {
|
|
|
|
|
case PGPPUBKEYALGO_RSA:
|
2005-03-09 21:22:48 +08:00
|
|
|
if (sigtag == RPMSIGTAG_PGP || sigtag == RPMSIGTAG_PGP5 || sigtag == RPMSIGTAG_RSA)
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
res = RPMRC_NOKEY;
|
2005-03-13 09:39:19 +08:00
|
|
|
break;
|
2005-03-08 07:52:44 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Verify the desired hash match. */
|
|
|
|
|
/* XXX Values from PKCS#1 v2.1 (aka RFC-3447) */
|
|
|
|
|
switch (sigp->hash_algo) {
|
|
|
|
|
case PGPHASHALGO_MD5:
|
2005-03-13 00:00:15 +08:00
|
|
|
t = stpcpy(t, " RSA/MD5");
|
2007-11-02 16:02:40 +08:00
|
|
|
sigalg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_SHA1:
|
2005-03-13 00:00:15 +08:00
|
|
|
t = stpcpy(t, " RSA/SHA1");
|
2007-11-02 16:02:40 +08:00
|
|
|
sigalg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_RIPEMD160:
|
2005-03-13 09:39:19 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_MD2:
|
2005-03-13 00:00:15 +08:00
|
|
|
t = stpcpy(t, " RSA/MD2");
|
2007-11-02 16:02:40 +08:00
|
|
|
sigalg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_TIGER192:
|
2005-03-13 09:39:19 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_HAVAL_5_160:
|
2005-03-13 09:39:19 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_SHA256:
|
2005-03-13 00:00:15 +08:00
|
|
|
t = stpcpy(t, " RSA/SHA256");
|
2007-11-02 16:02:40 +08:00
|
|
|
sigalg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_SHA384:
|
2005-03-13 00:00:15 +08:00
|
|
|
t = stpcpy(t, " RSA/SHA384");
|
2007-11-02 16:02:40 +08:00
|
|
|
sigalg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
case PGPHASHALGO_SHA512:
|
2005-03-13 00:00:15 +08:00
|
|
|
t = stpcpy(t, " RSA/SHA512");
|
2007-11-02 16:02:40 +08:00
|
|
|
sigalg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
2005-03-13 09:39:19 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2007-11-02 16:02:40 +08:00
|
|
|
sigalg = SEC_OID_UNKNOWN;
|
2005-03-08 07:52:44 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2005-03-13 09:39:19 +08:00
|
|
|
t = stpcpy(t, _(" signature: "));
|
|
|
|
|
if (res != RPMRC_OK) {
|
2002-03-04 07:09:49 +08:00
|
|
|
goto exit;
|
|
|
|
|
}
|
2001-10-25 09:36:32 +08:00
|
|
|
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
2002-03-07 07:17:31 +08:00
|
|
|
{ DIGEST_CTX ctx = rpmDigestDup(md5ctx);
|
2001-10-25 09:36:32 +08:00
|
|
|
|
2002-03-04 07:09:49 +08:00
|
|
|
if (sigp->hash != NULL)
|
|
|
|
|
xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
|
2002-03-08 06:54:43 +08:00
|
|
|
|
2005-03-08 07:52:44 +08:00
|
|
|
#ifdef NOTYET /* XXX not for binary/text signatures as in packages. */
|
|
|
|
|
if (!(sigp->sigtype == PGPSIGTYPE_BINARY || sigp->sigtype == PGP_SIGTYPE_TEXT)) {
|
2002-07-22 06:06:19 +08:00
|
|
|
int nb = dig->nbytes + sigp->hashlen;
|
2002-03-07 10:17:59 +08:00
|
|
|
byte trailer[6];
|
|
|
|
|
nb = htonl(nb);
|
|
|
|
|
trailer[0] = 0x4;
|
|
|
|
|
trailer[1] = 0xff;
|
|
|
|
|
memcpy(trailer+2, &nb, sizeof(nb));
|
|
|
|
|
xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2002-03-08 06:54:43 +08:00
|
|
|
|
2007-11-02 16:02:40 +08:00
|
|
|
xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 0);
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);
|
2004-10-15 08:14:29 +08:00
|
|
|
rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */
|
2001-10-25 09:36:32 +08:00
|
|
|
|
2002-03-08 06:54:43 +08:00
|
|
|
/* Compare leading 16 bits of digest for quick check. */
|
2007-11-02 16:02:40 +08:00
|
|
|
if (memcmp(dig->md5, sigp->signhash16, 2)) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_FAIL;
|
2002-03-08 06:54:43 +08:00
|
|
|
goto exit;
|
|
|
|
|
}
|
2007-11-02 16:02:40 +08:00
|
|
|
digest.type = siBuffer;
|
|
|
|
|
digest.data = dig->md5;
|
|
|
|
|
digest.len = dig->md5len;
|
2001-10-25 09:36:32 +08:00
|
|
|
}
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2002-03-04 07:09:49 +08:00
|
|
|
/* Retrieve the matching public key. */
|
|
|
|
|
res = rpmtsFindPubkey(ts);
|
2002-08-24 05:01:59 +08:00
|
|
|
if (res != RPMRC_OK)
|
2001-10-24 04:52:51 +08:00
|
|
|
goto exit;
|
2001-10-24 00:48:20 +08:00
|
|
|
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
|
2007-11-02 16:02:40 +08:00
|
|
|
if (VFY_VerifyDigest(&digest, dig->rsa, dig->rsasig, sigalg, NULL) == SECSuccess)
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_OK;
|
2002-03-04 07:09:49 +08:00
|
|
|
else
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_FAIL;
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2001-10-24 04:52:51 +08:00
|
|
|
exit:
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
if (sigp != NULL) {
|
|
|
|
|
t = stpcpy(t, ", key ID ");
|
|
|
|
|
(void) pgpHexCvt(t, sigp->signid+4, sizeof(sigp->signid)-4);
|
|
|
|
|
t += strlen(t);
|
|
|
|
|
}
|
2001-10-24 04:52:51 +08:00
|
|
|
t = stpcpy(t, "\n");
|
2001-10-20 03:51:18 +08:00
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-07 07:17:31 +08:00
|
|
|
/**
|
2005-03-08 07:52:44 +08:00
|
|
|
* Verify DSA signature.
|
2002-03-07 07:17:31 +08:00
|
|
|
* @param ts transaction set
|
|
|
|
|
* @retval t verbose success/failure text
|
2002-04-09 02:56:01 +08:00
|
|
|
* @param sha1ctx
|
2002-08-24 05:01:59 +08:00
|
|
|
* @return RPMRC_OK on success
|
2002-03-07 07:17:31 +08:00
|
|
|
*/
|
2002-08-24 05:01:59 +08:00
|
|
|
static rpmRC
|
2007-09-12 01:07:39 +08:00
|
|
|
verifyDSASignature(rpmts ts, char * t,
|
|
|
|
|
DIGEST_CTX sha1ctx)
|
2001-10-20 03:51:18 +08:00
|
|
|
{
|
2002-07-22 06:06:19 +08:00
|
|
|
const void * sig = rpmtsSig(ts);
|
|
|
|
|
#ifdef NOTYET
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t siglen = rpmtsSiglen(ts);
|
2002-07-22 06:06:19 +08:00
|
|
|
#endif
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t sigtag = rpmtsSigtag(ts);
|
2002-07-22 06:06:19 +08:00
|
|
|
pgpDig dig = rpmtsDig(ts);
|
|
|
|
|
pgpDigParams sigp = rpmtsSignature(ts);
|
2002-08-24 05:01:59 +08:00
|
|
|
rpmRC res;
|
2001-10-24 04:52:51 +08:00
|
|
|
int xx;
|
2007-11-02 16:02:40 +08:00
|
|
|
SECItem digest;
|
2001-10-20 03:51:18 +08:00
|
|
|
|
|
|
|
|
*t = '\0';
|
2002-07-22 06:06:19 +08:00
|
|
|
if (dig != NULL && dig->hdrsha1ctx == sha1ctx)
|
2002-03-07 07:17:31 +08:00
|
|
|
t = stpcpy(t, _("Header "));
|
2005-03-13 00:00:15 +08:00
|
|
|
*t++ = 'V';
|
|
|
|
|
switch (sigp->version) {
|
2005-03-13 09:39:19 +08:00
|
|
|
case 3: *t++ = '3'; break;
|
|
|
|
|
case 4: *t++ = '4'; break;
|
2005-03-13 00:00:15 +08:00
|
|
|
}
|
|
|
|
|
t = stpcpy(t, _(" DSA signature: "));
|
2001-10-25 09:36:32 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (sha1ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2002-03-04 07:09:49 +08:00
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
/* XXX sanity check on sigtag and signature agreement. */
|
|
|
|
|
if (!((sigtag == RPMSIGTAG_GPG || sigtag == RPMSIGTAG_DSA)
|
2002-03-04 07:09:49 +08:00
|
|
|
&& sigp->pubkey_algo == PGPPUBKEYALGO_DSA
|
|
|
|
|
&& sigp->hash_algo == PGPHASHALGO_SHA1))
|
|
|
|
|
{
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOKEY;
|
2002-03-04 07:09:49 +08:00
|
|
|
goto exit;
|
|
|
|
|
}
|
2001-10-25 09:36:32 +08:00
|
|
|
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
2002-03-07 07:17:31 +08:00
|
|
|
{ DIGEST_CTX ctx = rpmDigestDup(sha1ctx);
|
2001-10-25 09:36:32 +08:00
|
|
|
|
2002-03-04 07:09:49 +08:00
|
|
|
if (sigp->hash != NULL)
|
|
|
|
|
xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
|
2002-03-07 07:17:31 +08:00
|
|
|
|
2005-02-03 02:47:42 +08:00
|
|
|
if (sigp->version == 4) {
|
|
|
|
|
int nb = sigp->hashlen;
|
2002-03-07 07:17:31 +08:00
|
|
|
byte trailer[6];
|
|
|
|
|
nb = htonl(nb);
|
2005-02-03 02:47:42 +08:00
|
|
|
trailer[0] = sigp->version;
|
2002-03-07 07:17:31 +08:00
|
|
|
trailer[1] = 0xff;
|
|
|
|
|
memcpy(trailer+2, &nb, sizeof(nb));
|
|
|
|
|
xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
|
|
|
|
|
}
|
2007-11-02 16:02:40 +08:00
|
|
|
xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0);
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);
|
2004-10-15 08:14:29 +08:00
|
|
|
rpmtsOp(ts, RPMTS_OP_DIGEST)->count--; /* XXX one too many */
|
2002-02-28 23:48:39 +08:00
|
|
|
|
2002-03-11 03:00:31 +08:00
|
|
|
/* Compare leading 16 bits of digest for quick check. */
|
2007-11-02 16:02:40 +08:00
|
|
|
if (memcmp(dig->sha1, sigp->signhash16, 2)) {
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_FAIL;
|
2002-03-07 10:17:59 +08:00
|
|
|
goto exit;
|
|
|
|
|
}
|
2007-11-02 16:02:40 +08:00
|
|
|
digest.type = siBuffer;
|
|
|
|
|
digest.data = dig->sha1;
|
|
|
|
|
digest.len = dig->sha1len;
|
2001-10-25 09:36:32 +08:00
|
|
|
}
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2002-03-04 07:09:49 +08:00
|
|
|
/* Retrieve the matching public key. */
|
|
|
|
|
res = rpmtsFindPubkey(ts);
|
2002-08-24 05:01:59 +08:00
|
|
|
if (res != RPMRC_OK)
|
2001-10-24 04:52:51 +08:00
|
|
|
goto exit;
|
2001-10-24 00:48:20 +08:00
|
|
|
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
|
2007-11-02 16:02:40 +08:00
|
|
|
if (VFY_VerifyDigest(&digest, dig->dsa, dig->dsasig,
|
|
|
|
|
SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, NULL) == SECSuccess)
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_OK;
|
2002-03-04 07:09:49 +08:00
|
|
|
else
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_FAIL;
|
2003-04-09 05:42:55 +08:00
|
|
|
(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
|
2001-10-20 03:51:18 +08:00
|
|
|
|
2001-10-24 04:52:51 +08:00
|
|
|
exit:
|
2002-03-04 07:09:49 +08:00
|
|
|
t = stpcpy(t, rpmSigString(res));
|
|
|
|
|
if (sigp != NULL) {
|
|
|
|
|
t = stpcpy(t, ", key ID ");
|
|
|
|
|
(void) pgpHexCvt(t, sigp->signid+4, sizeof(sigp->signid)-4);
|
|
|
|
|
t += strlen(t);
|
|
|
|
|
}
|
2001-10-24 04:52:51 +08:00
|
|
|
t = stpcpy(t, "\n");
|
2001-10-20 03:51:18 +08:00
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-24 05:01:59 +08:00
|
|
|
rpmRC
|
2002-05-20 02:42:25 +08:00
|
|
|
rpmVerifySignature(const rpmts ts, char * result)
|
1999-07-14 07:33:02 +08:00
|
|
|
{
|
2002-07-22 06:06:19 +08:00
|
|
|
const void * sig = rpmtsSig(ts);
|
2007-10-26 19:24:14 +08:00
|
|
|
int32_t siglen = rpmtsSiglen(ts);
|
|
|
|
|
int32_t sigtag = rpmtsSigtag(ts);
|
2002-07-22 06:06:19 +08:00
|
|
|
pgpDig dig = rpmtsDig(ts);
|
2002-08-24 05:01:59 +08:00
|
|
|
rpmRC res;
|
2001-10-24 04:52:51 +08:00
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
if (sig == NULL || siglen <= 0 || dig == NULL) {
|
2001-10-25 09:36:32 +08:00
|
|
|
sprintf(result, _("Verify signature: BAD PARAMETERS\n"));
|
2002-08-24 05:01:59 +08:00
|
|
|
return RPMRC_NOTFOUND;
|
2001-10-24 04:52:51 +08:00
|
|
|
}
|
|
|
|
|
|
2002-07-22 06:06:19 +08:00
|
|
|
switch (sigtag) {
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_SIZE:
|
2001-10-25 09:36:32 +08:00
|
|
|
res = verifySizeSignature(ts, result);
|
2001-10-20 03:51:18 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_MD5:
|
2002-07-22 06:06:19 +08:00
|
|
|
res = verifyMD5Signature(ts, result, dig->md5ctx);
|
2001-10-20 03:51:18 +08:00
|
|
|
break;
|
2002-03-04 07:09:49 +08:00
|
|
|
case RPMSIGTAG_SHA1:
|
2002-07-22 06:06:19 +08:00
|
|
|
res = verifySHA1Signature(ts, result, dig->hdrsha1ctx);
|
2002-03-04 07:09:49 +08:00
|
|
|
break;
|
2002-03-07 10:17:59 +08:00
|
|
|
case RPMSIGTAG_RSA:
|
2005-03-12 23:16:42 +08:00
|
|
|
res = verifyRSASignature(ts, result, dig->hdrmd5ctx);
|
|
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_PGP5: /* XXX legacy */
|
|
|
|
|
case RPMSIGTAG_PGP:
|
2005-03-13 09:39:19 +08:00
|
|
|
res = verifyRSASignature(ts, result,
|
|
|
|
|
((dig->signature.hash_algo == PGPHASHALGO_MD5)
|
|
|
|
|
? dig->md5ctx : dig->sha1ctx));
|
2001-10-20 03:51:18 +08:00
|
|
|
break;
|
2002-03-04 07:09:49 +08:00
|
|
|
case RPMSIGTAG_DSA:
|
2005-03-08 07:52:44 +08:00
|
|
|
res = verifyDSASignature(ts, result, dig->hdrsha1ctx);
|
2002-03-07 07:17:31 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
case RPMSIGTAG_GPG:
|
2005-03-08 07:52:44 +08:00
|
|
|
res = verifyDSASignature(ts, result, dig->sha1ctx);
|
2001-10-20 03:51:18 +08:00
|
|
|
break;
|
2001-09-26 04:51:34 +08:00
|
|
|
case RPMSIGTAG_LEMD5_1:
|
|
|
|
|
case RPMSIGTAG_LEMD5_2:
|
2001-10-25 09:36:32 +08:00
|
|
|
sprintf(result, _("Broken MD5 digest: UNSUPPORTED\n"));
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOTFOUND;
|
2001-10-20 03:51:18 +08:00
|
|
|
break;
|
1999-09-11 07:48:56 +08:00
|
|
|
default:
|
2002-07-22 06:06:19 +08:00
|
|
|
sprintf(result, _("Signature: UNKNOWN (%d)\n"), sigtag);
|
2002-08-24 05:01:59 +08:00
|
|
|
res = RPMRC_NOTFOUND;
|
2001-10-20 03:51:18 +08:00
|
|
|
break;
|
1999-07-14 07:33:02 +08:00
|
|
|
}
|
2001-10-20 03:51:18 +08:00
|
|
|
return res;
|
1999-07-14 07:33:02 +08:00
|
|
|
}
|
