Add support for RSA on sha1/sha256/sha384/sha512.
CVS patchset: 7804 CVS date: 2005/03/13 01:39:19
This commit is contained in:
jbj
parent
48972a87c8
commit
42981d3ccd
|
|
@ -554,7 +554,7 @@ verifyinfo_exit:
|
|||
ildl[1] = htonl(ildl[1]);
|
||||
|
||||
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
||||
dig->hdrmd5ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE);
|
||||
dig->hdrmd5ctx = rpmDigestInit(dig->signature.hash_algo, RPMDIGEST_NONE);
|
||||
|
||||
b = (unsigned char *) header_magic;
|
||||
nb = sizeof(header_magic);
|
||||
|
|
@ -929,7 +929,7 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
|
|||
if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc))
|
||||
break;
|
||||
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
||||
dig->hdrmd5ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE);
|
||||
dig->hdrmd5ctx = rpmDigestInit(dig->signature.hash_algo, RPMDIGEST_NONE);
|
||||
(void) rpmDigestUpdate(dig->hdrmd5ctx, header_magic, sizeof(header_magic));
|
||||
dig->nbytes += sizeof(header_magic);
|
||||
(void) rpmDigestUpdate(dig->hdrmd5ctx, uh, uhc);
|
||||
|
|
@ -999,17 +999,23 @@ rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
|
|||
/* XXX Steal the digest-in-progress from the file handle. */
|
||||
for (i = fd->ndigests - 1; i >= 0; i--) {
|
||||
FDDIGEST_t fddig = fd->digests + i;
|
||||
if (fddig->hashctx == NULL)
|
||||
continue;
|
||||
if (fddig->hashalgo == PGPHASHALGO_MD5) {
|
||||
if (fddig->hashctx != NULL)
|
||||
switch (fddig->hashalgo) {
|
||||
case PGPHASHALGO_MD5:
|
||||
dig->md5ctx = fddig->hashctx;
|
||||
fddig->hashctx = NULL;
|
||||
continue;
|
||||
}
|
||||
if (fddig->hashalgo == PGPHASHALGO_SHA1) {
|
||||
/*@switchbreak@*/ break;
|
||||
case PGPHASHALGO_SHA1:
|
||||
#if HAVE_BEECRYPT_API_H
|
||||
case PGPHASHALGO_SHA256:
|
||||
case PGPHASHALGO_SHA384:
|
||||
case PGPHASHALGO_SHA512:
|
||||
#endif
|
||||
dig->sha1ctx = fddig->hashctx;
|
||||
fddig->hashctx = NULL;
|
||||
continue;
|
||||
/*@switchbreak@*/ break;
|
||||
default:
|
||||
/*@switchbreak@*/ break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -661,7 +661,7 @@ static int readFile(FD_t fd, const char * fn, pgpDig dig)
|
|||
dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
|
||||
(void) rpmDigestUpdate(dig->hdrsha1ctx, header_magic, sizeof(header_magic));
|
||||
(void) rpmDigestUpdate(dig->hdrsha1ctx, uh, uhc);
|
||||
dig->hdrmd5ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE);
|
||||
dig->hdrmd5ctx = rpmDigestInit(dig->signature.hash_algo, RPMDIGEST_NONE);
|
||||
(void) rpmDigestUpdate(dig->hdrmd5ctx, header_magic, sizeof(header_magic));
|
||||
(void) rpmDigestUpdate(dig->hdrmd5ctx, uh, uhc);
|
||||
uh = headerFreeData(uh, uht);
|
||||
|
|
@ -680,19 +680,25 @@ static int readFile(FD_t fd, const char * fn, pgpDig dig)
|
|||
/* XXX Steal the digest-in-progress from the file handle. */
|
||||
for (i = fd->ndigests - 1; i >= 0; i--) {
|
||||
FDDIGEST_t fddig = fd->digests + i;
|
||||
if (fddig->hashctx == NULL)
|
||||
continue;
|
||||
if (fddig->hashalgo == PGPHASHALGO_MD5) {
|
||||
if (fddig->hashctx != NULL)
|
||||
switch (fddig->hashalgo) {
|
||||
case PGPHASHALGO_MD5:
|
||||
assert(dig->md5ctx == NULL);
|
||||
dig->md5ctx = fddig->hashctx;
|
||||
fddig->hashctx = NULL;
|
||||
continue;
|
||||
}
|
||||
if (fddig->hashalgo == PGPHASHALGO_SHA1) {
|
||||
/*@switchbreak@*/ break;
|
||||
case PGPHASHALGO_SHA1:
|
||||
#if HAVE_BEECRYPT_API_H
|
||||
case PGPHASHALGO_SHA256:
|
||||
case PGPHASHALGO_SHA384:
|
||||
case PGPHASHALGO_SHA512:
|
||||
#endif
|
||||
assert(dig->sha1ctx == NULL);
|
||||
dig->sha1ctx = fddig->hashctx;
|
||||
fddig->hashctx = NULL;
|
||||
continue;
|
||||
/*@switchbreak@*/ break;
|
||||
default:
|
||||
/*@switchbreak@*/ break;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -785,6 +791,21 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
|
|||
sigtag = RPMSIGTAG_SHA1; /* XXX never happens */
|
||||
}
|
||||
|
||||
dig = rpmtsDig(ts);
|
||||
sigp = rpmtsSignature(ts);
|
||||
|
||||
/* XXX RSA needs the hash_algo, so decode early. */
|
||||
if (sigtag == RPMSIGTAG_RSA) {
|
||||
xx = headerGetEntry(sigh, sigtag, &sigtype, &sig, &siglen);
|
||||
xx = pgpPrtPkts(sig, siglen, dig, 0);
|
||||
sig = headerFreeData(sig, sigtype);
|
||||
/* XXX assume same hash_algo in header-only and header+payload */
|
||||
if ((headerIsEntry(sigh, RPMSIGTAG_PGP)
|
||||
|| headerIsEntry(sigh, RPMSIGTAG_PGP5))
|
||||
&& dig->signature.hash_algo != PGPHASHALGO_MD5)
|
||||
fdInitDigest(fd, dig->signature.hash_algo, 0);
|
||||
}
|
||||
|
||||
if (headerIsEntry(sigh, RPMSIGTAG_PGP)
|
||||
|| headerIsEntry(sigh, RPMSIGTAG_PGP5)
|
||||
|| headerIsEntry(sigh, RPMSIGTAG_MD5))
|
||||
|
|
@ -792,9 +813,6 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
|
|||
if (headerIsEntry(sigh, RPMSIGTAG_GPG))
|
||||
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
|
||||
|
||||
dig = rpmtsDig(ts);
|
||||
sigp = rpmtsSignature(ts);
|
||||
|
||||
/* Read the file, generating digest(s) on the fly. */
|
||||
if (dig == NULL || sigp == NULL || readFile(fd, fn, dig)) {
|
||||
res++;
|
||||
|
|
|
|||
|
|
@ -1209,7 +1209,7 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
|
|||
pgpDig dig = rpmtsDig(ts);
|
||||
pgpDigParams sigp = rpmtsSignature(ts);
|
||||
const char * prefix = NULL;
|
||||
rpmRC res;
|
||||
rpmRC res = RPMRC_OK;
|
||||
int xx;
|
||||
|
||||
*t = '\0';
|
||||
|
|
@ -1223,7 +1223,6 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
|
|||
|
||||
if (md5ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
|
||||
res = RPMRC_NOKEY;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* Verify the desired signature match. */
|
||||
|
|
@ -1234,8 +1233,7 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
|
|||
/*@fallthrough@*/
|
||||
default:
|
||||
res = RPMRC_NOKEY;
|
||||
goto exit;
|
||||
/*@notreached@*/ break;
|
||||
break;
|
||||
}
|
||||
|
||||
/* Verify the desired hash match. */
|
||||
|
|
@ -1250,6 +1248,7 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
|
|||
prefix = "3021300906052b0e03021a05000414";
|
||||
break;
|
||||
case PGPHASHALGO_RIPEMD160:
|
||||
res = RPMRC_NOKEY;
|
||||
prefix = NULL;
|
||||
break;
|
||||
case PGPHASHALGO_MD2:
|
||||
|
|
@ -1257,9 +1256,11 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
|
|||
prefix = "3020300c06082a864886f70d020205000410";
|
||||
break;
|
||||
case PGPHASHALGO_TIGER192:
|
||||
res = RPMRC_NOKEY;
|
||||
prefix = NULL;
|
||||
break;
|
||||
case PGPHASHALGO_HAVAL_5_160:
|
||||
res = RPMRC_NOKEY;
|
||||
prefix = NULL;
|
||||
break;
|
||||
case PGPHASHALGO_SHA256:
|
||||
|
|
@ -1275,15 +1276,15 @@ verifyRSASignature(rpmts ts, /*@out@*/ char * t,
|
|||
prefix = "3051300d060960864801650304020305000440";
|
||||
break;
|
||||
default:
|
||||
res = RPMRC_NOKEY;
|
||||
prefix = NULL;
|
||||
break;
|
||||
}
|
||||
|
||||
if (prefix == NULL) {
|
||||
res = RPMRC_NOKEY;
|
||||
t = stpcpy(t, _(" signature: "));
|
||||
if (res != RPMRC_OK) {
|
||||
goto exit;
|
||||
}
|
||||
t = stpcpy(t, _(" signature: "));
|
||||
|
||||
(void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
|
||||
{ DIGEST_CTX ctx = rpmDigestDup(md5ctx);
|
||||
|
|
@ -1399,8 +1400,8 @@ verifyDSASignature(rpmts ts, /*@out@*/ char * t,
|
|||
t = stpcpy(t, _("Header "));
|
||||
*t++ = 'V';
|
||||
switch (sigp->version) {
|
||||
case 3: *t++ = '3'; break;
|
||||
case 4: *t++ = '4'; break;
|
||||
case 3: *t++ = '3'; break;
|
||||
case 4: *t++ = '4'; break;
|
||||
}
|
||||
t = stpcpy(t, _(" DSA signature: "));
|
||||
|
||||
|
|
@ -1503,7 +1504,9 @@ rpmVerifySignature(const rpmts ts, char * result)
|
|||
break;
|
||||
case RPMSIGTAG_PGP5: /* XXX legacy */
|
||||
case RPMSIGTAG_PGP:
|
||||
res = verifyRSASignature(ts, result, dig->md5ctx);
|
||||
res = verifyRSASignature(ts, result,
|
||||
((dig->signature.hash_algo == PGPHASHALGO_MD5)
|
||||
? dig->md5ctx : dig->sha1ctx));
|
||||
break;
|
||||
case RPMSIGTAG_DSA:
|
||||
res = verifyDSASignature(ts, result, dig->hdrsha1ctx);
|
||||
|
|
|
|||
Loading…
Reference in New Issue