folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rpm/lib/signature.c

966 lines
24 KiB
C
Raw Blame History

/** \ingroup signature
* \file lib/signature.c
*/
#include "system.h"
#include "rpmio_internal.h"
#include <rpmlib.h>
#include <rpmmacro.h> /* XXX for rpmGetPath() */
#include "misc.h" /* XXX for dosetenv() and makeTempFile() */
#include "rpmlead.h"
#include "signature.h"
#include "debug.h"
/*@access Header@*/ /* XXX compared with NULL */
/*@access FD_t@*/ /* XXX compared with NULL */
/*@access rpmDigest@*/
int rpmLookupSignatureType(int action)
{
static int disabled = 0;
int rc = 0;
switch (action) {
case RPMLOOKUPSIG_DISABLE:
disabled = -2;
break;
case RPMLOOKUPSIG_ENABLE:
disabled = 0;
/*@fallthrough@*/
case RPMLOOKUPSIG_QUERY:
if (disabled)
break; /* Disabled */
{ const char *name = rpmExpand("%{_signature}", NULL);
if (!(name && *name != '%'))
rc = 0;
else if (!xstrcasecmp(name, "none"))
rc = 0;
else if (!xstrcasecmp(name, "pgp"))
rc = RPMSIGTAG_PGP;
else if (!xstrcasecmp(name, "pgp5")) /* XXX legacy */
rc = RPMSIGTAG_PGP;
else if (!xstrcasecmp(name, "gpg"))
rc = RPMSIGTAG_GPG;
else
rc = -1; /* Invalid %_signature spec in macro file */
name = _free(name);
} break;
}
return rc;
}
/* rpmDetectPGPVersion() returns the absolute path to the "pgp" */
/* executable of the requested version, or NULL when none found. */
const char * rpmDetectPGPVersion(pgpVersion * pgpVer)
{
/* Actually this should support having more then one pgp version. */
/* At the moment only one version is possible since we only */
/* have one %_pgpbin and one %_pgp_path. */
static pgpVersion saved_pgp_version = PGP_UNKNOWN;
const char *pgpbin = rpmGetPath("%{_pgpbin}", NULL);
if (saved_pgp_version == PGP_UNKNOWN) {
char *pgpvbin;
struct stat st;
if (!(pgpbin && pgpbin[0] != '%')) {
pgpbin = _free(pgpbin);
saved_pgp_version = -1;
return NULL;
}
pgpvbin = (char *)alloca(strlen(pgpbin) + sizeof("v"));
(void)stpcpy(stpcpy(pgpvbin, pgpbin), "v");
if (stat(pgpvbin, &st) == 0)
saved_pgp_version = PGP_5;
else if (stat(pgpbin, &st) == 0)
saved_pgp_version = PGP_2;
else
saved_pgp_version = PGP_NOTDETECTED;
}
if (pgpVer && pgpbin)
*pgpVer = saved_pgp_version;
return pgpbin;
}
/**
* Check package size.
* @todo rpmio: use fdSize rather than fstat(2) to get file size.
* @param fd package file handle
* @param siglen signature header size
* @param pad signature padding
* @param datalen length of header+payload
* @return rpmRC return code
*/
static inline rpmRC checkSize(FD_t fd, int siglen, int pad, int datalen)
/*@globals fileSystem @*/
/*@modifies fileSystem @*/
{
struct stat st;
rpmRC rc;
if (fstat(Fileno(fd), &st))
return RPMRC_FAIL;
if (!S_ISREG(st.st_mode)) {
rpmMessage(RPMMESS_DEBUG,
_("file is not regular -- skipping size check\n"));
return RPMRC_OK;
}
/*@-sizeoftype@*/
rc = (((sizeof(struct rpmlead) + siglen + pad + datalen) - st.st_size)
? RPMRC_BADSIZE : RPMRC_OK);
rpmMessage((rc == RPMRC_OK ? RPMMESS_DEBUG : RPMMESS_WARNING),
_("Expected size: %12d = lead(%d)+sigs(%d)+pad(%d)+data(%d)\n"),
(int)sizeof(struct rpmlead)+siglen+pad+datalen,
(int)sizeof(struct rpmlead), siglen, pad, datalen);
/*@=sizeoftype@*/
rpmMessage((rc == RPMRC_OK ? RPMMESS_DEBUG : RPMMESS_WARNING),
_(" Actual size: %12d\n"), (int)st.st_size);
return rc;
}
rpmRC rpmReadSignature(FD_t fd, Header * headerp, sigType sig_type)
{
byte buf[2048];
int sigSize, pad;
int_32 type, count;
int_32 *archSize;
Header h = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
if (headerp)
*headerp = NULL;
buf[0] = 0;
switch (sig_type) {
case RPMSIGTYPE_NONE:
rpmMessage(RPMMESS_DEBUG, _("No signature\n"));
rc = RPMRC_OK;
break;
case RPMSIGTYPE_PGP262_1024:
rpmMessage(RPMMESS_DEBUG, _("Old PGP signature\n"));
/* These are always 256 bytes */
/*@-type@*/ /* FIX: eliminate timedRead @*/
if (timedRead(fd, buf, 256) != 256)
break;
/*@=type@*/
h = headerNew();
(void) headerAddEntry(h, RPMSIGTAG_PGP, RPM_BIN_TYPE, buf, 152);
rc = RPMRC_OK;
break;
case RPMSIGTYPE_MD5:
case RPMSIGTYPE_MD5_PGP:
rpmError(RPMERR_BADSIGTYPE,
_("Old (internal-only) signature! How did you get that!?\n"));
break;
case RPMSIGTYPE_HEADERSIG:
case RPMSIGTYPE_DISABLE:
/* This is a new style signature */
h = headerRead(fd, HEADER_MAGIC_YES);
if (h == NULL)
break;
rc = RPMRC_OK;
sigSize = headerSizeof(h, HEADER_MAGIC_YES);
/* XXX Legacy headers have a HEADER_IMAGE tag added. */
if (headerIsEntry(h, RPMTAG_HEADERIMAGE))
sigSize -= (16 + 16);
pad = (8 - (sigSize % 8)) % 8; /* 8-byte pad */
if (sig_type == RPMSIGTYPE_HEADERSIG) {
if (! headerGetEntry(h, RPMSIGTAG_SIZE, &type,
(void **)&archSize, &count))
break;
rc = checkSize(fd, sigSize, pad, *archSize);
}
/*@-type@*/ /* FIX: eliminate timedRead @*/
if (pad && timedRead(fd, buf, pad) != pad)
rc = RPMRC_SHORTREAD;
/*@=type@*/
break;
default:
break;
}
if (headerp && rc == 0)
*headerp = h;
else
h = headerFree(h);
return rc;
}
int rpmWriteSignature(FD_t fd, Header h)
{
static byte buf[8] = "\000\000\000\000\000\000\000\000";
int sigSize, pad;
int rc;
rc = headerWrite(fd, h, HEADER_MAGIC_YES);
if (rc)
return rc;
sigSize = headerSizeof(h, HEADER_MAGIC_YES);
pad = (8 - (sigSize % 8)) % 8;
if (pad) {
if (Fwrite(buf, sizeof(buf[0]), pad, fd) != pad)
rc = 1;
}
rpmMessage(RPMMESS_DEBUG, _("Signature: size(%d)+pad(%d)\n"), sigSize, pad);
return rc;
}
Header rpmNewSignature(void)
{
Header h = headerNew();
return h;
}
Header rpmFreeSignature(Header h)
{
return headerFree(h);
}
static int makePGPSignature(const char * file, /*@out@*/ void ** sig,
/*@out@*/ int_32 * size, /*@null@*/ const char * passPhrase)
/*@globals rpmGlobalMacroContext,
fileSystem @*/
/*@modifies *sig, *size, rpmGlobalMacroContext,
fileSystem @*/
{
char * sigfile = alloca(1024);
int pid, status;
int inpipe[2];
struct stat st;
(void) stpcpy( stpcpy(sigfile, file), ".sig");
inpipe[0] = inpipe[1] = 0;
(void) pipe(inpipe);
if (!(pid = fork())) {
const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
const char *path;
pgpVersion pgpVer;
(void) close(STDIN_FILENO);
(void) dup2(inpipe[0], 3);
(void) close(inpipe[1]);
(void) dosetenv("PGPPASSFD", "3", 1);
if (pgp_path && *pgp_path != '%')
(void) dosetenv("PGPPATH", pgp_path, 1);
/* dosetenv("PGPPASS", passPhrase, 1); */
if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
switch(pgpVer) {
case PGP_2:
(void) execlp(path, "pgp", "+batchmode=on", "+verbose=0", "+armor=off",
name, "-sb", file, sigfile, NULL);
break;
case PGP_5:
(void) execlp(path,"pgps", "+batchmode=on", "+verbose=0", "+armor=off",
name, "-b", file, "-o", sigfile, NULL);
break;
case PGP_UNKNOWN:
case PGP_NOTDETECTED:
break;
}
}
rpmError(RPMERR_EXEC, _("Couldn't exec pgp (%s)\n"),
(path ? path : NULL));
_exit(RPMERR_EXEC);
}
(void) close(inpipe[0]);
if (passPhrase)
(void) write(inpipe[1], passPhrase, strlen(passPhrase));
(void) write(inpipe[1], "\n", 1);
(void) close(inpipe[1]);
(void)waitpid(pid, &status, 0);
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
rpmError(RPMERR_SIGGEN, _("pgp failed\n"));
return 1;
}
if (stat(sigfile, &st)) {
/* PGP failed to write signature */
if (sigfile) (void) unlink(sigfile); /* Just in case */
rpmError(RPMERR_SIGGEN, _("pgp failed to write signature\n"));
return 1;
}
*size = st.st_size;
rpmMessage(RPMMESS_DEBUG, _("PGP sig size: %d\n"), *size);
*sig = xmalloc(*size);
{ FD_t fd;
int rc = 0;
fd = Fopen(sigfile, "r.fdio");
if (fd != NULL && !Ferror(fd)) {
/*@-type@*/ /* FIX: eliminate timedRead @*/
rc = timedRead(fd, *sig, *size);
/*@=type@*/
if (sigfile) (void) unlink(sigfile);
(void) Fclose(fd);
}
if (rc != *size) {
*sig = _free(*sig);
rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
return 1;
}
}
rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of PGP sig\n"), *size);
return 0;
}
/* This is an adaptation of the makePGPSignature function to use GPG instead
* of PGP to create signatures. I think I've made all the changes necessary,
* but this could be a good place to start looking if errors in GPG signature
* creation crop up.
*/
static int makeGPGSignature(const char * file, /*@out@*/ void ** sig,
/*@out@*/ int_32 * size, /*@null@*/ const char * passPhrase)
/*@globals rpmGlobalMacroContext,
fileSystem @*/
/*@modifies *sig, *size, rpmGlobalMacroContext,
fileSystem @*/
{
char * sigfile = alloca(1024);
int pid, status;
int inpipe[2];
FILE * fpipe;
struct stat st;
(void) stpcpy( stpcpy(sigfile, file), ".sig");
inpipe[0] = inpipe[1] = 0;
(void) pipe(inpipe);
if (!(pid = fork())) {
const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
const char *name = rpmExpand("%{_gpg_name}", NULL);
(void) close(STDIN_FILENO);
(void) dup2(inpipe[0], 3);
(void) close(inpipe[1]);
if (gpg_path && *gpg_path != '%')
(void) dosetenv("GNUPGHOME", gpg_path, 1);
(void) execlp("gpg", "gpg",
"--batch", "--no-verbose", "--no-armor", "--passphrase-fd", "3",
"-u", name, "-sbo", sigfile, file,
NULL);
rpmError(RPMERR_EXEC, _("Couldn't exec gpg\n"));
_exit(RPMERR_EXEC);
}
fpipe = fdopen(inpipe[1], "w");
(void) close(inpipe[0]);
if (fpipe) {
fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : ""));
(void) fclose(fpipe);
}
(void)waitpid(pid, &status, 0);
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
rpmError(RPMERR_SIGGEN, _("gpg failed\n"));
return 1;
}
if (stat(sigfile, &st)) {
/* GPG failed to write signature */
if (sigfile) (void) unlink(sigfile); /* Just in case */
rpmError(RPMERR_SIGGEN, _("gpg failed to write signature\n"));
return 1;
}
*size = st.st_size;
rpmMessage(RPMMESS_DEBUG, _("GPG sig size: %d\n"), *size);
*sig = xmalloc(*size);
{ FD_t fd;
int rc = 0;
fd = Fopen(sigfile, "r.fdio");
if (fd != NULL && !Ferror(fd)) {
/*@-type@*/ /* FIX: eliminate timedRead @*/
rc = timedRead(fd, *sig, *size);
/*@=type@*/
if (sigfile) (void) unlink(sigfile);
(void) Fclose(fd);
}
if (rc != *size) {
*sig = _free(*sig);
rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
return 1;
}
}
rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of GPG sig\n"), *size);
return 0;
}
int rpmAddSignature(Header h, const char * file, int_32 sigTag,
const char *passPhrase)
{
struct stat st;
int_32 size;
byte buf[16];
void *sig;
int ret = -1;
switch (sigTag) {
case RPMSIGTAG_SIZE:
(void) stat(file, &st);
size = st.st_size;
ret = 0;
(void) headerAddEntry(h, RPMSIGTAG_SIZE, RPM_INT32_TYPE, &size, 1);
break;
case RPMSIGTAG_MD5:
ret = mdbinfile(file, buf);
if (ret == 0)
(void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, buf, 16);
break;
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
rpmMessage(RPMMESS_VERBOSE, _("Generating signature using PGP.\n"));
ret = makePGPSignature(file, &sig, &size, passPhrase);
if (ret == 0)
(void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, sig, size);
break;
case RPMSIGTAG_GPG:
rpmMessage(RPMMESS_VERBOSE, _("Generating signature using GPG.\n"));
ret = makeGPGSignature(file, &sig, &size, passPhrase);
if (ret == 0)
(void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, sig, size);
break;
}
return ret;
}
static int checkPassPhrase(const char * passPhrase, const int sigTag)
/*@globals rpmGlobalMacroContext,
fileSystem @*/
/*@modifies rpmGlobalMacroContext,
fileSystem @*/
{
int passPhrasePipe[2];
int pid, status;
int fd;
passPhrasePipe[0] = passPhrasePipe[1] = 0;
(void) pipe(passPhrasePipe);
if (!(pid = fork())) {
(void) close(STDIN_FILENO);
(void) close(STDOUT_FILENO);
(void) close(passPhrasePipe[1]);
/*@-internalglobs@*/ /* FIX: shrug */
if (! rpmIsVerbose()) {
(void) close(STDERR_FILENO);
}
/*@=internalglobs@*/
if ((fd = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
(void) dup2(fd, STDIN_FILENO);
(void) close(fd);
}
if ((fd = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
(void) dup2(fd, STDOUT_FILENO);
(void) close(fd);
}
(void) dup2(passPhrasePipe[0], 3);
switch (sigTag) {
case RPMSIGTAG_GPG:
{ const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
const char *name = rpmExpand("%{_gpg_name}", NULL);
if (gpg_path && *gpg_path != '%')
(void) dosetenv("GNUPGHOME", gpg_path, 1);
(void) execlp("gpg", "gpg",
"--batch", "--no-verbose", "--passphrase-fd", "3",
"-u", name, "-so", "-",
NULL);
rpmError(RPMERR_EXEC, _("Couldn't exec gpg\n"));
_exit(RPMERR_EXEC);
} /*@notreached@*/ break;
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
{ const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
const char *path;
pgpVersion pgpVer;
(void) dosetenv("PGPPASSFD", "3", 1);
if (pgp_path && *pgp_path != '%')
(void) dosetenv("PGPPATH", pgp_path, 1);
if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
switch(pgpVer) {
case PGP_2:
(void) execlp(path, "pgp", "+batchmode=on", "+verbose=0",
name, "-sf", NULL);
/*@innerbreak@*/ break;
case PGP_5: /* XXX legacy */
(void) execlp(path,"pgps", "+batchmode=on", "+verbose=0",
name, "-f", NULL);
/*@innerbreak@*/ break;
case PGP_UNKNOWN:
case PGP_NOTDETECTED:
/*@innerbreak@*/ break;
}
}
rpmError(RPMERR_EXEC, _("Couldn't exec pgp\n"));
_exit(RPMERR_EXEC);
} /*@notreached@*/ break;
default: /* This case should have been screened out long ago. */
rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
_exit(RPMERR_SIGGEN);
/*@notreached@*/ break;
}
}
(void) close(passPhrasePipe[0]);
(void) write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
(void) write(passPhrasePipe[1], "\n", 1);
(void) close(passPhrasePipe[1]);
(void)waitpid(pid, &status, 0);
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
return 1;
}
/* passPhrase is good */
return 0;
}
char * rpmGetPassPhrase(const char * prompt, const int sigTag)
{
char *pass;
int aok;
switch (sigTag) {
case RPMSIGTAG_GPG:
{ const char *name = rpmExpand("%{_gpg_name}", NULL);
aok = (name && *name != '%');
name = _free(name);
}
if (!aok) {
rpmError(RPMERR_SIGGEN,
_("You must set \"%%_gpg_name\" in your macro file\n"));
return NULL;
}
break;
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
{ const char *name = rpmExpand("%{_pgp_name}", NULL);
aok = (name && *name != '%');
name = _free(name);
}
if (!aok) {
rpmError(RPMERR_SIGGEN,
_("You must set \"%%_pgp_name\" in your macro file\n"));
return NULL;
}
break;
default:
/* Currently the calling function (rpm.c:main) is checking this and
* doing a better job. This section should never be accessed.
*/
rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
return NULL;
/*@notreached@*/ break;
}
pass = /*@-unrecog@*/ getpass( (prompt ? prompt : "") ) /*@=unrecog@*/ ;
if (checkPassPhrase(pass, sigTag))
return NULL;
return pass;
}
static int rpmSlurp(const char * fn,
/*@out@*/ const byte ** bp, /*@out@*/ ssize_t * blenp)
/*@globals fileSystem @*/
/*@modifies *bp, *blenp, fileSystem @*/
{
static ssize_t blenmax = (8 * BUFSIZ);
ssize_t blen = 0;
byte * b = NULL;
ssize_t size;
FD_t fd;
int rc = 0;
fd = Fopen(fn, "r.ufdio");
if (fd == NULL || Ferror(fd)) {
rc = 2;
goto exit;
}
size = fdSize(fd);
blen = (size >= 0 ? size : blenmax);
/*@-branchstate@*/
if (blen) {
int nb;
b = xmalloc(blen+1);
b[0] = '\0';
nb = Fread(b, sizeof(*b), blen, fd);
if (Ferror(fd) || (size > 0 && nb != blen)) {
rc = 1;
goto exit;
}
if (blen == blenmax && nb < blen) {
blen = nb;
b = xrealloc(b, blen+1);
}
b[blen] = '\0';
}
/*@=branchstate@*/
exit:
if (fd) (void) Fclose(fd);
if (rc) {
if (b) free(b);
b = NULL;
blen = 0;
}
if (bp) *bp = b;
else if (b) free(b);
if (blenp) *blenp = blen;
return rc;
}
static int rpmReadPgpPkt(const char * fn,
/*@out@*/ const byte ** pkt, /*@out@*/ size_t * pktlen)
/*@globals fileSystem @*/
/*@modifies *pkt, *pktlen, fileSystem @*/
{
const byte * b = NULL;
ssize_t blen;
const char * enc = NULL;
const char * crcenc = NULL;
byte * dec;
byte * crcdec;
size_t declen;
size_t crclen;
uint32 crcpkt, crc;
const char * armortype = NULL;
char * t, * te;
int pstate = 0;
int ec = 1; /* XXX assume failure */
int rc;
rc = rpmSlurp(fn, &b, &blen);
if (rc || b == NULL || blen <= 0)
goto exit;
if (pgpIsPkt(b)) {
#ifdef NOTYET /* XXX ASCII Pubkeys only, please. */
ec = 0;
#endif
goto exit;
}
#define TOKEQ(_s, _tok) (!strncmp((_s), (_tok), sizeof(_tok)-1))
for (t = (char *)b; t && *t; t = te) {
if ((te = strchr(t, '\n')) == NULL)
te = t + strlen(t);
else
te++;
switch (pstate) {
case 0:
armortype = NULL;
if (!TOKEQ(t, "-----BEGIN PGP "))
continue;
t += sizeof("-----BEGIN PGP ")-1;
rc = pgpValTok(pgpArmorTbl, t, te);
if (rc < 0)
goto exit;
if (rc != PGPARMOR_PUBKEY) /* XXX ASCII Pubkeys only, please. */
continue;
armortype = t;
t = te - (sizeof("-----\n")-1);
if (!TOKEQ(t, "-----\n"))
continue;
*t = '\0';
pstate++;
/*@switchbreak@*/ break;
case 1:
enc = NULL;
rc = pgpValTok(pgpArmorKeyTbl, t, te);
if (rc >= 0)
continue;
if (*t != '\n') {
pstate = 0;
continue;
}
enc = te; /* Start of encoded packets */
pstate++;
/*@switchbreak@*/ break;
case 2:
crcenc = NULL;
if (*t != '=')
continue;
*t++ = '\0'; /* Terminate encoded packets */
crcenc = t; /* Start of encoded crc */
pstate++;
/*@switchbreak@*/ break;
case 3:
pstate = 0;
if (!TOKEQ(t, "-----END PGP "))
goto exit;
*t = '\0'; /* Terminate encoded crc */
t += sizeof("-----END PGP ")-1;
if (armortype == NULL) /* XXX can't happen */
continue;
rc = strncmp(t, armortype, strlen(armortype));
if (rc)
continue;
t = te - (sizeof("-----\n")-1);
if (!TOKEQ(t, "-----\n"))
goto exit;
if (b64decode(crcenc, (void **)&crcdec, &crclen) != 0)
continue;
crcpkt = pgpGrab(crcdec, crclen);
free(crcdec);
if (b64decode(enc, (void **)&dec, &declen) != 0)
goto exit;
crc = pgpCRC(dec, declen);
if (crcpkt != crc)
goto exit;
free((void *)b);
b = dec;
blen = declen;
ec = 0;
goto exit;
/*@notreached@*/ /*@switchbreak@*/ break;
}
}
exit:
if (ec == 0 && pkt)
*pkt = b;
else if (b != NULL)
free((void *)b);
if (pktlen)
*pktlen = blen;
return rc;
}
static rpmVerifySignatureReturn
verifySizeSignature(/*@unused@*/ const char * fn,
const byte * sig,
/*@unused@*/ int siglen,
const rpmDigest dig, /*@out@*/ char * result)
/*@modifies *result @*/
{
char * t = result;
int_32 size = *(int_32 *)sig;
int res;
*t = '\0';
t = stpcpy(t, "Header+Payload size: ");
/*@-type@*/
if (size != dig->nbytes) {
res = RPMSIG_BAD;
sprintf(t, "BAD Expected(%d) != (%d)\n", size, dig->nbytes);
} else {
res = RPMSIG_OK;
sprintf(t, "OK (%d)\n", dig->nbytes);
}
/*@=type@*/
return res;
}
static rpmVerifySignatureReturn
verifyMD5Signature(/*@unused@*/ const char * fn, const byte * sig, int siglen,
const rpmDigest dig, /*@out@*/ char * result)
/*@modifies *result @*/
{
char * t = result;
byte * md5sum = NULL;
size_t md5len = 0;
int res;
/*@-type@*/
(void) rpmDigestFinal(rpmDigestDup(dig->md5ctx),
(void **)&md5sum, &md5len, 0);
/*@=type@*/
*t = '\0';
t = stpcpy(t, "MD5 digest: ");
if (md5len != siglen || memcmp(md5sum, sig, md5len)) {
res = RPMSIG_BAD;
t = stpcpy(t, "BAD Expected(");
(void) pgpHexCvt(t, sig, siglen);
t += strlen(t);
t = stpcpy(t, ") != (");
} else {
res = RPMSIG_OK;
t = stpcpy(t, "OK (");
}
(void) pgpHexCvt(t, md5sum, md5len);
t += strlen(t);
t = stpcpy(t, ")\n");
md5sum = _free(md5sum);
return res;
}
static rpmVerifySignatureReturn
verifyPGPSignature(/*@unused@*/ const char * fn,
/*@unused@*/ const byte * sig,
/*@unused@*/ int siglen,
const rpmDigest dig, /*@out@*/ char * result)
/*@modifies *result */
{
/*@unchecked@*/ static const byte * pgppk = NULL;
/*@unchecked@*/ static size_t pgppklen = 0;
char * t = result;
int res, xx;
*t = '\0';
t = stpcpy(t, "V3 RSA/MD5 signature: ");
/*@-globs -internalglobs -modfilesys@*/
/* XXX retrieve by keyid from signature. */
if (pgppk == NULL) {
#ifdef DYING
xx = b64decode(redhatPubKeyRSA, (void **)&pgppk, &pgppklen);
#else
xx = rpmReadPgpPkt("/usr/lib/rpm/RPM-PGP-KEY", &pgppk, &pgppklen);
#endif
if (rpmIsDebug())
fprintf(stderr, "========================= Red Hat RSA Public Key\n");
xx = pgpPrtPkts(pgppk, pgppklen, NULL, rpmIsDebug());
}
/* XXX sanity check on pubkey and signature agreement. */
/*@-nullpass@*/
xx = pgpPrtPkts(pgppk, pgppklen, dig, 0);
/*@=nullpass@*/
/*@=globs =internalglobs =modfilesys@*/
/*@-type@*/
if (!rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c)) {
res = RPMSIG_BAD;
t = stpcpy(t, "BAD\n");
} else {
res = RPMSIG_OK;
t = stpcpy(t, "OK\n");
}
/*@=type@*/
return res;
}
static rpmVerifySignatureReturn
verifyGPGSignature(/*@unused@*/ const char * fn,
/*@unused@*/ const byte * sig,
/*@unused@*/ int siglen,
const rpmDigest dig, /*@out@*/ char * result)
/*@modifies *result @*/
{
/*@unchecked@*/ static const byte * gpgpk = NULL;
/*@unchecked@*/ static size_t gpgpklen = 0;
char * t = result;
int res, xx;
*t = '\0';
t = stpcpy(t, "V3 DSA signature: ");
/*@-globs -internalglobs -modfilesys@*/
/* XXX retrieve by keyid from signature. */
if (gpgpk == NULL) {
#ifdef DYING
xx = b64decode(redhatPubKeyDSA, (void **)&gpgpk, &gpgpklen);
#else
xx = rpmReadPgpPkt("/usr/lib/rpm/RPM-GPG-KEY", &gpgpk, &gpgpklen);
#endif
if (rpmIsDebug())
fprintf(stderr, "========================= Red Hat DSA Public Key\n");
xx = pgpPrtPkts(gpgpk, gpgpklen, NULL, rpmIsDebug());
}
/* XXX sanity check on pubkey and signature agreement. */
/*@-nullpass@*/
xx = pgpPrtPkts(gpgpk, gpgpklen, dig, 0);
/*@=nullpass@*/
/*@=globs =internalglobs =modfilesys@*/
/*@-type@*/
if (!dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, &dig->y, &dig->r, &dig->s)) {
res = RPMSIG_BAD;
t = stpcpy(t, "BAD\n");
} else {
res = RPMSIG_OK;
t = stpcpy(t, "OK\n");
}
/*@=type@*/
return res;
}
rpmVerifySignatureReturn
rpmVerifySignature(const char * fn, int_32 sigTag, const void * sig,
int siglen, const rpmDigest dig, char * result)
{
int res;
switch (sigTag) {
case RPMSIGTAG_SIZE:
res = verifySizeSignature(fn, sig, siglen, dig, result);
break;
case RPMSIGTAG_MD5:
res = verifyMD5Signature(fn, sig, siglen, dig, result);
break;
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
res = verifyPGPSignature(fn, sig, siglen, dig, result);
break;
case RPMSIGTAG_GPG:
res = verifyGPGSignature(fn, sig, siglen, dig, result);
break;
case RPMSIGTAG_LEMD5_1:
case RPMSIGTAG_LEMD5_2:
sprintf(result, "Broken MD5 digest: UNSUPPORTED\n");
res = RPMSIG_UNKNOWN;
break;
default:
sprintf(result, "Signature: UNKNOWN(%d)\n", sigTag);
res = RPMSIG_UNKNOWN;
break;
}
return res;
}
Reference in New Issue View Git Blame Copy Permalink