RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: [EMAIL PROTECTED]
Module: rpm Date: 04-Dec-2007 20:45:59
Branch: HEAD Handle: 2007120419455801
Modified files:
rpm CHANGES
rpm/rpmio rpmbc.c rpmnss.c rpmnss.h
Log:
- jbj: complete rpmnss.[ch] implementation (untested).
Summary:
Revision Changes Path
1.1935 +1 -0 rpm/CHANGES
2.5 +9 -9 rpm/rpmio/rpmbc.c
1.2 +192 -18 rpm/rpmio/rpmnss.c
1.2 +3 -3 rpm/rpmio/rpmnss.h
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.1934 -r1.1935 CHANGES
--- rpm/CHANGES 4 Dec 2007 18:11:00 -0000 1.1934
+++ rpm/CHANGES 4 Dec 2007 19:45:58 -0000 1.1935
@@ -1,4 +1,5 @@
5.0a4 -> 5.0b1:
+ - jbj: complete rpmnss.[ch] implementation (untested).
- jbj: stub in the rpmnss.[ch] implementation.
- jbj: pluggable RSA/DSA signature verification framework.
- rpm.org: Rename _rpmdbMatchIterator -> rpmdbMatchIterator_s.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmbc.c
============================================================================
$ cvs diff -u -r2.4 -r2.5 rpmbc.c
--- rpm/rpmio/rpmbc.c 4 Dec 2007 17:08:36 -0000 2.4
+++ rpm/rpmio/rpmbc.c 4 Dec 2007 19:45:59 -0000 2.5
@@ -229,43 +229,43 @@
default:
assert(0);
break;
- case 10:
+ case 10: /* RSA m**d */
(void) mpnsethex(&bc->c, pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->c.size, bc->c.data);
break;
- case 20:
+ case 20: /* DSA r */
rc = pgpMpiSet(pre, 160, &bc->r, p, pend);
break;
- case 21:
+ case 21: /* DSA s */
rc = pgpMpiSet(pre, 160, &bc->s, p, pend);
break;
- case 30:
+ case 30: /* RSA n */
(void) mpbsethex(&bc->rsa_pk.n, pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->rsa_pk.n.size,
bc->rsa_pk.n.modl);
break;
- case 31:
+ case 31: /* RSA e */
(void) mpnsethex(&bc->rsa_pk.e, pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->rsa_pk.e.size,
bc->rsa_pk.e.data);
break;
- case 40:
+ case 40: /* DSA p */
(void) mpbsethex(&bc->p, pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->p.size, bc->p.modl);
break;
- case 41:
+ case 41: /* DSA q */
(void) mpbsethex(&bc->q, pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->q.size, bc->q.modl);
break;
- case 42:
+ case 42: /* DSA g */
(void) mpnsethex(&bc->g, pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->g.size, bc->g.data);
break;
- case 43:
+ case 43: /* DSA y */
(void) mpnsethex(&bc->y, pgpMpiHex(p));
if (_pgp_debug && _pgp_print)
fprintf(stderr, "\t %s ", pre), mpfprintln(stderr, bc->y.size, bc->y.data);
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmnss.c
============================================================================
$ cvs diff -u -r1.1 -r1.2 rpmnss.c
--- rpm/rpmio/rpmnss.c 4 Dec 2007 18:11:01 -0000 1.1
+++ rpm/rpmio/rpmnss.c 4 Dec 2007 19:45:59 -0000 1.2
@@ -73,12 +73,12 @@
rpmnss nss = dig->impl;
int rc;
- nss->digest.type = siBuffer;
- nss->digest.data = dig->md5;
- nss->digest.len = dig->md5len;
+ nss->item.type = siBuffer;
+ nss->item.data = dig->md5;
+ nss->item.len = dig->md5len;
/[EMAIL PROTECTED]@*/
- rc = (VFY_VerifyDigest(&nss->digest, nss->rsa, nss->rsasig, nss->sigalg,
NULL) == SECSuccess);
+ rc = (VFY_VerifyDigest(&nss->item, nss->rsa, nss->rsasig, nss->sigalg,
NULL) == SECSuccess);
/[EMAIL PROTECTED]@*/
return rc;
@@ -104,49 +104,203 @@
/[EMAIL PROTECTED]/
{
rpmnss nss = dig->impl;
- SECItem digest;
int rc;
- nss->digest.type = siBuffer;
- nss->digest.data = dig->sha1;
- nss->digest.len = dig->sha1len;
+ nss->item.type = siBuffer;
+ nss->item.data = dig->sha1;
+ nss->item.len = dig->sha1len;
/[EMAIL PROTECTED]@*/
- rc = (VFY_VerifyDigest(&nss->digest, nss->dsa, nss->dsasig, nss->sigalg,
NULL) == SECSuccess);
+ rc = (VFY_VerifyDigest(&nss->item, nss->dsa, nss->dsasig, nss->sigalg,
NULL) == SECSuccess);
/[EMAIL PROTECTED]@*/
return rc;
}
+/**
+ * @return 0 on success
+ */
+static
+int rpmnssMpiSet(const char * pre, int lbits,
+ /[EMAIL PROTECTED]@*/ void * dest, const byte * p,
+ /[EMAIL PROTECTED]@*/ const byte * pend)
+ /[EMAIL PROTECTED] fileSystem @*/
+ /[EMAIL PROTECTED] mpn, fileSystem @*/
+{
+ unsigned int mbits = pgpMpiBits(p);
+ unsigned int nbits;
+ unsigned int nbytes;
+ char * t = dest;
+ unsigned int ix;
+
+ if (pend != NULL && (p + ((mbits+7) >> 3)) > pend)
+ return 1;
+
+ if (mbits > lbits)
+ return 1;
+
+ nbits = (lbits > mbits ? lbits : mbits);
+ nbytes = ((nbits + 7) >> 3);
+ ix = ((nbits - mbits) >> 3);
+
+if (_pgp_debug)
+fprintf(stderr, "*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits,
nbytes, ix);
+ if (ix > 0) memset(t, (int)'\0', ix);
+ memcpy(t+ix, p+2, nbytes-ix);
+if (_pgp_debug && _pgp_print)
+fprintf(stderr, "\t %s %s", pre, pgpHexStr(dest, nbytes));
+ return 0;
+}
+
+/**
+ * @return NULL on error
+ */
+static
+SECItem * rpmnssMpiCopy(PRArenaPool * arena, SECItem * item, const byte * p)
+{
+ unsigned int nbytes = pgpMpiLen(p)-2;
+
+ if (item == NULL) {
+ if ((item=SECITEM_AllocItem(arena, item, nbytes)) == NULL)
+ return item;
+ } else {
+ if (arena != NULL)
+ item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes);
+ else
+ item->data = PORT_Realloc(item->data, nbytes);
+
+ if (item->data == NULL) {
+ if (arena == NULL)
+ SECITEM_FreeItem(item, PR_TRUE);
+ return NULL;
+ }
+ }
+
+ memcpy(item->data, p+2, nbytes);
+ item->len = nbytes;
+ return item;
+}
+
+static
+SECKEYPublicKey * rpmnssNewPublicKey(KeyType type)
+{
+ PRArenaPool *arena;
+ SECKEYPublicKey *key;
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL)
+ return NULL;
+
+ key = PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+
+ if (key == NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
+ }
+
+ key->keyType = type;
+ key->pkcs11ID = CK_INVALID_HANDLE;
+ key->pkcs11Slot = NULL;
+ key->arena = arena;
+ return key;
+}
+
+static
+SECKEYPublicKey * rpmnssNewRSAKey(void)
+{
+ return rpmnssNewPublicKey(rsaKey);
+}
+
+static
+SECKEYPublicKey * rpmnssNewDSAKey(void)
+{
+ return rpmnssNewPublicKey(dsaKey);
+}
+
+#ifndef DSA_SUBPRIME_LEN
+#define DSA_SUBPRIME_LEN 20
+#endif
+
static
int rpmnssMpiItem(const char * pre, pgpDig dig, int itemno,
const byte * p, /[EMAIL PROTECTED]@*/ const byte * pend)
/[EMAIL PROTECTED] fileSystem @*/
/[EMAIL PROTECTED] dig, fileSystem @*/
{
+ rpmnss nss = dig->impl;
int rc = 0;
+ nss->item.type = 0;
+ nss->item.len = 2 * DSA_SUBPRIME_LEN;
+ nss->item.data = memset(alloca(nss->item.len), 0, nss->item.len);
+
switch (itemno) {
default:
assert(0);
break;
- case 10:
+ case 10: /* RSA m**d */
+ nss->rsasig = rpmnssMpiCopy(NULL, nss->rsasig, p);
+ if (nss->rsasig == NULL)
+ rc = 1;
break;
- case 20:
+ case 20: /* DSA r */
+ rc = rpmnssMpiSet(pre, DSA_SUBPRIME_LEN*8, nss->item.data, p, pend);
break;
- case 21:
+ case 21: /* DSA s */
+ rc = rpmnssMpiSet(pre, DSA_SUBPRIME_LEN*8, nss->item.data +
DSA_SUBPRIME_LEN, p, pend);
+ if (nss->dsasig != NULL)
+ SECITEM_FreeItem(nss->dsasig, PR_FALSE);
+ if ((nss->dsasig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL
+ || DSAU_EncodeDerSig(nss->dsasig, &nss->item) != SECSuccess)
+ rc = 1;
break;
- case 30:
+ case 30: /* RSA n */
+ if (nss->rsa == NULL)
+ nss->rsa = rpmnssNewRSAKey();
+ if (nss->rsa == NULL)
+ rc = 1;
+ else
+ (void) rpmnssMpiCopy(nss->rsa->arena, &nss->rsa->u.rsa.modulus, p);
break;
- case 31:
+ case 31: /* RSA e */
+ if (nss->rsa == NULL)
+ nss->rsa = rpmnssNewRSAKey();
+ if (nss->rsa == NULL)
+ rc = 1;
+ else
+ (void) rpmnssMpiCopy(nss->rsa->arena,
&nss->rsa->u.rsa.publicExponent, p);
break;
- case 40:
+ case 40: /* DSA p */
+ if (nss->dsa == NULL)
+ nss->dsa = rpmnssNewDSAKey();
+ if (nss->dsa == NULL)
+ rc = 1;
+ else
+ (void) rpmnssMpiCopy(nss->dsa->arena,
&nss->dsa->u.dsa.params.prime, p);
break;
- case 41:
+ case 41: /* DSA q */
+ if (nss->dsa == NULL)
+ nss->dsa = rpmnssNewDSAKey();
+ if (nss->dsa == NULL)
+ rc = 1;
+ else
+ (void) rpmnssMpiCopy(nss->dsa->arena,
&nss->dsa->u.dsa.params.subPrime, p);
break;
- case 42:
+ case 42: /* DSA g */
+ if (nss->dsa == NULL)
+ nss->dsa = rpmnssNewDSAKey();
+ if (nss->dsa == NULL)
+ rc = 1;
+ else
+ (void) rpmnssMpiCopy(nss->dsa->arena, &nss->dsa->u.dsa.params.base,
p);
break;
- case 43:
+ case 43: /* DSA y */
+ if (nss->dsa == NULL)
+ nss->dsa = rpmnssNewDSAKey();
+ if (nss->dsa == NULL)
+ rc = 1;
+ else
+ (void) rpmnssMpiCopy(nss->dsa->arena, &nss->dsa->u.dsa.publicValue,
p);
break;
}
return rc;
@@ -158,6 +312,22 @@
{
rpmnss nss = impl;
if (nss != NULL) {
+ if (nss->dsa != NULL) {
+ SECKEY_DestroyPublicKey(nss->dsa);
+ nss->dsa = NULL;
+ }
+ if (nss->dsasig != NULL) {
+ SECITEM_ZfreeItem(nss->dsasig, PR_TRUE);
+ nss->dsasig = NULL;
+ }
+ if (nss->rsa != NULL) {
+ SECKEY_DestroyPublicKey(nss->rsa);
+ nss->rsa = NULL;
+ }
+ if (nss->rsasig != NULL) {
+ SECITEM_ZfreeItem(nss->rsasig, PR_TRUE);
+ nss->rsasig = NULL;
+ }
}
}
@@ -167,6 +337,7 @@
{
rpmnss nss = impl;
if (nss != NULL) {
+ rpmnssClean(impl);
nss = _free(nss);
}
return NULL;
@@ -177,6 +348,9 @@
/[EMAIL PROTECTED]/
{
rpmnss nss = xcalloc(1, sizeof(*nss));
+
+ NSS_NoDB_Init(NULL);
+
return (void *) nss;
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmnss.h
============================================================================
$ cvs diff -u -r1.1 -r1.2 rpmnss.h
--- rpm/rpmio/rpmnss.h 4 Dec 2007 18:11:01 -0000 1.1
+++ rpm/rpmio/rpmnss.h 4 Dec 2007 19:45:59 -0000 1.2
@@ -23,15 +23,15 @@
struct rpmnss_s {
SECOidTag sigalg;
- SECItem digest;
+ SECItem item;
/* DSA parameters. */
SECKEYPublicKey *dsa;
- SECItem *dsasig;
+ SECItem * dsasig;
/* RSA parameters. */
SECKEYPublicKey *rsa;
- SECItem *rsasig;
+ SECItem * rsasig;
};
#endif
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
