RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 06-Aug-2013 07:22:26 Branch: rpm-5_4 Handle: 2013080605222600 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmltc.c rpmltc.h Log: - ltc: handle more than sha1 hashes, fix RSA (finally!). Summary: Revision Changes Path 1.2.4.3 +86 -98 rpm/rpmio/rpmltc.c 1.2.4.3 +5 -0 rpm/rpmio/rpmltc.h ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/rpmio/rpmltc.c ============================================================================ $ cvs diff -u -r1.2.4.2 -r1.2.4.3 rpmltc.c --- rpm/rpmio/rpmltc.c 16 Jul 2013 19:05:12 -0000 1.2.4.2 +++ rpm/rpmio/rpmltc.c 6 Aug 2013 05:22:26 -0000 1.2.4.3 @@ -140,9 +140,39 @@ _spewBN(" r", ltc->r); _spewBN(" s", ltc->s); } +#endif /* DYING */ #undef _spewBN -#endif /* DYING */ + +/*==============================================================*/ +static int getHashIdx(unsigned hash_algo) +{ + const char * hashN = NULL; + + switch (hash_algo) { + case PGPHASHALGO_MD2: hashN = "md2"; break; + case PGPHASHALGO_MD4: hashN = "md4"; break; + case PGPHASHALGO_MD5: hashN = "md5"; break; + case PGPHASHALGO_SHA1: hashN = "sha1"; break; + case PGPHASHALGO_SHA224: hashN = "sha224"; break; + case PGPHASHALGO_SHA256: hashN = "sha256"; break; + case PGPHASHALGO_SHA384: hashN = "sha384"; break; + case PGPHASHALGO_SHA512: hashN = "sha512"; break; + case PGPHASHALGO_RIPEMD128: hashN = "rmd128"; break; + case PGPHASHALGO_RIPEMD160: hashN = "rmd160"; break; + case PGPHASHALGO_RIPEMD256: hashN = "rmd256"; break; + case PGPHASHALGO_RIPEMD320: hashN = "rmd320"; break; + case PGPHASHALGO_TIGER192: hashN = "tiger"; break; +#ifdef NOTYET + case PGPHASHALGO_WHIRLPOOL: hashN = "whirlpool"; break; +#endif + case PGPHASHALGO_HAVAL_5_160: /*@fallthrough@*/ + default: + break; + } + return (hashN ? find_hash(hashN) : -1); +} +/*==============================================================*/ #define _initBN(_t) \ { if (_t == NULL) _t = xmalloc(sizeof(mp_int)); \ @@ -154,23 +184,27 @@ /*@modifies dig @*/ { rpmltc ltc = dig->impl; - int rc; + int rc = 1; /* assume failure */ int xx; pgpDigParams pubp = pgpGetPubkey(dig); dig->pubkey_algoN = rpmltcPubkeyAlgo2Name(pubp->pubkey_algo); dig->hash_algoN = rpmltcHashAlgo2Name(sigp->hash_algo); assert(sigp->hash_algo == rpmDigestAlgo(ctx)); +ltc->hashIdx = getHashIdx(sigp->hash_algo); /* XXX FIXME: should this lazy free be done elsewhere? */ ltc->digest = _free(ltc->digest); ltc->digestlen = 0; + xx = rpmDigestFinal(ctx, (void **)<c->digest, <c->digestlen, 0); - /* Compare leading 16 bits of digest for quick check. */ - rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + if (ltc->hashIdx >= 0) { + /* Compare leading 16 bits of digest for quick check. */ + rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + } -SPEW(0, !rc, dig); +SPEW(rc, !rc, dig); return rc; } @@ -181,34 +215,20 @@ rpmltc ltc = dig->impl; int rc = 0; /* assume failure. */ int _padding = LTC_LTC_PKCS_1_V1_5; -int hash_idx = find_hash("sha1"); unsigned long saltlen = 0; unsigned char sig[2048]; unsigned long siglen = sizeof(sig); -unsigned char digest[2048]; -unsigned long digestlen = sizeof(digest); int xx; -(void)digestlen; /* XXX gcc warning */ - -#ifdef DYING -rpmltcDumpRSA(__FUNCTION__, ltc); -#endif -if (ltc->digest == NULL || ltc->digestlen == 0) goto exit; +if (ltc->hashIdx < 0 || ltc->digest == NULL || ltc->digestlen == 0) goto exit; xx = mp_to_unsigned_bin_n(ltc->c, sig, &siglen); -memcpy(digest, ltc->digest, ltc->digestlen); -#ifndef NOTYET - rc = rpmltcErr(ltc, "rsa_verify_hash_ex", + /* XXX &rc is where valid is returned: return code ususally GCRYPT_OK */ + xx = rpmltcErr(ltc, "rsa_verify_hash_ex", rsa_verify_hash_ex(sig, siglen, ltc->digest, ltc->digestlen, - _padding, hash_idx, saltlen, &rc, <c->rsa)); -#else - rc = rpmltcErr(ltc, "rsa_decrypt_key_ex", - rsa_decrypt_key_ex(sig, siglen, digest, &digestlen, - NULL, 0, hash_idx, _padding, &rc, <c->rsa)); -#endif + _padding, ltc->hashIdx, saltlen, &rc, <c->rsa)); exit: SPEW(!rc, rc, dig); @@ -222,36 +242,23 @@ rpmltc ltc = dig->impl; int rc = 0; /* assume failure. */ int _padding = LTC_LTC_PKCS_1_V1_5; -int hash_idx = find_hash("sha1"); unsigned long saltlen = 0; unsigned char sig[2048]; unsigned long siglen = sizeof(sig); -(void)saltlen; /* XXX gcc warning */ - -if (ltc->digest == NULL || ltc->digestlen == 0) goto exit; +if (ltc->hashIdx < 0 || ltc->digest == NULL || ltc->digestlen == 0) goto exit; -#ifdef NOTYET rc = rpmltcErr(ltc, "rsa_sign_hash_ex", rsa_sign_hash_ex(ltc->digest, ltc->digestlen, sig, &siglen, - _padding, &yarrow_prng, find_prng("yarrow"), - hash_idx, saltlen, <c->rsa)); -#else - rc = rpmltcErr(ltc, "rsa_encrypt_key_ex", - rsa_encrypt_key_ex(ltc->digest, ltc->digestlen, sig, &siglen, - NULL, 0, &yarrow_prng, find_prng("yarrow"), - hash_idx, _padding, <c->rsa)); -#endif + _padding, &yarrow_prng, ltc->prngIdx, + ltc->hashIdx, saltlen, <c->rsa)); + if (rc == CRYPT_OK) { int xx; _initBN(ltc->c); xx = mp_read_unsigned_bin(ltc->c, sig, siglen); } -#ifdef DYING -rpmltcDumpRSA(__FUNCTION__, ltc); -#endif - rc = (rc == CRYPT_OK); exit: @@ -271,14 +278,10 @@ if (ltc->nbits == 0) ltc->nbits = 1024; /* XXX FIXME */ rc = rpmltcErr(ltc, "rsa_make_key", - rsa_make_key(&yarrow_prng, find_prng("yarrow"), + rsa_make_key(&yarrow_prng, ltc->prngIdx, ltc->nbits/8, _e, <c->rsa)); rc = (rc == CRYPT_OK); -#ifdef DYING -rpmltcDumpRSA(__FUNCTION__, ltc); -#endif - SPEW(!rc, rc, dig); return rc; @@ -289,13 +292,14 @@ /*@modifies dig @*/ { rpmltc ltc = dig->impl; - int rc; + int rc = 1; /* assume failure */ int xx; pgpDigParams pubp = pgpGetPubkey(dig); dig->pubkey_algoN = rpmltcPubkeyAlgo2Name(pubp->pubkey_algo); dig->hash_algoN = rpmltcHashAlgo2Name(sigp->hash_algo); assert(sigp->hash_algo == rpmDigestAlgo(ctx)); +ltc->hashIdx = getHashIdx(sigp->hash_algo); /* Set DSA hash. */ /* XXX FIXME: should this lazy free be done elsewhere? */ @@ -303,10 +307,12 @@ ltc->digestlen = 0; xx = rpmDigestFinal(ctx, (void **)<c->digest, <c->digestlen, 0); - /* Compare leading 16 bits of digest for quick check. */ - rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + if (ltc->hashIdx >= 0) { + /* Compare leading 16 bits of digest for quick check. */ + rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + } -SPEW(0, !rc, dig); +SPEW(rc, !rc, dig); return rc; } @@ -321,9 +327,6 @@ if (ltc->digest == NULL || ltc->digestlen == 0) goto exit; if (ltc->r == NULL || ltc->s == NULL) goto exit; -#ifdef DYING -rpmltcDumpDSA(__FUNCTION__, ltc); -#endif xx = rpmltcErr(ltc, "dsa_verify_hash_raw", dsa_verify_hash_raw(ltc->r, ltc->s, ltc->digest, ltc->digestlen, &rc, <c->dsa)); @@ -347,12 +350,7 @@ _initBN(ltc->s); rc = rpmltcErr(ltc, "dsa_sign_hash_raw", dsa_sign_hash_raw(ltc->digest, ltc->digestlen, ltc->r, ltc->s, - &yarrow_prng, find_prng("yarrow"), <c->dsa)); - -#ifdef DYING -rpmltcDumpDSA(__FUNCTION__, ltc); -#endif - + &yarrow_prng, ltc->prngIdx, <c->dsa)); rc = (rc == CRYPT_OK); exit: @@ -378,17 +376,12 @@ _modulus_size = ltc->nbits/8; xx = rpmltcErr(ltc, "dsa_make_key", - dsa_make_key(&yarrow_prng, find_prng("yarrow"), + dsa_make_key(&yarrow_prng, ltc->prngIdx, _group_size, _modulus_size, <c->dsa)); -#ifdef NOTYET + + /* XXX &rc is where valid is returned: return code ususally GCRYPT_OK */ xx = rpmltcErr(ltc, "dsa_verify_key", dsa_verify_key(<c->dsa, &rc)); -#else - rc = (xx == CRYPT_OK); -#endif -#ifdef DYING -rpmltcDumpDSA(__FUNCTION__, ltc); -#endif SPEW(!rc, rc, dig); @@ -400,18 +393,25 @@ /*@*/ { rpmltc ltc = dig->impl; - int rc = 1; /* XXX always fail. */ + int rc = 1; /* assume failure. */ int xx; +pgpDigParams pubp = pgpGetPubkey(dig); +dig->pubkey_algoN = rpmltcPubkeyAlgo2Name(pubp->pubkey_algo); +dig->hash_algoN = rpmltcHashAlgo2Name(sigp->hash_algo); assert(sigp->hash_algo == rpmDigestAlgo(ctx)); +ltc->hashIdx = getHashIdx(sigp->hash_algo); /* XXX FIXME: should this lazy free be done elsewhere? */ ltc->digest = _free(ltc->digest); ltc->digestlen = 0; xx = rpmDigestFinal(ctx, (void **)<c->digest, <c->digestlen, 0); - /* Compare leading 16 bits of digest for quick check. */ - rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + if (ltc->hashIdx >= 0) { + /* Compare leading 16 bits of digest for quick check. */ + rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + } + rc = 1; /* XXX FIXME: always fail (unimplemented). */ SPEW(rc, !rc, dig); return rc; @@ -424,16 +424,22 @@ rpmltc ltc = dig->impl; int rc = 1; /* assume failure. */ int xx; +pgpDigParams pubp = pgpGetPubkey(dig); +dig->pubkey_algoN = rpmltcPubkeyAlgo2Name(pubp->pubkey_algo); +dig->hash_algoN = rpmltcHashAlgo2Name(sigp->hash_algo); assert(sigp->hash_algo == rpmDigestAlgo(ctx)); +ltc->hashIdx = getHashIdx(sigp->hash_algo); /* XXX FIXME: should this lazy free be done elsewhere? */ ltc->digest = _free(ltc->digest); ltc->digestlen = 0; xx = rpmDigestFinal(ctx, <c->digest, <c->digestlen, 0); - /* Compare leading 16 bits of digest for quick check. */ - rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + if (ltc->hashIdx >= 0) { + /* Compare leading 16 bits of digest for quick check. */ + rc = memcmp(ltc->digest, sigp->signhash16, sizeof(sigp->signhash16)); + } SPEW(rc, !rc, dig); return rc; @@ -452,10 +458,6 @@ if (ltc->digest == NULL || ltc->digestlen == 0) goto exit; if (ltc->r == NULL || ltc->s == NULL) goto exit; -#ifdef DYING -rpmltcDumpECDSA(__FUNCTION__, ltc); -#endif - xx = der_encode_sequence_multi(sig, &siglen, LTC_ASN1_INTEGER, 1UL, ltc->r, LTC_ASN1_INTEGER, 1UL, ltc->s, @@ -483,7 +485,7 @@ rc = rpmltcErr(ltc, "ecc_sign_hash", ecc_sign_hash(ltc->digest, ltc->digestlen, sig, &siglen, - &yarrow_prng, find_prng ("yarrow"), <c->ecdsa)); + &yarrow_prng, ltc->prngIdx, <c->ecdsa)); if (rc == CRYPT_OK) { int xx; _initBN(ltc->r); @@ -495,10 +497,6 @@ } rc = (rc == CRYPT_OK); -#ifdef DYING -rpmltcDumpECDSA(__FUNCTION__, ltc); -#endif - exit: SPEW(!rc, rc, dig); return rc; @@ -514,14 +512,10 @@ if (ltc->nbits == 0) ltc->nbits = 256; /* XXX FIXME */ rc = rpmltcErr(ltc, "ecc_make_key", - ecc_make_key(&yarrow_prng, find_prng ("yarrow"), + ecc_make_key(&yarrow_prng, ltc->prngIdx, ltc->nbits/8, <c->ecdsa)); rc = (rc == CRYPT_OK); -#ifdef DYING -rpmltcDumpECDSA(__FUNCTION__, ltc); -#endif - SPEW(!rc, rc, dig); return rc; } @@ -692,15 +686,6 @@ break; } -#ifdef DYING -{ -const char * pubkey_algoN = dig->pubkey_algoN; -dig->pubkey_algoN = pre; -SPEW(0, !rc, dig); -dig->pubkey_algoN = pubkey_algoN; -} -#endif - return rc; } @@ -750,6 +735,8 @@ ecc_free(<c->ecdsa); memset(<c->ecdsa, 0, sizeof(ltc->ecdsa)); + ltc->curveN = _free(ltc->curveN); + } } @@ -876,9 +863,6 @@ } #endif -#ifndef LTC_YARROW - #error This demo requires Yarrow. -#endif register_prng(&yarrow_desc); #ifdef LTC_FORTUNA register_prng(&fortuna_desc); @@ -890,7 +874,8 @@ register_prng(&sober128_desc); #endif - if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) { + if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) + { fprintf(stderr, "rng_make_prng failed: %s\n", error_to_string(err)); exit(EXIT_FAILURE); } @@ -909,6 +894,9 @@ #endif oneshot++; } + + ltc->prngIdx = find_prng("yarrow"); + return (void *) ltc; } @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmltc.h ============================================================================ $ cvs diff -u -r1.2.4.2 -r1.2.4.3 rpmltc.h --- rpm/rpmio/rpmltc.h 4 Jul 2013 00:27:43 -0000 1.2.4.2 +++ rpm/rpmio/rpmltc.h 6 Aug 2013 05:22:26 -0000 1.2.4.3 @@ -33,6 +33,10 @@ void * digest; size_t digestlen; + int hashIdx; + int prngIdx; + int cipherIdx; + /* DSA parameters. */ dsa_key dsa; mp_int * r; @@ -44,6 +48,7 @@ /* ECDSA parameters. */ ecc_key ecdsa; + const char * curveN; }; #endif @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org