RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 05-May-2014 21:02:16
Branch: rpm-5_4 Handle: 2014050519021204
Modified files: (Branch: rpm-5_4)
rpm CHANGES
rpm/rpmio rpmhkp.c rpmhkp.h
Log:
- hkp: document more of the API.
- hkp: increase expected population of Bloom filters 10K -> 100K.
Summary:
Revision Changes Path
1.3501.2.380+2 -0 rpm/CHANGES
2.20.2.6 +72 -70 rpm/rpmio/rpmhkp.c
2.9.2.1 +65 -3 rpm/rpmio/rpmhkp.h
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3501.2.379 -r1.3501.2.380 CHANGES
--- rpm/CHANGES 5 May 2014 18:59:06 -0000 1.3501.2.379
+++ rpm/CHANGES 5 May 2014 19:02:12 -0000 1.3501.2.380
@@ -1,4 +1,6 @@
5.4.14 -> 5.4.15:
+ - jbj: hkp: document more of the API.
+ - jbj: hkp: increase expected population of Bloom filters 10K -> 100K.
- jbj: bc: mpi names following BeeCrypt conventions, haul out some trash.
- jbj: bc: do PKCS1 in binary, update to current conventions.
- jbj: pgp: set pend accurately when calling pgpImplMpiItem().
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmhkp.c
============================================================================
$ cvs diff -u -r2.20.2.5 -r2.20.2.6 rpmhkp.c
--- rpm/rpmio/rpmhkp.c 3 May 2014 06:31:29 -0000 2.20.2.5
+++ rpm/rpmio/rpmhkp.c 5 May 2014 19:02:15 -0000 2.20.2.6
@@ -16,7 +16,7 @@
#endif /* __cplusplus */
/*@unchecked@*/
-int _rpmhkp_debug = 0;
+int _rpmhkp_debug;
/*@unchecked@*/ /*@relnull@*/
rpmhkp _rpmhkpI = NULL;
@@ -115,12 +115,12 @@
rpmhkp hkp;
if (!oneshot) {
- _rpmhkp_awol.n = 10000;
+ _rpmhkp_awol.n = 100000;
_rpmhkp_awol.e = 1.0e-4;
rpmbfParams(_rpmhkp_awol.n, _rpmhkp_awol.e,
&_rpmhkp_awol.m, &_rpmhkp_awol.k);
_rpmhkp_awol.bf = rpmbfNew(_rpmhkp_awol.m, _rpmhkp_awol.k, 0);
- _rpmhkp_crl.n = 10000;
+ _rpmhkp_crl.n = 100000;
_rpmhkp_crl.e = 1.0e-4;
rpmbfParams(_rpmhkp_crl.n, _rpmhkp_crl.e,
&_rpmhkp_crl.m, &_rpmhkp_crl.k);
@@ -162,21 +162,6 @@
/*==============================================================*/
-static const char * _pgpSigType2Name(uint32_t sigtype)
-{
- return pgpValStr(pgpSigTypeTbl, (rpmuint8_t)sigtype);
-}
-
-static const char * _pgpHashAlgo2Name(uint32_t algo)
-{
- return pgpValStr(pgpHashTbl, (rpmuint8_t)algo);
-}
-
-static const char * _pgpPubkeyAlgo2Name(uint32_t algo)
-{
- return pgpValStr(pgpPubkeyTbl, (rpmuint8_t)algo);
-}
-
#ifdef DYING
struct pgpPkt_s {
pgpTag tag;
@@ -425,6 +410,7 @@
HKPDEBUG((stderr, "--> %s(%p,%p,%p,%u)\n", __FUNCTION__, hkp, dig, signid,
pubkey_algo));
+ /* Try to load matching pubkey. */
if (hkp->pubx >= 0 && hkp->pubx < hkp->npkts
&& !memcmp(hkp->keyid, signid, sizeof(hkp->keyid))) {
if (!rpmhkpLoadKey(hkp, dig, hkp->pubx, sigp->pubkey_algo))
@@ -432,6 +418,7 @@
goto exit;
}
+ /* Try to load matching subkey. */
if (hkp->subx >= 0 && hkp->subx < hkp->npkts
&& !memcmp(hkp->subid, signid, sizeof(hkp->subid))) {
if (!rpmhkpLoadKey(hkp, dig, hkp->subx, sigp->pubkey_algo))
@@ -439,16 +426,19 @@
goto exit;
}
+ /* Avoid repeating known signid lookup failures in awol list. */
if (hkp->awol && rpmbfChk(hkp->awol, signid, 8)) {
keyx = -2;
SUM.AWOL.good++;
goto exit;
}
+ /* Try to retrieve the pubkey. */
{ char * keyname = rpmExpand("0x", pgpHexStr(signid, 8), NULL);
rpmhkp ohkp = rpmhkpLookup(keyname);
keyname = _free(keyname); /* XXX coverity #1035902 */
+ /* Add failed lookups to awol list. */
if (ohkp == NULL) {
xx = rpmbfAdd(hkp->awol, signid, 8);
DESPEW((stderr, "\tAWOL\n"));
@@ -548,7 +538,7 @@
tlen = 0;
p = pgpGrabSubTagVal(punhash, nunhash, PGPSUBTYPE_ISSUER_KEYID, &tlen);
-/* Certain (some @pgp.com) signatures are missing signatire keyid packet. */
+/* Certain (some @pgp.com) signatures are missing signature keyid packet. */
if (hkp && (p == NULL || tlen != 8)) p = hkp->keyid;
if (p) memcpy(sigp->signid, p, sizeof(sigp->signid));
@@ -939,11 +929,12 @@
assert(hkp->pkts);
pleft = hkp->pktlen;
+HKPDEBUG((stderr, "\tpkts %p[%u] pleft %u\n", hkp->pkts,
(unsigned)hkp->npkts, (unsigned)pleft));
for (i = 0; i < hkp->npkts; i++) {
xx = pgpPktLen(hkp->pkts[i], pleft, pp);
assert(xx > 0);
pleft -= pp->pktlen;
-SPEW((stderr, "%6d %p[%3u] %02X %s\n", i, hkp->pkts[i],
(unsigned)pp->pktlen, *hkp->pkts[i], pgpValStr(pgpTagTbl,
(rpmuint8_t)pp->tag)));
+SPEW((stderr, "%6d %p[%3u] %02X %s\n", i, hkp->pkts[i],
(unsigned)pp->pktlen, *hkp->pkts[i], _pgpTag2Name(pp->tag)));
SPEW((stderr, "\t%s\n", pgpHexStr(hkp->pkts[i], pp->pktlen)));
switch (pp->tag) {
@@ -1112,74 +1103,85 @@
void _rpmhkpPrintStats(FILE * fp)
{
if (fp == NULL) fp = stderr;
- fprintf(stderr, "============\n");
- fprintf(stderr, " LOOKUPS:%10u\n", (unsigned) SUM.lookups);
- fprintf(stderr, " PUBKEYS:%10u\n", (unsigned) SUM.certs);
- fprintf(stderr, " SIGNATURES:%10u\n", (unsigned) SUM.sigs);
- fprintf(stderr, " PUB bound:%10u\trevoked:%10u\texpired:%10u\n",
+ fprintf(fp, "============\n");
+ fprintf(fp, " LOOKUPS:%10u\n", (unsigned) SUM.lookups);
+ fprintf(fp, " PUBKEYS:%10u\n", (unsigned) SUM.certs);
+ fprintf(fp, " SIGNATURES:%10u\n", (unsigned) SUM.sigs);
+ fprintf(fp, " PUB bound:%10u\trevoked:%10u\texpired:%10u\n",
(unsigned) SUM.pubbound,
(unsigned) SUM.pubrevoked,
(unsigned) SUM.keyexpired);
- fprintf(stderr, " SUB bound:%10u\trevoked:%10u\n",
+ fprintf(fp, " SUB bound:%10u\trevoked:%10u\n",
(unsigned) SUM.subbound,
(unsigned) SUM.subrevoked);
- fprintf(stderr, " expired:%10u\n", (unsigned) SUM.expired);
- fprintf(stderr, " filtered:%10u\n", (unsigned) SUM.filtered);
- fprintf(stderr, " DSA:%10u:%-10u\n",
- (unsigned) SUM.DSA.good, (unsigned) (SUM.DSA.good+SUM.DSA.bad));
- fprintf(stderr, " RSA:%10u:%-10u\n",
+ fprintf(fp, " expired:%10u\n", (unsigned) SUM.expired);
+ fprintf(fp, " filtered:%10u\n", (unsigned) SUM.filtered);
+ fprintf(fp, " RSA:%10u:%-10u\n",
(unsigned) SUM.RSA.good, (unsigned) (SUM.RSA.good+SUM.RSA.bad));
- fprintf(stderr, "HASH:%10u:%-10u\n",
+ fprintf(fp, " DSA:%10u:%-10u\n",
+ (unsigned) SUM.DSA.good, (unsigned) (SUM.DSA.good+SUM.DSA.bad));
+ fprintf(fp, "ECDSA:%10u:%-10u\n",
+ (unsigned) SUM.ECDSA.good, (unsigned)
(SUM.ECDSA.good+SUM.ECDSA.bad));
+ fprintf(fp, " HASH:%10u:%-10u\n",
(unsigned) SUM.HASH.good, (unsigned)
(SUM.HASH.good+SUM.HASH.bad));
- fprintf(stderr, "AWOL:%10u:%-10u\n",
+ fprintf(fp, " AWOL:%10u:%-10u\n",
(unsigned) SUM.AWOL.good, (unsigned)
(SUM.AWOL.good+SUM.AWOL.bad));
- fprintf(stderr, "SKIP:%10u:%-10u\n",
+ fprintf(fp, " SKIP:%10u:%-10u\n",
(unsigned) SUM.SKIP.good, (unsigned)
(SUM.SKIP.good+SUM.SKIP.bad));
}
-void _rpmhkpDumpDigParams(const char * msg, pgpDigParams sigp)
+void _rpmhkpDumpDigParams(const char * msg, pgpDigParams sigp, FILE * fp)
{
- fprintf(stderr, "%s: %p\n", msg, sigp);
- fprintf(stderr, "\t userid: %s\n", sigp->userid);
- fprintf(stderr, "\t hash: %p[%u]\n", sigp->hash, (unsigned)
sigp->hashlen);
- fprintf(stderr, "\t tag: %02X\n", sigp->tag);
- fprintf(stderr, "\t version: %02X\n", sigp->version);
- fprintf(stderr, "\t time: %08X\n",
+ if (fp == NULL) fp = stderr;
+ fprintf(fp, "%s: %p\n", msg, sigp);
+ fprintf(fp, "\t userid: %s\n", sigp->userid);
+ fprintf(fp, "\t hash: %p[%u]\n", sigp->hash, (unsigned)
sigp->hashlen);
+ fprintf(fp, "\t tag: %02X\n", sigp->tag);
+ fprintf(fp, "\t version: %02X\n", sigp->version);
+ fprintf(fp, "\t time: %08X\n",
pgpGrab(sigp->time, sizeof(sigp->time)));
- fprintf(stderr, "\tpubkey_algo: %02X\n", sigp->pubkey_algo);
- fprintf(stderr, "\t hash_algo: %02X\n", sigp->hash_algo);
- fprintf(stderr, "\t sigtype: %02X\n", sigp->sigtype);
- fprintf(stderr, "\t signhash16: %04X\n",
+ fprintf(fp, "\tpubkey_algo: %02X %s\n",
+ sigp->pubkey_algo, _pgpPubkeyAlgo2Name(sigp->pubkey_algo));
+ fprintf(fp, "\t hash_algo: %02X %s\n",
+ sigp->hash_algo, _pgpHashAlgo2Name(sigp->hash_algo));
+ fprintf(fp, "\t sigtype: %02X %s\n",
+ sigp->sigtype, _pgpSigType2Name(sigp->sigtype));
+ fprintf(fp, "\t signhash16: %04X\n",
pgpGrab(sigp->signhash16, sizeof(sigp->signhash16)));
- fprintf(stderr, "\t signid: %08X %08X\n",
+ fprintf(fp, "\t signid: %08X %08X\n",
pgpGrab(sigp->signid, 4), pgpGrab(sigp->signid+4, 4));
- fprintf(stderr, "\t saved: %02X\n", sigp->saved);
+ fprintf(fp, "\t saved: %02X\n", sigp->saved);
}
-void _rpmhkpDumpDig(const char * msg, pgpDig dig)
+void _rpmhkpDumpDig(const char * msg, pgpDig dig, FILE * fp)
{
- fprintf(stderr, "%s: dig %p\n", msg, dig);
-
- fprintf(stderr, "\t sigtag: 0x%08x\n", dig->sigtag);
- fprintf(stderr, "\t sigtype: 0x%08x\n", dig->sigtype);
- fprintf(stderr, "\t sig: %p[%u]\n", dig->sig, (unsigned)
dig->siglen);
- fprintf(stderr, "\t vsflags: 0x%08x\n", dig->vsflags);
- fprintf(stderr, "\tfindPubkey: %p\n", dig->findPubkey);
- fprintf(stderr, "\t _ts: %p\n", dig->_ts);
- fprintf(stderr, "\t ppkts: %p[%u]\n", dig->ppkts, dig->npkts);
- fprintf(stderr, "\t nbytes: 0x%08x\n", (unsigned) dig->nbytes);
-
- fprintf(stderr, "\t hsha: %p\n", dig->hsha);
- fprintf(stderr, "\t hdsa: %p\n", dig->hdsa);
- fprintf(stderr, "\t sha1: %p[%u]\n", dig->sha1, (unsigned)
dig->sha1len);
-
- fprintf(stderr, "\t hecdsa: %p\n", dig->hecdsa);
+ if (fp == NULL) fp = stderr;
+ fprintf(fp, "%s: dig %p\n", msg, dig);
- fprintf(stderr, "\t md5ctx: %p\n", dig->md5ctx);
- fprintf(stderr, "\t hrsa: %p\n", dig->hrsa);
- fprintf(stderr, "\t md5: %p[%u]\n", dig->md5, (unsigned)
dig->md5len);
- fprintf(stderr, "\t impl: %p\n", dig->impl);
+ fprintf(fp, "\t build_sign: %s\n", dig->build_sign);
+ fprintf(fp, "\tpubkey_algo: %s\n", dig->pubkey_algoN);
+ fprintf(fp, "\t hash_algo: %s\n", dig->hash_algoN);
+
+ fprintf(fp, "\t sigtag: 0x%08x\n", dig->sigtag);
+ fprintf(fp, "\t sigtype: 0x%08x\n", dig->sigtype);
+ fprintf(fp, "\t sig: %p[%u]\n", dig->sig, (unsigned) dig->siglen);
+ fprintf(fp, "\t vsflags: 0x%08x\n", dig->vsflags);
+ fprintf(fp, "\t findPubkey: %p\n", dig->findPubkey);
+ fprintf(fp, "\t _ts: %p\n", dig->_ts);
+ fprintf(fp, "\t ppkts: %p[%u]\n", dig->ppkts, dig->npkts);
+ fprintf(fp, "\t nbytes: 0x%08x\n", (unsigned) dig->nbytes);
+
+ fprintf(fp, "\t hsha: %p\n", dig->hsha);
+ fprintf(fp, "\t hdsa: %p\n", dig->hdsa);
+ fprintf(fp, "\t sha1: %p[%u]\n", dig->sha1, (unsigned)
dig->sha1len);
+
+ fprintf(fp, "\t hecdsa: %p\n", dig->hecdsa);
+
+ fprintf(fp, "\t md5ctx: %p\n", dig->md5ctx);
+ fprintf(fp, "\t hrsa: %p\n", dig->hrsa);
+ fprintf(fp, "\t md5: %p[%u]\n", dig->md5, (unsigned) dig->md5len);
+ fprintf(fp, "\t impl: %p\n", dig->impl);
- _rpmhkpDumpDigParams("PUB", pgpGetPubkey(dig));
- _rpmhkpDumpDigParams("SIG", pgpGetSignature(dig));
+ _rpmhkpDumpDigParams("PUB", pgpGetPubkey(dig), fp);
+ _rpmhkpDumpDigParams("SIG", pgpGetSignature(dig), fp);
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmhkp.h
============================================================================
$ cvs diff -u -r2.9 -r2.9.2.1 rpmhkp.h
--- rpm/rpmio/rpmhkp.h 23 Jun 2010 15:56:00 -0000 2.9
+++ rpm/rpmio/rpmhkp.h 5 May 2014 19:02:16 -0000 2.9.2.1
@@ -99,7 +99,7 @@
((rpmhkp)rpmioFreePoolItem((rpmioItem)(_hkp), __FUNCTION__, __FILE__,
__LINE__))
/**
- * Create and load a hkp handle.
+ * Create a new hkp handle.
* @param keyid pubkey fingerprint (or NULL)
* @param flags hkp handle flags ((1<<31): use global handle)
* @return new hkp handle
@@ -109,29 +109,91 @@
/*@globals fileSystem, internalState @*/
/*@modifies fileSystem, internalState @*/;
+/**
+ * Retrieve a pubkey from a SKS server.
+ * @param keyname pubkey query string
+ * @return hkp handle
+ */
rpmhkp rpmhkpLookup(const char * keyname)
/*@*/;
+/**
+ * Retrieve/Validate binding and certification signatures on a pubkey.
+ * @param hkp hkp handle
+ * @param keyname pubkey query string
+ * @return OK/NOTFOUND/FAIL/UNTRUSTED (NOKEY? NOSIG?)
+ */
rpmRC rpmhkpValidate(/*@null@*/ rpmhkp hkp, /*@null@*/ const char * keyname)
/*@*/;
#if defined(_RPMHKP_INTERNAL)
+/**
+ * Load values into pubkey params from packet.
+ * @param hkp hkp handle
+ * @param dig pubkey/signature container
+ * @param keyx index of pubkey in packet array
+ * @param pubkey_algo openpgp pubkey algorithm
+ * @return 0 on success, -1 on failure
+ */
int rpmhkpLoadKey(rpmhkp hkp, pgpDig dig,
int keyx, rpmuint8_t pubkey_algo)
/*@*/;
+
+/**
+ * Copy values into signature params.
+ * @param hkp hkp handle
+ * @param dig pubkey/signature container
+ * @param pp openpgp signature packet
+ * @return 0 on success, -1 on failure
+ */
int rpmhkpLoadSignature(/*@null@*/ rpmhkp hkp, pgpDig dig, pgpPkt pp)
/*@*/;
+
+/**
+ * Retrieve/Load the pubkey associated with a signature.
+ * @param hkp hkp handle
+ * @param dig pubkey/signature container
+ * @return key index
+ */
int rpmhkpFindKey(rpmhkp hkp, pgpDig dig,
const rpmuint8_t * signid, rpmuint8_t pubkey_algo)
/*@*/;
-void _rpmhkpDumpDigParams(const char * msg, pgpDigParams sigp)
+
+/**
+ * Display pubkey/signature parameters in dig container.
+ * @param msg identifier message
+ * @param dig pubkey/signature container
+ * @param fp file handle (NULL uses stderr)
+ */
+void _rpmhkpDumpDigParams(const char * msg, pgpDigParams sigp,
+ /*@null@*/ FILE * fp)
/*@*/;
-void _rpmhkpDumpDig(const char * msg, pgpDig dig)
+
+/**
+ * Display dig container.
+ * @param msg identifier message
+ * @param dig pubkey/signature container
+ * @param fp file handle (NULL uses stderr)
+ */
+void _rpmhkpDumpDig(const char * msg, pgpDig dig,
+ /*@null@*/ FILE * fp)
/*@*/;
+
+/**
+ * Update a digest with data.
+ * @param ctx digest context
+ * @param data data to add to digest
+ * @param len no. bytes of data to add to digest
+ * @return 0 on success
+ */
int rpmhkpUpdate(/*@null@*/ DIGEST_CTX ctx, const void * data, size_t len)
/*@*/;
#endif /* _RPMHKP_INTERNAL */
+/**
+ * Display hkp usage statistics.
+ * @param fp file handle (NULL uses stderr)
+ */
void _rpmhkpPrintStats(/*@null@*/ FILE * fp)
/*@*/;
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
