RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 11-Oct-2010 20:39:38 Branch: HEAD Handle: 2010101118393404 Modified files: rpm CHANGES rpm/build build.c pack.c rpm/js rpmdig-js.c rpm/lib rpmchecksig.c rpm/python rpmts-py.c rpm/rpmdb hdrfmt.c pkgio.c signature.c rpm/rpmio librpmio.vers rpmbc.c rpmhkp.c rpmpgp.c rpmpgp.h tkey.c rpm/tests tecdsa.c tkey.c tpgp.c trsa.c Log: - pgp: add a 2nd parameter to pgpDigNew to generate a keypair. - rpmbc: refactor rpmbcExport{Pubkey,Signature} out of rpmbuild code. Summary: Revision Changes Path 1.3465 +2 -0 rpm/CHANGES 2.145 +3 -77 rpm/build/build.c 2.322 +0 -131 rpm/build/pack.c 1.5 +1 -1 rpm/js/rpmdig-js.c 1.239 +2 -2 rpm/lib/rpmchecksig.c 1.111 +1 -1 rpm/python/rpmts-py.c 1.149 +1 -1 rpm/rpmdb/hdrfmt.c 1.120 +2 -2 rpm/rpmdb/pkgio.c 1.68 +1 -1 rpm/rpmdb/signature.c 2.199 +3 -0 rpm/rpmio/librpmio.vers 2.35 +190 -0 rpm/rpmio/rpmbc.c 2.20 +1 -1 rpm/rpmio/rpmhkp.c 2.126 +19 -34 rpm/rpmio/rpmpgp.c 2.108 +9 -1 rpm/rpmio/rpmpgp.h 2.30 +4 -4 rpm/rpmio/tkey.c 1.23 +4 -4 rpm/tests/tecdsa.c 1.6 +2 -2 rpm/tests/tkey.c 1.7 +1 -1 rpm/tests/tpgp.c 1.32 +4 -4 rpm/tests/trsa.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.3464 -r1.3465 CHANGES --- rpm/CHANGES 11 Oct 2010 02:53:39 -0000 1.3464 +++ rpm/CHANGES 11 Oct 2010 18:39:34 -0000 1.3465 @@ -1,4 +1,6 @@ 5.3.4 -> 5.4a1: + - jbj: pgp: add a 2nd parameter to pgpDigNew to generate a keypair. + - jbj: rpmbc: refactor rpmbcExport{Pubkey,Signature} out of rpmbuild code. - jbj: mongo: add --json to spew document structured metadata in JSON. - jbj: mongo: add --qf templates for primary/filelists/other imports. - jbj: spewage: add :jsonescape header format extension. @@ . patch -p0 <<'@@ .' Index: rpm/build/build.c ============================================================================ $ cvs diff -u -r2.144 -r2.145 build.c --- rpm/build/build.c 12 Sep 2010 22:21:06 -0000 2.144 +++ rpm/build/build.c 11 Oct 2010 18:39:35 -0000 2.145 @@ -10,9 +10,6 @@ #include <rpmcb.h> #include <rpmsq.h> -#include <rpmbc.h> -#include <rpmhkp.h> /* XXX _rpmhkp_debug */ - #define _RPMTAG_INTERNAL #include <rpmbuild.h> #include "signature.h" /* XXX rpmTempFile */ @@ -336,84 +333,13 @@ return rc; } -static int rpmbcExportPubkey(pgpDig dig) -{ - uint8_t pkt[8192]; - uint8_t * be = pkt; - size_t pktlen; - time_t now = time(NULL); - uint32_t bt = now; - uint16_t bn; - pgpDigParams pubp = pgpGetPubkey(dig); - rpmbc bc = dig->impl; - int xx; - - *be++ = 0x80 | (PGPTAG_PUBLIC_KEY << 2) | 0x01; - be += 2; - - *be++ = 0x04; - *be++ = (bt >> 24); - *be++ = (bt >> 16); - *be++ = (bt >> 8); - *be++ = (bt ); - *be++ = pubp->pubkey_algo; - - bn = mpbits(bc->dsa_keypair.param.p.size, bc->dsa_keypair.param.p.modl); - bn += 7; bn &= ~7; - *be++ = (bn >> 8); *be++ = (bn ); - xx = i2osp(be, bn/8, bc->dsa_keypair.param.p.modl, bc->dsa_keypair.param.p.size); - be += bn/8; - - bn = mpbits(bc->dsa_keypair.param.q.size, bc->dsa_keypair.param.q.modl); - bn += 7; bn &= ~7; - *be++ = (bn >> 8); *be++ = (bn ); - xx = i2osp(be, bn/8, bc->dsa_keypair.param.q.modl, bc->dsa_keypair.param.q.size); - be += bn/8; - - bn = mpbits(bc->dsa_keypair.param.g.size, bc->dsa_keypair.param.g.data); - bn += 7; bn &= ~7; - *be++ = (bn >> 8); *be++ = (bn ); - xx = i2osp(be, bn/8, bc->dsa_keypair.param.g.data, bc->dsa_keypair.param.g.size); - be += bn/8; - - bn = mpbits(bc->dsa_keypair.y.size, bc->dsa_keypair.y.data); - bn += 7; bn &= ~7; - *be++ = (bn >> 8); *be++ = (bn ); - xx = i2osp(be, bn/8, bc->dsa_keypair.y.data, bc->dsa_keypair.y.size); - be += bn/8; - - pktlen = (be - pkt); - bn = pktlen - 3; - pkt[1] = (bn >> 8); - pkt[2] = (bn ); - - xx = pgpPubkeyFingerprint(pkt, pktlen, pubp->signid); - - dig->pub = memcpy(xmalloc(pktlen), pkt, pktlen); - dig->publen = pktlen; - - return 0; -} - rpmRC buildSpec(rpmts ts, Spec spec, int what, int test) { rpmRC rc = RPMRC_OK; - /* Generate a DSA keypair lazily */ - if (spec->dig == NULL) { - pgpDig dig = pgpDigNew(0); - pgpDigParams pubp = pgpGetPubkey(dig); - int xx; - - pubp->pubkey_algo = PGPPUBKEYALGO_DSA; - xx = pgpImplGenerate(dig); -assert(xx == 1); - - if (pgpImplVecs == &rpmbcImplVecs) - xx = rpmbcExportPubkey(dig); - - spec->dig = dig; - } + /* Generate a keypair lazily. */ + if (spec->dig == NULL) + spec->dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_DSA); if (!spec->recursing && spec->BACount) { int x; @@ . patch -p0 <<'@@ .' Index: rpm/build/pack.c ============================================================================ $ cvs diff -u -r2.321 -r2.322 pack.c --- rpm/build/pack.c 25 Jun 2010 18:39:44 -0000 2.321 +++ rpm/build/pack.c 11 Oct 2010 18:39:35 -0000 2.322 @@ -635,137 +635,6 @@ return (unsigned char) '\0'; } -static int rpmbcExportSignature(pgpDig dig, /*...@only@*/ DIGEST_CTX ctx) -{ - uint8_t pkt[8192]; - uint8_t * be = pkt; - uint8_t * h; - size_t pktlen; - time_t now = time(NULL); - uint32_t bt; - uint16_t bn; - pgpDigParams pubp = pgpGetPubkey(dig); - pgpDigParams sigp = pgpGetSignature(dig); - rpmbc bc = dig->impl; - int xx; - - sigp->tag = PGPTAG_SIGNATURE; - *be++ = 0x80 | (sigp->tag << 2) | 0x01; - be += 2; /* pktlen */ - - sigp->hash = be; - *be++ = sigp->version = 0x04; /* version */ - *be++ = sigp->sigtype = PGPSIGTYPE_BINARY; /* sigtype */ - *be++ = sigp->pubkey_algo = pubp->pubkey_algo; /* pubkey_algo */ - *be++ = sigp->hash_algo; /* hash_algo */ - - be += 2; /* skip hashd length */ - h = (uint8_t *) be; - - *be++ = 1 + 4; /* signature creation time */ - *be++ = PGPSUBTYPE_SIG_CREATE_TIME; - bt = now; - *be++ = sigp->time[0] = (bt >> 24); - *be++ = sigp->time[1] = (bt >> 16); - *be++ = sigp->time[2] = (bt >> 8); - *be++ = sigp->time[3] = (bt ); - - *be++ = 1 + 4; /* signature expiration time */ - *be++ = PGPSUBTYPE_SIG_EXPIRE_TIME; - bt = 30 * 24 * 60 * 60; /* XXX 30 days from creation */ - *be++ = sigp->expire[0] = (bt >> 24); - *be++ = sigp->expire[1] = (bt >> 16); - *be++ = sigp->expire[2] = (bt >> 8); - *be++ = sigp->expire[3] = (bt ); - -/* key expiration time (only on a self-signature) */ - - *be++ = 1 + 1; /* exportable certification */ - *be++ = PGPSUBTYPE_EXPORTABLE_CERT; - *be++ = 0; - - *be++ = 1 + 1; /* revocable */ - *be++ = PGPSUBTYPE_REVOCABLE; - *be++ = 0; - -/* notation data */ - - sigp->hashlen = (be - h); /* set hashed length */ - h[-2] = (sigp->hashlen >> 8); - h[-1] = (sigp->hashlen ); - sigp->hashlen += sizeof(struct pgpPktSigV4_s); - - if (sigp->hash != NULL) - xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); - - if (sigp->version == (rpmuint8_t) 4) { - uint8_t trailer[6]; - trailer[0] = sigp->version; - trailer[1] = (rpmuint8_t)0xff; - trailer[2] = (sigp->hashlen >> 24); - trailer[3] = (sigp->hashlen >> 16); - trailer[4] = (sigp->hashlen >> 8); - trailer[5] = (sigp->hashlen ); - xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer)); - } - - sigp->signhash16[0] = 0x00; - sigp->signhash16[1] = 0x00; - xx = pgpImplSetDSA(ctx, dig, sigp); /* XXX signhash16 check always fails */ - h = bc->digest; - sigp->signhash16[0] = h[0]; - sigp->signhash16[1] = h[1]; - - xx = pgpImplSign(dig); -assert(xx == 1); - - be += 2; /* skip unhashed length. */ - h = be; - - *be++ = 1 + 8; /* issuer key ID */ - *be++ = PGPSUBTYPE_ISSUER_KEYID; - *be++ = pubp->signid[0]; - *be++ = pubp->signid[1]; - *be++ = pubp->signid[2]; - *be++ = pubp->signid[3]; - *be++ = pubp->signid[4]; - *be++ = pubp->signid[5]; - *be++ = pubp->signid[6]; - *be++ = pubp->signid[7]; - - bt = (be - h); /* set unhashed length */ - h[-2] = (bt >> 8); - h[-1] = (bt ); - - *be++ = sigp->signhash16[0]; /* signhash16 */ - *be++ = sigp->signhash16[1]; - - bn = mpbits(bc->r.size, bc->r.data); - bn += 7; bn &= ~7; - *be++ = (bn >> 8); - *be++ = (bn ); - xx = i2osp(be, bn/8, bc->r.data, bc->r.size); - be += bn/8; - - bn = mpbits(bc->s.size, bc->s.data); - bn += 7; bn &= ~7; - *be++ = (bn >> 8); - *be++ = (bn ); - xx = i2osp(be, bn/8, bc->s.data, bc->s.size); - be += bn/8; - - pktlen = (be - pkt); /* packet length */ - bn = pktlen - 3; - pkt[1] = (bn >> 8); - pkt[2] = (bn ); - - dig->sig = memcpy(xmalloc(pktlen), pkt, pktlen); - dig->siglen = pktlen; - - return 0; - -} - rpmRC writeRPM(Header *hdrp, unsigned char ** pkgidp, const char * fn, CSA_t csa, char * passPhrase, const char ** cookie, void * _dig) @@ . patch -p0 <<'@@ .' Index: rpm/js/rpmdig-js.c ============================================================================ $ cvs diff -u -r1.4 -r1.5 rpmdig-js.c --- rpm/js/rpmdig-js.c 10 Jan 2010 18:29:12 -0000 1.4 +++ rpm/js/rpmdig-js.c 11 Oct 2010 18:39:35 -0000 1.5 @@ -146,7 +146,7 @@ static pgpDig rpmdig_init(JSContext *cx, JSObject *obj) { - pgpDig dig = pgpDigNew(0); + pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0); if (_debug) fprintf(stderr, "==> %s(%p,%p) dig %p\n", __FUNCTION__, cx, obj, dig); @@ . patch -p0 <<'@@ .' Index: rpm/lib/rpmchecksig.c ============================================================================ $ cvs diff -u -r1.238 -r1.239 rpmchecksig.c --- rpm/lib/rpmchecksig.c 23 Jun 2010 06:51:55 -0000 1.238 +++ rpm/lib/rpmchecksig.c 11 Oct 2010 18:39:36 -0000 1.239 @@ -162,7 +162,7 @@ he->tag = (rpmTag) sigtag; xx = headerGet(sigh, he, 0); if (xx && he->p.ptr != NULL) { - pgpDig dig = pgpDigNew(0); + pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0); /* XXX expose ppSignid() from rpmhkp.c? */ pgpPkt pp = alloca(sizeof(*pp)); @@ -526,7 +526,7 @@ goto exit; /*...@=moduncon@*/ - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); pubp = pgpGetPubkey(dig); //* Validate the pubkey. */ @@ . patch -p0 <<'@@ .' Index: rpm/python/rpmts-py.c ============================================================================ $ cvs diff -u -r1.110 -r1.111 rpmts-py.c --- rpm/python/rpmts-py.c 14 Dec 2009 01:52:10 -0000 1.110 +++ rpm/python/rpmts-py.c 11 Oct 2010 18:39:36 -0000 1.111 @@ -997,7 +997,7 @@ uh = PyString_AsString(blob); uc = PyString_Size(blob); - dig = pgpDigNew(rpmtsVSFlags(s->ts)); + dig = pgpDigNew(rpmtsVSFlags(s->ts), 0); rpmrc = headerCheck(dig, uh, uc, &msg); dig = pgpDigFree(dig); @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/hdrfmt.c ============================================================================ $ cvs diff -u -r1.148 -r1.149 hdrfmt.c --- rpm/rpmdb/hdrfmt.c 11 Oct 2010 02:53:40 -0000 1.148 +++ rpm/rpmdb/hdrfmt.c 11 Oct 2010 18:39:36 -0000 1.149 @@ -1413,7 +1413,7 @@ if (pktlen == 0 || tag != PGPTAG_SIGNATURE) { val = xstrdup(_("(not an OpenPGP signature)")); } else { - pgpDig dig = pgpDigNew(0); + pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0); pgpDigParams sigp = pgpGetSignature(dig); size_t nb = 0; const char *tempstr; @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/pkgio.c ============================================================================ $ cvs diff -u -r1.119 -r1.120 pkgio.c --- rpm/rpmdb/pkgio.c 23 Jun 2010 16:14:53 -0000 1.119 +++ rpm/rpmdb/pkgio.c 11 Oct 2010 18:39:36 -0000 1.120 @@ -435,7 +435,7 @@ { /*...@-mods@*/ /* FIX: hide lazy malloc for now */ if (ts->dig == NULL) { - ts->dig = pgpDigNew(0); + ts->dig = pgpDigNew(RPMVSF_DEFAULT, 0); /*...@-refcounttrans@*/ (void) pgpSetFindPubkey(ts->dig, (int (*)(void *, void *))rpmtsFindPubkey, ts); /*...@=refcounttrans@*/ @@ -1392,7 +1392,7 @@ /* Create (if not already) a signature parameters container. */ if (dig == NULL) { - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); (void) fdSetDig(fd, dig); } @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/signature.c ============================================================================ $ cvs diff -u -r1.67 -r1.68 signature.c --- rpm/rpmdb/signature.c 23 Jun 2010 04:03:58 -0000 1.67 +++ rpm/rpmdb/signature.c 11 Oct 2010 18:39:37 -0000 1.68 @@ -256,7 +256,7 @@ rpmlog(RPMLOG_DEBUG, D_("Got %u bytes of GPG sig\n"), (unsigned)*pktlenp); /* Parse the signature, change signature tag as appropriate. */ - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); (void) pgpPrtPkts(*pktp, *pktlenp, dig, 0); sigp = pgpGetSignature(dig); @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/librpmio.vers ============================================================================ $ cvs diff -u -r2.198 -r2.199 librpmio.vers --- rpm/rpmio/librpmio.vers 29 Sep 2010 14:54:30 -0000 2.198 +++ rpm/rpmio/librpmio.vers 11 Oct 2010 18:39:37 -0000 2.199 @@ -309,6 +309,8 @@ rpmbagAdd; rpmbagDel; rpmbagNew; + rpmbcExportPubkey; + rpmbcExportSignature; rpmbcImplVecs; _rpmbf_debug; rpmbfFree; @@ -755,6 +757,7 @@ yarnJoin; yarnJoinAll; yarnLaunch; + yarnLaunchStack; yarnMem; yarnNewLock; yarnPeekLock; @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmbc.c ============================================================================ $ cvs diff -u -r2.34 -r2.35 rpmbc.c --- rpm/rpmio/rpmbc.c 25 Jun 2010 18:39:44 -0000 2.34 +++ rpm/rpmio/rpmbc.c 11 Oct 2010 18:39:37 -0000 2.35 @@ -856,3 +856,193 @@ rpmbcMpiItem, rpmbcClean, rpmbcFree, rpmbcInit }; + +int rpmbcExportPubkey(pgpDig dig) +{ + uint8_t pkt[8192]; + uint8_t * be = pkt; + size_t pktlen; + time_t now = time(NULL); + uint32_t bt = now; + uint16_t bn; + pgpDigParams pubp = pgpGetPubkey(dig); + rpmbc bc = dig->impl; + int xx; + + *be++ = 0x80 | (PGPTAG_PUBLIC_KEY << 2) | 0x01; + be += 2; + + *be++ = 0x04; + *be++ = (bt >> 24); + *be++ = (bt >> 16); + *be++ = (bt >> 8); + *be++ = (bt ); + *be++ = pubp->pubkey_algo; + + bn = mpbits(bc->dsa_keypair.param.p.size, bc->dsa_keypair.param.p.modl); + bn += 7; bn &= ~7; + *be++ = (bn >> 8); *be++ = (bn ); + xx = i2osp(be, bn/8, bc->dsa_keypair.param.p.modl, bc->dsa_keypair.param.p.size); + be += bn/8; + + bn = mpbits(bc->dsa_keypair.param.q.size, bc->dsa_keypair.param.q.modl); + bn += 7; bn &= ~7; + *be++ = (bn >> 8); *be++ = (bn ); + xx = i2osp(be, bn/8, bc->dsa_keypair.param.q.modl, bc->dsa_keypair.param.q.size); + be += bn/8; + + bn = mpbits(bc->dsa_keypair.param.g.size, bc->dsa_keypair.param.g.data); + bn += 7; bn &= ~7; + *be++ = (bn >> 8); *be++ = (bn ); + xx = i2osp(be, bn/8, bc->dsa_keypair.param.g.data, bc->dsa_keypair.param.g.size); + be += bn/8; + + bn = mpbits(bc->dsa_keypair.y.size, bc->dsa_keypair.y.data); + bn += 7; bn &= ~7; + *be++ = (bn >> 8); *be++ = (bn ); + xx = i2osp(be, bn/8, bc->dsa_keypair.y.data, bc->dsa_keypair.y.size); + be += bn/8; + + pktlen = (be - pkt); + bn = pktlen - 3; + pkt[1] = (bn >> 8); + pkt[2] = (bn ); + + xx = pgpPubkeyFingerprint(pkt, pktlen, pubp->signid); + + dig->pub = memcpy(xmalloc(pktlen), pkt, pktlen); + dig->publen = pktlen; + + return 0; +} + +int rpmbcExportSignature(pgpDig dig, /*...@only@*/ DIGEST_CTX ctx) +{ + uint8_t pkt[8192]; + uint8_t * be = pkt; + uint8_t * h; + size_t pktlen; + time_t now = time(NULL); + uint32_t bt; + uint16_t bn; + pgpDigParams pubp = pgpGetPubkey(dig); + pgpDigParams sigp = pgpGetSignature(dig); + rpmbc bc = dig->impl; + int xx; + + sigp->tag = PGPTAG_SIGNATURE; + *be++ = 0x80 | (sigp->tag << 2) | 0x01; + be += 2; /* pktlen */ + + sigp->hash = be; + *be++ = sigp->version = 0x04; /* version */ + *be++ = sigp->sigtype = PGPSIGTYPE_BINARY; /* sigtype */ + *be++ = sigp->pubkey_algo = pubp->pubkey_algo; /* pubkey_algo */ + *be++ = sigp->hash_algo; /* hash_algo */ + + be += 2; /* skip hashd length */ + h = (uint8_t *) be; + + *be++ = 1 + 4; /* signature creation time */ + *be++ = PGPSUBTYPE_SIG_CREATE_TIME; + bt = now; + *be++ = sigp->time[0] = (bt >> 24); + *be++ = sigp->time[1] = (bt >> 16); + *be++ = sigp->time[2] = (bt >> 8); + *be++ = sigp->time[3] = (bt ); + + *be++ = 1 + 4; /* signature expiration time */ + *be++ = PGPSUBTYPE_SIG_EXPIRE_TIME; + bt = 30 * 24 * 60 * 60; /* XXX 30 days from creation */ + *be++ = sigp->expire[0] = (bt >> 24); + *be++ = sigp->expire[1] = (bt >> 16); + *be++ = sigp->expire[2] = (bt >> 8); + *be++ = sigp->expire[3] = (bt ); + +/* key expiration time (only on a self-signature) */ + + *be++ = 1 + 1; /* exportable certification */ + *be++ = PGPSUBTYPE_EXPORTABLE_CERT; + *be++ = 0; + + *be++ = 1 + 1; /* revocable */ + *be++ = PGPSUBTYPE_REVOCABLE; + *be++ = 0; + +/* notation data */ + + sigp->hashlen = (be - h); /* set hashed length */ + h[-2] = (sigp->hashlen >> 8); + h[-1] = (sigp->hashlen ); + sigp->hashlen += sizeof(struct pgpPktSigV4_s); + + if (sigp->hash != NULL) + xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen); + + if (sigp->version == (rpmuint8_t) 4) { + uint8_t trailer[6]; + trailer[0] = sigp->version; + trailer[1] = (rpmuint8_t)0xff; + trailer[2] = (sigp->hashlen >> 24); + trailer[3] = (sigp->hashlen >> 16); + trailer[4] = (sigp->hashlen >> 8); + trailer[5] = (sigp->hashlen ); + xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer)); + } + + sigp->signhash16[0] = 0x00; + sigp->signhash16[1] = 0x00; + xx = pgpImplSetDSA(ctx, dig, sigp); /* XXX signhash16 check always fails */ + h = bc->digest; + sigp->signhash16[0] = h[0]; + sigp->signhash16[1] = h[1]; + + xx = pgpImplSign(dig); +assert(xx == 1); + + be += 2; /* skip unhashed length. */ + h = be; + + *be++ = 1 + 8; /* issuer key ID */ + *be++ = PGPSUBTYPE_ISSUER_KEYID; + *be++ = pubp->signid[0]; + *be++ = pubp->signid[1]; + *be++ = pubp->signid[2]; + *be++ = pubp->signid[3]; + *be++ = pubp->signid[4]; + *be++ = pubp->signid[5]; + *be++ = pubp->signid[6]; + *be++ = pubp->signid[7]; + + bt = (be - h); /* set unhashed length */ + h[-2] = (bt >> 8); + h[-1] = (bt ); + + *be++ = sigp->signhash16[0]; /* signhash16 */ + *be++ = sigp->signhash16[1]; + + bn = mpbits(bc->r.size, bc->r.data); + bn += 7; bn &= ~7; + *be++ = (bn >> 8); + *be++ = (bn ); + xx = i2osp(be, bn/8, bc->r.data, bc->r.size); + be += bn/8; + + bn = mpbits(bc->s.size, bc->s.data); + bn += 7; bn &= ~7; + *be++ = (bn >> 8); + *be++ = (bn ); + xx = i2osp(be, bn/8, bc->s.data, bc->s.size); + be += bn/8; + + pktlen = (be - pkt); /* packet length */ + bn = pktlen - 3; + pkt[1] = (bn >> 8); + pkt[2] = (bn ); + + dig->sig = memcpy(xmalloc(pktlen), pkt, pktlen); + dig->siglen = pktlen; + + return 0; + +} @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmhkp.c ============================================================================ $ cvs diff -u -r2.19 -r2.20 rpmhkp.c --- rpm/rpmio/rpmhkp.c 23 Jun 2010 16:14:53 -0000 2.19 +++ rpm/rpmio/rpmhkp.c 11 Oct 2010 18:39:37 -0000 2.20 @@ -780,7 +780,7 @@ static int rpmhkpVerify(rpmhkp hkp, pgpPkt pp) { - pgpDig dig = pgpDigNew(0); + pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0); pgpDigParams sigp = pgpGetSignature(dig); pgpDigParams pubp = pgpGetPubkey(dig); DIGEST_CTX ctx = NULL; @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmpgp.c ============================================================================ $ cvs diff -u -r2.125 -r2.126 rpmpgp.c --- rpm/rpmio/rpmpgp.c 12 Aug 2010 18:55:34 -0000 2.125 +++ rpm/rpmio/rpmpgp.c 11 Oct 2010 18:39:37 -0000 2.126 @@ -1194,46 +1194,31 @@ NULL, NULL, pgpDigFini); pool = _digPool; } - return (pgpDig) rpmioGetPool(pool, sizeof(*dig)); + + dig = (pgpDig) rpmioGetPool(pool, sizeof(*dig)); + memset(((char *)dig)+sizeof(dig->_item), 0, sizeof(*dig)-sizeof(dig->_item)); + return dig; } -pgpDig pgpDigNew(/*...@unused@*/ pgpVSFlags vsflags) +pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo) { - pgpDig dig = digGetPool(_digPool); - memset(&dig->signature, 0, sizeof(dig->signature)); - memset(&dig->pubkey, 0, sizeof(dig->pubkey)); - dig->pubkey_algoN = NULL; - dig->hash_algoN = NULL; - - dig->sigtag = 0; - dig->sigtype = 0; - dig->sig = NULL; - dig->siglen = 0; - dig->pub = NULL; - dig->publen = 0; - - dig->vsflags = pgpDigVSFlags; - memset(&dig->dops, 0, sizeof(dig->dops)); - memset(&dig->sops, 0, sizeof(dig->sops)); - dig->findPubkey = NULL; - dig->_ts = NULL; - dig->ppkts = NULL; - dig->npkts = 0; - dig->nbytes = 0; - - dig->sha1ctx = NULL; - dig->hdrsha1ctx = NULL; - dig->sha1 = NULL; - dig->sha1len = 0; - - dig->md5ctx = NULL; - dig->hdrctx = NULL; - dig->md5 = NULL; - dig->md5len = 0; + pgpDig dig = pgpDigLink( digGetPool(_digPool) ); + pgpDigParams pubp = pgpGetPubkey(dig); + /* XXX FIXME: always set default flags, ignore the arg. */ + dig->vsflags = (vsflags != RPMVSF_DEFAULT ? vsflags : pgpDigVSFlags); dig->impl = pgpImplInit(); + /* XXX FIXME: always set default pubkey_algo, ignore the arg. */ + pubp->pubkey_algo = pubkey_algo; - return pgpDigLink(dig); + if (pubp->pubkey_algo) { + int xx = pgpImplGenerate(dig); +assert(xx == 1); + /* XXX FIXME: limited to DSA from BeeCrypt for now. */ + if (pgpImplVecs == &rpmbcImplVecs) + xx = rpmbcExportPubkey(dig); + } + return dig; } pgpDigParams pgpGetSignature(pgpDig dig) @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmpgp.h ============================================================================ $ cvs diff -u -r2.107 -r2.108 rpmpgp.h --- rpm/rpmio/rpmpgp.h 23 Jun 2010 15:53:34 -0000 2.107 +++ rpm/rpmio/rpmpgp.h 11 Oct 2010 18:39:37 -0000 2.108 @@ -1470,12 +1470,19 @@ /** \ingroup rpmpgp * Create a container for parsed OpenPGP packates. + * Generate a keypair (if requested). + * @param vsflags verify signature flags (usually 0) + * @param pubkey_algo pubkey algorithm (0 disables) * @return container */ /*...@relnull@*/ -pgpDig pgpDigNew(/*...@unused@*/ pgpVSFlags vsflags) +pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo) /*...@globals fileSystem @*/ /*...@modifies fileSystem @*/; +int rpmbcExportPubkey(pgpDig dig) + /*...@*/; +int rpmbcExportSignature(pgpDig dig, /*...@only@*/ DIGEST_CTX ctx) + /*...@*/; /** \ingroup rpmpgp * Release (malloc'd) data from container. @@ -1900,6 +1907,7 @@ } /*...@=mustmod@*/ + #ifdef __cplusplus } #endif @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/tkey.c ============================================================================ $ cvs diff -u -r2.29 -r2.30 tkey.c --- rpm/rpmio/tkey.c 1 Jun 2010 22:00:28 -0000 2.29 +++ rpm/rpmio/tkey.c 11 Oct 2010 18:39:37 -0000 2.30 @@ -93,7 +93,7 @@ pgpImplVecs = &rpmbcImplVecs; - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); pubp = pgpGetPubkey(dig); bc = dig->impl; @@ -114,7 +114,7 @@ pgpImplVecs = testImplVecs; - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); pubp = pgpGetPubkey(dig); _pgp_debug = 1; _pgp_print = 1; @@ -145,7 +145,7 @@ pgpImplVecs = testImplVecs; - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); pubp = pgpGetPubkey(dig); _pgp_debug = 1; _pgp_print = 1; @@ -176,7 +176,7 @@ pgpImplVecs = testImplVecs; - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); pubp = pgpGetPubkey(dig); _pgp_debug = 1; _pgp_print = 1; @@ . patch -p0 <<'@@ .' Index: rpm/tests/tecdsa.c ============================================================================ $ cvs diff -u -r1.22 -r1.23 tecdsa.c --- rpm/tests/tecdsa.c 9 Jun 2010 19:19:45 -0000 1.22 +++ rpm/tests/tecdsa.c 11 Oct 2010 18:39:38 -0000 1.23 @@ -1731,7 +1731,7 @@ rpmbc bc; pgpImplVecs = &rpmbcImplVecs; -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); bc = dig->impl; return dig; @@ -1755,7 +1755,7 @@ pgpImplVecs = &rpmgcImplVecs; -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); gc = dig->impl; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); @@ -1787,7 +1787,7 @@ pgpImplVecs = &rpmnssImplVecs; -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); nss = dig->impl; return dig; @@ -1836,7 +1836,7 @@ RAND_seed(rnd_seed, sizeof(rnd_seed)); } -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); ssl = dig->impl; ssl->out = BIO_new_fp(stdout, BIO_NOCLOSE); @@ . patch -p0 <<'@@ .' Index: rpm/tests/tkey.c ============================================================================ $ cvs diff -u -r1.5 -r1.6 tkey.c --- rpm/tests/tkey.c 1 Jun 2010 22:00:30 -0000 1.5 +++ rpm/tests/tkey.c 11 Oct 2010 18:39:38 -0000 1.6 @@ -127,7 +127,7 @@ rpmRC rc; pgpImplVecs = &rpmbcImplVecs; - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); pgpDigParams pubp = pgpGetPubkey(dig); pubp->pubkey_algo = PGPPUBKEYALGO_DSA; bc = dig->impl; @@ -213,7 +213,7 @@ pgpImplVecs = testImplVecs; - dig = pgpDigNew(0); + dig = pgpDigNew(RPMVSF_DEFAULT, 0); fprintf(stderr, "=============================== %s Public Key\n", sigtype); if ((rc = doit(pubstr, dig, printing)) != 0) { @@ . patch -p0 <<'@@ .' Index: rpm/tests/tpgp.c ============================================================================ $ cvs diff -u -r1.6 -r1.7 tpgp.c --- rpm/tests/tpgp.c 19 Jun 2010 18:03:17 -0000 1.6 +++ rpm/tests/tpgp.c 11 Oct 2010 18:39:38 -0000 1.7 @@ -56,7 +56,7 @@ static rpmRC generateTest(rpmts ts, const char * text, int pubkey_algo, int hash_algo) { - pgpDig dig = pgpDigNew(0); + pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0); pgpDigParams pubp = pgpGetPubkey(dig); pgpDigParams sigp = pgpGetSignature(dig); rpmRC rc = RPMRC_OK; /* assume success */ @@ . patch -p0 <<'@@ .' Index: rpm/tests/trsa.c ============================================================================ $ cvs diff -u -r1.31 -r1.32 trsa.c --- rpm/tests/trsa.c 9 Jun 2010 02:29:06 -0000 1.31 +++ rpm/tests/trsa.c 11 Oct 2010 18:39:38 -0000 1.32 @@ -6209,7 +6209,7 @@ pgpImplVecs = &rpmbcImplVecs; -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); bc = dig->impl; return dig; @@ -6238,7 +6238,7 @@ pgpImplVecs = &rpmgcImplVecs; -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); gc = dig->impl; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); @@ -6279,7 +6279,7 @@ pgpImplVecs = &rpmnssImplVecs; -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); nss = dig->impl; return dig; @@ -6357,7 +6357,7 @@ RAND_seed(rnd_seed, sizeof(rnd_seed)); } -dig = pgpDigNew(0); +dig = pgpDigNew(RPMVSF_DEFAULT, 0); ssl = dig->impl; ssl->out = BIO_new_fp(stdout, BIO_NOCLOSE); @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org