RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 11-Oct-2010 20:39:38
Branch: HEAD Handle: 2010101118393404
Modified files:
rpm CHANGES
rpm/build build.c pack.c
rpm/js rpmdig-js.c
rpm/lib rpmchecksig.c
rpm/python rpmts-py.c
rpm/rpmdb hdrfmt.c pkgio.c signature.c
rpm/rpmio librpmio.vers rpmbc.c rpmhkp.c rpmpgp.c rpmpgp.h
tkey.c
rpm/tests tecdsa.c tkey.c tpgp.c trsa.c
Log:
- pgp: add a 2nd parameter to pgpDigNew to generate a keypair.
- rpmbc: refactor rpmbcExport{Pubkey,Signature} out of rpmbuild code.
Summary:
Revision Changes Path
1.3465 +2 -0 rpm/CHANGES
2.145 +3 -77 rpm/build/build.c
2.322 +0 -131 rpm/build/pack.c
1.5 +1 -1 rpm/js/rpmdig-js.c
1.239 +2 -2 rpm/lib/rpmchecksig.c
1.111 +1 -1 rpm/python/rpmts-py.c
1.149 +1 -1 rpm/rpmdb/hdrfmt.c
1.120 +2 -2 rpm/rpmdb/pkgio.c
1.68 +1 -1 rpm/rpmdb/signature.c
2.199 +3 -0 rpm/rpmio/librpmio.vers
2.35 +190 -0 rpm/rpmio/rpmbc.c
2.20 +1 -1 rpm/rpmio/rpmhkp.c
2.126 +19 -34 rpm/rpmio/rpmpgp.c
2.108 +9 -1 rpm/rpmio/rpmpgp.h
2.30 +4 -4 rpm/rpmio/tkey.c
1.23 +4 -4 rpm/tests/tecdsa.c
1.6 +2 -2 rpm/tests/tkey.c
1.7 +1 -1 rpm/tests/tpgp.c
1.32 +4 -4 rpm/tests/trsa.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3464 -r1.3465 CHANGES
--- rpm/CHANGES 11 Oct 2010 02:53:39 -0000 1.3464
+++ rpm/CHANGES 11 Oct 2010 18:39:34 -0000 1.3465
@@ -1,4 +1,6 @@
5.3.4 -> 5.4a1:
+ - jbj: pgp: add a 2nd parameter to pgpDigNew to generate a keypair.
+ - jbj: rpmbc: refactor rpmbcExport{Pubkey,Signature} out of rpmbuild
code.
- jbj: mongo: add --json to spew document structured metadata in JSON.
- jbj: mongo: add --qf templates for primary/filelists/other imports.
- jbj: spewage: add :jsonescape header format extension.
@@ .
patch -p0 <<'@@ .'
Index: rpm/build/build.c
============================================================================
$ cvs diff -u -r2.144 -r2.145 build.c
--- rpm/build/build.c 12 Sep 2010 22:21:06 -0000 2.144
+++ rpm/build/build.c 11 Oct 2010 18:39:35 -0000 2.145
@@ -10,9 +10,6 @@
#include <rpmcb.h>
#include <rpmsq.h>
-#include <rpmbc.h>
-#include <rpmhkp.h> /* XXX _rpmhkp_debug */
-
#define _RPMTAG_INTERNAL
#include <rpmbuild.h>
#include "signature.h" /* XXX rpmTempFile */
@@ -336,84 +333,13 @@
return rc;
}
-static int rpmbcExportPubkey(pgpDig dig)
-{
- uint8_t pkt[8192];
- uint8_t * be = pkt;
- size_t pktlen;
- time_t now = time(NULL);
- uint32_t bt = now;
- uint16_t bn;
- pgpDigParams pubp = pgpGetPubkey(dig);
- rpmbc bc = dig->impl;
- int xx;
-
- *be++ = 0x80 | (PGPTAG_PUBLIC_KEY << 2) | 0x01;
- be += 2;
-
- *be++ = 0x04;
- *be++ = (bt >> 24);
- *be++ = (bt >> 16);
- *be++ = (bt >> 8);
- *be++ = (bt );
- *be++ = pubp->pubkey_algo;
-
- bn = mpbits(bc->dsa_keypair.param.p.size, bc->dsa_keypair.param.p.modl);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = i2osp(be, bn/8, bc->dsa_keypair.param.p.modl,
bc->dsa_keypair.param.p.size);
- be += bn/8;
-
- bn = mpbits(bc->dsa_keypair.param.q.size, bc->dsa_keypair.param.q.modl);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = i2osp(be, bn/8, bc->dsa_keypair.param.q.modl,
bc->dsa_keypair.param.q.size);
- be += bn/8;
-
- bn = mpbits(bc->dsa_keypair.param.g.size, bc->dsa_keypair.param.g.data);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = i2osp(be, bn/8, bc->dsa_keypair.param.g.data,
bc->dsa_keypair.param.g.size);
- be += bn/8;
-
- bn = mpbits(bc->dsa_keypair.y.size, bc->dsa_keypair.y.data);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = i2osp(be, bn/8, bc->dsa_keypair.y.data, bc->dsa_keypair.y.size);
- be += bn/8;
-
- pktlen = (be - pkt);
- bn = pktlen - 3;
- pkt[1] = (bn >> 8);
- pkt[2] = (bn );
-
- xx = pgpPubkeyFingerprint(pkt, pktlen, pubp->signid);
-
- dig->pub = memcpy(xmalloc(pktlen), pkt, pktlen);
- dig->publen = pktlen;
-
- return 0;
-}
-
rpmRC buildSpec(rpmts ts, Spec spec, int what, int test)
{
rpmRC rc = RPMRC_OK;
- /* Generate a DSA keypair lazily */
- if (spec->dig == NULL) {
- pgpDig dig = pgpDigNew(0);
- pgpDigParams pubp = pgpGetPubkey(dig);
- int xx;
-
- pubp->pubkey_algo = PGPPUBKEYALGO_DSA;
- xx = pgpImplGenerate(dig);
-assert(xx == 1);
-
- if (pgpImplVecs == &rpmbcImplVecs)
- xx = rpmbcExportPubkey(dig);
-
- spec->dig = dig;
- }
+ /* Generate a keypair lazily. */
+ if (spec->dig == NULL)
+ spec->dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_DSA);
if (!spec->recursing && spec->BACount) {
int x;
@@ .
patch -p0 <<'@@ .'
Index: rpm/build/pack.c
============================================================================
$ cvs diff -u -r2.321 -r2.322 pack.c
--- rpm/build/pack.c 25 Jun 2010 18:39:44 -0000 2.321
+++ rpm/build/pack.c 11 Oct 2010 18:39:35 -0000 2.322
@@ -635,137 +635,6 @@
return (unsigned char) '\0';
}
-static int rpmbcExportSignature(pgpDig dig, /*...@only@*/ DIGEST_CTX ctx)
-{
- uint8_t pkt[8192];
- uint8_t * be = pkt;
- uint8_t * h;
- size_t pktlen;
- time_t now = time(NULL);
- uint32_t bt;
- uint16_t bn;
- pgpDigParams pubp = pgpGetPubkey(dig);
- pgpDigParams sigp = pgpGetSignature(dig);
- rpmbc bc = dig->impl;
- int xx;
-
- sigp->tag = PGPTAG_SIGNATURE;
- *be++ = 0x80 | (sigp->tag << 2) | 0x01;
- be += 2; /* pktlen */
-
- sigp->hash = be;
- *be++ = sigp->version = 0x04; /* version */
- *be++ = sigp->sigtype = PGPSIGTYPE_BINARY; /* sigtype */
- *be++ = sigp->pubkey_algo = pubp->pubkey_algo; /* pubkey_algo */
- *be++ = sigp->hash_algo; /* hash_algo */
-
- be += 2; /* skip hashd length */
- h = (uint8_t *) be;
-
- *be++ = 1 + 4; /* signature creation time */
- *be++ = PGPSUBTYPE_SIG_CREATE_TIME;
- bt = now;
- *be++ = sigp->time[0] = (bt >> 24);
- *be++ = sigp->time[1] = (bt >> 16);
- *be++ = sigp->time[2] = (bt >> 8);
- *be++ = sigp->time[3] = (bt );
-
- *be++ = 1 + 4; /* signature expiration time */
- *be++ = PGPSUBTYPE_SIG_EXPIRE_TIME;
- bt = 30 * 24 * 60 * 60; /* XXX 30 days from creation */
- *be++ = sigp->expire[0] = (bt >> 24);
- *be++ = sigp->expire[1] = (bt >> 16);
- *be++ = sigp->expire[2] = (bt >> 8);
- *be++ = sigp->expire[3] = (bt );
-
-/* key expiration time (only on a self-signature) */
-
- *be++ = 1 + 1; /* exportable certification */
- *be++ = PGPSUBTYPE_EXPORTABLE_CERT;
- *be++ = 0;
-
- *be++ = 1 + 1; /* revocable */
- *be++ = PGPSUBTYPE_REVOCABLE;
- *be++ = 0;
-
-/* notation data */
-
- sigp->hashlen = (be - h); /* set hashed length */
- h[-2] = (sigp->hashlen >> 8);
- h[-1] = (sigp->hashlen );
- sigp->hashlen += sizeof(struct pgpPktSigV4_s);
-
- if (sigp->hash != NULL)
- xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
-
- if (sigp->version == (rpmuint8_t) 4) {
- uint8_t trailer[6];
- trailer[0] = sigp->version;
- trailer[1] = (rpmuint8_t)0xff;
- trailer[2] = (sigp->hashlen >> 24);
- trailer[3] = (sigp->hashlen >> 16);
- trailer[4] = (sigp->hashlen >> 8);
- trailer[5] = (sigp->hashlen );
- xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
- }
-
- sigp->signhash16[0] = 0x00;
- sigp->signhash16[1] = 0x00;
- xx = pgpImplSetDSA(ctx, dig, sigp); /* XXX signhash16 check always
fails */
- h = bc->digest;
- sigp->signhash16[0] = h[0];
- sigp->signhash16[1] = h[1];
-
- xx = pgpImplSign(dig);
-assert(xx == 1);
-
- be += 2; /* skip unhashed length. */
- h = be;
-
- *be++ = 1 + 8; /* issuer key ID */
- *be++ = PGPSUBTYPE_ISSUER_KEYID;
- *be++ = pubp->signid[0];
- *be++ = pubp->signid[1];
- *be++ = pubp->signid[2];
- *be++ = pubp->signid[3];
- *be++ = pubp->signid[4];
- *be++ = pubp->signid[5];
- *be++ = pubp->signid[6];
- *be++ = pubp->signid[7];
-
- bt = (be - h); /* set unhashed length */
- h[-2] = (bt >> 8);
- h[-1] = (bt );
-
- *be++ = sigp->signhash16[0]; /* signhash16 */
- *be++ = sigp->signhash16[1];
-
- bn = mpbits(bc->r.size, bc->r.data);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
- xx = i2osp(be, bn/8, bc->r.data, bc->r.size);
- be += bn/8;
-
- bn = mpbits(bc->s.size, bc->s.data);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
- xx = i2osp(be, bn/8, bc->s.data, bc->s.size);
- be += bn/8;
-
- pktlen = (be - pkt); /* packet length */
- bn = pktlen - 3;
- pkt[1] = (bn >> 8);
- pkt[2] = (bn );
-
- dig->sig = memcpy(xmalloc(pktlen), pkt, pktlen);
- dig->siglen = pktlen;
-
- return 0;
-
-}
-
rpmRC writeRPM(Header *hdrp, unsigned char ** pkgidp, const char * fn,
CSA_t csa, char * passPhrase, const char ** cookie, void * _dig)
@@ .
patch -p0 <<'@@ .'
Index: rpm/js/rpmdig-js.c
============================================================================
$ cvs diff -u -r1.4 -r1.5 rpmdig-js.c
--- rpm/js/rpmdig-js.c 10 Jan 2010 18:29:12 -0000 1.4
+++ rpm/js/rpmdig-js.c 11 Oct 2010 18:39:35 -0000 1.5
@@ -146,7 +146,7 @@
static pgpDig
rpmdig_init(JSContext *cx, JSObject *obj)
{
- pgpDig dig = pgpDigNew(0);
+ pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0);
if (_debug)
fprintf(stderr, "==> %s(%p,%p) dig %p\n", __FUNCTION__, cx, obj, dig);
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmchecksig.c
============================================================================
$ cvs diff -u -r1.238 -r1.239 rpmchecksig.c
--- rpm/lib/rpmchecksig.c 23 Jun 2010 06:51:55 -0000 1.238
+++ rpm/lib/rpmchecksig.c 11 Oct 2010 18:39:36 -0000 1.239
@@ -162,7 +162,7 @@
he->tag = (rpmTag) sigtag;
xx = headerGet(sigh, he, 0);
if (xx && he->p.ptr != NULL) {
- pgpDig dig = pgpDigNew(0);
+ pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0);
/* XXX expose ppSignid() from rpmhkp.c? */
pgpPkt pp = alloca(sizeof(*pp));
@@ -526,7 +526,7 @@
goto exit;
/*...@=moduncon@*/
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
//* Validate the pubkey. */
@@ .
patch -p0 <<'@@ .'
Index: rpm/python/rpmts-py.c
============================================================================
$ cvs diff -u -r1.110 -r1.111 rpmts-py.c
--- rpm/python/rpmts-py.c 14 Dec 2009 01:52:10 -0000 1.110
+++ rpm/python/rpmts-py.c 11 Oct 2010 18:39:36 -0000 1.111
@@ -997,7 +997,7 @@
uh = PyString_AsString(blob);
uc = PyString_Size(blob);
- dig = pgpDigNew(rpmtsVSFlags(s->ts));
+ dig = pgpDigNew(rpmtsVSFlags(s->ts), 0);
rpmrc = headerCheck(dig, uh, uc, &msg);
dig = pgpDigFree(dig);
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/hdrfmt.c
============================================================================
$ cvs diff -u -r1.148 -r1.149 hdrfmt.c
--- rpm/rpmdb/hdrfmt.c 11 Oct 2010 02:53:40 -0000 1.148
+++ rpm/rpmdb/hdrfmt.c 11 Oct 2010 18:39:36 -0000 1.149
@@ -1413,7 +1413,7 @@
if (pktlen == 0 || tag != PGPTAG_SIGNATURE) {
val = xstrdup(_("(not an OpenPGP signature)"));
} else {
- pgpDig dig = pgpDigNew(0);
+ pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pgpDigParams sigp = pgpGetSignature(dig);
size_t nb = 0;
const char *tempstr;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/pkgio.c
============================================================================
$ cvs diff -u -r1.119 -r1.120 pkgio.c
--- rpm/rpmdb/pkgio.c 23 Jun 2010 16:14:53 -0000 1.119
+++ rpm/rpmdb/pkgio.c 11 Oct 2010 18:39:36 -0000 1.120
@@ -435,7 +435,7 @@
{
/*...@-mods@*/ /* FIX: hide lazy malloc for now */
if (ts->dig == NULL) {
- ts->dig = pgpDigNew(0);
+ ts->dig = pgpDigNew(RPMVSF_DEFAULT, 0);
/*...@-refcounttrans@*/
(void) pgpSetFindPubkey(ts->dig, (int (*)(void *, void
*))rpmtsFindPubkey, ts);
/*...@=refcounttrans@*/
@@ -1392,7 +1392,7 @@
/* Create (if not already) a signature parameters container. */
if (dig == NULL) {
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
(void) fdSetDig(fd, dig);
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/signature.c
============================================================================
$ cvs diff -u -r1.67 -r1.68 signature.c
--- rpm/rpmdb/signature.c 23 Jun 2010 04:03:58 -0000 1.67
+++ rpm/rpmdb/signature.c 11 Oct 2010 18:39:37 -0000 1.68
@@ -256,7 +256,7 @@
rpmlog(RPMLOG_DEBUG, D_("Got %u bytes of GPG sig\n"),
(unsigned)*pktlenp);
/* Parse the signature, change signature tag as appropriate. */
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
(void) pgpPrtPkts(*pktp, *pktlenp, dig, 0);
sigp = pgpGetSignature(dig);
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/librpmio.vers
============================================================================
$ cvs diff -u -r2.198 -r2.199 librpmio.vers
--- rpm/rpmio/librpmio.vers 29 Sep 2010 14:54:30 -0000 2.198
+++ rpm/rpmio/librpmio.vers 11 Oct 2010 18:39:37 -0000 2.199
@@ -309,6 +309,8 @@
rpmbagAdd;
rpmbagDel;
rpmbagNew;
+ rpmbcExportPubkey;
+ rpmbcExportSignature;
rpmbcImplVecs;
_rpmbf_debug;
rpmbfFree;
@@ -755,6 +757,7 @@
yarnJoin;
yarnJoinAll;
yarnLaunch;
+ yarnLaunchStack;
yarnMem;
yarnNewLock;
yarnPeekLock;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmbc.c
============================================================================
$ cvs diff -u -r2.34 -r2.35 rpmbc.c
--- rpm/rpmio/rpmbc.c 25 Jun 2010 18:39:44 -0000 2.34
+++ rpm/rpmio/rpmbc.c 11 Oct 2010 18:39:37 -0000 2.35
@@ -856,3 +856,193 @@
rpmbcMpiItem, rpmbcClean,
rpmbcFree, rpmbcInit
};
+
+int rpmbcExportPubkey(pgpDig dig)
+{
+ uint8_t pkt[8192];
+ uint8_t * be = pkt;
+ size_t pktlen;
+ time_t now = time(NULL);
+ uint32_t bt = now;
+ uint16_t bn;
+ pgpDigParams pubp = pgpGetPubkey(dig);
+ rpmbc bc = dig->impl;
+ int xx;
+
+ *be++ = 0x80 | (PGPTAG_PUBLIC_KEY << 2) | 0x01;
+ be += 2;
+
+ *be++ = 0x04;
+ *be++ = (bt >> 24);
+ *be++ = (bt >> 16);
+ *be++ = (bt >> 8);
+ *be++ = (bt );
+ *be++ = pubp->pubkey_algo;
+
+ bn = mpbits(bc->dsa_keypair.param.p.size, bc->dsa_keypair.param.p.modl);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = i2osp(be, bn/8, bc->dsa_keypair.param.p.modl,
bc->dsa_keypair.param.p.size);
+ be += bn/8;
+
+ bn = mpbits(bc->dsa_keypair.param.q.size, bc->dsa_keypair.param.q.modl);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = i2osp(be, bn/8, bc->dsa_keypair.param.q.modl,
bc->dsa_keypair.param.q.size);
+ be += bn/8;
+
+ bn = mpbits(bc->dsa_keypair.param.g.size, bc->dsa_keypair.param.g.data);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = i2osp(be, bn/8, bc->dsa_keypair.param.g.data,
bc->dsa_keypair.param.g.size);
+ be += bn/8;
+
+ bn = mpbits(bc->dsa_keypair.y.size, bc->dsa_keypair.y.data);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = i2osp(be, bn/8, bc->dsa_keypair.y.data, bc->dsa_keypair.y.size);
+ be += bn/8;
+
+ pktlen = (be - pkt);
+ bn = pktlen - 3;
+ pkt[1] = (bn >> 8);
+ pkt[2] = (bn );
+
+ xx = pgpPubkeyFingerprint(pkt, pktlen, pubp->signid);
+
+ dig->pub = memcpy(xmalloc(pktlen), pkt, pktlen);
+ dig->publen = pktlen;
+
+ return 0;
+}
+
+int rpmbcExportSignature(pgpDig dig, /*...@only@*/ DIGEST_CTX ctx)
+{
+ uint8_t pkt[8192];
+ uint8_t * be = pkt;
+ uint8_t * h;
+ size_t pktlen;
+ time_t now = time(NULL);
+ uint32_t bt;
+ uint16_t bn;
+ pgpDigParams pubp = pgpGetPubkey(dig);
+ pgpDigParams sigp = pgpGetSignature(dig);
+ rpmbc bc = dig->impl;
+ int xx;
+
+ sigp->tag = PGPTAG_SIGNATURE;
+ *be++ = 0x80 | (sigp->tag << 2) | 0x01;
+ be += 2; /* pktlen */
+
+ sigp->hash = be;
+ *be++ = sigp->version = 0x04; /* version */
+ *be++ = sigp->sigtype = PGPSIGTYPE_BINARY; /* sigtype */
+ *be++ = sigp->pubkey_algo = pubp->pubkey_algo; /* pubkey_algo */
+ *be++ = sigp->hash_algo; /* hash_algo */
+
+ be += 2; /* skip hashd length */
+ h = (uint8_t *) be;
+
+ *be++ = 1 + 4; /* signature creation time */
+ *be++ = PGPSUBTYPE_SIG_CREATE_TIME;
+ bt = now;
+ *be++ = sigp->time[0] = (bt >> 24);
+ *be++ = sigp->time[1] = (bt >> 16);
+ *be++ = sigp->time[2] = (bt >> 8);
+ *be++ = sigp->time[3] = (bt );
+
+ *be++ = 1 + 4; /* signature expiration time */
+ *be++ = PGPSUBTYPE_SIG_EXPIRE_TIME;
+ bt = 30 * 24 * 60 * 60; /* XXX 30 days from creation */
+ *be++ = sigp->expire[0] = (bt >> 24);
+ *be++ = sigp->expire[1] = (bt >> 16);
+ *be++ = sigp->expire[2] = (bt >> 8);
+ *be++ = sigp->expire[3] = (bt );
+
+/* key expiration time (only on a self-signature) */
+
+ *be++ = 1 + 1; /* exportable certification */
+ *be++ = PGPSUBTYPE_EXPORTABLE_CERT;
+ *be++ = 0;
+
+ *be++ = 1 + 1; /* revocable */
+ *be++ = PGPSUBTYPE_REVOCABLE;
+ *be++ = 0;
+
+/* notation data */
+
+ sigp->hashlen = (be - h); /* set hashed length */
+ h[-2] = (sigp->hashlen >> 8);
+ h[-1] = (sigp->hashlen );
+ sigp->hashlen += sizeof(struct pgpPktSigV4_s);
+
+ if (sigp->hash != NULL)
+ xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
+
+ if (sigp->version == (rpmuint8_t) 4) {
+ uint8_t trailer[6];
+ trailer[0] = sigp->version;
+ trailer[1] = (rpmuint8_t)0xff;
+ trailer[2] = (sigp->hashlen >> 24);
+ trailer[3] = (sigp->hashlen >> 16);
+ trailer[4] = (sigp->hashlen >> 8);
+ trailer[5] = (sigp->hashlen );
+ xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
+ }
+
+ sigp->signhash16[0] = 0x00;
+ sigp->signhash16[1] = 0x00;
+ xx = pgpImplSetDSA(ctx, dig, sigp); /* XXX signhash16 check always
fails */
+ h = bc->digest;
+ sigp->signhash16[0] = h[0];
+ sigp->signhash16[1] = h[1];
+
+ xx = pgpImplSign(dig);
+assert(xx == 1);
+
+ be += 2; /* skip unhashed length. */
+ h = be;
+
+ *be++ = 1 + 8; /* issuer key ID */
+ *be++ = PGPSUBTYPE_ISSUER_KEYID;
+ *be++ = pubp->signid[0];
+ *be++ = pubp->signid[1];
+ *be++ = pubp->signid[2];
+ *be++ = pubp->signid[3];
+ *be++ = pubp->signid[4];
+ *be++ = pubp->signid[5];
+ *be++ = pubp->signid[6];
+ *be++ = pubp->signid[7];
+
+ bt = (be - h); /* set unhashed length */
+ h[-2] = (bt >> 8);
+ h[-1] = (bt );
+
+ *be++ = sigp->signhash16[0]; /* signhash16 */
+ *be++ = sigp->signhash16[1];
+
+ bn = mpbits(bc->r.size, bc->r.data);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8);
+ *be++ = (bn );
+ xx = i2osp(be, bn/8, bc->r.data, bc->r.size);
+ be += bn/8;
+
+ bn = mpbits(bc->s.size, bc->s.data);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8);
+ *be++ = (bn );
+ xx = i2osp(be, bn/8, bc->s.data, bc->s.size);
+ be += bn/8;
+
+ pktlen = (be - pkt); /* packet length */
+ bn = pktlen - 3;
+ pkt[1] = (bn >> 8);
+ pkt[2] = (bn );
+
+ dig->sig = memcpy(xmalloc(pktlen), pkt, pktlen);
+ dig->siglen = pktlen;
+
+ return 0;
+
+}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmhkp.c
============================================================================
$ cvs diff -u -r2.19 -r2.20 rpmhkp.c
--- rpm/rpmio/rpmhkp.c 23 Jun 2010 16:14:53 -0000 2.19
+++ rpm/rpmio/rpmhkp.c 11 Oct 2010 18:39:37 -0000 2.20
@@ -780,7 +780,7 @@
static int rpmhkpVerify(rpmhkp hkp, pgpPkt pp)
{
- pgpDig dig = pgpDigNew(0);
+ pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pgpDigParams sigp = pgpGetSignature(dig);
pgpDigParams pubp = pgpGetPubkey(dig);
DIGEST_CTX ctx = NULL;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.c
============================================================================
$ cvs diff -u -r2.125 -r2.126 rpmpgp.c
--- rpm/rpmio/rpmpgp.c 12 Aug 2010 18:55:34 -0000 2.125
+++ rpm/rpmio/rpmpgp.c 11 Oct 2010 18:39:37 -0000 2.126
@@ -1194,46 +1194,31 @@
NULL, NULL, pgpDigFini);
pool = _digPool;
}
- return (pgpDig) rpmioGetPool(pool, sizeof(*dig));
+
+ dig = (pgpDig) rpmioGetPool(pool, sizeof(*dig));
+ memset(((char *)dig)+sizeof(dig->_item), 0,
sizeof(*dig)-sizeof(dig->_item));
+ return dig;
}
-pgpDig pgpDigNew(/*...@unused@*/ pgpVSFlags vsflags)
+pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
{
- pgpDig dig = digGetPool(_digPool);
- memset(&dig->signature, 0, sizeof(dig->signature));
- memset(&dig->pubkey, 0, sizeof(dig->pubkey));
- dig->pubkey_algoN = NULL;
- dig->hash_algoN = NULL;
-
- dig->sigtag = 0;
- dig->sigtype = 0;
- dig->sig = NULL;
- dig->siglen = 0;
- dig->pub = NULL;
- dig->publen = 0;
-
- dig->vsflags = pgpDigVSFlags;
- memset(&dig->dops, 0, sizeof(dig->dops));
- memset(&dig->sops, 0, sizeof(dig->sops));
- dig->findPubkey = NULL;
- dig->_ts = NULL;
- dig->ppkts = NULL;
- dig->npkts = 0;
- dig->nbytes = 0;
-
- dig->sha1ctx = NULL;
- dig->hdrsha1ctx = NULL;
- dig->sha1 = NULL;
- dig->sha1len = 0;
-
- dig->md5ctx = NULL;
- dig->hdrctx = NULL;
- dig->md5 = NULL;
- dig->md5len = 0;
+ pgpDig dig = pgpDigLink( digGetPool(_digPool) );
+ pgpDigParams pubp = pgpGetPubkey(dig);
+ /* XXX FIXME: always set default flags, ignore the arg. */
+ dig->vsflags = (vsflags != RPMVSF_DEFAULT ? vsflags : pgpDigVSFlags);
dig->impl = pgpImplInit();
+ /* XXX FIXME: always set default pubkey_algo, ignore the arg. */
+ pubp->pubkey_algo = pubkey_algo;
- return pgpDigLink(dig);
+ if (pubp->pubkey_algo) {
+ int xx = pgpImplGenerate(dig);
+assert(xx == 1);
+ /* XXX FIXME: limited to DSA from BeeCrypt for now. */
+ if (pgpImplVecs == &rpmbcImplVecs)
+ xx = rpmbcExportPubkey(dig);
+ }
+ return dig;
}
pgpDigParams pgpGetSignature(pgpDig dig)
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.h
============================================================================
$ cvs diff -u -r2.107 -r2.108 rpmpgp.h
--- rpm/rpmio/rpmpgp.h 23 Jun 2010 15:53:34 -0000 2.107
+++ rpm/rpmio/rpmpgp.h 11 Oct 2010 18:39:37 -0000 2.108
@@ -1470,12 +1470,19 @@
/** \ingroup rpmpgp
* Create a container for parsed OpenPGP packates.
+ * Generate a keypair (if requested).
+ * @param vsflags verify signature flags (usually 0)
+ * @param pubkey_algo pubkey algorithm (0 disables)
* @return container
*/
/*...@relnull@*/
-pgpDig pgpDigNew(/*...@unused@*/ pgpVSFlags vsflags)
+pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
/*...@globals fileSystem @*/
/*...@modifies fileSystem @*/;
+int rpmbcExportPubkey(pgpDig dig)
+ /*...@*/;
+int rpmbcExportSignature(pgpDig dig, /*...@only@*/ DIGEST_CTX ctx)
+ /*...@*/;
/** \ingroup rpmpgp
* Release (malloc'd) data from container.
@@ -1900,6 +1907,7 @@
}
/*...@=mustmod@*/
+
#ifdef __cplusplus
}
#endif
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/tkey.c
============================================================================
$ cvs diff -u -r2.29 -r2.30 tkey.c
--- rpm/rpmio/tkey.c 1 Jun 2010 22:00:28 -0000 2.29
+++ rpm/rpmio/tkey.c 11 Oct 2010 18:39:37 -0000 2.30
@@ -93,7 +93,7 @@
pgpImplVecs = &rpmbcImplVecs;
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
bc = dig->impl;
@@ -114,7 +114,7 @@
pgpImplVecs = testImplVecs;
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
@@ -145,7 +145,7 @@
pgpImplVecs = testImplVecs;
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
@@ -176,7 +176,7 @@
pgpImplVecs = testImplVecs;
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
@@ .
patch -p0 <<'@@ .'
Index: rpm/tests/tecdsa.c
============================================================================
$ cvs diff -u -r1.22 -r1.23 tecdsa.c
--- rpm/tests/tecdsa.c 9 Jun 2010 19:19:45 -0000 1.22
+++ rpm/tests/tecdsa.c 11 Oct 2010 18:39:38 -0000 1.23
@@ -1731,7 +1731,7 @@
rpmbc bc;
pgpImplVecs = &rpmbcImplVecs;
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
bc = dig->impl;
return dig;
@@ -1755,7 +1755,7 @@
pgpImplVecs = &rpmgcImplVecs;
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
gc = dig->impl;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
@@ -1787,7 +1787,7 @@
pgpImplVecs = &rpmnssImplVecs;
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
nss = dig->impl;
return dig;
@@ -1836,7 +1836,7 @@
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
ssl = dig->impl;
ssl->out = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ .
patch -p0 <<'@@ .'
Index: rpm/tests/tkey.c
============================================================================
$ cvs diff -u -r1.5 -r1.6 tkey.c
--- rpm/tests/tkey.c 1 Jun 2010 22:00:30 -0000 1.5
+++ rpm/tests/tkey.c 11 Oct 2010 18:39:38 -0000 1.6
@@ -127,7 +127,7 @@
rpmRC rc;
pgpImplVecs = &rpmbcImplVecs;
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pgpDigParams pubp = pgpGetPubkey(dig);
pubp->pubkey_algo = PGPPUBKEYALGO_DSA;
bc = dig->impl;
@@ -213,7 +213,7 @@
pgpImplVecs = testImplVecs;
- dig = pgpDigNew(0);
+ dig = pgpDigNew(RPMVSF_DEFAULT, 0);
fprintf(stderr, "=============================== %s Public Key\n", sigtype);
if ((rc = doit(pubstr, dig, printing)) != 0) {
@@ .
patch -p0 <<'@@ .'
Index: rpm/tests/tpgp.c
============================================================================
$ cvs diff -u -r1.6 -r1.7 tpgp.c
--- rpm/tests/tpgp.c 19 Jun 2010 18:03:17 -0000 1.6
+++ rpm/tests/tpgp.c 11 Oct 2010 18:39:38 -0000 1.7
@@ -56,7 +56,7 @@
static
rpmRC generateTest(rpmts ts, const char * text, int pubkey_algo, int
hash_algo)
{
- pgpDig dig = pgpDigNew(0);
+ pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pgpDigParams pubp = pgpGetPubkey(dig);
pgpDigParams sigp = pgpGetSignature(dig);
rpmRC rc = RPMRC_OK; /* assume success */
@@ .
patch -p0 <<'@@ .'
Index: rpm/tests/trsa.c
============================================================================
$ cvs diff -u -r1.31 -r1.32 trsa.c
--- rpm/tests/trsa.c 9 Jun 2010 02:29:06 -0000 1.31
+++ rpm/tests/trsa.c 11 Oct 2010 18:39:38 -0000 1.32
@@ -6209,7 +6209,7 @@
pgpImplVecs = &rpmbcImplVecs;
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
bc = dig->impl;
return dig;
@@ -6238,7 +6238,7 @@
pgpImplVecs = &rpmgcImplVecs;
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
gc = dig->impl;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
@@ -6279,7 +6279,7 @@
pgpImplVecs = &rpmnssImplVecs;
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
nss = dig->impl;
return dig;
@@ -6357,7 +6357,7 @@
RAND_seed(rnd_seed, sizeof(rnd_seed));
}
-dig = pgpDigNew(0);
+dig = pgpDigNew(RPMVSF_DEFAULT, 0);
ssl = dig->impl;
ssl->out = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
