[prev in list] [next in list] [prev in thread] [next in thread]
List: rpm-cvs
Subject: [CVS] RPM: rpm-5_4: rpm/ CHANGES rpm/rpmio/ rpmgc.c
From: "Jeff Johnson" <jbj () rpm5 ! org>
Date: 2014-04-25 2:35:34
Message-ID: 20140425023534.86AE05361A () rpm5 ! org
[Download RAW message or body]
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 25-Apr-2014 04:35:34
Branch: rpm-5_4 Handle: 2014042502353202
Modified files: (Branch: rpm-5_4)
rpm CHANGES
rpm/rpmio rpmgc.c
Log:
- gc: update to current conventions, add non-repudiable RSA
signatures.
Summary:
Revision Changes Path
1.3501.2.368+1 -0 rpm/CHANGES
2.34.2.7 +123 -65 rpm/rpmio/rpmgc.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.3501.2.367 -r1.3501.2.368 CHANGES
--- rpm/CHANGES 23 Apr 2014 22:29:37 -0000 1.3501.2.367
+++ rpm/CHANGES 25 Apr 2014 02:35:32 -0000 1.3501.2.368
@@ -1,4 +1,5 @@
5.4.14 -> 5.4.15:
+ - jbj: gc: update to current conventions, add non-repudiable RSA signatures.
- jbj: ssl: fix: use ssl->pkey->pkey.dsa, not ssl->dsa, for pubkey export.
- jbj: pgp: configurable non-repudiable signature pubkey/hash algos.
- jbj: pgp: set pubkey/hash algo's as early as possible.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmgc.c
============================================================================
$ cvs diff -u -r2.34.2.6 -r2.34.2.7 rpmgc.c
--- rpm/rpmio/rpmgc.c 18 Apr 2014 18:45:55 -0000 2.34.2.6
+++ rpm/rpmio/rpmgc.c 25 Apr 2014 02:35:34 -0000 2.34.2.7
@@ -34,8 +34,8 @@
#define SPEW(_t, _rc, _dig) \
{ if ((_t) || _rpmgc_debug || _pgp_debug < 0) \
- fprintf(stderr, "<-- %s(%p) %s\t%s\n", __FUNCTION__, (_dig), \
- ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN); \
+ fprintf(stderr, "<-- %s(%p) %s\t%s/%s\n", __FUNCTION__, (_dig), \
+ ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN, (_dig)->hash_algoN); \
}
/*==============================================================*/
@@ -216,16 +216,6 @@
/*==============================================================*/
-static const char * rpmgcHashAlgo2Name(uint32_t algo)
-{
- return pgpValStr(pgpHashTbl, (rpmuint8_t)algo);
-}
-
-static const char * rpmgcPubkeyAlgo2Name(uint32_t algo)
-{
- return pgpValStr(pgpPubkeyTbl, (rpmuint8_t)algo);
-}
-
static void fail(const char *format, ...)
{
va_list arg_ptr;
@@ -272,8 +262,8 @@
int rc = 1; /* assume error */
int xx;
pgpDigParams pubp = pgpGetPubkey(dig);
-dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
-dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
+dig->pubkey_algoN = pgpPubkeyAlgo2Name(pubp->pubkey_algo);
+dig->hash_algoN = pgpHashAlgo2Name(sigp->hash_algo);
switch (sigp->hash_algo) {
case PGPHASHALGO_MD5:
@@ -329,6 +319,9 @@
{ const rpmuint8_t *s = (const rpmuint8_t *) gc->digest;
const rpmuint8_t *t = sigp->signhash16;
rc = memcmp(s, t, sizeof(sigp->signhash16));
+ /* XXX FIXME: avoid spurious "BAD" error msg while signing. */
+ if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
+ rc = 0;
}
exit:
@@ -349,8 +342,8 @@
int rc;
int xx;
pgpDigParams pubp = pgpGetPubkey(dig);
-dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
-dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
+dig->pubkey_algoN = pgpPubkeyAlgo2Name(pubp->pubkey_algo);
+dig->hash_algoN = pgpHashAlgo2Name(sigp->hash_algo);
assert(sigp->hash_algo == rpmDigestAlgo(ctx));
xx = rpmDigestFinal(ctx, (void **)&gc->digest, &gc->digestlen, 0);
@@ -389,8 +382,8 @@
int rc = 0; /* XXX always fail. */
int xx;
pgpDigParams pubp = pgpGetPubkey(dig);
-dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
-dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
+dig->pubkey_algoN = pgpPubkeyAlgo2Name(pubp->pubkey_algo);
+dig->hash_algoN = pgpHashAlgo2Name(sigp->hash_algo);
assert(sigp->hash_algo == rpmDigestAlgo(ctx));
xx = rpmDigestFinal(ctx, (void **)&gc->digest, &gc->digestlen, 0);
@@ -412,6 +405,10 @@
/* Compare leading 16 bits of digest for quick check. */
rc = memcmp(gc->digest, sigp->signhash16, sizeof(sigp->signhash16));
+ /* XXX FIXME: avoid spurious "BAD" error msg while signing. */
+ if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
+ rc = 0;
+
SPEW(0, !rc, dig);
return rc;
}
@@ -425,8 +422,8 @@
gpg_error_t err;
int xx;
pgpDigParams pubp = pgpGetPubkey(dig);
-dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
-dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
+dig->pubkey_algoN = pgpPubkeyAlgo2Name(pubp->pubkey_algo);
+dig->hash_algoN = pgpHashAlgo2Name(sigp->hash_algo);
assert(sigp->hash_algo == rpmDigestAlgo(ctx));
gc->digest = _free(gc->digest);
@@ -450,6 +447,10 @@
/* Compare leading 16 bits of digest for quick check. */
rc = memcmp(gc->digest, sigp->signhash16, sizeof(sigp->signhash16));
+ /* XXX FIXME: avoid spurious "BAD" error msg while signing. */
+ if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
+ rc = 0;
+
SPEW(0, !rc, dig);
return rc;
}
@@ -516,8 +517,8 @@
int rc;
pgpDigParams pubp = pgpGetPubkey(dig);
pgpDigParams sigp = pgpGetSignature(dig);
-dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
-dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
+dig->pubkey_algoN = pgpPubkeyAlgo2Name(pubp->pubkey_algo);
+dig->hash_algoN = pgpHashAlgo2Name(sigp->hash_algo);
if (gc->sig == NULL) {
pgpDigParams pubp = pgpGetPubkey(dig);
@@ -640,8 +641,8 @@
int rc;
pgpDigParams pubp = pgpGetPubkey(dig);
pgpDigParams sigp = pgpGetSignature(dig);
-dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
-dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
+dig->pubkey_algoN = pgpPubkeyAlgo2Name(pubp->pubkey_algo);
+dig->hash_algoN = pgpHashAlgo2Name(sigp->hash_algo);
/* Sign the hash. */
gc->err = rpmgcErr(gc, "gcry_pk_sign",
@@ -662,7 +663,7 @@
rpmgc gc = (rpmgc) dig->impl;
int rc;
pgpDigParams pubp = pgpGetPubkey(dig);
-dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
+dig->pubkey_algoN = pgpPubkeyAlgo2Name(pubp->pubkey_algo);
/* XXX FIXME: gc->{key_spec,key_pair} could be local. */
/* XXX FIXME: gc->qbits w DSA? curve w ECDSA? other params? */
@@ -1134,6 +1135,7 @@
uint16_t bn;
pgpDigParams pubp = pgpGetPubkey(dig);
rpmgc gc = (rpmgc) dig->impl;
+ int rc = 0; /* assume failure */
int xx;
*be++ = 0x80 | (PGPTAG_PUBLIC_KEY << 2) | 0x01;
@@ -1146,35 +1148,59 @@
*be++ = (bt );
*be++ = pubp->pubkey_algo;
+ switch (pubp->pubkey_algo) {
+ default:
+assert(0);
+ break;
+ case PGPPUBKEYALGO_RSA:
+assert(gc->pub_key);
+xx = gcry_sexp_extract_param (gc->pub_key, NULL, "n e", &gc->n, &gc->e, NULL);
+assert(gc->n);
+assert(gc->e);
+ bn = gcry_mpi_get_nbits(gc->n);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->n);
+ be += bn/8;
+
+ bn = gcry_mpi_get_nbits(gc->e);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->e);
+ be += bn/8;
+ break;
+ case PGPPUBKEYALGO_DSA:
assert(gc->pub_key);
xx = gcry_sexp_extract_param (gc->pub_key, NULL, "p q g y", &gc->p, &gc->q, &gc->g, &gc->y, NULL);
assert(gc->p);
assert(gc->q);
assert(gc->g);
assert(gc->y);
- bn = gcry_mpi_get_nbits(gc->p);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->p);
- be += bn/8;
-
- bn = gcry_mpi_get_nbits(gc->q);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->q);
- be += bn/8;
-
- bn = gcry_mpi_get_nbits(gc->g);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->g);
- be += bn/8;
-
- bn = gcry_mpi_get_nbits(gc->y);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8); *be++ = (bn );
- xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->y);
- be += bn/8;
+ bn = gcry_mpi_get_nbits(gc->p);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->p);
+ be += bn/8;
+
+ bn = gcry_mpi_get_nbits(gc->q);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->q);
+ be += bn/8;
+
+ bn = gcry_mpi_get_nbits(gc->g);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->g);
+ be += bn/8;
+
+ bn = gcry_mpi_get_nbits(gc->y);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8); *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->y);
+ be += bn/8;
+ break;
+ }
pktlen = (be - pkt);
bn = pktlen - 3;
@@ -1185,8 +1211,10 @@
dig->pub = memcpy(xmalloc(pktlen), pkt, pktlen);
dig->publen = pktlen;
+ rc = 1;
- return 0;
+SPEW(!rc, rc, dig);
+ return rc;
}
int rpmgcExportSignature(pgpDig dig, /*@only@*/ DIGEST_CTX ctx)
@@ -1200,6 +1228,7 @@
uint16_t bn;
pgpDigParams pubp = pgpGetPubkey(dig);
pgpDigParams sigp = pgpGetSignature(dig);
+ int rc = 0; /* assume failure */
rpmgc gc = (rpmgc) dig->impl;
int xx;
@@ -1265,7 +1294,17 @@
sigp->signhash16[0] = 0x00;
sigp->signhash16[1] = 0x00;
- xx = pgpImplSetDSA(ctx, dig, sigp); /* XXX signhash16 check always fails */
+ switch (pubp->pubkey_algo) {
+ default:
+assert(0);
+ break;
+ case PGPPUBKEYALGO_RSA:
+ xx = pgpImplSetRSA(ctx, dig, sigp); /* XXX signhash16 check fails */
+ break;
+ case PGPPUBKEYALGO_DSA:
+ xx = pgpImplSetDSA(ctx, dig, sigp); /* XXX signhash16 check fails */
+ break;
+ }
h = (uint8_t *) gc->digest;
sigp->signhash16[0] = h[0];
sigp->signhash16[1] = h[1];
@@ -1295,23 +1334,41 @@
*be++ = sigp->signhash16[0]; /* signhash16 */
*be++ = sigp->signhash16[1];
+ switch (pubp->pubkey_algo) {
+ default:
+assert(0);
+ break;
+ case PGPPUBKEYALGO_RSA:
+assert(gc->sig);
+xx = gcry_sexp_extract_param (gc->sig, NULL, "s", &gc->c, NULL);
+assert(gc->c);
+ bn = gcry_mpi_get_nbits(gc->c);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8);
+ *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->c);
+ be += bn/8;
+ break;
+ case PGPPUBKEYALGO_DSA:
assert(gc->sig);
xx = gcry_sexp_extract_param (gc->sig, NULL, "r s", &gc->r, &gc->s, NULL);
assert(gc->r);
assert(gc->s);
- bn = gcry_mpi_get_nbits(gc->r);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
- xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->r);
- be += bn/8;
-
- bn = gcry_mpi_get_nbits(gc->s);
- bn += 7; bn &= ~7;
- *be++ = (bn >> 8);
- *be++ = (bn );
- xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->s);
- be += bn/8;
+ bn = gcry_mpi_get_nbits(gc->r);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8);
+ *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->r);
+ be += bn/8;
+
+ bn = gcry_mpi_get_nbits(gc->s);
+ bn += 7; bn &= ~7;
+ *be++ = (bn >> 8);
+ *be++ = (bn );
+ xx = gcry_mpi_print(GCRYMPI_FMT_USG, be, bn/8, NULL, gc->s);
+ be += bn/8;
+ break;
+ }
pktlen = (be - pkt); /* packet length */
bn = pktlen - 3;
@@ -1320,9 +1377,10 @@
dig->sig = memcpy(xmalloc(pktlen), pkt, pktlen);
dig->siglen = pktlen;
+ rc = 1;
- return 0;
-
+SPEW(!rc, rc, dig);
+ return rc;
}
#endif /* WITH_GCRYPT */
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic