Main Page | Modules | Data Structures | Directories | File List | Data Fields | Globals | Related Pages
lib

signature.c

Go to the documentation of this file.
00001 
00005 #include "system.h"
00006 
00007 #include "rpmio_internal.h"
00008 #include <rpmlib.h>
00009 #include <rpmmacro.h>   /* XXX for rpmGetPath() */
00010 #include "rpmdb.h"
00011 
00012 #include "rpmts.h"
00013 
00014 #include "misc.h"       /* XXX for dosetenv() and makeTempFile() */
00015 #include "legacy.h"     /* XXX for mdbinfile() */
00016 #include "rpmlead.h"
00017 #include "signature.h"
00018 #include "header_internal.h"
00019 #include "debug.h"
00020 
00021 /*@access FD_t@*/               /* XXX ufdio->read arg1 is void ptr */
00022 /*@access Header@*/             /* XXX compared with NULL */
00023 /*@access entryInfo @*/         /* XXX rpmReadSignature */
00024 /*@access indexEntry @*/        /* XXX rpmReadSignature */
00025 /*@access DIGEST_CTX@*/         /* XXX compared with NULL */
00026 /*@access pgpDig@*/
00027 /*@access pgpDigParams@*/
00028 
00029 #if !defined(__GLIBC__)
00030 char ** environ = NULL;
00031 #endif
00032 
00033 int rpmLookupSignatureType(int action)
00034 {
00035     /*@unchecked@*/
00036     static int disabled = 0;
00037     int rc = 0;
00038 
00039     switch (action) {
00040     case RPMLOOKUPSIG_DISABLE:
00041         disabled = -2;
00042         break;
00043     case RPMLOOKUPSIG_ENABLE:
00044         disabled = 0;
00045         /*@fallthrough@*/
00046     case RPMLOOKUPSIG_QUERY:
00047         if (disabled)
00048             break;      /* Disabled */
00049 /*@-boundsread@*/
00050       { const char *name = rpmExpand("%{?_signature}", NULL);
00051         if (!(name && *name != '\0'))
00052             rc = 0;
00053         else if (!xstrcasecmp(name, "none"))
00054             rc = 0;
00055         else if (!xstrcasecmp(name, "pgp"))
00056             rc = RPMSIGTAG_PGP;
00057         else if (!xstrcasecmp(name, "pgp5"))    /* XXX legacy */
00058             rc = RPMSIGTAG_PGP;
00059         else if (!xstrcasecmp(name, "gpg"))
00060             rc = RPMSIGTAG_GPG;
00061         else
00062             rc = -1;    /* Invalid %_signature spec in macro file */
00063         name = _free(name);
00064       } break;
00065 /*@=boundsread@*/
00066     }
00067     return rc;
00068 }
00069 
00070 /* rpmDetectPGPVersion() returns the absolute path to the "pgp"  */
00071 /* executable of the requested version, or NULL when none found. */
00072 
00073 const char * rpmDetectPGPVersion(pgpVersion * pgpVer)
00074 {
00075     /* Actually this should support having more then one pgp version. */
00076     /* At the moment only one version is possible since we only       */
00077     /* have one %_pgpbin and one %_pgp_path.                          */
00078 
00079     static pgpVersion saved_pgp_version = PGP_UNKNOWN;
00080     const char *pgpbin = rpmGetPath("%{?_pgpbin}", NULL);
00081 
00082     if (saved_pgp_version == PGP_UNKNOWN) {
00083         char *pgpvbin;
00084         struct stat st;
00085 
00086 /*@-boundsread@*/
00087         if (!(pgpbin && pgpbin[0] != '\0')) {
00088             pgpbin = _free(pgpbin);
00089             saved_pgp_version = -1;
00090             return NULL;
00091         }
00092 /*@=boundsread@*/
00093 /*@-boundswrite@*/
00094         pgpvbin = (char *)alloca(strlen(pgpbin) + sizeof("v"));
00095         (void)stpcpy(stpcpy(pgpvbin, pgpbin), "v");
00096 /*@=boundswrite@*/
00097 
00098         if (stat(pgpvbin, &st) == 0)
00099             saved_pgp_version = PGP_5;
00100         else if (stat(pgpbin, &st) == 0)
00101             saved_pgp_version = PGP_2;
00102         else
00103             saved_pgp_version = PGP_NOTDETECTED;
00104     }
00105 
00106 /*@-boundswrite@*/
00107     if (pgpVer && pgpbin)
00108         *pgpVer = saved_pgp_version;
00109 /*@=boundswrite@*/
00110     return pgpbin;
00111 }
00112 
00122 static inline rpmRC printSize(FD_t fd, int siglen, int pad, int datalen)
00123         /*@globals fileSystem @*/
00124         /*@modifies fileSystem @*/
00125 {
00126     struct stat st;
00127 
00128     if (fstat(Fileno(fd), &st) < 0)
00129         return RPMRC_FAIL;
00130 
00131     /*@-sizeoftype@*/
00132     rpmMessage(RPMMESS_DEBUG,
00133         _("Expected size: %12d = lead(%d)+sigs(%d)+pad(%d)+data(%d)\n"),
00134                 (int)sizeof(struct rpmlead)+siglen+pad+datalen,
00135                 (int)sizeof(struct rpmlead), siglen, pad, datalen);
00136     /*@=sizeoftype@*/
00137     rpmMessage(RPMMESS_DEBUG,
00138         _("  Actual size: %12d\n"), (int)st.st_size);
00139 
00140     return RPMRC_OK;
00141 }
00142 
00143 /*@unchecked@*/
00144 static unsigned char header_magic[8] = {
00145     0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00
00146 };
00147 
00148 rpmRC rpmReadSignature(FD_t fd, Header * sighp, sigType sig_type,
00149                 const char ** msg)
00150 {
00151     char buf[BUFSIZ];
00152     int_32 block[4];
00153     int_32 il;
00154     int_32 dl;
00155     int_32 * ei = NULL;
00156     entryInfo pe;
00157     size_t nb;
00158     int_32 ril = 0;
00159     indexEntry entry = memset(alloca(sizeof(*entry)), 0, sizeof(*entry));
00160     entryInfo info = memset(alloca(sizeof(*info)), 0, sizeof(*info));
00161     unsigned char * dataStart;
00162     unsigned char * dataEnd = NULL;
00163     Header sigh = NULL;
00164     rpmRC rc = RPMRC_FAIL;              /* assume failure */
00165     int xx;
00166     int i;
00167 
00168 /*@-boundswrite@*/
00169     if (sighp)
00170         *sighp = NULL;
00171 
00172     buf[0] = '\0';
00173 /*@=boundswrite@*/
00174 
00175     if (sig_type != RPMSIGTYPE_HEADERSIG)
00176         goto exit;
00177 
00178     memset(block, 0, sizeof(block));
00179     if ((xx = timedRead(fd, (char *)block, sizeof(block))) != sizeof(block)) {
00180         (void) snprintf(buf, sizeof(buf),
00181                 _("sigh size(%d): BAD, read returned %d\n"), (int)sizeof(block), xx);
00182         goto exit;
00183     }
00184     if (memcmp(block, header_magic, sizeof(header_magic))) {
00185         (void) snprintf(buf, sizeof(buf),
00186                 _("sigh magic: BAD\n"));
00187         goto exit;
00188     }
00189 /*@-boundsread@*/
00190     il = ntohl(block[2]);
00191 /*@=boundsread@*/
00192     if (il < 0 || il > 32) {
00193         (void) snprintf(buf, sizeof(buf),
00194                 _("sigh tags: BAD, no. of tags(%d) out of range\n"), il);
00195         goto exit;
00196     }
00197 /*@-boundsread@*/
00198     dl = ntohl(block[3]);
00199 /*@=boundsread@*/
00200     if (dl < 0 || dl > 8192) {
00201         (void) snprintf(buf, sizeof(buf),
00202                 _("sigh data: BAD, no. of  bytes(%d) out of range\n"), dl);
00203         goto exit;
00204     }
00205 
00206 /*@-sizeoftype@*/
00207     nb = (il * sizeof(struct entryInfo_s)) + dl;
00208 /*@=sizeoftype@*/
00209     ei = xmalloc(sizeof(il) + sizeof(dl) + nb);
00210 /*@-bounds@*/
00211     ei[0] = block[2];
00212     ei[1] = block[3];
00213     pe = (entryInfo) &ei[2];
00214 /*@=bounds@*/
00215     dataStart = (unsigned char *) (pe + il);
00216     if ((xx = timedRead(fd, (char *)pe, nb)) != nb) {
00217         (void) snprintf(buf, sizeof(buf),
00218                 _("sigh blob(%d): BAD, read returned %d\n"), (int)nb, xx);
00219         goto exit;
00220     }
00221     
00222     /* Check (and convert) the 1st tag element. */
00223     xx = headerVerifyInfo(1, dl, pe, &entry->info, 0);
00224     if (xx != -1) {
00225         (void) snprintf(buf, sizeof(buf),
00226                 _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
00227                 0, entry->info.tag, entry->info.type,
00228                 entry->info.offset, entry->info.count);
00229         goto exit;
00230     }
00231 
00232     /* Is there an immutable header region tag? */
00233     if (entry->info.tag == RPMTAG_HEADERSIGNATURES) {
00234         /* Is the region tag sane? */
00235         if (!(entry->info.type == REGION_TAG_TYPE &&
00236               entry->info.count == REGION_TAG_COUNT)) {
00237             (void) snprintf(buf, sizeof(buf),
00238                     _("region tag: BAD, tag %d type %d offset %d count %d\n"),
00239                     entry->info.tag, entry->info.type,
00240                     entry->info.offset, entry->info.count);
00241             goto exit;
00242         }
00243 
00244         if (entry->info.offset + REGION_TAG_COUNT > dl) {
00245             (void) snprintf(buf, sizeof(buf),
00246                 _("region offset: BAD, tag %d type %d offset %d count %d\n"),
00247                 entry->info.tag, entry->info.type,
00248                 entry->info.offset, entry->info.count);
00249             goto exit;
00250         }
00251 
00252         /* Is there an immutable header region tag trailer? */
00253         dataEnd = dataStart + entry->info.offset;
00254 /*@-sizeoftype@*/
00255 /*@-bounds@*/
00256         (void) memcpy(info, dataEnd, REGION_TAG_COUNT);
00257 /*@=bounds@*/
00258         dataEnd += REGION_TAG_COUNT;
00259 
00260         xx = headerVerifyInfo(1, il * sizeof(*pe), info, &entry->info, 1);
00261         if (xx != -1 ||
00262             !(entry->info.tag == RPMTAG_HEADERSIGNATURES
00263            && entry->info.type == REGION_TAG_TYPE
00264            && entry->info.count == REGION_TAG_COUNT))
00265         {
00266             (void) snprintf(buf, sizeof(buf),
00267                 _("region trailer: BAD, tag %d type %d offset %d count %d\n"),
00268                 entry->info.tag, entry->info.type,
00269                 entry->info.offset, entry->info.count);
00270             goto exit;
00271         }
00272 /*@=sizeoftype@*/
00273 /*@-boundswrite@*/
00274         memset(info, 0, sizeof(*info));
00275 /*@=boundswrite@*/
00276 
00277         /* Is the no. of tags in the region less than the total no. of tags? */
00278         ril = entry->info.offset/sizeof(*pe);
00279         if ((entry->info.offset % sizeof(*pe)) || ril > il) {
00280             (void) snprintf(buf, sizeof(buf),
00281                 _("region size: BAD, ril(%d) > il(%d)\n"), ril, il);
00282             goto exit;
00283         }
00284     }
00285 
00286     /* Sanity check signature tags */
00287 /*@-boundswrite@*/
00288     memset(info, 0, sizeof(*info));
00289 /*@=boundswrite@*/
00290     for (i = 1; i < il; i++) {
00291         xx = headerVerifyInfo(1, dl, pe+i, &entry->info, 0);
00292         if (xx != -1) {
00293             (void) snprintf(buf, sizeof(buf),
00294                 _("sigh tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
00295                 i, entry->info.tag, entry->info.type,
00296                 entry->info.offset, entry->info.count);
00297             goto exit;
00298         }
00299     }
00300 
00301     /* OK, blob looks sane, load the header. */
00302     sigh = headerLoad(ei);
00303     if (sigh == NULL) {
00304         (void) snprintf(buf, sizeof(buf), _("sigh load: BAD\n"));
00305         goto exit;
00306     }
00307     sigh->flags |= HEADERFLAG_ALLOCATED;
00308 
00309     {   int sigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
00310         int pad = (8 - (sigSize % 8)) % 8; /* 8-byte pad */
00311         int_32 * archSize = NULL;
00312 
00313         /* Position at beginning of header. */
00314         if (pad && (xx = timedRead(fd, (char *)block, pad)) != pad) {
00315             (void) snprintf(buf, sizeof(buf),
00316                 _("sigh pad(%d): BAD, read %d bytes\n"), pad, xx);
00317             goto exit;
00318         }
00319 
00320         /* Print package component sizes. */
00321         if (headerGetEntry(sigh, RPMSIGTAG_SIZE, NULL,(void **)&archSize, NULL))
00322             rc = printSize(fd, sigSize, pad, *archSize);
00323     }
00324 
00325 exit:
00326 /*@-boundswrite@*/
00327     if (sighp && sigh && rc == RPMRC_OK)
00328         *sighp = headerLink(sigh);
00329     sigh = headerFree(sigh);
00330 
00331     if (msg != NULL) {
00332         buf[sizeof(buf)-1] = '\0';
00333         *msg = xstrdup(buf);
00334     }
00335 /*@=boundswrite@*/
00336 
00337     return rc;
00338 }
00339 
00340 int rpmWriteSignature(FD_t fd, Header h)
00341 {
00342     static byte buf[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
00343     int sigSize, pad;
00344     int rc;
00345 
00346     rc = headerWrite(fd, h, HEADER_MAGIC_YES);
00347     if (rc)
00348         return rc;
00349 
00350     sigSize = headerSizeof(h, HEADER_MAGIC_YES);
00351     pad = (8 - (sigSize % 8)) % 8;
00352     if (pad) {
00353 /*@-boundswrite@*/
00354         if (Fwrite(buf, sizeof(buf[0]), pad, fd) != pad)
00355             rc = 1;
00356 /*@=boundswrite@*/
00357     }
00358     rpmMessage(RPMMESS_DEBUG, _("Signature: size(%d)+pad(%d)\n"), sigSize, pad);
00359     return rc;
00360 }
00361 
00362 Header rpmNewSignature(void)
00363 {
00364     Header h = headerNew();
00365     return h;
00366 }
00367 
00368 Header rpmFreeSignature(Header h)
00369 {
00370     return headerFree(h);
00371 }
00372 
00381 static int makePGPSignature(const char * file, /*@out@*/ byte ** pkt,
00382                 /*@out@*/ int_32 * pktlen, /*@null@*/ const char * passPhrase)
00383         /*@globals errno, rpmGlobalMacroContext, h_errno,
00384                 fileSystem, internalState @*/
00385         /*@modifies errno, *pkt, *pktlen, rpmGlobalMacroContext,
00386                 fileSystem, internalState @*/
00387 {
00388     char * sigfile = alloca(1024);
00389     int pid, status;
00390     int inpipe[2];
00391     struct stat st;
00392     const char * cmd;
00393     char *const *av;
00394     int rc;
00395 
00396 /*@-boundswrite@*/
00397     (void) stpcpy( stpcpy(sigfile, file), ".sig");
00398 /*@=boundswrite@*/
00399 
00400     addMacro(NULL, "__plaintext_filename", NULL, file, -1);
00401     addMacro(NULL, "__signature_filename", NULL, sigfile, -1);
00402 
00403     inpipe[0] = inpipe[1] = 0;
00404 /*@-boundsread@*/
00405     (void) pipe(inpipe);
00406 /*@=boundsread@*/
00407 
00408     if (!(pid = fork())) {
00409         const char *pgp_path = rpmExpand("%{?_pgp_path}", NULL);
00410         const char *path;
00411         pgpVersion pgpVer;
00412 
00413         (void) close(STDIN_FILENO);
00414         (void) dup2(inpipe[0], 3);
00415         (void) close(inpipe[1]);
00416 
00417         (void) dosetenv("PGPPASSFD", "3", 1);
00418 /*@-boundsread@*/
00419         if (pgp_path && *pgp_path != '\0')
00420             (void) dosetenv("PGPPATH", pgp_path, 1);
00421 /*@=boundsread@*/
00422 
00423         /* dosetenv("PGPPASS", passPhrase, 1); */
00424 
00425         unsetenv("MALLOC_CHECK_");
00426 #if defined(__GLIBC__)
00427 
00431         {
00432            char* bypassVar = (char*) malloc(1024*sizeof(char));
00433            if (bypassVar != NULL)
00434            {
00435               snprintf(bypassVar,1024*sizeof(char), "__PASSTHROUGH_LD_ASSUME_KERNEL_%d", getppid());
00436               bypassVar[1023] = '\0';
00437               if (getenv(bypassVar) != NULL)
00438               {
00439                  char* bypassVal = (char*) malloc(1024*sizeof(char));
00440                  if (bypassVal != NULL)
00441                  {
00442                     rpmMessage(RPMMESS_DEBUG, _("Restoring LD_ASSUME_KERNEL for child scripts.\n"));
00443                     snprintf(bypassVal, 1024*sizeof(char), "%s", getenv(bypassVar));
00444                     unsetenv(bypassVar);
00445                     snprintf(bypassVar, 1024*sizeof(char), "LD_ASSUME_KERNEL=%s", bypassVal);
00446                     bypassVar[1023] = '\0';
00447                     putenv(bypassVar);
00448                     free(bypassVal);
00449                  }
00450                  else
00451                  {
00452                     free(bypassVar);
00453                  }
00454               }
00455            }
00456         }
00457 #endif
00458         if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
00459             switch(pgpVer) {
00460             case PGP_2:
00461                 cmd = rpmExpand("%{?__pgp_sign_cmd}", NULL);
00462                 rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
00463 /*@-boundsread@*/
00464                 if (!rc)
00465                     rc = execve(av[0], av+1, environ);
00466 /*@=boundsread@*/
00467                 break;
00468             case PGP_5:
00469                 cmd = rpmExpand("%{?__pgp5_sign_cmd}", NULL);
00470                 rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
00471 /*@-boundsread@*/
00472                 if (!rc)
00473                     rc = execve(av[0], av+1, environ);
00474 /*@=boundsread@*/
00475                 break;
00476             case PGP_UNKNOWN:
00477             case PGP_NOTDETECTED:
00478                 errno = ENOENT;
00479                 break;
00480             }
00481         }
00482         rpmError(RPMERR_EXEC, _("Could not exec %s: %s\n"), "pgp",
00483                         strerror(errno));
00484         _exit(RPMERR_EXEC);
00485     }
00486 
00487     delMacro(NULL, "__plaintext_filename");
00488     delMacro(NULL, "__signature_filename");
00489 
00490     (void) close(inpipe[0]);
00491     if (passPhrase)
00492         (void) write(inpipe[1], passPhrase, strlen(passPhrase));
00493     (void) write(inpipe[1], "\n", 1);
00494     (void) close(inpipe[1]);
00495 
00496     (void)waitpid(pid, &status, 0);
00497     if (!WIFEXITED(status) || WEXITSTATUS(status)) {
00498         rpmError(RPMERR_SIGGEN, _("pgp failed\n"));
00499         return 1;
00500     }
00501 
00502     if (stat(sigfile, &st)) {
00503         /* PGP failed to write signature */
00504         if (sigfile) (void) unlink(sigfile);  /* Just in case */
00505         rpmError(RPMERR_SIGGEN, _("pgp failed to write signature\n"));
00506         return 1;
00507     }
00508 
00509 /*@-boundswrite@*/
00510     *pktlen = st.st_size;
00511     rpmMessage(RPMMESS_DEBUG, _("PGP sig size: %d\n"), *pktlen);
00512     *pkt = xmalloc(*pktlen);
00513 /*@=boundswrite@*/
00514 
00515 /*@-boundsread@*/
00516     {   FD_t fd;
00517 
00518         rc = 0;
00519         fd = Fopen(sigfile, "r.fdio");
00520         if (fd != NULL && !Ferror(fd)) {
00521             rc = timedRead(fd, *pkt, *pktlen);
00522             if (sigfile) (void) unlink(sigfile);
00523             (void) Fclose(fd);
00524         }
00525         if (rc != *pktlen) {
00526 /*@-boundswrite@*/
00527             *pkt = _free(*pkt);
00528 /*@=boundswrite@*/
00529             rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
00530             return 1;
00531         }
00532     }
00533 
00534     rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of PGP sig\n"), *pktlen);
00535 /*@=boundsread@*/
00536 
00537     return 0;
00538 }
00539 
00548 static int makeGPGSignature(const char * file, /*@out@*/ byte ** pkt,
00549                 /*@out@*/ int_32 * pktlen, /*@null@*/ const char * passPhrase)
00550         /*@globals rpmGlobalMacroContext, h_errno,
00551                 fileSystem, internalState @*/
00552         /*@modifies *pkt, *pktlen, rpmGlobalMacroContext,
00553                 fileSystem, internalState @*/
00554 {
00555     char * sigfile = alloca(1024);
00556     int pid, status;
00557     int inpipe[2];
00558     FILE * fpipe;
00559     struct stat st;
00560     const char * cmd;
00561     char *const *av;
00562     int rc;
00563 
00564 /*@-boundswrite@*/
00565     (void) stpcpy( stpcpy(sigfile, file), ".sig");
00566 /*@=boundswrite@*/
00567 
00568     addMacro(NULL, "__plaintext_filename", NULL, file, -1);
00569     addMacro(NULL, "__signature_filename", NULL, sigfile, -1);
00570 
00571     inpipe[0] = inpipe[1] = 0;
00572 /*@-boundsread@*/
00573     (void) pipe(inpipe);
00574 /*@=boundsread@*/
00575 
00576     if (!(pid = fork())) {
00577         const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
00578 
00579         (void) close(STDIN_FILENO);
00580         (void) dup2(inpipe[0], 3);
00581         (void) close(inpipe[1]);
00582 
00583 /*@-boundsread@*/
00584         if (gpg_path && *gpg_path != '\0')
00585             (void) dosetenv("GNUPGHOME", gpg_path, 1);
00586 /*@=boundsread@*/
00587 
00588         unsetenv("MALLOC_CHECK_");
00589 
00590 #if defined(__GLIBC__)
00591 
00595         {
00596            char* bypassVar = (char*) malloc(1024*sizeof(char));
00597            if (bypassVar != NULL)
00598            {
00599               snprintf(bypassVar,1024*sizeof(char), "__PASSTHROUGH_LD_ASSUME_KERNEL_%d", getppid());
00600               bypassVar[1023] = '\0';
00601               if (getenv(bypassVar) != NULL)
00602               {
00603                  char* bypassVal = (char*) malloc(1024*sizeof(char));
00604                  if (bypassVal != NULL)
00605                  {
00606                     rpmMessage(RPMMESS_DEBUG, _("Restoring LD_ASSUME_KERNEL for child scripts.\n"));
00607                     snprintf(bypassVal, 1024*sizeof(char), "%s", getenv(bypassVar));
00608                     unsetenv(bypassVar);
00609                     snprintf(bypassVar, 1024*sizeof(char), "LD_ASSUME_KERNEL=%s", bypassVal);
00610                     bypassVar[1023] = '\0';
00611                     putenv(bypassVar);
00612                     free(bypassVal);
00613                  }
00614                  else
00615                  {
00616                     free(bypassVar);
00617                  }
00618               }
00619            }
00620         }
00621 #endif
00622         cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
00623         rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
00624 /*@-boundsread@*/
00625         if (!rc)
00626             rc = execve(av[0], av+1, environ);
00627 /*@=boundsread@*/
00628 
00629         rpmError(RPMERR_EXEC, _("Could not exec %s: %s\n"), "gpg",
00630                         strerror(errno));
00631         _exit(RPMERR_EXEC);
00632     }
00633 
00634     delMacro(NULL, "__plaintext_filename");
00635     delMacro(NULL, "__signature_filename");
00636 
00637     fpipe = fdopen(inpipe[1], "w");
00638     (void) close(inpipe[0]);
00639     if (fpipe) {
00640         fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : ""));
00641         (void) fclose(fpipe);
00642     }
00643 
00644     (void) waitpid(pid, &status, 0);
00645     if (!WIFEXITED(status) || WEXITSTATUS(status)) {
00646         rpmError(RPMERR_SIGGEN, _("gpg failed\n"));
00647         return 1;
00648     }
00649 
00650     if (stat(sigfile, &st)) {
00651         /* GPG failed to write signature */
00652         if (sigfile) (void) unlink(sigfile);  /* Just in case */
00653         rpmError(RPMERR_SIGGEN, _("gpg failed to write signature\n"));
00654         return 1;
00655     }
00656 
00657 /*@-boundswrite@*/
00658     *pktlen = st.st_size;
00659     rpmMessage(RPMMESS_DEBUG, _("GPG sig size: %d\n"), *pktlen);
00660     *pkt = xmalloc(*pktlen);
00661 /*@=boundswrite@*/
00662 
00663 /*@-boundsread@*/
00664     {   FD_t fd;
00665 
00666         rc = 0;
00667         fd = Fopen(sigfile, "r.fdio");
00668         if (fd != NULL && !Ferror(fd)) {
00669             rc = timedRead(fd, *pkt, *pktlen);
00670             if (sigfile) (void) unlink(sigfile);
00671             (void) Fclose(fd);
00672         }
00673         if (rc != *pktlen) {
00674 /*@-boundswrite@*/
00675             *pkt = _free(*pkt);
00676 /*@=boundswrite@*/
00677             rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
00678             return 1;
00679         }
00680     }
00681 
00682     rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of GPG sig\n"), *pktlen);
00683 /*@=boundsread@*/
00684 
00685     return 0;
00686 }
00687 
00696 static int makeHDRSignature(Header sig, const char * file, int_32 sigTag,
00697                 /*@null@*/ const char * passPhrase)
00698         /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
00699         /*@modifies sig, rpmGlobalMacroContext, fileSystem, internalState @*/
00700 {
00701     Header h = NULL;
00702     FD_t fd = NULL;
00703     byte * pkt;
00704     int_32 pktlen;
00705     const char * fn = NULL;
00706     const char * SHA1 = NULL;
00707     int ret = -1;       /* assume failure. */
00708 
00709     switch (sigTag) {
00710     case RPMSIGTAG_SIZE:
00711     case RPMSIGTAG_MD5:
00712     case RPMSIGTAG_PGP5:        /* XXX legacy */
00713     case RPMSIGTAG_PGP:
00714     case RPMSIGTAG_GPG:
00715         goto exit;
00716         /*@notreached@*/ break;
00717     case RPMSIGTAG_SHA1:
00718         fd = Fopen(file, "r.fdio");
00719         if (fd == NULL || Ferror(fd))
00720             goto exit;
00721         h = headerRead(fd, HEADER_MAGIC_YES);
00722         if (h == NULL)
00723             goto exit;
00724         (void) Fclose(fd);      fd = NULL;
00725 
00726         if (headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) {
00727             DIGEST_CTX ctx;
00728             void * uh;
00729             int_32 uht, uhc;
00730         
00731             if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc)
00732              ||  uh == NULL)
00733             {
00734                 h = headerFree(h);
00735                 goto exit;
00736             }
00737             ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
00738             (void) rpmDigestUpdate(ctx, header_magic, sizeof(header_magic));
00739             (void) rpmDigestUpdate(ctx, uh, uhc);
00740             (void) rpmDigestFinal(ctx, (void **)&SHA1, NULL, 1);
00741             uh = headerFreeData(uh, uht);
00742         }
00743         h = headerFree(h);
00744 
00745         if (SHA1 == NULL)
00746             goto exit;
00747         if (!headerAddEntry(sig, RPMSIGTAG_SHA1, RPM_STRING_TYPE, SHA1, 1))
00748             goto exit;
00749         ret = 0;
00750         break;
00751     case RPMSIGTAG_DSA:
00752         fd = Fopen(file, "r.fdio");
00753         if (fd == NULL || Ferror(fd))
00754             goto exit;
00755         h = headerRead(fd, HEADER_MAGIC_YES);
00756         if (h == NULL)
00757             goto exit;
00758         (void) Fclose(fd);      fd = NULL;
00759         if (makeTempFile(NULL, &fn, &fd))
00760             goto exit;
00761         if (headerWrite(fd, h, HEADER_MAGIC_YES))
00762             goto exit;
00763         (void) Fclose(fd);      fd = NULL;
00764         if (makeGPGSignature(fn, &pkt, &pktlen, passPhrase)
00765          || !headerAddEntry(sig, sigTag, RPM_BIN_TYPE, pkt, pktlen))
00766             goto exit;
00767         ret = 0;
00768         break;
00769     case RPMSIGTAG_RSA:
00770         fd = Fopen(file, "r.fdio");
00771         if (fd == NULL || Ferror(fd))
00772             goto exit;
00773         h = headerRead(fd, HEADER_MAGIC_YES);
00774         if (h == NULL)
00775             goto exit;
00776         (void) Fclose(fd);      fd = NULL;
00777         if (makeTempFile(NULL, &fn, &fd))
00778             goto exit;
00779         if (headerWrite(fd, h, HEADER_MAGIC_YES))
00780             goto exit;
00781         (void) Fclose(fd);      fd = NULL;
00782         if (makePGPSignature(fn, &pkt, &pktlen, passPhrase)
00783          || !headerAddEntry(sig, sigTag, RPM_BIN_TYPE, pkt, pktlen))
00784             goto exit;
00785         ret = 0;
00786         break;
00787     }
00788 
00789 exit:
00790     if (fn) {
00791         (void) unlink(fn);
00792         fn = _free(fn);
00793     }
00794     SHA1 = _free(SHA1);
00795     h = headerFree(h);
00796     if (fd != NULL) (void) Fclose(fd);
00797     return ret;
00798 }
00799 
00800 int rpmAddSignature(Header sig, const char * file, int_32 sigTag,
00801                 const char * passPhrase)
00802 {
00803     struct stat st;
00804     byte * pkt;
00805     int_32 pktlen;
00806     int ret = -1;       /* assume failure. */
00807 
00808     switch (sigTag) {
00809     case RPMSIGTAG_SIZE:
00810         if (stat(file, &st) != 0)
00811             break;
00812         pktlen = st.st_size;
00813         if (!headerAddEntry(sig, sigTag, RPM_INT32_TYPE, &pktlen, 1))
00814             break;
00815         ret = 0;
00816         break;
00817     case RPMSIGTAG_MD5:
00818         pktlen = 16;
00819         pkt = memset(alloca(pktlen), 0, pktlen);
00820         if (domd5(file, pkt, 0, NULL)
00821          || !headerAddEntry(sig, sigTag, RPM_BIN_TYPE, pkt, pktlen))
00822             break;
00823         ret = 0;
00824         break;
00825     case RPMSIGTAG_PGP5:        /* XXX legacy */
00826     case RPMSIGTAG_PGP:
00827         if (makePGPSignature(file, &pkt, &pktlen, passPhrase)
00828          || !headerAddEntry(sig, sigTag, RPM_BIN_TYPE, pkt, pktlen))
00829             break;
00830 #ifdef  NOTYET  /* XXX needs hdrmd5ctx, like hdrsha1ctx. */
00831         /* XXX Piggyback a header-only RSA signature as well. */
00832         ret = makeHDRSignature(sig, file, RPMSIGTAG_RSA, passPhrase);
00833 #endif
00834         ret = 0;
00835         break;
00836     case RPMSIGTAG_GPG:
00837         if (makeGPGSignature(file, &pkt, &pktlen, passPhrase)
00838          || !headerAddEntry(sig, sigTag, RPM_BIN_TYPE, pkt, pktlen))
00839             break;
00840         /* XXX Piggyback a header-only DSA signature as well. */
00841         ret = makeHDRSignature(sig, file, RPMSIGTAG_DSA, passPhrase);
00842         break;
00843     case RPMSIGTAG_RSA:
00844     case RPMSIGTAG_DSA:
00845     case RPMSIGTAG_SHA1:
00846         ret = makeHDRSignature(sig, file, sigTag, passPhrase);
00847         break;
00848     }
00849 
00850     return ret;
00851 }
00852 
00853 static int checkPassPhrase(const char * passPhrase, const int sigTag)
00854         /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
00855         /*@modifies rpmGlobalMacroContext, fileSystem, internalState @*/
00856 {
00857     int passPhrasePipe[2];
00858     int pid, status;
00859     int rc;
00860     int xx;
00861 
00862     passPhrasePipe[0] = passPhrasePipe[1] = 0;
00863 /*@-boundsread@*/
00864     xx = pipe(passPhrasePipe);
00865 /*@=boundsread@*/
00866     if (!(pid = fork())) {
00867         const char * cmd;
00868         char *const *av;
00869         int fdno;
00870 
00871         xx = close(STDIN_FILENO);
00872         xx = close(STDOUT_FILENO);
00873         xx = close(passPhrasePipe[1]);
00874         if (! rpmIsVerbose())
00875             xx = close(STDERR_FILENO);
00876         if ((fdno = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
00877             xx = dup2(fdno, STDIN_FILENO);
00878             xx = close(fdno);
00879         }
00880         if ((fdno = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
00881             xx = dup2(fdno, STDOUT_FILENO);
00882             xx = close(fdno);
00883         }
00884         xx = dup2(passPhrasePipe[0], 3);
00885 
00886         unsetenv("MALLOC_CHECK_");
00887 #if defined(__GLIBC__)
00888 
00892         {
00893            char* bypassVar = (char*) malloc(1024*sizeof(char));
00894            if (bypassVar != NULL)
00895            {
00896               snprintf(bypassVar,1024*sizeof(char), "__PASSTHROUGH_LD_ASSUME_KERNEL_%d", getppid());
00897               bypassVar[1023] = '\0';
00898               if (getenv(bypassVar) != NULL)
00899               {
00900                  char* bypassVal = (char*) malloc(1024*sizeof(char));
00901                  if (bypassVal != NULL)
00902                  {
00903                     rpmMessage(RPMMESS_DEBUG, _("Restoring LD_ASSUME_KERNEL for child scripts.\n"));
00904                     snprintf(bypassVal, 1024*sizeof(char), "%s", getenv(bypassVar));
00905                     unsetenv(bypassVar);
00906                     snprintf(bypassVar, 1024*sizeof(char), "LD_ASSUME_KERNEL=%s", bypassVal);
00907                     bypassVar[1023] = '\0';
00908                     putenv(bypassVar);
00909                     free(bypassVal);
00910                  }
00911                  else
00912                  {
00913                     free(bypassVar);
00914                  }
00915               }
00916            }
00917         }
00918 #endif
00919         switch (sigTag) {
00920         case RPMSIGTAG_DSA:
00921         case RPMSIGTAG_GPG:
00922         {   const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
00923 
00924 /*@-boundsread@*/
00925             if (gpg_path && *gpg_path != '\0')
00926                 (void) dosetenv("GNUPGHOME", gpg_path, 1);
00927 /*@=boundsread@*/
00928 
00929             cmd = rpmExpand("%{?__gpg_check_password_cmd}", NULL);
00930             rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
00931 /*@-boundsread@*/
00932             if (!rc)
00933                 rc = execve(av[0], av+1, environ);
00934 /*@=boundsread@*/
00935 
00936             rpmError(RPMERR_EXEC, _("Could not exec %s: %s\n"), "gpg",
00937                         strerror(errno));
00938         }   /*@notreached@*/ break;
00939         case RPMSIGTAG_RSA:
00940         case RPMSIGTAG_PGP5:    /* XXX legacy */
00941         case RPMSIGTAG_PGP:
00942         {   const char *pgp_path = rpmExpand("%{?_pgp_path}", NULL);
00943             const char *path;
00944             pgpVersion pgpVer;
00945 
00946             (void) dosetenv("PGPPASSFD", "3", 1);
00947 /*@-boundsread@*/
00948             if (pgp_path && *pgp_path != '\0')
00949                 xx = dosetenv("PGPPATH", pgp_path, 1);
00950 /*@=boundsread@*/
00951 
00952             if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
00953                 switch(pgpVer) {
00954                 case PGP_2:
00955                     cmd = rpmExpand("%{?__pgp_check_password_cmd}", NULL);
00956                     rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
00957 /*@-boundsread@*/
00958                     if (!rc)
00959                         rc = execve(av[0], av+1, environ);
00960 /*@=boundsread@*/
00961                     /*@innerbreak@*/ break;
00962                 case PGP_5:     /* XXX legacy */
00963                     cmd = rpmExpand("%{?__pgp5_check_password_cmd}", NULL);
00964                     rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
00965 /*@-boundsread@*/
00966                     if (!rc)
00967                         rc = execve(av[0], av+1, environ);
00968 /*@=boundsread@*/
00969                     /*@innerbreak@*/ break;
00970                 case PGP_UNKNOWN:
00971                 case PGP_NOTDETECTED:
00972                     /*@innerbreak@*/ break;
00973                 }
00974             }
00975             rpmError(RPMERR_EXEC, _("Could not exec %s: %s\n"), "pgp",
00976                         strerror(errno));
00977             _exit(RPMERR_EXEC);
00978         }   /*@notreached@*/ break;
00979         default: /* This case should have been screened out long ago. */
00980             rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
00981             _exit(RPMERR_SIGGEN);
00982             /*@notreached@*/ break;
00983         }
00984     }
00985 
00986     xx = close(passPhrasePipe[0]);
00987     xx = write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
00988     xx = write(passPhrasePipe[1], "\n", 1);
00989     xx = close(passPhrasePipe[1]);
00990 
00991     (void) waitpid(pid, &status, 0);
00992 
00993     return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
00994 }
00995 
00996 char * rpmGetPassPhrase(const char * prompt, const int sigTag)
00997 {
00998     char *pass;
00999     int aok;
01000 
01001     switch (sigTag) {
01002     case RPMSIGTAG_DSA:
01003     case RPMSIGTAG_GPG:
01004 /*@-boundsread@*/
01005       { const char *name = rpmExpand("%{?_gpg_name}", NULL);
01006         aok = (name && *name != '\0');
01007         name = _free(name);
01008       }
01009 /*@=boundsread@*/
01010         if (!aok) {
01011             rpmError(RPMERR_SIGGEN,
01012                 _("You must set \"%%_gpg_name\" in your macro file\n"));
01013             return NULL;
01014         }
01015         break;
01016     case RPMSIGTAG_RSA:
01017     case RPMSIGTAG_PGP5:        /* XXX legacy */
01018     case RPMSIGTAG_PGP:
01019 /*@-boundsread@*/
01020       { const char *name = rpmExpand("%{?_pgp_name}", NULL);
01021         aok = (name && *name != '\0');
01022         name = _free(name);
01023       }
01024 /*@=boundsread@*/
01025         if (!aok) {
01026             rpmError(RPMERR_SIGGEN,
01027                 _("You must set \"%%_pgp_name\" in your macro file\n"));
01028             return NULL;
01029         }
01030         break;
01031     default:
01032         /* Currently the calling function (rpm.c:main) is checking this and
01033          * doing a better job.  This section should never be accessed.
01034          */
01035         rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
01036         return NULL;
01037         /*@notreached@*/ break;
01038     }
01039 
01040 /*@-moduncon -nullpass @*/
01041     pass = /*@-unrecog@*/ getpass( (prompt ? prompt : "") ) /*@=unrecog@*/ ;
01042 /*@=moduncon -nullpass @*/
01043 
01044     if (checkPassPhrase(pass, sigTag))
01045         return NULL;
01046 
01047     return pass;
01048 }
01049 
01050 static /*@observer@*/ const char * rpmSigString(rpmRC res)
01051         /*@*/
01052 {
01053     const char * str;
01054     switch (res) {
01055     case RPMRC_OK:              str = "OK";             break;
01056     case RPMRC_FAIL:            str = "BAD";            break;
01057     case RPMRC_NOKEY:           str = "NOKEY";          break;
01058     case RPMRC_NOTTRUSTED:      str = "NOTRUSTED";      break;
01059     default:
01060     case RPMRC_NOTFOUND:        str = "UNKNOWN";        break;
01061     }
01062     return str;
01063 }
01064 
01065 /*@-boundswrite@*/
01066 static rpmRC
01067 verifySizeSignature(const rpmts ts, /*@out@*/ char * t)
01068         /*@modifies *t @*/
01069 {
01070     const void * sig = rpmtsSig(ts);
01071     pgpDig dig = rpmtsDig(ts);
01072     rpmRC res;
01073     int_32 size = 0x7fffffff;
01074 
01075     *t = '\0';
01076     t = stpcpy(t, _("Header+Payload size: "));
01077 
01078     if (sig == NULL || dig == NULL || dig->nbytes == 0) {
01079         res = RPMRC_NOKEY;
01080         t = stpcpy(t, rpmSigString(res));
01081         goto exit;
01082     }
01083 
01084     memcpy(&size, sig, sizeof(size));
01085 
01086     if (size != dig->nbytes) {
01087         res = RPMRC_FAIL;
01088         t = stpcpy(t, rpmSigString(res));
01089         sprintf(t, " Expected(%d) != (%d)\n", (int)size, (int)dig->nbytes);
01090     } else {
01091         res = RPMRC_OK;
01092         t = stpcpy(t, rpmSigString(res));
01093         sprintf(t, " (%d)", (int)dig->nbytes);
01094     }
01095 
01096 exit:
01097     t = stpcpy(t, "\n");
01098     return res;
01099 }
01100 /*@=boundswrite@*/
01101 
01102 /*@-boundswrite@*/
01103 static rpmRC
01104 verifyMD5Signature(const rpmts ts, /*@out@*/ char * t,
01105                 /*@null@*/ DIGEST_CTX md5ctx)
01106         /*@globals internalState @*/
01107         /*@modifies *t, internalState @*/
01108 {
01109     const void * sig = rpmtsSig(ts);
01110     int_32 siglen = rpmtsSiglen(ts);
01111     pgpDig dig = rpmtsDig(ts);
01112     rpmRC res;
01113     byte * md5sum = NULL;
01114     size_t md5len = 0;
01115 
01116     *t = '\0';
01117     t = stpcpy(t, _("MD5 digest: "));
01118 
01119     if (md5ctx == NULL || sig == NULL || dig == NULL) {
01120         res = RPMRC_NOKEY;
01121         t = stpcpy(t, rpmSigString(res));
01122         goto exit;
01123     }
01124 
01125     (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
01126     (void) rpmDigestFinal(rpmDigestDup(md5ctx),
01127                 (void **)&md5sum, &md5len, 0);
01128     (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
01129 
01130     if (md5len != siglen || memcmp(md5sum, sig, md5len)) {
01131         res = RPMRC_FAIL;
01132         t = stpcpy(t, rpmSigString(res));
01133         t = stpcpy(t, " Expected(");
01134         (void) pgpHexCvt(t, sig, siglen);
01135         t += strlen(t);
01136         t = stpcpy(t, ") != (");
01137     } else {
01138         res = RPMRC_OK;
01139         t = stpcpy(t, rpmSigString(res));
01140         t = stpcpy(t, " (");
01141     }
01142     (void) pgpHexCvt(t, md5sum, md5len);
01143     t += strlen(t);
01144     t = stpcpy(t, ")");
01145 
01146 exit:
01147     md5sum = _free(md5sum);
01148     t = stpcpy(t, "\n");
01149     return res;
01150 }
01151 /*@=boundswrite@*/
01152 
01153 /*@-boundswrite@*/
01161 static rpmRC
01162 verifySHA1Signature(const rpmts ts, /*@out@*/ char * t,
01163                 /*@null@*/ DIGEST_CTX sha1ctx)
01164         /*@globals internalState @*/
01165         /*@modifies *t, internalState @*/
01166 {
01167     const void * sig = rpmtsSig(ts);
01168 #ifdef  NOTYET
01169     int_32 siglen = rpmtsSiglen(ts);
01170 #endif
01171     pgpDig dig = rpmtsDig(ts);
01172     rpmRC res;
01173     const char * SHA1 = NULL;
01174 
01175     *t = '\0';
01176     t = stpcpy(t, _("Header SHA1 digest: "));
01177 
01178     if (sha1ctx == NULL || sig == NULL || dig == NULL) {
01179         res = RPMRC_NOKEY;
01180         t = stpcpy(t, rpmSigString(res));
01181         goto exit;
01182     }
01183 
01184     (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
01185     (void) rpmDigestFinal(rpmDigestDup(sha1ctx),
01186                 (void **)&SHA1, NULL, 1);
01187     (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
01188 
01189     if (SHA1 == NULL || strlen(SHA1) != strlen(sig) || strcmp(SHA1, sig)) {
01190         res = RPMRC_FAIL;
01191         t = stpcpy(t, rpmSigString(res));
01192         t = stpcpy(t, " Expected(");
01193         t = stpcpy(t, sig);
01194         t = stpcpy(t, ") != (");
01195     } else {
01196         res = RPMRC_OK;
01197         t = stpcpy(t, rpmSigString(res));
01198         t = stpcpy(t, " (");
01199     }
01200     if (SHA1)
01201         t = stpcpy(t, SHA1);
01202     t = stpcpy(t, ")");
01203 
01204 exit:
01205     SHA1 = _free(SHA1);
01206     t = stpcpy(t, "\n");
01207     return res;
01208 }
01209 /*@=boundswrite@*/
01210 
01216 static inline unsigned char nibble(char c)
01217         /*@*/
01218 {
01219     if (c >= '0' && c <= '9')
01220         return (c - '0');
01221     if (c >= 'A' && c <= 'F')
01222         return (c - 'A') + 10;
01223     if (c >= 'a' && c <= 'f')
01224         return (c - 'a') + 10;
01225     return 0;
01226 }
01227 
01228 /*@-boundswrite@*/
01236 static rpmRC
01237 verifyPGPSignature(rpmts ts, /*@out@*/ char * t,
01238                 /*@null@*/ DIGEST_CTX md5ctx)
01239         /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
01240         /*@modifies ts, *t, rpmGlobalMacroContext, fileSystem, internalState */
01241 {
01242     const void * sig = rpmtsSig(ts);
01243 #ifdef  NOTYET
01244     int_32 siglen = rpmtsSiglen(ts);
01245 #endif
01246     int_32 sigtag = rpmtsSigtag(ts);
01247     pgpDig dig = rpmtsDig(ts);
01248     pgpDigParams sigp = rpmtsSignature(ts);
01249     rpmRC res;
01250     int xx;
01251 
01252     *t = '\0';
01253     t = stpcpy(t, _("V3 RSA/MD5 signature: "));
01254 
01255     if (md5ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
01256         res = RPMRC_NOKEY;
01257         goto exit;
01258     }
01259 
01260     /* XXX sanity check on sigtag and signature agreement. */
01261     if (!(sigtag == RPMSIGTAG_PGP
01262         && sigp->pubkey_algo == PGPPUBKEYALGO_RSA
01263         && sigp->hash_algo == PGPHASHALGO_MD5))
01264     {
01265         res = RPMRC_NOKEY;
01266         goto exit;
01267     }
01268 
01269     (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
01270     {   DIGEST_CTX ctx = rpmDigestDup(md5ctx);
01271         byte signhash16[2];
01272         const char * s;
01273 
01274         if (sigp->hash != NULL)
01275             xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
01276 
01277 #ifdef  NOTYET  /* XXX not for binary/text document signatures. */
01278         if (sigp->sigtype == 4) {
01279             int nb = dig->nbytes + sigp->hashlen;
01280             byte trailer[6];
01281             nb = htonl(nb);
01282             trailer[0] = 0x4;
01283             trailer[1] = 0xff;
01284             memcpy(trailer+2, &nb, sizeof(nb));
01285             xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
01286         }
01287 #endif
01288 
01289         xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 1);
01290         (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);
01291 
01292         /* Compare leading 16 bits of digest for quick check. */
01293         s = dig->md5;
01294         signhash16[0] = (nibble(s[0]) << 4) | nibble(s[1]);
01295         signhash16[1] = (nibble(s[2]) << 4) | nibble(s[3]);
01296         if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) {
01297             res = RPMRC_FAIL;
01298             goto exit;
01299         }
01300 
01301     }
01302 
01303     {   const char * prefix = "3020300c06082a864886f70d020505000410";
01304         unsigned int nbits = 1024;
01305         unsigned int nb = (nbits + 7) >> 3;
01306         const char * hexstr;
01307         char * tt;
01308 
01309         hexstr = tt = xmalloc(2 * nb + 1);
01310         memset(tt, 'f', (2 * nb));
01311         tt[0] = '0'; tt[1] = '0';
01312         tt[2] = '0'; tt[3] = '1';
01313         tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2;
01314         *tt++ = '0'; *tt++ = '0';
01315         tt = stpcpy(tt, prefix);
01316         tt = stpcpy(tt, dig->md5);
01317 
01318         mpnzero(&dig->rsahm);   mpnsethex(&dig->rsahm, hexstr);
01319 
01320         hexstr = _free(hexstr);
01321 
01322     }
01323 
01324     /* Retrieve the matching public key. */
01325     res = rpmtsFindPubkey(ts);
01326     if (res != RPMRC_OK)
01327         goto exit;
01328 
01329     (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
01330 #if HAVE_BEECRYPT_API_H
01331     xx = rsavrfy(&dig->rsa_pk.n, &dig->rsa_pk.e, &dig->rsahm, &dig->c);
01332 #else
01333     xx = rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c);
01334 #endif
01335     if (xx)
01336         res = RPMRC_OK;
01337     else
01338         res = RPMRC_FAIL;
01339     (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
01340 
01341 exit:
01342     t = stpcpy(t, rpmSigString(res));
01343     if (sigp != NULL) {
01344         t = stpcpy(t, ", key ID ");
01345         (void) pgpHexCvt(t, sigp->signid+4, sizeof(sigp->signid)-4);
01346         t += strlen(t);
01347     }
01348     t = stpcpy(t, "\n");
01349     return res;
01350 }
01351 /*@=boundswrite@*/
01352 
01360 /*@-boundswrite@*/
01361 static rpmRC
01362 verifyGPGSignature(rpmts ts, /*@out@*/ char * t,
01363                 /*@null@*/ DIGEST_CTX sha1ctx)
01364         /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
01365         /*@modifies ts, *t, rpmGlobalMacroContext, fileSystem, internalState */
01366 {
01367     const void * sig = rpmtsSig(ts);
01368 #ifdef  NOTYET
01369     int_32 siglen = rpmtsSiglen(ts);
01370 #endif
01371     int_32 sigtag = rpmtsSigtag(ts);
01372     pgpDig dig = rpmtsDig(ts);
01373     pgpDigParams sigp = rpmtsSignature(ts);
01374     rpmRC res;
01375     int xx;
01376 
01377     *t = '\0';
01378     if (dig != NULL && dig->hdrsha1ctx == sha1ctx)
01379         t = stpcpy(t, _("Header "));
01380     t = stpcpy(t, _("V3 DSA signature: "));
01381 
01382     if (sha1ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
01383         res = RPMRC_NOKEY;
01384         goto exit;
01385     }
01386 
01387     /* XXX sanity check on sigtag and signature agreement. */
01388     if (!((sigtag == RPMSIGTAG_GPG || sigtag == RPMSIGTAG_DSA)
01389         && sigp->pubkey_algo == PGPPUBKEYALGO_DSA
01390         && sigp->hash_algo == PGPHASHALGO_SHA1))
01391     {
01392         res = RPMRC_NOKEY;
01393         goto exit;
01394     }
01395 
01396     (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
01397     {   DIGEST_CTX ctx = rpmDigestDup(sha1ctx);
01398         byte signhash16[2];
01399 
01400         if (sigp->hash != NULL)
01401             xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
01402 
01403 #ifdef  NOTYET  /* XXX not for binary/text document signatures. */
01404         if (sigp->sigtype == 4) {
01405             int nb = dig->nbytes + sigp->hashlen;
01406             byte trailer[6];
01407             nb = htonl(nb);
01408             trailer[0] = 0x4;
01409             trailer[1] = 0xff;
01410             memcpy(trailer+2, &nb, sizeof(nb));
01411             xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
01412         }
01413 #endif
01414         xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1);
01415         (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);
01416 
01417         mpnzero(&dig->hm);      mpnsethex(&dig->hm, dig->sha1);
01418 
01419         /* Compare leading 16 bits of digest for quick check. */
01420         signhash16[0] = (*dig->hm.data >> 24) & 0xff;
01421         signhash16[1] = (*dig->hm.data >> 16) & 0xff;
01422         if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) {
01423             res = RPMRC_FAIL;
01424             goto exit;
01425         }
01426     }
01427 
01428     /* Retrieve the matching public key. */
01429     res = rpmtsFindPubkey(ts);
01430     if (res != RPMRC_OK)
01431         goto exit;
01432 
01433     (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
01434     if (dsavrfy(&dig->p, &dig->q, &dig->g,
01435                 &dig->hm, &dig->y, &dig->r, &dig->s))
01436         res = RPMRC_OK;
01437     else
01438         res = RPMRC_FAIL;
01439     (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_SIGNATURE), 0);
01440 
01441 exit:
01442     t = stpcpy(t, rpmSigString(res));
01443     if (sigp != NULL) {
01444         t = stpcpy(t, ", key ID ");
01445         (void) pgpHexCvt(t, sigp->signid+4, sizeof(sigp->signid)-4);
01446         t += strlen(t);
01447     }
01448     t = stpcpy(t, "\n");
01449     return res;
01450 }
01451 /*@=boundswrite@*/
01452 
01453 rpmRC
01454 rpmVerifySignature(const rpmts ts, char * result)
01455 {
01456     const void * sig = rpmtsSig(ts);
01457     int_32 siglen = rpmtsSiglen(ts);
01458     int_32 sigtag = rpmtsSigtag(ts);
01459     pgpDig dig = rpmtsDig(ts);
01460     rpmRC res;
01461 
01462     if (sig == NULL || siglen <= 0 || dig == NULL) {
01463         sprintf(result, _("Verify signature: BAD PARAMETERS\n"));
01464         return RPMRC_NOTFOUND;
01465     }
01466 
01467     switch (sigtag) {
01468     case RPMSIGTAG_SIZE:
01469         res = verifySizeSignature(ts, result);
01470         break;
01471     case RPMSIGTAG_MD5:
01472         res = verifyMD5Signature(ts, result, dig->md5ctx);
01473         break;
01474     case RPMSIGTAG_SHA1:
01475         res = verifySHA1Signature(ts, result, dig->hdrsha1ctx);
01476         break;
01477     case RPMSIGTAG_RSA:
01478     case RPMSIGTAG_PGP5:        /* XXX legacy */
01479     case RPMSIGTAG_PGP:
01480         res = verifyPGPSignature(ts, result, dig->md5ctx);
01481         break;
01482     case RPMSIGTAG_DSA:
01483         res = verifyGPGSignature(ts, result, dig->hdrsha1ctx);
01484         break;
01485     case RPMSIGTAG_GPG:
01486         res = verifyGPGSignature(ts, result, dig->sha1ctx);
01487         break;
01488     case RPMSIGTAG_LEMD5_1:
01489     case RPMSIGTAG_LEMD5_2:
01490         sprintf(result, _("Broken MD5 digest: UNSUPPORTED\n"));
01491         res = RPMRC_NOTFOUND;
01492         break;
01493     default:
01494         sprintf(result, _("Signature: UNKNOWN (%d)\n"), sigtag);
01495         res = RPMRC_NOTFOUND;
01496         break;
01497     }
01498     return res;
01499 }
Generated on Mon May 7 19:27:03 2012 for rpm by  doxygen 1.3.9.1