void rpm_load_gpgkey(const char* filename) { #ifdef HAVE_LIBRPM uint8_t *pkt = NULL; size_t pklen; if (pgpReadPkts(filename, &pkt, &pklen) != PGPARMOR_PUBKEY) { free(pkt); error_msg("Can't load public GPG key %s", filename); return; } uint8_t keyID[8]; #if 0 if (pgpPubkeyFingerprint(pkt, pklen, keyID) == 0) #else if (pgpPubkeyKeyID(pkt, pklen, keyID) == 0) #endif { char *fingerprint = pgpHexStr(keyID, sizeof(keyID)); if (fingerprint != NULL) list_fingerprints = g_list_append(list_fingerprints, fingerprint); } free(pkt); #else return; #endif }
rpmPubkey rpmPubkeyRead(const char *filename) { uint8_t *pkt = NULL; size_t pktlen; rpmPubkey key = NULL; if (pgpReadPkts(filename, &pkt, &pktlen) <= 0) { goto exit; } key = rpmPubkeyNew(pkt, pktlen); free(pkt); exit: return key; }
rpmPubkey rpmPubkeyRead(const char *filename) { rpmuint8_t *pkt = NULL; size_t pktlen; rpmPubkey key = NULL; /*@-globs@*/ if (pgpReadPkts(filename, &pkt, &pktlen) <= 0) goto exit; /*@=globs@*/ key = rpmPubkeyNew(pkt, pktlen); pkt = _free(pkt); exit: return key; }
rpmRC rpmnsProbeSignature(void * _ts, const char * fn, const char * sigfn, const char * pubfn, const char * pubid, /*@unused@*/ int flags) { rpmts ts = (rpmts) _ts; pgpDig dig = rpmtsDig(ts); pgpDigParams sigp = pgpGetSignature(dig); pgpDigParams pubp = pgpGetPubkey(dig); rpmuint8_t * sigpkt = NULL; size_t sigpktlen = 0; DIGEST_CTX ctx = NULL; rpmRC rc = RPMRC_FAIL; /* assume failure */ int xx; rpmhkp hkp = NULL; pgpPkt pp = (pgpPkt) alloca(sizeof(*pp)); size_t pleft; int validate = 1; SPEW((stderr, "==> check(%s, %s, %s, %s)\n", fn, (sigfn ? sigfn : "(null)"), (pubfn ? pubfn : "(null)"), (pubid ? pubid : "(null)"))); /* Choose signature location: clearsign from fn if sigfn is NULL */ assert(fn && *fn); if (!(sigfn && *sigfn)) sigfn = fn; /* Load the signature from the file. */ { const char * _sigfn = rpmExpand(sigfn, NULL); xx = pgpReadPkts(_sigfn, &sigpkt, &sigpktlen); if (xx != PGPARMOR_SIGNATURE) { SPEW((stderr, "==> pgpReadPkts(%s) SIG %p[%u] ret %d\n", _sigfn, sigpkt, (unsigned)sigpktlen, xx)); _sigfn = _free(_sigfn); goto exit; } _sigfn = _free(_sigfn); } pleft = sigpktlen; xx = pgpPktLen(sigpkt, pleft, pp); xx = rpmhkpLoadSignature(NULL, dig, pp); if (xx) goto exit; if (sigp->version != (rpmuint8_t)3 && sigp->version != (rpmuint8_t)4) { SPEW((stderr, "==> unverifiable V%u\n", (unsigned)sigp->version)); goto exit; } if (ts->hkp == NULL) ts->hkp = rpmhkpNew(NULL, 0); hkp = rpmhkpLink(ts->hkp); /* Load the pubkey. Use pubfn if specified, otherwise rpmdb keyring. */ if (pubfn && *pubfn) { const char * _pubfn = rpmExpand(pubfn, NULL); /*@-type@*/ hkp->pkt = _free(hkp->pkt); /* XXX memleaks */ hkp->pktlen = 0; xx = pgpReadPkts(_pubfn, &hkp->pkt, &hkp->pktlen); /*@=type@*/ if (xx != PGPARMOR_PUBKEY) { SPEW((stderr, "==> pgpReadPkts(%s) PUB %p[%u] rc %d\n", _pubfn, hkp->pkt, (unsigned)hkp->pktlen, xx)); _pubfn = _free(_pubfn); goto exit; } _pubfn = _free(_pubfn); /* Split the result into packet array. */ hkp->pkts = _free(hkp->pkts); /* XXX memleaks */ hkp->npkts = 0; xx = pgpGrabPkts(hkp->pkt, hkp->pktlen, &hkp->pkts, &hkp->npkts); #ifdef DYING _rpmhkpDumpDig(__FUNCTION__, dig, NULL); #endif if (!xx) (void) pgpPubkeyFingerprint(hkp->pkt, hkp->pktlen, hkp->keyid); memcpy(pubp->signid, hkp->keyid, sizeof(pubp->signid));/* XXX useless */ /* Validate pubkey self-signatures (if any). */ /* XXX TODO: only validate once, then cache using rpmku */ /* XXX need at least 3 packets to validate a pubkey */ if (validate && hkp->npkts >= 3) { #ifdef DYING pgpPrtPkts(hkp->pkt, hkp->pktlen, NULL, 1); #endif xx = rpmhkpValidate(hkp, NULL); switch (xx) { case RPMRC_OK: break; case RPMRC_NOTFOUND: case RPMRC_FAIL: /* XXX remap to NOTFOUND? */ case RPMRC_NOTTRUSTED: case RPMRC_NOKEY: default: SPEW((stderr, "\t<-- rpmhkpValidate() rc %d\n", xx)); rc = (rpmRC)xx; goto exit; } } /* Retrieve parameters from pubkey/subkey packet(s). */ xx = rpmhkpFindKey(hkp, dig, sigp->signid, sigp->pubkey_algo); if (xx) { SPEW((stderr, "\t<-- rpmhkpFindKey() rc %d\n", xx)); goto exit; } } else { rc = (rpmRC)pgpFindPubkey(dig); if (rc != RPMRC_OK) { SPEW((stderr, "\t<-- pgpFindPubkey() rc %d\n", rc)); goto exit; } } /* Is this the requested pubkey? */ if (pubid && *pubid) { size_t ns = strlen(pubid); const char * s; char * t; size_t i; /* At least 8 hex digits please. */ for (i = 0, s = pubid; *s && isxdigit(*s); s++, i++) {}; if (!(*s == '\0' && i > 8 && (i%2) == 0)) { SPEW((stderr, "==> invalid pubid: %s\n", pubid)); goto exit; } /* Truncate to key id size. */ s = pubid; if (ns > 16) { s += (ns - 16); ns = 16; } ns >>= 1; t = (char *) memset(alloca(ns), 0, ns); for (i = 0; i < ns; i++) t[i] = (char)((nibble(s[2*i]) << 4) | nibble(s[2*i+1])); /* Compare the pubkey id. */ s = (const char *)pubp->signid; xx = memcmp(t, s + (8 - ns), ns); #ifdef DYING /* XXX HACK: V4 RSA key id's are wonky atm. */ if (pubp->pubkey_algo == (rpmuint8_t)PGPPUBKEYALGO_RSA) xx = 0; #endif if (xx) { SPEW((stderr, "==> mismatched: pubkey id (%08x %08x) != %s\n", pgpGrab(pubp->signid, 4), pgpGrab(pubp->signid+4, 4), pubid)); goto exit; } }