void rpm_load_gpgkey(const char* filename)
{
#ifdef HAVE_LIBRPM
uint8_t *pkt = NULL;
size_t pklen;
if (pgpReadPkts(filename, &pkt, &pklen) != PGPARMOR_PUBKEY)
{
free(pkt);
error_msg("Can't load public GPG key %s", filename);
return;
}
uint8_t keyID[8];
#if 0
if (pgpPubkeyFingerprint(pkt, pklen, keyID) == 0)
#else
if (pgpPubkeyKeyID(pkt, pklen, keyID) == 0)
#endif
{
char *fingerprint = pgpHexStr(keyID, sizeof(keyID));
if (fingerprint != NULL)
list_fingerprints = g_list_append(list_fingerprints, fingerprint);
}
free(pkt);
#else
return;
#endif
}
rpmPubkey rpmPubkeyRead(const char *filename)
{
uint8_t *pkt = NULL;
size_t pktlen;
rpmPubkey key = NULL;
if (pgpReadPkts(filename, &pkt, &pktlen) <= 0) {
goto exit;
}
key = rpmPubkeyNew(pkt, pktlen);
free(pkt);
exit:
return key;
}
rpmPubkey rpmPubkeyRead(const char *filename)
{
rpmuint8_t *pkt = NULL;
size_t pktlen;
rpmPubkey key = NULL;
/*@-globs@*/
if (pgpReadPkts(filename, &pkt, &pktlen) <= 0)
goto exit;
/*@=globs@*/
key = rpmPubkeyNew(pkt, pktlen);
pkt = _free(pkt);
exit:
return key;
}
rpmRC rpmnsProbeSignature(void * _ts, const char * fn, const char * sigfn,
const char * pubfn, const char * pubid,
/*@unused@*/ int flags)
{
rpmts ts = (rpmts) _ts;
pgpDig dig = rpmtsDig(ts);
pgpDigParams sigp = pgpGetSignature(dig);
pgpDigParams pubp = pgpGetPubkey(dig);
rpmuint8_t * sigpkt = NULL;
size_t sigpktlen = 0;
DIGEST_CTX ctx = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
int xx;
rpmhkp hkp = NULL;
pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
size_t pleft;
int validate = 1;
SPEW((stderr, "==> check(%s, %s, %s, %s)\n", fn,
(sigfn ? sigfn : "(null)"),
(pubfn ? pubfn : "(null)"),
(pubid ? pubid : "(null)")));
/* Choose signature location: clearsign from fn if sigfn is NULL */
assert(fn && *fn);
if (!(sigfn && *sigfn))
sigfn = fn;
/* Load the signature from the file. */
{ const char * _sigfn = rpmExpand(sigfn, NULL);
xx = pgpReadPkts(_sigfn, &sigpkt, &sigpktlen);
if (xx != PGPARMOR_SIGNATURE) {
SPEW((stderr, "==> pgpReadPkts(%s) SIG %p[%u] ret %d\n", _sigfn, sigpkt, (unsigned)sigpktlen, xx));
_sigfn = _free(_sigfn);
goto exit;
}
_sigfn = _free(_sigfn);
}
pleft = sigpktlen;
xx = pgpPktLen(sigpkt, pleft, pp);
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (xx) goto exit;
if (sigp->version != (rpmuint8_t)3 && sigp->version != (rpmuint8_t)4) {
SPEW((stderr, "==> unverifiable V%u\n", (unsigned)sigp->version));
goto exit;
}
if (ts->hkp == NULL)
ts->hkp = rpmhkpNew(NULL, 0);
hkp = rpmhkpLink(ts->hkp);
/* Load the pubkey. Use pubfn if specified, otherwise rpmdb keyring. */
if (pubfn && *pubfn) {
const char * _pubfn = rpmExpand(pubfn, NULL);
/*@-type@*/
hkp->pkt = _free(hkp->pkt); /* XXX memleaks */
hkp->pktlen = 0;
xx = pgpReadPkts(_pubfn, &hkp->pkt, &hkp->pktlen);
/*@=type@*/
if (xx != PGPARMOR_PUBKEY) {
SPEW((stderr, "==> pgpReadPkts(%s) PUB %p[%u] rc %d\n", _pubfn, hkp->pkt, (unsigned)hkp->pktlen, xx));
_pubfn = _free(_pubfn);
goto exit;
}
_pubfn = _free(_pubfn);
/* Split the result into packet array. */
hkp->pkts = _free(hkp->pkts); /* XXX memleaks */
hkp->npkts = 0;
xx = pgpGrabPkts(hkp->pkt, hkp->pktlen, &hkp->pkts, &hkp->npkts);
#ifdef DYING
_rpmhkpDumpDig(__FUNCTION__, dig, NULL);
#endif
if (!xx)
(void) pgpPubkeyFingerprint(hkp->pkt, hkp->pktlen, hkp->keyid);
memcpy(pubp->signid, hkp->keyid, sizeof(pubp->signid));/* XXX useless */
/* Validate pubkey self-signatures (if any). */
/* XXX TODO: only validate once, then cache using rpmku */
/* XXX need at least 3 packets to validate a pubkey */
if (validate && hkp->npkts >= 3) {
#ifdef DYING
pgpPrtPkts(hkp->pkt, hkp->pktlen, NULL, 1);
#endif
xx = rpmhkpValidate(hkp, NULL);
switch (xx) {
case RPMRC_OK:
break;
case RPMRC_NOTFOUND:
case RPMRC_FAIL: /* XXX remap to NOTFOUND? */
case RPMRC_NOTTRUSTED:
case RPMRC_NOKEY:
default:
SPEW((stderr, "\t<-- rpmhkpValidate() rc %d\n", xx));
rc = (rpmRC)xx;
goto exit;
}
}
/* Retrieve parameters from pubkey/subkey packet(s). */
xx = rpmhkpFindKey(hkp, dig, sigp->signid, sigp->pubkey_algo);
if (xx) {
SPEW((stderr, "\t<-- rpmhkpFindKey() rc %d\n", xx));
goto exit;
}
} else {
rc = (rpmRC)pgpFindPubkey(dig);
if (rc != RPMRC_OK) {
SPEW((stderr, "\t<-- pgpFindPubkey() rc %d\n", rc));
goto exit;
}
}
/* Is this the requested pubkey? */
if (pubid && *pubid) {
size_t ns = strlen(pubid);
const char * s;
char * t;
size_t i;
/* At least 8 hex digits please. */
for (i = 0, s = pubid; *s && isxdigit(*s); s++, i++)
{};
if (!(*s == '\0' && i > 8 && (i%2) == 0)) {
SPEW((stderr, "==> invalid pubid: %s\n", pubid));
goto exit;
}
/* Truncate to key id size. */
s = pubid;
if (ns > 16) {
s += (ns - 16);
ns = 16;
}
ns >>= 1;
t = (char *) memset(alloca(ns), 0, ns);
for (i = 0; i < ns; i++)
t[i] = (char)((nibble(s[2*i]) << 4) | nibble(s[2*i+1]));
/* Compare the pubkey id. */
s = (const char *)pubp->signid;
xx = memcmp(t, s + (8 - ns), ns);
#ifdef DYING
/* XXX HACK: V4 RSA key id's are wonky atm. */
if (pubp->pubkey_algo == (rpmuint8_t)PGPPUBKEYALGO_RSA)
xx = 0;
#endif
if (xx) {
SPEW((stderr, "==> mismatched: pubkey id (%08x %08x) != %s\n",
pgpGrab(pubp->signid, 4), pgpGrab(pubp->signid+4, 4), pubid));
goto exit;
}
}
