/**
* Verify header immutable region SHA1 digest.
* @retval msg verbose success/failure text
* @param sha1ctx
* @return RPMRC_OK on success
*/
static rpmRC
verifySHA1Digest(rpmtd sigtd, DIGEST_CTX sha1ctx, char **msg)
{
rpmRC res = RPMRC_FAIL; /* assume failure */
char * SHA1 = NULL;
const char *title = _("Header SHA1 digest:");
const char *sig = sigtd->data;
*msg = NULL;
DIGEST_CTX ctx = rpmDigestDup(sha1ctx);
if (ctx == NULL) {
rasprintf(msg, "%s %s\n", title, rpmSigString(res));
goto exit;
}
(void) rpmDigestFinal(ctx, (void **)&SHA1, NULL, 1);
if (SHA1 == NULL || !rstreq(SHA1, sig)) {
rasprintf(msg, "%s %s Expected(%s) != (%s)\n", title,
rpmSigString(res), sig, SHA1 ? SHA1 : "(nil)");
} else {
res = RPMRC_OK;
rasprintf(msg, "%s %s (%s)\n", title, rpmSigString(res), SHA1);
}
exit:
SHA1 = _free(SHA1);
return res;
}
static rpmRC verifyDigest(rpmtd sigtd, DIGEST_CTX digctx, const char *title,
char **msg)
{
rpmRC res = RPMRC_FAIL; /* assume failure */
char * dig = NULL;
size_t diglen = 0;
char *pkgdig = rpmtdFormat(sigtd, RPMTD_FORMAT_STRING, NULL);
DIGEST_CTX ctx = rpmDigestDup(digctx);
if (rpmDigestFinal(ctx, (void **)&dig, &diglen, 1) || diglen == 0) {
rasprintf(msg, "%s %s", title, rpmSigString(res));
goto exit;
}
if (strcasecmp(pkgdig, dig) == 0) {
res = RPMRC_OK;
rasprintf(msg, "%s %s (%s)", title, rpmSigString(res), pkgdig);
} else {
rasprintf(msg, "%s: %s Expected(%s) != (%s)",
title, rpmSigString(res), pkgdig, dig);
}
exit:
free(dig);
free(pkgdig);
return res;
}
static rpmRC
verifyMD5Digest(rpmtd sigtd, DIGEST_CTX md5ctx, char **msg)
{
rpmRC res = RPMRC_FAIL; /* assume failure */
uint8_t * md5sum = NULL;
size_t md5len = 0;
char *md5;
const char *title = _("MD5 digest:");
*msg = NULL;
DIGEST_CTX ctx = rpmDigestDup(md5ctx);
if (ctx == NULL) {
rasprintf(msg, "%s %s\n", title, rpmSigString(res));
goto exit;
}
(void) rpmDigestFinal(ctx, (void **)&md5sum, &md5len, 0);
md5 = pgpHexStr(md5sum, md5len);
if (md5len != sigtd->count || memcmp(md5sum, sigtd->data, md5len)) {
char *hex = rpmtdFormat(sigtd, RPMTD_FORMAT_STRING, NULL);
rasprintf(msg, "%s %s Expected(%s) != (%s)\n", title,
rpmSigString(res), hex, md5);
free(hex);
} else {
res = RPMRC_OK;
rasprintf(msg, "%s %s (%s)\n", title, rpmSigString(res), md5);
}
free(md5);
exit:
md5sum = _free(md5sum);
return res;
}
char *rpmsinfoMsg(struct rpmsinfo_s *sinfo, rpmRC rc, const char *emsg)
{
char *msg = NULL;
if (emsg) {
rasprintf(&msg, "%s: %s (%s)",
rpmsinfoDescr(sinfo), rpmSigString(rc), emsg);
} else {
rasprintf(&msg, "%s: %s", rpmsinfoDescr(sinfo), rpmSigString(rc));
}
return msg;
}
/**
* Verify DSA/RSA signature.
* @param keyring pubkey keyring
* @param sig OpenPGP signature parameters
* @param hashctx digest context
* @param isHdr header-only signature?
* @retval msg verbose success/failure text
* @return RPMRC_OK on success
*/
static rpmRC
verifySignature(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX hashctx,
int isHdr, char **msg)
{
rpmRC res = rpmKeyringVerifySig(keyring, sig, hashctx);
char *sigid = pgpIdentItem(sig);
rasprintf(msg, "%s%s: %s\n", isHdr ? _("Header ") : "", sigid,
rpmSigString(res));
free(sigid);
return res;
}
