int rpmvsVerifyItems(struct rpmvs_s *sis, int range, rpmDigestBundle bundle,
rpmKeyring keyring, rpmsinfoCb cb, void *cbdata)
{
int failed = 0;
for (int i = 0; i < sis->nsigs; i++) {
struct rpmsinfo_s *sinfo = &sis->sigs[i];
if (sinfo->range == range) {
if (sis->rcs[i] == RPMRC_OK) {
DIGEST_CTX ctx = rpmDigestBundleDupCtx(bundle, sinfo->id);
sis->results[i] = _free(sis->results[i]);
sis->rcs[i] = rpmVerifySignature(keyring, sinfo, ctx, &sis->results[i]);
rpmDigestFinal(ctx, NULL, NULL, 0);
rpmDigestBundleFinal(bundle, sinfo->id, NULL, NULL, 0);
}
if (cb)
sis->rcs[i] = cb(sinfo, sis->rcs[i], sis->results[i], cbdata);
if (sis->rcs[i] != RPMRC_OK)
failed++;
}
}
return failed;
}
static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
FD_t fd, const char *fn)
{
char *buf = NULL;
char *missingKeys = NULL;
char *untrustedKeys = NULL;
struct rpmtd_s sigtd;
pgpDigParams sig = NULL;
Header sigh = NULL;
HeaderIterator hi = NULL;
char * msg = NULL;
int res = 1; /* assume failure */
rpmRC rc;
int failed = 0;
int nodigests = !(flags & VERIFY_DIGEST);
int nosignatures = !(flags & VERIFY_SIGNATURE);
struct sigtInfo_s sinfo;
rpmDigestBundle plbundle = rpmDigestBundleNew();
rpmDigestBundle hdrbundle = rpmDigestBundleNew();
if ((rc = rpmLeadRead(fd, NULL, NULL, &msg)) != RPMRC_OK) {
goto exit;
}
rc = rpmReadSignature(fd, &sigh, RPMSIGTYPE_HEADERSIG, &msg);
if (rc != RPMRC_OK) {
goto exit;
}
/* Initialize all digests we'll be needing */
hi = headerInitIterator(sigh);
for (; headerNext(hi, &sigtd) != 0; rpmtdFreeData(&sigtd)) {
rc = rpmSigInfoParse(&sigtd, "package", &sinfo, NULL, NULL);
if (nosignatures && sinfo.type == RPMSIG_SIGNATURE_TYPE)
continue;
if (nodigests && sinfo.type == RPMSIG_DIGEST_TYPE)
continue;
if (rc == RPMRC_OK && sinfo.hashalgo) {
rpmDigestBundleAdd(sinfo.payload ? plbundle : hdrbundle,
sinfo.hashalgo, RPMDIGEST_NONE);
}
}
hi = headerFreeIterator(hi);
/* Read the file, generating digest(s) on the fly. */
fdSetBundle(fd, plbundle);
if (readFile(fd, fn, plbundle, hdrbundle)) {
goto exit;
}
rasprintf(&buf, "%s:%c", fn, (rpmIsVerbose() ? '\n' : ' ') );
hi = headerInitIterator(sigh);
for (; headerNext(hi, &sigtd) != 0; rpmtdFreeData(&sigtd)) {
char *result = NULL;
DIGEST_CTX ctx = NULL;
if (sigtd.data == NULL) /* XXX can't happen */
continue;
/* Clean up parameters from previous sigtag. */
sig = pgpDigParamsFree(sig);
/* Note: we permit failures to be ignored via disablers */
rc = rpmSigInfoParse(&sigtd, "package", &sinfo, &sig, &result);
if (nosignatures && sinfo.type == RPMSIG_SIGNATURE_TYPE)
continue;
if (nodigests && sinfo.type == RPMSIG_DIGEST_TYPE)
continue;
if (sinfo.type == RPMSIG_OTHER_TYPE)
continue;
if (rc == RPMRC_OK) {
ctx = rpmDigestBundleDupCtx(sinfo.payload ? plbundle : hdrbundle,
sinfo.hashalgo);
rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, &result);
rpmDigestFinal(ctx, NULL, NULL, 0);
}
if (result) {
formatResult(sigtd.tag, rc, result,
(rc == RPMRC_NOKEY ? &missingKeys : &untrustedKeys),
&buf);
free(result);
}
if (rc != RPMRC_OK) {
failed = 1;
}
}
res = failed;
if (rpmIsVerbose()) {
rpmlog(RPMLOG_NOTICE, "%s", buf);
} else {
const char *ok = (failed ? _("NOT OK") : _("OK"));
rpmlog(RPMLOG_NOTICE, "%s%s%s%s%s%s%s%s\n", buf, ok,
missingKeys ? _(" (MISSING KEYS:") : "",
missingKeys ? missingKeys : "",
missingKeys ? _(") ") : "",
untrustedKeys ? _(" (UNTRUSTED KEYS:") : "",
untrustedKeys ? untrustedKeys : "",
untrustedKeys ? _(")") : "");
}
free(missingKeys);
free(untrustedKeys);
exit:
if (res && msg != NULL)
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, msg);
free(msg);
free(buf);
rpmDigestBundleFree(hdrbundle);
rpmDigestBundleFree(plbundle);
fdSetBundle(fd, NULL); /* XXX avoid double-free from fd close */
sigh = rpmFreeSignature(sigh);
hi = headerFreeIterator(hi);
pgpDigParamsFree(sig);
return res;
}
static rpmRC rpmpkgRead(rpmKeyring keyring, rpmVSFlags vsflags,
FD_t fd,
Header * hdrp, unsigned int *keyidp, char **msg)
{
pgpDigParams sig = NULL;
Header sigh = NULL;
rpmTagVal sigtag;
struct rpmtd_s sigtd;
struct sigtInfo_s sinfo;
Header h = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
int leadtype = -1;
headerGetFlags hgeflags = HEADERGET_DEFAULT;
if (hdrp) *hdrp = NULL;
rpmtdReset(&sigtd);
if ((rc = rpmLeadRead(fd, &leadtype, msg)) != RPMRC_OK) {
/* Avoid message spew on manifests */
if (rc == RPMRC_NOTFOUND) {
*msg = _free(*msg);
}
goto exit;
}
/* Read the signature header. */
rc = rpmReadSignature(fd, &sigh, msg);
if (rc != RPMRC_OK) {
goto exit;
}
#define _chk(_mask, _tag) \
(sigtag == 0 && !(vsflags & (_mask)) && headerIsEntry(sigh, (_tag)))
/*
* Figger the most effective means of verification available, prefer
* signatures over digests. Legacy header+payload entries are not used.
* DSA will be preferred over RSA if both exist because tested first.
*/
sigtag = 0;
if (_chk(RPMVSF_NODSAHEADER, RPMSIGTAG_DSA)) {
sigtag = RPMSIGTAG_DSA;
} else if (_chk(RPMVSF_NORSAHEADER, RPMSIGTAG_RSA)) {
sigtag = RPMSIGTAG_RSA;
} else if (_chk(RPMVSF_NOSHA1HEADER, RPMSIGTAG_SHA1)) {
sigtag = RPMSIGTAG_SHA1;
}
/* Read the metadata, computing digest(s) on the fly. */
h = NULL;
rc = rpmpkgReadHeader(fd, &h, msg);
if (rc != RPMRC_OK || h == NULL) {
goto exit;
}
/* Any digests or signatures to check? */
if (sigtag == 0) {
rc = RPMRC_OK;
goto exit;
}
/* Free up any previous "ok" message before signature/digest check */
*msg = _free(*msg);
/* Retrieve the tag parameters from the signature header. */
if (!headerGet(sigh, sigtag, &sigtd, hgeflags)) {
rc = RPMRC_FAIL;
goto exit;
}
if (rpmSigInfoParse(&sigtd, "package", &sinfo, &sig, msg) == RPMRC_OK) {
struct rpmtd_s utd;
DIGEST_CTX ctx = rpmDigestInit(sinfo.hashalgo, RPMDIGEST_NONE);
if (headerGet(h, RPMTAG_HEADERIMMUTABLE, &utd, hgeflags)) {
rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic));
rpmDigestUpdate(ctx, utd.data, utd.count);
rpmtdFreeData(&utd);
}
/** @todo Implement disable/enable/warn/error/anal policy. */
rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, msg);
rpmDigestFinal(ctx, NULL, NULL, 0);
} else {
rc = RPMRC_FAIL;
}
exit:
if (rc != RPMRC_FAIL && h != NULL && hdrp != NULL) {
/* Retrofit RPMTAG_SOURCEPACKAGE to srpms for compatibility */
if (leadtype == RPMLEAD_SOURCE && headerIsSource(h)) {
if (!headerIsEntry(h, RPMTAG_SOURCEPACKAGE)) {
uint32_t one = 1;
headerPutUint32(h, RPMTAG_SOURCEPACKAGE, &one, 1);
}
}
/*
* Try to make sure binary rpms have RPMTAG_SOURCERPM set as that's
* what we use for differentiating binary vs source elsewhere.
*/
if (!headerIsEntry(h, RPMTAG_SOURCEPACKAGE) && headerIsSource(h)) {
headerPutString(h, RPMTAG_SOURCERPM, "(none)");
}
/*
* Convert legacy headers on the fly. Not having immutable region
* equals a truly ancient package, do full retrofit. OTOH newer
* packages might have been built with --nodirtokens, test and handle
* the non-compressed filelist case separately.
*/
if (!headerIsEntry(h, RPMTAG_HEADERIMMUTABLE))
headerConvert(h, HEADERCONV_RETROFIT_V3);
else if (headerIsEntry(h, RPMTAG_OLDFILENAMES))
headerConvert(h, HEADERCONV_COMPRESSFILELIST);
/* Append (and remap) signature tags to the metadata. */
headerMergeLegacySigs(h, sigh);
/* Bump reference count for return. */
*hdrp = headerLink(h);
if (keyidp)
*keyidp = getKeyid(sig);
}
rpmtdFreeData(&sigtd);
h = headerFree(h);
pgpDigParamsFree(sig);
sigh = headerFree(sigh);
return rc;
}
/*
* Argument monster to verify header-only signature/digest if there is
* one, otherwisereturn RPMRC_NOTFOUND to signal for plain sanity check.
*/
static rpmRC headerSigVerify(rpmKeyring keyring, rpmVSFlags vsflags,
hdrblob blob, char **buf)
{
rpmRC rc = RPMRC_FAIL;
pgpDigParams sig = NULL;
struct rpmtd_s sigtd;
struct entryInfo_s einfo;
struct sigtInfo_s sinfo;
rpmtdReset(&sigtd);
memset(&einfo, 0, sizeof(einfo));
/* Find a header-only digest/signature tag. */
for (int i = blob->ril; i < blob->il; i++) {
ei2h(blob->pe+i, &einfo);
switch (einfo.tag) {
case RPMTAG_SHA1HEADER:
if (vsflags & RPMVSF_NOSHA1HEADER)
break;
if (sigtd.tag == 0)
ei2td(&einfo, blob->dataStart, 0, &sigtd);
break;
case RPMTAG_RSAHEADER:
if (vsflags & RPMVSF_NORSAHEADER)
break;
ei2td(&einfo, blob->dataStart, einfo.count, &sigtd);
break;
case RPMTAG_DSAHEADER:
if (vsflags & RPMVSF_NODSAHEADER)
break;
ei2td(&einfo, blob->dataStart, einfo.count, &sigtd);
break;
default:
break;
}
}
/* No header-only digest/signature found, get outta here */
if (sigtd.tag == 0) {
rc = RPMRC_NOTFOUND;
goto exit;
}
if (rpmSigInfoParse(&sigtd, "header", &sinfo, &sig, buf))
goto exit;
if (sinfo.hashalgo) {
DIGEST_CTX ctx = rpmDigestInit(sinfo.hashalgo, RPMDIGEST_NONE);
int32_t ildl[2] = { htonl(blob->ril), htonl(blob->rdl) };
rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic));
rpmDigestUpdate(ctx, ildl, sizeof(ildl));
rpmDigestUpdate(ctx, blob->pe, (blob->ril * sizeof(*blob->pe)));
rpmDigestUpdate(ctx, blob->dataStart, blob->rdl);
rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, buf);
rpmDigestFinal(ctx, NULL, NULL, 0);
}
exit:
rpmtdFreeData(&sigtd);
pgpDigParamsFree(sig);
return rc;
}
static rpmRC rpmpkgRead(rpmKeyring keyring, rpmVSFlags vsflags,
FD_t fd, const char * fn, Header * hdrp)
{
pgpDig dig = NULL;
char buf[8*BUFSIZ];
ssize_t count;
rpmlead l = NULL;
Header sigh = NULL;
rpmSigTag sigtag;
struct rpmtd_s sigtd;
Header h = NULL;
char * msg;
rpmRC rc = RPMRC_FAIL; /* assume failure */
int leadtype = -1;
headerGetFlags hgeflags = HEADERGET_DEFAULT;
DIGEST_CTX ctx = NULL;
if (hdrp) *hdrp = NULL;
rpmtdReset(&sigtd);
l = rpmLeadNew();
if ((rc = rpmLeadRead(fd, l)) == RPMRC_OK) {
const char * err = NULL;
if ((rc = rpmLeadCheck(l, &err)) == RPMRC_FAIL) {
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, err);
}
leadtype = rpmLeadType(l);
}
l = rpmLeadFree(l);
if (rc != RPMRC_OK)
goto exit;
/* Read the signature header. */
msg = NULL;
rc = rpmReadSignature(fd, &sigh, RPMSIGTYPE_HEADERSIG, &msg);
switch (rc) {
default:
rpmlog(RPMLOG_ERR, _("%s: rpmReadSignature failed: %s"), fn,
(msg && *msg ? msg : "\n"));
msg = _free(msg);
goto exit;
break;
case RPMRC_OK:
if (sigh == NULL) {
rpmlog(RPMLOG_ERR, _("%s: No signature available\n"), fn);
rc = RPMRC_FAIL;
goto exit;
}
break;
}
msg = _free(msg);
#define _chk(_mask, _tag) \
(sigtag == 0 && !(vsflags & (_mask)) && headerIsEntry(sigh, (_tag)))
/*
* Figger the most effective available signature.
* Prefer signatures over digests, then header-only over header+payload.
* DSA will be preferred over RSA if both exist because tested first.
* Note that NEEDPAYLOAD prevents header+payload signatures and digests.
*/
sigtag = 0;
if (_chk(RPMVSF_NODSAHEADER, RPMSIGTAG_DSA)) {
sigtag = RPMSIGTAG_DSA;
} else if (_chk(RPMVSF_NORSAHEADER, RPMSIGTAG_RSA)) {
sigtag = RPMSIGTAG_RSA;
} else if (_chk(RPMVSF_NODSA|RPMVSF_NEEDPAYLOAD, RPMSIGTAG_GPG)) {
sigtag = RPMSIGTAG_GPG;
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
} else if (_chk(RPMVSF_NORSA|RPMVSF_NEEDPAYLOAD, RPMSIGTAG_PGP)) {
sigtag = RPMSIGTAG_PGP;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
} else if (_chk(RPMVSF_NOSHA1HEADER, RPMSIGTAG_SHA1)) {
sigtag = RPMSIGTAG_SHA1;
} else if (_chk(RPMVSF_NOMD5|RPMVSF_NEEDPAYLOAD, RPMSIGTAG_MD5)) {
sigtag = RPMSIGTAG_MD5;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
}
/* Read the metadata, computing digest(s) on the fly. */
h = NULL;
msg = NULL;
rc = rpmpkgReadHeader(keyring, vsflags, fd, &h, &msg);
if (rc != RPMRC_OK || h == NULL) {
rpmlog(RPMLOG_ERR, _("%s: headerRead failed: %s"), fn,
(msg && *msg ? msg : "\n"));
msg = _free(msg);
goto exit;
}
msg = _free(msg);
/* Any digests or signatures to check? */
if (sigtag == 0) {
rc = RPMRC_OK;
goto exit;
}
dig = pgpNewDig();
if (dig == NULL) {
rc = RPMRC_FAIL;
goto exit;
}
/* Retrieve the tag parameters from the signature header. */
if (!headerGet(sigh, sigtag, &sigtd, hgeflags)) {
rc = RPMRC_FAIL;
goto exit;
}
switch (sigtag) {
case RPMSIGTAG_RSA:
case RPMSIGTAG_DSA:
if ((rc = parsePGP(&sigtd, "package", dig)) != RPMRC_OK) {
goto exit;
}
/* fallthrough */
case RPMSIGTAG_SHA1:
{ struct rpmtd_s utd;
pgpHashAlgo hashalgo = (sigtag == RPMSIGTAG_SHA1) ?
PGPHASHALGO_SHA1 : dig->signature.hash_algo;
if (!headerGet(h, RPMTAG_HEADERIMMUTABLE, &utd, hgeflags))
break;
ctx = rpmDigestInit(hashalgo, RPMDIGEST_NONE);
(void) rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic));
(void) rpmDigestUpdate(ctx, utd.data, utd.count);
rpmtdFreeData(&utd);
} break;
case RPMSIGTAG_GPG:
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
if ((rc = parsePGP(&sigtd, "package", dig)) != RPMRC_OK) {
goto exit;
}
/* fallthrough */
case RPMSIGTAG_MD5:
/* Legacy signatures need the compressed payload in the digest too. */
while ((count = Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0) {}
if (count < 0) {
rpmlog(RPMLOG_ERR, _("%s: Fread failed: %s\n"),
fn, Fstrerror(fd));
rc = RPMRC_FAIL;
goto exit;
}
ctx = rpmDigestBundleDupCtx(fdGetBundle(fd), (sigtag == RPMSIGTAG_MD5) ?
PGPHASHALGO_MD5 : dig->signature.hash_algo);
break;
default:
break;
}
/** @todo Implement disable/enable/warn/error/anal policy. */
rc = rpmVerifySignature(keyring, &sigtd, dig, ctx, &msg);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
rpmlog(RPMLOG_DEBUG, "%s: %s", fn, msg);
break;
case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */
case RPMRC_NOKEY: /* Public key is unavailable. */
/* XXX Print NOKEY/NOTTRUSTED warning only once. */
{ int lvl = (stashKeyid(dig) ? RPMLOG_DEBUG : RPMLOG_WARNING);
rpmlog(lvl, "%s: %s", fn, msg);
} break;
case RPMRC_NOTFOUND: /* Signature is unknown type. */
rpmlog(RPMLOG_WARNING, "%s: %s", fn, msg);
break;
default:
case RPMRC_FAIL: /* Signature does not verify. */
rpmlog(RPMLOG_ERR, "%s: %s", fn, msg);
break;
}
free(msg);
exit:
if (rc != RPMRC_FAIL && h != NULL && hdrp != NULL) {
/* Retrofit RPMTAG_SOURCEPACKAGE to srpms for compatibility */
if (leadtype == RPMLEAD_SOURCE && headerIsSource(h)) {
if (!headerIsEntry(h, RPMTAG_SOURCEPACKAGE)) {
uint32_t one = 1;
headerPutUint32(h, RPMTAG_SOURCEPACKAGE, &one, 1);
}
}
/*
* Try to make sure binary rpms have RPMTAG_SOURCERPM set as that's
* what we use for differentiating binary vs source elsewhere.
*/
if (!headerIsEntry(h, RPMTAG_SOURCEPACKAGE) && headerIsSource(h)) {
headerPutString(h, RPMTAG_SOURCERPM, "(none)");
}
/*
* Convert legacy headers on the fly. Not having "new" style compressed
* filenames is close enough estimate for legacy indication...
*/
if (!headerIsEntry(h, RPMTAG_DIRNAMES)) {
headerConvert(h, HEADERCONV_RETROFIT_V3);
}
/* Append (and remap) signature tags to the metadata. */
headerMergeLegacySigs(h, sigh);
/* Bump reference count for return. */
*hdrp = headerLink(h);
}
rpmtdFreeData(&sigtd);
rpmDigestFinal(ctx, NULL, NULL, 0);
h = headerFree(h);
pgpFreeDig(dig);
sigh = rpmFreeSignature(sigh);
return rc;
}
static rpmRC headerVerify(rpmKeyring keyring, rpmVSFlags vsflags,
const void * uh, size_t uc, char ** msg)
{
pgpDig dig = NULL;
char *buf = NULL;
int32_t * ei = (int32_t *) uh;
int32_t il = ntohl(ei[0]);
int32_t dl = ntohl(ei[1]);
entryInfo pe = (entryInfo) &ei[2];
int32_t ildl[2];
int32_t pvlen = sizeof(ildl) + (il * sizeof(*pe)) + dl;
unsigned char * dataStart = (unsigned char *) (pe + il);
struct indexEntry_s entry;
struct entryInfo_s info;
unsigned const char * b;
size_t siglen = 0;
size_t blen;
size_t nb;
int32_t ril = 0;
unsigned char * regionEnd = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
int xx;
int i;
struct rpmtd_s sigtd;
DIGEST_CTX ctx = NULL;
/* Is the blob the right size? */
if (uc > 0 && pvlen != uc) {
rasprintf(&buf, _("blob size(%d): BAD, 8 + 16 * il(%d) + dl(%d)\n"),
(int)uc, (int)il, (int)dl);
goto exit;
}
memset(&entry, 0, sizeof(entry));
memset(&info, 0, sizeof(info));
/* Check (and convert) the 1st tag element. */
xx = headerVerifyInfo(1, dl, pe, &entry.info, 0);
if (xx != -1) {
rasprintf(&buf, _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
0, entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
/* Is there an immutable header region tag? */
if (!(entry.info.tag == RPMTAG_HEADERIMMUTABLE
&& entry.info.type == RPM_BIN_TYPE
&& entry.info.count == REGION_TAG_COUNT))
{
rc = RPMRC_NOTFOUND;
goto exit;
}
/* Is the offset within the data area? */
if (entry.info.offset >= dl) {
rasprintf(&buf,
_("region offset: BAD, tag %d type %d offset %d count %d\n"),
entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
/* Is there an immutable header region tag trailer? */
regionEnd = dataStart + entry.info.offset;
(void) memcpy(&info, regionEnd, REGION_TAG_COUNT);
regionEnd += REGION_TAG_COUNT;
xx = headerVerifyInfo(1, dl, &info, &entry.info, 1);
if (xx != -1 ||
!(entry.info.tag == RPMTAG_HEADERIMMUTABLE
&& entry.info.type == RPM_BIN_TYPE
&& entry.info.count == REGION_TAG_COUNT))
{
rasprintf(&buf,
_("region trailer: BAD, tag %d type %d offset %d count %d\n"),
entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
memset(&info, 0, sizeof(info));
/* Is the no. of tags in the region less than the total no. of tags? */
ril = entry.info.offset/sizeof(*pe);
if ((entry.info.offset % sizeof(*pe)) || ril > il) {
rasprintf(&buf, _("region size: BAD, ril(%d) > il(%d)\n"), ril, il);
goto exit;
}
/* Find a header-only digest/signature tag. */
for (i = ril; i < il; i++) {
xx = headerVerifyInfo(1, dl, pe+i, &entry.info, 0);
if (xx != -1) {
rasprintf(&buf,
_("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
i, entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
switch (entry.info.tag) {
case RPMTAG_SHA1HEADER:
if (vsflags & RPMVSF_NOSHA1HEADER)
break;
blen = 0;
for (b = dataStart + entry.info.offset; *b != '\0'; b++) {
if (strchr("0123456789abcdefABCDEF", *b) == NULL)
break;
blen++;
}
if (entry.info.type != RPM_STRING_TYPE || *b != '\0' || blen != 40)
{
rasprintf(&buf, _("hdr SHA1: BAD, not hex\n"));
goto exit;
}
if (info.tag == 0) {
info = entry.info; /* structure assignment */
siglen = blen + 1;
}
break;
case RPMTAG_RSAHEADER:
if (vsflags & RPMVSF_NORSAHEADER)
break;
if (entry.info.type != RPM_BIN_TYPE) {
rasprintf(&buf, _("hdr RSA: BAD, not binary\n"));
goto exit;
}
info = entry.info; /* structure assignment */
siglen = info.count;
break;
case RPMTAG_DSAHEADER:
if (vsflags & RPMVSF_NODSAHEADER)
break;
if (entry.info.type != RPM_BIN_TYPE) {
rasprintf(&buf, _("hdr DSA: BAD, not binary\n"));
goto exit;
}
info = entry.info; /* structure assignment */
siglen = info.count;
break;
default:
break;
}
}
rc = RPMRC_NOTFOUND;
exit:
/* Return determined RPMRC_OK/RPMRC_FAIL conditions. */
if (rc != RPMRC_NOTFOUND) {
if (msg)
*msg = buf;
else
free(buf);
return rc;
}
/* If no header-only digest/signature, then do simple sanity check. */
if (info.tag == 0) {
verifyinfo_exit:
xx = headerVerifyInfo(ril-1, dl, pe+1, &entry.info, 0);
if (xx != -1) {
rasprintf(&buf,
_("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
xx+1, entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
rc = RPMRC_FAIL;
} else {
rasprintf(&buf, "Header sanity check: OK\n");
rc = RPMRC_OK;
}
if (msg)
*msg = buf;
else
free(buf);
return rc;
}
/* Verify header-only digest/signature. */
dig = pgpNewDig();
if (dig == NULL)
goto verifyinfo_exit;
sigtd.tag = info.tag;
sigtd.type = info.type;
sigtd.count = info.count;
sigtd.data = memcpy(xmalloc(siglen), dataStart + info.offset, siglen);
sigtd.flags = RPMTD_ALLOCED;
switch (info.tag) {
case RPMTAG_RSAHEADER:
case RPMTAG_DSAHEADER:
if ((rc = parsePGP(&sigtd, "header", dig)) != RPMRC_OK) {
pgpFreeDig(dig);
goto exit;
}
/* fallthrough */
case RPMTAG_SHA1HEADER: {
pgpHashAlgo hashalgo = (info.tag == RPMTAG_SHA1HEADER) ?
PGPHASHALGO_SHA1 : dig->signature.hash_algo;
ildl[0] = htonl(ril);
ildl[1] = (regionEnd - dataStart);
ildl[1] = htonl(ildl[1]);
ctx = rpmDigestInit(hashalgo, RPMDIGEST_NONE);
b = (unsigned char *) rpm_header_magic;
nb = sizeof(rpm_header_magic);
(void) rpmDigestUpdate(ctx, b, nb);
b = (unsigned char *) ildl;
nb = sizeof(ildl);
(void) rpmDigestUpdate(ctx, b, nb);
b = (unsigned char *) pe;
nb = (htonl(ildl[0]) * sizeof(*pe));
(void) rpmDigestUpdate(ctx, b, nb);
b = (unsigned char *) dataStart;
nb = htonl(ildl[1]);
(void) rpmDigestUpdate(ctx, b, nb);
} break;
default:
sigtd.data = _free(sigtd.data); /* Hmm...? */
break;
}
rc = rpmVerifySignature(keyring, &sigtd, dig, ctx, &buf);
if (msg)
*msg = buf;
else
free(buf);
rpmtdFreeData(&sigtd);
pgpFreeDig(dig);
rpmDigestFinal(ctx, NULL, NULL, 0);
return rc;
}
/*
* Argument monster to verify header-only signature/digest if there is
* one, otherwisereturn RPMRC_NOTFOUND to signal for plain sanity check.
*/
static rpmRC headerSigVerify(rpmKeyring keyring, rpmVSFlags vsflags,
int il, int dl, int ril, int rdl,
entryInfo pe, unsigned char * dataStart,
char **buf)
{
size_t siglen = 0;
rpmRC rc = RPMRC_FAIL;
pgpDigParams sig = NULL;
struct rpmtd_s sigtd;
struct entryInfo_s info, einfo;
unsigned int hashalgo = 0;
rpmtdReset(&sigtd);
memset(&info, 0, sizeof(info));
memset(&einfo, 0, sizeof(einfo));
/* Find a header-only digest/signature tag. */
for (int i = ril; i < il; i++) {
if (headerVerifyInfo(1, dl, pe+i, &einfo, 0) != -1) {
rasprintf(buf,
_("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
i, einfo.tag, einfo.type,
einfo.offset, einfo.count);
goto exit;
}
switch (einfo.tag) {
case RPMTAG_SHA1HEADER: {
size_t blen = 0;
unsigned const char * b;
if (vsflags & RPMVSF_NOSHA1HEADER)
break;
for (b = dataStart + einfo.offset; *b != '\0'; b++) {
if (strchr("0123456789abcdefABCDEF", *b) == NULL)
break;
blen++;
}
if (einfo.type != RPM_STRING_TYPE || *b != '\0' || blen != 40)
{
rasprintf(buf, _("hdr SHA1: BAD, not hex\n"));
goto exit;
}
if (info.tag == 0) {
info = einfo; /* structure assignment */
siglen = blen + 1;
}
} break;
case RPMTAG_RSAHEADER:
if (vsflags & RPMVSF_NORSAHEADER)
break;
if (einfo.type != RPM_BIN_TYPE) {
rasprintf(buf, _("hdr RSA: BAD, not binary\n"));
goto exit;
}
info = einfo; /* structure assignment */
siglen = info.count;
break;
case RPMTAG_DSAHEADER:
if (vsflags & RPMVSF_NODSAHEADER)
break;
if (einfo.type != RPM_BIN_TYPE) {
rasprintf(buf, _("hdr DSA: BAD, not binary\n"));
goto exit;
}
info = einfo; /* structure assignment */
siglen = info.count;
break;
default:
break;
}
}
/* No header-only digest/signature found, get outta here */
if (info.tag == 0) {
rc = RPMRC_NOTFOUND;
goto exit;
}
sigtd.tag = info.tag;
sigtd.type = info.type;
sigtd.count = info.count;
sigtd.data = memcpy(xmalloc(siglen), dataStart + info.offset, siglen);
sigtd.flags = RPMTD_ALLOCED;
switch (info.tag) {
case RPMTAG_RSAHEADER:
case RPMTAG_DSAHEADER:
if (parsePGPSig(&sigtd, "header", NULL, &sig))
goto exit;
hashalgo = pgpDigParamsAlgo(sig, PGPVAL_HASHALGO);
break;
case RPMTAG_SHA1HEADER:
hashalgo = PGPHASHALGO_SHA1;
break;
default:
break;
}
if (hashalgo) {
DIGEST_CTX ctx = rpmDigestInit(hashalgo, RPMDIGEST_NONE);
int32_t ildl[2] = { htonl(ril), htonl(rdl) };
rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic));
rpmDigestUpdate(ctx, ildl, sizeof(ildl));
rpmDigestUpdate(ctx, pe, (ril * sizeof(*pe)));
rpmDigestUpdate(ctx, dataStart, rdl);
rc = rpmVerifySignature(keyring, &sigtd, sig, ctx, buf);
rpmDigestFinal(ctx, NULL, NULL, 0);
}
exit:
rpmtdFreeData(&sigtd);
pgpDigParamsFree(sig);
return rc;
}
/*@-mods@*/
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
HE_t he = (HE_t) memset(alloca(sizeof(*he)), 0, sizeof(*he));
HE_t she = (HE_t) memset(alloca(sizeof(*she)), 0, sizeof(*she));
pgpDig dig = rpmtsDig(ts);
char buf[8*BUFSIZ];
ssize_t count;
Header sigh = NULL;
rpmtsOpX opx;
rpmop op = NULL;
size_t nb;
unsigned ix;
Header h = NULL;
const char * msg = NULL;
rpmVSFlags vsflags;
rpmRC rc = RPMRC_FAIL; /* assume failure */
rpmop opsave = (rpmop) memset(alloca(sizeof(*opsave)), 0, sizeof(*opsave));
int xx;
pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
if (hdrp) *hdrp = NULL;
assert(dig != NULL);
(void) fdSetDig(fd, dig);
/* Snapshot current I/O counters (cached persistent I/O reuses counters) */
(void) rpmswAdd(opsave, fdstat_op(fd, FDSTAT_READ));
{ const char item[] = "Lead";
msg = NULL;
rc = rpmpkgRead(item, fd, NULL, &msg);
switch (rc) {
default:
rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
/*@fallthrough@*/
case RPMRC_NOTFOUND:
msg = _free(msg);
goto exit;
/*@notreached@*/ break;
case RPMRC_OK:
break;
}
msg = _free(msg);
}
{ const char item[] = "Signature";
msg = NULL;
rc = rpmpkgRead(item, fd, &sigh, &msg);
switch (rc) {
default:
rpmlog(RPMLOG_ERR, "%s: %s: %s", fn, item,
(msg && *msg ? msg : _("read failed\n")));
msg = _free(msg);
goto exit;
/*@notreached@*/ break;
case RPMRC_OK:
if (sigh == NULL) {
rpmlog(RPMLOG_ERR, _("%s: No signature available\n"), fn);
rc = RPMRC_FAIL;
goto exit;
}
break;
}
msg = _free(msg);
}
#define _chk(_mask) (she->tag == 0 && !(vsflags & (_mask)))
/*
* Figger the most effective available signature.
* Prefer signatures over digests, then header-only over header+payload.
* DSA will be preferred over RSA if both exist because tested first.
* Note that NEEDPAYLOAD prevents header+payload signatures and digests.
*/
she->tag = (rpmTag)0;
opx = (rpmtsOpX)0;
vsflags = pgpDigVSFlags;
if (_chk(RPMVSF_NOECDSAHEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_ECDSA)) {
she->tag = (rpmTag)RPMSIGTAG_ECDSA;
} else
if (_chk(RPMVSF_NODSAHEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_DSA)) {
she->tag = (rpmTag)RPMSIGTAG_DSA;
} else
if (_chk(RPMVSF_NORSAHEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_RSA)) {
she->tag = (rpmTag)RPMSIGTAG_RSA;
} else
if (_chk(RPMVSF_NOSHA1HEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_SHA1)) {
she->tag = (rpmTag)RPMSIGTAG_SHA1;
} else
if (_chk(RPMVSF_NOMD5|RPMVSF_NEEDPAYLOAD) &&
headerIsEntry(sigh, (rpmTag)RPMSIGTAG_MD5))
{
she->tag = (rpmTag)RPMSIGTAG_MD5;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
opx = RPMTS_OP_DIGEST;
}
/* Read the metadata, computing digest(s) on the fly. */
h = NULL;
msg = NULL;
/* XXX stats will include header i/o and setup overhead. */
/* XXX repackaged packages have appended tags, legacy dig/sig check fails */
if (opx > 0) {
op = (rpmop) pgpStatsAccumulator(dig, opx);
(void) rpmswEnter(op, 0);
}
/*@-type@*/ /* XXX arrow access of non-pointer (FDSTAT_t) */
nb = fd->stats->ops[FDSTAT_READ].bytes;
{ const char item[] = "Header";
msg = NULL;
rc = rpmpkgRead(item, fd, &h, &msg);
if (rc != RPMRC_OK) {
rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
msg = _free(msg);
goto exit;
}
msg = _free(msg);
}
nb = fd->stats->ops[FDSTAT_READ].bytes - nb;
/*@=type@*/
if (opx > 0 && op != NULL) {
(void) rpmswExit(op, nb);
op = NULL;
}
/* Any digests or signatures to check? */
if (she->tag == 0) {
rc = RPMRC_OK;
goto exit;
}
dig->nbytes = 0;
/* Fish out the autosign pubkey (if present). */
he->tag = RPMTAG_PUBKEYS;
xx = headerGet(h, he, 0);
if (xx && he->p.argv != NULL && he->c > 0)
switch (he->t) {
default:
break;
case RPM_STRING_ARRAY_TYPE:
ix = he->c - 1; /* XXX FIXME: assumes last pubkey */
dig->pub = _free(dig->pub);
dig->publen = 0;
{ rpmiob iob = rpmiobNew(0);
iob = rpmiobAppend(iob, he->p.argv[ix], 0);
xx = pgpArmorUnwrap(iob, (rpmuint8_t **)&dig->pub, &dig->publen);
iob = rpmiobFree(iob);
}
if (xx != PGPARMOR_PUBKEY) {
dig->pub = _free(dig->pub);
dig->publen = 0;
}
break;
}
he->p.ptr = _free(he->p.ptr);
/* Retrieve the tag parameters from the signature header. */
xx = headerGet(sigh, she, 0);
if (she->p.ptr == NULL) {
rc = RPMRC_FAIL;
goto exit;
}
/*@-ownedtrans -noeffect@*/
xx = pgpSetSig(dig, she->tag, she->t, she->p.ptr, she->c);
/*@=ownedtrans =noeffect@*/
switch ((rpmSigTag)she->tag) {
default: /* XXX keep gcc quiet. */
assert(0);
/*@notreached@*/ break;
case RPMSIGTAG_RSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
xx = pgpPktLen(she->p.ui8p, she->c, pp);
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, dig->signature.version);
rc = RPMRC_FAIL;
goto exit;
}
xx = hBlobDigest(h, dig, dig->signature.hash_algo, &dig->hrsa);
break;
case RPMSIGTAG_DSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
xx = pgpPktLen(she->p.ui8p, she->c, pp);
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, dig->signature.version);
rc = RPMRC_FAIL;
goto exit;
}
xx = hBlobDigest(h, dig, dig->signature.hash_algo, &dig->hdsa);
break;
case RPMSIGTAG_ECDSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
xx = pgpPktLen(she->p.ui8p, she->c, pp);
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, dig->signature.version);
rc = RPMRC_FAIL;
goto exit;
}
xx = hBlobDigest(h, dig, dig->signature.hash_algo, &dig->hecdsa);
break;
case RPMSIGTAG_SHA1:
/* XXX dig->hsha? */
xx = hBlobDigest(h, dig, PGPHASHALGO_SHA1, &dig->hdsa);
break;
case RPMSIGTAG_MD5:
/* Legacy signatures need the compressed payload in the digest too. */
op = (rpmop) pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
(void) rpmswEnter(op, 0);
while ((count = Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0)
dig->nbytes += count;
(void) rpmswExit(op, dig->nbytes);
op->count--; /* XXX one too many */
dig->nbytes += nb; /* XXX include size of header blob. */
if (count < 0) {
rpmlog(RPMLOG_ERR, _("%s: Fread failed: %s\n"),
fn, Fstrerror(fd));
rc = RPMRC_FAIL;
goto exit;
}
/* XXX Steal the digest-in-progress from the file handle. */
fdStealDigest(fd, dig);
break;
}
/** @todo Implement disable/enable/warn/error/anal policy. */
buf[0] = '\0';
rc = rpmVerifySignature(dig, buf);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
rpmlog(RPMLOG_DEBUG, "%s: %s\n", fn, buf);
break;
case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */
case RPMRC_NOKEY: /* Public key is unavailable. */
#ifndef DYING
/* XXX Print NOKEY/NOTTRUSTED warning only once. */
{ int lvl = (pgpStashKeyid(dig) ? RPMLOG_DEBUG : RPMLOG_WARNING);
rpmlog(lvl, "%s: %s\n", fn, buf);
} break;
case RPMRC_NOTFOUND: /* Signature is unknown type. */
rpmlog(RPMLOG_WARNING, "%s: %s\n", fn, buf);
break;
#else
case RPMRC_NOTFOUND: /* Signature is unknown type. */
case RPMRC_NOSIG: /* Signature is unavailable. */
#endif
default:
case RPMRC_FAIL: /* Signature does not verify. */
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, buf);
break;
}
exit:
if (rc != RPMRC_FAIL && h != NULL && hdrp != NULL) {
/* Append (and remap) signature tags to the metadata. */
headerMergeLegacySigs(h, sigh);
/* Bump reference count for return. */
*hdrp = headerLink(h);
}
(void)headerFree(h);
h = NULL;
/* Accumulate time reading package header. */
(void) rpmswAdd(rpmtsOp(ts, RPMTS_OP_READHDR),
fdstat_op(fd, FDSTAT_READ));
(void) rpmswSub(rpmtsOp(ts, RPMTS_OP_READHDR),
opsave);
#ifdef NOTYET
/* Return RPMRC_NOSIG for MANDATORY signature verification. */
{ rpmSigTag sigtag = pgpGetSigtag(dig);
switch (sigtag) {
default:
rc = RPMRC_NOSIG;
/*@fallthrough@*/
case RPMSIGTAG_RSA:
case RPMSIGTAG_DSA:
case RPMSIGTAG_ECDSA:
break;
}
}
#endif
rpmtsCleanDig(ts);
(void)headerFree(sigh);
sigh = NULL;
return rc;
}
