On 08/11/12 23:57, Allan McRae wrote:
> This does not support all possibilities of RFC4880, but it does
> cover every key currently used in Arch Linux.
>
> Signed-off-by: Allan McRae <[email protected]>
> ---
> lib/libalpm/signing.c | 113
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> lib/libalpm/signing.h | 3 ++
> 2 files changed, 116 insertions(+)
>
> diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
> index 9d56aba..6ad0c5e 100644
> --- a/lib/libalpm/signing.c
> +++ b/lib/libalpm/signing.c
> @@ -948,4 +948,117 @@ int SYMEXPORT alpm_siglist_cleanup(alpm_siglist_t
> *siglist)
> return 0;
> }
>
> +/**
> + * Extract the Issuer Key ID from a signature
> + * @param sig PGP signature
> + * @param len length of signature
> + * @param keys a pointer to storage for key IDs
> + * @return 0 on success, -1 on error
> + */
> +int _alpm_extract_keyid(alpm_handle_t *handle, const char *identifier,
> + const unsigned char *sig, const size_t len, alpm_list_t **keys)
> +{
> + size_t pos, spos, blen, hlen, ulen, slen;
> + pos = 0;
> +
> + while(pos < len) {
> + if(!(sig[pos] & 0x80)) {
> + _alpm_log(handle, ALPM_LOG_ERROR,
> + _("%s: signature format error"),
> identifier);
> + return -1;
> + }
> +
> + if(sig[pos] & 0x40) {
> + /* "new" packet format is not supported */
> + _alpm_log(handle, ALPM_LOG_ERROR,
> + _("%s: unsupported signature format"),
> identifier);
> + return -1;
> + }
> +
> + if(((sig[pos] & 0x3f) >> 2) != 2) {
> + /* signature is not a "Signature Packet" */
> + _alpm_log(handle, ALPM_LOG_ERROR,
> + _("%s: signature format error"),
> identifier);
> + return -1;
> + }
> +
> + switch(sig[pos] & 0x03) {
> + case 0:
> + blen = sig[pos + 1];
> + pos = pos + 2;
> + break;
> +
> + case 1:
> + blen = (sig[pos + 1] << 8) | sig[pos + 2];
> + pos = pos + 3;
> + break;
> +
> + case 2:
> + blen = (sig[pos + 1] << 24) | (sig[pos + 2] <<
> 16) | (sig[pos + 3] << 8) | sig[pos + 4];
> + pos = pos + 5;
> + break;
> +
> + case 3:
> + /* partial body length not supported */
> + _alpm_log(handle, ALPM_LOG_ERROR,
> + _("%s: unsupported signature format"),
> identifier);
> + return -1;
> + }
> +
> + if(sig[pos] != 4) {
> + /* only support version 4 signature packet format */
> + _alpm_log(handle, ALPM_LOG_ERROR,
> + _("%s: unsupported signature format"),
> identifier);
> + return -1;
> + }
> +
> + if(sig[pos + 1] != 0x00) {
> + /* not a signature of a binary document */
> + _alpm_log(handle, ALPM_LOG_ERROR,
> + _("%s: signature format error"),
> identifier);
> + return -1;
> + }
> +
> + pos = pos + 4;
> +
> + hlen = (sig[pos] << 8) | sig[pos + 1];
> + pos = pos + hlen + 2;
> +
> + ulen = (sig[pos] << 8) | sig[pos + 1];
> + pos = pos + 2;
> +
> + spos = pos;
> +
> + while(spos < pos + ulen) {
> + if(sig[spos] < 192) {
> + slen = sig[spos];
> + spos = spos + 1;
> + } else if(sig[spos] < 255) {
> + slen = (sig[spos] << 8) | sig[spos + 1];
> + spos = spos + 2;
> + } else {
> + slen = (sig[spos + 1] << 24) | (sig[spos + 2]
> << 16) | (sig[spos + 3] << 8) | sig[spos + 4];
> + spos = spos + 5;
> + }
> +
> + if(sig[spos] == 16) {
> + /* issuer key ID */
> + char key[16];
Buffer overflow! Detected with -O3 and -D_FORTIFY_SOURCE=2
char key[17];
> + size_t i;
> + for (i = 0; i < 8; i++) {
> + sprintf(&key[i * 2], "%02X", sig[spos +
> i + 1]);
> + }
> + *keys = alpm_list_add(*keys, strdup(key));
> + break;
> + }
> +
> + spos = spos + slen;
> + }
> +
> + pos = pos + (blen - hlen - 8);
> + }
> +
> + return 0;
> +}
> +
> /* vim: set ts=2 sw=2 noet: */
> diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h
> index a78e4b7..d3e72bc 100644
> --- a/lib/libalpm/signing.h
> +++ b/lib/libalpm/signing.h
> @@ -34,6 +34,9 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char
> *identifier,
> int _alpm_key_in_keychain(alpm_handle_t *handle, const char *fpr);
> int _alpm_key_import(alpm_handle_t *handle, const char *fpr);
>
> +int _alpm_extract_keyid(alpm_handle_t *handle, const char *identifier,
> + const unsigned char *sig, const size_t len, alpm_list_t **keys);
> +
> #endif /* _ALPM_SIGNING_H */
>
> /* vim: set ts=2 sw=2 noet: */
>
