RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: [email protected] Module: rpm Date: 01-Jun-2010 18:08:33 Branch: HEAD Handle: 2010060116083200 Modified files: rpm/rpmio rpmgc.c rpm/tests trsa.c Log: - gc: poplate sign/generate methods. Summary: Revision Changes Path 2.26 +151 -19 rpm/rpmio/rpmgc.c 1.19 +83 -118 rpm/tests/trsa.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/rpmio/rpmgc.c ============================================================================ $ cvs diff -u -r2.25 -r2.26 rpmgc.c --- rpm/rpmio/rpmgc.c 1 Jun 2010 14:55:11 -0000 2.25 +++ rpm/rpmio/rpmgc.c 1 Jun 2010 16:08:32 -0000 2.26 @@ -30,33 +30,65 @@ void rpmgcDump(const char * msg, gcry_sexp_t sexp) /*...@*/ { - size_t nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0); - char * buf = alloca(nb+1); - -/*...@-modunconnomods @*/ - nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, buf, nb); -/*...@=modunconnomods @*/ - buf[nb] = '\0'; -/*...@-modfilesys@*/ -if (_pgp_debug) -fprintf(stderr, "========== %s:\n%s", msg, buf); -/*...@=modfilesys@*/ + if (_pgp_debug) { + size_t nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0); + char * buf = alloca(nb+1); + + nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, buf, nb); + buf[nb] = '\0'; + fprintf(stderr, "========== %s:\n%s", msg, buf); + } return; } static -gcry_error_t rpmgcErr(/*...@unused@*/rpmgc gc, const char * msg, gcry_error_t err) +gcry_error_t rpmgcErr(rpmgc gc, const char * msg, gcry_error_t err) /*...@*/ { -/*...@-evalorderuncon -modfilesys -moduncon @*/ - if (err) { + /* XXX Don't spew on expected failures ... */ + if (err && gcry_err_code(err) != gc->badok) fprintf (stderr, "rpmgc: %s(0x%0x): %s/%s\n", msg, (unsigned)err, gcry_strsource(err), gcry_strerror(err)); - } -/*...@=evalorderuncon =modfilesys =moduncon @*/ return err; } +#ifdef NOTYET +static int rpmgcErrChk(rpmgc gc, const char * msg, int rc, unsigned expected) +{ + /* Was the return code the expected result? */ + rc = (gcry_err_code(gc->err) != expected); + if (rc) + fail("%s failed: %s\n", msg, gpg_strerror(gc->err)); + return rc; /* XXX 0 on success */ +} + +static int rpmgcAvailable(rpmgc gc, int algo, int rc) +{ + /* Permit non-certified algo's if not in FIPS mode. */ + if (rc && !gc->in_fips_mode) + rc = 0; + if (rc) + rpmlog(RPMLOG_INFO," algorithm %d not available in fips mode\n", algo); + return rc; /* XXX 0 on success */ +} + +static int rpmgcAvailableCipher(pgpDig dig, int algo) +{ + return rpmgcAvailable(dig->impl, algo, gcry_cipher_test_algo(algo)); +} + +static int rpmgcAvailableDigest(pgpDig dig, int algo) +{ + return rpmgcAvailable(dig->impl, algo, + (gcry_md_test_algo(algo) || algo == PGPHASHALGO_MD5)); +} + +static int rpmgcAvailablePubkey(pgpDig dig, int algo) +{ + return rpmgcAvailable(dig->impl, algo, gcry_pk_test_algo(algo)); +} +#endif /* NOTYET */ + static int rpmgcSetRSA(/*...@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp) /*...@modifies dig @*/ @@ -371,6 +403,106 @@ return rc; } +static +int rpmgcVerify(pgpDig dig) +{ + rpmgc gc = dig->impl; + int rc; + + /* Verify the signature. */ + gc->err = rpmgcErr(gc, "gcry_pk_verify", + gcry_pk_verify (gc->sig, gc->hash, gc->pub_key)); + + rc = (gc->err == 0); + +if (_pgp_debug < 0) +fprintf(stderr, "<-- %s(%p) rc %d\t%s-%s\n", __FUNCTION__, dig, rc, dig->pubkey_algoN, dig->hash_algoN); + + return rc; /* XXX 1 on success */ +} + +static +int rpmgcSign(pgpDig dig) +{ + rpmgc gc = dig->impl; + int rc; + + /* Sign the hash. */ + gc->err = rpmgcErr(gc, "gcry+pk_sign", + gcry_pk_sign (&gc->sig, gc->hash, gc->sec_key)); + +if (_pgp_debug < 0 && gc->sig) rpmgcDump("gc->sig", gc->sig); + + rc = (gc->err == 0); + +if (_pgp_debug < 0) +fprintf(stderr, "<-- %s(%p) rc %d\t%s-%s\n", __FUNCTION__, dig, rc, dig->pubkey_algoN, dig->hash_algoN); + + return rc; /* XXX 1 on success */ +} + +static +int rpmgcGenerate(pgpDig dig) + /*...@*/ +{ + rpmgc gc = dig->impl; + int rc; + +/* XXX FIXME: gc->{key_spec,key_pair} could be local. */ + { + gc->err = rpmgcErr(gc, "gc->key_spec", +/* XXX FIXME: pubp->pubkey_algoN */ +/* XXX FIXME: gc->qbits w DSA? curve w ECDSA? other params? */ + gcry_sexp_build(&gc->key_spec, NULL, + gc->in_fips_mode + ? "(genkey (rsa (nbits %d)))" + : "(genkey (rsa (nbits %d)(transient-key)))", + gc->nbits)); + } + if (gc->err) + goto exit; +if (_pgp_debug < 0 && gc->key_spec) rpmgcDump("gc->key_spec", gc->key_spec); + + /* Generate the key pair. */ + gc->err = rpmgcErr(gc, "gc->key_pair", + gcry_pk_genkey(&gc->key_pair, gc->key_spec)); + if (gc->err) + goto exit; +if (_pgp_debug < 0 && gc->key_pair) rpmgcDump("gc->key_pair", gc->key_pair); + + gc->pub_key = gcry_sexp_find_token(gc->key_pair, "public-key", 0); + if (gc->pub_key == NULL) +/* XXX FIXME: refactor errmsg here. */ + goto exit; +if (_pgp_debug < 0 && gc->pub_key) rpmgcDump("gc->pub_key", gc->pub_key); + + gc->sec_key = gcry_sexp_find_token(gc->key_pair, "private-key", 0); + if (gc->sec_key == NULL) +/* XXX FIXME: refactor errmsg here. */ + goto exit; +if (_pgp_debug < 0 && gc->sec_key) rpmgcDump("gc->sec_key", gc->sec_key); + +exit: + + rc = (gc->err == 0 && gc->pub_key && gc->sec_key); + +#ifdef NOTYET +if (gc->key_spec) { + gcry_sexp_release(gc->key_spec); + gc->key_spec = NULL; +} +if (gc->key_pair) { + gcry_sexp_release(gc->key_pair); + gc->key_pair = NULL; +} +#endif + +if (_pgp_debug < 0) +fprintf(stderr, "<-- %s(%p) rc %d\t%s\n", __FUNCTION__, dig, rc, dig->pubkey_algoN); + + return rc; /* XXX 1 on success */ +} + /*...@-globuse -mustmod @*/ static int rpmgcMpiItem(/*...@unused@*/ const char * pre, pgpDig dig, int itemno, @@ -567,9 +699,9 @@ } struct pgpImplVecs_s rpmgcImplVecs = { - rpmgcSetRSA, rpmgcVerifyRSA, NULL, NULL, - rpmgcSetDSA, rpmgcVerifyDSA, NULL, NULL, - rpmgcSetELG, NULL, NULL, NULL, + rpmgcSetRSA, rpmgcVerifyRSA, rpmgcSign, rpmgcGenerate, + rpmgcSetDSA, rpmgcVerifyDSA, rpmgcSign, rpmgcGenerate, + rpmgcSetELG, rpmgcVerify, rpmgcSign, rpmgcGenerate, rpmgcSetECDSA, rpmgcVerifyECDSA, rpmgcSignECDSA, rpmgcGenerateECDSA, rpmgcMpiItem, rpmgcClean, rpmgcFree, rpmgcInit @@ . patch -p0 <<'@@ .' Index: rpm/tests/trsa.c ============================================================================ $ cvs diff -u -r1.18 -r1.19 trsa.c --- rpm/tests/trsa.c 31 May 2010 21:41:08 -0000 1.18 +++ rpm/tests/trsa.c 1 Jun 2010 16:08:32 -0000 1.19 @@ -380,6 +380,7 @@ return rc; } +#ifdef REFERENCE static int rpmgcVerifyRSA(pgpDig dig) /*...@*/ @@ -421,6 +422,7 @@ return rc; } +#endif /* REFERENCE */ static int rpmgcSetDSA(/*...@only@*/ DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp) @@ -448,6 +450,7 @@ return memcmp(dig->sha1, sigp->signhash16, sizeof(sigp->signhash16)); } +#ifdef REFERENCE static int rpmgcVerifyDSA(pgpDig dig) /*...@*/ @@ -494,6 +497,7 @@ return rc; } +#endif /* REFERENCE */ static int rpmgcSetECDSA(/*...@only@*/ DIGEST_CTX ctx, /*...@unused@*/pgpDig dig, pgpDigParams sigp) @@ -528,118 +532,85 @@ return rc; } +#endif /* _RPMGC_INTERNAL */ -static -int rpmgcVerify(pgpDig dig) -{ - rpmgc gc = dig->impl; - int rc; -const char * msg = rpmExpand(dig->pubkey_algoN, "-", dig->hash_algoN, " verify", NULL); - - /* Verify the signature. */ - gc->err = rpmgcErr(gc, msg, - gcry_pk_verify (gc->sig, gc->hash, gc->pub_key)); - - rc = (gc->err == 0); - -if (_pgp_debug < 0) -fprintf(stderr, "<-- %s(%p) rc %d\t%s\n", __FUNCTION__, dig, rc, msg); - -msg = _free(msg); - - return rc; /* XXX 1 on success */ -} +/*==============================================================*/ -static -int rpmgcSign(pgpDig dig) +static int pgpImplVerify(pgpDig dig) { - rpmgc gc = dig->impl; - int rc; -const char * msg = rpmExpand(dig->pubkey_algoN, "-", dig->hash_algoN, " sign", NULL); - - /* Sign the hash. */ - gc->err = rpmgcErr(gc, msg, - gcry_pk_sign (&gc->sig, gc->hash, gc->sec_key)); - -if (_pgp_debug < 0 && gc->sig) rpmgcDump("gc->sig", gc->sig); - - rc = (gc->err == 0); - -if (_pgp_debug < 0) -fprintf(stderr, "<-- %s(%p) rc %d\t%s\n", __FUNCTION__, dig, rc, msg); - -msg = _free(msg); - - return rc; /* XXX 1 on success */ + int rc = 0; /* assume failure */ +pgpDigParams pubp = pgpGetPubkey(dig); + switch (pubp->pubkey_algo) { + default: + break; + case PGPPUBKEYALGO_RSA: + rc = pgpImplVerifyRSA(dig); + break; + case PGPPUBKEYALGO_DSA: + rc = pgpImplVerifyDSA(dig); + break; + case PGPPUBKEYALGO_ELGAMAL: + rc = pgpImplVerifyELG(dig); + break; + case PGPPUBKEYALGO_ECDSA: + rc = pgpImplVerifyECDSA(dig); + break; + } +if (1 || _pgp_debug < 0) +fprintf(stderr, "<-- %s(%p) rc %d\t%s\n", __FUNCTION__, dig, rc, dig->pubkey_algoN); + return rc; } -static -int rpmgcGenerate(pgpDig dig) - /*...@*/ +static int pgpImplSign(pgpDig dig) { - rpmgc gc = dig->impl; - int rc; -const char * msg = rpmExpand(dig->pubkey_algoN, " generate", NULL); - -/* XXX FIXME: gc->{key_spec,key_pair} could be local. */ - { - gc->err = rpmgcErr(gc, "gc->key_spec", -/* XXX FIXME: pubp->pubkey_algoN */ -/* XXX FIXME: gc->qbits w DSA? curve w ECDSA? other params? */ - gcry_sexp_build(&gc->key_spec, NULL, - gc->in_fips_mode - ? "(genkey (rsa (nbits %d)))" - : "(genkey (rsa (nbits %d)(transient-key)))", - gc->nbits)); + int rc = 0; /* assume failure */ +pgpDigParams pubp = pgpGetPubkey(dig); + switch (pubp->pubkey_algo) { + default: + break; + case PGPPUBKEYALGO_RSA: + rc = pgpImplSignRSA(dig); + break; + case PGPPUBKEYALGO_DSA: + rc = pgpImplSignDSA(dig); + break; + case PGPPUBKEYALGO_ELGAMAL: + rc = pgpImplSignELG(dig); + break; + case PGPPUBKEYALGO_ECDSA: + rc = pgpImplSignECDSA(dig); + break; } - if (gc->err) - goto exit; -if (_pgp_debug < 0 && gc->key_spec) rpmgcDump("gc->key_spec", gc->key_spec); - - /* Generate the key pair. */ - gc->err = rpmgcErr(gc, "gc->key_pair", - gcry_pk_genkey(&gc->key_pair, gc->key_spec)); - if (gc->err) - goto exit; -if (_pgp_debug < 0 && gc->key_pair) rpmgcDump("gc->key_pair", gc->key_pair); - - gc->pub_key = gcry_sexp_find_token(gc->key_pair, "public-key", 0); - if (gc->pub_key == NULL) -/* XXX FIXME: refactor errmsg here. */ - goto exit; -if (_pgp_debug < 0 && gc->pub_key) rpmgcDump("gc->pub_key", gc->pub_key); - - gc->sec_key = gcry_sexp_find_token(gc->key_pair, "private-key", 0); - if (gc->sec_key == NULL) -/* XXX FIXME: refactor errmsg here. */ - goto exit; -if (_pgp_debug < 0 && gc->sec_key) rpmgcDump("gc->sec_key", gc->sec_key); - -exit: - - rc = (gc->err == 0 && gc->pub_key && gc->sec_key); - -#ifdef NOTYET -if (gc->key_spec) { - gcry_sexp_release(gc->key_spec); - gc->key_spec = NULL; -} -if (gc->key_pair) { - gcry_sexp_release(gc->key_pair); - gc->key_pair = NULL; +if (1 || _pgp_debug < 0) +fprintf(stderr, "<-- %s(%p) rc %d\t%s\n", __FUNCTION__, dig, rc, dig->pubkey_algoN); + return rc; } -#endif -if (_pgp_debug < 0) -fprintf(stderr, "<-- %s(%p) rc %d\t%s\n", __FUNCTION__, dig, rc, msg); - -msg = _free(msg); - - return rc; /* XXX 1 on success */ +static int pgpImplGenerate(pgpDig dig) +{ + int rc = 0; /* assume failure */ +pgpDigParams pubp = pgpGetPubkey(dig); + switch (pubp->pubkey_algo) { + default: + break; + case PGPPUBKEYALGO_RSA: + rc = pgpImplGenerateRSA(dig); + break; + case PGPPUBKEYALGO_DSA: + rc = pgpImplGenerateDSA(dig); + break; + case PGPPUBKEYALGO_ELGAMAL: + rc = pgpImplGenerateELG(dig); + break; + case PGPPUBKEYALGO_ECDSA: + rc = pgpImplGenerateECDSA(dig); + break; + } +if (1 || _pgp_debug < 0) +fprintf(stderr, "<-- %s(%p) rc %d\t%s\n", __FUNCTION__, dig, rc, dig->pubkey_algoN); + return rc; } -#endif /* _RPMGC_INTERNAL */ - /*==============================================================*/ #if defined(_RPMGC_INTERNAL) @@ -2554,13 +2525,13 @@ gcry_sexp_t hash; int xx; -xx = rpmgcErrChk(gc, "verify GOOD", rpmgcVerify(dig), 0); +xx = rpmgcErrChk(gc, "verify GOOD", pgpImplVerify(dig), 0); if (xx && !rc) rc = 1; gc->badok = GPG_ERR_BAD_SIGNATURE; hash = gc->hash; gc->hash = badhash; -xx = rpmgcErrChk(gc, "detect BAD", rpmgcVerify(dig), gc->badok); +xx = rpmgcErrChk(gc, "detect BAD", pgpImplVerify(dig), gc->badok); if (xx && !rc) rc = 1; gc->hash = hash; gc->badok = 0; @@ -2644,7 +2615,7 @@ die("converting data failed: %s\n", gpg_strerror(err)); gc->badok = datas[dataidx].expected_rc; -xx = rpmgcErrChk(gc, msg, rpmgcSign(dig), datas[dataidx].expected_rc); +xx = rpmgcErrChk(gc, msg, pgpImplSign(dig), datas[dataidx].expected_rc); gc->badok = 0; /* XXX FIXME: test rpmgcErrChk() rc to prevent error cascade or not? */ if (!xx && !datas[dataidx].expected_rc) { @@ -2772,12 +2743,8 @@ rpmlog(RPMLOG_INFO, " generating %s key:", dig->pubkey_algoN); -#ifdef DYING - xx = rpmgcGenerateRSA(dig); -#else - xx = rpmgcGenerate(dig); /* XXX 1 on success */ + xx = pgpImplGenerate(dig); /* XXX 1 on success */ if (!xx && !rc) rc = 1; -#endif if (!xx) { if (gc->err) @@ -3933,19 +3900,17 @@ rpmgc gc; rpmgcImplVecs._pgpSetRSA = rpmgcSetRSA; -rpmgcImplVecs._pgpVerifyRSA = rpmgcVerify; -rpmgcImplVecs._pgpSignRSA = rpmgcSign; -rpmgcImplVecs._pgpGenerateRSA = rpmgcGenerate; +rpmgcImplVecs._pgpVerifyRSA = rpmgcImplVecs._pgpVerifyELG; rpmgcImplVecs._pgpSetDSA = rpmgcSetDSA; -rpmgcImplVecs._pgpVerifyDSA = rpmgcVerify; -rpmgcImplVecs._pgpSignDSA = rpmgcSign; -rpmgcImplVecs._pgpGenerateDSA = rpmgcGenerate; +rpmgcImplVecs._pgpVerifyDSA = rpmgcImplVecs._pgpVerifyELG; rpmgcImplVecs._pgpSetECDSA = rpmgcSetECDSA; -rpmgcImplVecs._pgpVerifyECDSA = rpmgcVerify; -rpmgcImplVecs._pgpSignECDSA = rpmgcSign; -rpmgcImplVecs._pgpGenerateECDSA = rpmgcGenerate; +rpmgcImplVecs._pgpVerifyECDSA = rpmgcImplVecs._pgpVerifyELG; +#ifndef DYING /* XXX FIXME: set rpmio/rpmgc.c vectors */ +rpmgcImplVecs._pgpSignECDSA = rpmgcImplVecs._pgpSignELG; +rpmgcImplVecs._pgpGenerateECDSA = rpmgcImplVecs._pgpGenerateELG; +#endif pgpImplVecs = &rpmgcImplVecs; @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository [email protected]
