9 #define _RPMPGP_INTERNAL
11 #define _RPMNSS_INTERNAL
32 extern int _rpmnss_init;
35 extern void * _rpmnss_context;
38 static int _rpmnss_debug;
40 #define SPEW(_t, _rc, _dig) \
41 { if ((_t) || _rpmnss_debug || _pgp_debug < 0) \
42 fprintf(stderr, "<-- %s(%p) %s\t%s/%s\n", __FUNCTION__, (_dig), \
43 ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN, (_dig)->hash_algoN); \
47 # if !defined __GNUC__ || __GNUC__ < 3
48 static int __builtin_clz(uint32_t x)
54 if ((x & 0xffff0000) == 0) { n += 16; x << 16; }
55 if ((x & 0xff000000) == 0) { n += 8; x << 8; }
56 if ((x & 0xf0000000) == 0) { n += 4; x << 4; }
57 if ((x & 0xc0000000) == 0) { n += 2; x << 2; }
58 if ((x & 0x80000000) == 0) { n += 1; x << 1; }
65 typedef struct keyNV_s {
72 keyNVCmp(
const void * a,
const void *
b)
74 return strcmp(((keyNV_t *)a)->N, ((keyNV_t *)b)->N);
78 keyNV(keyNV_t * keys,
size_t nkeys,
const char *N)
83 keyNV_t needle = { .N = N, .V = 0 };
84 keyNV_t *k = (keyNV_t *)
85 bsearch(&needle, keys, nkeys,
sizeof(*keys), keyNVCmp);
92 typedef struct keyVN_s {
99 keyVNCmp(
const void * a,
const void * b)
101 return (((keyVN_t *)a)->V - ((keyVN_t *)b)->V);
105 keyVN(keyVN_t * keys,
size_t nkeys,
int V)
107 const char * N = NULL;
117 bsearch(&needle, keys, nkeys,
sizeof(*keys), keyVNCmp);
127 EC_DecodeParams(
const SECItem *encodedParams, ECParams **ecparams);
129 static keyNV_t rpmnssOIDS[] = {
130 {
"c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
131 {
"c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
132 {
"c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
133 {
"c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
134 {
"c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
135 {
"c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
136 {
"c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
137 {
"c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
138 {
"c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
139 {
"c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
140 {
"c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
141 {
"c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
142 {
"c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
143 {
"c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
144 {
"c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
145 {
"c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
146 {
"c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
147 {
"c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
148 {
"c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
149 {
"c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
150 {
"nistb163", SEC_OID_SECG_EC_SECT163R2},
151 {
"nistb233", SEC_OID_SECG_EC_SECT233R1},
152 {
"nistb283", SEC_OID_SECG_EC_SECT283R1},
153 {
"nistb409", SEC_OID_SECG_EC_SECT409R1},
154 {
"nistb571", SEC_OID_SECG_EC_SECT571R1},
155 {
"nistk163", SEC_OID_SECG_EC_SECT163K1},
156 {
"nistk233", SEC_OID_SECG_EC_SECT233K1},
157 {
"nistk283", SEC_OID_SECG_EC_SECT283K1},
158 {
"nistk409", SEC_OID_SECG_EC_SECT409K1},
159 {
"nistk571", SEC_OID_SECG_EC_SECT571K1},
160 {
"nistp192", SEC_OID_SECG_EC_SECP192R1},
161 {
"nistp224", SEC_OID_SECG_EC_SECP224R1},
162 {
"nistp256", SEC_OID_SECG_EC_SECP256R1},
163 {
"nistp384", SEC_OID_SECG_EC_SECP384R1},
164 {
"nistp521", SEC_OID_SECG_EC_SECP521R1},
165 {
"prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
166 {
"prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
167 {
"prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
168 {
"prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
169 {
"prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
170 {
"prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
171 {
"secp112r1", SEC_OID_SECG_EC_SECP112R1},
172 {
"secp112r2", SEC_OID_SECG_EC_SECP112R2},
173 {
"secp128r1", SEC_OID_SECG_EC_SECP128R1},
174 {
"secp128r2", SEC_OID_SECG_EC_SECP128R2},
175 {
"secp160k1", SEC_OID_SECG_EC_SECP160K1},
176 {
"secp160r1", SEC_OID_SECG_EC_SECP160R1},
177 {
"secp160r2", SEC_OID_SECG_EC_SECP160R2},
178 {
"secp192k1", SEC_OID_SECG_EC_SECP192K1},
179 {
"secp192r1", SEC_OID_SECG_EC_SECP192R1},
180 {
"secp224k1", SEC_OID_SECG_EC_SECP224K1},
181 {
"secp224r1", SEC_OID_SECG_EC_SECP224R1},
182 {
"secp256k1", SEC_OID_SECG_EC_SECP256K1},
183 {
"secp256r1", SEC_OID_SECG_EC_SECP256R1},
184 {
"secp384r1", SEC_OID_SECG_EC_SECP384R1},
185 {
"secp521r1", SEC_OID_SECG_EC_SECP521R1},
186 {
"sect113r1", SEC_OID_SECG_EC_SECT113R1},
187 {
"sect113r2", SEC_OID_SECG_EC_SECT113R2},
188 {
"sect131r1", SEC_OID_SECG_EC_SECT131R1},
189 {
"sect131r2", SEC_OID_SECG_EC_SECT131R2},
190 {
"sect163k1", SEC_OID_SECG_EC_SECT163K1},
191 {
"sect163r1", SEC_OID_SECG_EC_SECT163R1},
192 {
"sect163r2", SEC_OID_SECG_EC_SECT163R2},
193 {
"sect193r1", SEC_OID_SECG_EC_SECT193R1},
194 {
"sect193r2", SEC_OID_SECG_EC_SECT193R2},
195 {
"sect233k1", SEC_OID_SECG_EC_SECT233K1},
196 {
"sect233r1", SEC_OID_SECG_EC_SECT233R1},
197 {
"sect239k1", SEC_OID_SECG_EC_SECT239K1},
198 {
"sect283k1", SEC_OID_SECG_EC_SECT283K1},
199 {
"sect283r1", SEC_OID_SECG_EC_SECT283R1},
200 {
"sect409k1", SEC_OID_SECG_EC_SECT409K1},
201 {
"sect409r1", SEC_OID_SECG_EC_SECT409R1},
202 {
"sect571k1", SEC_OID_SECG_EC_SECT571K1},
203 {
"sect571r1", SEC_OID_SECG_EC_SECT571R1},
205 static size_t nrpmnssOIDS =
sizeof(rpmnssOIDS) /
sizeof(rpmnssOIDS[0]);
207 #define _ENTRY(_v) { SEC_ERROR_##_v, #_v }
209 static keyVN_t rpmnssERRS[] = {
216 _ENTRY(INVALID_ALGORITHM),
221 _ENTRY(EXPIRED_CERTIFICATE),
222 _ENTRY(REVOKED_CERTIFICATE),
233 _ENTRY(DUPLICATE_CERT_NAME),
240 _ENTRY(EXPIRED_ISSUER_CERTIFICATE),
242 _ENTRY(CRL_BAD_SIGNATURE),
244 _ENTRY(EXTENSION_VALUE_INVALID),
245 _ENTRY(EXTENSION_NOT_FOUND),
247 _ENTRY(PATH_LEN_CONSTRAINT_INVALID),
248 _ENTRY(CERT_USAGES_INVALID),
251 _ENTRY(UNKNOWN_CRITICAL_EXTENSION),
254 _ENTRY(NO_RECIPIENT_CERTS_QUERY),
256 _ENTRY(PKCS7_KEYALG_MISMATCH),
257 _ENTRY(PKCS7_BAD_SIGNATURE),
258 _ENTRY(UNSUPPORTED_KEYALG),
259 _ENTRY(DECRYPTION_DISALLOWED),
271 _ENTRY(KRL_BAD_SIGNATURE),
279 _ENTRY(CERT_NICKNAME_COLLISION),
280 _ENTRY(KEY_NICKNAME_COLLISION),
282 _ENTRY(BAGGAGE_NOT_CREATED),
286 _ENTRY(BAD_EXPORT_ALGORITHM),
287 _ENTRY(EXPORTING_CERTIFICATES),
288 _ENTRY(IMPORTING_CERTIFICATES),
289 _ENTRY(PKCS12_DECODING_PFX),
290 _ENTRY(PKCS12_INVALID_MAC),
291 _ENTRY(PKCS12_UNSUPPORTED_MAC_ALGORITHM),
292 _ENTRY(PKCS12_UNSUPPORTED_TRANSPORT_MODE),
293 _ENTRY(PKCS12_CORRUPT_PFX_STRUCTURE),
294 _ENTRY(PKCS12_UNSUPPORTED_PBE_ALGORITHM),
295 _ENTRY(PKCS12_UNSUPPORTED_VERSION),
296 _ENTRY(PKCS12_PRIVACY_PASSWORD_INCORRECT),
297 _ENTRY(PKCS12_CERT_COLLISION),
299 _ENTRY(PKCS12_DUPLICATE_DATA),
300 _ENTRY(MESSAGE_SEND_ABORTED),
301 _ENTRY(INADEQUATE_KEY_USAGE),
302 _ENTRY(INADEQUATE_CERT_TYPE),
303 _ENTRY(CERT_ADDR_MISMATCH),
304 _ENTRY(PKCS12_UNABLE_TO_IMPORT_KEY),
305 _ENTRY(PKCS12_IMPORTING_CERT_CHAIN),
306 _ENTRY(PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME),
307 _ENTRY(PKCS12_UNABLE_TO_EXPORT_KEY),
308 _ENTRY(PKCS12_UNABLE_TO_WRITE),
309 _ENTRY(PKCS12_UNABLE_TO_READ),
310 _ENTRY(PKCS12_KEY_DATABASE_NOT_INITIALIZED),
313 _ENTRY(RETRY_OLD_PASSWORD),
315 _ENTRY(NOT_FORTEZZA_ISSUER),
316 _ENTRY(CANNOT_MOVE_SENSITIVE_KEY),
317 _ENTRY(JS_INVALID_MODULE_NAME),
319 _ENTRY(JS_ADD_MOD_FAILURE),
320 _ENTRY(JS_DEL_MOD_FAILURE),
323 _ENTRY(CERT_NOT_IN_NAME_SPACE),
324 _ENTRY(KRL_NOT_YET_VALID),
325 _ENTRY(CRL_NOT_YET_VALID),
328 _ENTRY(CERT_BAD_ACCESS_LOCATION),
329 _ENTRY(OCSP_UNKNOWN_RESPONSE_TYPE),
330 _ENTRY(OCSP_BAD_HTTP_RESPONSE),
331 _ENTRY(OCSP_MALFORMED_REQUEST),
332 _ENTRY(OCSP_SERVER_ERROR),
333 _ENTRY(OCSP_TRY_SERVER_LATER),
334 _ENTRY(OCSP_REQUEST_NEEDS_SIG),
335 _ENTRY(OCSP_UNAUTHORIZED_REQUEST),
336 _ENTRY(OCSP_UNKNOWN_RESPONSE_STATUS),
337 _ENTRY(OCSP_UNKNOWN_CERT),
339 _ENTRY(OCSP_NO_DEFAULT_RESPONDER),
340 _ENTRY(OCSP_MALFORMED_RESPONSE),
341 _ENTRY(OCSP_UNAUTHORIZED_RESPONSE),
342 _ENTRY(OCSP_FUTURE_RESPONSE),
343 _ENTRY(OCSP_OLD_RESPONSE),
346 _ENTRY(UNSUPPORTED_MESSAGE_TYPE),
350 _ENTRY(REUSED_ISSUER_AND_SERIAL),
354 _ENTRY(UNSUPPORTED_ELLIPTIC_CURVE),
355 _ENTRY(UNSUPPORTED_EC_POINT_FORM),
357 _ENTRY(OCSP_INVALID_SIGNING_CERT),
359 _ENTRY(REVOKED_CERTIFICATE_CRL),
360 _ENTRY(REVOKED_CERTIFICATE_OCSP),
361 _ENTRY(CRL_INVALID_VERSION),
362 _ENTRY(CRL_V1_CRITICAL_EXTENSION),
363 _ENTRY(CRL_UNKNOWN_CRITICAL_EXTENSION),
364 _ENTRY(UNKNOWN_OBJECT_TYPE),
365 _ENTRY(INCOMPATIBLE_PKCS11),
367 _ENTRY(CRL_ALREADY_EXISTS),
369 _ENTRY(TOKEN_NOT_LOGGED_IN),
370 _ENTRY(OCSP_RESPONDER_CERT_INVALID),
371 _ENTRY(OCSP_BAD_SIGNATURE),
372 _ENTRY(OUT_OF_SEARCH_LIMITS),
373 _ENTRY(INVALID_POLICY_MAPPING),
374 _ENTRY(POLICY_VALIDATION_FAILED),
376 _ENTRY(UNKNOWN_AIA_LOCATION_TYPE),
377 _ENTRY(BAD_HTTP_RESPONSE),
378 _ENTRY(BAD_LDAP_RESPONSE),
379 _ENTRY(FAILED_TO_ENCODE_DATA),
380 _ENTRY(BAD_INFO_ACCESS_LOCATION),
382 _ENTRY(PKCS11_GENERAL_ERROR),
383 _ENTRY(PKCS11_FUNCTION_FAILED),
384 _ENTRY(PKCS11_DEVICE_ERROR),
385 #if defined(SEC_ERROR_BAD_INFO_ACCESS_METHOD)
386 _ENTRY(BAD_INFO_ACCESS_METHOD),
388 #if defined(SEC_ERROR_CRL_IMPORT_FAILED)
389 _ENTRY(CRL_IMPORT_FAILED),
391 #if defined(SEC_ERROR_EXPIRED_PASSWORD)
394 #if defined(SEC_ERROR_LOCKED_PASSWORD)
397 #if defined(SEC_ERROR_UNKNOWN_PKCS11_ERROR)
398 _ENTRY(UNKNOWN_PKCS11_ERROR),
400 #if defined(SEC_ERROR_BAD_CRL_DP_URL)
403 #if defined(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)
404 _ENTRY(CERT_SIGNATURE_ALGORITHM_DISABLED),
406 #if defined(SEC_ERROR_LEGACY_DATABASE)
409 #if defined(SEC_ERROR_APPLICATION_CALLBACK_ERROR)
410 _ENTRY(APPLICATION_CALLBACK_ERROR),
413 static size_t nrpmnssERRS =
sizeof(rpmnssERRS) /
sizeof(rpmnssERRS[0]);
416 static uint32_t curve2oid(
const char *
name)
418 uint32_t
oid = keyNV(rpmnssOIDS, nrpmnssOIDS, name);
420 oid = SEC_OID_UNKNOWN;
423 fprintf(stderr,
"<-- %s(%s) oid %u\n", __FUNCTION__, name, oid);
428 static const char * rpmnssStrerror(
int err)
431 const char * errN = keyVN(rpmnssERRS, nrpmnssERRS, err);
433 snprintf(buf,
sizeof(buf),
"SEC_ERROR(%d)", err);
440 int rpmnssErr(
rpmnss nss,
const char * msg,
int rc)
445 if (err && gcry_err_code(err) != gc->badok)
446 fprintf (stderr,
"rpmgc: %s(0x%0x): %s/%s\n",
447 msg, (
unsigned)err, gcry_strsource(err), gcry_strerror(err));
449 if (rc != SECSuccess) {
450 int err = PORT_GetError();
451 fprintf (stderr,
"rpmnss: %s rc(%d) err(%d) %s\n",
452 msg, rc, err, rpmnssStrerror(err));
458 static SECOidTag getEncAlg(
unsigned pubkey_algo,
unsigned hash_algo)
460 SECOidTag encAlg = SEC_OID_UNKNOWN;
462 switch (pubkey_algo) {
466 encAlg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
break;
469 encAlg = SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION;
break;
472 encAlg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
break;
474 encAlg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
break;
476 encAlg = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION;
break;
478 encAlg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
break;
480 encAlg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
break;
482 encAlg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
break;
484 encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION;
break;
490 encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
break;
492 encAlg = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
break;
494 encAlg = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
break;
496 encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE;
break;
502 encAlg = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
break;
504 encAlg = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE;
break;
506 encAlg = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
break;
508 encAlg = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
break;
510 encAlg = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE;
break;
512 case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
513 case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
516 encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
break;
526 static SECOidTag getHashAlg(
unsigned hash_algo)
528 SECOidTag hashAlg = SEC_OID_UNKNOWN;
567 nss->digest =
_free(nss->digest);
569 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
571 nss->encAlg = getEncAlg(sigp->pubkey_algo, 0);
572 nss->hashAlg = getHashAlg(sigp->hash_algo);
573 if (nss->hashAlg == SEC_OID_UNKNOWN)
577 rc = memcmp(nss->digest, sigp->signhash16,
sizeof(sigp->signhash16));
580 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
588 static int rpmnssGenerateRSA(
pgpDig dig)
593 if (nss->nbits == 0) nss->nbits = 1024;
597 CK_MECHANISM_TYPE _type = CKM_RSA_PKCS_KEY_PAIR_GEN;
598 PK11SlotInfo * _slot = PK11_GetBestSlot(_type, _cx);
599 int _isPerm = PR_FALSE;
600 int _isSensitive = PR_TRUE;
603 static unsigned _pe = 0x10001;
604 PK11RSAGenParams rsaparams = {};
605 void * params = &rsaparams;
607 rsaparams.keySizeInBits = nss->nbits;
610 nss->sec_key = PK11_GenerateKeyPair(_slot, _type, params,
611 &nss->pub_key, _isPerm, _isSensitive, _cx);
613 PK11_FreeSlot(_slot);
617 rc = (nss->sec_key && nss->pub_key);
638 nss->digest =
_free(nss->digest);
640 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
642 nss->encAlg = getEncAlg(sigp->pubkey_algo, 0);
643 nss->hashAlg = getHashAlg(sigp->hash_algo);
644 if (nss->hashAlg == SEC_OID_UNKNOWN)
648 rc = memcmp(nss->digest, sigp->signhash16,
sizeof(sigp->signhash16));
651 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
659 static int rpmnssGenerateDSA(
pgpDig dig)
667 unsigned _seedBytes = 0;
669 PK11SlotInfo * _slot = NULL;
670 PQGParams *pqgParams = NULL;
671 PQGVerify *pqgVfy = NULL;
676 switch (sigp->hash_algo) {
688 switch (nss->qbits) {
690 case 160: nss->nbits = 1024;
break;
691 case 224: nss->nbits = 2048;
break;
693 case 256: nss->nbits = 3072;
break;
694 case 384: nss->nbits = 7680;
break;
695 case 512: nss->nbits = 15360;
break;
697 case 256: nss->nbits = 2048;
break;
698 case 384: nss->nbits = 2048; nss->qbits = 256;
break;
699 case 512: nss->nbits = 2048; nss->qbits = 256;
break;
732 switch (nss->nbits) {
741 _N = (nss->qbits == 256) ? 256 : 224;
751 { CK_MECHANISM_TYPE _type = CKM_DSA_KEY_PAIR_GEN;
753 int _isPerm = PR_FALSE;
754 int _isSensitive = PR_TRUE;
756 _slot = PK11_GetBestSlot(_type, _cx);
758 void * params = NULL;
760 if (_L > 1024 || _N != 0)
761 xx = rpmnssErr(nss,
"PK11_PQG_ParamGenV2",
762 PK11_PQG_ParamGenV2(_L, _N, _seedBytes,
763 &pqgParams, &pqgVfy));
765 xx = rpmnssErr(nss,
"PK11_PQG_ParamGenSeedLen",
766 PK11_PQG_ParamGenSeedLen(_J, _seedBytes,
767 &pqgParams, &pqgVfy));
769 xx = rpmnssErr(nss,
"PK11_PQG_ParamGen",
770 PK11_PQG_ParamGen(_J, &pqgParams, &pqgVfy));
771 if (xx != SECSuccess)
774 xx = rpmnssErr(nss,
"PK11_PQG_VerifyParams",
775 PK11_PQG_VerifyParams(pqgParams, pqgVfy, &_passed));
776 if (xx != SECSuccess || _passed != SECSuccess)
780 nss->sec_key = PK11_GenerateKeyPair(_slot, _type, params,
781 &nss->pub_key, _isPerm, _isSensitive, _cx);
786 rc = (nss->sec_key && nss->pub_key);
789 if (pqgParams) PK11_PQG_DestroyParams(pqgParams);
790 if (pqgVfy) PK11_PQG_DestroyVerify(pqgVfy);
791 if (_slot) PK11_FreeSlot(_slot);
811 nss->digest =
_free(nss->digest);
813 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
816 rc = memcmp(nss->digest, sigp->signhash16,
sizeof(sigp->signhash16));
819 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
843 nss->digest =
_free(nss->digest);
845 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
847 nss->encAlg = getEncAlg(sigp->pubkey_algo, 0);
848 nss->hashAlg = getHashAlg(sigp->hash_algo);
849 if (nss->hashAlg == SEC_OID_UNKNOWN)
853 rc = memcmp(nss->digest, sigp->signhash16,
sizeof(sigp->signhash16));
856 if (rc && sigp->signhash16[0] == 0 && sigp->signhash16[1] == 0)
864 static int rpmnssLoadParams(
pgpDig dig)
868 SECOidTag curveOid = SEC_OID_UNKNOWN;
869 SECOidData * oidData = NULL;
875 nss->curveOid = curveOid = curve2oid(name);
876 if (curveOid == SEC_OID_UNKNOWN)
878 oidData = SECOID_FindOIDByTag(curveOid);
882 if (nss->ecparams != NULL) {
883 SECITEM_FreeItem(nss->ecparams, PR_FALSE);
884 nss->ecparams = NULL;
886 nss->ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
887 nss->ecparams->data[0] = SEC_ASN1_OBJECT_ID;
888 nss->ecparams->data[1] = oidData->oid.len;
889 memcpy(nss->ecparams->data + 2, oidData->oid.data, oidData->oid.len);
894 fprintf(stderr,
"<-- %s(%p,%s) oid %u params %p\n", __FUNCTION__, dig, name, nss->curveOid, nss->ecparams);
899 int rpmnssGenerateECDSA(
pgpDig dig)
906 if (nss->nbits == 0) {
907 if (!strcasecmp(dig->hash_algoN,
"SHA224"))
909 else if (!strcasecmp(dig->hash_algoN,
"SHA256"))
911 else if (!strcasecmp(dig->hash_algoN,
"SHA384"))
913 else if (!strcasecmp(dig->hash_algoN,
"SHA512"))
921 if (nss->curveN == NULL)
922 switch (nss->nbits) {
923 default:
goto exit;
break;
924 case 192: nss->curveN =
xstrdup(
"nistp192");
break;
925 case 224: nss->curveN =
xstrdup(
"nistp224");
break;
926 case 256: nss->curveN =
xstrdup(
"nistp256");
break;
927 case 384: nss->curveN =
xstrdup(
"nistp384");
break;
929 case 521: nss->curveN =
xstrdup(
"nistp521");
break;
934 rc = rpmnssLoadParams(dig);
935 assert(nss->ecparams);
938 CK_MECHANISM_TYPE _type = CKM_EC_KEY_PAIR_GEN;
939 PK11SlotInfo * _slot = PK11_GetBestSlot(_type, _cx);
949 PK11AttrFlags _aFlags = (PK11_ATTR_SESSION
950 | PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
951 CK_FLAGS _opFlags = CKF_DERIVE;
952 CK_FLAGS _opFlagsMask = CKF_DERIVE | CKF_SIGN;
956 nss->sec_key = PK11_GenerateKeyPairWithOpFlags(_slot, _type,
958 &nss->pub_key, _aFlags, _opFlags, _opFlagsMask, _cx);
960 if (nss->sec_key == NULL) {
961 _aFlags = (PK11_ATTR_SESSION
962 | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
963 nss->sec_key = PK11_GenerateKeyPairWithOpFlags(_slot, _type,
965 &nss->pub_key, _aFlags, _opFlags, _opFlagsMask, _cx);
969 int _isPerm = PR_FALSE;
970 int _isSensitive = PR_TRUE;
974 nss->sec_key = PK11_GenerateKeyPair(_slot, _type, nss->ecparams,
975 &nss->pub_key, _isPerm, _isSensitive, _cx);
978 PK11_FreeSlot(_slot);
982 rc = (nss->sec_key && nss->pub_key);
990 static int rpmnssErrChk(
pgpDig dig,
const char * msg,
int rc,
unsigned expected)
993 rpmgc gc = dig->impl;
995 rc = (gcry_err_code(gc->err) != expected);
997 fail(
"%s failed: %s\n", msg, gpg_strerror(gc->err));
1005 static int rpmnssAvailableCipher(
pgpDig dig,
int algo)
1011 static int rpmnssAvailableDigest(
pgpDig dig,
int algo)
1014 SECOidTag hashAlgo = getHashAlg(algo);
1015 rc = (hashAlgo == SEC_OID_UNKNOWN);
1019 static int rpmnssAvailablePubkey(
pgpDig dig,
int algo)
1022 SECOidTag encAlgo = getEncAlg(algo, 0);
1023 rc = (encAlgo == SEC_OID_UNKNOWN);
1027 static int rpmnssVerify(
pgpDig dig)
1033 assert(nss->encAlg != SEC_OID_UNKNOWN);
1034 assert(nss->hashAlg != SEC_OID_UNKNOWN);
1036 nss->item.type = siBuffer;
1037 nss->item.data = (
unsigned char *) nss->digest;
1038 nss->item.len = (
unsigned) nss->digestlen;
1040 switch (pubp->pubkey_algo) {
1047 assert(nss->encAlg == SEC_OID_ANSIX9_DSA_SIGNATURE);
1053 assert(nss->encAlg == SEC_OID_ANSIX962_EC_PUBLIC_KEY);
1057 rc = rpmnssErr(nss,
"VFY_VerifyDigestDirect",
1058 VFY_VerifyDigestDirect(&nss->item, nss->pub_key,
1059 nss->sig, nss->encAlg, nss->hashAlg, NULL));
1060 rc = (rc == SECSuccess);
1067 static int rpmnssSign(
pgpDig dig)
1073 assert(nss->hashAlg != SEC_OID_UNKNOWN);
1075 nss->item.type = siBuffer;
1076 nss->item.data = (
unsigned char *) nss->digest;
1077 nss->item.len = (
unsigned) nss->digestlen;
1079 if (nss->sig != NULL) {
1080 SECITEM_ZfreeItem(nss->sig, PR_TRUE);
1083 nss->sig = SECITEM_AllocItem(NULL, NULL, 0);
1084 nss->sig->type = siBuffer;
1086 switch (pubp->pubkey_algo) {
1091 rc = rpmnssErr(nss,
"SGN_Digest",
1092 SGN_Digest(nss->sec_key, nss->hashAlg, nss->sig, &nss->item));
1096 { SECItem sig = { siBuffer, NULL, 0 };
1097 rc = rpmnssErr(nss,
"SGN_Digest",
1098 SGN_Digest(nss->sec_key, nss->hashAlg, &sig, &nss->item));
1100 nss->qbits = 8 * (sig.len/2);
1101 if (rc == SECSuccess)
1102 rc = rpmnssErr(nss,
"DSAU_EncodeDerSigWithLen",
1103 DSAU_EncodeDerSigWithLen(nss->sig, &sig, sig.len));
1104 sig.data =
_free(sig.data);
1111 rc = (rc == SECSuccess);
1118 static int rpmnssGenerate(
pgpDig dig)
1124 if (nss->sec_key != NULL) {
1125 SECKEY_DestroyPrivateKey(nss->sec_key);
1126 nss->sec_key = NULL;
1128 if (nss->pub_key != NULL) {
1129 SECKEY_DestroyPublicKey(nss->pub_key);
1130 nss->pub_key = NULL;
1133 switch (pubp->pubkey_algo) {
1137 rc = rpmnssGenerateRSA(dig);
1140 rc = rpmnssGenerateDSA(dig);
1144 rc = rpmnssGenerateELG(dig);
1148 rc = rpmnssGenerateECDSA(dig);
1160 int rpmnssMpiSet(
const char * pre,
unsigned int lbits,
1168 char * t = (
char *) dest;
1171 if (pend != NULL && (p + ((mbits+7) >> 3)) > pend)
1177 nbits = (lbits > mbits ? lbits : mbits);
1178 nb = ((nbits + 7) >> 3);
1179 ix = ((nbits - mbits) >> 3);
1183 fprintf(stderr,
"*** mbits %u nbits %u nb %u ix %u\n", mbits, nbits, nb, ix);
1184 if (ix > 0) memset(t, (
int)
'\0', ix);
1185 memcpy(t+ix, p+2, nb-ix);
1197 SECItem * rpmnssMpiCopy(PRArenaPool * arena, SECItem * item,
1206 if ((item = SECITEM_AllocItem(arena, item, nb)) == NULL)
1210 item->data = (
unsigned char *) PORT_ArenaGrow(arena, item->data, item->len, nb);
1212 item->data = (
unsigned char *) PORT_Realloc(item->data, nb);
1214 if (item->data == NULL) {
1216 SECITEM_FreeItem(item, PR_TRUE);
1222 memcpy(item->data, b, nb);
1230 SECKEYPublicKey * rpmnssNewPublicKey(KeyType
type)
1234 SECKEYPublicKey *
key;
1237 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
1241 key = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena,
sizeof(*key));
1244 PORT_FreeArena(arena, PR_FALSE);
1249 key->keyType =
type;
1250 key->pkcs11ID = CK_INVALID_HANDLE;
1251 key->pkcs11Slot = NULL;
1259 int rpmnssMpiItem(
const char * pre,
pgpDig dig,
int itemno,
1264 unsigned int nb = (pend >= p ? (pend - p) : 0);
1265 unsigned int mbits = (((8 * (nb - 2)) + 0x1f) & ~0x1f);
1276 assert(nss->sig == NULL);
1277 nss->sig = SECITEM_AllocItem(NULL, nss->sig, mbits/8);
1278 assert(nss->sig != NULL);
1279 nz = nss->sig->len - (nb - 2);
1281 memset(nss->sig->data, 0, nz);
1282 memcpy(nss->sig->data+nz, p+2, nb-2);
1286 nss->item.type = (SECItemType) 0;
1287 nss->item.len = 2 * (nss->qbits/8);
1288 nss->item.data = (
unsigned char *)
xcalloc(1, nss->item.len);
1289 rc = rpmnssMpiSet(pre, nss->qbits, nss->item.data, p, pend);
1292 assert(mbits == nss->qbits);
1293 rc = rpmnssMpiSet(pre, nss->qbits, nss->item.data + (nss->qbits/8), p, pend);
1294 assert(nss->sig == NULL);
1295 if ((nss->sig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL
1296 || DSAU_EncodeDerSigWithLen(nss->sig, &nss->item, nss->item.len) != SECSuccess)
1298 nss->item.data =
_free(nss->item.data);
1303 assert(nss->pub_key == NULL);
1304 nss->pub_key = rpmnssNewPublicKey(rsaKey);
1305 assert(nss->pub_key != NULL);
1306 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.rsa.modulus, p);
1309 assert(nss->pub_key != NULL);
1310 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.rsa.publicExponent, p);
1314 assert(nss->pub_key == NULL);
1315 nss->pub_key = rpmnssNewPublicKey(dsaKey);
1316 assert(nss->pub_key != NULL);
1317 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.params.prime, p);
1321 assert(nss->pub_key != NULL);
1322 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.params.subPrime, p);
1325 assert(mbits == nss->nbits);
1326 assert(nss->pub_key != NULL);
1327 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.params.base, p);
1330 assert(mbits == nss->nbits);
1331 assert(nss->pub_key != NULL);
1332 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.publicValue, p);
1336 nss->item.type = (SECItemType) 0;
1337 nss->item.len = 2 * (nss->qbits/8);
1338 nss->item.data = (
unsigned char *)
xcalloc(1, nss->item.len);
1339 rc = rpmnssMpiSet(pre, nss->qbits, nss->item.data, p, pend);
1342 assert(mbits == nss->qbits);
1343 rc = rpmnssMpiSet(pre, nss->qbits, nss->item.data + (nss->qbits/8), p, pend);
1344 assert(nss->sig == NULL);
1345 nss->sig = SECITEM_AllocItem(NULL, NULL, 0);
1346 assert(nss->sig != NULL);
1347 if (DSAU_EncodeDerSigWithLen(nss->sig, &nss->item, nss->item.len) != SECSuccess)
1349 nss->item.data =
_free(nss->item.data);
1353 assert(nss->pub_key == NULL);
1354 nss->pub_key = rpmnssNewPublicKey(ecKey);
1355 assert(nss->pub_key != NULL);
1360 if (!strcasecmp(s,
"2a8648ce3d030008"))
1362 else if (!strcasecmp(s,
"2a8648ce3d030009"))
1364 else if (!strcasecmp(s,
"2a8648ce3d03000e"))
1366 else if (!strcasecmp(s,
"2a8648ce3d03000f"))
1368 else if (!strcasecmp(s,
"2a8648ce3d030001"))
1370 else if (!strcasecmp(s,
"2a8648ce3d030002"))
1372 else if (!strcasecmp(s,
"2a8648ce3d030003"))
1374 else if (!strcasecmp(s,
"2a8648ce3d030004"))
1376 else if (!strcasecmp(s,
"2a8648ce3d03000a"))
1378 else if (!strcasecmp(s,
"2a8648ce3d030010"))
1380 else if (!strcasecmp(s,
"2a8648ce3d030011"))
1382 else if (!strcasecmp(s,
"2a8648ce3d030013"))
1384 else if (!strcasecmp(s,
"2a8648ce3d030005"))
1386 else if (!strcasecmp(s,
"2a8648ce3d030006"))
1388 else if (!strcasecmp(s,
"2a8648ce3d030007"))
1390 else if (!strcasecmp(s,
"2a8648ce3d03000b"))
1392 else if (!strcasecmp(s,
"2a8648ce3d03000c"))
1394 else if (!strcasecmp(s,
"2a8648ce3d03000d"))
1396 else if (!strcasecmp(s,
"2a8648ce3d030012"))
1398 else if (!strcasecmp(s,
"2a8648ce3d030014"))
1400 else if (!strcasecmp(s,
"2b8104000f"))
1402 else if (!strcasecmp(s,
"2b8104001b"))
1404 else if (!strcasecmp(s,
"2b81040011"))
1406 else if (!strcasecmp(s,
"2b81040025"))
1408 else if (!strcasecmp(s,
"2b81040027"))
1410 else if (!strcasecmp(s,
"2b81040001"))
1412 else if (!strcasecmp(s,
"2b8104001a"))
1414 else if (!strcasecmp(s,
"2b81040010"))
1416 else if (!strcasecmp(s,
"2b81040024"))
1418 else if (!strcasecmp(s,
"2b81040026"))
1420 else if (!strcasecmp(s,
"2a8648ce3d030101"))
1422 else if (!strcasecmp(s,
"2b81040021"))
1424 else if (!strcasecmp(s,
"2a8648ce3d030107"))
1426 else if (!strcasecmp(s,
"2b81040022"))
1428 else if (!strcasecmp(s,
"2b81040023"))
1430 else if (!strcasecmp(s,
"2a8648ce3d030101"))
1432 else if (!strcasecmp(s,
"2a8648ce3d030102"))
1434 else if (!strcasecmp(s,
"2a8648ce3d030103"))
1436 else if (!strcasecmp(s,
"2a8648ce3d030104"))
1438 else if (!strcasecmp(s,
"2a8648ce3d030105"))
1440 else if (!strcasecmp(s,
"2a8648ce3d030106"))
1442 else if (!strcasecmp(s,
"2b81040006"))
1444 else if (!strcasecmp(s,
"2b81040007"))
1446 else if (!strcasecmp(s,
"2b8104001c"))
1448 else if (!strcasecmp(s,
"2b8104001d"))
1450 else if (!strcasecmp(s,
"2b81040009"))
1452 else if (!strcasecmp(s,
"2b81040008"))
1454 else if (!strcasecmp(s,
"2b8104001e"))
1456 else if (!strcasecmp(s,
"2b8104001f"))
1458 else if (!strcasecmp(s,
"2a8648ce3d030101"))
1460 else if (!strcasecmp(s,
"2b81040020"))
1462 else if (!strcasecmp(s,
"2b81040021"))
1464 else if (!strcasecmp(s,
"2b8104000a"))
1466 else if (!strcasecmp(s,
"2a8648ce3d030107"))
1468 else if (!strcasecmp(s,
"2b81040022"))
1470 else if (!strcasecmp(s,
"2b81040023"))
1472 else if (!strcasecmp(s,
"2b81040004"))
1474 else if (!strcasecmp(s,
"2b81040005"))
1476 else if (!strcasecmp(s,
"2b81040016"))
1478 else if (!strcasecmp(s,
"2b81040017"))
1480 else if (!strcasecmp(s,
"2b81040001"))
1482 else if (!strcasecmp(s,
"2b81040002"))
1484 else if (!strcasecmp(s,
"2b8104000f"))
1486 else if (!strcasecmp(s,
"2b81040018"))
1488 else if (!strcasecmp(s,
"2b81040019"))
1490 else if (!strcasecmp(s,
"2b8104001a"))
1492 else if (!strcasecmp(s,
"2b8104001b"))
1494 else if (!strcasecmp(s,
"2b81040003"))
1496 else if (!strcasecmp(s,
"2b81040010"))
1498 else if (!strcasecmp(s,
"2b81040011"))
1500 else if (!strcasecmp(s,
"2b81040024"))
1502 else if (!strcasecmp(s,
"2b81040025"))
1504 else if (!strcasecmp(s,
"2b81040026"))
1506 else if (!strcasecmp(s,
"2b81040027"))
1514 { SECKEYECParams * ecp = &nss->pub_key->u.ec.DEREncodedParams;
1515 ecp->data = (
unsigned char *) PORT_ArenaZAlloc(nss->pub_key->arena, nb + 2);
1516 ecp->data[0] = SEC_ASN1_OBJECT_ID;
1518 memcpy(ecp->data + 2, p, nb);
1523 assert(nss->pub_key != NULL);
1524 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.ec.publicValue, p);
1525 nss->pub_key->u.ec.size = mbits;
1534 void rpmnssClean(
void * impl)
1540 nss->in_fips_mode = 0;
1546 nss->digest =
_free(nss->digest);
1549 if (nss->sec_key != NULL) {
1550 SECKEY_DestroyPrivateKey(nss->sec_key);
1551 nss->sec_key = NULL;
1553 if (nss->pub_key != NULL) {
1554 SECKEY_DestroyPublicKey(nss->pub_key);
1555 nss->pub_key = NULL;
1557 if (nss->sig != NULL) {
1558 SECITEM_ZfreeItem(nss->sig, PR_TRUE);
1562 nss->encAlg = SEC_OID_UNKNOWN;
1563 nss->hashAlg = SEC_OID_UNKNOWN;
1565 nss->item.type = siBuffer;
1566 nss->item.data = (
unsigned char *) NULL;
1567 nss->item.len = (unsigned) 0;
1569 if (nss->ecparams != NULL) {
1570 SECITEM_FreeItem(nss->ecparams, PR_FALSE);
1571 nss->ecparams = NULL;
1573 nss->curveN =
_free(nss->curveN);
1574 nss->curveOid = SEC_OID_UNKNOWN;
1581 void * rpmnssFree(
void * impl)
1590 void * rpmnssInit(
void)
1596 #ifdef HAVE_NSS_INITCONTEXT
1597 if (_rpmnss_context == NULL) {
1598 const char * _configdir =
rpmExpand(
"%{?_nssdb_path}", NULL);
1599 const char * _certPrefix =
rpmExpand(
"%{?_nssdb_certprefix}", NULL);
1600 const char * _keyPrefix =
rpmExpand(
"%{?_nssdb_keyprefix}", NULL);
1601 const char * _secmodName =
rpmExpand(
"%{?_nssdb_secmodname}", NULL);
1602 NSSInitParameters _initParams;
1663 memset((
void *) &_initParams,
'\0',
sizeof(_initParams));
1664 _initParams.length =
sizeof(_initParams);
1727 _flags |= NSS_INIT_READONLY;
1728 if (_configdir == NULL || *_configdir !=
'/') {
1729 _configdir =
_free(_configdir);
1730 _flags |= NSS_INIT_NOCERTDB;
1731 _flags |= NSS_INIT_NOMODDB;
1732 _flags |= NSS_INIT_FORCEOPEN;
1733 _flags |= NSS_INIT_NOROOTINIT;
1734 _flags |= NSS_INIT_OPTIMIZESPACE;
1742 rpmlog(msglvl,
"---------- NSS %s configuration:\n", NSS_VERSION);
1743 rpmlog(msglvl,
" version: %s\n", NSS_GetVersion());
1744 rpmlog(msglvl,
" configdir: %s\n", _configdir);
1745 rpmlog(msglvl,
"certPrefix: %s\n", _certPrefix);
1746 rpmlog(msglvl,
" keyPrefix: %s\n", _keyPrefix);
1747 rpmlog(msglvl,
"secmodName: %s\n", _secmodName);
1748 rpmlog(msglvl,
" flags: 0x%x\n", _flags);
1751 for (i = 0; i < nrpmnssOIDS; i++) {
1752 const char * N = rpmnssOIDS[
i].N;
1753 uint32_t V = rpmnssOIDS[
i].V;
1754 SECOidData * o = SECOID_FindOIDByTag(V);
1757 rpmlog(msglvl,
" EC curves:\n");
1760 rpmlog(msglvl,
" %s\n", o->desc);
1761 rpmlog(msglvl,
" %12s%5d %s\n",
1762 N, V,
pgpHexStr(o->oid.data, o->oid.len));
1764 rpmlog(msglvl,
"----------\n");
1766 _rpmnss_context = (
void *) NSS_InitContext(_configdir,
1767 _certPrefix, _keyPrefix, _secmodName, &_initParams, _flags);
1769 _configdir =
_free(_configdir);
1770 _certPrefix =
_free(_certPrefix);
1771 _keyPrefix =
_free(_keyPrefix);
1772 _secmodName =
_free(_secmodName);
1773 assert(_rpmnss_context != NULL);
1775 NSS_ShutdownFunc _sFunc = foo;
1776 void * _appData = bar;
1778 rv = NSS_RegisterShutdown(_sFunc, _appData);
1779 rv = NSS_UnregisterShutdown(_sFunc, _appData);
1784 if (!NSS_IsInitialized()) {
1785 const char * _configdir =
rpmExpand(
"%{?_nssdb_path}", NULL);
1787 if (_configdir != NULL && *_configdir ==
'/')
1788 rv = NSS_Init(_configdir);
1790 rv NSS_NoDB_Init(NULL);
1791 _configdir =
_free(_configdir);
1792 assert(rv == SECSuccess);
1798 return (
void *) nss;
1809 rpmnssAvailableCipher, rpmnssAvailableDigest, rpmnssAvailablePubkey,
1810 rpmnssVerify, rpmnssSign, rpmnssGenerate,
1812 rpmnssMpiItem, rpmnssClean,
1813 rpmnssFree, rpmnssInit
1821 time_t now =
time(NULL);
1837 *be++ = pubp->pubkey_algo;
1839 switch (pubp->pubkey_algo) {
1845 bn = 8 * nss->pub_key->u.rsa.modulus.len;
1846 bn -= __builtin_clz(
pgpGrab(nss->pub_key->u.rsa.modulus.data, 4));
1847 *be++ = (bn >> 8); *be++ = (bn );
1849 memcpy(be, nss->pub_key->u.rsa.modulus.data, bn/8);
1853 bn = 8 * nss->pub_key->u.rsa.publicExponent.len;
1854 bn -= __builtin_clz(
pgpGrab(nss->pub_key->u.rsa.publicExponent.data,4));
1855 *be++ = (bn >> 8); *be++ = (bn );
1857 memcpy(be, nss->pub_key->u.rsa.publicExponent.data, bn/8);
1862 bn = 8 * nss->pub_key->u.dsa.params.prime.len;
1863 bn -= __builtin_clz(
pgpGrab(nss->pub_key->u.dsa.params.prime.data, 4));
1864 *be++ = (bn >> 8); *be++ = (bn );
1866 memcpy(be, nss->pub_key->u.dsa.params.prime.data, bn/8);
1870 bn = 8 * nss->pub_key->u.dsa.params.subPrime.len;
1871 bn -= __builtin_clz(
pgpGrab(nss->pub_key->u.dsa.params.subPrime.data, 4));
1872 *be++ = (bn >> 8); *be++ = (bn );
1874 memcpy(be, nss->pub_key->u.dsa.params.subPrime.data, bn/8);
1878 bn = 8 * nss->pub_key->u.dsa.params.base.len;
1879 bn -= __builtin_clz(
pgpGrab(nss->pub_key->u.dsa.params.base.data, 4));
1880 *be++ = (bn >> 8); *be++ = (bn );
1882 memcpy(be, nss->pub_key->u.dsa.params.base.data, bn/8);
1885 bn = 8 * nss->pub_key->u.dsa.publicValue.len;
1886 bn -= __builtin_clz(
pgpGrab(nss->pub_key->u.dsa.publicValue.data, 4));
1887 *be++ = (bn >> 8); *be++ = (bn );
1889 memcpy(be, nss->pub_key->u.dsa.publicValue.data, bn/8);
1894 { SECKEYECParams * ecp = &nss->pub_key->u.ec.DEREncodedParams;
1895 *be++ = ecp->len - 2;
1896 memcpy(be, ecp->data+2, ecp->len-2);
1901 bn = 8 * nss->pub_key->u.ec.publicValue.len;
1902 bn -= __builtin_clz(
pgpGrab(nss->pub_key->u.ec.publicValue.data, 4));
1903 *be++ = (bn >> 8); *be++ = (bn );
1905 memcpy(be, nss->pub_key->u.ec.publicValue.data, bn/8);
1910 pktlen = (be - pkt);
1917 dig->pub = memcpy(
xmalloc(pktlen), pkt, pktlen);
1918 dig->publen = pktlen;
1932 time_t now =
time(NULL);
1942 *be++ = 0x80 | (sigp->tag << 2) | 0x01;
1946 *be++ = sigp->version = 0x04;
1948 assert(sigp->pubkey_algo == pubp->pubkey_algo);
1949 *be++ = sigp->pubkey_algo = pubp->pubkey_algo;
1950 *be++ = sigp->hash_algo;
1958 *be++ = sigp->time[0] = (bt >> 24);
1959 *be++ = sigp->time[1] = (bt >> 16);
1960 *be++ = sigp->time[2] = (bt >> 8);
1961 *be++ = sigp->time[3] = (bt );
1965 bt = 30 * 24 * 60 * 60;
1966 *be++ = sigp->expire[0] = (bt >> 24);
1967 *be++ = sigp->expire[1] = (bt >> 16);
1968 *be++ = sigp->expire[2] = (bt >> 8);
1969 *be++ = sigp->expire[3] = (bt );
1983 sigp->hashlen = (be - h);
1984 h[-2] = (sigp->hashlen >> 8);
1985 h[-1] = (sigp->hashlen );
1988 if (sigp->hash != NULL)
1993 trailer[0] = sigp->version;
1995 trailer[2] = (sigp->hashlen >> 24);
1996 trailer[3] = (sigp->hashlen >> 16);
1997 trailer[4] = (sigp->hashlen >> 8);
1998 trailer[5] = (sigp->hashlen );
2002 sigp->signhash16[0] = 0x00;
2003 sigp->signhash16[1] = 0x00;
2004 switch (pubp->pubkey_algo) {
2018 h = (uint8_t *) nss->digest;
2019 sigp->signhash16[0] = h[0];
2020 sigp->signhash16[1] = h[1];
2031 *be++ = pubp->signid[0];
2032 *be++ = pubp->signid[1];
2033 *be++ = pubp->signid[2];
2034 *be++ = pubp->signid[3];
2035 *be++ = pubp->signid[4];
2036 *be++ = pubp->signid[5];
2037 *be++ = pubp->signid[6];
2038 *be++ = pubp->signid[7];
2044 *be++ = sigp->signhash16[0];
2045 *be++ = sigp->signhash16[1];
2047 switch (pubp->pubkey_algo) {
2052 bn = 8 * nss->sig->len - __builtin_clz(
pgpGrab(nss->sig->data, 4));
2053 *be++ = (bn >> 8); *be++ = (bn );
2055 memcpy(be, nss->sig->data, bn/8);
2059 {
unsigned int nb = nss->qbits/8;
2060 SECItem * sig = DSAU_DecodeDerSigToLen(nss->sig, 2 * nb);
2061 assert(sig != NULL);
2062 bn = 8 * (sig->len/2) - __builtin_clz(
pgpGrab(sig->data , 4));
2063 *be++ = (bn >> 8); *be++ = (bn );
2065 memcpy(be, sig->data, bn/8);
2068 bn = 8 * (sig->len/2) - __builtin_clz(
pgpGrab(sig->data+sig->len/2, 4));
2069 *be++ = (bn >> 8); *be++ = (bn );
2071 memcpy(be, sig->data + (bn/8), bn/8);
2073 SECITEM_ZfreeItem(sig, PR_TRUE);
2076 {
unsigned int nb = nss->qbits/8;
2077 SECItem * sig = DSAU_DecodeDerSigToLen(nss->sig, 2 * nb);
2078 assert(sig != NULL);
2079 bn = 8 * (sig->len/2) - __builtin_clz(
pgpGrab(sig->data , 4));
2080 *be++ = (bn >> 8); *be++ = (bn );
2082 memcpy(be, sig->data, bn/8);
2085 bn = 8 * (sig->len/2) - __builtin_clz(
pgpGrab(sig->data+sig->len/2, 4));
2086 *be++ = (bn >> 8); *be++ = (bn );
2088 memcpy(be, sig->data + (bn/8), bn/8);
2090 SECITEM_ZfreeItem(sig, PR_TRUE);
2094 pktlen = (be - pkt);
2099 dig->sig = memcpy(
xmalloc(pktlen), pkt, pktlen);
2100 dig->siglen = pktlen;
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
char * xstrdup(const char *str)
struct pgpDigParams_s * pgpDigParams
static unsigned int pgpGrab(const rpmuint8_t *s, size_t nbytes)
Return (native-endian) integer from big-endian representation.
static void rpmlog(int code, const char *fmt,...)
pgpImplVecs_t rpmnssImplVecs
static int pgpImplSign(pgpDig dig)
const char * pgpPubkeyAlgo2Name(uint32_t algo)
static int pgpImplSetDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
Yet Another syslog(3) API clone.
void * xcalloc(size_t nmemb, size_t size)
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
const char const bson_oid_t * oid
static unsigned int pgpMpiBits(const rpmuint8_t *p)
Return no.
pgpHashAlgo rpmDigestAlgo(DIGEST_CTX ctx)
Return digest algorithm identifier.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
static int pgpImplSetECDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
static int pgpImplSetRSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
static unsigned int pgpMpiLen(const rpmuint8_t *p)
Return no.
static int snprintf(char *buf, int nb, const char *fmt,...)
const char const bson * key
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
const char * pgpHashAlgo2Name(uint32_t algo)
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
int rpmnssExportSignature(pgpDig dig, DIGEST_CTX ctx)
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.
int rpmExpandNumeric(const char *arg)
Return macro expansion as a numeric value.
int rpmnssExportPubkey(pgpDig dig)