8 #define _RPMGC_INTERNAL
9 #if defined(WITH_GCRYPT)
10 #define _RPMPGP_INTERNAL
16 #if defined(WITH_GCRYPT)
30 static int _rpmgc_debug;
32 #define SPEW(_t, _rc, _dig) \
33 { if ((_t) || _rpmgc_debug || _pgp_debug < 0) \
34 fprintf(stderr, "<-- %s(%p) %s\t%s\n", __FUNCTION__, (_dig), \
35 ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN); \
38 static const char * rpmgcHashAlgo2Name(uint32_t algo)
43 static const char * rpmgcPubkeyAlgo2Name(uint32_t algo)
48 static void fail(
const char *format, ...)
52 va_start(arg_ptr, format);
53 vfprintf(stderr, format, arg_ptr);
59 void rpmgcDump(
const char * msg, gcry_sexp_t sexp)
63 size_t nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
64 char * buf = (
char *)
alloca(nb+1);
66 nb = gcry_sexp_sprint(sexp, GCRYSEXP_FMT_ADVANCED, buf, nb);
68 fprintf(stderr,
"========== %s:\n%s", msg, buf);
74 gcry_error_t rpmgcErr(
rpmgc gc,
const char * msg, gcry_error_t err)
78 if (err && gcry_err_code(err) != gc->badok)
79 fprintf (stderr,
"rpmgc: %s(0x%0x): %s/%s\n",
80 msg, (
unsigned)err, gcry_strsource(err), gcry_strerror(err));
90 const char * hash_algo_name = NULL;
94 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
95 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
97 switch (sigp->hash_algo) {
99 hash_algo_name =
"md5";
102 hash_algo_name =
"sha1";
105 hash_algo_name =
"ripemd160";
108 hash_algo_name =
"md2";
111 hash_algo_name =
"tiger";
115 hash_algo_name =
"haval";
119 hash_algo_name =
"sha256";
122 hash_algo_name =
"sha384";
125 hash_algo_name =
"sha512";
129 hash_algo_name =
"sha224";
135 if (hash_algo_name == NULL)
138 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
142 err = rpmgcErr(gc,
"RSA c",
143 gcry_sexp_build(&gc->hash, NULL,
144 "(data (flags pkcs1) (hash %s %b))", hash_algo_name, gc->digestlen, gc->digest) );
145 if (
_pgp_debug < 0) rpmgcDump(
"gc->hash", gc->hash);
150 rc = memcmp(s, t,
sizeof(sigp->signhash16));
171 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
172 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
175 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
179 { gcry_mpi_t c = NULL;
181 err = rpmgcErr(gc,
"DSA c",
182 gcry_mpi_scan(&c, GCRYMPI_FMT_USG, gc->digest, 160/8, NULL));
183 err = rpmgcErr(gc,
"DSA gc->hash",
184 gcry_sexp_build(&gc->hash, NULL,
185 "(data (flags raw) (value %m))", c) );
187 if (
_pgp_debug < 0) rpmgcDump(
"gc->hash", gc->hash);
192 rc = memcmp(gc->digest, sigp->signhash16,
sizeof(sigp->signhash16));
205 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
206 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
209 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
226 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
227 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
230 gc->digest =
_free(gc->digest);
232 xx =
rpmDigestFinal(ctx, (
void **)&gc->digest, &gc->digestlen, 0);
234 { gcry_mpi_t c = NULL;
235 err = rpmgcErr(gc,
"ECDSA c",
236 gcry_mpi_scan(&c, GCRYMPI_FMT_USG, gc->digest, gc->digestlen, NULL));
238 gcry_sexp_release(gc->hash); gc->hash = NULL;
240 err = rpmgcErr(gc,
"ECDSA gc->hash",
241 gcry_sexp_build(&gc->hash, NULL,
242 "(data (flags raw) (value %m))", c) );
244 if (
_pgp_debug < 0) rpmgcDump(
"gc->hash", gc->hash);
254 static int rpmgcErrChk(
pgpDig dig,
const char * msg,
int rc,
unsigned expected)
258 rc = (gcry_err_code(gc->err) != expected);
260 fail(
"%s failed: %s\n", msg, gpg_strerror(gc->err));
265 static int rpmgcAvailable(
rpmgc gc,
int algo,
int rc)
268 if (rc && !gc->in_fips_mode)
276 fprintf(stderr,
" algorithm %d not available in fips mode\n", algo);
281 static int rpmgcAvailableCipher(
pgpDig dig,
int algo)
284 return rpmgcAvailable(gc, algo, gcry_cipher_test_algo(algo));
287 static int rpmgcAvailableDigest(
pgpDig dig,
int algo)
291 rc = rpmgcAvailable(gc, algo,
296 static int rpmgcAvailablePubkey(
pgpDig dig,
int algo)
300 rc = rpmgcAvailable(gc, algo, gcry_pk_test_algo(algo));
305 int rpmgcVerify(
pgpDig dig)
311 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
312 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
314 if (gc->sig == NULL) {
316 switch (pubp->pubkey_algo) {
319 gc->err = rpmgcErr(gc,
"RSA gc->sig",
320 gcry_sexp_build(&gc->sig, NULL,
321 "(sig-val (RSA (s %m)))", gc->c) );
327 gc->err = rpmgcErr(gc,
"DSA gc->sig",
328 gcry_sexp_build(&gc->sig, NULL,
329 "(sig-val (DSA (r %m) (s %m)))", gc->r, gc->s) );
337 rpmgcDump(
"gc->sig", gc->sig);
340 if (gc->pub_key == NULL) {
342 switch (pubp->pubkey_algo) {
346 gc->err = rpmgcErr(gc,
"RSA gc->pub_key",
347 gcry_sexp_build(&gc->pub_key, NULL,
348 "(public-key (RSA (n %m) (e %m)))", gc->n, gc->e) );
355 gc->err = rpmgcErr(gc,
"DSA gc->pub_key",
356 gcry_sexp_build(&gc->pub_key, NULL,
357 "(public-key (DSA (p %m) (q %m) (g %m) (y %m)))",
358 gc->p, gc->q, gc->g, gc->y) );
364 gc->err = rpmgcErr(gc,
"ELG gc->pub_key",
365 gcry_sexp_build(&gc->pub_key, NULL,
366 "(public-key (ELG (p %m) (g %m) (y %m)))",
367 gc->p, gc->g, gc->y) );
375 rpmgcDump(
"gc->pub_key", gc->pub_key);
379 gc->err = rpmgcErr(gc,
"gcry_pk_verify",
380 gcry_pk_verify (gc->sig, gc->hash, gc->pub_key));
395 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
396 dig->hash_algoN = rpmgcHashAlgo2Name(sigp->hash_algo);
399 gc->err = rpmgcErr(gc,
"gcry_pk_sign",
400 gcry_pk_sign (&gc->sig, gc->hash, gc->sec_key));
402 if (_pgp_debug < 0 && gc->sig) rpmgcDump(
"gc->sig", gc->sig);
411 int rpmgcGenerate(
pgpDig dig)
417 dig->pubkey_algoN = rpmgcPubkeyAlgo2Name(pubp->pubkey_algo);
421 switch (pubp->pubkey_algo) {
423 if (gc->nbits == 0) gc->nbits = 1024;
424 gc->err = rpmgcErr(gc,
"gc->key_spec",
425 gcry_sexp_build(&gc->key_spec, NULL,
427 ?
"(genkey (RSA (nbits %d)))"
428 :
"(genkey (RSA (nbits %d)(transient-key)))",
432 if (gc->nbits == 0) gc->nbits = 1024;
433 gc->err = rpmgcErr(gc,
"gc->key_spec",
434 gcry_sexp_build(&gc->key_spec, NULL,
436 ?
"(genkey (DSA (nbits %d)))"
437 :
"(genkey (DSA (nbits %d)(transient-key)))",
441 if (gc->nbits == 0) gc->nbits = 1024;
442 gc->err = rpmgcErr(gc,
"gc->key_spec",
443 gcry_sexp_build(&gc->key_spec, NULL,
445 ?
"(genkey (ELG (nbits %d)))"
446 :
"(genkey (ELG (nbits %d)(transient-key)))",
450 if (gc->nbits == 0) gc->nbits = 256;
452 gc->err = rpmgcErr(gc,
"gc->key_spec",
453 gcry_sexp_build(&gc->key_spec, NULL,
455 ?
"(genkey (ECDSA (nbits %d)))"
456 :
"(genkey (ECDSA (nbits %d)(transient-key)))",
459 gc->err = rpmgcErr(gc,
"gc->key_spec",
460 gcry_sexp_build(&gc->key_spec, NULL,
462 ?
"(genkey (ECDSA (curve prime256v1)))"
463 :
"(genkey (ECDSA (curve prime256v1)(transient-key)))",
473 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->key_spec) rpmgcDump(
"gc->key_spec", gc->key_spec);
476 gc->err = rpmgcErr(gc,
"gc->key_pair",
477 gcry_pk_genkey(&gc->key_pair, gc->key_spec));
480 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->key_pair) rpmgcDump(
"gc->key_pair", gc->key_pair);
482 gc->pub_key = gcry_sexp_find_token(gc->key_pair,
"public-key", 0);
483 if (gc->pub_key == NULL)
486 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->pub_key) rpmgcDump(
"gc->pub_key", gc->pub_key);
488 gc->sec_key = gcry_sexp_find_token(gc->key_pair,
"private-key", 0);
489 if (gc->sec_key == NULL)
492 if ((_rpmgc_debug ||
_pgp_debug < 0) && gc->sec_key) rpmgcDump(
"gc->sec_key", gc->sec_key);
496 rc = (gc->err == 0 && gc->pub_key && gc->sec_key);
500 gcry_sexp_release(gc->key_spec);
504 gcry_sexp_release(gc->key_pair);
515 int rpmgcMpiItem(
const char * pre,
pgpDig dig,
int itemno,
523 const char * mpiname =
"";
524 gcry_mpi_t * mpip = NULL;
537 mpiname =
"RSA m**d"; mpip = &gc->c;
540 mpiname =
"DSA r"; mpip = &gc->r;
543 mpiname =
"DSA s"; mpip = &gc->s;
546 mpiname =
"RSA n"; mpip = &gc->n;
549 mpiname =
"RSA e"; mpip = &gc->e;
552 mpiname =
"DSA p"; mpip = &gc->p;
555 mpiname =
"DSA q"; mpip = &gc->q;
558 mpiname =
"DSA g"; mpip = &gc->g;
561 mpiname =
"DSA y"; mpip = &gc->y;
566 gc->err = rpmgcErr(gc, mpiname,
567 gcry_mpi_scan(mpip, GCRYMPI_FMT_PGP, p, nb, &nscan) );
572 {
unsigned nbits = gcry_mpi_get_nbits(*mpip);
573 unsigned char * hex = NULL;
575 gc->err = rpmgcErr(gc,
"MPI print",
576 gcry_mpi_aprint(GCRYMPI_FMT_HEX, &hex, &nhex, *mpip) );
577 fprintf(stderr,
"*** %s\t%5d:%s\n", mpiname, (
int)nbits, hex);
587 void rpmgcClean(
void * impl)
596 gc->digest =
_free(gc->digest);
600 gcry_sexp_release(gc->key_spec);
604 gcry_sexp_release(gc->key_pair);
608 gcry_sexp_release(gc->pub_key);
612 gcry_sexp_release(gc->sec_key);
616 gcry_sexp_release(gc->hash);
620 gcry_sexp_release(gc->sig);
625 gcry_mpi_release(gc->c);
629 gcry_mpi_release(gc->p);
633 gcry_mpi_release(gc->q);
637 gcry_mpi_release(gc->g);
641 gcry_mpi_release(gc->y);
646 gcry_mpi_release(gc->r);
650 gcry_mpi_release(gc->s);
654 gcry_mpi_release(gc->n);
658 gcry_mpi_release(gc->e);
668 static int rpmgc_initialized;
671 void * rpmgcFree(
void * impl)
678 if (--rpmgc_initialized == 0 &&
_pgp_debug < 0) {
680 gc->err = rpmgcErr(gc,
"CLEAR_DEBUG_FLAGS",
681 gcry_control(GCRYCTL_CLEAR_DEBUG_FLAGS, 3));
682 gc->err = rpmgcErr(gc,
"SET_VERBOSITY",
683 gcry_control(GCRYCTL_SET_VERBOSITY, 0) );
692 void * rpmgcInit(
void)
698 if (rpmgc_initialized++ == 0 &&
_pgp_debug < 0) {
699 gc->err = rpmgcErr(gc,
"SET_VERBOSITY",
700 gcry_control(GCRYCTL_SET_VERBOSITY, 3) );
701 gc->err = rpmgcErr(gc,
"SET_DEBUG_FLAGS",
702 gcry_control(GCRYCTL_SET_DEBUG_FLAGS, 3) );
715 rpmgcAvailableCipher, rpmgcAvailableDigest, rpmgcAvailablePubkey,
716 rpmgcVerify, rpmgcSign, rpmgcGenerate,
718 rpmgcMpiItem, rpmgcClean,