9 #define _RPMPGP_INTERNAL
11 #define _RPMNSS_INTERNAL
32 extern int _rpmnss_init;
35 static int _rpmnss_debug;
37 #define SPEW(_t, _rc, _dig) \
38 { if ((_t) || _rpmnss_debug || _pgp_debug < 0) \
39 fprintf(stderr, "<-- %s(%p) %s\t%s\n", __FUNCTION__, (_dig), \
40 ((_rc) ? "OK" : "BAD"), (_dig)->pubkey_algoN); \
46 typedef struct key_s {
53 keyCmp(
const void * a,
const void * b)
66 KEY *k = (
KEY *)bsearch(&needle, keys, nkeys,
sizeof(*keys),
keyCmp);
74 typedef struct keyVN_s {
81 keyVNCmp(
const void * a,
const void * b)
83 return (((keyVN_t *)a)->V - ((keyVN_t *)b)->V);
87 keyVN(keyVN_t * keys,
size_t nkeys,
int V)
89 const char * N = NULL;
99 bsearch(&needle, keys, nkeys,
sizeof(*keys), keyVNCmp);
118 #define _ENTRY(_v) { SEC_ERROR_##_v, #_v }
120 static keyVN_t rpmnssERRS[] = {
127 _ENTRY(INVALID_ALGORITHM),
132 _ENTRY(EXPIRED_CERTIFICATE),
133 _ENTRY(REVOKED_CERTIFICATE),
144 _ENTRY(DUPLICATE_CERT_NAME),
151 _ENTRY(EXPIRED_ISSUER_CERTIFICATE),
153 _ENTRY(CRL_BAD_SIGNATURE),
155 _ENTRY(EXTENSION_VALUE_INVALID),
156 _ENTRY(EXTENSION_NOT_FOUND),
158 _ENTRY(PATH_LEN_CONSTRAINT_INVALID),
159 _ENTRY(CERT_USAGES_INVALID),
162 _ENTRY(UNKNOWN_CRITICAL_EXTENSION),
165 _ENTRY(NO_RECIPIENT_CERTS_QUERY),
167 _ENTRY(PKCS7_KEYALG_MISMATCH),
168 _ENTRY(PKCS7_BAD_SIGNATURE),
169 _ENTRY(UNSUPPORTED_KEYALG),
170 _ENTRY(DECRYPTION_DISALLOWED),
182 _ENTRY(KRL_BAD_SIGNATURE),
190 _ENTRY(CERT_NICKNAME_COLLISION),
191 _ENTRY(KEY_NICKNAME_COLLISION),
193 _ENTRY(BAGGAGE_NOT_CREATED),
197 _ENTRY(BAD_EXPORT_ALGORITHM),
198 _ENTRY(EXPORTING_CERTIFICATES),
199 _ENTRY(IMPORTING_CERTIFICATES),
200 _ENTRY(PKCS12_DECODING_PFX),
201 _ENTRY(PKCS12_INVALID_MAC),
202 _ENTRY(PKCS12_UNSUPPORTED_MAC_ALGORITHM),
203 _ENTRY(PKCS12_UNSUPPORTED_TRANSPORT_MODE),
204 _ENTRY(PKCS12_CORRUPT_PFX_STRUCTURE),
205 _ENTRY(PKCS12_UNSUPPORTED_PBE_ALGORITHM),
206 _ENTRY(PKCS12_UNSUPPORTED_VERSION),
207 _ENTRY(PKCS12_PRIVACY_PASSWORD_INCORRECT),
208 _ENTRY(PKCS12_CERT_COLLISION),
210 _ENTRY(PKCS12_DUPLICATE_DATA),
211 _ENTRY(MESSAGE_SEND_ABORTED),
212 _ENTRY(INADEQUATE_KEY_USAGE),
213 _ENTRY(INADEQUATE_CERT_TYPE),
214 _ENTRY(CERT_ADDR_MISMATCH),
215 _ENTRY(PKCS12_UNABLE_TO_IMPORT_KEY),
216 _ENTRY(PKCS12_IMPORTING_CERT_CHAIN),
217 _ENTRY(PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME),
218 _ENTRY(PKCS12_UNABLE_TO_EXPORT_KEY),
219 _ENTRY(PKCS12_UNABLE_TO_WRITE),
220 _ENTRY(PKCS12_UNABLE_TO_READ),
221 _ENTRY(PKCS12_KEY_DATABASE_NOT_INITIALIZED),
224 _ENTRY(RETRY_OLD_PASSWORD),
226 _ENTRY(NOT_FORTEZZA_ISSUER),
227 _ENTRY(CANNOT_MOVE_SENSITIVE_KEY),
228 _ENTRY(JS_INVALID_MODULE_NAME),
230 _ENTRY(JS_ADD_MOD_FAILURE),
231 _ENTRY(JS_DEL_MOD_FAILURE),
234 _ENTRY(CERT_NOT_IN_NAME_SPACE),
235 _ENTRY(KRL_NOT_YET_VALID),
236 _ENTRY(CRL_NOT_YET_VALID),
239 _ENTRY(CERT_BAD_ACCESS_LOCATION),
240 _ENTRY(OCSP_UNKNOWN_RESPONSE_TYPE),
241 _ENTRY(OCSP_BAD_HTTP_RESPONSE),
242 _ENTRY(OCSP_MALFORMED_REQUEST),
243 _ENTRY(OCSP_SERVER_ERROR),
244 _ENTRY(OCSP_TRY_SERVER_LATER),
245 _ENTRY(OCSP_REQUEST_NEEDS_SIG),
246 _ENTRY(OCSP_UNAUTHORIZED_REQUEST),
247 _ENTRY(OCSP_UNKNOWN_RESPONSE_STATUS),
248 _ENTRY(OCSP_UNKNOWN_CERT),
250 _ENTRY(OCSP_NO_DEFAULT_RESPONDER),
251 _ENTRY(OCSP_MALFORMED_RESPONSE),
252 _ENTRY(OCSP_UNAUTHORIZED_RESPONSE),
253 _ENTRY(OCSP_FUTURE_RESPONSE),
254 _ENTRY(OCSP_OLD_RESPONSE),
257 _ENTRY(UNSUPPORTED_MESSAGE_TYPE),
261 _ENTRY(REUSED_ISSUER_AND_SERIAL),
265 _ENTRY(UNSUPPORTED_ELLIPTIC_CURVE),
266 _ENTRY(UNSUPPORTED_EC_POINT_FORM),
268 _ENTRY(OCSP_INVALID_SIGNING_CERT),
270 _ENTRY(REVOKED_CERTIFICATE_CRL),
271 _ENTRY(REVOKED_CERTIFICATE_OCSP),
272 _ENTRY(CRL_INVALID_VERSION),
273 _ENTRY(CRL_V1_CRITICAL_EXTENSION),
274 _ENTRY(CRL_UNKNOWN_CRITICAL_EXTENSION),
275 _ENTRY(UNKNOWN_OBJECT_TYPE),
276 _ENTRY(INCOMPATIBLE_PKCS11),
278 _ENTRY(CRL_ALREADY_EXISTS),
280 _ENTRY(TOKEN_NOT_LOGGED_IN),
281 _ENTRY(OCSP_RESPONDER_CERT_INVALID),
282 _ENTRY(OCSP_BAD_SIGNATURE),
283 _ENTRY(OUT_OF_SEARCH_LIMITS),
284 _ENTRY(INVALID_POLICY_MAPPING),
285 _ENTRY(POLICY_VALIDATION_FAILED),
286 _ENTRY(UNKNOWN_AIA_LOCATION_TYPE),
287 _ENTRY(BAD_HTTP_RESPONSE),
288 _ENTRY(BAD_LDAP_RESPONSE),
289 _ENTRY(FAILED_TO_ENCODE_DATA),
290 _ENTRY(BAD_INFO_ACCESS_LOCATION),
292 _ENTRY(PKCS11_GENERAL_ERROR),
293 _ENTRY(PKCS11_FUNCTION_FAILED),
294 _ENTRY(PKCS11_DEVICE_ERROR),
295 #if defined(SEC_ERROR_BAD_INFO_ACCESS_METHOD)
296 _ENTRY(BAD_INFO_ACCESS_METHOD),
298 #if defined(SEC_ERROR_CRL_IMPORT_FAILED)
299 _ENTRY(CRL_IMPORT_FAILED),
302 static size_t nrpmnssERRS =
sizeof(rpmnssERRS) /
sizeof(rpmnssERRS[0]);
305 static const char * rpmnssStrerror(
int err)
308 const char * errN = keyVN(rpmnssERRS, nrpmnssERRS, err);
310 snprintf(buf,
sizeof(buf),
"SEC_ERROR(%d)", err);
317 int rpmnssErr(
rpmnss nss,
const char * msg,
int rc)
322 if (err && gcry_err_code(err) != gc->badok)
323 fprintf (stderr,
"rpmgc: %s(0x%0x): %s/%s\n",
324 msg, (
unsigned)err, gcry_strsource(err), gcry_strerror(err));
326 if (rc != SECSuccess) {
327 int err = PORT_GetError();
328 fprintf (stderr,
"rpmnss: %s rc(%d) err(%d) %s\n",
329 msg, rc, err, rpmnssStrerror(err));
346 nss->sigalg = SEC_OID_UNKNOWN;
347 switch (sigp->hash_algo) {
349 nss->sigalg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
352 nss->sigalg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
357 nss->sigalg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
360 nss->sigalg = SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION;
367 nss->sigalg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
370 nss->sigalg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
373 nss->sigalg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
380 if (nss->sigalg == SEC_OID_UNKNOWN)
383 nss->digest =
_free(nss->digest);
385 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
389 rc = memcmp(nss->digest, sigp->signhash16,
sizeof(sigp->signhash16));
401 int rpmnssVerifyRSA(
pgpDig dig)
407 nss->item.type = siBuffer;
408 nss->item.data = (
unsigned char *) nss->digest;
409 nss->item.len = (unsigned) nss->digestlen;
411 rc = rpmnssErr(nss,
"VFY_VerifyDigest",
412 VFY_VerifyDigest(&nss->item, nss->pub_key,
413 nss->sig, nss->sigalg, NULL));
414 rc = (rc == SECSuccess);
420 static int rpmnssSignRSA(
pgpDig dig)
426 SECOidTag sigalg = SEC_OID_UNKNOWN;
427 switch (sigp->hash_algo) {
429 sigalg = SEC_OID_MD5;
432 sigalg = SEC_OID_SHA1;
437 sigalg = SEC_OID_MD2;
440 sigalg = SEC_OID_MD4;
447 sigalg = SEC_OID_SHA256;
450 sigalg = SEC_OID_SHA384;
453 sigalg = SEC_OID_SHA512;
460 if (sigalg == SEC_OID_UNKNOWN)
463 nss->item.type = siBuffer;
464 nss->item.data = (
unsigned char *) nss->digest;
465 nss->item.len = (
unsigned) nss->digestlen;
467 if (nss->sig != NULL) {
468 SECITEM_ZfreeItem(nss->sig, PR_TRUE);
471 nss->sig = SECITEM_AllocItem(NULL, NULL, 0);
472 nss->sig->type = siBuffer;
474 rc = rpmnssErr(nss,
"SGN_Digest",
475 SGN_Digest(nss->sec_key, sigalg, nss->sig, &nss->item));
476 rc = (rc == SECSuccess);
483 static int rpmnssGenerateRSA(
pgpDig dig)
488 if (nss->nbits == 0) nss->nbits = 1024;
491 { CK_MECHANISM_TYPE _type = CKM_RSA_PKCS_KEY_PAIR_GEN;
492 PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL);
493 int _isPerm = PR_FALSE;
494 int _isSensitive = PR_TRUE;
498 static unsigned _pe = 0x10001;
499 PK11RSAGenParams rsaparams = {};
500 void * params = &rsaparams;
502 rsaparams.keySizeInBits = nss->nbits;
505 nss->sec_key = PK11_GenerateKeyPair(_slot, _type, params,
506 &nss->pub_key, _isPerm, _isSensitive, _cx);
508 PK11_FreeSlot(_slot);
512 rc = (nss->sec_key && nss->pub_key);
530 nss->digest =
_free(nss->digest);
532 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
534 nss->sigalg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
537 rc = memcmp(nss->digest, sigp->signhash16,
sizeof(sigp->signhash16));
543 int rpmnssVerifyDSA(
pgpDig dig)
549 nss->item.type = siBuffer;
550 nss->item.data = (
unsigned char *) nss->digest;
551 nss->item.len = (unsigned) nss->digestlen;
553 rc = rpmnssErr(nss,
"VFY_VerifyDigest",
554 VFY_VerifyDigest(&nss->item, nss->pub_key,
555 nss->sig, nss->sigalg, NULL));
556 rc = (rc == SECSuccess);
562 static int rpmnssSignDSA(
pgpDig dig)
567 SECOidTag sigalg = SEC_OID_UNKNOWN;
574 switch (sigp->hash_algo) {
578 sigalg = SEC_OID_SHA1;
601 if (sigalg == SEC_OID_UNKNOWN)
604 nss->item.type = siBuffer;
605 nss->item.data = (
unsigned char *) nss->digest;
606 nss->item.len = (
unsigned) nss->digestlen;
608 if (nss->sig != NULL) {
609 SECITEM_ZfreeItem(nss->sig, PR_TRUE);
613 nss->sig = SECITEM_AllocItem(NULL, NULL, 0);
614 nss->sig->type = siBuffer;
616 rc = rpmnssErr(nss,
"SGN_Digest",
617 SGN_Digest(nss->sec_key, sigalg, &sig, &nss->item));
619 if (rc == SECSuccess)
620 rc = rpmnssErr(nss,
"DSAU_EncodeDerSig",
621 DSAU_EncodeDerSig(nss->sig, &sig));
623 sig.data =
_free(sig.data);
625 rc = (rc == SECSuccess);
632 static int rpmnssGenerateDSA(
pgpDig dig)
637 if (nss->nbits == 0) nss->nbits = 1024;
640 { CK_MECHANISM_TYPE _type = CKM_DSA_KEY_PAIR_GEN;
641 PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL);
642 int _isPerm = PR_FALSE;
643 int _isSensitive = PR_TRUE;
647 PQGParams *pqgParams = NULL;
648 PQGVerify *pqgVfy = NULL;
649 void * params = NULL;
652 xx = rpmnssErr(nss,
"PK11_PQG_ParamGen",
653 PK11_PQG_ParamGen(0, &pqgParams, &pqgVfy));
654 if (xx != SECSuccess)
658 nss->sec_key = PK11_GenerateKeyPair(_slot, _type, params,
659 &nss->pub_key, _isPerm, _isSensitive, _cx);
661 if (pqgVfy) PK11_PQG_DestroyVerify(pqgVfy);
662 if (pqgParams) PK11_PQG_DestroyParams(pqgParams);
664 PK11_FreeSlot(_slot);
668 rc = (nss->sec_key && nss->pub_key);
684 nss->digest =
_free(nss->digest);
686 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
701 nss->sigalg = SEC_OID_UNKNOWN;
702 switch (sigp->hash_algo) {
704 nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
707 nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE;
710 nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
713 nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
716 nss->sigalg = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE;
721 if (nss->sigalg == SEC_OID_UNKNOWN)
724 nss->digest =
_free(nss->digest);
726 xx =
rpmDigestFinal(ctx, (
void **)&nss->digest, &nss->digestlen, 0);
729 return memcmp(nss->digest, sigp->signhash16,
sizeof(sigp->signhash16));
733 int rpmnssVerifyECDSA(
pgpDig dig)
739 nss->item.type = siBuffer;
740 nss->item.data = (
unsigned char *) nss->digest;
741 nss->item.len = (unsigned) nss->digestlen;
743 rc = VFY_VerifyDigest(&nss->item, nss->pub_key, nss->sig, nss->sigalg, NULL);
744 rc = (rc == SECSuccess);
751 int rpmnssSignECDSA(
pgpDig dig)
758 SECOidTag sigalg = SEC_OID_UNKNOWN;
759 switch (sigp->hash_algo) {
763 sigalg = SEC_OID_SHA1;
776 sigalg = SEC_OID_SHA256;
779 sigalg = SEC_OID_SHA384;
782 sigalg = SEC_OID_SHA512;
789 if (sigalg == SEC_OID_UNKNOWN)
792 if (nss->sig != NULL) {
793 SECITEM_ZfreeItem(nss->sig, PR_TRUE);
796 nss->sig = SECITEM_AllocItem(NULL, NULL, 0);
797 nss->sig->type = siBuffer;
799 rc = rpmnssErr(nss,
"SGN_Digest",
800 SGN_Digest(nss->sec_key, sigalg, nss->sig, &nss->item));
802 rc = (rc == SECSuccess);
810 int rpmnssGenerateECDSA(
pgpDig dig)
816 { CK_MECHANISM_TYPE _type = CKM_EC_KEY_PAIR_GEN;
817 PK11SlotInfo * _slot = PK11_GetBestSlot(_type, NULL);
818 int _isPerm = PR_FALSE;
819 int _isSensitive = PR_FALSE;
824 nss->sec_key = PK11_GenerateKeyPair(_slot, _type, nss->ecparams,
825 &nss->pub_key, _isPerm, _isSensitive, _cx);
827 PK11_FreeSlot(_slot);
831 rc = (nss->sec_key && nss->pub_key);
838 static int rpmnssErrChk(
pgpDig dig,
const char * msg,
int rc,
unsigned expected)
841 rpmgc gc = dig->impl;
843 rc = (gcry_err_code(gc->err) != expected);
845 fail(
"%s failed: %s\n", msg, gpg_strerror(gc->err));
853 static int rpmnssAvailableCipher(
pgpDig dig,
int algo)
857 rc = rpmgnssvailable(dig->impl, algo,
863 static int rpmnssAvailableDigest(
pgpDig dig,
int algo)
867 rc = rpmgnssvailable(dig->impl, algo,
873 static int rpmnssAvailablePubkey(
pgpDig dig,
int algo)
877 rc = rpmnssAvailable(dig->impl, algo, gcry_pk_test_algo(algo));
882 static int rpmnssVerify(
pgpDig dig)
891 switch (pubp->pubkey_algo) {
895 rc = rpmnssVerifyRSA(dig);
898 rc = rpmnssVerifyDSA(dig);
902 rc = rpmnssVerifyELG(dig);
906 if (nss->sigalg != SEC_OID_UNKNOWN)
907 rc = rpmnssVerifyECDSA(dig);
914 static int rpmnssSign(
pgpDig dig)
920 switch (pubp->pubkey_algo) {
924 rc = rpmnssSignRSA(dig);
927 rc = rpmnssSignDSA(dig);
931 rc = rpmnssSignELG(dig);
935 if (nss->sigalg != SEC_OID_UNKNOWN)
936 rc = rpmnssSignECDSA(dig);
943 static int rpmnssLoadParams(
pgpDig dig,
const char * name)
947 SECOidTag curveOidTag = curve2oid(name);
949 SECOidTag curveOidTag = !strcmp(name,
"nistp256")
950 ? SEC_OID_SECG_EC_SECP256R1 : SEC_OID_UNKNOWN;
952 SECOidData * oidData = SECOID_FindOIDByTag(curveOidTag);
955 if (curveOidTag == SEC_OID_UNKNOWN || oidData == NULL) {
956 nss->sigalg = curveOidTag;
960 nss->sigalg = curveOidTag;
962 nss->ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
963 nss->ecparams->data[0] = SEC_ASN1_OBJECT_ID;
964 nss->ecparams->data[1] = oidData->oid.len;
965 memcpy(nss->ecparams->data + 2, oidData->oid.data, oidData->oid.len);
970 fprintf(stderr,
"<-- %s(%p,%s) oid %u params %p\n", __FUNCTION__, dig, name, nss->sigalg, nss->ecparams);
974 static int rpmnssGenerate(
pgpDig dig)
980 switch (pubp->pubkey_algo) {
984 rc = rpmnssGenerateRSA(dig);
987 rc = rpmnssGenerateDSA(dig);
991 rc = rpmnssGenerateELG(dig);
995 rc = rpmnssLoadParams(dig,
"nistp256");
997 rc = rpmnssGenerateECDSA(dig);
1008 int rpmnssMpiSet(
const char * pre,
unsigned int lbits,
1015 unsigned int nbytes;
1016 char * t = (
char *) dest;
1019 if (pend != NULL && (p + ((mbits+7) >> 3)) > pend)
1025 nbits = (lbits > mbits ? lbits : mbits);
1026 nbytes = ((nbits + 7) >> 3);
1027 ix = ((nbits - mbits) >> 3);
1031 fprintf(stderr,
"*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits, nbytes, ix);
1032 if (ix > 0) memset(t, (
int)
'\0', ix);
1033 memcpy(t+ix, p+2, nbytes-ix);
1045 SECItem * rpmnssMpiCopy(PRArenaPool * arena, SECItem * item,
1053 if ((item = SECITEM_AllocItem(arena, item, nbytes)) == NULL)
1057 item->data = (
unsigned char *) PORT_ArenaGrow(arena, item->data, item->len, nbytes);
1059 item->data = (
unsigned char *) PORT_Realloc(item->data, nbytes);
1061 if (item->data == NULL) {
1063 SECITEM_FreeItem(item, PR_TRUE);
1069 memcpy(item->data, p+2, nbytes);
1077 SECKEYPublicKey * rpmnssNewPublicKey(KeyType type)
1081 SECKEYPublicKey *key;
1084 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
1088 key = (SECKEYPublicKey *) PORT_ArenaZAlloc(arena,
sizeof(*key));
1091 PORT_FreeArena(arena, PR_FALSE);
1096 key->keyType = type;
1097 key->pkcs11ID = CK_INVALID_HANDLE;
1098 key->pkcs11Slot = NULL;
1106 int rpmnssMpiItem(
const char * pre,
pgpDig dig,
int itemno,
1112 size_t nb = (pend >= p ? (pend - p) : 0);
1121 nss->sig = rpmnssMpiCopy(NULL, nss->sig, p);
1122 if (nss->sig == NULL)
1127 nss->item.type = (SECItemType) 0;
1128 nss->item.len = 2 * (hbits/8);
1129 nss->item.data = (
unsigned char *)
xcalloc(1, nss->item.len);
1130 rc = rpmnssMpiSet(pre, hbits, nss->item.data, p, pend);
1134 rc = rpmnssMpiSet(pre, hbits, nss->item.data + (hbits/8), p, pend);
1135 if (nss->sig != NULL)
1136 SECITEM_FreeItem(nss->sig, PR_FALSE);
1137 if ((nss->sig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL
1138 || DSAU_EncodeDerSig(nss->sig, &nss->item) != SECSuccess)
1140 nss->item.data =
_free(nss->item.data);
1143 if (nss->pub_key == NULL)
1144 nss->pub_key = rpmnssNewPublicKey(rsaKey);
1145 if (nss->pub_key == NULL)
1148 (
void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.rsa.modulus, p);
1151 if (nss->pub_key == NULL)
1152 nss->pub_key = rpmnssNewPublicKey(rsaKey);
1153 if (nss->pub_key == NULL)
1156 (
void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.rsa.publicExponent, p);
1159 if (nss->pub_key == NULL)
1160 nss->pub_key = rpmnssNewPublicKey(dsaKey);
1161 if (nss->pub_key == NULL)
1164 (
void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.params.prime, p);
1167 if (nss->pub_key == NULL)
1168 nss->pub_key = rpmnssNewPublicKey(dsaKey);
1169 if (nss->pub_key == NULL)
1172 (
void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.params.subPrime, p);
1175 if (nss->pub_key == NULL)
1176 nss->pub_key = rpmnssNewPublicKey(dsaKey);
1177 if (nss->pub_key == NULL)
1180 (
void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.params.base, p);
1183 if (nss->pub_key == NULL)
1184 nss->pub_key = rpmnssNewPublicKey(dsaKey);
1185 if (nss->pub_key == NULL)
1188 (
void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.dsa.publicValue, p);
1192 nss->item.type = (SECItemType) 0;
1193 nss->item.len = 2 * (hbits/8);
1194 nss->item.data = (
unsigned char *)
xcalloc(1, nss->item.len);
1195 rc = rpmnssMpiSet(pre, hbits, nss->item.data, p, pend);
1199 rc = rpmnssMpiSet(pre, hbits, nss->item.data + (hbits/8), p, pend);
1200 if (nss->sig != NULL)
1201 SECITEM_FreeItem(nss->sig, PR_FALSE);
1202 if ((nss->sig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL
1203 || DSAU_EncodeDerSigWithLen(nss->sig, &nss->item, nss->item.len) != SECSuccess)
1205 nss->item.data =
_free(nss->item.data);
1209 if (nss->pub_key == NULL)
1210 nss->pub_key = rpmnssNewPublicKey(ecKey);
1211 if (nss->pub_key == NULL)
1214 SECKEYECParams * ecp = &nss->pub_key->u.ec.DEREncodedParams;
1215 ecp->data = (
unsigned char *) PORT_ArenaZAlloc(nss->pub_key->arena, nb + 2);
1216 ecp->data[0] = SEC_ASN1_OBJECT_ID;
1218 memcpy(ecp->data + 2, p, nb);
1223 assert(nss->pub_key);
1225 nss->pub_key->u.ec.size = ((nb - (2 + 1)) * 8)/2;
1226 (void) rpmnssMpiCopy(nss->pub_key->arena, &nss->pub_key->u.ec.publicValue, p);
1235 void rpmnssClean(
void * impl)
1244 nss->digest =
_free(nss->digest);
1247 if (nss->sec_key != NULL) {
1248 SECKEY_DestroyPrivateKey(nss->sec_key);
1249 nss->sec_key = NULL;
1251 if (nss->pub_key != NULL) {
1252 SECKEY_DestroyPublicKey(nss->pub_key);
1253 nss->pub_key = NULL;
1255 if (nss->sig != NULL) {
1256 SECITEM_ZfreeItem(nss->sig, PR_TRUE);
1260 if (nss->ecparams != NULL) {
1261 SECITEM_FreeItem(nss->ecparams, PR_FALSE);
1262 nss->ecparams = NULL;
1270 void * rpmnssFree(
void * impl)
1279 void * rpmnssInit(
void)
1284 const char * _nssdb_path =
rpmExpand(
"%{?_nssdb_path}", NULL);
1287 if (_nssdb_path != NULL && *_nssdb_path ==
'/')
1288 (void) NSS_Init(_nssdb_path);
1290 (
void) NSS_NoDB_Init(NULL);
1292 _nssdb_path =
_free(_nssdb_path);
1296 return (
void *) nss;
1306 rpmnssAvailableCipher, rpmnssAvailableDigest, rpmnssAvailablePubkey,
1307 rpmnssVerify, rpmnssSign, rpmnssGenerate,
1309 rpmnssMpiItem, rpmnssClean,
1310 rpmnssFree, rpmnssInit