8 #define _RPMPGP_INTERNAL
10 #define _RPMNSS_INTERNAL
30 extern int _rpmnss_init;
40 nss->sigalg = SEC_OID_UNKNOWN;
41 switch (sigp->hash_algo) {
43 nss->sigalg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
46 nss->sigalg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
51 nss->sigalg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
54 nss->sigalg = SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION;
61 nss->sigalg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
64 nss->sigalg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
67 nss->sigalg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
74 if (nss->sigalg == SEC_OID_UNKNOWN)
80 return memcmp(dig->md5, sigp->signhash16,
sizeof(sigp->signhash16));
84 int rpmnssVerifyRSA(
pgpDig dig)
90 nss->item.type = siBuffer;
91 nss->item.data = dig->md5;
92 nss->item.len = (unsigned) dig->md5len;
95 rc = (VFY_VerifyDigest(&nss->item, nss->rsa, nss->rsasig, nss->sigalg, NULL) == SECSuccess);
111 nss->sigalg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
114 return memcmp(dig->sha1, sigp->signhash16,
sizeof(sigp->signhash16));
118 int rpmnssVerifyDSA(
pgpDig dig)
124 nss->item.type = siBuffer;
125 nss->item.data = dig->sha1;
126 nss->item.len = (unsigned) dig->sha1len;
129 rc = (VFY_VerifyDigest(&nss->item, nss->dsa, nss->dsasig, nss->sigalg, NULL) == SECSuccess);
151 int rpmnssVerifyECDSA(
pgpDig dig)
163 int rpmnssMpiSet(
const char * pre,
unsigned int lbits,
174 if (pend != NULL && (p + ((mbits+7) >> 3)) > pend)
180 nbits = (lbits > mbits ? lbits : mbits);
181 nbytes = ((nbits + 7) >> 3);
182 ix = ((nbits - mbits) >> 3);
186 fprintf(stderr,
"*** mbits %u nbits %u nbytes %u ix %u\n", mbits, nbits, nbytes, ix);
187 if (ix > 0) memset(t, (
int)
'\0', ix);
188 memcpy(t+ix, p+2, nbytes-ix);
190 fprintf(stderr,
"\t %s %s", pre,
pgpHexStr(dest, nbytes));
200 SECItem * rpmnssMpiCopy(PRArenaPool * arena, SECItem * item,
208 if ((item = SECITEM_AllocItem(arena, item, nbytes)) == NULL)
212 item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes);
214 item->data = PORT_Realloc(item->data, nbytes);
216 if (item->data == NULL) {
218 SECITEM_FreeItem(item, PR_TRUE);
224 memcpy(item->data, p+2, nbytes);
232 SECKEYPublicKey * rpmnssNewPublicKey(KeyType type)
236 SECKEYPublicKey *key;
239 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
243 key = PORT_ArenaZAlloc(arena,
sizeof(*key));
246 PORT_FreeArena(arena, PR_FALSE);
252 key->pkcs11ID = CK_INVALID_HANDLE;
253 key->pkcs11Slot = NULL;
261 int rpmnssMpiItem(
const char * pre,
pgpDig dig,
int itemno,
274 nss->rsasig = rpmnssMpiCopy(NULL, nss->rsasig, p);
275 if (nss->rsasig == NULL)
280 nss->item.len = 2 * (160/8);
281 nss->item.data =
xcalloc(1, nss->item.len);
282 rc = rpmnssMpiSet(pre, 160, nss->item.data, p, pend);
285 rc = rpmnssMpiSet(pre, 160, nss->item.data + (160/8), p, pend);
286 if (nss->dsasig != NULL)
287 SECITEM_FreeItem(nss->dsasig, PR_FALSE);
288 if ((nss->dsasig = SECITEM_AllocItem(NULL, NULL, 0)) == NULL
289 || DSAU_EncodeDerSig(nss->dsasig, &nss->item) != SECSuccess)
291 nss->item.data =
_free(nss->item.data);
294 if (nss->rsa == NULL)
295 nss->rsa = rpmnssNewPublicKey(rsaKey);
296 if (nss->rsa == NULL)
299 (
void) rpmnssMpiCopy(nss->rsa->arena, &nss->rsa->u.rsa.modulus, p);
302 if (nss->rsa == NULL)
303 nss->rsa = rpmnssNewPublicKey(rsaKey);
304 if (nss->rsa == NULL)
307 (
void) rpmnssMpiCopy(nss->rsa->arena, &nss->rsa->u.rsa.publicExponent, p);
310 if (nss->dsa == NULL)
311 nss->dsa = rpmnssNewPublicKey(dsaKey);
312 if (nss->dsa == NULL)
315 (
void) rpmnssMpiCopy(nss->dsa->arena, &nss->dsa->u.dsa.params.prime, p);
318 if (nss->dsa == NULL)
319 nss->dsa = rpmnssNewPublicKey(dsaKey);
320 if (nss->dsa == NULL)
323 (
void) rpmnssMpiCopy(nss->dsa->arena, &nss->dsa->u.dsa.params.subPrime, p);
326 if (nss->dsa == NULL)
327 nss->dsa = rpmnssNewPublicKey(dsaKey);
328 if (nss->dsa == NULL)
331 (
void) rpmnssMpiCopy(nss->dsa->arena, &nss->dsa->u.dsa.params.base, p);
334 if (nss->dsa == NULL)
335 nss->dsa = rpmnssNewPublicKey(dsaKey);
336 if (nss->dsa == NULL)
339 (
void) rpmnssMpiCopy(nss->dsa->arena, &nss->dsa->u.dsa.publicValue, p);
348 void rpmnssClean(
void * impl)
354 if (nss->dsa != NULL) {
355 SECKEY_DestroyPublicKey(nss->dsa);
358 if (nss->dsasig != NULL) {
359 SECITEM_ZfreeItem(nss->dsasig, PR_TRUE);
362 if (nss->rsa != NULL) {
363 SECKEY_DestroyPublicKey(nss->rsa);
366 if (nss->rsasig != NULL) {
367 SECITEM_ZfreeItem(nss->rsasig, PR_TRUE);
376 void * rpmnssFree(
void * impl)
388 void * rpmnssInit(
void)
395 (void) NSS_NoDB_Init(NULL);
403 rpmnssSetRSA, rpmnssVerifyRSA,
404 rpmnssSetDSA, rpmnssVerifyDSA,
405 rpmnssSetECDSA, rpmnssVerifyECDSA,
406 rpmnssMpiItem, rpmnssClean,
407 rpmnssFree, rpmnssInit