RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 03-Dec-2007 23:19:22
Branch: HEAD Handle: 2007120322192100
Modified files:
rpm CHANGES
rpm/rpmdb signature.c
rpm/rpmio rpmbeecrypt.h
Log:
- jbj: add toy methods to hide beecrypt RSA/DSA signature
verification.
Summary:
Revision Changes Path
1.1928 +1 -0 rpm/CHANGES
1.37 +8 -40 rpm/rpmdb/signature.c
2.2 +65 -0 rpm/rpmio/rpmbeecrypt.h
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.1927 -r1.1928 CHANGES
--- rpm/CHANGES 3 Dec 2007 21:11:51 -0000 1.1927
+++ rpm/CHANGES 3 Dec 2007 22:19:21 -0000 1.1928
@@ -1,4 +1,5 @@
5.0a4 -> 5.0b1:
+ - jbj: add toy methods to hide beecrypt RSA/DSA signature verification.
- rpm.org: Split digest-stuff out of rpmio_internal to separate header.
- rpm.org: Eliminate copy-paste fd digest stealing, stuff into rpmio_internal.
- rpm.org: Add doxygen grouping to rpmte methods.
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/signature.c
============================================================================
$ cvs diff -u -r1.36 -r1.37 signature.c
--- rpm/rpmdb/signature.c 3 Dec 2007 21:11:53 -0000 1.36
+++ rpm/rpmdb/signature.c 3 Dec 2007 22:19:21 -0000 1.37
@@ -882,44 +882,18 @@
}
}
- /* Generate RSA modulus parameter. */
- { unsigned int nbits = (unsigned) MP_WORDS_TO_BITS(dig->c.size);
- unsigned int nb = (nbits + 7) >> 3;
- const char * hexstr;
- char * tt;
-
-assert(prefix != NULL);
- hexstr = tt = xmalloc(2 * nb + 1);
- memset(tt, (int) 'f', (2 * nb));
- tt[0] = '0'; tt[1] = '0';
- tt[2] = '0'; tt[3] = '1';
- tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2;
- *tt++ = '0'; *tt++ = '0';
- tt = stpcpy(tt, prefix);
- tt = stpcpy(tt, dig->md5);
-
-/*@-moduncon -noeffectuncon @*/
- mpnzero(&dig->rsahm); (void) mpnsethex(&dig->rsahm, hexstr);
-/*@=moduncon =noeffectuncon @*/
-
- hexstr = _free(hexstr);
-
- }
+ /* Set the RSA modulus. */
+ pgpSetRSA(dig, prefix);
/* Retrieve the matching public key. */
res = pgpFindPubkey(dig);
if (res != RPMRC_OK)
goto exit;
+ /* Verify the RSA signature. */
{ rpmop op = pgpStatsAccumulator(dig, 11); /* RPMTS_OP_SIGNATURE */
(void) rpmswEnter(op, 0);
-/*@-moduncon@*/
-#if defined(HAVE_BEECRYPT_API_H)
- xx = rsavrfy(&dig->rsa_pk.n, &dig->rsa_pk.e, &dig->c, &dig->rsahm);
-#else
- xx = rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c);
-#endif
-/*@=moduncon@*/
+ xx = pgpVerifyRSA(dig);
(void) rpmswExit(op, 0);
res = (xx ? RPMRC_OK : RPMRC_FAIL);
}
@@ -1005,9 +979,7 @@
(void) rpmswExit(op, sigp->hashlen);
op->count--; /* XXX one too many */
-/*@-moduncon -noeffectuncon @*/
- mpnzero(&dig->hm); (void) mpnsethex(&dig->hm, dig->sha1);
-/*@=moduncon =noeffectuncon @*/
+ pgpSetDSA(dig);
/* Compare leading 16 bits of digest for quick check. */
signhash16[0] = (*dig->hm.data >> 24) & 0xff;
@@ -1023,15 +995,11 @@
if (res != RPMRC_OK)
goto exit;
+ /* Verify the DSA signature. */
{ rpmop op = pgpStatsAccumulator(dig, 11); /* RPMTS_OP_SIGNATURE */
(void) rpmswEnter(op, 0);
-/*@-moduncon@*/
- if (dsavrfy(&dig->p, &dig->q, &dig->g,
- &dig->hm, &dig->y, &dig->r, &dig->s))
- res = RPMRC_OK;
- else
- res = RPMRC_FAIL;
-/*@=moduncon@*/
+ xx = pgpVerifyDSA(dig);
+ res = (xx ? RPMRC_OK : RPMRC_FAIL);
(void) rpmswExit(op, 0);
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmbeecrypt.h
============================================================================
$ cvs diff -u -r2.1 -r2.2 rpmbeecrypt.h
--- rpm/rpmio/rpmbeecrypt.h 3 Dec 2007 21:11:54 -0000 2.1
+++ rpm/rpmio/rpmbeecrypt.h 3 Dec 2007 22:19:21 -0000 2.2
@@ -112,6 +112,71 @@
mpnumber rsahm;
};
+/*@unused@*/ static inline
+void pgpSetRSA(pgpDig dig, const char * prefix)
+ /*@modifies dig @*/
+{
+ unsigned int nbits = (unsigned) MP_WORDS_TO_BITS(dig->c.size);
+ unsigned int nb = (nbits + 7) >> 3;
+ const char * hexstr;
+ char * tt;
+
+assert(prefix != NULL);
+ hexstr = tt = xmalloc(2 * nb + 1);
+ memset(tt, (int) 'f', (2 * nb));
+ tt[0] = '0'; tt[1] = '0';
+ tt[2] = '0'; tt[3] = '1';
+ tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2;
+ *tt++ = '0'; *tt++ = '0';
+ tt = stpcpy(tt, prefix);
+ tt = stpcpy(tt, dig->md5);
+
+/*@-moduncon -noeffectuncon @*/
+ mpnzero(&dig->rsahm); (void) mpnsethex(&dig->rsahm, hexstr);
+/*@=moduncon =noeffectuncon @*/
+
+ hexstr = _free(hexstr);
+}
+
+/*@unused@*/ static inline
+int pgpVerifyRSA(pgpDig dig)
+ /*@*/
+{
+ int rc;
+
+/*@-moduncon@*/
+#if defined(HAVE_BEECRYPT_API_H)
+ rc = rsavrfy(&dig->rsa_pk.n, &dig->rsa_pk.e, &dig->c, &dig->rsahm);
+#else
+ rc = rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c);
+#endif
+/*@=moduncon@*/
+
+ return rc;
+}
+
+/*@unused@*/ static inline
+void pgpSetDSA(pgpDig dig)
+ /*@modifies dig @*/
+{
+/*@-moduncon -noeffectuncon @*/
+ mpnzero(&dig->hm); (void) mpnsethex(&dig->hm, dig->sha1);
+/*@=moduncon =noeffectuncon @*/
+}
+
+/*@unused@*/ static inline
+int pgpVerifyDSA(pgpDig dig)
+ /*@*/
+{
+ int rc;
+
+/*@-moduncon@*/
+ rc = dsavrfy(&dig->p, &dig->q, &dig->g, &dig->hm, &dig->y, &dig->r, &dig->s);
+/*@=moduncon@*/
+
+ return rc;
+}
+
#ifdef __cplusplus
extern "C" {
#endif
@@ .
Received on Mon Dec 3 23:19:22 2007