Skip to content

Commit

Permalink
Add rpmKeyringVerifySig2 that return the matching key
Browse files Browse the repository at this point in the history 
Add the key to rpmsinfo_s so we have the key available with the verified
signature and can print the key's finger print when desired
  • Loading branch information
@ffesti
ffesti committed Sep 23, 2024
1 parent bbc00e4 commit 760f81e
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 7 deletions.
10 changes: 10 additions & 0 deletions include/rpm/rpmkeyring.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,16 @@ int rpmKeyringAddKey(rpmKeyring keyring, rpmPubkey key);
*/
rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx);

/** \ingroup rpmkeyring
* Perform combined keyring lookup and signature verification
* @param keyring keyring handle
* @param sig OpenPGP signature parameters
* @param ctx signature hash context
* @param keyptr matching key
* @return RPMRC_OK / RPMRC_FAIL / RPMRC_NOKEY
*/
rpmRC rpmKeyringVerifySig2(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx, rpmPubkey * keyptr);

/** \ingroup rpmkeyring
* Reference a keyring.
* @param keyring keyring handle
Expand Down
9 changes: 6 additions & 3 deletions lib/rpmvs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
*sinfo = vinfo->vi; /* struct assignment */
sinfo->wrapped = (vinfo->sigh == 0);
sinfo->strength = sinfo->type;
sinfo->key = NULL;

if (td == NULL) {
rc = RPMRC_NOTFOUND;
Expand Down Expand Up @@ -591,9 +592,11 @@ static rpmRC
verifySignature(rpmKeyring keyring, struct rpmsinfo_s *sinfo)
{
rpmRC res = RPMRC_FAIL;
if (pgpSignatureType(sinfo->sig) == PGPSIGTYPE_BINARY)
res = rpmKeyringVerifySig(keyring, sinfo->sig, sinfo->ctx);

if (pgpSignatureType(sinfo->sig) == PGPSIGTYPE_BINARY) {
rpmPubkey key;
res = rpmKeyringVerifySig2(keyring, sinfo->sig, sinfo->ctx, &key);
sinfo->key = key;
}
return res;
}

Expand Down
1 change: 1 addition & 0 deletions lib/rpmvs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ struct rpmsinfo_s {
int id;
int wrapped;
int strength;
rpmPubkey key;
unsigned int keyid;
union {
pgpDigParams sig;
Expand Down
14 changes: 10 additions & 4 deletions rpmio/rpmkeyring.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,7 @@ static rpmPubkey findbySig(rpmKeyring keyring, pgpDigParams sig)
return key;
}

rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
rpmRC rpmKeyringVerifySig2(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx, rpmPubkey * keyptr)
{
rpmRC rc = RPMRC_FAIL;

Expand All @@ -319,10 +319,16 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints);
free(lints);
}
}

if (keyring)
if (keyptr)
*keyptr = key;
}
if (keyring)
pthread_rwlock_unlock(&keyring->lock);

return rc;
}

rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
{
return rpmKeyringVerifySig2(keyring, sig, ctx, NULL);
}

0 comments on commit 760f81e

Please sign in to comment.