summaryrefslogtreecommitdiff
path: root/lib/libalpm/signing.c
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2012-11-02 23:06:45 +1000
committerAllan McRae <allan@archlinux.org>2013-02-09 12:43:37 +1000
commit05745089ac7009e5de84d676dd0823acd8c4d1fc (patch)
tree41e6102648ddc45627700e9396050910883336b9 /lib/libalpm/signing.c
parent4ec6848f91ed85ab113185bb74b83a5faf21160f (diff)
downloadpacman-05745089ac7009e5de84d676dd0823acd8c4d1fc.tar.xz
Add function to extract key id from signatures
This does not support all possibilities of RFC4880, but it does cover every key currently used in Arch Linux. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'lib/libalpm/signing.c')
-rw-r--r--lib/libalpm/signing.c113
1 files changed, 113 insertions, 0 deletions
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 6534fe51..dc882821 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -950,4 +950,117 @@ int SYMEXPORT alpm_siglist_cleanup(alpm_siglist_t *siglist)
return 0;
}
+/**
+ * Extract the Issuer Key ID from a signature
+ * @param sig PGP signature
+ * @param len length of signature
+ * @param keys a pointer to storage for key IDs
+ * @return 0 on success, -1 on error
+ */
+int _alpm_extract_keyid(alpm_handle_t *handle, const char *identifier,
+ const unsigned char *sig, const size_t len, alpm_list_t **keys)
+{
+ size_t pos, spos, blen, hlen, ulen, slen;
+ pos = 0;
+
+ while(pos < len) {
+ if(!(sig[pos] & 0x80)) {
+ _alpm_log(handle, ALPM_LOG_ERROR,
+ _("%s: signature format error"), identifier);
+ return -1;
+ }
+
+ if(sig[pos] & 0x40) {
+ /* "new" packet format is not supported */
+ _alpm_log(handle, ALPM_LOG_ERROR,
+ _("%s: unsupported signature format"), identifier);
+ return -1;
+ }
+
+ if(((sig[pos] & 0x3f) >> 2) != 2) {
+ /* signature is not a "Signature Packet" */
+ _alpm_log(handle, ALPM_LOG_ERROR,
+ _("%s: signature format error"), identifier);
+ return -1;
+ }
+
+ switch(sig[pos] & 0x03) {
+ case 0:
+ blen = sig[pos + 1];
+ pos = pos + 2;
+ break;
+
+ case 1:
+ blen = (sig[pos + 1] << 8) | sig[pos + 2];
+ pos = pos + 3;
+ break;
+
+ case 2:
+ blen = (sig[pos + 1] << 24) | (sig[pos + 2] << 16) | (sig[pos + 3] << 8) | sig[pos + 4];
+ pos = pos + 5;
+ break;
+
+ case 3:
+ /* partial body length not supported */
+ _alpm_log(handle, ALPM_LOG_ERROR,
+ _("%s: unsupported signature format"), identifier);
+ return -1;
+ }
+
+ if(sig[pos] != 4) {
+ /* only support version 4 signature packet format */
+ _alpm_log(handle, ALPM_LOG_ERROR,
+ _("%s: unsupported signature format"), identifier);
+ return -1;
+ }
+
+ if(sig[pos + 1] != 0x00) {
+ /* not a signature of a binary document */
+ _alpm_log(handle, ALPM_LOG_ERROR,
+ _("%s: signature format error"), identifier);
+ return -1;
+ }
+
+ pos = pos + 4;
+
+ hlen = (sig[pos] << 8) | sig[pos + 1];
+ pos = pos + hlen + 2;
+
+ ulen = (sig[pos] << 8) | sig[pos + 1];
+ pos = pos + 2;
+
+ spos = pos;
+
+ while(spos < pos + ulen) {
+ if(sig[spos] < 192) {
+ slen = sig[spos];
+ spos = spos + 1;
+ } else if(sig[spos] < 255) {
+ slen = (sig[spos] << 8) | sig[spos + 1];
+ spos = spos + 2;
+ } else {
+ slen = (sig[spos + 1] << 24) | (sig[spos + 2] << 16) | (sig[spos + 3] << 8) | sig[spos + 4];
+ spos = spos + 5;
+ }
+
+ if(sig[spos] == 16) {
+ /* issuer key ID */
+ char key[17];
+ size_t i;
+ for (i = 0; i < 8; i++) {
+ sprintf(&key[i * 2], "%02X", sig[spos + i + 1]);
+ }
+ *keys = alpm_list_add(*keys, strdup(key));
+ break;
+ }
+
+ spos = spos + slen;
+ }
+
+ pos = pos + (blen - hlen - 8);
+ }
+
+ return 0;
+}
+
/* vim: set ts=2 sw=2 noet: */