Axe the rpmsq debug code which was never getting built anyway

[platform/upstream/rpm.git] / rpmio / rpmpgp.c

/** \ingroup rpmio signature
 * \file rpmio/rpmpgp.c
 * Routines to handle RFC-2440 detached signatures.
 */

#include "system.h"

#include <pthread.h>

#include <rpm/rpmstring.h>
#include <rpm/rpmlog.h>

#include "rpmio/digest.h"
#include "rpmio/rpmio_internal.h"       /* XXX rpmioSlurp */

#include "debug.h"


static int _debug = 0;

static int _print = 0;

static int _crypto_initialized = 0;
static int _new_process = 1;

typedef const struct pgpValTbl_s {
    int val;
    char const * const str;
} * pgpValTbl;
 
static struct pgpValTbl_s const pgpSigTypeTbl[] = {
    { PGPSIGTYPE_BINARY,        "Binary document signature" },
    { PGPSIGTYPE_TEXT,          "Text document signature" },
    { PGPSIGTYPE_STANDALONE,    "Standalone signature" },
    { PGPSIGTYPE_GENERIC_CERT,  "Generic certification of a User ID and Public Key" },
    { PGPSIGTYPE_PERSONA_CERT,  "Persona certification of a User ID and Public Key" },
    { PGPSIGTYPE_CASUAL_CERT,   "Casual certification of a User ID and Public Key" },
    { PGPSIGTYPE_POSITIVE_CERT, "Positive certification of a User ID and Public Key" },
    { PGPSIGTYPE_SUBKEY_BINDING,"Subkey Binding Signature" },
    { PGPSIGTYPE_SIGNED_KEY,    "Signature directly on a key" },
    { PGPSIGTYPE_KEY_REVOKE,    "Key revocation signature" },
    { PGPSIGTYPE_SUBKEY_REVOKE, "Subkey revocation signature" },
    { PGPSIGTYPE_CERT_REVOKE,   "Certification revocation signature" },
    { PGPSIGTYPE_TIMESTAMP,     "Timestamp signature" },
    { -1,                       "Unknown signature type" },
};

static struct pgpValTbl_s const pgpPubkeyTbl[] = {
    { PGPPUBKEYALGO_RSA,        "RSA" },
    { PGPPUBKEYALGO_RSA_ENCRYPT,"RSA(Encrypt-Only)" },
    { PGPPUBKEYALGO_RSA_SIGN,   "RSA(Sign-Only)" },
    { PGPPUBKEYALGO_ELGAMAL_ENCRYPT,"Elgamal(Encrypt-Only)" },
    { PGPPUBKEYALGO_DSA,        "DSA" },
    { PGPPUBKEYALGO_EC,         "Elliptic Curve" },
    { PGPPUBKEYALGO_ECDSA,      "ECDSA" },
    { PGPPUBKEYALGO_ELGAMAL,    "Elgamal" },
    { PGPPUBKEYALGO_DH,         "Diffie-Hellman (X9.42)" },
    { -1,                       "Unknown public key algorithm" },
};

static struct pgpValTbl_s const pgpSymkeyTbl[] = {
    { PGPSYMKEYALGO_PLAINTEXT,  "Plaintext" },
    { PGPSYMKEYALGO_IDEA,       "IDEA" },
    { PGPSYMKEYALGO_TRIPLE_DES, "3DES" },
    { PGPSYMKEYALGO_CAST5,      "CAST5" },
    { PGPSYMKEYALGO_BLOWFISH,   "BLOWFISH" },
    { PGPSYMKEYALGO_SAFER,      "SAFER" },
    { PGPSYMKEYALGO_DES_SK,     "DES/SK" },
    { PGPSYMKEYALGO_AES_128,    "AES(128-bit key)" },
    { PGPSYMKEYALGO_AES_192,    "AES(192-bit key)" },
    { PGPSYMKEYALGO_AES_256,    "AES(256-bit key)" },
    { PGPSYMKEYALGO_TWOFISH,    "TWOFISH(256-bit key)" },
    { PGPSYMKEYALGO_NOENCRYPT,  "no encryption" },
    { -1,                       "Unknown symmetric key algorithm" },
};

static struct pgpValTbl_s const pgpCompressionTbl[] = {
    { PGPCOMPRESSALGO_NONE,     "Uncompressed" },
    { PGPCOMPRESSALGO_ZIP,      "ZIP" },
    { PGPCOMPRESSALGO_ZLIB,     "ZLIB" },
    { PGPCOMPRESSALGO_BZIP2,    "BZIP2" },
    { -1,                       "Unknown compression algorithm" },
};

static struct pgpValTbl_s const pgpHashTbl[] = {
    { PGPHASHALGO_MD5,          "MD5" },
    { PGPHASHALGO_SHA1,         "SHA1" },
    { PGPHASHALGO_RIPEMD160,    "RIPEMD160" },
    { PGPHASHALGO_MD2,          "MD2" },
    { PGPHASHALGO_TIGER192,     "TIGER192" },
    { PGPHASHALGO_HAVAL_5_160,  "HAVAL-5-160" },
    { PGPHASHALGO_SHA256,       "SHA256" },
    { PGPHASHALGO_SHA384,       "SHA384" },
    { PGPHASHALGO_SHA512,       "SHA512" },
    { PGPHASHALGO_SHA224,       "SHA224" },
    { -1,                       "Unknown hash algorithm" },
};

static struct pgpValTbl_s const pgpKeyServerPrefsTbl[] = {
    { 0x80,                     "No-modify" },
    { -1,                       "Unknown key server preference" },
};

static struct pgpValTbl_s const pgpSubTypeTbl[] = {
    { PGPSUBTYPE_SIG_CREATE_TIME,"signature creation time" },
    { PGPSUBTYPE_SIG_EXPIRE_TIME,"signature expiration time" },
    { PGPSUBTYPE_EXPORTABLE_CERT,"exportable certification" },
    { PGPSUBTYPE_TRUST_SIG,     "trust signature" },
    { PGPSUBTYPE_REGEX,         "regular expression" },
    { PGPSUBTYPE_REVOCABLE,     "revocable" },
    { PGPSUBTYPE_KEY_EXPIRE_TIME,"key expiration time" },
    { PGPSUBTYPE_ARR,           "additional recipient request" },
    { PGPSUBTYPE_PREFER_SYMKEY, "preferred symmetric algorithms" },
    { PGPSUBTYPE_REVOKE_KEY,    "revocation key" },
    { PGPSUBTYPE_ISSUER_KEYID,  "issuer key ID" },
    { PGPSUBTYPE_NOTATION,      "notation data" },
    { PGPSUBTYPE_PREFER_HASH,   "preferred hash algorithms" },
    { PGPSUBTYPE_PREFER_COMPRESS,"preferred compression algorithms" },
    { PGPSUBTYPE_KEYSERVER_PREFERS,"key server preferences" },
    { PGPSUBTYPE_PREFER_KEYSERVER,"preferred key server" },
    { PGPSUBTYPE_PRIMARY_USERID,"primary user id" },
    { PGPSUBTYPE_POLICY_URL,    "policy URL" },
    { PGPSUBTYPE_KEY_FLAGS,     "key flags" },
    { PGPSUBTYPE_SIGNER_USERID, "signer's user id" },
    { PGPSUBTYPE_REVOKE_REASON, "reason for revocation" },
    { PGPSUBTYPE_FEATURES,      "features" },
    { PGPSUBTYPE_EMBEDDED_SIG,  "embedded signature" },

    { PGPSUBTYPE_INTERNAL_100,  "internal subpkt type 100" },
    { PGPSUBTYPE_INTERNAL_101,  "internal subpkt type 101" },
    { PGPSUBTYPE_INTERNAL_102,  "internal subpkt type 102" },
    { PGPSUBTYPE_INTERNAL_103,  "internal subpkt type 103" },
    { PGPSUBTYPE_INTERNAL_104,  "internal subpkt type 104" },
    { PGPSUBTYPE_INTERNAL_105,  "internal subpkt type 105" },
    { PGPSUBTYPE_INTERNAL_106,  "internal subpkt type 106" },
    { PGPSUBTYPE_INTERNAL_107,  "internal subpkt type 107" },
    { PGPSUBTYPE_INTERNAL_108,  "internal subpkt type 108" },
    { PGPSUBTYPE_INTERNAL_109,  "internal subpkt type 109" },
    { PGPSUBTYPE_INTERNAL_110,  "internal subpkt type 110" },
    { -1,                       "Unknown signature subkey type" },
};

static struct pgpValTbl_s const pgpTagTbl[] = {
    { PGPTAG_PUBLIC_SESSION_KEY,"Public-Key Encrypted Session Key" },
    { PGPTAG_SIGNATURE,         "Signature" },
    { PGPTAG_SYMMETRIC_SESSION_KEY,"Symmetric-Key Encrypted Session Key" },
    { PGPTAG_ONEPASS_SIGNATURE, "One-Pass Signature" },
    { PGPTAG_SECRET_KEY,        "Secret Key" },
    { PGPTAG_PUBLIC_KEY,        "Public Key" },
    { PGPTAG_SECRET_SUBKEY,     "Secret Subkey" },
    { PGPTAG_COMPRESSED_DATA,   "Compressed Data" },
    { PGPTAG_SYMMETRIC_DATA,    "Symmetrically Encrypted Data" },
    { PGPTAG_MARKER,            "Marker" },
    { PGPTAG_LITERAL_DATA,      "Literal Data" },
    { PGPTAG_TRUST,             "Trust" },
    { PGPTAG_USER_ID,           "User ID" },
    { PGPTAG_PUBLIC_SUBKEY,     "Public Subkey" },
    { PGPTAG_COMMENT_OLD,       "Comment (from OpenPGP draft)" },
    { PGPTAG_PHOTOID,           "PGP's photo ID" },
    { PGPTAG_ENCRYPTED_MDC,     "Integrity protected encrypted data" },
    { PGPTAG_MDC,               "Manipulaion detection code packet" },
    { PGPTAG_PRIVATE_60,        "Private #60" },
    { PGPTAG_COMMENT,           "Comment" },
    { PGPTAG_PRIVATE_62,        "Private #62" },
    { PGPTAG_CONTROL,           "Control (GPG)" },
    { -1,                       "Unknown packet tag" },
};

static struct pgpValTbl_s const pgpArmorTbl[] = {
    { PGPARMOR_MESSAGE,         "MESSAGE" },
    { PGPARMOR_PUBKEY,          "PUBLIC KEY BLOCK" },
    { PGPARMOR_SIGNATURE,       "SIGNATURE" },
    { PGPARMOR_SIGNED_MESSAGE,  "SIGNED MESSAGE" },
    { PGPARMOR_FILE,            "ARMORED FILE" },
    { PGPARMOR_PRIVKEY,         "PRIVATE KEY BLOCK" },
    { PGPARMOR_SECKEY,          "SECRET KEY BLOCK" },
    { -1,                       "Unknown armor block" }
};

static struct pgpValTbl_s const pgpArmorKeyTbl[] = {
    { PGPARMORKEY_VERSION,      "Version: " },
    { PGPARMORKEY_COMMENT,      "Comment: " },
    { PGPARMORKEY_MESSAGEID,    "MessageID: " },
    { PGPARMORKEY_HASH,         "Hash: " },
    { PGPARMORKEY_CHARSET,      "Charset: " },
    { -1,                       "Unknown armor key" }
};

static void pgpPrtNL(void)
{
    if (!_print) return;
    fprintf(stderr, "\n");
}

static void pgpPrtInt(const char *pre, int i)
{
    if (!_print) return;
    if (pre && *pre)
        fprintf(stderr, "%s", pre);
    fprintf(stderr, " %d", i);
}

static void pgpPrtStr(const char *pre, const char *s)
{
    if (!_print) return;
    if (pre && *pre)
        fprintf(stderr, "%s", pre);
    fprintf(stderr, " %s", s);
}

static const char * pgpValStr(pgpValTbl vs, uint8_t val)
{
    do {
        if (vs->val == val)
            break;
    } while ((++vs)->val != -1);
    return vs->str;
}

static pgpValTbl pgpValTable(pgpValType type)
{
    switch (type) {
    case PGPVAL_TAG:            return pgpTagTbl;
    case PGPVAL_ARMORBLOCK:     return pgpArmorTbl;
    case PGPVAL_ARMORKEY:       return pgpArmorKeyTbl;
    case PGPVAL_SIGTYPE:        return pgpSigTypeTbl;
    case PGPVAL_SUBTYPE:        return pgpSubTypeTbl;
    case PGPVAL_PUBKEYALGO:     return pgpPubkeyTbl;
    case PGPVAL_SYMKEYALGO:     return pgpSymkeyTbl;
    case PGPVAL_COMPRESSALGO:   return pgpCompressionTbl;
    case PGPVAL_HASHALGO:       return pgpHashTbl;
    case PGPVAL_SERVERPREFS:    return pgpKeyServerPrefsTbl;
    default:
        break;
    }
    return NULL;
}

const char * pgpValString(pgpValType type, uint8_t val)
{
    pgpValTbl tbl = pgpValTable(type);
    return (tbl != NULL) ? pgpValStr(tbl, val) : NULL;
}

static void pgpPrtHex(const char *pre, const uint8_t *p, size_t plen)
{
    char *hex = NULL;
    if (!_print) return;
    if (pre && *pre)
        fprintf(stderr, "%s", pre);
    hex = pgpHexStr(p, plen);
    fprintf(stderr, " %s", hex);
    free(hex);
}

static void pgpPrtVal(const char * pre, pgpValTbl vs, uint8_t val)
{
    if (!_print) return;
    if (pre && *pre)
        fprintf(stderr, "%s", pre);
    fprintf(stderr, "%s(%u)", pgpValStr(vs, val), (unsigned)val);
}

/** \ingroup rpmpgp
 * Return no. of bits in a multiprecision integer.
 * @param p             pointer to multiprecision integer
 * @return              no. of bits
 */
static 
unsigned int pgpMpiBits(const uint8_t *p)
{
    return ((p[0] << 8) | p[1]);
}

/** \ingroup rpmpgp
 * Return no. of bytes in a multiprecision integer.
 * @param p             pointer to multiprecision integer
 * @return              no. of bytes
 */
static
size_t pgpMpiLen(const uint8_t *p)
{
    return (2 + ((pgpMpiBits(p)+7)>>3));
}
        
/** \ingroup rpmpgp
 * Return hex formatted representation of a multiprecision integer.
 * @param p             bytes
 * @return              hex formatted string (malloc'ed)
 */
static inline
char * pgpMpiStr(const uint8_t *p)
{
    char *str = NULL;
    char *hex = pgpHexStr(p+2, pgpMpiLen(p)-2);
    rasprintf(&str, "[%4u]: %s", pgpGrab(p, (size_t) 2), hex);
    free(hex);
    return str;
}

/** \ingroup rpmpgp
 * Return value of an OpenPGP string.
 * @param vs            table of (string,value) pairs
 * @param s             string token to lookup
 * @param se            end-of-string address
 * @return              byte value
 */
static inline
int pgpValTok(pgpValTbl vs, const char * s, const char * se)
{
    do {
        size_t vlen = strlen(vs->str);
        if (vlen <= (se-s) && rstreqn(s, vs->str, vlen))
            break;
    } while ((++vs)->val != -1);
    return vs->val;
}
/**
 * @return              0 on success
 */
static int pgpMpiSet(const char * pre, unsigned int lbits,
                uint8_t *dest, const uint8_t * p, const uint8_t * pend)
{
    unsigned int mbits = pgpMpiBits(p);
    unsigned int nbits;
    size_t nbytes;
    uint8_t *t = dest;
    unsigned int ix;

    if ((p + ((mbits+7) >> 3)) > pend)
        return 1;

    if (mbits > lbits)
        return 1;

    nbits = (lbits > mbits ? lbits : mbits);
    nbytes = ((nbits + 7) >> 3);
    ix = (nbits - mbits) >> 3;

if (_debug)
fprintf(stderr, "*** mbits %u nbits %u nbytes %zu ix %u\n", mbits, nbits, nbytes, ix);
    if (ix > 0) memset(t, '\0', ix);
    memcpy(t+ix, p+2, nbytes-ix);
if (_debug)
fprintf(stderr, "*** %s %s\n", pre, pgpHexStr(dest, nbytes));

    return 0;
}

/**
 * @return              NULL on error
 */
static SECItem *pgpMpiItem(PRArenaPool *arena, SECItem *item, const uint8_t *p)
{
    size_t nbytes = pgpMpiLen(p)-2;

    if (item == NULL) {
        if ((item=SECITEM_AllocItem(arena, item, nbytes)) == NULL)
            return item;
    } else {
        if (arena != NULL)
            item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes);
        else
            item->data = PORT_Realloc(item->data, nbytes);
        
        if (item->data == NULL) {
            if (arena == NULL)
                SECITEM_FreeItem(item, PR_TRUE);
            return NULL;
        }
    }

    memcpy(item->data, p+2, nbytes);
    item->len = nbytes;
    return item;
}
/*@=boundswrite@*/

static SECKEYPublicKey *pgpNewPublicKey(KeyType type)
{
    PRArenaPool *arena;
    SECKEYPublicKey *key;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL)
        return NULL;
    
    key = PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
    
    if (key == NULL) {
        PORT_FreeArena(arena, PR_FALSE);
        return NULL;
    }
    
    key->keyType = type;
    key->pkcs11ID = CK_INVALID_HANDLE;
    key->pkcs11Slot = NULL;
    key->arena = arena;
    return key;
}

/** \ingroup rpmpgp
 * Is buffer at beginning of an OpenPGP packet?
 * @param p             buffer
 * @return              1 if an OpenPGP packet, 0 otherwise
 */
static inline
int pgpIsPkt(const uint8_t * p)
{
    unsigned int val = *p++;
    pgpTag tag;
    int rc;

    /* XXX can't deal with these. */
    if (!(val & 0x80))
        return 0;

    if (val & 0x40)
        tag = (pgpTag)(val & 0x3f);
    else
        tag = (pgpTag)((val >> 2) & 0xf);

    switch (tag) {
    case PGPTAG_MARKER:
    case PGPTAG_SYMMETRIC_SESSION_KEY:
    case PGPTAG_ONEPASS_SIGNATURE:
    case PGPTAG_PUBLIC_KEY:
    case PGPTAG_SECRET_KEY:
    case PGPTAG_PUBLIC_SESSION_KEY:
    case PGPTAG_SIGNATURE:
    case PGPTAG_COMMENT:
    case PGPTAG_COMMENT_OLD:
    case PGPTAG_LITERAL_DATA:
    case PGPTAG_COMPRESSED_DATA:
    case PGPTAG_SYMMETRIC_DATA:
        rc = 1;
        break;
    case PGPTAG_PUBLIC_SUBKEY:
    case PGPTAG_SECRET_SUBKEY:
    case PGPTAG_USER_ID:
    case PGPTAG_RESERVED:
    case PGPTAG_TRUST:
    case PGPTAG_PHOTOID:
    case PGPTAG_ENCRYPTED_MDC:
    case PGPTAG_MDC:
    case PGPTAG_PRIVATE_60:
    case PGPTAG_PRIVATE_62:
    case PGPTAG_CONTROL:
    default:
        rc = 0;
        break;
    }

    return rc;
}

#define CRC24_INIT      0xb704ce
#define CRC24_POLY      0x1864cfb

/** \ingroup rpmpgp
 * Return CRC of a buffer.
 * @param octets        bytes
 * @param len           no. of bytes
 * @return              crc of buffer
 */
static inline
unsigned int pgpCRC(const uint8_t *octets, size_t len)
{
    unsigned int crc = CRC24_INIT;
    size_t i;

    while (len--) {
        crc ^= (*octets++) << 16;
        for (i = 0; i < 8; i++) {
            crc <<= 1;
            if (crc & 0x1000000)
                crc ^= CRC24_POLY;
        }
    }
    return crc & 0xffffff;
}

static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype, 
                         pgpDigParams _digp)
{
    const uint8_t *p = h;
    size_t plen, i;

    while (hlen > 0) {
        i = pgpLen(p, &plen);
        p += i;
        hlen -= i;

        pgpPrtVal("    ", pgpSubTypeTbl, (p[0]&(~PGPSUBTYPE_CRITICAL)));
        if (p[0] & PGPSUBTYPE_CRITICAL)
            if (_print)
                fprintf(stderr, " *CRITICAL*");
        switch (*p) {
        case PGPSUBTYPE_PREFER_SYMKEY:  /* preferred symmetric algorithms */
            for (i = 1; i < plen; i++)
                pgpPrtVal(" ", pgpSymkeyTbl, p[i]);
            break;
        case PGPSUBTYPE_PREFER_HASH:    /* preferred hash algorithms */
            for (i = 1; i < plen; i++)
                pgpPrtVal(" ", pgpHashTbl, p[i]);
            break;
        case PGPSUBTYPE_PREFER_COMPRESS:/* preferred compression algorithms */
            for (i = 1; i < plen; i++)
                pgpPrtVal(" ", pgpCompressionTbl, p[i]);
            break;
        case PGPSUBTYPE_KEYSERVER_PREFERS:/* key server preferences */
            for (i = 1; i < plen; i++)
                pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]);
            break;
        case PGPSUBTYPE_SIG_CREATE_TIME:
            if (_digp && !(_digp->saved & PGPDIG_SAVED_TIME) &&
                (sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))
            {
                _digp->saved |= PGPDIG_SAVED_TIME;
                memcpy(_digp->time, p+1, sizeof(_digp->time));
            }
        case PGPSUBTYPE_SIG_EXPIRE_TIME:
        case PGPSUBTYPE_KEY_EXPIRE_TIME:
            if ((plen - 1) == 4) {
                time_t t = pgpGrab(p+1, plen-1);
                if (_print)
                   fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
            } else
                pgpPrtHex("", p+1, plen-1);
            break;

        case PGPSUBTYPE_ISSUER_KEYID:   /* issuer key ID */
            if (_digp && !(_digp->saved & PGPDIG_SAVED_ID) &&
                (sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))
            {
                _digp->saved |= PGPDIG_SAVED_ID;
                memcpy(_digp->signid, p+1, sizeof(_digp->signid));
            }
        case PGPSUBTYPE_EXPORTABLE_CERT:
        case PGPSUBTYPE_TRUST_SIG:
        case PGPSUBTYPE_REGEX:
        case PGPSUBTYPE_REVOCABLE:
        case PGPSUBTYPE_ARR:
        case PGPSUBTYPE_REVOKE_KEY:
        case PGPSUBTYPE_NOTATION:
        case PGPSUBTYPE_PREFER_KEYSERVER:
        case PGPSUBTYPE_PRIMARY_USERID:
        case PGPSUBTYPE_POLICY_URL:
        case PGPSUBTYPE_KEY_FLAGS:
        case PGPSUBTYPE_SIGNER_USERID:
        case PGPSUBTYPE_REVOKE_REASON:
        case PGPSUBTYPE_FEATURES:
        case PGPSUBTYPE_EMBEDDED_SIG:
        case PGPSUBTYPE_INTERNAL_100:
        case PGPSUBTYPE_INTERNAL_101:
        case PGPSUBTYPE_INTERNAL_102:
        case PGPSUBTYPE_INTERNAL_103:
        case PGPSUBTYPE_INTERNAL_104:
        case PGPSUBTYPE_INTERNAL_105:
        case PGPSUBTYPE_INTERNAL_106:
        case PGPSUBTYPE_INTERNAL_107:
        case PGPSUBTYPE_INTERNAL_108:
        case PGPSUBTYPE_INTERNAL_109:
        case PGPSUBTYPE_INTERNAL_110:
        default:
            pgpPrtHex("", p+1, plen-1);
            break;
        }
        pgpPrtNL();
        p += plen;
        hlen -= plen;
    }
    return 0;
}

static const char * const pgpSigRSA[] = {
    " m**d =",
    NULL,
};

static const char * const pgpSigDSA[] = {
    "    r =",
    "    s =",
    NULL,
};

#ifndef DSA_SUBPRIME_LEN
#define DSA_SUBPRIME_LEN 20
#endif

static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
                const uint8_t *p, const uint8_t *h, size_t hlen, pgpDig _dig)
{
    const uint8_t * pend = h + hlen;
    size_t i;
    SECItem dsaraw;
    unsigned char dsabuf[2*DSA_SUBPRIME_LEN];
    char *mpi;

    dsaraw.type = 0;
    dsaraw.data = dsabuf;
    dsaraw.len = sizeof(dsabuf);
    
    for (i = 0; p < pend; i++, p += pgpMpiLen(p)) {
        if (pubkey_algo == PGPPUBKEYALGO_RSA) {
            if (i >= 1) break;
            if (_dig &&
        (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT))
            {
                switch (i) {
                case 0:         /* m**d */
                    _dig->sigdata = pgpMpiItem(NULL, _dig->sigdata, p);
                    if (_dig->sigdata == NULL)
                        return 1;
                    break;
                default:
                    break;
                }
            }
            pgpPrtStr("", pgpSigRSA[i]);
        } else if (pubkey_algo == PGPPUBKEYALGO_DSA) {
            if (i >= 2) break;
            if (_dig &&
        (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT))
            {
                int xx;
                xx = 0;
                switch (i) {
                case 0:
                    memset(dsaraw.data, '\0', 2*DSA_SUBPRIME_LEN);
                                /* r */
                    xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data, p, pend);
                    break;
                case 1:         /* s */
                    xx = pgpMpiSet(pgpSigDSA[i], DSA_SUBPRIME_LEN*8, dsaraw.data + DSA_SUBPRIME_LEN, p, pend);
                    if (_dig->sigdata != NULL)
                        SECITEM_FreeItem(_dig->sigdata, PR_FALSE);
                    else if ((_dig->sigdata=SECITEM_AllocItem(NULL, NULL, 0)) == NULL) {
                        xx = 1;
                        break;
                    }
                    if (DSAU_EncodeDerSig(_dig->sigdata, &dsaraw) != SECSuccess)
                        xx = 1;
                    break;
                default:
                    xx = 1;
                    break;
                }
                if (xx) return xx;
            }
            pgpPrtStr("", pgpSigDSA[i]);
        } else {
            if (_print)
                fprintf(stderr, "%7zd", i);
        }
        mpi = pgpMpiStr(p);
        pgpPrtStr("", mpi);
        free(mpi);
        pgpPrtNL();
    }

    return 0;
}

static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
                     pgpDig _dig, pgpDigParams _digp)
{
    uint8_t version = h[0];
    uint8_t * p;
    size_t plen;
    int rc;

    switch (version) {
    case 3:
    {   pgpPktSigV3 v = (pgpPktSigV3)h;
        time_t t;

        if (v->hashlen != 5)
            return 1;

        pgpPrtVal("V3 ", pgpTagTbl, tag);
        pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
        pgpPrtVal(" ", pgpHashTbl, v->hash_algo);
        pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
        pgpPrtNL();
        t = pgpGrab(v->time, sizeof(v->time));
        if (_print)
            fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
        pgpPrtNL();
        pgpPrtHex(" signer keyid", v->signid, sizeof(v->signid));
        plen = pgpGrab(v->signhash16, sizeof(v->signhash16));
        pgpPrtHex(" signhash16", v->signhash16, sizeof(v->signhash16));
        pgpPrtNL();

        if (_digp && _digp->pubkey_algo == 0) {
            _digp->version = v->version;
            _digp->hashlen = v->hashlen;
            _digp->sigtype = v->sigtype;
            _digp->hash = memcpy(xmalloc(v->hashlen), &v->sigtype, v->hashlen);
            memcpy(_digp->time, v->time, sizeof(_digp->time));
            memcpy(_digp->signid, v->signid, sizeof(_digp->signid));
            _digp->pubkey_algo = v->pubkey_algo;
            _digp->hash_algo = v->hash_algo;
            memcpy(_digp->signhash16, v->signhash16, sizeof(_digp->signhash16));
        }

        p = ((uint8_t *)v) + sizeof(*v);
        rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _dig);
    }   break;
    case 4:
    {   pgpPktSigV4 v = (pgpPktSigV4)h;

        pgpPrtVal("V4 ", pgpTagTbl, tag);
        pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
        pgpPrtVal(" ", pgpHashTbl, v->hash_algo);
        pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
        pgpPrtNL();

        p = &v->hashlen[0];
        plen = pgpGrab(v->hashlen, sizeof(v->hashlen));
        p += sizeof(v->hashlen);

        if ((p + plen) > (h + hlen))
            return 1;

if (_debug && _print)
fprintf(stderr, "   hash[%zu] -- %s\n", plen, pgpHexStr(p, plen));
        if (_digp && _digp->pubkey_algo == 0) {
            _digp->hashlen = sizeof(*v) + plen;
            _digp->hash = memcpy(xmalloc(_digp->hashlen), v, _digp->hashlen);
        }
        (void) pgpPrtSubType(p, plen, v->sigtype, _digp);
        p += plen;

        plen = pgpGrab(p,2);
        p += 2;

        if ((p + plen) > (h + hlen))
            return 1;

if (_debug && _print)
fprintf(stderr, " unhash[%zu] -- %s\n", plen, pgpHexStr(p, plen));
        (void) pgpPrtSubType(p, plen, v->sigtype, _digp);
        p += plen;

        plen = pgpGrab(p,2);
        pgpPrtHex(" signhash16", p, 2);
        pgpPrtNL();

        if (_digp && _digp->pubkey_algo == 0) {
            _digp->version = v->version;
            _digp->sigtype = v->sigtype;
            _digp->pubkey_algo = v->pubkey_algo;
            _digp->hash_algo = v->hash_algo;
            memcpy(_digp->signhash16, p, sizeof(_digp->signhash16));
        }

        p += 2;
        if (p > (h + hlen))
            return 1;

        rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _dig);
    }   break;
    default:
        rc = 1;
        break;
    }
    return rc;
}

static const char * const pgpPublicRSA[] = {
    "    n =",
    "    e =",
    NULL,
};

#ifdef NOTYET
static const char * const pgpSecretRSA[] = {
    "    d =",
    "    p =",
    "    q =",
    "    u =",
    NULL,
};
#endif

static const char * const pgpPublicDSA[] = {
    "    p =",
    "    q =",
    "    g =",
    "    y =",
    NULL,
};

#ifdef NOTYET
static const char * const pgpSecretDSA[] = {
    "    x =",
    NULL,
};
#endif

static const char * const pgpPublicELGAMAL[] = {
    "    p =",
    "    g =",
    "    y =",
    NULL,
};

#ifdef NOTYET
static const char * const pgpSecretELGAMAL[] = {
    "    x =",
    NULL,
};
#endif

char * pgpHexStr(const uint8_t *p, size_t plen)
{
    char *t, *str;
    str = t = xmalloc(plen * 2 + 1);
    static char const hex[] = "0123456789abcdef";
    while (plen-- > 0) {
        size_t i;
        i = *p++;
        *t++ = hex[ (i >> 4) & 0xf ];
        *t++ = hex[ (i     ) & 0xf ];
    }
    *t = '\0';
    return str;
}

static const uint8_t * pgpPrtPubkeyParams(uint8_t pubkey_algo,
                const uint8_t *p, const uint8_t *h, size_t hlen,
                pgpDig _dig)
{
    size_t i;

    for (i = 0; p < &h[hlen]; i++, p += pgpMpiLen(p)) {
        char * mpi;
        if (pubkey_algo == PGPPUBKEYALGO_RSA) {
            if (i >= 2) break;
            if (_dig) {
                if (_dig->keydata == NULL) {
                    _dig->keydata = pgpNewPublicKey(rsaKey);
                    if (_dig->keydata == NULL)
                        break; /* error abort? */
                }
                switch (i) {
                case 0:         /* n */
                    pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.rsa.modulus, p);
                    break;
                case 1:         /* e */
                    pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.rsa.publicExponent, p);
                    break;
                default:
                    break;
                }
            }
            pgpPrtStr("", pgpPublicRSA[i]);
        } else if (pubkey_algo == PGPPUBKEYALGO_DSA) {
            if (i >= 4) break;
            if (_dig) {
                if (_dig->keydata == NULL) {
                    _dig->keydata = pgpNewPublicKey(dsaKey);
                    if (_dig->keydata == NULL)
                        break; /* error abort? */
                }
                switch (i) {
                case 0:         /* p */
                    pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.params.prime, p);
                    break;
                case 1:         /* q */
                    pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.params.subPrime, p);
                    break;
                case 2:         /* g */
                    pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.params.base, p);
                    break;
                case 3:         /* y */
                    pgpMpiItem(_dig->keydata->arena, &_dig->keydata->u.dsa.publicValue, p);
                    break;
                default:
                    break;
                }
            }
            pgpPrtStr("", pgpPublicDSA[i]);
        } else if (pubkey_algo == PGPPUBKEYALGO_ELGAMAL_ENCRYPT) {
            if (i >= 3) break;
            pgpPrtStr("", pgpPublicELGAMAL[i]);
        } else {
            if (_print)
                fprintf(stderr, "%7zd", i);
        }
        mpi = pgpMpiStr(p);
        pgpPrtStr("", mpi);
        free(mpi);
        pgpPrtNL();
    }

    return p;
}

static const uint8_t * pgpPrtSeckeyParams(uint8_t pubkey_algo,
                const uint8_t *p, const uint8_t *h, size_t hlen)
{
    size_t i;

    switch (*p) {
    case 0:
        pgpPrtVal(" ", pgpSymkeyTbl, *p);
        break;
    case 255:
        p++;
        pgpPrtVal(" ", pgpSymkeyTbl, *p);
        switch (p[1]) {
        case 0x00:
            pgpPrtVal(" simple ", pgpHashTbl, p[2]);
            p += 2;
            break;
        case 0x01:
            pgpPrtVal(" salted ", pgpHashTbl, p[2]);
            pgpPrtHex("", p+3, 8);
            p += 10;
            break;
        case 0x03:
            pgpPrtVal(" iterated/salted ", pgpHashTbl, p[2]);
            /* FIX: unsigned cast */
            i = (16 + (p[11] & 0xf)) << ((p[11] >> 4) + 6);
            pgpPrtHex("", p+3, 8);
            pgpPrtInt(" iter", i);
            p += 11;
            break;
        }
        break;
    default:
        pgpPrtVal(" ", pgpSymkeyTbl, *p);
        pgpPrtHex(" IV", p+1, 8);
        p += 8;
        break;
    }
    pgpPrtNL();

    p++;

#ifdef  NOTYET  /* XXX encrypted MPI's need to be handled. */
    for (i = 0; p < &h[hlen]; i++, p += pgpMpiLen(p)) {
        char *mpi;
        if (pubkey_algo == PGPPUBKEYALGO_RSA) {
            if (pgpSecretRSA[i] == NULL) break;
            pgpPrtStr("", pgpSecretRSA[i]);
        } else if (pubkey_algo == PGPPUBKEYALGO_DSA) {
            if (pgpSecretDSA[i] == NULL) break;
            pgpPrtStr("", pgpSecretDSA[i]);
        } else if (pubkey_algo == PGPPUBKEYALGO_ELGAMAL_ENCRYPT) {
            if (pgpSecretELGAMAL[i] == NULL) break;
            pgpPrtStr("", pgpSecretELGAMAL[i]);
        } else {
            if (_print)
                fprintf(stderr, "%7d", i);
        }
        mpi = pgpMpiStr(p);
        pgpPrtStr("", mpi);
        free(mpi);
        pgpPrtNL();
    }
#else
    pgpPrtHex(" secret", p, (hlen - (p - h) - 2));
    pgpPrtNL();
    p += (hlen - (p - h) - 2);
#endif
    pgpPrtHex(" checksum", p, 2);
    pgpPrtNL();

    return p;
}

static int pgpPrtKey(pgpTag tag, const uint8_t *h, size_t hlen,
                     pgpDig _dig, pgpDigParams _digp)
{
    uint8_t version = *h;
    const uint8_t * p;
    size_t plen;
    time_t t;
    int rc;

    switch (version) {
    case 3:
    {   pgpPktKeyV3 v = (pgpPktKeyV3)h;
        pgpPrtVal("V3 ", pgpTagTbl, tag);
        pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
        t = pgpGrab(v->time, sizeof(v->time));
        if (_print)
            fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
        plen = pgpGrab(v->valid, sizeof(v->valid));
        if (plen != 0)
            fprintf(stderr, " valid %zu days", plen);
        pgpPrtNL();

        if (_digp && _digp->tag == tag) {
            _digp->version = v->version;
            memcpy(_digp->time, v->time, sizeof(_digp->time));
            _digp->pubkey_algo = v->pubkey_algo;
        }

        p = ((uint8_t *)v) + sizeof(*v);
        p = pgpPrtPubkeyParams(v->pubkey_algo, p, h, hlen, _dig);
        rc = 0;
    }   break;
    case 4:
    {   pgpPktKeyV4 v = (pgpPktKeyV4)h;
        pgpPrtVal("V4 ", pgpTagTbl, tag);
        pgpPrtVal(" ", pgpPubkeyTbl, v->pubkey_algo);
        t = pgpGrab(v->time, sizeof(v->time));
        if (_print)
            fprintf(stderr, " %-24.24s(0x%08x)", ctime(&t), (unsigned)t);
        pgpPrtNL();

        if (_digp && _digp->tag == tag) {
            _digp->version = v->version;
            memcpy(_digp->time, v->time, sizeof(_digp->time));
            _digp->pubkey_algo = v->pubkey_algo;
        }

        p = ((uint8_t *)v) + sizeof(*v);
        p = pgpPrtPubkeyParams(v->pubkey_algo, p, h, hlen, _dig);
        if (!(tag == PGPTAG_PUBLIC_KEY || tag == PGPTAG_PUBLIC_SUBKEY))
            p = pgpPrtSeckeyParams(v->pubkey_algo, p, h, hlen);
        rc = 0;
    }   break;
    default:
        rc = 1;
        break;
    }
    return rc;
}

static int pgpPrtUserID(pgpTag tag, const uint8_t *h, size_t hlen,
                        pgpDigParams _digp)
{
    pgpPrtVal("", pgpTagTbl, tag);
    if (_print)
        fprintf(stderr, " \"%.*s\"", (int)hlen, (const char *)h);
    pgpPrtNL();
    if (_digp) {
        char * t;
        _digp->userid = t = memcpy(xmalloc(hlen+1), h, hlen);
        t[hlen] = '\0';
    }
    return 0;
}

static int pgpPrtComment(pgpTag tag, const uint8_t *h, size_t hlen)
{
    size_t i = hlen;

    pgpPrtVal("", pgpTagTbl, tag);
    if (_print)
        fprintf(stderr, " ");
    while (i > 0) {
        size_t j;
        if (*h >= ' ' && *h <= 'z') {
            if (_print)
                fprintf(stderr, "%s", (const char *)h);
            j = strlen((const char*)h);
            while (h[j] == '\0')
                j++;
        } else {
            pgpPrtHex("", h, i);
            j = i;
        }
        i -= j;
        h += j;
    }
    pgpPrtNL();
    return 0;
}

int pgpPubkeyFingerprint(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid)
{
    unsigned int val = *pkt;
    size_t plen, hlen;
    pgpTag tag;
    const uint8_t *se, *h;
    DIGEST_CTX ctx;
    int rc = -1;        /* assume failure. */

    if (!(val & 0x80))
        return rc;

    if (val & 0x40) {
        tag = (val & 0x3f);
        plen = pgpLen(pkt+1, &hlen);
    } else {
        tag = (val >> 2) & 0xf;
        plen = (1 << (val & 0x3));
        hlen = pgpGrab(pkt+1, plen);
    }
    if (pktlen > 0 && 1 + plen + hlen > pktlen)
        return rc;
    
    h = pkt + 1 + plen;

    switch (h[0]) {
    case 3:
      { pgpPktKeyV3 v = (pgpPktKeyV3) (h);
        se = (uint8_t *)(v + 1);
        switch (v->pubkey_algo) {
        case PGPPUBKEYALGO_RSA:
            se += pgpMpiLen(se);
            memmove(keyid, (se-8), 8);
            rc = 0;
            break;
        default:        /* TODO: md5 of mpi bodies (i.e. no length) */
            break;
        }
      } break;
    case 4:
      { pgpPktKeyV4 v = (pgpPktKeyV4) (h);
        uint8_t * d = NULL;
        uint8_t in[3];
        size_t dlen;
        int i;

        se = (uint8_t *)(v + 1);
        switch (v->pubkey_algo) {
        case PGPPUBKEYALGO_RSA:
            for (i = 0; i < 2; i++)
                se += pgpMpiLen(se);
            break;
        case PGPPUBKEYALGO_DSA:
            for (i = 0; i < 4; i++)
                se += pgpMpiLen(se);
            break;
        }

        ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
        i = se - h;
        in[0] = 0x99;
        in[1] = i >> 8;
        in[2] = i;
        (void) rpmDigestUpdate(ctx, in, 3);
        (void) rpmDigestUpdate(ctx, h, i);
        (void) rpmDigestFinal(ctx, (void **)&d, &dlen, 0);

        if (d) {
            memmove(keyid, (d + (dlen-8)), 8);
            free(d);
            rc = 0;
        }

      } break;
    }
    return rc;
}

int pgpExtractPubkeyFingerprint(const char * b64pkt, pgpKeyID_t keyid)
{
    uint8_t * pkt;
    size_t pktlen;

    if (b64decode(b64pkt, (void **)&pkt, &pktlen))
       return -1;      /* on error */
    (void) pgpPubkeyFingerprint(pkt, pktlen, keyid);
    pkt = _free(pkt);
    return sizeof(keyid);  /* no. of bytes of pubkey signid */
}

static int pgpPrtPkt(const uint8_t *pkt, size_t pleft, 
                     pgpDig _dig, pgpDigParams _digp)
{
    unsigned int val = *pkt;
    size_t pktlen;
    pgpTag tag;
    size_t plen;
    const uint8_t *h;
    size_t hlen = 0;
    int rc = 0;

    /* XXX can't deal with these. */
    if (!(val & 0x80))
        return -1;

    if (val & 0x40) {
        tag = (val & 0x3f);
        plen = pgpLen(pkt+1, &hlen);
    } else {
        tag = (val >> 2) & 0xf;
        plen = (1 << (val & 0x3));
        hlen = pgpGrab(pkt+1, plen);
    }

    pktlen = 1 + plen + hlen;
    if (pktlen > pleft)
        return -1;

    h = pkt + 1 + plen;
    switch (tag) {
    case PGPTAG_SIGNATURE:
        rc = pgpPrtSig(tag, h, hlen, _dig, _digp);
        break;
    case PGPTAG_PUBLIC_KEY:
        /* Get the public key fingerprint. */
        if (_digp) {
            if (!pgpPubkeyFingerprint(pkt, pktlen, _digp->signid))
                _digp->saved |= PGPDIG_SAVED_ID;
            else
                memset(_digp->signid, 0, sizeof(_digp->signid));
        }
        rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
        break;
    case PGPTAG_USER_ID:
        rc = pgpPrtUserID(tag, h, hlen, _digp);
        break;
    case PGPTAG_COMMENT:
    case PGPTAG_COMMENT_OLD:
        rc = pgpPrtComment(tag, h, hlen);
        break;

    case PGPTAG_PUBLIC_SUBKEY:
    case PGPTAG_SECRET_KEY:
    case PGPTAG_SECRET_SUBKEY:
    case PGPTAG_RESERVED:
    case PGPTAG_PUBLIC_SESSION_KEY:
    case PGPTAG_SYMMETRIC_SESSION_KEY:
    case PGPTAG_COMPRESSED_DATA:
    case PGPTAG_SYMMETRIC_DATA:
    case PGPTAG_MARKER:
    case PGPTAG_LITERAL_DATA:
    case PGPTAG_TRUST:
    case PGPTAG_PHOTOID:
    case PGPTAG_ENCRYPTED_MDC:
    case PGPTAG_MDC:
    case PGPTAG_PRIVATE_60:
    case PGPTAG_PRIVATE_62:
    case PGPTAG_CONTROL:
    default:
        pgpPrtVal("", pgpTagTbl, tag);
        pgpPrtHex("", h, hlen);
        pgpPrtNL();
        break;
    }

    return (rc ? -1 : pktlen);
}

pgpDig pgpNewDig(void)
{
    pgpDig dig = xcalloc(1, sizeof(*dig));

    return dig;
}

void pgpCleanDig(pgpDig dig)
{
    if (dig != NULL) {
        int i;
        dig->signature.userid = _free(dig->signature.userid);
        dig->pubkey.userid = _free(dig->pubkey.userid);
        dig->signature.hash = _free(dig->signature.hash);
        dig->pubkey.hash = _free(dig->pubkey.hash);
        /* FIX: double indirection */
        for (i = 0; i < 4; i++) {
            dig->signature.params[i] = _free(dig->signature.params[i]);
            dig->pubkey.params[i] = _free(dig->pubkey.params[i]);
        }

        memset(&dig->signature, 0, sizeof(dig->signature));
        memset(&dig->pubkey, 0, sizeof(dig->pubkey));

        if (dig->keydata != NULL) {
            SECKEY_DestroyPublicKey(dig->keydata);
            dig->keydata = NULL;
        }

        if (dig->sigdata != NULL) {
            SECITEM_ZfreeItem(dig->sigdata, PR_TRUE);
            dig->sigdata = NULL;
        }
    }
    return;
}

pgpDig pgpFreeDig(pgpDig dig)
{
    if (dig != NULL) {

        /* DUmp the signature/pubkey data. */
        pgpCleanDig(dig);
        dig = _free(dig);
    }
    return dig;
}

int pgpPrtPkts(const uint8_t * pkts, size_t pktlen, pgpDig dig, int printing)
{
    unsigned int val = *pkts;
    const uint8_t *p;
    size_t pleft;
    int len;
    pgpDigParams _digp = NULL;

    _print = printing;
    if (dig != NULL && (val & 0x80)) {
        pgpTag tag = (val & 0x40) ? (val & 0x3f) : ((val >> 2) & 0xf);
        _digp = (tag == PGPTAG_SIGNATURE) ? &dig->signature : &dig->pubkey;
        _digp->tag = tag;
    } else
        _digp = NULL;

    for (p = pkts, pleft = pktlen; p < (pkts + pktlen); p += len, pleft -= len) {
        len = pgpPrtPkt(p, pleft, dig, _digp);
        if (len <= 0)
            return len;
        if (len > pleft)        /* XXX shouldn't happen */
            break;
    }
    return 0;
}

static SECOidTag getSigAlg(pgpDigParams sigp)
{
    SECOidTag sigalg = SEC_OID_UNKNOWN;
    if (sigp->pubkey_algo == PGPPUBKEYALGO_DSA) {
        /* assume SHA1 for now, NSS doesn't have SECOID's for other types */
        sigalg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
    } else if (sigp->pubkey_algo == PGPPUBKEYALGO_RSA) {
        switch (sigp->hash_algo) {
        case PGPHASHALGO_MD5:
            sigalg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
            break;
        case PGPHASHALGO_MD2:
            sigalg = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
            break;
        case PGPHASHALGO_SHA1:
            sigalg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
            break;
        case PGPHASHALGO_SHA256:
            sigalg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
            break;
        case PGPHASHALGO_SHA384:
             sigalg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
            break;
        case PGPHASHALGO_SHA512:
            sigalg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
            break;
        default:
            break;
        }
    }
    return sigalg;
}

char *pgpIdentItem(pgpDigParams digp)
{
    char *id = NULL;
    if (digp) {
        
        char *signid = pgpHexStr(digp->signid+4, sizeof(digp->signid)-4);
        rasprintf(&id, _("V%d %s/%s %s, key ID %s"),
                        digp->version,
                        pgpValStr(pgpPubkeyTbl, digp->pubkey_algo),
                        pgpValStr(pgpHashTbl, digp->hash_algo),
                        pgpValStr(pgpTagTbl, digp->tag),
                        signid);
        free(signid);
    } else {
        id = xstrdup(_("(none)"));
    }
    return id;
}

rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx)
{
    DIGEST_CTX ctx = rpmDigestDup(hashctx);
    uint8_t *hash = NULL;
    size_t hashlen = 0;
    rpmRC res = RPMRC_FAIL; /* assume failure */
    pgpDigParams sigp = dig ? &dig->signature : NULL;

    if (sigp == NULL || ctx == NULL)
        goto exit;

    if (sigp->hash != NULL)
        rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);

    if (sigp->version == 4) {
        /* V4 trailer is six octets long (rfc4880) */
        uint8_t trailer[6];
        uint32_t nb = sigp->hashlen;
        nb = htonl(nb);
        trailer[0] = sigp->version;
        trailer[1] = 0xff;
        memcpy(trailer+2, &nb, 4);
        rpmDigestUpdate(ctx, trailer, sizeof(trailer));
    }

    rpmDigestFinal(ctx, (void **)&hash, &hashlen, 0);

    /* Compare leading 16 bits of digest for quick check. */
    if (hash && memcmp(hash, sigp->signhash16, 2) == 0) {
        SECItem digest = { .type = siBuffer, .data = hash, .len = hashlen };
        SECItem *sig = dig->sigdata;

        /* Zero-pad RSA signature to expected size if necessary */
        if (sigp->pubkey_algo == PGPPUBKEYALGO_RSA) {
            size_t siglen = SECKEY_SignatureLen(dig->keydata);
            if (siglen > sig->len) {
                size_t pad = siglen - sig->len;
                if ((sig = SECITEM_AllocItem(NULL, NULL, siglen)) == NULL) {
                    goto exit;
                }
                memset(sig->data, 0, pad);
                memcpy(sig->data+pad, dig->sigdata->data, dig->sigdata->len);
            }
        }

        /* XXX VFY_VerifyDigest() is deprecated in NSS 3.12 */ 
        if (VFY_VerifyDigest(&digest, dig->keydata, sig,
                             getSigAlg(sigp), NULL) == SECSuccess) {
            res = RPMRC_OK;
        }

        if (sig != dig->sigdata) {
            SECITEM_ZfreeItem(sig, 1);
        }
    }

exit:
    free(hash);
    return res;

}

static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
{
    const char * enc = NULL;
    const char * crcenc = NULL;
    uint8_t * dec;
    uint8_t * crcdec;
    size_t declen;
    size_t crclen;
    uint32_t crcpkt, crc;
    const char * armortype = NULL;
    char * t, * te;
    int pstate = 0;
    pgpArmor ec = PGPARMOR_ERR_NO_BEGIN_PGP;    /* XXX assume failure */
    if (pgpIsPkt(b)) {
#ifdef NOTYET   /* XXX ASCII Pubkeys only, please. */
        ec = 0; /* XXX fish out pkt type. */
#endif
        goto exit;
    }

#define TOKEQ(_s, _tok) (rstreqn((_s), (_tok), sizeof(_tok)-1))

    for (t = (char *)b; t && *t; t = te) {
        int rc;
        if ((te = strchr(t, '\n')) == NULL)
            te = t + strlen(t);
        else
            te++;

        switch (pstate) {
        case 0:
            armortype = NULL;
            if (!TOKEQ(t, "-----BEGIN PGP "))
                continue;
            t += sizeof("-----BEGIN PGP ")-1;

            rc = pgpValTok(pgpArmorTbl, t, te);
            if (rc < 0) {
                ec = PGPARMOR_ERR_UNKNOWN_ARMOR_TYPE;
                goto exit;
            }
            if (rc != PGPARMOR_PUBKEY)  /* XXX ASCII Pubkeys only, please. */
                continue;

            armortype = pgpValStr(pgpArmorTbl, rc);
            t += strlen(armortype);
            if (!TOKEQ(t, "-----"))
                continue;
            t += sizeof("-----")-1;
            if (*t != '\n' && *t != '\r')
                continue;
            *t = '\0';
            pstate++;
            break;
        case 1:
            enc = NULL;
            rc = pgpValTok(pgpArmorKeyTbl, t, te);
            if (rc >= 0)
                continue;
            if (*t != '\n' && *t != '\r') {
                pstate = 0;
                continue;
            }
            enc = te;           /* Start of encoded packets */
            pstate++;
            break;
        case 2:
            crcenc = NULL;
            if (*t != '=')
                continue;
            *t++ = '\0';        /* Terminate encoded packets */
            crcenc = t;         /* Start of encoded crc */
            pstate++;
            break;
        case 3:
            pstate = 0;
            if (!TOKEQ(t, "-----END PGP ")) {
                ec = PGPARMOR_ERR_NO_END_PGP;
                goto exit;
            }
            *t = '\0';          /* Terminate encoded crc */
            t += sizeof("-----END PGP ")-1;
            if (t >= te) continue;

            if (armortype == NULL) /* XXX can't happen */
                continue;
            if (!rstreqn(t, armortype, strlen(armortype)))
                continue;

            t += strlen(armortype);
            if (t >= te) continue;

            if (!TOKEQ(t, "-----")) {
                ec = PGPARMOR_ERR_NO_END_PGP;
                goto exit;
            }
            t += (sizeof("-----")-1);
            if (t >= te) continue;
            /* XXX permitting \r here is not RFC-2440 compliant <shrug> */
            if (!(*t == '\n' || *t == '\r')) continue;

            crcdec = NULL;
            crclen = 0;
            if (b64decode(crcenc, (void **)&crcdec, &crclen) != 0) {
                ec = PGPARMOR_ERR_CRC_DECODE;
                goto exit;
            }
            crcpkt = pgpGrab(crcdec, crclen);
            crcdec = _free(crcdec);
            dec = NULL;
            declen = 0;
            if (b64decode(enc, (void **)&dec, &declen) != 0) {
                ec = PGPARMOR_ERR_BODY_DECODE;
                goto exit;
            }
            crc = pgpCRC(dec, declen);
            if (crcpkt != crc) {
                ec = PGPARMOR_ERR_CRC_CHECK;
                goto exit;
            }
            if (pkt) *pkt = dec;
            if (pktlen) *pktlen = declen;
            ec = PGPARMOR_PUBKEY;       /* XXX ASCII Pubkeys only, please. */
            goto exit;
            break;
        }
    }
    ec = PGPARMOR_NONE;

exit:
    return ec;
}

pgpArmor pgpReadPkts(const char * fn, uint8_t ** pkt, size_t * pktlen)
{
    uint8_t * b = NULL;
    ssize_t blen;
    pgpArmor ec = PGPARMOR_ERR_NO_BEGIN_PGP;    /* XXX assume failure */
    int rc = rpmioSlurp(fn, &b, &blen);
    if (rc == 0 && b != NULL && blen > 0) {
        ec = decodePkts(b, pkt, pktlen);
    }
    free(b);
    return ec;
}

pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen)
{
    pgpArmor ec = PGPARMOR_ERR_NO_BEGIN_PGP;    /* XXX assume failure */
    if (armor && strlen(armor) > 0) {
        uint8_t *b = (uint8_t*) xstrdup(armor);
        ec = decodePkts(b, pkt, pktlen);
        free(b);
    }
    return ec;
}

char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns)
{
    char *buf = NULL, *val = NULL;
    char *enc = b64encode(s, ns, -1);
    char *crc = b64crc(s, ns);
    const char *valstr = pgpValStr(pgpArmorTbl, atype);

    if (crc != NULL && enc != NULL) {
        rasprintf(&buf, "%s=%s", enc, crc);
    }
    free(crc);
    free(enc);

    rasprintf(&val, "-----BEGIN PGP %s-----\nVersion: rpm-" VERSION " (NSS-3)\n\n"
                    "%s\n-----END PGP %s-----\n",
                    valstr, buf != NULL ? buf : "", valstr);

    free(buf);
    return val;
}

/*
 * Only flag for re-initialization here, in the common case the child
 * exec()'s something else shutting down NSS here would be waste of time.
 */
static void at_forkchild(void)
{
    _new_process = 1;
}

int rpmInitCrypto(void) {
    int rc = 0;

    /* Lazy NSS shutdown for re-initialization after fork() */
    if (_new_process && _crypto_initialized) {
        rpmFreeCrypto();
    }

    /* Initialize NSS if not already done */
    if (!_crypto_initialized) {
        if (NSS_NoDB_Init(NULL) != SECSuccess) {
            rc = -1;
        } else {
            _crypto_initialized = 1;
        }
    }

    /* Register one post-fork handler per process */
    if (_new_process) {
        if (pthread_atfork(NULL, NULL, at_forkchild) != 0) {
            rpmlog(RPMLOG_WARNING, _("Failed to register fork handler: %m\n"));
        }
        _new_process = 0;
    }
    return rc;
}

int rpmFreeCrypto(void) 
{
    int rc = 0;
    if (_crypto_initialized) {
        rc = (NSS_Shutdown() != SECSuccess);
        _crypto_initialized = 0;
    }
    return rc;
}