Add a signature verification method to keyring

- At least within rpm itself, callers aren't particularly interested
  in the actual key that matches a given signature, they just want
  simple good/bad/nokey answers. This makes life simple for them
  and avoids exposing further rpmPubkey internals through APIs.

diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
index 74b152a..6ebaab8 100644 (file)
--- a/rpmio/rpmkeyring.c
+++ b/rpmio/rpmkeyring.c
@@ -255,3 +255,21 @@ rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig)
 
     return res;
 }
+
+rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
+{
+    rpmRC rc = RPMRC_FAIL;
+
+    if (sig && ctx) {
+       pgpDigParams pgpkey = NULL;
+       rpmPubkey key = findbySig(keyring, sig);
+
+       if (key)
+           pgpkey = key->pgpkey;
+
+       /* We call verify even if key not found for a signature sanity check */
+       rc = pgpVerifySignature(pgpkey, sig, ctx);
+    }
+
+    return rc;
+}

diff --git a/rpmio/rpmkeyring.h b/rpmio/rpmkeyring.h
index 8b4378b..9fcab5f 100644 (file)
--- a/rpmio/rpmkeyring.h
+++ b/rpmio/rpmkeyring.h
@@ -41,6 +41,15 @@ int rpmKeyringAddKey(rpmKeyring keyring, rpmPubkey key);
 rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig);
 
 /** \ingroup rpmkeyring
+ * Perform combined keyring lookup and signature verification
+ * @param keyring      keyring handle
+ * @param sig          OpenPGP signature parameters
+ * @param ctx          signature hash context
+ * @return             RPMRC_OK / RPMRC_FAIL / RPMRC_NOKEY
+ */
+rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx);
+
+/** \ingroup rpmkeyring
  * Reference a keyring.
  * @param keyring      keyring handle
  * @return             new keyring reference