From 3a75a9f6c4fea02cc067a0d4836dd196d819d5b1 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Thu, 24 Nov 2011 11:39:36 +0200 Subject: [PATCH] Make gpg-pubkey headers properly verifiable - The pubkey headers have been rpm v3 all the way until now, whoops :) Pull the actual key part of the header into immutable region and stomp a sha1 digest on the result, allowing a (much) better verification on loading. This part inspired by stumbling on a related discussion on rpm5.org mailing list so credits where... - Since we only insert either literally constant data or data retrieved from the actual key into the immutable part of the header, the calculated digest is constant for a given key regardless of where and when it was imported. This gives some added verification and/or cross-checking possibilities (eg was the imported key exactly the same as what shipped etc) --- lib/rpmts.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/lib/rpmts.c b/lib/rpmts.c index 356b291..111879b 100644 --- a/lib/rpmts.c +++ b/lib/rpmts.c @@ -419,8 +419,26 @@ static int makePubkeyHeader(rpmts ts, rpmPubkey key, Header * hdrp) headerPutUint32(h, RPMTAG_BUILDTIME, &keytime, 1); headerPutString(h, RPMTAG_SOURCERPM, "(none)"); - *hdrp = headerLink(h); - rc = 0; + /* Reload the lot to immutable region and stomp sha1 digest on it */ + h = headerReload(h, RPMTAG_HEADERIMMUTABLE); + if (h != NULL) { + char *sha1 = NULL; + const void *blob = headerUnload(h); + size_t blen = headerSizeof(h, HEADER_MAGIC_NO); + + /* XXX FIXME: bah, this code is repeated in way too many places */ + DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); + rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic)); + rpmDigestUpdate(ctx, blob, blen); + rpmDigestFinal(ctx, (void **)&sha1, NULL, 1); + + if (sha1) { + headerPutString(h, RPMTAG_SHA1HEADER, sha1); + *hdrp = headerLink(h); + rc = 0; + } + free(sha1); + } exit: headerFree(h); -- 2.7.4