rpm/backport-Support-ECDSA-in-key-parsing.patch

From 8bc74f9ec48386beadf396ba5830aacf6672df4c Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Thu, 11 Apr 2024 14:13:22 +0200
Subject: [PATCH] Support ECDSA in key parsing

Conflict:modify rpmpgp_internal.c in rpmio; adapt context because 296f2256b90
and b5b9600834 is not mearged
Reference:https://github.com/rpm-software-management/rpmpgp_legacy/commit/ca6c204cfa95f016ba03a73d5e6e4451cf8d4d6d
---
 rpmio/rpmpgp_internal.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
index 0fcd220..610a9b2 100644
--- a/rpmio/rpmpgp_internal.c
+++ b/rpmio/rpmpgp_internal.c
@@ -576,11 +576,6 @@ static int pgpCurveByOid(const uint8_t *p, int l)
     return 0;
 }
 
-static int isKey(pgpDigParams keyp)
-{
-    return keyp->tag == PGPTAG_PUBLIC_KEY || keyp->tag == PGPTAG_PUBLIC_SUBKEY;
-}
-
 static int pgpPrtPubkeyParams(uint8_t pubkey_algo,
 		const uint8_t *p, const uint8_t *h, size_t hlen,
 		pgpDigParams keyp)
@@ -588,12 +583,12 @@ static int pgpPrtPubkeyParams(uint8_t pubkey_algo,
     int rc = 1; /* assume failure */
     const uint8_t *pend = h + hlen;
     int curve = 0;
-    if (!isKey(keyp))
+    if (keyp->tag != PGPTAG_PUBLIC_KEY && keyp->tag != PGPTAG_PUBLIC_SUBKEY)
 	return rc;
     /* We can't handle more than one key at a time */
     if (keyp->alg)
 	return rc;
-    if (pubkey_algo == PGPPUBKEYALGO_EDDSA) {
+    if (pubkey_algo == PGPPUBKEYALGO_EDDSA || pubkey_algo == PGPPUBKEYALGO_ECDSA) {
 	int len = (hlen > 1) ? p[0] : 0;
 	if (len == 0 || len == 0xff || len >= hlen)
 	    return rc;
@@ -686,8 +681,9 @@ static int getPubkeyFingerprint(const uint8_t *h, size_t hlen,
 	    return rc;
 	se = (uint8_t *)(v + 1);
 	switch (v->pubkey_algo) {
+	case PGPPUBKEYALGO_ECDSA:
 	case PGPPUBKEYALGO_EDDSA:
-	    /* EdDSA has a curve id before the MPIs */
+	    /* ECC has a curve id before the MPIs */
 	    if (se[0] == 0x00 || se[0] == 0xff || pend - se < 1 + se[0])
 		return rc;
 	    se += 1 + se[0];
@@ -1206,8 +1202,11 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx)
     if (sig == NULL || ctx == NULL)
 	goto exit;
 
+    /* make sure the dig param types are correct */
     if (sig->tag != PGPTAG_SIGNATURE)
 	goto exit;
+    if (key && key->tag != PGPTAG_PUBLIC_KEY && key->tag != PGPTAG_PUBLIC_SUBKEY)
+	goto exit;
 
     if (sig->hash != NULL)
 	rpmDigestUpdate(ctx, sig->hash, sig->hashlen);
@@ -1235,8 +1234,6 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx)
      * done all we can, return NOKEY to indicate "looks okay but dunno."
      */
     if (key && key->alg) {
-	if (!isKey(key))
-	    goto exit;
 	pgpDigAlg sa = sig->alg;
 	pgpDigAlg ka = key->alg;
 	if (sa && sa->verify && sig->pubkey_algo == key->pubkey_algo) {
-- 
2.23.0
Support sm2p256v1 of ECDSA and sm3 of hash 2024-10-29 14:18:24 +08:00			`From 8bc74f9ec48386beadf396ba5830aacf6672df4c Mon Sep 17 00:00:00 2001`
			`From: Michael Schroeder <mls@suse.de>`
			`Date: Thu, 11 Apr 2024 14:13:22 +0200`
			`Subject: [PATCH] Support ECDSA in key parsing`

			`Conflict:modify rpmpgp_internal.c in rpmio; adapt context because 296f2256b90`
			`and b5b9600834 is not mearged`
			`Reference:https://github.com/rpm-software-management/rpmpgp_legacy/commit/ca6c204cfa95f016ba03a73d5e6e4451cf8d4d6d`
			`---`
			`rpmio/rpmpgp_internal.c \| 17 +++++++----------`
			`1 file changed, 7 insertions(+), 10 deletions(-)`

			`diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c`
			`index 0fcd220..610a9b2 100644`
			`--- a/rpmio/rpmpgp_internal.c`
			`+++ b/rpmio/rpmpgp_internal.c`
			`@@ -576,11 +576,6 @@ static int pgpCurveByOid(const uint8_t *p, int l)`
			`return 0;`
			`}`

			`-static int isKey(pgpDigParams keyp)`
			`-{`
			`- return keyp->tag == PGPTAG_PUBLIC_KEY \|\| keyp->tag == PGPTAG_PUBLIC_SUBKEY;`
			`-}`
			`-`
			`static int pgpPrtPubkeyParams(uint8_t pubkey_algo,`
			`const uint8_t p, const uint8_t h, size_t hlen,`
			`pgpDigParams keyp)`
			`@@ -588,12 +583,12 @@ static int pgpPrtPubkeyParams(uint8_t pubkey_algo,`
			`int rc = 1; /* assume failure */`
			`const uint8_t *pend = h + hlen;`
			`int curve = 0;`
			`- if (!isKey(keyp))`
			`+ if (keyp->tag != PGPTAG_PUBLIC_KEY && keyp->tag != PGPTAG_PUBLIC_SUBKEY)`
			`return rc;`
			`/* We can't handle more than one key at a time */`
			`if (keyp->alg)`
			`return rc;`
			`- if (pubkey_algo == PGPPUBKEYALGO_EDDSA) {`
			`+ if (pubkey_algo == PGPPUBKEYALGO_EDDSA \|\| pubkey_algo == PGPPUBKEYALGO_ECDSA) {`
			`int len = (hlen > 1) ? p[0] : 0;`
			`if (len == 0 \|\| len == 0xff \|\| len >= hlen)`
			`return rc;`
			`@@ -686,8 +681,9 @@ static int getPubkeyFingerprint(const uint8_t *h, size_t hlen,`
			`return rc;`
			`se = (uint8_t *)(v + 1);`
			`switch (v->pubkey_algo) {`
			`+ case PGPPUBKEYALGO_ECDSA:`
			`case PGPPUBKEYALGO_EDDSA:`
			`- /* EdDSA has a curve id before the MPIs */`
			`+ /* ECC has a curve id before the MPIs */`
			`if (se[0] == 0x00 \|\| se[0] == 0xff \|\| pend - se < 1 + se[0])`
			`return rc;`
			`se += 1 + se[0];`
			`@@ -1206,8 +1202,11 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx)`
			`if (sig == NULL \|\| ctx == NULL)`
			`goto exit;`

			`+ /* make sure the dig param types are correct */`
			`if (sig->tag != PGPTAG_SIGNATURE)`
			`goto exit;`
			`+ if (key && key->tag != PGPTAG_PUBLIC_KEY && key->tag != PGPTAG_PUBLIC_SUBKEY)`
			`+ goto exit;`

			`if (sig->hash != NULL)`
			`rpmDigestUpdate(ctx, sig->hash, sig->hashlen);`
			`@@ -1235,8 +1234,6 @@ rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx)`
			`* done all we can, return NOKEY to indicate "looks okay but dunno."`
			`*/`
			`if (key && key->alg) {`
			`- if (!isKey(key))`
			`- goto exit;`
			`pgpDigAlg sa = sig->alg;`
			`pgpDigAlg ka = key->alg;`
			`if (sa && sa->verify && sig->pubkey_algo == key->pubkey_algo) {`
			`--`
			`2.23.0`