Changeset View
Changeset View
Standalone View
Standalone View
head/lib/libsecureboot/openpgp/opgp_key.c
| Show First 20 Lines • Show All 203 Lines • ▼ Show 20 Lines | |||||
| { | { | ||||
| static int once = 0; | static int once = 0; | ||||
| if (!once) { | if (!once) { | ||||
| once = 1; | once = 1; | ||||
| LIST_INIT(&trust_list); | LIST_INIT(&trust_list); | ||||
| } | } | ||||
| if (key) { | if (key && openpgp_trust_get(key->id) == NULL) { | ||||
| DEBUG_PRINTF(2, ("openpgp_trust_add(%s)\n", key->id)); | if (ve_anchor_verbose_get()) | ||||
| printf("openpgp_trust_add(%s)\n", key->id); | |||||
| LIST_INSERT_HEAD(&trust_list, key, entries); | LIST_INSERT_HEAD(&trust_list, key, entries); | ||||
| } | } | ||||
| } | } | ||||
| /** | /** | ||||
| * @brief add trust anchor from buf | |||||
| */ | |||||
| int | |||||
| openpgp_trust_add_buf(unsigned char *buf, size_t nbytes) | |||||
| { | |||||
| OpenPGP_key *key; | |||||
| if ((key = load_key_buf(buf, nbytes))) { | |||||
| openpgp_trust_add(key); | |||||
| } | |||||
| return (key != NULL); | |||||
| } | |||||
| /** | |||||
| * @brief if keyID is in our list clobber it | |||||
| * | |||||
| * @return true if keyID removed | |||||
| */ | |||||
| int | |||||
| openpgp_trust_revoke(const char *keyID) | |||||
| { | |||||
| OpenPGP_key *key, *tkey; | |||||
| openpgp_trust_add(NULL); /* initialize if needed */ | |||||
| LIST_FOREACH(key, &trust_list, entries) { | |||||
| if (strcmp(key->id, keyID) == 0) { | |||||
| tkey = key; | |||||
| LIST_REMOVE(tkey, entries); | |||||
| printf("openpgp_trust_revoke(%s)\n", key->id); | |||||
| memset(key, 0, sizeof(OpenPGP_key)); | |||||
| free(key); | |||||
| return (1); | |||||
| } | |||||
| } | |||||
| return (0); | |||||
| } | |||||
| /** | |||||
| * @brief if keyID is in our list return the key | * @brief if keyID is in our list return the key | ||||
| * | * | ||||
| * @return key or NULL | * @return key or NULL | ||||
| */ | */ | ||||
| OpenPGP_key * | OpenPGP_key * | ||||
| openpgp_trust_get(const char *keyID) | openpgp_trust_get(const char *keyID) | ||||
| { | { | ||||
| OpenPGP_key *key; | OpenPGP_key *key; | ||||
| Show All 19 Lines | load_key_file(const char *kfile) | ||||
| data = read_file(kfile, &n); | data = read_file(kfile, &n); | ||||
| key = load_key_buf(data, n); | key = load_key_buf(data, n); | ||||
| free(data); | free(data); | ||||
| openpgp_trust_add(key); | openpgp_trust_add(key); | ||||
| return (key); | return (key); | ||||
| } | } | ||||
| #ifdef HAVE_TA_ASC_H | |||||
| #include <ta_asc.h> | #include <ta_asc.h> | ||||
| #endif | |||||
| #ifndef _STANDALONE | #ifndef _STANDALONE | ||||
| /* we can lookup keyID in filesystem */ | /* we can lookup keyID in filesystem */ | ||||
| static const char *trust_store[] = { | static const char *trust_store[] = { | ||||
| "/var/db/trust", | "/var/db/trust", | ||||
| "/etc/db/trust", | "/etc/db/trust", | ||||
| NULL, | NULL, | ||||
| ▲ Show 20 Lines • Show All 62 Lines • ▼ Show 20 Lines | for (tp = ta_ASC; *tp; tp++) { | ||||
| key = load_key_buf((unsigned char *)cp, n); | key = load_key_buf((unsigned char *)cp, n); | ||||
| free(cp); | free(cp); | ||||
| if (key) { | if (key) { | ||||
| openpgp_trust_add(key); | openpgp_trust_add(key); | ||||
| once++; | once++; | ||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| } | |||||
| #endif | #endif | ||||
| } | |||||
| return (once); | return (once); | ||||
| } | } | ||||
| /** | /** | ||||
| * @brief test that we can verify a signature | * @brief test that we can verify a signature | ||||
| * | * | ||||
| * Unlike X.509 certificates, we only support RSA keys | * Unlike X.509 certificates, we only support RSA keys | ||||
| * so we stop after first successful signature verification | * so we stop after first successful signature verification | ||||
| Show All 30 Lines | |||||