Changeset View
Changeset View
Standalone View
Standalone View
head/lib/libsecureboot/openpgp/opgp_key.c
Show First 20 Lines • Show All 203 Lines • ▼ Show 20 Lines | |||||
{ | { | ||||
static int once = 0; | static int once = 0; | ||||
if (!once) { | if (!once) { | ||||
once = 1; | once = 1; | ||||
LIST_INIT(&trust_list); | LIST_INIT(&trust_list); | ||||
} | } | ||||
if (key) { | if (key && openpgp_trust_get(key->id) == NULL) { | ||||
DEBUG_PRINTF(2, ("openpgp_trust_add(%s)\n", key->id)); | if (ve_anchor_verbose_get()) | ||||
printf("openpgp_trust_add(%s)\n", key->id); | |||||
LIST_INSERT_HEAD(&trust_list, key, entries); | LIST_INSERT_HEAD(&trust_list, key, entries); | ||||
} | } | ||||
} | } | ||||
/** | /** | ||||
* @brief add trust anchor from buf | |||||
*/ | |||||
int | |||||
openpgp_trust_add_buf(unsigned char *buf, size_t nbytes) | |||||
{ | |||||
OpenPGP_key *key; | |||||
if ((key = load_key_buf(buf, nbytes))) { | |||||
openpgp_trust_add(key); | |||||
} | |||||
return (key != NULL); | |||||
} | |||||
/** | |||||
* @brief if keyID is in our list clobber it | |||||
* | |||||
* @return true if keyID removed | |||||
*/ | |||||
int | |||||
openpgp_trust_revoke(const char *keyID) | |||||
{ | |||||
OpenPGP_key *key, *tkey; | |||||
openpgp_trust_add(NULL); /* initialize if needed */ | |||||
LIST_FOREACH(key, &trust_list, entries) { | |||||
if (strcmp(key->id, keyID) == 0) { | |||||
tkey = key; | |||||
LIST_REMOVE(tkey, entries); | |||||
printf("openpgp_trust_revoke(%s)\n", key->id); | |||||
memset(key, 0, sizeof(OpenPGP_key)); | |||||
free(key); | |||||
return (1); | |||||
} | |||||
} | |||||
return (0); | |||||
} | |||||
/** | |||||
* @brief if keyID is in our list return the key | * @brief if keyID is in our list return the key | ||||
* | * | ||||
* @return key or NULL | * @return key or NULL | ||||
*/ | */ | ||||
OpenPGP_key * | OpenPGP_key * | ||||
openpgp_trust_get(const char *keyID) | openpgp_trust_get(const char *keyID) | ||||
{ | { | ||||
OpenPGP_key *key; | OpenPGP_key *key; | ||||
Show All 19 Lines | load_key_file(const char *kfile) | ||||
data = read_file(kfile, &n); | data = read_file(kfile, &n); | ||||
key = load_key_buf(data, n); | key = load_key_buf(data, n); | ||||
free(data); | free(data); | ||||
openpgp_trust_add(key); | openpgp_trust_add(key); | ||||
return (key); | return (key); | ||||
} | } | ||||
#ifdef HAVE_TA_ASC_H | |||||
#include <ta_asc.h> | #include <ta_asc.h> | ||||
#endif | |||||
#ifndef _STANDALONE | #ifndef _STANDALONE | ||||
/* we can lookup keyID in filesystem */ | /* we can lookup keyID in filesystem */ | ||||
static const char *trust_store[] = { | static const char *trust_store[] = { | ||||
"/var/db/trust", | "/var/db/trust", | ||||
"/etc/db/trust", | "/etc/db/trust", | ||||
NULL, | NULL, | ||||
▲ Show 20 Lines • Show All 62 Lines • ▼ Show 20 Lines | for (tp = ta_ASC; *tp; tp++) { | ||||
key = load_key_buf((unsigned char *)cp, n); | key = load_key_buf((unsigned char *)cp, n); | ||||
free(cp); | free(cp); | ||||
if (key) { | if (key) { | ||||
openpgp_trust_add(key); | openpgp_trust_add(key); | ||||
once++; | once++; | ||||
} | } | ||||
} | } | ||||
} | } | ||||
} | |||||
#endif | #endif | ||||
} | |||||
return (once); | return (once); | ||||
} | } | ||||
/** | /** | ||||
* @brief test that we can verify a signature | * @brief test that we can verify a signature | ||||
* | * | ||||
* Unlike X.509 certificates, we only support RSA keys | * Unlike X.509 certificates, we only support RSA keys | ||||
* so we stop after first successful signature verification | * so we stop after first successful signature verification | ||||
Show All 30 Lines |