@@ -220,6 +220,7 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509);
void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len);
void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key);
+void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey);
int key2bin(RSA *key, unsigned char *pub);
int sign_hash(const char *algo, const unsigned char *hash, int size, const char *keyfile, const char *keypass, unsigned char *sig);
@@ -753,6 +753,36 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
free(pkey);
}
+/*
+ * Calculate keyid of the public_key part of EVP_PKEY
+ */
+void calc_pkeyid_v2(uint32_t *keyid, char *str, EVP_PKEY *pkey)
+{
+ X509_PUBKEY *pk = NULL;
+ const unsigned char *public_key = NULL;
+ int len;
+
+ /* This is more generic than i2d_PublicKey() */
+ if (X509_PUBKEY_set(&pk, pkey) &&
+ X509_PUBKEY_get0_param(NULL, &public_key, &len, NULL, pk)) {
+ uint8_t sha1[SHA_DIGEST_LENGTH];
+
+ SHA1(public_key, len, sha1);
+ /* sha1[12 - 19] is exactly keyid from gpg file */
+ memcpy(keyid, sha1 + 16, 4);
+ } else
+ *keyid = 0;
+
+ log_debug("keyid: ");
+ log_debug_dump(keyid, 4);
+ sprintf(str, "%x", __be32_to_cpup(keyid));
+
+ if (params.verbose > LOG_INFO)
+ log_info("keyid: %s\n", str);
+
+ X509_PUBKEY_free(pk);
+}
+
static EVP_PKEY *read_priv_pkey(const char *keyfile, const char *keypass)
{
FILE *fp;
Introduce calc_pkeyid_v2() to replace calc_keyid_v2() when we switch to EVP_PKEY from RSA keys. Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- src/imaevm.h | 1 + src/libimaevm.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+)