3026f48 libpkg: extend pkgsign API to include key operations — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

libpkg: extend pkgsign API to include key operations

Kyle Evans committed 2 years ago

commit 3026f4872e4223265f72f3f457748d3cd4c75139
parent a5cdab3

3 files changed +52 -0

modified libpkg/pkg.h.in

@@ -534,6 +534,10 @@ typedef enum {

 	 */
 	EPKG_NONETWORK,
 	EPKG_ENOENT,
 	/**
 	 * The requested operation is not supported.
 	 */
 	EPKG_OPNOTSUPP,
 } pkg_error_t;
 /**

modified libpkg/pkgsign.c

@@ -187,3 +187,30 @@ pkgsign_impl_name(const struct pkgsign_ctx *ctx)

 	return (ctx->impl->pi_name);
 }
 int
 pkgsign_generate(struct pkgsign_ctx *ctx, const struct iovec *iov, int niov)
 {
 	if (ctx->impl->pi_ops->pkgsign_generate == NULL)
 		return (EPKG_OPNOTSUPP);
 	return (*ctx->impl->pi_ops->pkgsign_generate)(ctx, iov, niov);
 }
 int
 pkgsign_keyinfo(struct pkgsign_ctx *ctx, struct iovec **iov, int *niov)
 {
 	if (ctx->impl->pi_ops->pkgsign_keyinfo == NULL)
 		return (EPKG_OPNOTSUPP);
 	return (*ctx->impl->pi_ops->pkgsign_keyinfo)(ctx, iov, niov);
 }
 int
 pkgsign_pubkey(struct pkgsign_ctx *ctx, char **pubkey, size_t *pubkeylen)
 {
 	if (ctx->impl->pi_ops->pkgsign_pubkey == NULL)
 		return (EPKG_OPNOTSUPP);
 	return (*ctx->impl->pi_ops->pkgsign_pubkey)(ctx, pubkey, pubkeylen);
 }

modified libpkg/private/pkgsign.h

@@ -31,6 +31,7 @@

 struct pkgsign_ctx;
 struct pkgsign_ops;
 struct pkgsign_impl;
 struct iovec;
 /*
  * This should be embedded at the beginning of your pkgsign implementation's

@@ -68,6 +69,17 @@ typedef int pkgsign_verify_cb(const struct pkgsign_ctx *, const char *,

 typedef int pkgsign_verify_cert_cb(const struct pkgsign_ctx *, unsigned char *,
     size_t, unsigned char *, size_t, int);
 /* Generate a signing key. */
 typedef int pkgsign_generate_cb(struct pkgsign_ctx *, const struct iovec *,
     int);
 /* Return information about a signing key. */
 typedef int pkgsign_keyinfo_cb(struct pkgsign_ctx *, struct iovec **,
     int *);
 /* Return the public key. */
 typedef int pkgsign_pubkey_cb(struct pkgsign_ctx *, char **, size_t *);
 struct pkgsign_ops {
 	/*
 	 * pkgsign_ctx_size <= sizeof(pkgsign_ctx) is wrong, but

@@ -79,6 +91,11 @@ struct pkgsign_ops {

 	pkgsign_new_cb			*pkgsign_new;
 	pkgsign_free_cb			*pkgsign_free;
 	/* Optional key generation/information handlers. */
 	pkgsign_generate_cb		*pkgsign_generate;
 	pkgsign_keyinfo_cb		*pkgsign_keyinfo;
 	pkgsign_pubkey_cb		*pkgsign_pubkey;
 	/* Non-optional. */
 	pkgsign_sign_cb			*pkgsign_sign;

@@ -98,6 +115,10 @@ int pkgsign_verify(const struct pkgsign_ctx *, const char *, unsigned char *,

 int pkgsign_verify_cert(const struct pkgsign_ctx *, unsigned char *, size_t,
     unsigned char *, size_t, int);
 int pkgsign_generate(struct pkgsign_ctx *, const struct iovec *, int);
 int pkgsign_keyinfo(struct pkgsign_ctx *, struct iovec **, int *);
 int pkgsign_pubkey(struct pkgsign_ctx *, char **, size_t *);
 const char *pkgsign_impl_name(const struct pkgsign_ctx *);
 /* Newer signature types will encode a $PKGSIGN:<signer_type>$ */