#include <pakfire/string.h>
#include <pakfire/util.h>
+// The maximum length of the comment
+#define COMMENT_MAX 1024
+
// Size of the buffer to allocate for error messages
#define ERROR_MAX 1024
// The public (or private) key
EVP_PKEY* pkey;
+
+ // Comment
+ char comment[COMMENT_MAX];
};
struct pakfire_key_public_key {
}
static int pakfire_key_create(struct pakfire_key** key, struct pakfire* pakfire,
- const pakfire_key_algo_t algo, const pakfire_key_id id, EVP_PKEY* pkey) {
+ const pakfire_key_algo_t algo, const pakfire_key_id id, EVP_PKEY* pkey, const char* comment) {
+ int r;
+
if (!pkey) {
errno = EINVAL;
return 1;
EVP_PKEY_up_ref(pkey);
k->pkey = pkey;
+ // Store the comment
+ if (comment) {
+ r = pakfire_string_set(k->comment, comment);
+ if (r)
+ goto ERROR;
+
+ // Remove any trailing newline
+ pakfire_remove_trailing_newline(k->comment);
+ }
+
*key = k;
return 0;
return NULL;
}
+PAKFIRE_EXPORT const char* pakfire_key_get_comment(struct pakfire_key* key) {
+ return &key->comment;
+}
+
PAKFIRE_EXPORT int pakfire_key_generate(struct pakfire_key** key, struct pakfire* pakfire,
- const pakfire_key_algo_t algo) {
+ const pakfire_key_algo_t algo, const char* comment) {
EVP_PKEY* pkey = NULL;
EVP_PKEY_CTX* pctx = NULL;
pakfire_key_id key_id;
}
// Create a key object
- r = pakfire_key_create(key, pakfire, algo, key_id, pkey);
+ r = pakfire_key_create(key, pakfire, algo, key_id, pkey, comment);
if (r)
goto ERROR;
*/
static int pakfire_key_import_secret_key(struct pakfire_key** key,
- struct pakfire* pakfire, const struct pakfire_key_private_key* buffer) {
+ struct pakfire* pakfire, const char* comment,
+ const struct pakfire_key_private_key* buffer) {
const pakfire_key_algo_t algo = PAKFIRE_KEY_ALGO_ED25519;
EVP_PKEY* pkey = NULL;
char error[ERROR_MAX];
}
// Create a new key object
- r = pakfire_key_create(key, pakfire, algo, buffer->id, pkey);
+ r = pakfire_key_create(key, pakfire, algo, buffer->id, pkey, comment);
if (r)
goto ERROR;
}
static int pakfire_key_import_public_key(struct pakfire_key** key,
- struct pakfire* pakfire, const struct pakfire_key_public_key* buffer) {
+ struct pakfire* pakfire, const char* comment,
+ const struct pakfire_key_public_key* buffer) {
const pakfire_key_algo_t algo = PAKFIRE_KEY_ALGO_ED25519;
EVP_PKEY* pkey = NULL;
char error[ERROR_MAX];
}
// Create a new key object
- r = pakfire_key_create(key, pakfire, algo, buffer->id, pkey);
+ r = pakfire_key_create(key, pakfire, algo, buffer->id, pkey, comment);
if (r)
goto ERROR;
size_t length = 0;
size_t lineno = 0;
+ char comment[COMMENT_MAX];
+
for (;;) {
ssize_t bytes_read = getline(&line, &length, f);
if (bytes_read < 0)
break;
- // Decode the key
- r = pakfire_b64decode(pakfire, &buffer, &buffer_length, line);
- if (r) {
- ERROR(pakfire, "Could not decode the key: %m\n");
- errno = EINVAL;
- r = 1;
- goto ERROR;
- }
+ // Increment the line counter
+ lineno++;
+
+ switch (lineno) {
+ // The first line must start with "untrusted comment:"
+ case 1:
+ if (!pakfire_string_startswith(line, "untrusted comment: ")) {
+ ERROR(pakfire, "The first line must start with 'untrusted comment: '"
+ " and not %s\n", line);
+ errno = EINVAL;
+ r = 1;
+ goto ERROR;
+ }
+
+ // Copy the comment
+ r = pakfire_string_set(comment, line + strlen("untrusted comment: "));
+ if (r) {
+ ERROR(pakfire, "Could not copy comment: %m\n");
+ r = 1;
+ goto ERROR;
+ }
- // What kind of key do we have?
- switch (buffer_length) {
- // Public Key
- case sizeof(struct pakfire_key_public_key):
- r = pakfire_key_import_public_key(key, pakfire,
- (struct pakfire_key_public_key*)buffer);
break;
- // Private Key
- case sizeof(struct pakfire_key_private_key):
- r = pakfire_key_import_secret_key(key, pakfire,
- (struct pakfire_key_private_key*)buffer);
+ // The second line should hold the key
+ case 2:
+ // Decode the key
+ r = pakfire_b64decode(pakfire, &buffer, &buffer_length, line);
+ if (r) {
+ ERROR(pakfire, "Could not decode the key: %m\n");
+ errno = EINVAL;
+ r = 1;
+ goto ERROR;
+ }
+
+ // What kind of key do we have?
+ switch (buffer_length) {
+ // Public Key
+ case sizeof(struct pakfire_key_public_key):
+ r = pakfire_key_import_public_key(key, pakfire, comment,
+ (struct pakfire_key_public_key*)buffer);
+ break;
+
+ // Private Key
+ case sizeof(struct pakfire_key_private_key):
+ r = pakfire_key_import_secret_key(key, pakfire, comment,
+ (struct pakfire_key_private_key*)buffer);
+ break;
+
+ // Unknown key
+ default:
+ ERROR(pakfire, "Unsupported key type\n");
+ errno = ENOTSUP;
+ r = 1;
+ goto ERROR;
+ }
break;
- // Unknown key
+ // Ignore any further data
default:
- ERROR(pakfire, "Unsupported key type\n");
- errno = ENOTSUP;
- r = 1;
- goto ERROR;
+ break;
}
}
BIO* bio = NULL;
BIO* b64 = NULL;
+ // Write the comment
+ if (*key->comment) {
+ r = fprintf(f, "untrusted comment: %s\n", key->comment);
+ if (r < 0) {
+ ERROR(key->pakfire, "Could not write comment: %m\n");
+ r = 1;
+ goto ERROR;
+ }
+ }
+
// Setup the base64 encoder
b64 = BIO_new(BIO_f_base64());
if (!b64) {
int r = EXIT_FAILURE;
// Try to call pakfire_key_generate() with some invalid inputs
- ASSERT_ERRNO(pakfire_key_generate(&key, t->pakfire, PAKFIRE_KEY_ALGO_NULL), EINVAL);
+ ASSERT_ERRNO(pakfire_key_generate(&key, t->pakfire,
+ PAKFIRE_KEY_ALGO_NULL, "Key 1"), EINVAL);
// Generate a new key using ed25519
- ASSERT_SUCCESS(pakfire_key_generate(&key, t->pakfire, PAKFIRE_KEY_ALGO_ED25519));
+ ASSERT_SUCCESS(pakfire_key_generate(&key, t->pakfire,
+ PAKFIRE_KEY_ALGO_ED25519, "Key 2"));
// Write the public key to the console
ASSERT_SUCCESS(pakfire_key_export(key, stdout, PAKFIRE_KEY_EXPORT_MODE_PUBLIC));
ASSERT(f = test_mktemp(NULL));
// Generate a new key using ed25519
- ASSERT_SUCCESS(pakfire_key_generate(&key, t->pakfire, PAKFIRE_KEY_ALGO_ED25519));
+ ASSERT_SUCCESS(pakfire_key_generate(&key, t->pakfire,
+ PAKFIRE_KEY_ALGO_ED25519, "Key 1"));
// Write the public key to the console
ASSERT_SUCCESS(pakfire_key_export(key, stdout, PAKFIRE_KEY_EXPORT_MODE_PUBLIC));
projects / pakfire.git / commitdiff
