libalpm
Arch Linux Package Manager Library
Signature checking

Functions to check signatures More...

Collaboration diagram for Signature checking:

Data Structures

struct  alpm_pgpkey_t
 A PGP key. More...
 
struct  alpm_sigresult_t
 Signature result. More...
 
struct  alpm_siglist_t
 Signature list. More...
 

Enumerations

enum  alpm_siglevel_t {
  ALPM_SIG_PACKAGE = (1 << 0) , ALPM_SIG_PACKAGE_OPTIONAL = (1 << 1) , ALPM_SIG_PACKAGE_MARGINAL_OK = (1 << 2) , ALPM_SIG_PACKAGE_UNKNOWN_OK = (1 << 3) ,
  ALPM_SIG_DATABASE = (1 << 10) , ALPM_SIG_DATABASE_OPTIONAL = (1 << 11) , ALPM_SIG_DATABASE_MARGINAL_OK = (1 << 12) , ALPM_SIG_DATABASE_UNKNOWN_OK = (1 << 13) ,
  ALPM_SIG_USE_DEFAULT = (1 << 30)
}
 PGP signature verification options. More...
 
enum  alpm_sigstatus_t {
  ALPM_SIGSTATUS_VALID , ALPM_SIGSTATUS_KEY_EXPIRED , ALPM_SIGSTATUS_SIG_EXPIRED , ALPM_SIGSTATUS_KEY_UNKNOWN ,
  ALPM_SIGSTATUS_KEY_DISABLED , ALPM_SIGSTATUS_INVALID
}
 PGP signature verification status return codes. More...
 
enum  alpm_sigvalidity_t { ALPM_SIGVALIDITY_FULL , ALPM_SIGVALIDITY_MARGINAL , ALPM_SIGVALIDITY_NEVER , ALPM_SIGVALIDITY_UNKNOWN }
 The trust level of a PGP key. More...
 

Functions

int alpm_pkg_check_pgp_signature (alpm_pkg_t *pkg, alpm_siglist_t *siglist)
 Check the PGP signature for the given package file.
 
int alpm_db_check_pgp_signature (alpm_db_t *db, alpm_siglist_t *siglist)
 Check the PGP signature for the given database.
 
int alpm_siglist_cleanup (alpm_siglist_t *siglist)
 Clean up and free a signature result list.
 
int alpm_decode_signature (const char *base64_data, unsigned char **data, size_t *data_len)
 Decode a loaded signature in base64 form.
 
int alpm_extract_keyid (alpm_handle_t *handle, const char *identifier, const unsigned char *sig, const size_t len, alpm_list_t **keys)
 Extract the Issuer Key ID from a signature.
 

Detailed Description

Functions to check signatures


Data Structure Documentation

◆ alpm_pgpkey_t

struct alpm_pgpkey_t

A PGP key.

Data Fields
alpm_time_t created When the key was created.
void * data The actual key data.
char * email Email of the key's owner.
alpm_time_t expires When the key expires.
char * fingerprint The key's fingerprint.
unsigned int length The length of the key.
char * name Name of the key's owner.
char pubkey_algo A character representing the encryption algorithm used by the public key.

? = unknown R = RSA D = DSA E = EDDSA

unsigned int revoked has the key been revoked
char * uid UID of the key.

◆ alpm_sigresult_t

struct alpm_sigresult_t

Signature result.

Contains the key, status, and validity of a given signature.

Collaboration diagram for alpm_sigresult_t:
Data Fields
alpm_pgpkey_t key The key of the signature.
alpm_sigstatus_t status The status of the signature.
alpm_sigvalidity_t validity The validity of the signature.

◆ alpm_siglist_t

struct alpm_siglist_t

Signature list.

Contains the number of signatures found and a pointer to an array of results. The array is of size count.

Collaboration diagram for alpm_siglist_t:
Data Fields
size_t count The amount of results in the array.
alpm_sigresult_t * results An array of sigresults.

Enumeration Type Documentation

◆ alpm_siglevel_t

PGP signature verification options.

Enumerator
ALPM_SIG_PACKAGE 

Packages require a signature.

ALPM_SIG_PACKAGE_OPTIONAL 

Packages do not require a signature, but check packages that do have signatures.

ALPM_SIG_PACKAGE_MARGINAL_OK 
ALPM_SIG_PACKAGE_UNKNOWN_OK 

Allow packages with signatures that are unknown trust.

ALPM_SIG_DATABASE 

Databases require a signature.

ALPM_SIG_DATABASE_OPTIONAL 

Databases do not require a signature, but check databases that do have signatures.

ALPM_SIG_DATABASE_MARGINAL_OK 

Allow databases with signatures that are marginal trust.

ALPM_SIG_DATABASE_UNKNOWN_OK 

Allow databases with signatures that are unknown trust.

ALPM_SIG_USE_DEFAULT 

The Default siglevel.

◆ alpm_sigstatus_t

PGP signature verification status return codes.

Enumerator
ALPM_SIGSTATUS_VALID 

Signature is valid.

ALPM_SIGSTATUS_KEY_EXPIRED 

The key has expired.

ALPM_SIGSTATUS_SIG_EXPIRED 

The signature has expired.

ALPM_SIGSTATUS_KEY_UNKNOWN 

The key is not in the keyring.

ALPM_SIGSTATUS_KEY_DISABLED 

The key has been disabled.

ALPM_SIGSTATUS_INVALID 

The signature is invalid.

◆ alpm_sigvalidity_t

The trust level of a PGP key.

Enumerator
ALPM_SIGVALIDITY_FULL 

The signature is fully trusted.

ALPM_SIGVALIDITY_MARGINAL 

The signature is marginally trusted.

ALPM_SIGVALIDITY_NEVER 

The signature is never trusted.

ALPM_SIGVALIDITY_UNKNOWN 

The signature has unknown trust.

Function Documentation

◆ alpm_db_check_pgp_signature()

int alpm_db_check_pgp_signature ( alpm_db_t * db,
alpm_siglist_t * siglist )

Check the PGP signature for the given database.

Parameters
dbthe database to check
siglista pointer to storage for signature results
Returns
0 if valid, -1 if an error occurred or signature is invalid

References ALPM_ERR_OK, ALPM_ERR_WRONG_ARGS, ASSERT, and RET_ERR.

◆ alpm_decode_signature()

int alpm_decode_signature ( const char * base64_data,
unsigned char ** data,
size_t * data_len )

Decode a loaded signature in base64 form.

Parameters
base64_datathe signature to attempt to decode
datathe decoded data; must be freed by the caller
data_lenthe length of the returned data
Returns
0 on success, -1 on failure to properly decode

References base64_decode(), error, and MALLOC.

Referenced by alpm_pkg_get_sig().

◆ alpm_extract_keyid()

int alpm_extract_keyid ( alpm_handle_t * handle,
const char * identifier,
const unsigned char * sig,
const size_t len,
alpm_list_t ** keys )

Extract the Issuer Key ID from a signature.

Parameters
handlethe context handle
identifierthe identifier of the key. This may be the name of the package or the path to the package.
sigPGP signature
lenlength of signature
keysa pointer to storage for key IDs
Returns
0 on success, -1 on error

References _, ALPM_LOG_ERROR, length_check(), and parse_subpacket().

Referenced by alpm_pkg_load(), and check_keyring().

◆ alpm_pkg_check_pgp_signature()

int alpm_pkg_check_pgp_signature ( alpm_pkg_t * pkg,
alpm_siglist_t * siglist )

Check the PGP signature for the given package file.

Parameters
pkgthe package to check
siglista pointer to storage for signature results
Returns
0 if valid, -1 if an error occurred or signature is invalid

References ALPM_ERR_OK, ALPM_ERR_WRONG_ARGS, ASSERT, and RET_ERR.

◆ alpm_siglist_cleanup()

int alpm_siglist_cleanup ( alpm_siglist_t * siglist)

Clean up and free a signature result list.

Note that this does not free the siglist object itself in case that was allocated on the stack; this is the responsibility of the caller.

Parameters
siglista pointer to storage for signature results
Returns
0 on success, -1 on error

References ASSERT, alpm_siglist_t::count, alpm_pgpkey_t::data, alpm_pgpkey_t::fingerprint, alpm_sigresult_t::key, and alpm_siglist_t::results.

Referenced by check_validity(), and sync_db_validate().