annotate common/listutil.c @ 701:31c3d2bc9880

(Issue22) Fix painting problems with fixed size in windows style. We now use fusion style also on Windows for the combobox to let it be shown in the same way as we do on GNU/Linux.
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 02 Jul 2014 11:26:42 +0200
parents aa48ea7ead1f
children 44257ecdae6d
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
7 */
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include "listutil.h"
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 #include <stdio.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 #include <stdlib.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12 #include <errno.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 #include <fcntl.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 #include <unistd.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15 #include <sys/types.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16 #include <sys/stat.h>
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
17 #include <string.h>
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
19 #include "strhelp.h"
630
aa48ea7ead1f Include logging in listutil (fixes linux build)
Andre Heinecke <andre.heinecke@intevation.de>
parents: 626
diff changeset
20 #include "logging.h"
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
21
359
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 292
diff changeset
22 #ifdef RELEASE_BUILD
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
23 #include "pubkey-release.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
24 #else
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
25 #include "pubkey-test.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
26 #endif
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
27
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
28 #pragma GCC diagnostic ignored "-Wconversion"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
29 /* Polarssl mh.h contains a conversion which gcc warns about */
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
30 #include <polarssl/pk.h>
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
31 #include <polarssl/base64.h>
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
32 #include <polarssl/sha256.h>
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
33 #pragma GCC diagnostic pop
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
34
178
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
35 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
36
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
37 /**
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
38 * @brief Read a file into memory.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
39 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
40 * The caller needs to free data
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
41 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
42 * @param[in] fileName Name of the file.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
43 * @param[out] data the file content
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
44 * @param[out] size size in bytes of the file content.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
45 * @param[in] max_size the maximum amount of bytes to read.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
46 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
47 * @return 0 on success an error code otherwise.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
48 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
49 #define READ_FILE_UNREADABLE -1
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
50 #define READ_FILE_TOO_LARGE -2
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
51 #define READ_FILE_NO_MEMORY -3
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
52 #define READ_FILE_READ_FAILED -4
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
53 #define READ_FILE_INVALID_CALL -5
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
54 static int read_file(const char *file_name, char **data, size_t *size,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
55 const size_t max_size)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
56 {
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
57 FILE *f;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
58 long file_size;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
59
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
60 if (!file_name || !data || !size || !max_size) {
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
61 return READ_FILE_INVALID_CALL;
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
62 }
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
63
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
64 f = fopen(file_name, "rb");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
65 if (f == NULL)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
66 return READ_FILE_UNREADABLE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
67
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
68 fseek(f, 0, SEEK_END);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
69 file_size = ftell(f);
89
00f9b91f4039 Do not leak a byte if the file is empty
Andre Heinecke <aheinecke@intevation.de>
parents: 86
diff changeset
70 if (file_size <= 0){
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
71 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
72 return READ_FILE_UNREADABLE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
73 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
74
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
75 fseek(f, 0, SEEK_SET);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
76
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
77 if (file_size + 1 == 0) {
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
78 fclose(f);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
79 return READ_FILE_TOO_LARGE;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
80 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
81 *size = (size_t) file_size;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
82
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
83 if (*size > max_size) {
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
84 fclose(f);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
85 return READ_FILE_TOO_LARGE;
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
86 }
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
87
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
88 *data = (char *) malloc( *size + 1 );
61
b8cd573bd3ac Fix check for malloc result, found by cppcheck.
Bernhard Reiter <bernhard@intevation.de>
parents: 59
diff changeset
89 if (*data == NULL) {
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
90 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
91 return READ_FILE_NO_MEMORY;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
92 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
93
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
94 if (fread(*data, 1, *size, f) != *size) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
95 free(*data);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
96 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
97 return READ_FILE_READ_FAILED;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
99
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
100 fclose(f);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
101
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
102 (*data)[*size] = '\0';
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
103
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
104 return 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
106
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
107 int verify_list(const char *data, const size_t size)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
108 {
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
109 int ret = -1;
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
110 pk_context pub_key_ctx;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
111 char *p;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
112 /* Fixed key size of 3072 implies the sizes*/
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
113 const size_t sig_b64_size = 512;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
114 size_t sig_size = 384;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
115
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
116 char signature_b64[sig_b64_size + 1];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
117 unsigned char signature[sig_size];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
118 /* Hash algroithm is sha256 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
119 unsigned char hash[32];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
120
93
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
121 if (!data || !size) {
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
122 return -1;
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
123 }
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
124
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
125 /* Fetch the signature from the first line od data */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
126 p = strchr(data, '\r');
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
127 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
128 /* printf("Invalid data. Signature might be too long.\n"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
129 return -1;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
130 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
131 strncpy(signature_b64, data + 2, sig_b64_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
132 signature_b64[sig_b64_size] = '\0';
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
133
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
134 ret = base64_decode(signature, &sig_size,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
135 (unsigned char *)signature_b64, sig_b64_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
136
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
137 if (ret != 0 || sig_size != 384) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
138 /* printf("failed to decode signature\n"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
139 return -1;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
140 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
141
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
142 /* Hash is calculated over the data without the first line.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
143 * linebreaks are \r\n so the first char of the new line is
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
144 * p+2 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
145 p += 2;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
146 /* Size of the data to hash is the size - signature line
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
147 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
148 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
149
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
150 pk_init(&pub_key_ctx);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
151 #if 0
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
152 {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
153 int i;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
154 FILE *foo = fopen("/tmp/testdump", "w");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
155 FILE *foo2 = fopen("/tmp/rawdump", "w");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
156 for (i=0; i< (int)(size - sig_b64_size - 2); i++)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
157 fprintf (foo, "%c", p[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
158 for (i=0; i< (int)(size); i++)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
159 fprintf (foo2, "%c", data[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
160 fclose(foo);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
161 printf ("Hash: \n");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
162 for (i=0; i<32; i++) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
163 printf ("%x", hash[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
164 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
165 printf("\n");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
166 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
167 #endif
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
168
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
169 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
170 public_key_pem_size);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
171 if (ret != 0) {
626
f595fcbe3e76 Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
172 ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
173 pk_free(&pub_key_ctx);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
174 return ret;
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
175 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
176
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
177 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
178 signature, sig_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
179
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
180 if (ret != 0) {
626
f595fcbe3e76 Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
181 ERRORPRINTF ("pk_verify failed with -0x%04x\n\n", -ret);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
182 }
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
183 pk_free(&pub_key_ctx);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
184
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
185 return ret;
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
186 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
187
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
188 list_status_t read_and_verify_list(const char *file_name, char **data,
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
189 size_t *size)
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
190 {
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
191 list_status_t retval = UnknownError;
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
192 *data = NULL;
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
193 *size = 0;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
194 int ret = 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
195
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
196 ret = read_file(file_name, data, size, MAX_FILESIZE);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
197
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
198 /* printf ("Ret: %i \n", ret); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
199 if (ret != 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
200 if (ret == READ_FILE_TOO_LARGE) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
201 return TooLarge;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
202 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
203 if (ret == READ_FILE_UNREADABLE) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
204 /* TODO: work with errno ? */
178
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
205 /* errsv = errno; */
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
206 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
207 return SeekFailed;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
208 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
209 if (ret == READ_FILE_READ_FAILED) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
210 /* TODO: work with ferror() or feof() ? */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
211 return ReadFailed;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
212 }
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
213 return UnknownError;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
214 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
215
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
216 if (!*data || !*size) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
217 /* File is probably empty */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
218 return UnknownError;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
219 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
220
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
221 if (**data != 'S') {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
222 retval = InvalidFormat;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
223 } else {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
224 ret = verify_list (*data, *size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
225 if (ret == 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
226 /* Hooray */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
227 return Valid;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
228 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
229 if (ret == -1) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
230 /* our error */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
231 retval = InvalidFormat;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
232 } else {
92
4980b0deb773 Fix memleak in case of invalid signature
Andre Heinecke <aheinecke@intevation.de>
parents: 89
diff changeset
233 retval = InvalidSignature;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
234 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
235 }
9
2ad9a96518e3 Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents: 7
diff changeset
236
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
237 if (retval != Valid && *data) {
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
238 free(*data);
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
239 *data = NULL;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
240 *size = 0;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
241 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
242 return retval;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
243 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
244
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
245 char **
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
246 get_certs_from_list (char *data, const size_t size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
247 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
248 char *cur = data;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
249 char **retval = NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
250
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
251 if (!data || !size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
252 {
626
f595fcbe3e76 Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents: 404
diff changeset
253 ERRORPRINTF ("Invalid call to get_certs_to_remove \n");
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
254 return NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
255 }
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
256
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
257 while (cur)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
258 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
259 char *next = strchr(cur, '\n');
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
260 if (strlen(cur) > 3 && (cur[0] == 'I' || cur[0] == 'R') &&
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
261 next - cur > 4)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
262 {
292
57867a523dcf Do not cut off the last character of the line. (next-cur does not include \n)
Andre Heinecke <aheinecke@intevation.de>
parents: 286
diff changeset
263 size_t len = (size_t) (next - cur - 3);
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
264 /* Remove I: or R: at the beginning and \r\n at the end */
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
265 strv_append(&retval, cur + 2, len);
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
266 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
267 cur = next ? (next + 1) : NULL;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
268 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
269 return retval;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
270 }
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
271

http://wald.intevation.org/projects/trustbridge/