Mercurial > trustbridge
annotate common/listutil.c @ 701:31c3d2bc9880
(Issue22) Fix painting problems with fixed size in windows style.
We now use fusion style also on Windows for the combobox to
let it be shown in the same way as we do on GNU/Linux.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Wed, 02 Jul 2014 11:26:42 +0200 |
parents | aa48ea7ead1f |
children | 44257ecdae6d |
rev | line source |
---|---|
404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=2) | |
5 * and comes with ABSOLUTELY NO WARRANTY! | |
6 * See LICENSE.txt for details. | |
7 */ | |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #include "listutil.h" |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 #include <stdio.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
11 #include <stdlib.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 #include <errno.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <fcntl.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 #include <unistd.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
15 #include <sys/types.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 #include <sys/stat.h> |
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
17 #include <string.h> |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
18 |
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
19 #include "strhelp.h" |
630
aa48ea7ead1f
Include logging in listutil (fixes linux build)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
626
diff
changeset
|
20 #include "logging.h" |
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
21 |
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
292
diff
changeset
|
22 #ifdef RELEASE_BUILD |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
23 #include "pubkey-release.h" |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
24 #else |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
25 #include "pubkey-test.h" |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
26 #endif |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
27 |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
28 #pragma GCC diagnostic ignored "-Wconversion" |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
29 /* Polarssl mh.h contains a conversion which gcc warns about */ |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
30 #include <polarssl/pk.h> |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
31 #include <polarssl/base64.h> |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
32 #include <polarssl/sha256.h> |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
33 #pragma GCC diagnostic pop |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
34 |
178
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
35 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES) |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
36 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
37 /** |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
38 * @brief Read a file into memory. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
39 * |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
40 * The caller needs to free data |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
41 * |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
42 * @param[in] fileName Name of the file. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
43 * @param[out] data the file content |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
44 * @param[out] size size in bytes of the file content. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
45 * @param[in] max_size the maximum amount of bytes to read. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
46 * |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
47 * @return 0 on success an error code otherwise. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
48 */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
49 #define READ_FILE_UNREADABLE -1 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
50 #define READ_FILE_TOO_LARGE -2 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
51 #define READ_FILE_NO_MEMORY -3 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
52 #define READ_FILE_READ_FAILED -4 |
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
53 #define READ_FILE_INVALID_CALL -5 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
54 static int read_file(const char *file_name, char **data, size_t *size, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
55 const size_t max_size) |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
56 { |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
57 FILE *f; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
58 long file_size; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
59 |
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
60 if (!file_name || !data || !size || !max_size) { |
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
61 return READ_FILE_INVALID_CALL; |
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
62 } |
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
63 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
64 f = fopen(file_name, "rb"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
65 if (f == NULL) |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
66 return READ_FILE_UNREADABLE; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
67 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
68 fseek(f, 0, SEEK_END); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
69 file_size = ftell(f); |
89
00f9b91f4039
Do not leak a byte if the file is empty
Andre Heinecke <aheinecke@intevation.de>
parents:
86
diff
changeset
|
70 if (file_size <= 0){ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
71 fclose(f); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
72 return READ_FILE_UNREADABLE; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
73 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
74 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
75 fseek(f, 0, SEEK_SET); |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
76 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
77 if (file_size + 1 == 0) { |
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
78 fclose(f); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
79 return READ_FILE_TOO_LARGE; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
80 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
81 *size = (size_t) file_size; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
82 |
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
83 if (*size > max_size) { |
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
84 fclose(f); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
85 return READ_FILE_TOO_LARGE; |
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
86 } |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
87 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
88 *data = (char *) malloc( *size + 1 ); |
61
b8cd573bd3ac
Fix check for malloc result, found by cppcheck.
Bernhard Reiter <bernhard@intevation.de>
parents:
59
diff
changeset
|
89 if (*data == NULL) { |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
90 fclose(f); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
91 return READ_FILE_NO_MEMORY; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
92 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
93 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
94 if (fread(*data, 1, *size, f) != *size) { |
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
95 free(*data); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
96 fclose(f); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
97 return READ_FILE_READ_FAILED; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
98 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
99 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
100 fclose(f); |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
101 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
102 (*data)[*size] = '\0'; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
103 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
104 return 0; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
105 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
106 |
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
107 int verify_list(const char *data, const size_t size) |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
108 { |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
109 int ret = -1; |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
110 pk_context pub_key_ctx; |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
111 char *p; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
112 /* Fixed key size of 3072 implies the sizes*/ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
113 const size_t sig_b64_size = 512; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
114 size_t sig_size = 384; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
115 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
116 char signature_b64[sig_b64_size + 1]; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
117 unsigned char signature[sig_size]; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
118 /* Hash algroithm is sha256 */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
119 unsigned char hash[32]; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
120 |
93
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
121 if (!data || !size) { |
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
122 return -1; |
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
123 } |
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
124 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
125 /* Fetch the signature from the first line od data */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
126 p = strchr(data, '\r'); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
127 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) { |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
128 /* printf("Invalid data. Signature might be too long.\n"); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
129 return -1; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
130 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
131 strncpy(signature_b64, data + 2, sig_b64_size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
132 signature_b64[sig_b64_size] = '\0'; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
133 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
134 ret = base64_decode(signature, &sig_size, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
135 (unsigned char *)signature_b64, sig_b64_size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
136 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
137 if (ret != 0 || sig_size != 384) { |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
138 /* printf("failed to decode signature\n"); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
139 return -1; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
140 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
141 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
142 /* Hash is calculated over the data without the first line. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
143 * linebreaks are \r\n so the first char of the new line is |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
144 * p+2 */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
145 p += 2; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
146 /* Size of the data to hash is the size - signature line |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
147 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
148 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0); |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
149 |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
150 pk_init(&pub_key_ctx); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
151 #if 0 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
152 { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
153 int i; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
154 FILE *foo = fopen("/tmp/testdump", "w"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
155 FILE *foo2 = fopen("/tmp/rawdump", "w"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
156 for (i=0; i< (int)(size - sig_b64_size - 2); i++) |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
157 fprintf (foo, "%c", p[i]); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
158 for (i=0; i< (int)(size); i++) |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
159 fprintf (foo2, "%c", data[i]); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
160 fclose(foo); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
161 printf ("Hash: \n"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
162 for (i=0; i<32; i++) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
163 printf ("%x", hash[i]); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
164 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
165 printf("\n"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
166 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
167 #endif |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
168 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
169 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
170 public_key_pem_size); |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
171 if (ret != 0) { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
404
diff
changeset
|
172 ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
173 pk_free(&pub_key_ctx); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
174 return ret; |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
175 } |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
176 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
177 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
178 signature, sig_size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
179 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
180 if (ret != 0) { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
404
diff
changeset
|
181 ERRORPRINTF ("pk_verify failed with -0x%04x\n\n", -ret); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
182 } |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
183 pk_free(&pub_key_ctx); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
184 |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
185 return ret; |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
186 } |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
187 |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
188 list_status_t read_and_verify_list(const char *file_name, char **data, |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
189 size_t *size) |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
190 { |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
191 list_status_t retval = UnknownError; |
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
192 *data = NULL; |
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
193 *size = 0; |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
194 int ret = 0; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
195 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
196 ret = read_file(file_name, data, size, MAX_FILESIZE); |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
197 |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
198 /* printf ("Ret: %i \n", ret); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
199 if (ret != 0) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
200 if (ret == READ_FILE_TOO_LARGE) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
201 return TooLarge; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
202 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
203 if (ret == READ_FILE_UNREADABLE) { |
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
204 /* TODO: work with errno ? */ |
178
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
205 /* errsv = errno; */ |
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
206 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
207 return SeekFailed; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
208 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
209 if (ret == READ_FILE_READ_FAILED) { |
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
210 /* TODO: work with ferror() or feof() ? */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
211 return ReadFailed; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
212 } |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
213 return UnknownError; |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
214 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
215 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
216 if (!*data || !*size) { |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
217 /* File is probably empty */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
218 return UnknownError; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
219 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
220 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
221 if (**data != 'S') { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
222 retval = InvalidFormat; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
223 } else { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
224 ret = verify_list (*data, *size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
225 if (ret == 0) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
226 /* Hooray */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
227 return Valid; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
228 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
229 if (ret == -1) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
230 /* our error */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
231 retval = InvalidFormat; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
232 } else { |
92
4980b0deb773
Fix memleak in case of invalid signature
Andre Heinecke <aheinecke@intevation.de>
parents:
89
diff
changeset
|
233 retval = InvalidSignature; |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
234 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
235 } |
9
2ad9a96518e3
Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents:
7
diff
changeset
|
236 |
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
237 if (retval != Valid && *data) { |
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
238 free(*data); |
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
239 *data = NULL; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
240 *size = 0; |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
241 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
242 return retval; |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
243 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
244 |
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
245 char ** |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
246 get_certs_from_list (char *data, const size_t size) |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
247 { |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
248 char *cur = data; |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
249 char **retval = NULL; |
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
250 |
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
251 if (!data || !size) |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
252 { |
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
404
diff
changeset
|
253 ERRORPRINTF ("Invalid call to get_certs_to_remove \n"); |
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
254 return NULL; |
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
255 } |
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
256 |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
257 while (cur) |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
258 { |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
259 char *next = strchr(cur, '\n'); |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
260 if (strlen(cur) > 3 && (cur[0] == 'I' || cur[0] == 'R') && |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
261 next - cur > 4) |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
262 { |
292
57867a523dcf
Do not cut off the last character of the line. (next-cur does not include \n)
Andre Heinecke <aheinecke@intevation.de>
parents:
286
diff
changeset
|
263 size_t len = (size_t) (next - cur - 3); |
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
264 /* Remove I: or R: at the beginning and \r\n at the end */ |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
265 strv_append(&retval, cur + 2, len); |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
266 } |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
267 cur = next ? (next + 1) : NULL; |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
268 } |
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
269 return retval; |
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
270 } |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
271 |