Mercurial > trustbridge
annotate common/listutil.c @ 249:6a7eb102716d
Remove code duplication by unifying the certificatelist.
You should now check for isInstallCert to determine wether this
certificate should be installed or removed.
Leaving the getInstallCertificates and getRemoveCertificates
in place for compatibilty would have been easier to keep the
tests stable.
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Mon, 31 Mar 2014 08:06:17 +0000 |
parents | b0579d4fa186 |
children | 881ce5126f07 |
rev | line source |
---|---|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 #include "listutil.h" |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 #include <stdio.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 #include <stdlib.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 #include <errno.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 #include <fcntl.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 #include <unistd.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #include <sys/types.h> |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 #include <sys/stat.h> |
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
10 #include <string.h> |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
11 |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
12 #ifdef RELEASE |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
13 #include "pubkey-release.h" |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
14 #else |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
15 #include "pubkey-test.h" |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
16 #endif |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
17 |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
18 #pragma GCC diagnostic ignored "-Wconversion" |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
19 /* Polarssl mh.h contains a conversion which gcc warns about */ |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
20 #include <polarssl/pk.h> |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
21 #include <polarssl/base64.h> |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
22 #include <polarssl/sha256.h> |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
23 #pragma GCC diagnostic pop |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
24 |
178
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
25 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES) |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
26 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
27 /** |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
28 * @brief Read a file into memory. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
29 * |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
30 * The caller needs to free data |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
31 * |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
32 * @param[in] fileName Name of the file. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
33 * @param[out] data the file content |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
34 * @param[out] size size in bytes of the file content. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
35 * @param[in] max_size the maximum amount of bytes to read. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
36 * |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
37 * @return 0 on success an error code otherwise. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
38 */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
39 #define READ_FILE_UNREADABLE -1 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
40 #define READ_FILE_TOO_LARGE -2 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
41 #define READ_FILE_NO_MEMORY -3 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
42 #define READ_FILE_READ_FAILED -4 |
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
43 #define READ_FILE_INVALID_CALL -5 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
44 static int read_file(const char *file_name, char **data, size_t *size, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
45 const size_t max_size) |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
46 { |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
47 FILE *f; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
48 long file_size; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
49 |
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
50 if (!file_name || !data || !size || !max_size) { |
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
51 return READ_FILE_INVALID_CALL; |
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
52 } |
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
53 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
54 f = fopen(file_name, "rb"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
55 if (f == NULL) |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
56 return READ_FILE_UNREADABLE; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
57 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
58 fseek(f, 0, SEEK_END); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
59 file_size = ftell(f); |
89
00f9b91f4039
Do not leak a byte if the file is empty
Andre Heinecke <aheinecke@intevation.de>
parents:
86
diff
changeset
|
60 if (file_size <= 0){ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
61 fclose(f); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
62 return READ_FILE_UNREADABLE; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
63 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
64 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
65 fseek(f, 0, SEEK_SET); |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
66 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
67 if (file_size + 1 == 0) { |
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
68 fclose(f); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
69 return READ_FILE_TOO_LARGE; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
70 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
71 *size = (size_t) file_size; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
72 |
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
73 if (*size > max_size) { |
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
74 fclose(f); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
75 return READ_FILE_TOO_LARGE; |
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
76 } |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
77 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
78 *data = (char *) malloc( *size + 1 ); |
61
b8cd573bd3ac
Fix check for malloc result, found by cppcheck.
Bernhard Reiter <bernhard@intevation.de>
parents:
59
diff
changeset
|
79 if (*data == NULL) { |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
80 fclose(f); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
81 return READ_FILE_NO_MEMORY; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
82 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
83 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
84 if (fread(*data, 1, *size, f) != *size) { |
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
85 free(*data); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
86 fclose(f); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
87 return READ_FILE_READ_FAILED; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
88 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
89 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
90 fclose(f); |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
91 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
92 (*data)[*size] = '\0'; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
93 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
94 return 0; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
95 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
96 |
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
97 int verify_list(const char *data, const size_t size) |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
98 { |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
99 int ret = -1; |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
100 pk_context pub_key_ctx; |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
101 char *p; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
102 /* Fixed key size of 3072 implies the sizes*/ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
103 const size_t sig_b64_size = 512; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
104 size_t sig_size = 384; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
105 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
106 char signature_b64[sig_b64_size + 1]; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
107 unsigned char signature[sig_size]; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
108 /* Hash algroithm is sha256 */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
109 unsigned char hash[32]; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
110 |
93
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
111 if (!data || !size) { |
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
112 return -1; |
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
113 } |
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
114 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
115 /* Fetch the signature from the first line od data */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
116 p = strchr(data, '\r'); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
117 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) { |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
118 /* printf("Invalid data. Signature might be too long.\n"); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
119 return -1; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
120 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
121 strncpy(signature_b64, data + 2, sig_b64_size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
122 signature_b64[sig_b64_size] = '\0'; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
123 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
124 ret = base64_decode(signature, &sig_size, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
125 (unsigned char *)signature_b64, sig_b64_size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
126 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
127 if (ret != 0 || sig_size != 384) { |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
128 /* printf("failed to decode signature\n"); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
129 return -1; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
130 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
131 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
132 /* Hash is calculated over the data without the first line. |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
133 * linebreaks are \r\n so the first char of the new line is |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
134 * p+2 */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
135 p += 2; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
136 /* Size of the data to hash is the size - signature line |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
137 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
138 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0); |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
139 |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
140 pk_init(&pub_key_ctx); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
141 #if 0 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
142 { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
143 int i; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
144 FILE *foo = fopen("/tmp/testdump", "w"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
145 FILE *foo2 = fopen("/tmp/rawdump", "w"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
146 for (i=0; i< (int)(size - sig_b64_size - 2); i++) |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
147 fprintf (foo, "%c", p[i]); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
148 for (i=0; i< (int)(size); i++) |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
149 fprintf (foo2, "%c", data[i]); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
150 fclose(foo); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
151 printf ("Hash: \n"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
152 for (i=0; i<32; i++) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
153 printf ("%x", hash[i]); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
154 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
155 printf("\n"); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
156 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
157 #endif |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
158 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
159 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
160 public_key_pem_size); |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
161 if (ret != 0) { |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
162 printf("pk_parse_public_key failed with -0x%04x\n\n", -ret); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
163 pk_free(&pub_key_ctx); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
164 return ret; |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
165 } |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
166 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
167 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0, |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
168 signature, sig_size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
169 |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
170 if (ret != 0) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
171 printf("pk_verify failed with -0x%04x\n\n", -ret); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
172 } |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
173 pk_free(&pub_key_ctx); |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
174 |
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
175 return ret; |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
176 } |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
177 |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
178 list_status_t read_and_verify_list(const char *file_name, char **data, |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
179 size_t *size) |
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
180 { |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
181 list_status_t retval = UnknownError; |
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
182 *data = NULL; |
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
183 *size = 0; |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
184 int ret = 0; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
185 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
186 ret = read_file(file_name, data, size, MAX_FILESIZE); |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
187 |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
188 /* printf ("Ret: %i \n", ret); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
189 if (ret != 0) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
190 if (ret == READ_FILE_TOO_LARGE) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
191 return TooLarge; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
192 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
193 if (ret == READ_FILE_UNREADABLE) { |
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
194 /* TODO: work with errno ? */ |
178
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
195 /* errsv = errno; */ |
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
196 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
197 return SeekFailed; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
198 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
199 if (ret == READ_FILE_READ_FAILED) { |
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
200 /* TODO: work with ferror() or feof() ? */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
201 return ReadFailed; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
202 } |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
203 return UnknownError; |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
204 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
205 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
206 if (!*data || !*size) { |
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
207 /* File is probably empty */ |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
208 return UnknownError; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
209 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
210 |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
211 if (**data != 'S') { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
212 retval = InvalidFormat; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
213 } else { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
214 ret = verify_list (*data, *size); |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
215 if (ret == 0) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
216 /* Hooray */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
217 return Valid; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
218 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
219 if (ret == -1) { |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
220 /* our error */ |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
221 retval = InvalidFormat; |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
222 } else { |
92
4980b0deb773
Fix memleak in case of invalid signature
Andre Heinecke <aheinecke@intevation.de>
parents:
89
diff
changeset
|
223 retval = InvalidSignature; |
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
224 } |
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
225 } |
9
2ad9a96518e3
Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents:
7
diff
changeset
|
226 |
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
227 if (retval != Valid && *data) { |
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
228 free(*data); |
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
229 *data = NULL; |
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
230 *size = 0; |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
231 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
232 return retval; |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
233 } |
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
234 |
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
235 char **get_certs_to_remove(const char *data, const size_t size) { |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
236 |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
237 /* TODO */ |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
238 if (!data || !size) { |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
239 printf ("Invalid call to get_certs_to_remove \n"); |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
240 return NULL; |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
241 } |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
242 return NULL; |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
243 } |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
244 |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
245 char **get_certs_to_install(const char *data, const size_t size) { |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
246 |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
247 /* TODO */ |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
248 if (!data || !size) { |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
249 printf ("Invalid call to get_certs_to_install \n"); |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
250 return NULL; |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
251 } |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
252 return NULL; |
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
253 } |