Mercurial > trustbridge
annotate common/listutil.c @ 289:9ad00a3255f4
Change cinst from stdin input to use arguments.
As we have to execute this process on Windows over the
shell a stdin / stdout communication is not really possible
without some major hacks. So you now have to supply an
instructions file and the path to the certificatelist as arguments when
this process is called
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Wed, 02 Apr 2014 13:52:02 +0000 |
| parents | 881ce5126f07 |
| children | 57867a523dcf |
| rev | line source |
|---|---|
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 #include "listutil.h" |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 #include <stdio.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 #include <stdlib.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 #include <errno.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 #include <fcntl.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 #include <unistd.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #include <sys/types.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 #include <sys/stat.h> |
|
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
10 #include <string.h> |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
11 |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
12 #include "strhelp.h" |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
13 |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
14 #ifdef RELEASE |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
15 #include "pubkey-release.h" |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
16 #else |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
17 #include "pubkey-test.h" |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
18 #endif |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
19 |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
20 #pragma GCC diagnostic ignored "-Wconversion" |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
21 /* Polarssl mh.h contains a conversion which gcc warns about */ |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
22 #include <polarssl/pk.h> |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
23 #include <polarssl/base64.h> |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
24 #include <polarssl/sha256.h> |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
25 #pragma GCC diagnostic pop |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
26 |
|
178
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
27 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES) |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
28 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
29 /** |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
30 * @brief Read a file into memory. |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
31 * |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
32 * The caller needs to free data |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
33 * |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
34 * @param[in] fileName Name of the file. |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
35 * @param[out] data the file content |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
36 * @param[out] size size in bytes of the file content. |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
37 * @param[in] max_size the maximum amount of bytes to read. |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
38 * |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
39 * @return 0 on success an error code otherwise. |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
40 */ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
41 #define READ_FILE_UNREADABLE -1 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
42 #define READ_FILE_TOO_LARGE -2 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
43 #define READ_FILE_NO_MEMORY -3 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
44 #define READ_FILE_READ_FAILED -4 |
|
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
45 #define READ_FILE_INVALID_CALL -5 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
46 static int read_file(const char *file_name, char **data, size_t *size, |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
47 const size_t max_size) |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
48 { |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
49 FILE *f; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
50 long file_size; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
51 |
|
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
52 if (!file_name || !data || !size || !max_size) { |
|
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
53 return READ_FILE_INVALID_CALL; |
|
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
54 } |
|
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
55 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
56 f = fopen(file_name, "rb"); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
57 if (f == NULL) |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
58 return READ_FILE_UNREADABLE; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
59 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
60 fseek(f, 0, SEEK_END); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
61 file_size = ftell(f); |
|
89
00f9b91f4039
Do not leak a byte if the file is empty
Andre Heinecke <aheinecke@intevation.de>
parents:
86
diff
changeset
|
62 if (file_size <= 0){ |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
63 fclose(f); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
64 return READ_FILE_UNREADABLE; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
65 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
66 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
67 fseek(f, 0, SEEK_SET); |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
68 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
69 if (file_size + 1 == 0) { |
|
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
70 fclose(f); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
71 return READ_FILE_TOO_LARGE; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
72 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
73 *size = (size_t) file_size; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
74 |
|
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
75 if (*size > max_size) { |
|
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
76 fclose(f); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
77 return READ_FILE_TOO_LARGE; |
|
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
78 } |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
79 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
80 *data = (char *) malloc( *size + 1 ); |
|
61
b8cd573bd3ac
Fix check for malloc result, found by cppcheck.
Bernhard Reiter <bernhard@intevation.de>
parents:
59
diff
changeset
|
81 if (*data == NULL) { |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
82 fclose(f); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
83 return READ_FILE_NO_MEMORY; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
84 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
85 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
86 if (fread(*data, 1, *size, f) != *size) { |
|
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
87 free(*data); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
88 fclose(f); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
89 return READ_FILE_READ_FAILED; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
90 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
91 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
92 fclose(f); |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
93 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
94 (*data)[*size] = '\0'; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
95 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
96 return 0; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
97 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
98 |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
99 int verify_list(const char *data, const size_t size) |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
100 { |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
101 int ret = -1; |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
102 pk_context pub_key_ctx; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
103 char *p; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
104 /* Fixed key size of 3072 implies the sizes*/ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
105 const size_t sig_b64_size = 512; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
106 size_t sig_size = 384; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
107 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
108 char signature_b64[sig_b64_size + 1]; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
109 unsigned char signature[sig_size]; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
110 /* Hash algroithm is sha256 */ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
111 unsigned char hash[32]; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
112 |
|
93
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
113 if (!data || !size) { |
|
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
114 return -1; |
|
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
115 } |
|
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
116 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
117 /* Fetch the signature from the first line od data */ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
118 p = strchr(data, '\r'); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
119 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) { |
|
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
120 /* printf("Invalid data. Signature might be too long.\n"); */ |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
121 return -1; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
122 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
123 strncpy(signature_b64, data + 2, sig_b64_size); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
124 signature_b64[sig_b64_size] = '\0'; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
125 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
126 ret = base64_decode(signature, &sig_size, |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
127 (unsigned char *)signature_b64, sig_b64_size); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
128 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
129 if (ret != 0 || sig_size != 384) { |
|
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
130 /* printf("failed to decode signature\n"); */ |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
131 return -1; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
132 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
133 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
134 /* Hash is calculated over the data without the first line. |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
135 * linebreaks are \r\n so the first char of the new line is |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
136 * p+2 */ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
137 p += 2; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
138 /* Size of the data to hash is the size - signature line |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
139 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
140 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0); |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
141 |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
142 pk_init(&pub_key_ctx); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
143 #if 0 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
144 { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
145 int i; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
146 FILE *foo = fopen("/tmp/testdump", "w"); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
147 FILE *foo2 = fopen("/tmp/rawdump", "w"); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
148 for (i=0; i< (int)(size - sig_b64_size - 2); i++) |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
149 fprintf (foo, "%c", p[i]); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
150 for (i=0; i< (int)(size); i++) |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
151 fprintf (foo2, "%c", data[i]); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
152 fclose(foo); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
153 printf ("Hash: \n"); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
154 for (i=0; i<32; i++) { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
155 printf ("%x", hash[i]); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
156 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
157 printf("\n"); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
158 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
159 #endif |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
160 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
161 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem, |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
162 public_key_pem_size); |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
163 if (ret != 0) { |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
164 printf("pk_parse_public_key failed with -0x%04x\n\n", -ret); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
165 pk_free(&pub_key_ctx); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
166 return ret; |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
167 } |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
168 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
169 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0, |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
170 signature, sig_size); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
171 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
172 if (ret != 0) { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
173 printf("pk_verify failed with -0x%04x\n\n", -ret); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
174 } |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
175 pk_free(&pub_key_ctx); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
176 |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
177 return ret; |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
178 } |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
179 |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
180 list_status_t read_and_verify_list(const char *file_name, char **data, |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
181 size_t *size) |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
182 { |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
183 list_status_t retval = UnknownError; |
|
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
184 *data = NULL; |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
185 *size = 0; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
186 int ret = 0; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
187 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
188 ret = read_file(file_name, data, size, MAX_FILESIZE); |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
189 |
|
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
190 /* printf ("Ret: %i \n", ret); */ |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
191 if (ret != 0) { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
192 if (ret == READ_FILE_TOO_LARGE) { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
193 return TooLarge; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
194 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
195 if (ret == READ_FILE_UNREADABLE) { |
|
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
196 /* TODO: work with errno ? */ |
|
178
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
197 /* errsv = errno; */ |
|
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
198 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */ |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
199 return SeekFailed; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
200 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
201 if (ret == READ_FILE_READ_FAILED) { |
|
66
4f79cf993737
Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents:
61
diff
changeset
|
202 /* TODO: work with ferror() or feof() ? */ |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
203 return ReadFailed; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
204 } |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
205 return UnknownError; |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
206 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
207 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
208 if (!*data || !*size) { |
|
40
5cb1eb928253
Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents:
38
diff
changeset
|
209 /* File is probably empty */ |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
210 return UnknownError; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
211 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
212 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
213 if (**data != 'S') { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
214 retval = InvalidFormat; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
215 } else { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
216 ret = verify_list (*data, *size); |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
217 if (ret == 0) { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
218 /* Hooray */ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
219 return Valid; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
220 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
221 if (ret == -1) { |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
222 /* our error */ |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
223 retval = InvalidFormat; |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
224 } else { |
|
92
4980b0deb773
Fix memleak in case of invalid signature
Andre Heinecke <aheinecke@intevation.de>
parents:
89
diff
changeset
|
225 retval = InvalidSignature; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
226 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
227 } |
|
9
2ad9a96518e3
Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents:
7
diff
changeset
|
228 |
|
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
229 if (retval != Valid && *data) { |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
230 free(*data); |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
231 *data = NULL; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
232 *size = 0; |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
233 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
234 return retval; |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
235 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
236 |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
237 char ** |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
238 get_certs_from_list (char *data, const size_t size) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
239 { |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
240 char *cur = data; |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
241 char **retval = NULL; |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
242 |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
243 if (!data || !size) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
244 { |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
245 printf ("Invalid call to get_certs_to_remove \n"); |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
246 return NULL; |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
247 } |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
248 |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
249 while (cur) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
250 { |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
251 char *next = strchr(cur, '\n'); |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
252 if (strlen(cur) > 3 && (cur[0] == 'I' || cur[0] == 'R') && |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
253 next - cur > 4) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
254 { |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
255 size_t len = (size_t) (next - cur - 4); |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
256 /* Remove I: or R: at the beginning and \r\n at the end */ |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
257 strv_append(&retval, cur + 2, len); |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
258 } |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
259 cur = next ? (next + 1) : NULL; |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
260 } |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
261 return retval; |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
262 } |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
263 |