annotate common/listutil.c @ 289:9ad00a3255f4

Change cinst from stdin input to use arguments. As we have to execute this process on Windows over the shell a stdin / stdout communication is not really possible without some major hacks. So you now have to supply an instructions file and the path to the certificatelist as arguments when this process is called
author Andre Heinecke <aheinecke@intevation.de>
date Wed, 02 Apr 2014 13:52:02 +0000
parents 881ce5126f07
children 57867a523dcf
rev   line source
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1 #include "listutil.h"
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
2
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
3 #include <stdio.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
4 #include <stdlib.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
5 #include <errno.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
6 #include <fcntl.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
7 #include <unistd.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include <sys/types.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 #include <sys/stat.h>
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
10 #include <string.h>
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
12 #include "strhelp.h"
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
13
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
14 #ifdef RELEASE
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
15 #include "pubkey-release.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
16 #else
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
17 #include "pubkey-test.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
18 #endif
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
19
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
20 #pragma GCC diagnostic ignored "-Wconversion"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
21 /* Polarssl mh.h contains a conversion which gcc warns about */
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
22 #include <polarssl/pk.h>
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
23 #include <polarssl/base64.h>
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
24 #include <polarssl/sha256.h>
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
25 #pragma GCC diagnostic pop
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
26
178
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
27 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
28
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
29 /**
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
30 * @brief Read a file into memory.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
31 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
32 * The caller needs to free data
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
33 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
34 * @param[in] fileName Name of the file.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
35 * @param[out] data the file content
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
36 * @param[out] size size in bytes of the file content.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
37 * @param[in] max_size the maximum amount of bytes to read.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
38 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
39 * @return 0 on success an error code otherwise.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
40 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
41 #define READ_FILE_UNREADABLE -1
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
42 #define READ_FILE_TOO_LARGE -2
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
43 #define READ_FILE_NO_MEMORY -3
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
44 #define READ_FILE_READ_FAILED -4
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
45 #define READ_FILE_INVALID_CALL -5
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
46 static int read_file(const char *file_name, char **data, size_t *size,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
47 const size_t max_size)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
48 {
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
49 FILE *f;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
50 long file_size;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
52 if (!file_name || !data || !size || !max_size) {
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
53 return READ_FILE_INVALID_CALL;
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
54 }
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
55
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
56 f = fopen(file_name, "rb");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
57 if (f == NULL)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
58 return READ_FILE_UNREADABLE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
59
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
60 fseek(f, 0, SEEK_END);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
61 file_size = ftell(f);
89
00f9b91f4039 Do not leak a byte if the file is empty
Andre Heinecke <aheinecke@intevation.de>
parents: 86
diff changeset
62 if (file_size <= 0){
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
63 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
64 return READ_FILE_UNREADABLE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
65 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
66
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
67 fseek(f, 0, SEEK_SET);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
68
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
69 if (file_size + 1 == 0) {
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
70 fclose(f);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
71 return READ_FILE_TOO_LARGE;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
72 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
73 *size = (size_t) file_size;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
74
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
75 if (*size > max_size) {
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
76 fclose(f);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
77 return READ_FILE_TOO_LARGE;
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
78 }
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
79
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
80 *data = (char *) malloc( *size + 1 );
61
b8cd573bd3ac Fix check for malloc result, found by cppcheck.
Bernhard Reiter <bernhard@intevation.de>
parents: 59
diff changeset
81 if (*data == NULL) {
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
82 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
83 return READ_FILE_NO_MEMORY;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
84 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
85
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
86 if (fread(*data, 1, *size, f) != *size) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
87 free(*data);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
88 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
89 return READ_FILE_READ_FAILED;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
90 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
91
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
92 fclose(f);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
93
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
94 (*data)[*size] = '\0';
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
95
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
96 return 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
97 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
99 int verify_list(const char *data, const size_t size)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
100 {
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
101 int ret = -1;
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
102 pk_context pub_key_ctx;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
103 char *p;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
104 /* Fixed key size of 3072 implies the sizes*/
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
105 const size_t sig_b64_size = 512;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
106 size_t sig_size = 384;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
107
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
108 char signature_b64[sig_b64_size + 1];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
109 unsigned char signature[sig_size];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
110 /* Hash algroithm is sha256 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
111 unsigned char hash[32];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
112
93
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
113 if (!data || !size) {
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
114 return -1;
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
115 }
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
116
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
117 /* Fetch the signature from the first line od data */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
118 p = strchr(data, '\r');
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
119 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
120 /* printf("Invalid data. Signature might be too long.\n"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
121 return -1;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
122 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
123 strncpy(signature_b64, data + 2, sig_b64_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
124 signature_b64[sig_b64_size] = '\0';
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
125
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
126 ret = base64_decode(signature, &sig_size,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
127 (unsigned char *)signature_b64, sig_b64_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
128
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
129 if (ret != 0 || sig_size != 384) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
130 /* printf("failed to decode signature\n"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
131 return -1;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
132 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
133
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
134 /* Hash is calculated over the data without the first line.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
135 * linebreaks are \r\n so the first char of the new line is
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
136 * p+2 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
137 p += 2;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
138 /* Size of the data to hash is the size - signature line
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
139 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
140 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
141
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
142 pk_init(&pub_key_ctx);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
143 #if 0
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
144 {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
145 int i;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
146 FILE *foo = fopen("/tmp/testdump", "w");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
147 FILE *foo2 = fopen("/tmp/rawdump", "w");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
148 for (i=0; i< (int)(size - sig_b64_size - 2); i++)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
149 fprintf (foo, "%c", p[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
150 for (i=0; i< (int)(size); i++)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
151 fprintf (foo2, "%c", data[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
152 fclose(foo);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
153 printf ("Hash: \n");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
154 for (i=0; i<32; i++) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
155 printf ("%x", hash[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
156 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
157 printf("\n");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
158 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
159 #endif
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
160
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
161 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
162 public_key_pem_size);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
163 if (ret != 0) {
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
164 printf("pk_parse_public_key failed with -0x%04x\n\n", -ret);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
165 pk_free(&pub_key_ctx);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
166 return ret;
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
167 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
168
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
169 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
170 signature, sig_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
171
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
172 if (ret != 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
173 printf("pk_verify failed with -0x%04x\n\n", -ret);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
174 }
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
175 pk_free(&pub_key_ctx);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
176
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
177 return ret;
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
178 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
179
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
180 list_status_t read_and_verify_list(const char *file_name, char **data,
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
181 size_t *size)
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
182 {
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
183 list_status_t retval = UnknownError;
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
184 *data = NULL;
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
185 *size = 0;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
186 int ret = 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
187
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
188 ret = read_file(file_name, data, size, MAX_FILESIZE);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
189
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
190 /* printf ("Ret: %i \n", ret); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
191 if (ret != 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
192 if (ret == READ_FILE_TOO_LARGE) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
193 return TooLarge;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
194 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
195 if (ret == READ_FILE_UNREADABLE) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
196 /* TODO: work with errno ? */
178
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
197 /* errsv = errno; */
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
198 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
199 return SeekFailed;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
200 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
201 if (ret == READ_FILE_READ_FAILED) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
202 /* TODO: work with ferror() or feof() ? */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
203 return ReadFailed;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
204 }
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
205 return UnknownError;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
206 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
207
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
208 if (!*data || !*size) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
209 /* File is probably empty */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
210 return UnknownError;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
211 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
212
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
213 if (**data != 'S') {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
214 retval = InvalidFormat;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
215 } else {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
216 ret = verify_list (*data, *size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
217 if (ret == 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
218 /* Hooray */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
219 return Valid;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
220 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
221 if (ret == -1) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
222 /* our error */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
223 retval = InvalidFormat;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
224 } else {
92
4980b0deb773 Fix memleak in case of invalid signature
Andre Heinecke <aheinecke@intevation.de>
parents: 89
diff changeset
225 retval = InvalidSignature;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
226 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
227 }
9
2ad9a96518e3 Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents: 7
diff changeset
228
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
229 if (retval != Valid && *data) {
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
230 free(*data);
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
231 *data = NULL;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
232 *size = 0;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
233 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
234 return retval;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
235 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
236
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
237 char **
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
238 get_certs_from_list (char *data, const size_t size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
239 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
240 char *cur = data;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
241 char **retval = NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
242
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
243 if (!data || !size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
244 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
245 printf ("Invalid call to get_certs_to_remove \n");
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
246 return NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
247 }
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
248
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
249 while (cur)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
250 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
251 char *next = strchr(cur, '\n');
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
252 if (strlen(cur) > 3 && (cur[0] == 'I' || cur[0] == 'R') &&
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
253 next - cur > 4)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
254 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
255 size_t len = (size_t) (next - cur - 4);
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
256 /* Remove I: or R: at the beginning and \r\n at the end */
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
257 strv_append(&retval, cur + 2, len);
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
258 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
259 cur = next ? (next + 1) : NULL;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
260 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
261 return retval;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
262 }
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
263

http://wald.intevation.org/projects/trustbridge/