trustbridge: common/listutil.c annotate

annotate common/listutil.c @ 1395:a2574a029322

Fix Base 64 signature size calculation. If the signature byte size is not equally dividable by three the base 64 encoding needs three additional bytes. The value is now fixed to avoid such errors in the future.

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Mon, 26 Jan 2015 13:17:32 +0100
parents	8d27c6d226cd
children

rev	line source
404 17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 359 diff changeset	1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 359 diff changeset	2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 359 diff changeset	3 *
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 359 diff changeset	4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 359 diff changeset	5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 359 diff changeset	6 * See LICENSE.txt for details.
17e1c8f37d72 Add License Andre Heinecke <aheinecke@intevation.de> parents: 359 diff changeset	7 */
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	8 #include "listutil.h"
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	9
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	10 #include <stdio.h>
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	11 #include <stdlib.h>
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	12 #include <errno.h>
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	13 #include <fcntl.h>
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	14 #include <unistd.h>
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	15 #include <sys/types.h>
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	16 #include <sys/stat.h>
7 992c0ec57660 Add unit tests make CertificateList work. Andre Heinecke <aheinecke@intevation.de> parents: 4 diff changeset	17 #include <string.h>
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	18
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	19 #ifdef WIN32
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	20 #include <share.h>
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	21 #endif
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	22
286 881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	23 #include "strhelp.h"
630 aa48ea7ead1f Include logging in listutil (fixes linux build) Andre Heinecke <andre.heinecke@intevation.de> parents: 626 diff changeset	24 #include "logging.h"
1157 fd7d04bb37cb (issue36) Add encoding aware port_fopen function and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 1081 diff changeset	25 #include "portpath.h"
286 881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	26
359 f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it Andre Heinecke <andre.heinecke@intevation.de> parents: 292 diff changeset	27 #ifdef RELEASE_BUILD
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	28 #include "pubkey-release.h"
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	29 #else
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	30 #include "pubkey-test.h"
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	31 #endif
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	32
1264 3cd8dd706aaa Add possibility to build with CLANG and document it. Andre Heinecke <andre.heinecke@intevation.de> parents: 1162 diff changeset	33 #ifndef __clang__
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	34 #pragma GCC diagnostic ignored "-Wconversion"
1264 3cd8dd706aaa Add possibility to build with CLANG and document it. Andre Heinecke <andre.heinecke@intevation.de> parents: 1162 diff changeset	35 #endif
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	36 /* Polarssl mh.h contains a conversion which gcc warns about */
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	37 #include <polarssl/pk.h>
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	38 #include <polarssl/base64.h>
37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	39 #include <polarssl/sha256.h>
1264 3cd8dd706aaa Add possibility to build with CLANG and document it. Andre Heinecke <andre.heinecke@intevation.de> parents: 1162 diff changeset	40 #ifndef __clang__
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	41 #pragma GCC diagnostic pop
1264 3cd8dd706aaa Add possibility to build with CLANG and document it. Andre Heinecke <andre.heinecke@intevation.de> parents: 1162 diff changeset	42 #endif
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	43
178 b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line. Bernhard Reiter <bernhard@intevation.de> parents: 93 diff changeset	44 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES)
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	45
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	46 #define READ_FILE_UNREADABLE -1
37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	47 #define READ_FILE_TOO_LARGE -2
37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	48 #define READ_FILE_NO_MEMORY -3
37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	49 #define READ_FILE_READ_FAILED -4
86 6f1a73575c99 Check input parameters Andre Heinecke <aheinecke@intevation.de> parents: 68 diff changeset	50 #define READ_FILE_INVALID_CALL -5
769 44257ecdae6d Make Read File public Andre Heinecke <andre.heinecke@intevation.de> parents: 630 diff changeset	51 int
44257ecdae6d Make Read File public Andre Heinecke <andre.heinecke@intevation.de> parents: 630 diff changeset	52 read_file(const char file_name, char data, size_t size,
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	53 const size_t max_size, FILE **fptr)
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	54 {
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	55 FILE *f;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	56 long file_size;
86 6f1a73575c99 Check input parameters Andre Heinecke <aheinecke@intevation.de> parents: 68 diff changeset	57
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	58 if (!file_name \|\| !data \|\| !size \|\| !max_size)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	59 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	60 return READ_FILE_INVALID_CALL;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	61 }
1157 fd7d04bb37cb (issue36) Add encoding aware port_fopen function and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 1081 diff changeset	62
fd7d04bb37cb (issue36) Add encoding aware port_fopen function and use it Andre Heinecke <andre.heinecke@intevation.de> parents: 1081 diff changeset	63 f = port_fopen_rb(file_name, true);
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	64 if (f == NULL)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	65 return READ_FILE_UNREADABLE;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	66
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	67 fseek(f, 0, SEEK_END);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	68 file_size = ftell(f);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	69 if (file_size <= 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	70 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	71 fclose(f);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	72 return READ_FILE_UNREADABLE;
38 fc6241283474 Fix resource leak when file too large Andre Heinecke <aheinecke@intevation.de> parents: 31 diff changeset	73 }
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	74
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	75 fseek(f, 0, SEEK_SET);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	76
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	77 if (file_size + 1 == 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	78 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	79 fclose(f);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	80 return READ_FILE_TOO_LARGE;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	81 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	82 *size = (size_t) file_size;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	83
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	84 if (*size > max_size)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	85 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	86 fclose(f);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	87 return READ_FILE_TOO_LARGE;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	88 }
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	89
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	90 data = (char ) malloc( *size + 1 );
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	91 if (*data == NULL)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	92 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	93 fclose(f);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	94 return READ_FILE_NO_MEMORY;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	95 }
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	96
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	97 if (fread(data, 1, size, f) != *size)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	98 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	99 free(*data);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	100 fclose(f);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	101 return READ_FILE_READ_FAILED;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	102 }
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	103
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	104 if (fptr)
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	105 {
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	106 *fptr = f;
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	107 }
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	108 else
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	109 {
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	110 fclose(f);
edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	111 }
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	112
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	113 (data)[size] = '\0';
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	114
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	115 return 0;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	116 }
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	117
68 8ffbb48528ae Add certificate installation for windows Andre Heinecke <aheinecke@intevation.de> parents: 66 diff changeset	118 int verify_list(const char *data, const size_t size)
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	119 {
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	120 int ret = -1;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	121 pk_context pub_key_ctx;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	122 char *p;
770 7861950f7637 Make RSA Keysize definiable Andre Heinecke <andre.heinecke@intevation.de> parents: 769 diff changeset	123
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	124 /* Modulus / 8 are the necessary bytes. */
770 7861950f7637 Make RSA Keysize definiable Andre Heinecke <andre.heinecke@intevation.de> parents: 769 diff changeset	125 #ifndef TRUSTBRIDGE_RSA_KEY_SIZE
7861950f7637 Make RSA Keysize definiable Andre Heinecke <andre.heinecke@intevation.de> parents: 769 diff changeset	126 # error "Key size undefined"
7861950f7637 Make RSA Keysize definiable Andre Heinecke <andre.heinecke@intevation.de> parents: 769 diff changeset	127 #endif
1395 a2574a029322 Fix Base 64 signature size calculation. Andre Heinecke <andre.heinecke@intevation.de> parents: 1394 diff changeset	128 const size_t sig_b64_size = TRUSTBRIDGE_RSA_B64_SIZE;
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	129 size_t sig_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	130
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	131 char signature_b64[sig_b64_size + 1];
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	132 unsigned char signature[sig_size];
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	133 /* Hash algroithm is sha256 */
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	134 unsigned char hash[32];
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	135
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	136 if (!data \|\| !size)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	137 {
1394 8d27c6d226cd Improve debug output for list verification and no installed list Andre Heinecke <andre.heinecke@intevation.de> parents: 1264 diff changeset	138 ERRORPRINTF ("Invalid call.\n");
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	139 return -1;
93 0798b9e35725 Check parameters in verify list Andre Heinecke <aheinecke@intevation.de> parents: 92 diff changeset	140 }
0798b9e35725 Check parameters in verify list Andre Heinecke <aheinecke@intevation.de> parents: 92 diff changeset	141
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	142 /* Fetch the signature from the first line od data */
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	143 p = strchr(data, '\r');
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	144 if (p == 0 \|\| (unsigned int)(p - (data + 2)) != sig_b64_size)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	145 {
1394 8d27c6d226cd Improve debug output for list verification and no installed list Andre Heinecke <andre.heinecke@intevation.de> parents: 1264 diff changeset	146 DEBUGPRINTF("Invalid data. Signature might be too long.\n");
1395 a2574a029322 Fix Base 64 signature size calculation. Andre Heinecke <andre.heinecke@intevation.de> parents: 1394 diff changeset	147 DEBUGPRINTF("Should: %u is: %u\n", (unsigned int) sig_b64_size, (unsigned int)(p - (data + 2)));
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	148 return -1;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	149 }
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	150 strncpy(signature_b64, data + 2, sig_b64_size);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	151 signature_b64[sig_b64_size] = '\0';
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	152
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	153 ret = base64_decode(signature, &sig_size,
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	154 (unsigned char *)signature_b64, sig_b64_size);
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	155
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	156 if (ret != 0 \|\| sig_size != TRUSTBRIDGE_RSA_KEY_SIZE / 8)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	157 {
1394 8d27c6d226cd Improve debug output for list verification and no installed list Andre Heinecke <andre.heinecke@intevation.de> parents: 1264 diff changeset	158 DEBUGPRINTF("failed to decode signature\n");
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	159 return -1;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	160 }
37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	161
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	162 /* Hash is calculated over the data without the first line.
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	163 * linebreaks are \r\n so the first char of the new line is
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	164 * p+2 */
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	165 p += 2;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	166 /* Size of the data to hash is the size - signature line
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	167 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	168 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0);
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	169
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	170 pk_init(&pub_key_ctx);
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	171
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	172 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem,
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	173 public_key_pem_size);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	174 if (ret != 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	175 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	176 ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	177 pk_free(&pub_key_ctx);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	178 return ret;
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	179 }
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	180
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	181 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0,
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	182 signature, sig_size);
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	183
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	184 if (ret != 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	185 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	186 ERRORPRINTF ("pk_verify failed with -0x%04x\n\n", -ret);
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	187 }
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	188 pk_free(&pub_key_ctx);
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	189
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	190 return ret;
28 e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	191 }
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	192
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	193 list_status_t read_and_verify_list(const char file_name, char *data,
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	194 size_t *size)
e783fd99a9eb Add public key parsing Andre Heinecke <aheinecke@intevation.de> parents: 22 diff changeset	195 {
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	196 list_status_t retval = UnknownError;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	197 *data = NULL;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	198 *size = 0;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	199 int ret = 0;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	200
1081 edbf5e5e88f4 (issue118) Extend verify_binary to carry an open file Andre Heinecke <andre.heinecke@intevation.de> parents: 905 diff changeset	201 ret = read_file(file_name, data, size, MAX_FILESIZE, NULL);
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	202
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	203 /* printf ("Ret: %i \n", ret); */
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	204 if (ret != 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	205 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	206 if (ret == READ_FILE_TOO_LARGE)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	207 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	208 return TooLarge;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	209 }
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	210 if (ret == READ_FILE_UNREADABLE)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	211 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	212 return SeekFailed;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	213 }
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	214 if (ret == READ_FILE_READ_FAILED)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	215 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	216 return ReadFailed;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	217 }
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	218 return UnknownError;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	219 }
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	220
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	221 if (!data \|\| !size)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	222 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	223 /* File is probably empty */
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	224 return UnknownError;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	225 }
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	226
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	227 if (**data != 'S')
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	228 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	229 retval = InvalidFormat;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	230 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	231 else
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	232 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	233 ret = verify_list (data, size);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	234 if (ret == 0)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	235 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	236 /* Hooray */
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	237 return Valid;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	238 }
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	239 if (ret == -1)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	240 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	241 /* our error */
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	242 retval = InvalidFormat;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	243 }
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	244 else
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	245 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	246 retval = InvalidSignature;
31 37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	247 }
37fc66967517 Implement signature verification wiht polarssl Andre Heinecke <aheinecke@intevation.de> parents: 28 diff changeset	248 }
9 2ad9a96518e3 Actually parse all elements in the list Andre Heinecke <aheinecke@intevation.de> parents: 7 diff changeset	249
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	250 if (retval != Valid && *data)
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	251 {
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	252 free(*data);
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	253 *data = NULL;
698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	254 *size = 0;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	255 }
905 698b6a9bd75e Fix coding style for C code Andre Heinecke <andre.heinecke@intevation.de> parents: 770 diff changeset	256 return retval;
4 9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	257 }
9849250f50f2 Start implementation of certificatelist parser Andre Heinecke <aheinecke@intevation.de> parents: diff changeset	258
286 881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	259 char **
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	260 get_certs_from_list (char *data, const size_t size)
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	261 {
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	262 char *cur = data;
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	263 char **retval = NULL;
68 8ffbb48528ae Add certificate installation for windows Andre Heinecke <aheinecke@intevation.de> parents: 66 diff changeset	264
286 881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	265 if (!data \|\| !size)
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	266 {
626 f595fcbe3e76 Replace "normal printfs" with DEBUG / ERROR printf macros Andre Heinecke <andre.heinecke@intevation.de> parents: 404 diff changeset	267 ERRORPRINTF ("Invalid call to get_certs_to_remove \n");
286 881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	268 return NULL;
68 8ffbb48528ae Add certificate installation for windows Andre Heinecke <aheinecke@intevation.de> parents: 66 diff changeset	269 }
286 881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	270
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	271 while (cur)
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	272 {
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	273 char *next = strchr(cur, '\n');
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	274 if (strlen(cur) > 3 && (cur[0] == 'I' \|\| cur[0] == 'R') &&
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	275 next - cur > 4)
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	276 {
292 57867a523dcf Do not cut off the last character of the line. (next-cur does not include \n) Andre Heinecke <aheinecke@intevation.de> parents: 286 diff changeset	277 size_t len = (size_t) (next - cur - 3);
286 881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	278 /* Remove I: or R: at the beginning and \r\n at the end */
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	279 strv_append(&retval, cur + 2, len);
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	280 }
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	281 cur = next ? (next + 1) : NULL;
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	282 }
881ce5126f07 Add helper function to get all certificates in a list Andre Heinecke <aheinecke@intevation.de> parents: 178 diff changeset	283 return retval;
68 8ffbb48528ae Add certificate installation for windows Andre Heinecke <aheinecke@intevation.de> parents: 66 diff changeset	284 }
8ffbb48528ae Add certificate installation for windows Andre Heinecke <aheinecke@intevation.de> parents: 66 diff changeset	285

Mercurial > trustbridge

annotate common/listutil.c @ 1395:a2574a029322