Mercurial > trustbridge
annotate common/listutil.c @ 975:b3695a3399de
(issue86) Install into default directories on Linux
If the mozilla process is now started as root it will
try to write into the default directories for NSS Shared
and mozilla / thunderbird profiles.
Cinst will now start the mozilla process once as root.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Fri, 29 Aug 2014 12:59:44 +0200 |
| parents | 698b6a9bd75e |
| children | edbf5e5e88f4 |
| rev | line source |
|---|---|
| 404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
| 2 * Software engineering by Intevation GmbH | |
| 3 * | |
| 4 * This file is Free Software under the GNU GPL (v>=2) | |
| 5 * and comes with ABSOLUTELY NO WARRANTY! | |
| 6 * See LICENSE.txt for details. | |
| 7 */ | |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #include "listutil.h" |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 #include <stdio.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
11 #include <stdlib.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 #include <errno.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <fcntl.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 #include <unistd.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
15 #include <sys/types.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 #include <sys/stat.h> |
|
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
17 #include <string.h> |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
18 |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
19 #include "strhelp.h" |
|
630
aa48ea7ead1f
Include logging in listutil (fixes linux build)
Andre Heinecke <andre.heinecke@intevation.de>
parents:
626
diff
changeset
|
20 #include "logging.h" |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
21 |
|
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
292
diff
changeset
|
22 #ifdef RELEASE_BUILD |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
23 #include "pubkey-release.h" |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
24 #else |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
25 #include "pubkey-test.h" |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
26 #endif |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
27 |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
28 #pragma GCC diagnostic ignored "-Wconversion" |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
29 /* Polarssl mh.h contains a conversion which gcc warns about */ |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
30 #include <polarssl/pk.h> |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
31 #include <polarssl/base64.h> |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
32 #include <polarssl/sha256.h> |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
33 #pragma GCC diagnostic pop |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
34 |
|
178
b0579d4fa186
Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents:
93
diff
changeset
|
35 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES) |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
36 |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
37 #define READ_FILE_UNREADABLE -1 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
38 #define READ_FILE_TOO_LARGE -2 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
39 #define READ_FILE_NO_MEMORY -3 |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
40 #define READ_FILE_READ_FAILED -4 |
|
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
41 #define READ_FILE_INVALID_CALL -5 |
|
769
44257ecdae6d
Make Read File public
Andre Heinecke <andre.heinecke@intevation.de>
parents:
630
diff
changeset
|
42 int |
|
44257ecdae6d
Make Read File public
Andre Heinecke <andre.heinecke@intevation.de>
parents:
630
diff
changeset
|
43 read_file(const char *file_name, char **data, size_t *size, |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
44 const size_t max_size) |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
45 { |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
46 FILE *f; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
47 long file_size; |
|
86
6f1a73575c99
Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents:
68
diff
changeset
|
48 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
49 if (!file_name || !data || !size || !max_size) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
50 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
51 return READ_FILE_INVALID_CALL; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
52 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
53 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
54 f = fopen(file_name, "rb"); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
55 if (f == NULL) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
56 return READ_FILE_UNREADABLE; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
57 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
58 fseek(f, 0, SEEK_END); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
59 file_size = ftell(f); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
60 if (file_size <= 0) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
61 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
62 fclose(f); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
63 return READ_FILE_UNREADABLE; |
|
38
fc6241283474
Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
64 } |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
65 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
66 fseek(f, 0, SEEK_SET); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
67 |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
68 if (file_size + 1 == 0) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
69 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
70 fclose(f); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
71 return READ_FILE_TOO_LARGE; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
72 } |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
73 *size = (size_t) file_size; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
74 |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
75 if (*size > max_size) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
76 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
77 fclose(f); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
78 return READ_FILE_TOO_LARGE; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
79 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
80 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
81 *data = (char *) malloc( *size + 1 ); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
82 if (*data == NULL) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
83 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
84 fclose(f); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
85 return READ_FILE_NO_MEMORY; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
86 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
87 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
88 if (fread(*data, 1, *size, f) != *size) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
89 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
90 free(*data); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
91 fclose(f); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
92 return READ_FILE_READ_FAILED; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
93 } |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
94 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
95 fclose(f); |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
96 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
97 (*data)[*size] = '\0'; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
98 |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
99 return 0; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
100 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
101 |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
102 int verify_list(const char *data, const size_t size) |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
103 { |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
104 int ret = -1; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
105 pk_context pub_key_ctx; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
106 char *p; |
|
770
7861950f7637
Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents:
769
diff
changeset
|
107 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
108 /* Modulus / 8 are the necessary bytes. */ |
|
770
7861950f7637
Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents:
769
diff
changeset
|
109 #ifndef TRUSTBRIDGE_RSA_KEY_SIZE |
|
7861950f7637
Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents:
769
diff
changeset
|
110 # error "Key size undefined" |
|
7861950f7637
Make RSA Keysize definiable
Andre Heinecke <andre.heinecke@intevation.de>
parents:
769
diff
changeset
|
111 #endif |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
112 const size_t sig_b64_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8 * 4 / 3; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
113 size_t sig_size = TRUSTBRIDGE_RSA_KEY_SIZE / 8; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
114 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
115 char signature_b64[sig_b64_size + 1]; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
116 unsigned char signature[sig_size]; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
117 /* Hash algroithm is sha256 */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
118 unsigned char hash[32]; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
119 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
120 if (!data || !size) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
121 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
122 return -1; |
|
93
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
123 } |
|
0798b9e35725
Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents:
92
diff
changeset
|
124 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
125 /* Fetch the signature from the first line od data */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
126 p = strchr(data, '\r'); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
127 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
128 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
129 /* printf("Invalid data. Signature might be too long.\n"); */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
130 return -1; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
131 } |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
132 strncpy(signature_b64, data + 2, sig_b64_size); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
133 signature_b64[sig_b64_size] = '\0'; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
134 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
135 ret = base64_decode(signature, &sig_size, |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
136 (unsigned char *)signature_b64, sig_b64_size); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
137 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
138 if (ret != 0 || sig_size != TRUSTBRIDGE_RSA_KEY_SIZE / 8) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
139 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
140 /* printf("failed to decode signature\n"); */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
141 return -1; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
142 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
143 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
144 /* Hash is calculated over the data without the first line. |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
145 * linebreaks are \r\n so the first char of the new line is |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
146 * p+2 */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
147 p += 2; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
148 /* Size of the data to hash is the size - signature line |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
149 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
150 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0); |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
151 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
152 pk_init(&pub_key_ctx); |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
153 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
154 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem, |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
155 public_key_pem_size); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
156 if (ret != 0) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
157 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
158 ERRORPRINTF ("pk_parse_public_key failed with -0x%04x\n\n", -ret); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
159 pk_free(&pub_key_ctx); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
160 return ret; |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
161 } |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
162 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
163 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0, |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
164 signature, sig_size); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
165 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
166 if (ret != 0) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
167 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
168 ERRORPRINTF ("pk_verify failed with -0x%04x\n\n", -ret); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
169 } |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
170 pk_free(&pub_key_ctx); |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
171 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
172 return ret; |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
173 } |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
174 |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
175 list_status_t read_and_verify_list(const char *file_name, char **data, |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
176 size_t *size) |
|
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
177 { |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
178 list_status_t retval = UnknownError; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
179 *data = NULL; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
180 *size = 0; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
181 int ret = 0; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
182 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
183 ret = read_file(file_name, data, size, MAX_FILESIZE); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
184 |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
185 /* printf ("Ret: %i \n", ret); */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
186 if (ret != 0) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
187 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
188 if (ret == READ_FILE_TOO_LARGE) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
189 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
190 return TooLarge; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
191 } |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
192 if (ret == READ_FILE_UNREADABLE) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
193 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
194 /* TODO: work with errno ? */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
195 /* errsv = errno; */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
196 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
197 return SeekFailed; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
198 } |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
199 if (ret == READ_FILE_READ_FAILED) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
200 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
201 /* TODO: work with ferror() or feof() ? */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
202 return ReadFailed; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
203 } |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
204 return UnknownError; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
205 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
206 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
207 if (!*data || !*size) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
208 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
209 /* File is probably empty */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
210 return UnknownError; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
211 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
212 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
213 if (**data != 'S') |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
214 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
215 retval = InvalidFormat; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
216 } |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
217 else |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
218 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
219 ret = verify_list (*data, *size); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
220 if (ret == 0) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
221 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
222 /* Hooray */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
223 return Valid; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
224 } |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
225 if (ret == -1) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
226 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
227 /* our error */ |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
228 retval = InvalidFormat; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
229 } |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
230 else |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
231 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
232 retval = InvalidSignature; |
|
31
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
233 } |
|
37fc66967517
Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents:
28
diff
changeset
|
234 } |
|
9
2ad9a96518e3
Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents:
7
diff
changeset
|
235 |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
236 if (retval != Valid && *data) |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
237 { |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
238 free(*data); |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
239 *data = NULL; |
|
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
240 *size = 0; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
241 } |
|
905
698b6a9bd75e
Fix coding style for C code
Andre Heinecke <andre.heinecke@intevation.de>
parents:
770
diff
changeset
|
242 return retval; |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
243 } |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
244 |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
245 char ** |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
246 get_certs_from_list (char *data, const size_t size) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
247 { |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
248 char *cur = data; |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
249 char **retval = NULL; |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
250 |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
251 if (!data || !size) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
252 { |
|
626
f595fcbe3e76
Replace "normal printfs" with DEBUG / ERROR printf macros
Andre Heinecke <andre.heinecke@intevation.de>
parents:
404
diff
changeset
|
253 ERRORPRINTF ("Invalid call to get_certs_to_remove \n"); |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
254 return NULL; |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
255 } |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
256 |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
257 while (cur) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
258 { |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
259 char *next = strchr(cur, '\n'); |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
260 if (strlen(cur) > 3 && (cur[0] == 'I' || cur[0] == 'R') && |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
261 next - cur > 4) |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
262 { |
|
292
57867a523dcf
Do not cut off the last character of the line. (next-cur does not include \n)
Andre Heinecke <aheinecke@intevation.de>
parents:
286
diff
changeset
|
263 size_t len = (size_t) (next - cur - 3); |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
264 /* Remove I: or R: at the beginning and \r\n at the end */ |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
265 strv_append(&retval, cur + 2, len); |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
266 } |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
267 cur = next ? (next + 1) : NULL; |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
268 } |
|
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
178
diff
changeset
|
269 return retval; |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
270 } |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
66
diff
changeset
|
271 |