annotate common/listutil.c @ 452:f8b480b08532

Factor out polarssl error handling and start new sslhelp file
author Andre Heinecke <aheinecke@intevation.de>
date Wed, 23 Apr 2014 10:33:40 +0000
parents 17e1c8f37d72
children f595fcbe3e76
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
7 */
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include "listutil.h"
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 #include <stdio.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 #include <stdlib.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12 #include <errno.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 #include <fcntl.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 #include <unistd.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15 #include <sys/types.h>
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16 #include <sys/stat.h>
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
17 #include <string.h>
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
19 #include "strhelp.h"
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
20
359
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 292
diff changeset
21 #ifdef RELEASE_BUILD
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
22 #include "pubkey-release.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
23 #else
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
24 #include "pubkey-test.h"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
25 #endif
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
26
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
27 #pragma GCC diagnostic ignored "-Wconversion"
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
28 /* Polarssl mh.h contains a conversion which gcc warns about */
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
29 #include <polarssl/pk.h>
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
30 #include <polarssl/base64.h>
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
31 #include <polarssl/sha256.h>
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
32 #pragma GCC diagnostic pop
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
33
178
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
34 #define MAX_FILESIZE (MAX_LINE_LENGTH * MAX_LINES)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
35
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
36 /**
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
37 * @brief Read a file into memory.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
38 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
39 * The caller needs to free data
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
40 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
41 * @param[in] fileName Name of the file.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
42 * @param[out] data the file content
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
43 * @param[out] size size in bytes of the file content.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
44 * @param[in] max_size the maximum amount of bytes to read.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
45 *
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
46 * @return 0 on success an error code otherwise.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
47 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
48 #define READ_FILE_UNREADABLE -1
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
49 #define READ_FILE_TOO_LARGE -2
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
50 #define READ_FILE_NO_MEMORY -3
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
51 #define READ_FILE_READ_FAILED -4
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
52 #define READ_FILE_INVALID_CALL -5
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
53 static int read_file(const char *file_name, char **data, size_t *size,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
54 const size_t max_size)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
55 {
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
56 FILE *f;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
57 long file_size;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
58
86
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
59 if (!file_name || !data || !size || !max_size) {
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
60 return READ_FILE_INVALID_CALL;
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
61 }
6f1a73575c99 Check input parameters
Andre Heinecke <aheinecke@intevation.de>
parents: 68
diff changeset
62
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
63 f = fopen(file_name, "rb");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
64 if (f == NULL)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
65 return READ_FILE_UNREADABLE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
66
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
67 fseek(f, 0, SEEK_END);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
68 file_size = ftell(f);
89
00f9b91f4039 Do not leak a byte if the file is empty
Andre Heinecke <aheinecke@intevation.de>
parents: 86
diff changeset
69 if (file_size <= 0){
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
70 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
71 return READ_FILE_UNREADABLE;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
72 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
73
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
74 fseek(f, 0, SEEK_SET);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
75
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
76 if (file_size + 1 == 0) {
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
77 fclose(f);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
78 return READ_FILE_TOO_LARGE;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
79 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
80 *size = (size_t) file_size;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
81
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
82 if (*size > max_size) {
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
83 fclose(f);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
84 return READ_FILE_TOO_LARGE;
38
fc6241283474 Fix resource leak when file too large
Andre Heinecke <aheinecke@intevation.de>
parents: 31
diff changeset
85 }
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
86
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
87 *data = (char *) malloc( *size + 1 );
61
b8cd573bd3ac Fix check for malloc result, found by cppcheck.
Bernhard Reiter <bernhard@intevation.de>
parents: 59
diff changeset
88 if (*data == NULL) {
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
89 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
90 return READ_FILE_NO_MEMORY;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
91 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
92
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
93 if (fread(*data, 1, *size, f) != *size) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
94 free(*data);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
95 fclose(f);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
96 return READ_FILE_READ_FAILED;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
97 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
99 fclose(f);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
100
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
101 (*data)[*size] = '\0';
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
102
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
103 return 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
104 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
106 int verify_list(const char *data, const size_t size)
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
107 {
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
108 int ret = -1;
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
109 pk_context pub_key_ctx;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
110 char *p;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
111 /* Fixed key size of 3072 implies the sizes*/
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
112 const size_t sig_b64_size = 512;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
113 size_t sig_size = 384;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
114
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
115 char signature_b64[sig_b64_size + 1];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
116 unsigned char signature[sig_size];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
117 /* Hash algroithm is sha256 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
118 unsigned char hash[32];
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
119
93
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
120 if (!data || !size) {
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
121 return -1;
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
122 }
0798b9e35725 Check parameters in verify list
Andre Heinecke <aheinecke@intevation.de>
parents: 92
diff changeset
123
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
124 /* Fetch the signature from the first line od data */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
125 p = strchr(data, '\r');
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
126 if (p == 0 || (unsigned int)(p - (data + 2)) != sig_b64_size) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
127 /* printf("Invalid data. Signature might be too long.\n"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
128 return -1;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
129 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
130 strncpy(signature_b64, data + 2, sig_b64_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
131 signature_b64[sig_b64_size] = '\0';
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
132
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
133 ret = base64_decode(signature, &sig_size,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
134 (unsigned char *)signature_b64, sig_b64_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
135
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
136 if (ret != 0 || sig_size != 384) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
137 /* printf("failed to decode signature\n"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
138 return -1;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
139 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
140
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
141 /* Hash is calculated over the data without the first line.
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
142 * linebreaks are \r\n so the first char of the new line is
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
143 * p+2 */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
144 p += 2;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
145 /* Size of the data to hash is the size - signature line
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
146 * signature line is sig_b64_size - "S:" and - "\r\n" so -4*/
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
147 sha256((unsigned char *)p, size - sig_b64_size - 4, hash, 0);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
148
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
149 pk_init(&pub_key_ctx);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
150 #if 0
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
151 {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
152 int i;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
153 FILE *foo = fopen("/tmp/testdump", "w");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
154 FILE *foo2 = fopen("/tmp/rawdump", "w");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
155 for (i=0; i< (int)(size - sig_b64_size - 2); i++)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
156 fprintf (foo, "%c", p[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
157 for (i=0; i< (int)(size); i++)
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
158 fprintf (foo2, "%c", data[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
159 fclose(foo);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
160 printf ("Hash: \n");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
161 for (i=0; i<32; i++) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
162 printf ("%x", hash[i]);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
163 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
164 printf("\n");
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
165 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
166 #endif
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
167
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
168 ret = pk_parse_public_key(&pub_key_ctx, public_key_pem,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
169 public_key_pem_size);
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
170 if (ret != 0) {
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
171 printf("pk_parse_public_key failed with -0x%04x\n\n", -ret);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
172 pk_free(&pub_key_ctx);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
173 return ret;
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
174 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
175
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
176 ret = pk_verify(&pub_key_ctx, POLARSSL_MD_SHA256, hash, 0,
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
177 signature, sig_size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
178
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
179 if (ret != 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
180 printf("pk_verify failed with -0x%04x\n\n", -ret);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
181 }
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
182 pk_free(&pub_key_ctx);
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
183
28
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
184 return ret;
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
185 }
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
186
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
187 list_status_t read_and_verify_list(const char *file_name, char **data,
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
188 size_t *size)
e783fd99a9eb Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents: 22
diff changeset
189 {
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
190 list_status_t retval = UnknownError;
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
191 *data = NULL;
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
192 *size = 0;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
193 int ret = 0;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
194
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
195 ret = read_file(file_name, data, size, MAX_FILESIZE);
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
196
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
197 /* printf ("Ret: %i \n", ret); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
198 if (ret != 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
199 if (ret == READ_FILE_TOO_LARGE) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
200 return TooLarge;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
201 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
202 if (ret == READ_FILE_UNREADABLE) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
203 /* TODO: work with errno ? */
178
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
204 /* errsv = errno; */
b0579d4fa186 Made macro MAX_FILESIZE saver with brackets. A perror debugging line.
Bernhard Reiter <bernhard@intevation.de>
parents: 93
diff changeset
205 /* perror("read_and_verify_list(), READ_FILE_UNREADABLE:"); */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
206 return SeekFailed;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
207 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
208 if (ret == READ_FILE_READ_FAILED) {
66
4f79cf993737 Tiny improvement: free resources first that you have aquired last. Added TODO for better error reporting.
Bernhard Reiter <bernhard@intevation.de>
parents: 61
diff changeset
209 /* TODO: work with ferror() or feof() ? */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
210 return ReadFailed;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
211 }
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
212 return UnknownError;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
213 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
214
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
215 if (!*data || !*size) {
40
5cb1eb928253 Clean up debug output / functions
Andre Heinecke <aheinecke@intevation.de>
parents: 38
diff changeset
216 /* File is probably empty */
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
217 return UnknownError;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
218 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
219
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
220 if (**data != 'S') {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
221 retval = InvalidFormat;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
222 } else {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
223 ret = verify_list (*data, *size);
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
224 if (ret == 0) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
225 /* Hooray */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
226 return Valid;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
227 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
228 if (ret == -1) {
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
229 /* our error */
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
230 retval = InvalidFormat;
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
231 } else {
92
4980b0deb773 Fix memleak in case of invalid signature
Andre Heinecke <aheinecke@intevation.de>
parents: 89
diff changeset
232 retval = InvalidSignature;
31
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
233 }
37fc66967517 Implement signature verification wiht polarssl
Andre Heinecke <aheinecke@intevation.de>
parents: 28
diff changeset
234 }
9
2ad9a96518e3 Actually parse all elements in the list
Andre Heinecke <aheinecke@intevation.de>
parents: 7
diff changeset
235
7
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
236 if (retval != Valid && *data) {
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
237 free(*data);
992c0ec57660 Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents: 4
diff changeset
238 *data = NULL;
4
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
239 *size = 0;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
240 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
241 return retval;
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
242 }
9849250f50f2 Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
243
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
244 char **
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
245 get_certs_from_list (char *data, const size_t size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
246 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
247 char *cur = data;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
248 char **retval = NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
249
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
250 if (!data || !size)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
251 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
252 printf ("Invalid call to get_certs_to_remove \n");
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
253 return NULL;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
254 }
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
255
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
256 while (cur)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
257 {
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
258 char *next = strchr(cur, '\n');
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
259 if (strlen(cur) > 3 && (cur[0] == 'I' || cur[0] == 'R') &&
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
260 next - cur > 4)
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
261 {
292
57867a523dcf Do not cut off the last character of the line. (next-cur does not include \n)
Andre Heinecke <aheinecke@intevation.de>
parents: 286
diff changeset
262 size_t len = (size_t) (next - cur - 3);
286
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
263 /* Remove I: or R: at the beginning and \r\n at the end */
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
264 strv_append(&retval, cur + 2, len);
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
265 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
266 cur = next ? (next + 1) : NULL;
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
267 }
881ce5126f07 Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents: 178
diff changeset
268 return retval;
68
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
269 }
8ffbb48528ae Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents: 66
diff changeset
270

http://wald.intevation.org/projects/trustbridge/