comparison common/binverify.c @ 1369:948f03bb5254

Add signature time extraction for Linux and test for it in binverifytest
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 24 Nov 2014 14:43:10 +0100
parents 28885e8c891f
children c64b6c56ce96
comparison
equal deleted inserted replaced
1368:41cf49df007d 1369:948f03bb5254
359 #include <polarssl/error.h> 359 #include <polarssl/error.h>
360 #include <polarssl/x509_crt.h> 360 #include <polarssl/x509_crt.h>
361 #ifndef __clang__ 361 #ifndef __clang__
362 #pragma GCC diagnostic pop 362 #pragma GCC diagnostic pop
363 #endif 363 #endif
364 #include <stdlib.h>
365
366 #define SIG_DT_MARKER "\r\nS_DT:"
367
368 /** This function is only intended to be used on well formatted input
369 * after verifification as it makes some hard assumptions what
370 * follows the SIG_DT_MARKER*/
371 time_t
372 get_signature_time (char *data, size_t data_size)
373 {
374 char *p = NULL,
375 *end = NULL,
376 *buf = NULL;
377 long lSigTime = 0;
378 size_t len = 0;
379
380
381 /** Look for a DOS linebreak followed by an S_DT: */
382 size_t marker_len = strlen(SIG_DT_MARKER);
383 for (p = data + data_size - 1; p > data; p--)
384 {
385 if (!memcmp(SIG_DT_MARKER, p, marker_len))
386 break;
387 }
388
389 if (!p || p == data)
390 {
391 ERRORPRINTF ("Failed to find signature timestamp.\n");
392 return 0;
393 }
394 p = strchr (p, ':');
395 end = strchr (p, '\r');
396 if (!end)
397 {
398 return 0;
399 }
400 if (end - p <= 0)
401 {
402 // Should never happen but we check to ensure that
403 // the following cast is valid which makes a size_t
404 ERRORPRINTF ("Signature timestamp does not compute.\n");
405 return 0;
406 }
407 len = (size_t) (end - p);
408
409 buf = xstrndup (p + 1, len);
410
411 lSigTime = strtol (buf, NULL, 10);
412 xfree (buf);
413 return (time_t) lSigTime;
414 }
364 415
365 bin_verify_result 416 bin_verify_result
366 verify_binary_linux(const char *filename, size_t name_len) 417 verify_binary_linux(const char *filename, size_t name_len)
367 { 418 {
368 int ret = -1; 419 int ret = -1;
462 x509_crt_free(&codesign_cert); 513 x509_crt_free(&codesign_cert);
463 514
464 retval.result = VerifyValid; 515 retval.result = VerifyValid;
465 retval.fptr = fptr; 516 retval.fptr = fptr;
466 517
518 /** We know know that the signature is valid we can trust the data content. */
519 retval.sig_time = get_signature_time (data, data_size);
520
467 done: 521 done:
468 if (retval.result != VerifyValid) 522 if (retval.result != VerifyValid)
469 { 523 {
470 if (fptr) 524 if (fptr)
471 { 525 {

http://wald.intevation.org/projects/trustbridge/