Mercurial > trustbridge
comparison common/binverify.c @ 1369:948f03bb5254
Add signature time extraction for Linux and test for it in binverifytest
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 24 Nov 2014 14:43:10 +0100 |
| parents | 28885e8c891f |
| children | c64b6c56ce96 |
comparison
equal
deleted
inserted
replaced
| 1368:41cf49df007d | 1369:948f03bb5254 |
|---|---|
| 359 #include <polarssl/error.h> | 359 #include <polarssl/error.h> |
| 360 #include <polarssl/x509_crt.h> | 360 #include <polarssl/x509_crt.h> |
| 361 #ifndef __clang__ | 361 #ifndef __clang__ |
| 362 #pragma GCC diagnostic pop | 362 #pragma GCC diagnostic pop |
| 363 #endif | 363 #endif |
| 364 #include <stdlib.h> | |
| 365 | |
| 366 #define SIG_DT_MARKER "\r\nS_DT:" | |
| 367 | |
| 368 /** This function is only intended to be used on well formatted input | |
| 369 * after verifification as it makes some hard assumptions what | |
| 370 * follows the SIG_DT_MARKER*/ | |
| 371 time_t | |
| 372 get_signature_time (char *data, size_t data_size) | |
| 373 { | |
| 374 char *p = NULL, | |
| 375 *end = NULL, | |
| 376 *buf = NULL; | |
| 377 long lSigTime = 0; | |
| 378 size_t len = 0; | |
| 379 | |
| 380 | |
| 381 /** Look for a DOS linebreak followed by an S_DT: */ | |
| 382 size_t marker_len = strlen(SIG_DT_MARKER); | |
| 383 for (p = data + data_size - 1; p > data; p--) | |
| 384 { | |
| 385 if (!memcmp(SIG_DT_MARKER, p, marker_len)) | |
| 386 break; | |
| 387 } | |
| 388 | |
| 389 if (!p || p == data) | |
| 390 { | |
| 391 ERRORPRINTF ("Failed to find signature timestamp.\n"); | |
| 392 return 0; | |
| 393 } | |
| 394 p = strchr (p, ':'); | |
| 395 end = strchr (p, '\r'); | |
| 396 if (!end) | |
| 397 { | |
| 398 return 0; | |
| 399 } | |
| 400 if (end - p <= 0) | |
| 401 { | |
| 402 // Should never happen but we check to ensure that | |
| 403 // the following cast is valid which makes a size_t | |
| 404 ERRORPRINTF ("Signature timestamp does not compute.\n"); | |
| 405 return 0; | |
| 406 } | |
| 407 len = (size_t) (end - p); | |
| 408 | |
| 409 buf = xstrndup (p + 1, len); | |
| 410 | |
| 411 lSigTime = strtol (buf, NULL, 10); | |
| 412 xfree (buf); | |
| 413 return (time_t) lSigTime; | |
| 414 } | |
| 364 | 415 |
| 365 bin_verify_result | 416 bin_verify_result |
| 366 verify_binary_linux(const char *filename, size_t name_len) | 417 verify_binary_linux(const char *filename, size_t name_len) |
| 367 { | 418 { |
| 368 int ret = -1; | 419 int ret = -1; |
| 462 x509_crt_free(&codesign_cert); | 513 x509_crt_free(&codesign_cert); |
| 463 | 514 |
| 464 retval.result = VerifyValid; | 515 retval.result = VerifyValid; |
| 465 retval.fptr = fptr; | 516 retval.fptr = fptr; |
| 466 | 517 |
| 518 /** We know know that the signature is valid we can trust the data content. */ | |
| 519 retval.sig_time = get_signature_time (data, data_size); | |
| 520 | |
| 467 done: | 521 done: |
| 468 if (retval.result != VerifyValid) | 522 if (retval.result != VerifyValid) |
| 469 { | 523 { |
| 470 if (fptr) | 524 if (fptr) |
| 471 { | 525 { |