Mercurial > trustbridge
diff common/listutil.c @ 28:e783fd99a9eb
Add public key parsing
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Thu, 13 Mar 2014 12:01:33 +0000 |
| parents | bc302bbceaf5 |
| children | 37fc66967517 |
line wrap: on
line diff
--- a/common/listutil.c Wed Mar 12 16:15:52 2014 +0100 +++ b/common/listutil.c Thu Mar 13 12:01:33 2014 +0000 @@ -9,6 +9,17 @@ #include <sys/stat.h> #include <string.h> +#ifdef RELEASE +#include "pubkey-release.h" +#else +#include "pubkey-test.h" +#endif + +#pragma GCC diagnostic ignored "-Wconversion" +/* Polarssl mh.h contains a conversion which gcc warns about */ +#include <polarssl/pk.h> +#pragma GCC diagnostic pop + #define MAX_FILESIZE_KB 1024 void handle_errno() @@ -16,25 +27,25 @@ printf("Error: %s \n", strerror(errno)); } -list_status_t readList(const char *fileName, char **data, size_t *size) +list_status_t read_list (const char *file_name, char **data, size_t *size) { int fd = -1; - struct stat fileStat; + struct stat file_stat; int rc = 0; ssize_t bRead = 0; - memset(&fileStat, 0, sizeof(fileStat)); + memset(&file_stat, 0, sizeof(file_stat)); list_status_t retval = UnknownError; - fd = open(fileName, O_RDONLY); + fd = open(file_name, O_RDONLY); if (fd == -1) { handle_errno(); retval = StatFailed; goto cleanup; } - rc = fstat(fd, &fileStat); + rc = fstat(fd, &file_stat); if (rc < 0) { printf ("Stat failed with rc: %i\n", rc); retval = StatFailed; @@ -42,20 +53,20 @@ } // Check the size of the file - if (!fileStat.st_size) { + if (!file_stat.st_size) { printf("Size zero\n"); retval = StatFailed; goto cleanup; } - if (fileStat.st_size / 1024 > MAX_FILESIZE_KB && - fileStat.st_size > 0) { + if (file_stat.st_size / 1024 > MAX_FILESIZE_KB && + file_stat.st_size > 0) { printf("File too large\n"); retval = TooLarge; goto cleanup; } - *size = (size_t) fileStat.st_size; + *size = (size_t) file_stat.st_size; *data = (char*) malloc(*size); @@ -93,24 +104,55 @@ return retval; } -list_status_t readAndVerifyList(const char *fileName, char **data, size_t *size) +/** @brief verify the certificate list + * + * The public key to verify against is the static publicKeyPEM data defined + * in the pubkey header. + * + * @param [in] data the list data + * @param [in] size the size of the data + * + * @returns 0 if the list is valid a polarssl error or -1 otherwise + */ +int verify_list(char *data, size_t size) { -// int validSig = 0; +// char *sigstart = data; + int ret = -1; + pk_context pub_key_ctx; + size_t lenpem = strlen((const char*)publicKeyPEM); + + pk_init(&pub_key_ctx); + + ret = pk_parse_public_key(&pub_key_ctx, publicKeyPEM, lenpem); + + if (ret != 0) { + printf("pk_parse_public_key failed with -0x%04x\n\n", -ret); + goto done; + } + +done: + pk_free(&pub_key_ctx); + return ret; +} + +list_status_t read_and_verify_list(const char *file_name, char **data, + size_t *size) +{ char * signature = NULL; list_status_t retval = UnknownError; *data = NULL; *size = 0; - retval = readList(fileName, data, size); + retval = read_list(file_name, data, size); if (retval != UnknownValidity) { - printf ("Readlist failed\n"); + printf("Readlist failed\n"); return retval; } if (!data || !*size) { - // should not have happend if readList works as specified + // should not have happend if read_list works as specified return UnknownError; } @@ -122,10 +164,7 @@ goto cleanup; } -// TODO VERIFIY -retval = Valid; - -// Maybe check if all bytes are < 127 and > 0 + retval = verify_list (*data, *size); cleanup: if (retval != Valid && *data) {