# HG changeset patch # User Andre Heinecke # Date 1394712093 0 # Node ID e783fd99a9ebc1af23a47757609b607a3560abe3 # Parent 62cd56cea09bef52f8282b42cbcc84dfa1002d68 Add public key parsing diff -r 62cd56cea09b -r e783fd99a9eb common/listutil.c --- a/common/listutil.c Wed Mar 12 16:15:52 2014 +0100 +++ b/common/listutil.c Thu Mar 13 12:01:33 2014 +0000 @@ -9,6 +9,17 @@ #include #include +#ifdef RELEASE +#include "pubkey-release.h" +#else +#include "pubkey-test.h" +#endif + +#pragma GCC diagnostic ignored "-Wconversion" +/* Polarssl mh.h contains a conversion which gcc warns about */ +#include +#pragma GCC diagnostic pop + #define MAX_FILESIZE_KB 1024 void handle_errno() @@ -16,25 +27,25 @@ printf("Error: %s \n", strerror(errno)); } -list_status_t readList(const char *fileName, char **data, size_t *size) +list_status_t read_list (const char *file_name, char **data, size_t *size) { int fd = -1; - struct stat fileStat; + struct stat file_stat; int rc = 0; ssize_t bRead = 0; - memset(&fileStat, 0, sizeof(fileStat)); + memset(&file_stat, 0, sizeof(file_stat)); list_status_t retval = UnknownError; - fd = open(fileName, O_RDONLY); + fd = open(file_name, O_RDONLY); if (fd == -1) { handle_errno(); retval = StatFailed; goto cleanup; } - rc = fstat(fd, &fileStat); + rc = fstat(fd, &file_stat); if (rc < 0) { printf ("Stat failed with rc: %i\n", rc); retval = StatFailed; @@ -42,20 +53,20 @@ } // Check the size of the file - if (!fileStat.st_size) { + if (!file_stat.st_size) { printf("Size zero\n"); retval = StatFailed; goto cleanup; } - if (fileStat.st_size / 1024 > MAX_FILESIZE_KB && - fileStat.st_size > 0) { + if (file_stat.st_size / 1024 > MAX_FILESIZE_KB && + file_stat.st_size > 0) { printf("File too large\n"); retval = TooLarge; goto cleanup; } - *size = (size_t) fileStat.st_size; + *size = (size_t) file_stat.st_size; *data = (char*) malloc(*size); @@ -93,24 +104,55 @@ return retval; } -list_status_t readAndVerifyList(const char *fileName, char **data, size_t *size) +/** @brief verify the certificate list + * + * The public key to verify against is the static publicKeyPEM data defined + * in the pubkey header. + * + * @param [in] data the list data + * @param [in] size the size of the data + * + * @returns 0 if the list is valid a polarssl error or -1 otherwise + */ +int verify_list(char *data, size_t size) { -// int validSig = 0; +// char *sigstart = data; + int ret = -1; + pk_context pub_key_ctx; + size_t lenpem = strlen((const char*)publicKeyPEM); + + pk_init(&pub_key_ctx); + + ret = pk_parse_public_key(&pub_key_ctx, publicKeyPEM, lenpem); + + if (ret != 0) { + printf("pk_parse_public_key failed with -0x%04x\n\n", -ret); + goto done; + } + +done: + pk_free(&pub_key_ctx); + return ret; +} + +list_status_t read_and_verify_list(const char *file_name, char **data, + size_t *size) +{ char * signature = NULL; list_status_t retval = UnknownError; *data = NULL; *size = 0; - retval = readList(fileName, data, size); + retval = read_list(file_name, data, size); if (retval != UnknownValidity) { - printf ("Readlist failed\n"); + printf("Readlist failed\n"); return retval; } if (!data || !*size) { - // should not have happend if readList works as specified + // should not have happend if read_list works as specified return UnknownError; } @@ -122,10 +164,7 @@ goto cleanup; } -// TODO VERIFIY -retval = Valid; - -// Maybe check if all bytes are < 127 and > 0 + retval = verify_list (*data, *size); cleanup: if (retval != Valid && *data) { diff -r 62cd56cea09b -r e783fd99a9eb common/listutil.h --- a/common/listutil.h Wed Mar 12 16:15:52 2014 +0100 +++ b/common/listutil.h Thu Mar 13 12:01:33 2014 +0000 @@ -41,7 +41,7 @@ * * @return status of the operation. */ -list_status_t readAndVerifyList(const char *fileName, char **data, size_t *size); +list_status_t read_and_verify_list(const char *fileName, char **data, size_t *size); #ifdef __cplusplus } #endif diff -r 62cd56cea09b -r e783fd99a9eb common/pubkey-release.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/pubkey-release.h Thu Mar 13 12:01:33 2014 +0000 @@ -0,0 +1,4 @@ +#ifndef PUBKEY_RELEASE_H +#define PUBKEY_RELEASE_H +static const unsigned char public_key_pem[] = ""; +#endif diff -r 62cd56cea09b -r e783fd99a9eb common/pubkey-test.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/pubkey-test.h Thu Mar 13 12:01:33 2014 +0000 @@ -0,0 +1,19 @@ +#ifndef PUBKEY_TEST_H +#define PUBKEY_TEST_H + +/* PEM encoded public key */ +static const unsigned char public_key_pem[] = +"-----BEGIN PUBLIC KEY-----\n" +"MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAljObDbSjuYULdW9TtAzl\n" +"LqopCVdbCTa+j5Vc+SM9damMrpWrKXW7X+PnZstboKJRyENLqUUwgkQYmtD9CzDU\n" +"HKUqZFQHnnmNjN5FaYEcMG4rcL+Y9BUUIcxMogboeS6UuUnRHH0eZlNd5m7CYhL6\n" +"y2sD4umJ+lx//K7Rh/qsamjEQHyTX4GeNJnoU6sRu17emGoPi37ACUXguv5D6KMY\n" +"4FVSlObuYGe1r2RDl2E/EKTgJfXy+NsQswvChtyFVOS/1wv5cLwNFher1ttVP1Oj\n" +"2ma0sLe4qZlSpNpG6bD9oZzCmwqKAuAZIY9dZNXgoAsnClqR1mdvii6zwI/k+bdy\n" +"4aPqlNGjyeCXLGAzsZeyxzL7Ka09omr6OE4/okhaaj47xRPsODW7cDwF7kphHmoG\n" +"IPbDs5Wc6PlYcS9triMyCDYSvwjjsZsYfSaNt8zu2fHrXQC+/ssvRUVvNHPncqUH\n" +"sEEsfE/qhfQCZTgd/nw3/No4IRQX7spowGhnwtP/qsQTAgMBAAE=\n" +"-----END PUBLIC KEY-----\n"; + +static const size_t public_key_pem_size = 625; +#endif