Mercurial > trustbridge

changeset 28:e783fd99a9eb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add public key parsing
author Andre Heinecke <aheinecke@intevation.de>
date Thu, 13 Mar 2014 12:01:33 +0000
parents 62cd56cea09b
children 42a27154abaf
files common/listutil.c common/listutil.h common/pubkey-release.h common/pubkey-test.h
diffstat 4 files changed, 81 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/common/listutil.c	Wed Mar 12 16:15:52 2014 +0100
+++ b/common/listutil.c	Thu Mar 13 12:01:33 2014 +0000
@@ -9,6 +9,17 @@
 #include <sys/stat.h>
 #include <string.h>
 
+#ifdef RELEASE
+#include "pubkey-release.h"
+#else
+#include "pubkey-test.h"
+#endif
+
+#pragma GCC diagnostic ignored "-Wconversion"
+/* Polarssl mh.h contains a conversion which gcc warns about */
+#include <polarssl/pk.h>
+#pragma GCC diagnostic pop
+
 #define MAX_FILESIZE_KB 1024
 
 void handle_errno()
@@ -16,25 +27,25 @@
     printf("Error: %s \n", strerror(errno));
 }
 
-list_status_t readList(const char *fileName, char **data, size_t *size)
+list_status_t read_list (const char *file_name, char **data, size_t *size)
 {
     int fd = -1;
-    struct stat fileStat;
+    struct stat file_stat;
     int rc = 0;
     ssize_t bRead = 0;
 
-    memset(&fileStat, 0, sizeof(fileStat));
+    memset(&file_stat, 0, sizeof(file_stat));
 
     list_status_t retval = UnknownError;
 
-    fd = open(fileName, O_RDONLY);
+    fd = open(file_name, O_RDONLY);
     if (fd == -1) {
         handle_errno();
         retval = StatFailed;
         goto cleanup;
     }
 
-    rc = fstat(fd, &fileStat);
+    rc = fstat(fd, &file_stat);
     if (rc < 0) {
         printf ("Stat failed with rc: %i\n", rc);
         retval = StatFailed;
@@ -42,20 +53,20 @@
     }
 
     // Check the size of the file
-    if (!fileStat.st_size) {
+    if (!file_stat.st_size) {
         printf("Size zero\n");
         retval = StatFailed;
         goto cleanup;
     }
 
-    if (fileStat.st_size / 1024 > MAX_FILESIZE_KB &&
-            fileStat.st_size > 0) {
+    if (file_stat.st_size / 1024 > MAX_FILESIZE_KB &&
+            file_stat.st_size > 0) {
         printf("File too large\n");
         retval = TooLarge;
         goto cleanup;
     }
 
-    *size = (size_t) fileStat.st_size;
+    *size = (size_t) file_stat.st_size;
 
     *data = (char*) malloc(*size);
 
@@ -93,24 +104,55 @@
     return retval;
 }
 
-list_status_t readAndVerifyList(const char *fileName, char **data, size_t *size)
+/** @brief verify the certificate list
+ *
+ * The public key to verify against is the static publicKeyPEM data defined
+ * in the pubkey header.
+ *
+ *  @param [in] data the list data
+ *  @param [in] size the size of the data
+ *
+ *  @returns 0 if the list is valid a polarssl error or -1 otherwise
+ */
+int verify_list(char *data, size_t size)
 {
-//    int validSig = 0;
+//    char *sigstart = data;
+    int ret = -1;
+    pk_context pub_key_ctx;
+    size_t lenpem = strlen((const char*)publicKeyPEM);
+
+    pk_init(&pub_key_ctx);
+
+    ret = pk_parse_public_key(&pub_key_ctx, publicKeyPEM, lenpem);
+
+    if (ret != 0) {
+        printf("pk_parse_public_key failed with -0x%04x\n\n", -ret);
+        goto done;
+    }
+
+done:
+    pk_free(&pub_key_ctx);
+    return ret;
+}
+
+list_status_t read_and_verify_list(const char *file_name, char **data,
+                                   size_t *size)
+{
     char * signature = NULL;
 
     list_status_t retval = UnknownError;
     *data = NULL;
     *size = 0;
 
-    retval = readList(fileName, data, size);
+    retval = read_list(file_name, data, size);
 
     if (retval != UnknownValidity) {
-        printf ("Readlist failed\n");
+        printf("Readlist failed\n");
         return retval;
     }
 
     if (!data || !*size) {
-        // should not have happend if readList works as specified
+        // should not have happend if read_list works as specified
         return UnknownError;
     }
 
@@ -122,10 +164,7 @@
         goto cleanup;
     }
 
-// TODO VERIFIY
-retval = Valid;
-
-// Maybe check if all bytes are < 127 and > 0
+    retval = verify_list (*data, *size);
 
 cleanup:
     if (retval != Valid && *data) {
--- a/common/listutil.h	Wed Mar 12 16:15:52 2014 +0100
+++ b/common/listutil.h	Thu Mar 13 12:01:33 2014 +0000
@@ -41,7 +41,7 @@
  *
  * @return status of the operation.
  */
-list_status_t readAndVerifyList(const char *fileName, char **data, size_t *size);
+list_status_t read_and_verify_list(const char *fileName, char **data, size_t *size);
 #ifdef __cplusplus
 }
 #endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/pubkey-release.h	Thu Mar 13 12:01:33 2014 +0000
@@ -0,0 +1,4 @@
+#ifndef PUBKEY_RELEASE_H
+#define PUBKEY_RELEASE_H
+static const unsigned char public_key_pem[] = "";
+#endif
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/pubkey-test.h	Thu Mar 13 12:01:33 2014 +0000
@@ -0,0 +1,19 @@
+#ifndef PUBKEY_TEST_H
+#define PUBKEY_TEST_H
+
+/* PEM encoded public key */
+static const unsigned char public_key_pem[] =
+"-----BEGIN PUBLIC KEY-----\n"
+"MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAljObDbSjuYULdW9TtAzl\n"
+"LqopCVdbCTa+j5Vc+SM9damMrpWrKXW7X+PnZstboKJRyENLqUUwgkQYmtD9CzDU\n"
+"HKUqZFQHnnmNjN5FaYEcMG4rcL+Y9BUUIcxMogboeS6UuUnRHH0eZlNd5m7CYhL6\n"
+"y2sD4umJ+lx//K7Rh/qsamjEQHyTX4GeNJnoU6sRu17emGoPi37ACUXguv5D6KMY\n"
+"4FVSlObuYGe1r2RDl2E/EKTgJfXy+NsQswvChtyFVOS/1wv5cLwNFher1ttVP1Oj\n"
+"2ma0sLe4qZlSpNpG6bD9oZzCmwqKAuAZIY9dZNXgoAsnClqR1mdvii6zwI/k+bdy\n"
+"4aPqlNGjyeCXLGAzsZeyxzL7Ka09omr6OE4/okhaaj47xRPsODW7cDwF7kphHmoG\n"
+"IPbDs5Wc6PlYcS9triMyCDYSvwjjsZsYfSaNt8zu2fHrXQC+/ssvRUVvNHPncqUH\n"
+"sEEsfE/qhfQCZTgd/nw3/No4IRQX7spowGhnwtP/qsQTAgMBAAE=\n"
+"-----END PUBLIC KEY-----\n";
+
+static const size_t public_key_pem_size = 625;
+#endif
http://wald.intevation.org/projects/trustbridge/