Mercurial > trustbridge > trustbridge

comparison common/listutil.c @ 28:e783fd99a9eb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add public key parsing
author Andre Heinecke <aheinecke@intevation.de>
date Thu, 13 Mar 2014 12:01:33 +0000
parents bc302bbceaf5
children 37fc66967517
comparison
equal deleted inserted replaced
27:62cd56cea09b 28:e783fd99a9eb
7 #include <unistd.h> 7 #include <unistd.h>
8 #include <sys/types.h> 8 #include <sys/types.h>
9 #include <sys/stat.h> 9 #include <sys/stat.h>
10 #include <string.h> 10 #include <string.h>
11 11
12 #ifdef RELEASE
13 #include "pubkey-release.h"
14 #else
15 #include "pubkey-test.h"
16 #endif
17
18 #pragma GCC diagnostic ignored "-Wconversion"
19 /* Polarssl mh.h contains a conversion which gcc warns about */
20 #include <polarssl/pk.h>
21 #pragma GCC diagnostic pop
22
12 #define MAX_FILESIZE_KB 1024 23 #define MAX_FILESIZE_KB 1024
13 24
14 void handle_errno() 25 void handle_errno()
15 { 26 {
16 printf("Error: %s \n", strerror(errno)); 27 printf("Error: %s \n", strerror(errno));
17 } 28 }
18 29
19 list_status_t readList(const char *fileName, char **data, size_t *size) 30 list_status_t read_list (const char *file_name, char **data, size_t *size)
20 { 31 {
21 int fd = -1; 32 int fd = -1;
22 struct stat fileStat; 33 struct stat file_stat;
23 int rc = 0; 34 int rc = 0;
24 ssize_t bRead = 0; 35 ssize_t bRead = 0;
25 36
26 memset(&fileStat, 0, sizeof(fileStat)); 37 memset(&file_stat, 0, sizeof(file_stat));
27 38
28 list_status_t retval = UnknownError; 39 list_status_t retval = UnknownError;
29 40
30 fd = open(fileName, O_RDONLY); 41 fd = open(file_name, O_RDONLY);
31 if (fd == -1) { 42 if (fd == -1) {
32 handle_errno(); 43 handle_errno();
33 retval = StatFailed; 44 retval = StatFailed;
34 goto cleanup; 45 goto cleanup;
35 } 46 }
36 47
37 rc = fstat(fd, &fileStat); 48 rc = fstat(fd, &file_stat);
38 if (rc < 0) { 49 if (rc < 0) {
39 printf ("Stat failed with rc: %i\n", rc); 50 printf ("Stat failed with rc: %i\n", rc);
40 retval = StatFailed; 51 retval = StatFailed;
41 goto cleanup; 52 goto cleanup;
42 } 53 }
43 54
44 // Check the size of the file 55 // Check the size of the file
45 if (!fileStat.st_size) { 56 if (!file_stat.st_size) {
46 printf("Size zero\n"); 57 printf("Size zero\n");
47 retval = StatFailed; 58 retval = StatFailed;
48 goto cleanup; 59 goto cleanup;
49 } 60 }
50 61
51 if (fileStat.st_size / 1024 > MAX_FILESIZE_KB && 62 if (file_stat.st_size / 1024 > MAX_FILESIZE_KB &&
52 fileStat.st_size > 0) { 63 file_stat.st_size > 0) {
53 printf("File too large\n"); 64 printf("File too large\n");
54 retval = TooLarge; 65 retval = TooLarge;
55 goto cleanup; 66 goto cleanup;
56 } 67 }
57 68
58 *size = (size_t) fileStat.st_size; 69 *size = (size_t) file_stat.st_size;
59 70
60 *data = (char*) malloc(*size); 71 *data = (char*) malloc(*size);
61 72
62 if (*data == NULL) { 73 if (*data == NULL) {
63 printf("Malloc failed\n"); 74 printf("Malloc failed\n");
91 } 102 }
92 103
93 return retval; 104 return retval;
94 } 105 }
95 106
96 list_status_t readAndVerifyList(const char *fileName, char **data, size_t *size) 107 /** @brief verify the certificate list
108 *
109 * The public key to verify against is the static publicKeyPEM data defined
110 * in the pubkey header.
111 *
112 * @param [in] data the list data
113 * @param [in] size the size of the data
114 *
115 * @returns 0 if the list is valid a polarssl error or -1 otherwise
116 */
117 int verify_list(char *data, size_t size)
97 { 118 {
98 // int validSig = 0; 119 // char *sigstart = data;
120 int ret = -1;
121 pk_context pub_key_ctx;
122 size_t lenpem = strlen((const char*)publicKeyPEM);
123
124 pk_init(&pub_key_ctx);
125
126 ret = pk_parse_public_key(&pub_key_ctx, publicKeyPEM, lenpem);
127
128 if (ret != 0) {
129 printf("pk_parse_public_key failed with -0x%04x\n\n", -ret);
130 goto done;
131 }
132
133 done:
134 pk_free(&pub_key_ctx);
135 return ret;
136 }
137
138 list_status_t read_and_verify_list(const char *file_name, char **data,
139 size_t *size)
140 {
99 char * signature = NULL; 141 char * signature = NULL;
100 142
101 list_status_t retval = UnknownError; 143 list_status_t retval = UnknownError;
102 *data = NULL; 144 *data = NULL;
103 *size = 0; 145 *size = 0;
104 146
105 retval = readList(fileName, data, size); 147 retval = read_list(file_name, data, size);
106 148
107 if (retval != UnknownValidity) { 149 if (retval != UnknownValidity) {
108 printf ("Readlist failed\n"); 150 printf("Readlist failed\n");
109 return retval; 151 return retval;
110 } 152 }
111 153
112 if (!data || !*size) { 154 if (!data || !*size) {
113 // should not have happend if readList works as specified 155 // should not have happend if read_list works as specified
114 return UnknownError; 156 return UnknownError;
115 } 157 }
116 158
117 signature = *data; 159 signature = *data;
118 160
120 printf("Does not start with S\n"); 162 printf("Does not start with S\n");
121 retval = InvalidFormat; 163 retval = InvalidFormat;
122 goto cleanup; 164 goto cleanup;
123 } 165 }
124 166
125 // TODO VERIFIY 167 retval = verify_list (*data, *size);
126 retval = Valid;
127
128 // Maybe check if all bytes are < 127 and > 0
129 168
130 cleanup: 169 cleanup:
131 if (retval != Valid && *data) { 170 if (retval != Valid && *data) {
132 free(*data); 171 free(*data);
133 *data = NULL; 172 *data = NULL;
http://wald.intevation.org/projects/trustbridge/