pkg_signature.c revision 1.1
1 1.1 joerg /* $NetBSD: pkg_signature.c,v 1.1 2009/02/02 20:44:07 joerg Exp $ */ 2 1.1 joerg 3 1.1 joerg #if HAVE_CONFIG_H 4 1.1 joerg #include "config.h" 5 1.1 joerg #endif 6 1.1 joerg #include <nbcompat.h> 7 1.1 joerg #if HAVE_SYS_CDEFS_H 8 1.1 joerg #include <sys/cdefs.h> 9 1.1 joerg #endif 10 1.1 joerg __RCSID("$NetBSD: pkg_signature.c,v 1.1 2009/02/02 20:44:07 joerg Exp $"); 11 1.1 joerg 12 1.1 joerg /*- 13 1.1 joerg * Copyright (c) 2008 Joerg Sonnenberger <joerg (at) NetBSD.org>. 14 1.1 joerg * All rights reserved. 15 1.1 joerg * 16 1.1 joerg * Redistribution and use in source and binary forms, with or without 17 1.1 joerg * modification, are permitted provided that the following conditions 18 1.1 joerg * are met: 19 1.1 joerg * 20 1.1 joerg * 1. Redistributions of source code must retain the above copyright 21 1.1 joerg * notice, this list of conditions and the following disclaimer. 22 1.1 joerg * 2. Redistributions in binary form must reproduce the above copyright 23 1.1 joerg * notice, this list of conditions and the following disclaimer in 24 1.1 joerg * the documentation and/or other materials provided with the 25 1.1 joerg * distribution. 26 1.1 joerg * 27 1.1 joerg * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28 1.1 joerg * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 29 1.1 joerg * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 30 1.1 joerg * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 31 1.1 joerg * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 32 1.1 joerg * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 1.1 joerg * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 34 1.1 joerg * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 35 1.1 joerg * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 36 1.1 joerg * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 37 1.1 joerg * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 1.1 joerg * SUCH DAMAGE. 39 1.1 joerg */ 40 1.1 joerg 41 1.1 joerg #if HAVE_SYS_WAIT_H 42 1.1 joerg #include <sys/wait.h> 43 1.1 joerg #endif 44 1.1 joerg #include <ctype.h> 45 1.1 joerg #if HAVE_ERR_H 46 1.1 joerg #include <err.h> 47 1.1 joerg #endif 48 1.1 joerg #include <errno.h> 49 1.1 joerg #include <fcntl.h> 50 1.1 joerg #include <stdlib.h> 51 1.1 joerg #ifndef NETBSD 52 1.1 joerg #include <nbcompat/sha2.h> 53 1.1 joerg #else 54 1.1 joerg #include <sha2.h> 55 1.1 joerg #endif 56 1.1 joerg #include <signal.h> 57 1.1 joerg #ifdef NETBSD 58 1.1 joerg #include <unistd.h> 59 1.1 joerg #else 60 1.1 joerg #include <nbcompat/unistd.h> 61 1.1 joerg #endif 62 1.1 joerg 63 1.1 joerg #include <archive.h> 64 1.1 joerg #include <archive_entry.h> 65 1.1 joerg 66 1.1 joerg #include "lib.h" 67 1.1 joerg 68 1.1 joerg #define HASH_FNAME "+PKG_HASH" 69 1.1 joerg #define SIGNATURE_FNAME "+PKG_SIGNATURE" 70 1.1 joerg #define GPG_SIGNATURE_FNAME "+PKG_GPG_SIGNATURE" 71 1.1 joerg 72 1.1 joerg struct signature_archive { 73 1.1 joerg struct archive *archive; 74 1.1 joerg off_t pkg_size; 75 1.1 joerg size_t sign_block_len, sign_block_number, sign_cur_block; 76 1.1 joerg char **sign_blocks; 77 1.1 joerg unsigned char *sign_buf; 78 1.1 joerg }; 79 1.1 joerg 80 1.1 joerg static void 81 1.1 joerg hash_block(unsigned char *buf, size_t buf_len, 82 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]) 83 1.1 joerg { 84 1.1 joerg unsigned char digest[SHA512_DIGEST_LENGTH]; 85 1.1 joerg SHA512_CTX hash_ctx; 86 1.1 joerg int i; 87 1.1 joerg 88 1.1 joerg SHA512_Init(&hash_ctx); 89 1.1 joerg SHA512_Update(&hash_ctx, buf, buf_len); 90 1.1 joerg SHA512_Final(digest, &hash_ctx); 91 1.1 joerg for (i = 0; i < SHA512_DIGEST_LENGTH; ++i) { 92 1.1 joerg unsigned char c; 93 1.1 joerg 94 1.1 joerg c = digest[i] / 16; 95 1.1 joerg if (c < 10) 96 1.1 joerg hash[2 * i] = '0' + c; 97 1.1 joerg else 98 1.1 joerg hash[2 * i] = 'a' - 10 + c; 99 1.1 joerg 100 1.1 joerg c = digest[i] % 16; 101 1.1 joerg if (c < 10) 102 1.1 joerg hash[2 * i + 1] = '0' + c; 103 1.1 joerg else 104 1.1 joerg hash[2 * i + 1] = 'a' - 10 + c; 105 1.1 joerg } 106 1.1 joerg hash[2 * i] = '\0'; 107 1.1 joerg } 108 1.1 joerg 109 1.1 joerg static ssize_t 110 1.1 joerg verify_signature_read_cb(struct archive *archive, void *cookie, const void **buf) 111 1.1 joerg { 112 1.1 joerg struct signature_archive *state = cookie; 113 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]; 114 1.1 joerg ssize_t len, expected; 115 1.1 joerg 116 1.1 joerg if (state->sign_cur_block >= state->sign_block_number) 117 1.1 joerg return 0; 118 1.1 joerg 119 1.1 joerg /* The following works for sign_block_len > 1 */ 120 1.1 joerg if (state->sign_cur_block + 1 == state->sign_block_number) 121 1.1 joerg expected = state->pkg_size % state->sign_block_len; 122 1.1 joerg else 123 1.1 joerg expected = state->sign_block_len; 124 1.1 joerg 125 1.1 joerg len = archive_read_data(state->archive, state->sign_buf, expected); 126 1.1 joerg if (len != expected) { 127 1.1 joerg warnx("Short read from package"); 128 1.1 joerg return -1; 129 1.1 joerg } 130 1.1 joerg 131 1.1 joerg hash_block(state->sign_buf, len, hash); 132 1.1 joerg 133 1.1 joerg if (strcmp(hash, state->sign_blocks[state->sign_cur_block]) != 0) { 134 1.1 joerg warnx("Invalid signature of block %llu", 135 1.1 joerg (unsigned long long)state->sign_cur_block); 136 1.1 joerg return -1; 137 1.1 joerg } 138 1.1 joerg ++state->sign_cur_block; 139 1.1 joerg *buf = state->sign_buf; 140 1.1 joerg return len; 141 1.1 joerg } 142 1.1 joerg 143 1.1 joerg static void 144 1.1 joerg free_signature_int(struct signature_archive *state) 145 1.1 joerg { 146 1.1 joerg size_t i; 147 1.1 joerg 148 1.1 joerg if (state->sign_blocks != NULL) { 149 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 150 1.1 joerg free(state->sign_blocks[i]); 151 1.1 joerg } 152 1.1 joerg free(state->sign_blocks); 153 1.1 joerg free(state->sign_buf); 154 1.1 joerg free(state); 155 1.1 joerg } 156 1.1 joerg 157 1.1 joerg void 158 1.1 joerg pkg_free_signature(void *cookie) 159 1.1 joerg { 160 1.1 joerg struct signature_archive *state = cookie; 161 1.1 joerg 162 1.1 joerg if (state == NULL) 163 1.1 joerg return; 164 1.1 joerg 165 1.1 joerg archive_read_finish(state->archive); 166 1.1 joerg free_signature_int(state); 167 1.1 joerg } 168 1.1 joerg 169 1.1 joerg static int 170 1.1 joerg read_file_from_archive(struct archive *archive, struct archive_entry **entry, 171 1.1 joerg const char *fname, char **content, size_t *len) 172 1.1 joerg { 173 1.1 joerg int r; 174 1.1 joerg 175 1.1 joerg *content = NULL; 176 1.1 joerg *len = 0; 177 1.1 joerg 178 1.1 joerg retry: 179 1.1 joerg if (*entry == NULL && 180 1.1 joerg (r = archive_read_next_header(archive, entry)) != ARCHIVE_OK) { 181 1.1 joerg if (r == ARCHIVE_FATAL) 182 1.1 joerg warnx("Cannot read from archive: %s", 183 1.1 joerg archive_error_string(archive)); 184 1.1 joerg return -1; 185 1.1 joerg } 186 1.1 joerg if (strcmp(archive_entry_pathname(*entry), "//") == 0) { 187 1.1 joerg archive_read_data_skip(archive); 188 1.1 joerg *entry = NULL; 189 1.1 joerg goto retry; 190 1.1 joerg } 191 1.1 joerg 192 1.1 joerg if (strcmp(fname, archive_entry_pathname(*entry)) != 0) 193 1.1 joerg return -1; 194 1.1 joerg 195 1.1 joerg if (archive_entry_size(*entry) > SSIZE_MAX - 1) { 196 1.1 joerg warnx("signature too large to process"); 197 1.1 joerg return 1; 198 1.1 joerg } 199 1.1 joerg *len = archive_entry_size(*entry); 200 1.1 joerg *content = xmalloc(*len + 1); 201 1.1 joerg 202 1.1 joerg if (archive_read_data(archive, *content, *len) != *len) { 203 1.1 joerg warnx("cannot read complete %s from archive", fname); 204 1.1 joerg free(*content); 205 1.1 joerg *len = 0; 206 1.1 joerg *content = NULL; 207 1.1 joerg return 1; 208 1.1 joerg } 209 1.1 joerg (*content)[*len] = '\0'; 210 1.1 joerg *entry = NULL; 211 1.1 joerg 212 1.1 joerg return 0; 213 1.1 joerg } 214 1.1 joerg 215 1.1 joerg static int 216 1.1 joerg parse_hash_file(const char *hash_file, char **pkgname, 217 1.1 joerg struct signature_archive *state) 218 1.1 joerg { 219 1.1 joerg static const char block1[] = "pkgsrc signature\n\nversion: 1\npkgname: "; 220 1.1 joerg static const char block2[] = "algorithm: SHA512\nblock size: "; 221 1.1 joerg static const char block3[] = "file size: "; 222 1.1 joerg static const char block4[] = "end pkgsrc signature\n"; 223 1.1 joerg char *next; 224 1.1 joerg size_t i, len; 225 1.1 joerg 226 1.1 joerg *pkgname = NULL; 227 1.1 joerg 228 1.1 joerg if (strncmp(hash_file, block1, strlen(block1)) != 0) 229 1.1 joerg goto cleanup; 230 1.1 joerg hash_file += strlen(block1); 231 1.1 joerg 232 1.1 joerg len = strcspn(hash_file, "\n"); 233 1.1 joerg *pkgname = xmalloc(len + 1); 234 1.1 joerg memcpy(*pkgname, hash_file, len); 235 1.1 joerg (*pkgname)[len] = '\0'; 236 1.1 joerg for (i = 0; i < len; ++i) { 237 1.1 joerg if (!isgraph((unsigned char)(*pkgname)[i])) 238 1.1 joerg goto cleanup; 239 1.1 joerg } 240 1.1 joerg hash_file += len + 1; 241 1.1 joerg 242 1.1 joerg if (strncmp(hash_file, block2, strlen(block2)) != 0) 243 1.1 joerg goto cleanup; 244 1.1 joerg hash_file += strlen(block2); 245 1.1 joerg 246 1.1 joerg errno = 0; 247 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 248 1.1 joerg goto cleanup; 249 1.1 joerg state->sign_block_len = strtoul(hash_file, &next, 10); 250 1.1 joerg hash_file = next; 251 1.1 joerg 252 1.1 joerg /* Assert sane minimum block size of 1KB */ 253 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->sign_block_len < 1024) 254 1.1 joerg goto cleanup; 255 1.1 joerg 256 1.1 joerg if (strncmp(hash_file, block3, strlen(block3)) != 0) 257 1.1 joerg goto cleanup; 258 1.1 joerg hash_file += strlen(block3); 259 1.1 joerg 260 1.1 joerg errno = 0; 261 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 262 1.1 joerg goto cleanup; 263 1.1 joerg if (sizeof(off_t) >= sizeof(long long)) 264 1.1 joerg state->pkg_size = strtoll(hash_file, &next, 10); 265 1.1 joerg else 266 1.1 joerg state->pkg_size = strtol(hash_file, &next, 10); 267 1.1 joerg hash_file = next; 268 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->pkg_size < 1) 269 1.1 joerg goto cleanup; 270 1.1 joerg 271 1.1 joerg if (*hash_file++ != '\n') 272 1.1 joerg goto cleanup; 273 1.1 joerg 274 1.1 joerg if (state->pkg_size / state->sign_block_len > SSIZE_MAX) 275 1.1 joerg goto cleanup; 276 1.1 joerg state->sign_block_number = (state->pkg_size + 277 1.1 joerg state->sign_block_len - 1) / state->sign_block_len; 278 1.1 joerg 279 1.1 joerg state->sign_buf = xmalloc(state->sign_block_len); 280 1.1 joerg state->sign_blocks = xcalloc(state->sign_block_number, sizeof(char *)); 281 1.1 joerg 282 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) { 283 1.1 joerg len = strspn(hash_file, "01234567889abcdef"); 284 1.1 joerg if (len != SHA512_DIGEST_LENGTH * 2 || hash_file[len] != '\n') 285 1.1 joerg goto cleanup_hashes; 286 1.1 joerg state->sign_blocks[i] = xmalloc(len + 1); 287 1.1 joerg memcpy(state->sign_blocks[i], hash_file, len); 288 1.1 joerg state->sign_blocks[i][len] = '\0'; 289 1.1 joerg hash_file += len + 1; 290 1.1 joerg } 291 1.1 joerg 292 1.1 joerg if (strcmp(hash_file, block4) != 0) 293 1.1 joerg goto cleanup_hashes; 294 1.1 joerg 295 1.1 joerg return 0; 296 1.1 joerg 297 1.1 joerg cleanup_hashes: 298 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 299 1.1 joerg free(state->sign_blocks[i]); 300 1.1 joerg free(state->sign_blocks); 301 1.1 joerg state->sign_blocks = NULL; 302 1.1 joerg 303 1.1 joerg cleanup: 304 1.1 joerg warnx("Unknown format of hash file"); 305 1.1 joerg free(*pkgname); 306 1.1 joerg *pkgname = NULL; 307 1.1 joerg return -1; 308 1.1 joerg } 309 1.1 joerg 310 1.1 joerg int 311 1.1 joerg pkg_verify_signature(struct archive **archive, struct archive_entry **entry, 312 1.1 joerg char **pkgname, void **cookie) 313 1.1 joerg { 314 1.1 joerg struct signature_archive *state; 315 1.1 joerg struct archive_entry *my_entry; 316 1.1 joerg struct archive *a; 317 1.1 joerg char *hash_file, *signature_file; 318 1.1 joerg size_t hash_len, signature_len; 319 1.1 joerg int r, has_sig; 320 1.1 joerg 321 1.1 joerg *pkgname = NULL; 322 1.1 joerg *cookie = NULL; 323 1.1 joerg 324 1.1 joerg state = xmalloc(sizeof(*state)); 325 1.1 joerg state->sign_blocks = NULL; 326 1.1 joerg state->sign_buf = NULL; 327 1.1 joerg state->archive = NULL; 328 1.1 joerg 329 1.1 joerg r = read_file_from_archive(*archive, entry, HASH_FNAME, 330 1.1 joerg &hash_file, &hash_len); 331 1.1 joerg if (r == -1) { 332 1.1 joerg free(state); 333 1.1 joerg goto no_valid_signature; 334 1.1 joerg } else if (r == 1) { 335 1.1 joerg free(state); 336 1.1 joerg goto no_valid_signature; 337 1.1 joerg } 338 1.1 joerg 339 1.1 joerg if (parse_hash_file(hash_file, pkgname, state)) 340 1.1 joerg goto no_valid_signature; 341 1.1 joerg 342 1.1 joerg r = read_file_from_archive(*archive, entry, SIGNATURE_FNAME, 343 1.1 joerg &signature_file, &signature_len); 344 1.1 joerg if (r != 0) { 345 1.1 joerg if (*entry != NULL) 346 1.1 joerg r = read_file_from_archive(*archive, entry, 347 1.1 joerg GPG_SIGNATURE_FNAME, 348 1.1 joerg &signature_file, &signature_len); 349 1.1 joerg if (r != 0) { 350 1.1 joerg free(hash_file); 351 1.1 joerg free(state); 352 1.1 joerg goto no_valid_signature; 353 1.1 joerg } 354 1.1 joerg has_sig = !detached_gpg_verify(hash_file, hash_len, 355 1.1 joerg signature_file, signature_len, gpg_keyring_verify); 356 1.1 joerg 357 1.1 joerg free(signature_file); 358 1.1 joerg } else { 359 1.1 joerg has_sig = !easy_pkcs7_verify(hash_file, hash_len, signature_file, 360 1.1 joerg signature_len, certs_packages, 1); 361 1.1 joerg 362 1.1 joerg free(signature_file); 363 1.1 joerg } 364 1.1 joerg 365 1.1 joerg r = archive_read_next_header(*archive, &my_entry); 366 1.1 joerg if (r != ARCHIVE_OK) { 367 1.1 joerg warnx("Cannot read inner package: %s", 368 1.1 joerg archive_error_string(*archive)); 369 1.1 joerg free_signature_int(state); 370 1.1 joerg goto no_valid_signature; 371 1.1 joerg } 372 1.1 joerg 373 1.1 joerg if (archive_entry_size(my_entry) != state->pkg_size) { 374 1.1 joerg warnx("Package size doesn't match signature"); 375 1.1 joerg free_signature_int(state); 376 1.1 joerg goto no_valid_signature; 377 1.1 joerg } 378 1.1 joerg 379 1.1 joerg state->archive = *archive; 380 1.1 joerg 381 1.1 joerg a = archive_read_new(); 382 1.1 joerg archive_read_support_compression_all(a); 383 1.1 joerg archive_read_support_format_all(a); 384 1.1 joerg if (archive_read_open(a, state, NULL, verify_signature_read_cb, NULL)) { 385 1.1 joerg warnx("Can't open signed package file"); 386 1.1 joerg archive_read_finish(a); 387 1.1 joerg free_signature_int(state); 388 1.1 joerg goto no_valid_signature; 389 1.1 joerg } 390 1.1 joerg *archive = a; 391 1.1 joerg *entry = NULL; 392 1.1 joerg *cookie = state; 393 1.1 joerg 394 1.1 joerg return has_sig ? 0 : -1; 395 1.1 joerg 396 1.1 joerg no_valid_signature: 397 1.1 joerg return -1; 398 1.1 joerg } 399 1.1 joerg 400 1.1 joerg int 401 1.1 joerg pkg_full_signature_check(struct archive *archive) 402 1.1 joerg { 403 1.1 joerg struct archive_entry *entry = NULL; 404 1.1 joerg char *pkgname; 405 1.1 joerg void *cookie; 406 1.1 joerg int r; 407 1.1 joerg 408 1.1 joerg if (pkg_verify_signature(&archive, &entry, &pkgname, &cookie)) 409 1.1 joerg return -1; 410 1.1 joerg if (pkgname == NULL) 411 1.1 joerg return 0; 412 1.1 joerg 413 1.1 joerg /* XXX read PLIST and compare pkgname */ 414 1.1 joerg while ((r = archive_read_next_header(archive, &entry)) == ARCHIVE_OK) 415 1.1 joerg archive_read_data_skip(archive); 416 1.1 joerg 417 1.1 joerg pkg_free_signature(cookie); 418 1.1 joerg free(pkgname); 419 1.1 joerg return r == ARCHIVE_EOF ? 0 : -1; 420 1.1 joerg } 421 1.1 joerg 422 1.1 joerg static char * 423 1.1 joerg extract_pkgname(int fd) 424 1.1 joerg { 425 1.1 joerg package_t plist; 426 1.1 joerg plist_t *p; 427 1.1 joerg struct archive *a; 428 1.1 joerg struct archive_entry *entry; 429 1.1 joerg char *buf; 430 1.1 joerg ssize_t len; 431 1.1 joerg int r; 432 1.1 joerg 433 1.1 joerg a = archive_read_new(); 434 1.1 joerg archive_read_support_compression_all(a); 435 1.1 joerg archive_read_support_format_all(a); 436 1.1 joerg if (archive_read_open_fd(a, fd, 1024)) { 437 1.1 joerg warnx("Cannot open binary package: %s", 438 1.1 joerg archive_error_string(a)); 439 1.1 joerg archive_read_finish(a); 440 1.1 joerg return NULL; 441 1.1 joerg } 442 1.1 joerg 443 1.1 joerg r = archive_read_next_header(a, &entry); 444 1.1 joerg if (r != ARCHIVE_OK) { 445 1.1 joerg warnx("Cannot extract package name: %s", 446 1.1 joerg r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); 447 1.1 joerg archive_read_finish(a); 448 1.1 joerg return NULL; 449 1.1 joerg } 450 1.1 joerg if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { 451 1.1 joerg warnx("Invalid binary package, doesn't start with +CONTENTS"); 452 1.1 joerg archive_read_finish(a); 453 1.1 joerg return NULL; 454 1.1 joerg } 455 1.1 joerg if (archive_entry_size(entry) > SSIZE_MAX - 1) { 456 1.1 joerg warnx("+CONTENTS too large to process"); 457 1.1 joerg archive_read_finish(a); 458 1.1 joerg return NULL; 459 1.1 joerg } 460 1.1 joerg 461 1.1 joerg len = archive_entry_size(entry); 462 1.1 joerg buf = xmalloc(len + 1); 463 1.1 joerg 464 1.1 joerg if (archive_read_data(a, buf, len) != len) { 465 1.1 joerg warnx("Short read when extracing +CONTENTS"); 466 1.1 joerg free(buf); 467 1.1 joerg archive_read_finish(a); 468 1.1 joerg return NULL; 469 1.1 joerg } 470 1.1 joerg buf[len] = '\0'; 471 1.1 joerg 472 1.1 joerg archive_read_finish(a); 473 1.1 joerg 474 1.1 joerg parse_plist(&plist, buf); 475 1.1 joerg free(buf); 476 1.1 joerg p = find_plist(&plist, PLIST_NAME); 477 1.1 joerg if (p != NULL) { 478 1.1 joerg buf = xstrdup(p->name); 479 1.1 joerg } else { 480 1.1 joerg warnx("Invalid PLIST: missing @name"); 481 1.1 joerg buf = NULL; 482 1.1 joerg } 483 1.1 joerg free_plist(&plist); 484 1.1 joerg 485 1.1 joerg if (lseek(fd, 0, SEEK_SET) != 0) { 486 1.1 joerg warn("Cannot seek in archive"); 487 1.1 joerg free(buf); 488 1.1 joerg return NULL; 489 1.1 joerg } 490 1.1 joerg 491 1.1 joerg return buf; 492 1.1 joerg } 493 1.1 joerg 494 1.1 joerg static const char hash_template[] = 495 1.1 joerg "pkgsrc signature\n" 496 1.1 joerg "\n" 497 1.1 joerg "version: 1\n" 498 1.1 joerg "pkgname: %s\n" 499 1.1 joerg "algorithm: SHA512\n" 500 1.1 joerg "block size: 65536\n" 501 1.1 joerg "file size: %lld\n" 502 1.1 joerg "\n"; 503 1.1 joerg 504 1.1 joerg static const char hash_trailer[] = "end pkgsrc signature\n"; 505 1.1 joerg 506 1.1 joerg void 507 1.1 joerg pkg_sign_x509(const char *name, const char *output, const char *key_file, const char *cert_file) 508 1.1 joerg { 509 1.1 joerg struct archive *pkg; 510 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 511 1.1 joerg int fd; 512 1.1 joerg struct stat sb; 513 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 514 1.1 joerg unsigned char block[65536]; 515 1.1 joerg off_t i, size; 516 1.1 joerg size_t block_len, signature_len; 517 1.1 joerg 518 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 519 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 520 1.1 joerg if (fstat(fd, &sb) == -1) 521 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 522 1.1 joerg 523 1.1 joerg entry = archive_entry_new(); 524 1.1 joerg archive_entry_copy_stat(entry, &sb); 525 1.1 joerg 526 1.1 joerg pkgname = extract_pkgname(fd); 527 1.1 joerg hash_file = xasprintf(hash_template, pkgname, 528 1.1 joerg (long long)archive_entry_size(entry)); 529 1.1 joerg free(pkgname); 530 1.1 joerg 531 1.1 joerg for (i = 0; i < archive_entry_size(entry); i += block_len) { 532 1.1 joerg if (i + sizeof(block) < archive_entry_size(entry)) 533 1.1 joerg block_len = sizeof(block); 534 1.1 joerg else 535 1.1 joerg block_len = archive_entry_size(entry) % sizeof(block); 536 1.1 joerg if (read(fd, block, block_len) != block_len) 537 1.1 joerg err(2, "short read"); 538 1.1 joerg hash_block(block, block_len, hash); 539 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 540 1.1 joerg free(hash_file); 541 1.1 joerg hash_file = tmp; 542 1.1 joerg } 543 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 544 1.1 joerg free(hash_file); 545 1.1 joerg hash_file = tmp; 546 1.1 joerg 547 1.1 joerg if (easy_pkcs7_sign(hash_file, strlen(hash_file), &signature_file, 548 1.1 joerg &signature_len, key_file, cert_file)) 549 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 550 1.1 joerg 551 1.1 joerg lseek(fd, 0, SEEK_SET); 552 1.1 joerg 553 1.1 joerg sign_entry = archive_entry_clone(entry); 554 1.1 joerg hash_entry = archive_entry_clone(entry); 555 1.1 joerg pkgname = strrchr(name, '/'); 556 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 557 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 558 1.1 joerg archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); 559 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 560 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 561 1.1 joerg 562 1.1 joerg pkg = archive_write_new(); 563 1.1 joerg archive_write_set_compression_none(pkg); 564 1.1 joerg archive_write_set_format_ar_bsd(pkg); 565 1.1 joerg archive_write_open_filename(pkg, output); 566 1.1 joerg 567 1.1 joerg archive_write_header(pkg, hash_entry); 568 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 569 1.1 joerg archive_write_finish_entry(pkg); 570 1.1 joerg archive_entry_free(hash_entry); 571 1.1 joerg 572 1.1 joerg archive_write_header(pkg, sign_entry); 573 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 574 1.1 joerg archive_write_finish_entry(pkg); 575 1.1 joerg archive_entry_free(sign_entry); 576 1.1 joerg 577 1.1 joerg size = archive_entry_size(entry); 578 1.1 joerg archive_write_header(pkg, entry); 579 1.1 joerg 580 1.1 joerg for (i = 0; i < size; i += block_len) { 581 1.1 joerg if (i + sizeof(block) < size) 582 1.1 joerg block_len = sizeof(block); 583 1.1 joerg else 584 1.1 joerg block_len = size % sizeof(block); 585 1.1 joerg if (read(fd, block, block_len) != block_len) 586 1.1 joerg err(2, "short read"); 587 1.1 joerg archive_write_data(pkg, block, block_len); 588 1.1 joerg } 589 1.1 joerg archive_write_finish_entry(pkg); 590 1.1 joerg archive_entry_free(entry); 591 1.1 joerg 592 1.1 joerg archive_write_finish(pkg); 593 1.1 joerg 594 1.1 joerg exit(0); 595 1.1 joerg } 596 1.1 joerg 597 1.1 joerg void 598 1.1 joerg pkg_sign_gpg(const char *name, const char *output) 599 1.1 joerg { 600 1.1 joerg struct archive *pkg; 601 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 602 1.1 joerg int fd; 603 1.1 joerg struct stat sb; 604 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 605 1.1 joerg unsigned char block[65536]; 606 1.1 joerg off_t i, size; 607 1.1 joerg size_t block_len, signature_len; 608 1.1 joerg 609 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 610 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 611 1.1 joerg if (fstat(fd, &sb) == -1) 612 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 613 1.1 joerg 614 1.1 joerg entry = archive_entry_new(); 615 1.1 joerg archive_entry_copy_stat(entry, &sb); 616 1.1 joerg 617 1.1 joerg pkgname = extract_pkgname(fd); 618 1.1 joerg hash_file = xasprintf(hash_template, pkgname, 619 1.1 joerg (long long)archive_entry_size(entry)); 620 1.1 joerg free(pkgname); 621 1.1 joerg 622 1.1 joerg for (i = 0; i < archive_entry_size(entry); i += block_len) { 623 1.1 joerg if (i + sizeof(block) < archive_entry_size(entry)) 624 1.1 joerg block_len = sizeof(block); 625 1.1 joerg else 626 1.1 joerg block_len = archive_entry_size(entry) % sizeof(block); 627 1.1 joerg if (read(fd, block, block_len) != block_len) 628 1.1 joerg err(2, "short read"); 629 1.1 joerg hash_block(block, block_len, hash); 630 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 631 1.1 joerg free(hash_file); 632 1.1 joerg hash_file = tmp; 633 1.1 joerg } 634 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 635 1.1 joerg free(hash_file); 636 1.1 joerg hash_file = tmp; 637 1.1 joerg 638 1.1 joerg if (detached_gpg_sign(hash_file, strlen(hash_file), &signature_file, 639 1.1 joerg &signature_len, gpg_keyring_sign, gpg_sign_as)) 640 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 641 1.1 joerg 642 1.1 joerg lseek(fd, 0, SEEK_SET); 643 1.1 joerg 644 1.1 joerg sign_entry = archive_entry_clone(entry); 645 1.1 joerg hash_entry = archive_entry_clone(entry); 646 1.1 joerg pkgname = strrchr(name, '/'); 647 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 648 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 649 1.1 joerg archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); 650 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 651 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 652 1.1 joerg 653 1.1 joerg pkg = archive_write_new(); 654 1.1 joerg archive_write_set_compression_none(pkg); 655 1.1 joerg archive_write_set_format_ar_bsd(pkg); 656 1.1 joerg archive_write_open_filename(pkg, output); 657 1.1 joerg 658 1.1 joerg archive_write_header(pkg, hash_entry); 659 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 660 1.1 joerg archive_write_finish_entry(pkg); 661 1.1 joerg archive_entry_free(hash_entry); 662 1.1 joerg 663 1.1 joerg archive_write_header(pkg, sign_entry); 664 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 665 1.1 joerg archive_write_finish_entry(pkg); 666 1.1 joerg archive_entry_free(sign_entry); 667 1.1 joerg 668 1.1 joerg size = archive_entry_size(entry); 669 1.1 joerg archive_write_header(pkg, entry); 670 1.1 joerg 671 1.1 joerg for (i = 0; i < size; i += block_len) { 672 1.1 joerg if (i + sizeof(block) < size) 673 1.1 joerg block_len = sizeof(block); 674 1.1 joerg else 675 1.1 joerg block_len = size % sizeof(block); 676 1.1 joerg if (read(fd, block, block_len) != block_len) 677 1.1 joerg err(2, "short read"); 678 1.1 joerg archive_write_data(pkg, block, block_len); 679 1.1 joerg } 680 1.1 joerg archive_write_finish_entry(pkg); 681 1.1 joerg archive_entry_free(entry); 682 1.1 joerg 683 1.1 joerg archive_write_finish(pkg); 684 1.1 joerg 685 1.1 joerg exit(0); 686 1.1 joerg } 687
Indexes created Sat Apr 25 00:22:52 UTC 2026