pkg_signature.c revision 1.1.1.3
1 1.1.1.3 joerg /* $NetBSD: pkg_signature.c,v 1.1.1.3 2009/03/02 22:31:17 joerg Exp $ */ 2 1.1 joerg 3 1.1 joerg #if HAVE_CONFIG_H 4 1.1 joerg #include "config.h" 5 1.1 joerg #endif 6 1.1 joerg #include <nbcompat.h> 7 1.1 joerg #if HAVE_SYS_CDEFS_H 8 1.1 joerg #include <sys/cdefs.h> 9 1.1 joerg #endif 10 1.1.1.3 joerg __RCSID("$NetBSD: pkg_signature.c,v 1.1.1.3 2009/03/02 22:31:17 joerg Exp $"); 11 1.1 joerg 12 1.1 joerg /*- 13 1.1 joerg * Copyright (c) 2008 Joerg Sonnenberger <joerg (at) NetBSD.org>. 14 1.1 joerg * All rights reserved. 15 1.1 joerg * 16 1.1 joerg * Redistribution and use in source and binary forms, with or without 17 1.1 joerg * modification, are permitted provided that the following conditions 18 1.1 joerg * are met: 19 1.1 joerg * 20 1.1 joerg * 1. Redistributions of source code must retain the above copyright 21 1.1 joerg * notice, this list of conditions and the following disclaimer. 22 1.1 joerg * 2. Redistributions in binary form must reproduce the above copyright 23 1.1 joerg * notice, this list of conditions and the following disclaimer in 24 1.1 joerg * the documentation and/or other materials provided with the 25 1.1 joerg * distribution. 26 1.1 joerg * 27 1.1 joerg * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28 1.1 joerg * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 29 1.1 joerg * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 30 1.1 joerg * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 31 1.1 joerg * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 32 1.1 joerg * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 1.1 joerg * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 34 1.1 joerg * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 35 1.1 joerg * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 36 1.1 joerg * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 37 1.1 joerg * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 1.1 joerg * SUCH DAMAGE. 39 1.1 joerg */ 40 1.1 joerg 41 1.1 joerg #if HAVE_SYS_WAIT_H 42 1.1 joerg #include <sys/wait.h> 43 1.1 joerg #endif 44 1.1 joerg #include <ctype.h> 45 1.1 joerg #if HAVE_ERR_H 46 1.1 joerg #include <err.h> 47 1.1 joerg #endif 48 1.1 joerg #include <errno.h> 49 1.1 joerg #include <fcntl.h> 50 1.1 joerg #include <stdlib.h> 51 1.1 joerg #ifndef NETBSD 52 1.1 joerg #include <nbcompat/sha2.h> 53 1.1 joerg #else 54 1.1 joerg #include <sha2.h> 55 1.1 joerg #endif 56 1.1 joerg #include <signal.h> 57 1.1 joerg #ifdef NETBSD 58 1.1 joerg #include <unistd.h> 59 1.1 joerg #else 60 1.1 joerg #include <nbcompat/unistd.h> 61 1.1 joerg #endif 62 1.1 joerg 63 1.1 joerg #include <archive.h> 64 1.1 joerg #include <archive_entry.h> 65 1.1 joerg 66 1.1 joerg #include "lib.h" 67 1.1 joerg 68 1.1 joerg #define HASH_FNAME "+PKG_HASH" 69 1.1 joerg #define SIGNATURE_FNAME "+PKG_SIGNATURE" 70 1.1 joerg #define GPG_SIGNATURE_FNAME "+PKG_GPG_SIGNATURE" 71 1.1 joerg 72 1.1 joerg struct signature_archive { 73 1.1 joerg struct archive *archive; 74 1.1 joerg off_t pkg_size; 75 1.1 joerg size_t sign_block_len, sign_block_number, sign_cur_block; 76 1.1 joerg char **sign_blocks; 77 1.1 joerg unsigned char *sign_buf; 78 1.1 joerg }; 79 1.1 joerg 80 1.1 joerg static void 81 1.1 joerg hash_block(unsigned char *buf, size_t buf_len, 82 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]) 83 1.1 joerg { 84 1.1 joerg unsigned char digest[SHA512_DIGEST_LENGTH]; 85 1.1 joerg SHA512_CTX hash_ctx; 86 1.1 joerg int i; 87 1.1 joerg 88 1.1 joerg SHA512_Init(&hash_ctx); 89 1.1 joerg SHA512_Update(&hash_ctx, buf, buf_len); 90 1.1 joerg SHA512_Final(digest, &hash_ctx); 91 1.1 joerg for (i = 0; i < SHA512_DIGEST_LENGTH; ++i) { 92 1.1 joerg unsigned char c; 93 1.1 joerg 94 1.1 joerg c = digest[i] / 16; 95 1.1 joerg if (c < 10) 96 1.1 joerg hash[2 * i] = '0' + c; 97 1.1 joerg else 98 1.1 joerg hash[2 * i] = 'a' - 10 + c; 99 1.1 joerg 100 1.1 joerg c = digest[i] % 16; 101 1.1 joerg if (c < 10) 102 1.1 joerg hash[2 * i + 1] = '0' + c; 103 1.1 joerg else 104 1.1 joerg hash[2 * i + 1] = 'a' - 10 + c; 105 1.1 joerg } 106 1.1 joerg hash[2 * i] = '\0'; 107 1.1 joerg } 108 1.1 joerg 109 1.1 joerg static ssize_t 110 1.1 joerg verify_signature_read_cb(struct archive *archive, void *cookie, const void **buf) 111 1.1 joerg { 112 1.1 joerg struct signature_archive *state = cookie; 113 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]; 114 1.1 joerg ssize_t len, expected; 115 1.1 joerg 116 1.1 joerg if (state->sign_cur_block >= state->sign_block_number) 117 1.1 joerg return 0; 118 1.1 joerg 119 1.1 joerg /* The following works for sign_block_len > 1 */ 120 1.1 joerg if (state->sign_cur_block + 1 == state->sign_block_number) 121 1.1 joerg expected = state->pkg_size % state->sign_block_len; 122 1.1 joerg else 123 1.1 joerg expected = state->sign_block_len; 124 1.1 joerg 125 1.1 joerg len = archive_read_data(state->archive, state->sign_buf, expected); 126 1.1 joerg if (len != expected) { 127 1.1 joerg warnx("Short read from package"); 128 1.1 joerg return -1; 129 1.1 joerg } 130 1.1 joerg 131 1.1 joerg hash_block(state->sign_buf, len, hash); 132 1.1 joerg 133 1.1 joerg if (strcmp(hash, state->sign_blocks[state->sign_cur_block]) != 0) { 134 1.1 joerg warnx("Invalid signature of block %llu", 135 1.1 joerg (unsigned long long)state->sign_cur_block); 136 1.1 joerg return -1; 137 1.1 joerg } 138 1.1 joerg ++state->sign_cur_block; 139 1.1 joerg *buf = state->sign_buf; 140 1.1 joerg return len; 141 1.1 joerg } 142 1.1 joerg 143 1.1 joerg static void 144 1.1 joerg free_signature_int(struct signature_archive *state) 145 1.1 joerg { 146 1.1 joerg size_t i; 147 1.1 joerg 148 1.1 joerg if (state->sign_blocks != NULL) { 149 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 150 1.1 joerg free(state->sign_blocks[i]); 151 1.1 joerg } 152 1.1 joerg free(state->sign_blocks); 153 1.1 joerg free(state->sign_buf); 154 1.1 joerg free(state); 155 1.1 joerg } 156 1.1 joerg 157 1.1 joerg void 158 1.1 joerg pkg_free_signature(void *cookie) 159 1.1 joerg { 160 1.1 joerg struct signature_archive *state = cookie; 161 1.1 joerg 162 1.1 joerg if (state == NULL) 163 1.1 joerg return; 164 1.1 joerg 165 1.1 joerg archive_read_finish(state->archive); 166 1.1 joerg free_signature_int(state); 167 1.1 joerg } 168 1.1 joerg 169 1.1 joerg static int 170 1.1 joerg read_file_from_archive(struct archive *archive, struct archive_entry **entry, 171 1.1 joerg const char *fname, char **content, size_t *len) 172 1.1 joerg { 173 1.1 joerg int r; 174 1.1 joerg 175 1.1 joerg *content = NULL; 176 1.1 joerg *len = 0; 177 1.1 joerg 178 1.1 joerg retry: 179 1.1 joerg if (*entry == NULL && 180 1.1 joerg (r = archive_read_next_header(archive, entry)) != ARCHIVE_OK) { 181 1.1.1.2 joerg if (r == ARCHIVE_FATAL) { 182 1.1 joerg warnx("Cannot read from archive: %s", 183 1.1 joerg archive_error_string(archive)); 184 1.1.1.2 joerg return -1; 185 1.1.1.2 joerg } 186 1.1.1.2 joerg return 1; 187 1.1 joerg } 188 1.1 joerg if (strcmp(archive_entry_pathname(*entry), "//") == 0) { 189 1.1 joerg archive_read_data_skip(archive); 190 1.1 joerg *entry = NULL; 191 1.1 joerg goto retry; 192 1.1 joerg } 193 1.1 joerg 194 1.1 joerg if (strcmp(fname, archive_entry_pathname(*entry)) != 0) 195 1.1.1.2 joerg return 1; 196 1.1 joerg 197 1.1 joerg if (archive_entry_size(*entry) > SSIZE_MAX - 1) { 198 1.1 joerg warnx("signature too large to process"); 199 1.1 joerg return 1; 200 1.1 joerg } 201 1.1 joerg *len = archive_entry_size(*entry); 202 1.1 joerg *content = xmalloc(*len + 1); 203 1.1 joerg 204 1.1 joerg if (archive_read_data(archive, *content, *len) != *len) { 205 1.1 joerg warnx("cannot read complete %s from archive", fname); 206 1.1 joerg free(*content); 207 1.1 joerg *len = 0; 208 1.1 joerg *content = NULL; 209 1.1 joerg return 1; 210 1.1 joerg } 211 1.1 joerg (*content)[*len] = '\0'; 212 1.1 joerg *entry = NULL; 213 1.1 joerg 214 1.1 joerg return 0; 215 1.1 joerg } 216 1.1 joerg 217 1.1 joerg static int 218 1.1 joerg parse_hash_file(const char *hash_file, char **pkgname, 219 1.1 joerg struct signature_archive *state) 220 1.1 joerg { 221 1.1 joerg static const char block1[] = "pkgsrc signature\n\nversion: 1\npkgname: "; 222 1.1 joerg static const char block2[] = "algorithm: SHA512\nblock size: "; 223 1.1 joerg static const char block3[] = "file size: "; 224 1.1 joerg static const char block4[] = "end pkgsrc signature\n"; 225 1.1 joerg char *next; 226 1.1 joerg size_t i, len; 227 1.1 joerg 228 1.1 joerg *pkgname = NULL; 229 1.1 joerg 230 1.1 joerg if (strncmp(hash_file, block1, strlen(block1)) != 0) 231 1.1 joerg goto cleanup; 232 1.1 joerg hash_file += strlen(block1); 233 1.1 joerg 234 1.1 joerg len = strcspn(hash_file, "\n"); 235 1.1 joerg *pkgname = xmalloc(len + 1); 236 1.1 joerg memcpy(*pkgname, hash_file, len); 237 1.1 joerg (*pkgname)[len] = '\0'; 238 1.1 joerg for (i = 0; i < len; ++i) { 239 1.1 joerg if (!isgraph((unsigned char)(*pkgname)[i])) 240 1.1 joerg goto cleanup; 241 1.1 joerg } 242 1.1 joerg hash_file += len + 1; 243 1.1 joerg 244 1.1 joerg if (strncmp(hash_file, block2, strlen(block2)) != 0) 245 1.1 joerg goto cleanup; 246 1.1 joerg hash_file += strlen(block2); 247 1.1 joerg 248 1.1 joerg errno = 0; 249 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 250 1.1 joerg goto cleanup; 251 1.1 joerg state->sign_block_len = strtoul(hash_file, &next, 10); 252 1.1 joerg hash_file = next; 253 1.1 joerg 254 1.1 joerg /* Assert sane minimum block size of 1KB */ 255 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->sign_block_len < 1024) 256 1.1 joerg goto cleanup; 257 1.1 joerg 258 1.1 joerg if (strncmp(hash_file, block3, strlen(block3)) != 0) 259 1.1 joerg goto cleanup; 260 1.1 joerg hash_file += strlen(block3); 261 1.1 joerg 262 1.1 joerg errno = 0; 263 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 264 1.1 joerg goto cleanup; 265 1.1 joerg if (sizeof(off_t) >= sizeof(long long)) 266 1.1 joerg state->pkg_size = strtoll(hash_file, &next, 10); 267 1.1 joerg else 268 1.1 joerg state->pkg_size = strtol(hash_file, &next, 10); 269 1.1 joerg hash_file = next; 270 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->pkg_size < 1) 271 1.1 joerg goto cleanup; 272 1.1 joerg 273 1.1 joerg if (*hash_file++ != '\n') 274 1.1 joerg goto cleanup; 275 1.1 joerg 276 1.1 joerg if (state->pkg_size / state->sign_block_len > SSIZE_MAX) 277 1.1 joerg goto cleanup; 278 1.1 joerg state->sign_block_number = (state->pkg_size + 279 1.1 joerg state->sign_block_len - 1) / state->sign_block_len; 280 1.1 joerg 281 1.1 joerg state->sign_buf = xmalloc(state->sign_block_len); 282 1.1 joerg state->sign_blocks = xcalloc(state->sign_block_number, sizeof(char *)); 283 1.1 joerg 284 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) { 285 1.1 joerg len = strspn(hash_file, "01234567889abcdef"); 286 1.1 joerg if (len != SHA512_DIGEST_LENGTH * 2 || hash_file[len] != '\n') 287 1.1 joerg goto cleanup_hashes; 288 1.1 joerg state->sign_blocks[i] = xmalloc(len + 1); 289 1.1 joerg memcpy(state->sign_blocks[i], hash_file, len); 290 1.1 joerg state->sign_blocks[i][len] = '\0'; 291 1.1 joerg hash_file += len + 1; 292 1.1 joerg } 293 1.1 joerg 294 1.1 joerg if (strcmp(hash_file, block4) != 0) 295 1.1 joerg goto cleanup_hashes; 296 1.1 joerg 297 1.1 joerg return 0; 298 1.1 joerg 299 1.1 joerg cleanup_hashes: 300 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 301 1.1 joerg free(state->sign_blocks[i]); 302 1.1 joerg free(state->sign_blocks); 303 1.1 joerg state->sign_blocks = NULL; 304 1.1 joerg 305 1.1 joerg cleanup: 306 1.1 joerg warnx("Unknown format of hash file"); 307 1.1 joerg free(*pkgname); 308 1.1 joerg *pkgname = NULL; 309 1.1 joerg return -1; 310 1.1 joerg } 311 1.1 joerg 312 1.1 joerg int 313 1.1 joerg pkg_verify_signature(struct archive **archive, struct archive_entry **entry, 314 1.1 joerg char **pkgname, void **cookie) 315 1.1 joerg { 316 1.1 joerg struct signature_archive *state; 317 1.1 joerg struct archive_entry *my_entry; 318 1.1 joerg struct archive *a; 319 1.1 joerg char *hash_file, *signature_file; 320 1.1 joerg size_t hash_len, signature_len; 321 1.1 joerg int r, has_sig; 322 1.1 joerg 323 1.1 joerg *pkgname = NULL; 324 1.1 joerg *cookie = NULL; 325 1.1 joerg 326 1.1 joerg state = xmalloc(sizeof(*state)); 327 1.1 joerg state->sign_blocks = NULL; 328 1.1 joerg state->sign_buf = NULL; 329 1.1 joerg state->archive = NULL; 330 1.1 joerg 331 1.1 joerg r = read_file_from_archive(*archive, entry, HASH_FNAME, 332 1.1 joerg &hash_file, &hash_len); 333 1.1 joerg if (r == -1) { 334 1.1.1.2 joerg archive_read_finish(*archive); 335 1.1.1.2 joerg *archive = NULL; 336 1.1 joerg free(state); 337 1.1 joerg goto no_valid_signature; 338 1.1 joerg } else if (r == 1) { 339 1.1 joerg free(state); 340 1.1 joerg goto no_valid_signature; 341 1.1 joerg } 342 1.1 joerg 343 1.1 joerg if (parse_hash_file(hash_file, pkgname, state)) 344 1.1 joerg goto no_valid_signature; 345 1.1 joerg 346 1.1 joerg r = read_file_from_archive(*archive, entry, SIGNATURE_FNAME, 347 1.1 joerg &signature_file, &signature_len); 348 1.1.1.2 joerg if (r == -1) { 349 1.1.1.2 joerg archive_read_finish(*archive); 350 1.1.1.2 joerg *archive = NULL; 351 1.1.1.2 joerg free(state); 352 1.1.1.2 joerg free(hash_file); 353 1.1.1.2 joerg goto no_valid_signature; 354 1.1.1.2 joerg } else if (r != 0) { 355 1.1 joerg if (*entry != NULL) 356 1.1 joerg r = read_file_from_archive(*archive, entry, 357 1.1 joerg GPG_SIGNATURE_FNAME, 358 1.1 joerg &signature_file, &signature_len); 359 1.1.1.2 joerg if (r == -1) { 360 1.1.1.2 joerg archive_read_finish(*archive); 361 1.1.1.2 joerg *archive = NULL; 362 1.1.1.2 joerg free(state); 363 1.1.1.2 joerg free(hash_file); 364 1.1.1.2 joerg goto no_valid_signature; 365 1.1.1.2 joerg } else if (r != 0) { 366 1.1 joerg free(hash_file); 367 1.1 joerg free(state); 368 1.1 joerg goto no_valid_signature; 369 1.1 joerg } 370 1.1 joerg has_sig = !detached_gpg_verify(hash_file, hash_len, 371 1.1 joerg signature_file, signature_len, gpg_keyring_verify); 372 1.1 joerg 373 1.1 joerg free(signature_file); 374 1.1 joerg } else { 375 1.1.1.2 joerg #ifdef HAVE_SSL 376 1.1 joerg has_sig = !easy_pkcs7_verify(hash_file, hash_len, signature_file, 377 1.1 joerg signature_len, certs_packages, 1); 378 1.1 joerg 379 1.1 joerg free(signature_file); 380 1.1.1.2 joerg #else 381 1.1.1.2 joerg warnx("No OpenSSL support compiled in, skipping signature"); 382 1.1.1.2 joerg has_sig = 0; 383 1.1.1.2 joerg free(signature_file); 384 1.1.1.2 joerg #endif 385 1.1 joerg } 386 1.1 joerg 387 1.1 joerg r = archive_read_next_header(*archive, &my_entry); 388 1.1 joerg if (r != ARCHIVE_OK) { 389 1.1 joerg warnx("Cannot read inner package: %s", 390 1.1 joerg archive_error_string(*archive)); 391 1.1 joerg free_signature_int(state); 392 1.1 joerg goto no_valid_signature; 393 1.1 joerg } 394 1.1 joerg 395 1.1 joerg if (archive_entry_size(my_entry) != state->pkg_size) { 396 1.1 joerg warnx("Package size doesn't match signature"); 397 1.1 joerg free_signature_int(state); 398 1.1 joerg goto no_valid_signature; 399 1.1 joerg } 400 1.1 joerg 401 1.1 joerg state->archive = *archive; 402 1.1 joerg 403 1.1 joerg a = archive_read_new(); 404 1.1 joerg archive_read_support_compression_all(a); 405 1.1 joerg archive_read_support_format_all(a); 406 1.1 joerg if (archive_read_open(a, state, NULL, verify_signature_read_cb, NULL)) { 407 1.1 joerg warnx("Can't open signed package file"); 408 1.1 joerg archive_read_finish(a); 409 1.1 joerg free_signature_int(state); 410 1.1 joerg goto no_valid_signature; 411 1.1 joerg } 412 1.1 joerg *archive = a; 413 1.1 joerg *entry = NULL; 414 1.1 joerg *cookie = state; 415 1.1 joerg 416 1.1 joerg return has_sig ? 0 : -1; 417 1.1 joerg 418 1.1 joerg no_valid_signature: 419 1.1 joerg return -1; 420 1.1 joerg } 421 1.1 joerg 422 1.1 joerg int 423 1.1.1.2 joerg pkg_full_signature_check(struct archive **archive) 424 1.1 joerg { 425 1.1 joerg struct archive_entry *entry = NULL; 426 1.1 joerg char *pkgname; 427 1.1 joerg void *cookie; 428 1.1 joerg int r; 429 1.1 joerg 430 1.1.1.2 joerg if (pkg_verify_signature(archive, &entry, &pkgname, &cookie)) 431 1.1 joerg return -1; 432 1.1 joerg if (pkgname == NULL) 433 1.1 joerg return 0; 434 1.1 joerg 435 1.1 joerg /* XXX read PLIST and compare pkgname */ 436 1.1.1.2 joerg while ((r = archive_read_next_header(*archive, &entry)) == ARCHIVE_OK) 437 1.1.1.2 joerg archive_read_data_skip(*archive); 438 1.1 joerg 439 1.1 joerg pkg_free_signature(cookie); 440 1.1 joerg free(pkgname); 441 1.1 joerg return r == ARCHIVE_EOF ? 0 : -1; 442 1.1 joerg } 443 1.1 joerg 444 1.1 joerg static char * 445 1.1 joerg extract_pkgname(int fd) 446 1.1 joerg { 447 1.1 joerg package_t plist; 448 1.1 joerg plist_t *p; 449 1.1 joerg struct archive *a; 450 1.1 joerg struct archive_entry *entry; 451 1.1 joerg char *buf; 452 1.1 joerg ssize_t len; 453 1.1 joerg int r; 454 1.1 joerg 455 1.1 joerg a = archive_read_new(); 456 1.1 joerg archive_read_support_compression_all(a); 457 1.1 joerg archive_read_support_format_all(a); 458 1.1 joerg if (archive_read_open_fd(a, fd, 1024)) { 459 1.1 joerg warnx("Cannot open binary package: %s", 460 1.1 joerg archive_error_string(a)); 461 1.1 joerg archive_read_finish(a); 462 1.1 joerg return NULL; 463 1.1 joerg } 464 1.1 joerg 465 1.1 joerg r = archive_read_next_header(a, &entry); 466 1.1 joerg if (r != ARCHIVE_OK) { 467 1.1 joerg warnx("Cannot extract package name: %s", 468 1.1 joerg r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); 469 1.1 joerg archive_read_finish(a); 470 1.1 joerg return NULL; 471 1.1 joerg } 472 1.1 joerg if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { 473 1.1 joerg warnx("Invalid binary package, doesn't start with +CONTENTS"); 474 1.1 joerg archive_read_finish(a); 475 1.1 joerg return NULL; 476 1.1 joerg } 477 1.1 joerg if (archive_entry_size(entry) > SSIZE_MAX - 1) { 478 1.1 joerg warnx("+CONTENTS too large to process"); 479 1.1 joerg archive_read_finish(a); 480 1.1 joerg return NULL; 481 1.1 joerg } 482 1.1 joerg 483 1.1 joerg len = archive_entry_size(entry); 484 1.1 joerg buf = xmalloc(len + 1); 485 1.1 joerg 486 1.1 joerg if (archive_read_data(a, buf, len) != len) { 487 1.1 joerg warnx("Short read when extracing +CONTENTS"); 488 1.1 joerg free(buf); 489 1.1 joerg archive_read_finish(a); 490 1.1 joerg return NULL; 491 1.1 joerg } 492 1.1 joerg buf[len] = '\0'; 493 1.1 joerg 494 1.1 joerg archive_read_finish(a); 495 1.1 joerg 496 1.1 joerg parse_plist(&plist, buf); 497 1.1 joerg free(buf); 498 1.1 joerg p = find_plist(&plist, PLIST_NAME); 499 1.1 joerg if (p != NULL) { 500 1.1 joerg buf = xstrdup(p->name); 501 1.1 joerg } else { 502 1.1 joerg warnx("Invalid PLIST: missing @name"); 503 1.1 joerg buf = NULL; 504 1.1 joerg } 505 1.1 joerg free_plist(&plist); 506 1.1 joerg 507 1.1 joerg if (lseek(fd, 0, SEEK_SET) != 0) { 508 1.1 joerg warn("Cannot seek in archive"); 509 1.1 joerg free(buf); 510 1.1 joerg return NULL; 511 1.1 joerg } 512 1.1 joerg 513 1.1 joerg return buf; 514 1.1 joerg } 515 1.1 joerg 516 1.1 joerg static const char hash_template[] = 517 1.1 joerg "pkgsrc signature\n" 518 1.1 joerg "\n" 519 1.1 joerg "version: 1\n" 520 1.1 joerg "pkgname: %s\n" 521 1.1 joerg "algorithm: SHA512\n" 522 1.1 joerg "block size: 65536\n" 523 1.1 joerg "file size: %lld\n" 524 1.1 joerg "\n"; 525 1.1 joerg 526 1.1 joerg static const char hash_trailer[] = "end pkgsrc signature\n"; 527 1.1 joerg 528 1.1.1.2 joerg #ifdef HAVE_SSL 529 1.1 joerg void 530 1.1 joerg pkg_sign_x509(const char *name, const char *output, const char *key_file, const char *cert_file) 531 1.1 joerg { 532 1.1 joerg struct archive *pkg; 533 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 534 1.1 joerg int fd; 535 1.1 joerg struct stat sb; 536 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 537 1.1 joerg unsigned char block[65536]; 538 1.1 joerg off_t i, size; 539 1.1 joerg size_t block_len, signature_len; 540 1.1 joerg 541 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 542 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 543 1.1 joerg if (fstat(fd, &sb) == -1) 544 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 545 1.1 joerg 546 1.1 joerg entry = archive_entry_new(); 547 1.1 joerg archive_entry_copy_stat(entry, &sb); 548 1.1 joerg 549 1.1 joerg pkgname = extract_pkgname(fd); 550 1.1 joerg hash_file = xasprintf(hash_template, pkgname, 551 1.1 joerg (long long)archive_entry_size(entry)); 552 1.1 joerg free(pkgname); 553 1.1 joerg 554 1.1 joerg for (i = 0; i < archive_entry_size(entry); i += block_len) { 555 1.1 joerg if (i + sizeof(block) < archive_entry_size(entry)) 556 1.1 joerg block_len = sizeof(block); 557 1.1 joerg else 558 1.1 joerg block_len = archive_entry_size(entry) % sizeof(block); 559 1.1 joerg if (read(fd, block, block_len) != block_len) 560 1.1 joerg err(2, "short read"); 561 1.1 joerg hash_block(block, block_len, hash); 562 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 563 1.1 joerg free(hash_file); 564 1.1 joerg hash_file = tmp; 565 1.1 joerg } 566 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 567 1.1 joerg free(hash_file); 568 1.1 joerg hash_file = tmp; 569 1.1 joerg 570 1.1 joerg if (easy_pkcs7_sign(hash_file, strlen(hash_file), &signature_file, 571 1.1 joerg &signature_len, key_file, cert_file)) 572 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 573 1.1 joerg 574 1.1 joerg lseek(fd, 0, SEEK_SET); 575 1.1 joerg 576 1.1 joerg sign_entry = archive_entry_clone(entry); 577 1.1 joerg hash_entry = archive_entry_clone(entry); 578 1.1 joerg pkgname = strrchr(name, '/'); 579 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 580 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 581 1.1 joerg archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); 582 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 583 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 584 1.1 joerg 585 1.1 joerg pkg = archive_write_new(); 586 1.1 joerg archive_write_set_compression_none(pkg); 587 1.1 joerg archive_write_set_format_ar_bsd(pkg); 588 1.1 joerg archive_write_open_filename(pkg, output); 589 1.1 joerg 590 1.1 joerg archive_write_header(pkg, hash_entry); 591 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 592 1.1 joerg archive_write_finish_entry(pkg); 593 1.1 joerg archive_entry_free(hash_entry); 594 1.1 joerg 595 1.1 joerg archive_write_header(pkg, sign_entry); 596 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 597 1.1 joerg archive_write_finish_entry(pkg); 598 1.1 joerg archive_entry_free(sign_entry); 599 1.1 joerg 600 1.1 joerg size = archive_entry_size(entry); 601 1.1 joerg archive_write_header(pkg, entry); 602 1.1 joerg 603 1.1 joerg for (i = 0; i < size; i += block_len) { 604 1.1 joerg if (i + sizeof(block) < size) 605 1.1 joerg block_len = sizeof(block); 606 1.1 joerg else 607 1.1 joerg block_len = size % sizeof(block); 608 1.1 joerg if (read(fd, block, block_len) != block_len) 609 1.1 joerg err(2, "short read"); 610 1.1 joerg archive_write_data(pkg, block, block_len); 611 1.1 joerg } 612 1.1 joerg archive_write_finish_entry(pkg); 613 1.1 joerg archive_entry_free(entry); 614 1.1 joerg 615 1.1 joerg archive_write_finish(pkg); 616 1.1 joerg 617 1.1.1.3 joerg close(fd); 618 1.1.1.3 joerg 619 1.1 joerg exit(0); 620 1.1 joerg } 621 1.1.1.2 joerg #endif 622 1.1 joerg 623 1.1 joerg void 624 1.1 joerg pkg_sign_gpg(const char *name, const char *output) 625 1.1 joerg { 626 1.1 joerg struct archive *pkg; 627 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 628 1.1 joerg int fd; 629 1.1 joerg struct stat sb; 630 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 631 1.1 joerg unsigned char block[65536]; 632 1.1 joerg off_t i, size; 633 1.1 joerg size_t block_len, signature_len; 634 1.1 joerg 635 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 636 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 637 1.1 joerg if (fstat(fd, &sb) == -1) 638 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 639 1.1 joerg 640 1.1 joerg entry = archive_entry_new(); 641 1.1 joerg archive_entry_copy_stat(entry, &sb); 642 1.1 joerg 643 1.1 joerg pkgname = extract_pkgname(fd); 644 1.1 joerg hash_file = xasprintf(hash_template, pkgname, 645 1.1 joerg (long long)archive_entry_size(entry)); 646 1.1 joerg free(pkgname); 647 1.1 joerg 648 1.1 joerg for (i = 0; i < archive_entry_size(entry); i += block_len) { 649 1.1 joerg if (i + sizeof(block) < archive_entry_size(entry)) 650 1.1 joerg block_len = sizeof(block); 651 1.1 joerg else 652 1.1 joerg block_len = archive_entry_size(entry) % sizeof(block); 653 1.1 joerg if (read(fd, block, block_len) != block_len) 654 1.1 joerg err(2, "short read"); 655 1.1 joerg hash_block(block, block_len, hash); 656 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 657 1.1 joerg free(hash_file); 658 1.1 joerg hash_file = tmp; 659 1.1 joerg } 660 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 661 1.1 joerg free(hash_file); 662 1.1 joerg hash_file = tmp; 663 1.1 joerg 664 1.1 joerg if (detached_gpg_sign(hash_file, strlen(hash_file), &signature_file, 665 1.1 joerg &signature_len, gpg_keyring_sign, gpg_sign_as)) 666 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 667 1.1 joerg 668 1.1 joerg lseek(fd, 0, SEEK_SET); 669 1.1 joerg 670 1.1 joerg sign_entry = archive_entry_clone(entry); 671 1.1 joerg hash_entry = archive_entry_clone(entry); 672 1.1 joerg pkgname = strrchr(name, '/'); 673 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 674 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 675 1.1 joerg archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); 676 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 677 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 678 1.1 joerg 679 1.1 joerg pkg = archive_write_new(); 680 1.1 joerg archive_write_set_compression_none(pkg); 681 1.1 joerg archive_write_set_format_ar_bsd(pkg); 682 1.1 joerg archive_write_open_filename(pkg, output); 683 1.1 joerg 684 1.1 joerg archive_write_header(pkg, hash_entry); 685 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 686 1.1 joerg archive_write_finish_entry(pkg); 687 1.1 joerg archive_entry_free(hash_entry); 688 1.1 joerg 689 1.1 joerg archive_write_header(pkg, sign_entry); 690 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 691 1.1 joerg archive_write_finish_entry(pkg); 692 1.1 joerg archive_entry_free(sign_entry); 693 1.1 joerg 694 1.1 joerg size = archive_entry_size(entry); 695 1.1 joerg archive_write_header(pkg, entry); 696 1.1 joerg 697 1.1 joerg for (i = 0; i < size; i += block_len) { 698 1.1 joerg if (i + sizeof(block) < size) 699 1.1 joerg block_len = sizeof(block); 700 1.1 joerg else 701 1.1 joerg block_len = size % sizeof(block); 702 1.1 joerg if (read(fd, block, block_len) != block_len) 703 1.1 joerg err(2, "short read"); 704 1.1 joerg archive_write_data(pkg, block, block_len); 705 1.1 joerg } 706 1.1 joerg archive_write_finish_entry(pkg); 707 1.1 joerg archive_entry_free(entry); 708 1.1 joerg 709 1.1 joerg archive_write_finish(pkg); 710 1.1 joerg 711 1.1.1.3 joerg close(fd); 712 1.1.1.3 joerg 713 1.1 joerg exit(0); 714 1.1 joerg } 715
Indexes created Wed Apr 22 00:22:44 UTC 2026