pkg_signature.c revision 1.1.1.5.4.2
1 1.1.1.5.4.2 snj /* $NetBSD: pkg_signature.c,v 1.1.1.5.4.2 2009/05/30 16:40:33 snj Exp $ */ 2 1.1.1.5.4.2 snj 3 1.1.1.5.4.2 snj #if HAVE_CONFIG_H 4 1.1.1.5.4.2 snj #include "config.h" 5 1.1.1.5.4.2 snj #endif 6 1.1.1.5.4.2 snj #include <nbcompat.h> 7 1.1.1.5.4.2 snj #if HAVE_SYS_CDEFS_H 8 1.1.1.5.4.2 snj #include <sys/cdefs.h> 9 1.1.1.5.4.2 snj #endif 10 1.1.1.5.4.2 snj __RCSID("$NetBSD: pkg_signature.c,v 1.1.1.5.4.2 2009/05/30 16:40:33 snj Exp $"); 11 1.1.1.5.4.2 snj 12 1.1.1.5.4.2 snj /*- 13 1.1.1.5.4.2 snj * Copyright (c) 2008 Joerg Sonnenberger <joerg (at) NetBSD.org>. 14 1.1.1.5.4.2 snj * All rights reserved. 15 1.1.1.5.4.2 snj * 16 1.1.1.5.4.2 snj * Redistribution and use in source and binary forms, with or without 17 1.1.1.5.4.2 snj * modification, are permitted provided that the following conditions 18 1.1.1.5.4.2 snj * are met: 19 1.1.1.5.4.2 snj * 20 1.1.1.5.4.2 snj * 1. Redistributions of source code must retain the above copyright 21 1.1.1.5.4.2 snj * notice, this list of conditions and the following disclaimer. 22 1.1.1.5.4.2 snj * 2. Redistributions in binary form must reproduce the above copyright 23 1.1.1.5.4.2 snj * notice, this list of conditions and the following disclaimer in 24 1.1.1.5.4.2 snj * the documentation and/or other materials provided with the 25 1.1.1.5.4.2 snj * distribution. 26 1.1.1.5.4.2 snj * 27 1.1.1.5.4.2 snj * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28 1.1.1.5.4.2 snj * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 29 1.1.1.5.4.2 snj * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 30 1.1.1.5.4.2 snj * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 31 1.1.1.5.4.2 snj * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 32 1.1.1.5.4.2 snj * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 1.1.1.5.4.2 snj * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 34 1.1.1.5.4.2 snj * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 35 1.1.1.5.4.2 snj * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 36 1.1.1.5.4.2 snj * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 37 1.1.1.5.4.2 snj * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 1.1.1.5.4.2 snj * SUCH DAMAGE. 39 1.1.1.5.4.2 snj */ 40 1.1.1.5.4.2 snj 41 1.1.1.5.4.2 snj #if HAVE_SYS_WAIT_H 42 1.1.1.5.4.2 snj #include <sys/wait.h> 43 1.1.1.5.4.2 snj #endif 44 1.1.1.5.4.2 snj #include <ctype.h> 45 1.1.1.5.4.2 snj #if HAVE_ERR_H 46 1.1.1.5.4.2 snj #include <err.h> 47 1.1.1.5.4.2 snj #endif 48 1.1.1.5.4.2 snj #include <errno.h> 49 1.1.1.5.4.2 snj #include <fcntl.h> 50 1.1.1.5.4.2 snj #include <stdlib.h> 51 1.1.1.5.4.2 snj #ifndef NETBSD 52 1.1.1.5.4.2 snj #include <nbcompat/sha2.h> 53 1.1.1.5.4.2 snj #else 54 1.1.1.5.4.2 snj #include <sha2.h> 55 1.1.1.5.4.2 snj #endif 56 1.1.1.5.4.2 snj #include <signal.h> 57 1.1.1.5.4.2 snj #ifdef NETBSD 58 1.1.1.5.4.2 snj #include <unistd.h> 59 1.1.1.5.4.2 snj #else 60 1.1.1.5.4.2 snj #include <nbcompat/unistd.h> 61 1.1.1.5.4.2 snj #endif 62 1.1.1.5.4.2 snj 63 1.1.1.5.4.2 snj #include <archive.h> 64 1.1.1.5.4.2 snj #include <archive_entry.h> 65 1.1.1.5.4.2 snj 66 1.1.1.5.4.2 snj #include "lib.h" 67 1.1.1.5.4.2 snj 68 1.1.1.5.4.2 snj #define HASH_FNAME "+PKG_HASH" 69 1.1.1.5.4.2 snj #define SIGNATURE_FNAME "+PKG_SIGNATURE" 70 1.1.1.5.4.2 snj #define GPG_SIGNATURE_FNAME "+PKG_GPG_SIGNATURE" 71 1.1.1.5.4.2 snj 72 1.1.1.5.4.2 snj struct signature_archive { 73 1.1.1.5.4.2 snj struct archive *archive; 74 1.1.1.5.4.2 snj off_t pkg_size; 75 1.1.1.5.4.2 snj size_t sign_block_len, sign_block_number, sign_cur_block; 76 1.1.1.5.4.2 snj char **sign_blocks; 77 1.1.1.5.4.2 snj unsigned char *sign_buf; 78 1.1.1.5.4.2 snj }; 79 1.1.1.5.4.2 snj 80 1.1.1.5.4.2 snj static void 81 1.1.1.5.4.2 snj hash_block(unsigned char *buf, size_t buf_len, 82 1.1.1.5.4.2 snj char hash[SHA512_DIGEST_STRING_LENGTH]) 83 1.1.1.5.4.2 snj { 84 1.1.1.5.4.2 snj unsigned char digest[SHA512_DIGEST_LENGTH]; 85 1.1.1.5.4.2 snj SHA512_CTX hash_ctx; 86 1.1.1.5.4.2 snj int i; 87 1.1.1.5.4.2 snj 88 1.1.1.5.4.2 snj SHA512_Init(&hash_ctx); 89 1.1.1.5.4.2 snj SHA512_Update(&hash_ctx, buf, buf_len); 90 1.1.1.5.4.2 snj SHA512_Final(digest, &hash_ctx); 91 1.1.1.5.4.2 snj for (i = 0; i < SHA512_DIGEST_LENGTH; ++i) { 92 1.1.1.5.4.2 snj unsigned char c; 93 1.1.1.5.4.2 snj 94 1.1.1.5.4.2 snj c = digest[i] / 16; 95 1.1.1.5.4.2 snj if (c < 10) 96 1.1.1.5.4.2 snj hash[2 * i] = '0' + c; 97 1.1.1.5.4.2 snj else 98 1.1.1.5.4.2 snj hash[2 * i] = 'a' - 10 + c; 99 1.1.1.5.4.2 snj 100 1.1.1.5.4.2 snj c = digest[i] % 16; 101 1.1.1.5.4.2 snj if (c < 10) 102 1.1.1.5.4.2 snj hash[2 * i + 1] = '0' + c; 103 1.1.1.5.4.2 snj else 104 1.1.1.5.4.2 snj hash[2 * i + 1] = 'a' - 10 + c; 105 1.1.1.5.4.2 snj } 106 1.1.1.5.4.2 snj hash[2 * i] = '\0'; 107 1.1.1.5.4.2 snj } 108 1.1.1.5.4.2 snj 109 1.1.1.5.4.2 snj static ssize_t 110 1.1.1.5.4.2 snj verify_signature_read_cb(struct archive *archive, void *cookie, const void **buf) 111 1.1.1.5.4.2 snj { 112 1.1.1.5.4.2 snj struct signature_archive *state = cookie; 113 1.1.1.5.4.2 snj char hash[SHA512_DIGEST_STRING_LENGTH]; 114 1.1.1.5.4.2 snj ssize_t len, expected; 115 1.1.1.5.4.2 snj 116 1.1.1.5.4.2 snj if (state->sign_cur_block >= state->sign_block_number) 117 1.1.1.5.4.2 snj return 0; 118 1.1.1.5.4.2 snj 119 1.1.1.5.4.2 snj /* The following works for sign_block_len > 1 */ 120 1.1.1.5.4.2 snj if (state->sign_cur_block + 1 == state->sign_block_number) 121 1.1.1.5.4.2 snj expected = state->pkg_size % state->sign_block_len; 122 1.1.1.5.4.2 snj else 123 1.1.1.5.4.2 snj expected = state->sign_block_len; 124 1.1.1.5.4.2 snj 125 1.1.1.5.4.2 snj len = archive_read_data(state->archive, state->sign_buf, expected); 126 1.1.1.5.4.2 snj if (len != expected) { 127 1.1.1.5.4.2 snj warnx("Short read from package"); 128 1.1.1.5.4.2 snj return -1; 129 1.1.1.5.4.2 snj } 130 1.1.1.5.4.2 snj 131 1.1.1.5.4.2 snj hash_block(state->sign_buf, len, hash); 132 1.1.1.5.4.2 snj 133 1.1.1.5.4.2 snj if (strcmp(hash, state->sign_blocks[state->sign_cur_block]) != 0) { 134 1.1.1.5.4.2 snj warnx("Invalid signature of block %llu", 135 1.1.1.5.4.2 snj (unsigned long long)state->sign_cur_block); 136 1.1.1.5.4.2 snj return -1; 137 1.1.1.5.4.2 snj } 138 1.1.1.5.4.2 snj ++state->sign_cur_block; 139 1.1.1.5.4.2 snj *buf = state->sign_buf; 140 1.1.1.5.4.2 snj return len; 141 1.1.1.5.4.2 snj } 142 1.1.1.5.4.2 snj 143 1.1.1.5.4.2 snj static void 144 1.1.1.5.4.2 snj free_signature_int(struct signature_archive *state) 145 1.1.1.5.4.2 snj { 146 1.1.1.5.4.2 snj size_t i; 147 1.1.1.5.4.2 snj 148 1.1.1.5.4.2 snj if (state->sign_blocks != NULL) { 149 1.1.1.5.4.2 snj for (i = 0; i < state->sign_block_number; ++i) 150 1.1.1.5.4.2 snj free(state->sign_blocks[i]); 151 1.1.1.5.4.2 snj } 152 1.1.1.5.4.2 snj free(state->sign_blocks); 153 1.1.1.5.4.2 snj free(state->sign_buf); 154 1.1.1.5.4.2 snj free(state); 155 1.1.1.5.4.2 snj } 156 1.1.1.5.4.2 snj 157 1.1.1.5.4.2 snj static int 158 1.1.1.5.4.2 snj verify_signature_close_cb(struct archive *archive, void *cookie) 159 1.1.1.5.4.2 snj { 160 1.1.1.5.4.2 snj struct signature_archive *state = cookie; 161 1.1.1.5.4.2 snj 162 1.1.1.5.4.2 snj archive_read_finish(state->archive); 163 1.1.1.5.4.2 snj free_signature_int(state); 164 1.1.1.5.4.2 snj return 0; 165 1.1.1.5.4.2 snj } 166 1.1.1.5.4.2 snj 167 1.1.1.5.4.2 snj static int 168 1.1.1.5.4.2 snj read_file_from_archive(struct archive *archive, struct archive_entry **entry, 169 1.1.1.5.4.2 snj const char *fname, char **content, size_t *len) 170 1.1.1.5.4.2 snj { 171 1.1.1.5.4.2 snj int r; 172 1.1.1.5.4.2 snj 173 1.1.1.5.4.2 snj *content = NULL; 174 1.1.1.5.4.2 snj *len = 0; 175 1.1.1.5.4.2 snj 176 1.1.1.5.4.2 snj retry: 177 1.1.1.5.4.2 snj if (*entry == NULL && 178 1.1.1.5.4.2 snj (r = archive_read_next_header(archive, entry)) != ARCHIVE_OK) { 179 1.1.1.5.4.2 snj if (r == ARCHIVE_FATAL) { 180 1.1.1.5.4.2 snj warnx("Cannot read from archive: %s", 181 1.1.1.5.4.2 snj archive_error_string(archive)); 182 1.1.1.5.4.2 snj } else { 183 1.1.1.5.4.2 snj warnx("Premature end of archive"); 184 1.1.1.5.4.2 snj } 185 1.1.1.5.4.2 snj *entry = NULL; 186 1.1.1.5.4.2 snj return -1; 187 1.1.1.5.4.2 snj } 188 1.1.1.5.4.2 snj if (strcmp(archive_entry_pathname(*entry), "//") == 0) { 189 1.1.1.5.4.2 snj archive_read_data_skip(archive); 190 1.1.1.5.4.2 snj *entry = NULL; 191 1.1.1.5.4.2 snj goto retry; 192 1.1.1.5.4.2 snj } 193 1.1.1.5.4.2 snj 194 1.1.1.5.4.2 snj if (strcmp(fname, archive_entry_pathname(*entry)) != 0) 195 1.1.1.5.4.2 snj return 1; 196 1.1.1.5.4.2 snj 197 1.1.1.5.4.2 snj if (archive_entry_size(*entry) > SSIZE_MAX - 1) { 198 1.1.1.5.4.2 snj warnx("signature too large to process"); 199 1.1.1.5.4.2 snj return 1; 200 1.1.1.5.4.2 snj } 201 1.1.1.5.4.2 snj *len = archive_entry_size(*entry); 202 1.1.1.5.4.2 snj *content = xmalloc(*len + 1); 203 1.1.1.5.4.2 snj 204 1.1.1.5.4.2 snj if (archive_read_data(archive, *content, *len) != *len) { 205 1.1.1.5.4.2 snj warnx("cannot read complete %s from archive", fname); 206 1.1.1.5.4.2 snj free(*content); 207 1.1.1.5.4.2 snj *len = 0; 208 1.1.1.5.4.2 snj *content = NULL; 209 1.1.1.5.4.2 snj return 1; 210 1.1.1.5.4.2 snj } 211 1.1.1.5.4.2 snj (*content)[*len] = '\0'; 212 1.1.1.5.4.2 snj *entry = NULL; 213 1.1.1.5.4.2 snj 214 1.1.1.5.4.2 snj return 0; 215 1.1.1.5.4.2 snj } 216 1.1.1.5.4.2 snj 217 1.1.1.5.4.2 snj static int 218 1.1.1.5.4.2 snj parse_hash_file(const char *hash_file, char **pkgname, 219 1.1.1.5.4.2 snj struct signature_archive *state) 220 1.1.1.5.4.2 snj { 221 1.1.1.5.4.2 snj static const char block1[] = "pkgsrc signature\n\nversion: 1\npkgname: "; 222 1.1.1.5.4.2 snj static const char block2[] = "algorithm: SHA512\nblock size: "; 223 1.1.1.5.4.2 snj static const char block3[] = "file size: "; 224 1.1.1.5.4.2 snj static const char block4[] = "end pkgsrc signature\n"; 225 1.1.1.5.4.2 snj char *next; 226 1.1.1.5.4.2 snj size_t i, len; 227 1.1.1.5.4.2 snj 228 1.1.1.5.4.2 snj *pkgname = NULL; 229 1.1.1.5.4.2 snj 230 1.1.1.5.4.2 snj if (strncmp(hash_file, block1, strlen(block1)) != 0) 231 1.1.1.5.4.2 snj goto cleanup; 232 1.1.1.5.4.2 snj hash_file += strlen(block1); 233 1.1.1.5.4.2 snj 234 1.1.1.5.4.2 snj len = strcspn(hash_file, "\n"); 235 1.1.1.5.4.2 snj *pkgname = xmalloc(len + 1); 236 1.1.1.5.4.2 snj memcpy(*pkgname, hash_file, len); 237 1.1.1.5.4.2 snj (*pkgname)[len] = '\0'; 238 1.1.1.5.4.2 snj for (i = 0; i < len; ++i) { 239 1.1.1.5.4.2 snj if (!isgraph((unsigned char)(*pkgname)[i])) 240 1.1.1.5.4.2 snj goto cleanup; 241 1.1.1.5.4.2 snj } 242 1.1.1.5.4.2 snj hash_file += len + 1; 243 1.1.1.5.4.2 snj 244 1.1.1.5.4.2 snj if (strncmp(hash_file, block2, strlen(block2)) != 0) 245 1.1.1.5.4.2 snj goto cleanup; 246 1.1.1.5.4.2 snj hash_file += strlen(block2); 247 1.1.1.5.4.2 snj 248 1.1.1.5.4.2 snj errno = 0; 249 1.1.1.5.4.2 snj if (!isdigit((unsigned char)*hash_file)) 250 1.1.1.5.4.2 snj goto cleanup; 251 1.1.1.5.4.2 snj state->sign_block_len = strtoul(hash_file, &next, 10); 252 1.1.1.5.4.2 snj hash_file = next; 253 1.1.1.5.4.2 snj 254 1.1.1.5.4.2 snj /* Assert sane minimum block size of 1KB */ 255 1.1.1.5.4.2 snj if (*hash_file++ != '\n' || errno == ERANGE || state->sign_block_len < 1024) 256 1.1.1.5.4.2 snj goto cleanup; 257 1.1.1.5.4.2 snj 258 1.1.1.5.4.2 snj if (strncmp(hash_file, block3, strlen(block3)) != 0) 259 1.1.1.5.4.2 snj goto cleanup; 260 1.1.1.5.4.2 snj hash_file += strlen(block3); 261 1.1.1.5.4.2 snj 262 1.1.1.5.4.2 snj errno = 0; 263 1.1.1.5.4.2 snj if (!isdigit((unsigned char)*hash_file)) 264 1.1.1.5.4.2 snj goto cleanup; 265 1.1.1.5.4.2 snj if (sizeof(off_t) >= sizeof(long long)) 266 1.1.1.5.4.2 snj state->pkg_size = strtoll(hash_file, &next, 10); 267 1.1.1.5.4.2 snj else 268 1.1.1.5.4.2 snj state->pkg_size = strtol(hash_file, &next, 10); 269 1.1.1.5.4.2 snj hash_file = next; 270 1.1.1.5.4.2 snj if (*hash_file++ != '\n' || errno == ERANGE || state->pkg_size < 1) 271 1.1.1.5.4.2 snj goto cleanup; 272 1.1.1.5.4.2 snj 273 1.1.1.5.4.2 snj if (*hash_file++ != '\n') 274 1.1.1.5.4.2 snj goto cleanup; 275 1.1.1.5.4.2 snj 276 1.1.1.5.4.2 snj if (state->pkg_size / state->sign_block_len > SSIZE_MAX) 277 1.1.1.5.4.2 snj goto cleanup; 278 1.1.1.5.4.2 snj state->sign_block_number = (state->pkg_size + 279 1.1.1.5.4.2 snj state->sign_block_len - 1) / state->sign_block_len; 280 1.1.1.5.4.2 snj 281 1.1.1.5.4.2 snj state->sign_buf = xmalloc(state->sign_block_len); 282 1.1.1.5.4.2 snj state->sign_blocks = xcalloc(state->sign_block_number, sizeof(char *)); 283 1.1.1.5.4.2 snj 284 1.1.1.5.4.2 snj for (i = 0; i < state->sign_block_number; ++i) { 285 1.1.1.5.4.2 snj len = strspn(hash_file, "01234567889abcdef"); 286 1.1.1.5.4.2 snj if (len != SHA512_DIGEST_LENGTH * 2 || hash_file[len] != '\n') 287 1.1.1.5.4.2 snj goto cleanup_hashes; 288 1.1.1.5.4.2 snj state->sign_blocks[i] = xmalloc(len + 1); 289 1.1.1.5.4.2 snj memcpy(state->sign_blocks[i], hash_file, len); 290 1.1.1.5.4.2 snj state->sign_blocks[i][len] = '\0'; 291 1.1.1.5.4.2 snj hash_file += len + 1; 292 1.1.1.5.4.2 snj } 293 1.1.1.5.4.2 snj 294 1.1.1.5.4.2 snj if (strcmp(hash_file, block4) != 0) 295 1.1.1.5.4.2 snj goto cleanup_hashes; 296 1.1.1.5.4.2 snj 297 1.1.1.5.4.2 snj return 0; 298 1.1.1.5.4.2 snj 299 1.1.1.5.4.2 snj cleanup_hashes: 300 1.1.1.5.4.2 snj for (i = 0; i < state->sign_block_number; ++i) 301 1.1.1.5.4.2 snj free(state->sign_blocks[i]); 302 1.1.1.5.4.2 snj free(state->sign_blocks); 303 1.1.1.5.4.2 snj state->sign_blocks = NULL; 304 1.1.1.5.4.2 snj 305 1.1.1.5.4.2 snj cleanup: 306 1.1.1.5.4.2 snj warnx("Unknown format of hash file"); 307 1.1.1.5.4.2 snj free(*pkgname); 308 1.1.1.5.4.2 snj *pkgname = NULL; 309 1.1.1.5.4.2 snj return -1; 310 1.1.1.5.4.2 snj } 311 1.1.1.5.4.2 snj 312 1.1.1.5.4.2 snj int 313 1.1.1.5.4.2 snj pkg_verify_signature(struct archive **archive, struct archive_entry **entry, 314 1.1.1.5.4.2 snj char **pkgname) 315 1.1.1.5.4.2 snj { 316 1.1.1.5.4.2 snj struct signature_archive *state; 317 1.1.1.5.4.2 snj struct archive_entry *my_entry; 318 1.1.1.5.4.2 snj struct archive *a; 319 1.1.1.5.4.2 snj char *hash_file, *signature_file; 320 1.1.1.5.4.2 snj size_t hash_len, signature_len; 321 1.1.1.5.4.2 snj int r, has_sig; 322 1.1.1.5.4.2 snj 323 1.1.1.5.4.2 snj *pkgname = NULL; 324 1.1.1.5.4.2 snj 325 1.1.1.5.4.2 snj state = xmalloc(sizeof(*state)); 326 1.1.1.5.4.2 snj state->sign_blocks = NULL; 327 1.1.1.5.4.2 snj state->sign_buf = NULL; 328 1.1.1.5.4.2 snj state->archive = NULL; 329 1.1.1.5.4.2 snj 330 1.1.1.5.4.2 snj r = read_file_from_archive(*archive, entry, HASH_FNAME, 331 1.1.1.5.4.2 snj &hash_file, &hash_len); 332 1.1.1.5.4.2 snj if (r == -1) { 333 1.1.1.5.4.2 snj archive_read_finish(*archive); 334 1.1.1.5.4.2 snj *archive = NULL; 335 1.1.1.5.4.2 snj free(state); 336 1.1.1.5.4.2 snj goto no_valid_signature; 337 1.1.1.5.4.2 snj } else if (r == 1) { 338 1.1.1.5.4.2 snj free(state); 339 1.1.1.5.4.2 snj goto no_valid_signature; 340 1.1.1.5.4.2 snj } 341 1.1.1.5.4.2 snj 342 1.1.1.5.4.2 snj if (parse_hash_file(hash_file, pkgname, state)) 343 1.1.1.5.4.2 snj goto no_valid_signature; 344 1.1.1.5.4.2 snj 345 1.1.1.5.4.2 snj r = read_file_from_archive(*archive, entry, SIGNATURE_FNAME, 346 1.1.1.5.4.2 snj &signature_file, &signature_len); 347 1.1.1.5.4.2 snj if (r == -1) { 348 1.1.1.5.4.2 snj archive_read_finish(*archive); 349 1.1.1.5.4.2 snj *archive = NULL; 350 1.1.1.5.4.2 snj free(state); 351 1.1.1.5.4.2 snj free(hash_file); 352 1.1.1.5.4.2 snj goto no_valid_signature; 353 1.1.1.5.4.2 snj } else if (r != 0) { 354 1.1.1.5.4.2 snj if (*entry != NULL) 355 1.1.1.5.4.2 snj r = read_file_from_archive(*archive, entry, 356 1.1.1.5.4.2 snj GPG_SIGNATURE_FNAME, 357 1.1.1.5.4.2 snj &signature_file, &signature_len); 358 1.1.1.5.4.2 snj if (r == -1) { 359 1.1.1.5.4.2 snj archive_read_finish(*archive); 360 1.1.1.5.4.2 snj *archive = NULL; 361 1.1.1.5.4.2 snj free(state); 362 1.1.1.5.4.2 snj free(hash_file); 363 1.1.1.5.4.2 snj goto no_valid_signature; 364 1.1.1.5.4.2 snj } else if (r != 0) { 365 1.1.1.5.4.2 snj free(hash_file); 366 1.1.1.5.4.2 snj free(state); 367 1.1.1.5.4.2 snj goto no_valid_signature; 368 1.1.1.5.4.2 snj } 369 1.1.1.5.4.2 snj has_sig = !detached_gpg_verify(hash_file, hash_len, 370 1.1.1.5.4.2 snj signature_file, signature_len, gpg_keyring_verify); 371 1.1.1.5.4.2 snj 372 1.1.1.5.4.2 snj free(signature_file); 373 1.1.1.5.4.2 snj } else { 374 1.1.1.5.4.2 snj #ifdef HAVE_SSL 375 1.1.1.5.4.2 snj has_sig = !easy_pkcs7_verify(hash_file, hash_len, signature_file, 376 1.1.1.5.4.2 snj signature_len, certs_packages, 1); 377 1.1.1.5.4.2 snj 378 1.1.1.5.4.2 snj free(signature_file); 379 1.1.1.5.4.2 snj #else 380 1.1.1.5.4.2 snj warnx("No OpenSSL support compiled in, skipping signature"); 381 1.1.1.5.4.2 snj has_sig = 0; 382 1.1.1.5.4.2 snj free(signature_file); 383 1.1.1.5.4.2 snj #endif 384 1.1.1.5.4.2 snj } 385 1.1.1.5.4.2 snj 386 1.1.1.5.4.2 snj r = archive_read_next_header(*archive, &my_entry); 387 1.1.1.5.4.2 snj if (r != ARCHIVE_OK) { 388 1.1.1.5.4.2 snj warnx("Cannot read inner package: %s", 389 1.1.1.5.4.2 snj archive_error_string(*archive)); 390 1.1.1.5.4.2 snj free_signature_int(state); 391 1.1.1.5.4.2 snj goto no_valid_signature; 392 1.1.1.5.4.2 snj } 393 1.1.1.5.4.2 snj 394 1.1.1.5.4.2 snj if (archive_entry_size(my_entry) != state->pkg_size) { 395 1.1.1.5.4.2 snj warnx("Package size doesn't match signature"); 396 1.1.1.5.4.2 snj free_signature_int(state); 397 1.1.1.5.4.2 snj goto no_valid_signature; 398 1.1.1.5.4.2 snj } 399 1.1.1.5.4.2 snj 400 1.1.1.5.4.2 snj state->archive = *archive; 401 1.1.1.5.4.2 snj 402 1.1.1.5.4.2 snj a = archive_read_new(); 403 1.1.1.5.4.2 snj archive_read_support_compression_all(a); 404 1.1.1.5.4.2 snj archive_read_support_format_all(a); 405 1.1.1.5.4.2 snj if (archive_read_open(a, state, NULL, verify_signature_read_cb, 406 1.1.1.5.4.2 snj verify_signature_close_cb)) { 407 1.1.1.5.4.2 snj warnx("Can't open signed package file"); 408 1.1.1.5.4.2 snj archive_read_finish(a); 409 1.1.1.5.4.2 snj goto no_valid_signature; 410 1.1.1.5.4.2 snj } 411 1.1.1.5.4.2 snj *archive = a; 412 1.1.1.5.4.2 snj *entry = NULL; 413 1.1.1.5.4.2 snj 414 1.1.1.5.4.2 snj return has_sig ? 0 : -1; 415 1.1.1.5.4.2 snj 416 1.1.1.5.4.2 snj no_valid_signature: 417 1.1.1.5.4.2 snj return -1; 418 1.1.1.5.4.2 snj } 419 1.1.1.5.4.2 snj 420 1.1.1.5.4.2 snj int 421 1.1.1.5.4.2 snj pkg_full_signature_check(struct archive **archive) 422 1.1.1.5.4.2 snj { 423 1.1.1.5.4.2 snj struct archive_entry *entry = NULL; 424 1.1.1.5.4.2 snj char *pkgname; 425 1.1.1.5.4.2 snj int r; 426 1.1.1.5.4.2 snj 427 1.1.1.5.4.2 snj if (pkg_verify_signature(archive, &entry, &pkgname)) 428 1.1.1.5.4.2 snj return -1; 429 1.1.1.5.4.2 snj if (pkgname == NULL) 430 1.1.1.5.4.2 snj return 0; 431 1.1.1.5.4.2 snj 432 1.1.1.5.4.2 snj /* XXX read PLIST and compare pkgname */ 433 1.1.1.5.4.2 snj while ((r = archive_read_next_header(*archive, &entry)) == ARCHIVE_OK) 434 1.1.1.5.4.2 snj archive_read_data_skip(*archive); 435 1.1.1.5.4.2 snj 436 1.1.1.5.4.2 snj free(pkgname); 437 1.1.1.5.4.2 snj return r == ARCHIVE_EOF ? 0 : -1; 438 1.1.1.5.4.2 snj } 439 1.1.1.5.4.2 snj 440 1.1.1.5.4.2 snj static char * 441 1.1.1.5.4.2 snj extract_pkgname(int fd) 442 1.1.1.5.4.2 snj { 443 1.1.1.5.4.2 snj package_t plist; 444 1.1.1.5.4.2 snj plist_t *p; 445 1.1.1.5.4.2 snj struct archive *a; 446 1.1.1.5.4.2 snj struct archive_entry *entry; 447 1.1.1.5.4.2 snj char *buf; 448 1.1.1.5.4.2 snj ssize_t len; 449 1.1.1.5.4.2 snj int r; 450 1.1.1.5.4.2 snj 451 1.1.1.5.4.2 snj a = archive_read_new(); 452 1.1.1.5.4.2 snj archive_read_support_compression_all(a); 453 1.1.1.5.4.2 snj archive_read_support_format_all(a); 454 1.1.1.5.4.2 snj if (archive_read_open_fd(a, fd, 1024)) { 455 1.1.1.5.4.2 snj warnx("Cannot open binary package: %s", 456 1.1.1.5.4.2 snj archive_error_string(a)); 457 1.1.1.5.4.2 snj archive_read_finish(a); 458 1.1.1.5.4.2 snj return NULL; 459 1.1.1.5.4.2 snj } 460 1.1.1.5.4.2 snj 461 1.1.1.5.4.2 snj r = archive_read_next_header(a, &entry); 462 1.1.1.5.4.2 snj if (r != ARCHIVE_OK) { 463 1.1.1.5.4.2 snj warnx("Cannot extract package name: %s", 464 1.1.1.5.4.2 snj r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); 465 1.1.1.5.4.2 snj archive_read_finish(a); 466 1.1.1.5.4.2 snj return NULL; 467 1.1.1.5.4.2 snj } 468 1.1.1.5.4.2 snj if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { 469 1.1.1.5.4.2 snj warnx("Invalid binary package, doesn't start with +CONTENTS"); 470 1.1.1.5.4.2 snj archive_read_finish(a); 471 1.1.1.5.4.2 snj return NULL; 472 1.1.1.5.4.2 snj } 473 1.1.1.5.4.2 snj if (archive_entry_size(entry) > SSIZE_MAX - 1) { 474 1.1.1.5.4.2 snj warnx("+CONTENTS too large to process"); 475 1.1.1.5.4.2 snj archive_read_finish(a); 476 1.1.1.5.4.2 snj return NULL; 477 1.1.1.5.4.2 snj } 478 1.1.1.5.4.2 snj 479 1.1.1.5.4.2 snj len = archive_entry_size(entry); 480 1.1.1.5.4.2 snj buf = xmalloc(len + 1); 481 1.1.1.5.4.2 snj 482 1.1.1.5.4.2 snj if (archive_read_data(a, buf, len) != len) { 483 1.1.1.5.4.2 snj warnx("Short read when extracing +CONTENTS"); 484 1.1.1.5.4.2 snj free(buf); 485 1.1.1.5.4.2 snj archive_read_finish(a); 486 1.1.1.5.4.2 snj return NULL; 487 1.1.1.5.4.2 snj } 488 1.1.1.5.4.2 snj buf[len] = '\0'; 489 1.1.1.5.4.2 snj 490 1.1.1.5.4.2 snj archive_read_finish(a); 491 1.1.1.5.4.2 snj 492 1.1.1.5.4.2 snj parse_plist(&plist, buf); 493 1.1.1.5.4.2 snj free(buf); 494 1.1.1.5.4.2 snj p = find_plist(&plist, PLIST_NAME); 495 1.1.1.5.4.2 snj if (p != NULL) { 496 1.1.1.5.4.2 snj buf = xstrdup(p->name); 497 1.1.1.5.4.2 snj } else { 498 1.1.1.5.4.2 snj warnx("Invalid PLIST: missing @name"); 499 1.1.1.5.4.2 snj buf = NULL; 500 1.1.1.5.4.2 snj } 501 1.1.1.5.4.2 snj free_plist(&plist); 502 1.1.1.5.4.2 snj 503 1.1.1.5.4.2 snj if (lseek(fd, 0, SEEK_SET) != 0) { 504 1.1.1.5.4.2 snj warn("Cannot seek in archive"); 505 1.1.1.5.4.2 snj free(buf); 506 1.1.1.5.4.2 snj return NULL; 507 1.1.1.5.4.2 snj } 508 1.1.1.5.4.2 snj 509 1.1.1.5.4.2 snj return buf; 510 1.1.1.5.4.2 snj } 511 1.1.1.5.4.2 snj 512 1.1.1.5.4.2 snj static const char hash_template[] = 513 1.1.1.5.4.2 snj "pkgsrc signature\n" 514 1.1.1.5.4.2 snj "\n" 515 1.1.1.5.4.2 snj "version: 1\n" 516 1.1.1.5.4.2 snj "pkgname: %s\n" 517 1.1.1.5.4.2 snj "algorithm: SHA512\n" 518 1.1.1.5.4.2 snj "block size: 65536\n" 519 1.1.1.5.4.2 snj "file size: %lld\n" 520 1.1.1.5.4.2 snj "\n"; 521 1.1.1.5.4.2 snj 522 1.1.1.5.4.2 snj static const char hash_trailer[] = "end pkgsrc signature\n"; 523 1.1.1.5.4.2 snj 524 1.1.1.5.4.2 snj #ifdef HAVE_SSL 525 1.1.1.5.4.2 snj void 526 1.1.1.5.4.2 snj pkg_sign_x509(const char *name, const char *output, const char *key_file, const char *cert_file) 527 1.1.1.5.4.2 snj { 528 1.1.1.5.4.2 snj struct archive *pkg; 529 1.1.1.5.4.2 snj struct archive_entry *entry, *hash_entry, *sign_entry; 530 1.1.1.5.4.2 snj int fd; 531 1.1.1.5.4.2 snj struct stat sb; 532 1.1.1.5.4.2 snj char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 533 1.1.1.5.4.2 snj unsigned char block[65536]; 534 1.1.1.5.4.2 snj off_t i, size; 535 1.1.1.5.4.2 snj size_t block_len, signature_len; 536 1.1.1.5.4.2 snj 537 1.1.1.5.4.2 snj if ((fd = open(name, O_RDONLY)) == -1) 538 1.1.1.5.4.2 snj err(EXIT_FAILURE, "Cannot open binary package %s", name); 539 1.1.1.5.4.2 snj if (fstat(fd, &sb) == -1) 540 1.1.1.5.4.2 snj err(EXIT_FAILURE, "Cannot stat %s", name); 541 1.1.1.5.4.2 snj 542 1.1.1.5.4.2 snj entry = archive_entry_new(); 543 1.1.1.5.4.2 snj archive_entry_copy_stat(entry, &sb); 544 1.1.1.5.4.2 snj 545 1.1.1.5.4.2 snj pkgname = extract_pkgname(fd); 546 1.1.1.5.4.2 snj hash_file = xasprintf(hash_template, pkgname, 547 1.1.1.5.4.2 snj (long long)archive_entry_size(entry)); 548 1.1.1.5.4.2 snj free(pkgname); 549 1.1.1.5.4.2 snj 550 1.1.1.5.4.2 snj for (i = 0; i < archive_entry_size(entry); i += block_len) { 551 1.1.1.5.4.2 snj if (i + sizeof(block) < archive_entry_size(entry)) 552 1.1.1.5.4.2 snj block_len = sizeof(block); 553 1.1.1.5.4.2 snj else 554 1.1.1.5.4.2 snj block_len = archive_entry_size(entry) % sizeof(block); 555 1.1.1.5.4.2 snj if (read(fd, block, block_len) != block_len) 556 1.1.1.5.4.2 snj err(2, "short read"); 557 1.1.1.5.4.2 snj hash_block(block, block_len, hash); 558 1.1.1.5.4.2 snj tmp = xasprintf("%s%s\n", hash_file, hash); 559 1.1.1.5.4.2 snj free(hash_file); 560 1.1.1.5.4.2 snj hash_file = tmp; 561 1.1.1.5.4.2 snj } 562 1.1.1.5.4.2 snj tmp = xasprintf("%s%s", hash_file, hash_trailer); 563 1.1.1.5.4.2 snj free(hash_file); 564 1.1.1.5.4.2 snj hash_file = tmp; 565 1.1.1.5.4.2 snj 566 1.1.1.5.4.2 snj if (easy_pkcs7_sign(hash_file, strlen(hash_file), &signature_file, 567 1.1.1.5.4.2 snj &signature_len, key_file, cert_file)) 568 1.1.1.5.4.2 snj err(EXIT_FAILURE, "Cannot sign hash file"); 569 1.1.1.5.4.2 snj 570 1.1.1.5.4.2 snj lseek(fd, 0, SEEK_SET); 571 1.1.1.5.4.2 snj 572 1.1.1.5.4.2 snj sign_entry = archive_entry_clone(entry); 573 1.1.1.5.4.2 snj hash_entry = archive_entry_clone(entry); 574 1.1.1.5.4.2 snj pkgname = strrchr(name, '/'); 575 1.1.1.5.4.2 snj archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 576 1.1.1.5.4.2 snj archive_entry_set_pathname(hash_entry, HASH_FNAME); 577 1.1.1.5.4.2 snj archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); 578 1.1.1.5.4.2 snj archive_entry_set_size(hash_entry, strlen(hash_file)); 579 1.1.1.5.4.2 snj archive_entry_set_size(sign_entry, signature_len); 580 1.1.1.5.4.2 snj 581 1.1.1.5.4.2 snj pkg = archive_write_new(); 582 1.1.1.5.4.2 snj archive_write_set_compression_none(pkg); 583 1.1.1.5.4.2 snj archive_write_set_format_ar_bsd(pkg); 584 1.1.1.5.4.2 snj archive_write_open_filename(pkg, output); 585 1.1.1.5.4.2 snj 586 1.1.1.5.4.2 snj archive_write_header(pkg, hash_entry); 587 1.1.1.5.4.2 snj archive_write_data(pkg, hash_file, strlen(hash_file)); 588 1.1.1.5.4.2 snj archive_write_finish_entry(pkg); 589 1.1.1.5.4.2 snj archive_entry_free(hash_entry); 590 1.1.1.5.4.2 snj 591 1.1.1.5.4.2 snj archive_write_header(pkg, sign_entry); 592 1.1.1.5.4.2 snj archive_write_data(pkg, signature_file, signature_len); 593 1.1.1.5.4.2 snj archive_write_finish_entry(pkg); 594 1.1.1.5.4.2 snj archive_entry_free(sign_entry); 595 1.1.1.5.4.2 snj 596 1.1.1.5.4.2 snj size = archive_entry_size(entry); 597 1.1.1.5.4.2 snj archive_write_header(pkg, entry); 598 1.1.1.5.4.2 snj 599 1.1.1.5.4.2 snj for (i = 0; i < size; i += block_len) { 600 1.1.1.5.4.2 snj if (i + sizeof(block) < size) 601 1.1.1.5.4.2 snj block_len = sizeof(block); 602 1.1.1.5.4.2 snj else 603 1.1.1.5.4.2 snj block_len = size % sizeof(block); 604 1.1.1.5.4.2 snj if (read(fd, block, block_len) != block_len) 605 1.1.1.5.4.2 snj err(2, "short read"); 606 1.1.1.5.4.2 snj archive_write_data(pkg, block, block_len); 607 1.1.1.5.4.2 snj } 608 1.1.1.5.4.2 snj archive_write_finish_entry(pkg); 609 1.1.1.5.4.2 snj archive_entry_free(entry); 610 1.1.1.5.4.2 snj 611 1.1.1.5.4.2 snj archive_write_finish(pkg); 612 1.1.1.5.4.2 snj 613 1.1.1.5.4.2 snj close(fd); 614 1.1.1.5.4.2 snj 615 1.1.1.5.4.2 snj exit(0); 616 1.1.1.5.4.2 snj } 617 1.1.1.5.4.2 snj #endif 618 1.1.1.5.4.2 snj 619 1.1.1.5.4.2 snj void 620 1.1.1.5.4.2 snj pkg_sign_gpg(const char *name, const char *output) 621 1.1.1.5.4.2 snj { 622 1.1.1.5.4.2 snj struct archive *pkg; 623 1.1.1.5.4.2 snj struct archive_entry *entry, *hash_entry, *sign_entry; 624 1.1.1.5.4.2 snj int fd; 625 1.1.1.5.4.2 snj struct stat sb; 626 1.1.1.5.4.2 snj char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 627 1.1.1.5.4.2 snj unsigned char block[65536]; 628 1.1.1.5.4.2 snj off_t i, size; 629 1.1.1.5.4.2 snj size_t block_len, signature_len; 630 1.1.1.5.4.2 snj 631 1.1.1.5.4.2 snj if ((fd = open(name, O_RDONLY)) == -1) 632 1.1.1.5.4.2 snj err(EXIT_FAILURE, "Cannot open binary package %s", name); 633 1.1.1.5.4.2 snj if (fstat(fd, &sb) == -1) 634 1.1.1.5.4.2 snj err(EXIT_FAILURE, "Cannot stat %s", name); 635 1.1.1.5.4.2 snj 636 1.1.1.5.4.2 snj entry = archive_entry_new(); 637 1.1.1.5.4.2 snj archive_entry_copy_stat(entry, &sb); 638 1.1.1.5.4.2 snj 639 1.1.1.5.4.2 snj pkgname = extract_pkgname(fd); 640 1.1.1.5.4.2 snj hash_file = xasprintf(hash_template, pkgname, 641 1.1.1.5.4.2 snj (long long)archive_entry_size(entry)); 642 1.1.1.5.4.2 snj free(pkgname); 643 1.1.1.5.4.2 snj 644 1.1.1.5.4.2 snj for (i = 0; i < archive_entry_size(entry); i += block_len) { 645 1.1.1.5.4.2 snj if (i + sizeof(block) < archive_entry_size(entry)) 646 1.1.1.5.4.2 snj block_len = sizeof(block); 647 1.1.1.5.4.2 snj else 648 1.1.1.5.4.2 snj block_len = archive_entry_size(entry) % sizeof(block); 649 1.1.1.5.4.2 snj if (read(fd, block, block_len) != block_len) 650 1.1.1.5.4.2 snj err(2, "short read"); 651 1.1.1.5.4.2 snj hash_block(block, block_len, hash); 652 1.1.1.5.4.2 snj tmp = xasprintf("%s%s\n", hash_file, hash); 653 1.1.1.5.4.2 snj free(hash_file); 654 1.1.1.5.4.2 snj hash_file = tmp; 655 1.1.1.5.4.2 snj } 656 1.1.1.5.4.2 snj tmp = xasprintf("%s%s", hash_file, hash_trailer); 657 1.1.1.5.4.2 snj free(hash_file); 658 1.1.1.5.4.2 snj hash_file = tmp; 659 1.1.1.5.4.2 snj 660 1.1.1.5.4.2 snj if (detached_gpg_sign(hash_file, strlen(hash_file), &signature_file, 661 1.1.1.5.4.2 snj &signature_len, gpg_keyring_sign, gpg_sign_as)) 662 1.1.1.5.4.2 snj err(EXIT_FAILURE, "Cannot sign hash file"); 663 1.1.1.5.4.2 snj 664 1.1.1.5.4.2 snj lseek(fd, 0, SEEK_SET); 665 1.1.1.5.4.2 snj 666 1.1.1.5.4.2 snj sign_entry = archive_entry_clone(entry); 667 1.1.1.5.4.2 snj hash_entry = archive_entry_clone(entry); 668 1.1.1.5.4.2 snj pkgname = strrchr(name, '/'); 669 1.1.1.5.4.2 snj archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 670 1.1.1.5.4.2 snj archive_entry_set_pathname(hash_entry, HASH_FNAME); 671 1.1.1.5.4.2 snj archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); 672 1.1.1.5.4.2 snj archive_entry_set_size(hash_entry, strlen(hash_file)); 673 1.1.1.5.4.2 snj archive_entry_set_size(sign_entry, signature_len); 674 1.1.1.5.4.2 snj 675 1.1.1.5.4.2 snj pkg = archive_write_new(); 676 1.1.1.5.4.2 snj archive_write_set_compression_none(pkg); 677 1.1.1.5.4.2 snj archive_write_set_format_ar_bsd(pkg); 678 1.1.1.5.4.2 snj archive_write_open_filename(pkg, output); 679 1.1.1.5.4.2 snj 680 1.1.1.5.4.2 snj archive_write_header(pkg, hash_entry); 681 1.1.1.5.4.2 snj archive_write_data(pkg, hash_file, strlen(hash_file)); 682 1.1.1.5.4.2 snj archive_write_finish_entry(pkg); 683 1.1.1.5.4.2 snj archive_entry_free(hash_entry); 684 1.1.1.5.4.2 snj 685 1.1.1.5.4.2 snj archive_write_header(pkg, sign_entry); 686 1.1.1.5.4.2 snj archive_write_data(pkg, signature_file, signature_len); 687 1.1.1.5.4.2 snj archive_write_finish_entry(pkg); 688 1.1.1.5.4.2 snj archive_entry_free(sign_entry); 689 1.1.1.5.4.2 snj 690 1.1.1.5.4.2 snj size = archive_entry_size(entry); 691 1.1.1.5.4.2 snj archive_write_header(pkg, entry); 692 1.1.1.5.4.2 snj 693 1.1.1.5.4.2 snj for (i = 0; i < size; i += block_len) { 694 1.1.1.5.4.2 snj if (i + sizeof(block) < size) 695 1.1.1.5.4.2 snj block_len = sizeof(block); 696 1.1.1.5.4.2 snj else 697 1.1.1.5.4.2 snj block_len = size % sizeof(block); 698 1.1.1.5.4.2 snj if (read(fd, block, block_len) != block_len) 699 1.1.1.5.4.2 snj err(2, "short read"); 700 1.1.1.5.4.2 snj archive_write_data(pkg, block, block_len); 701 1.1.1.5.4.2 snj } 702 1.1.1.5.4.2 snj archive_write_finish_entry(pkg); 703 1.1.1.5.4.2 snj archive_entry_free(entry); 704 1.1.1.5.4.2 snj 705 1.1.1.5.4.2 snj archive_write_finish(pkg); 706 1.1.1.5.4.2 snj 707 1.1.1.5.4.2 snj close(fd); 708 1.1.1.5.4.2 snj 709 1.1.1.5.4.2 snj exit(0); 710 1.1.1.5.4.2 snj } 711
Indexes created Sun May 03 00:22:47 UTC 2026