pkg_signature.c revision 1.1.1.7.12.1
1 1.1.1.7.12.1 tls /* $NetBSD: pkg_signature.c,v 1.1.1.7.12.1 2014/08/19 23:52:11 tls Exp $ */ 2 1.1 joerg 3 1.1 joerg #if HAVE_CONFIG_H 4 1.1 joerg #include "config.h" 5 1.1 joerg #endif 6 1.1 joerg #include <nbcompat.h> 7 1.1 joerg #if HAVE_SYS_CDEFS_H 8 1.1 joerg #include <sys/cdefs.h> 9 1.1 joerg #endif 10 1.1.1.7.12.1 tls __RCSID("$NetBSD: pkg_signature.c,v 1.1.1.7.12.1 2014/08/19 23:52:11 tls Exp $"); 11 1.1 joerg 12 1.1 joerg /*- 13 1.1 joerg * Copyright (c) 2008 Joerg Sonnenberger <joerg (at) NetBSD.org>. 14 1.1 joerg * All rights reserved. 15 1.1 joerg * 16 1.1 joerg * Redistribution and use in source and binary forms, with or without 17 1.1 joerg * modification, are permitted provided that the following conditions 18 1.1 joerg * are met: 19 1.1 joerg * 20 1.1 joerg * 1. Redistributions of source code must retain the above copyright 21 1.1 joerg * notice, this list of conditions and the following disclaimer. 22 1.1 joerg * 2. Redistributions in binary form must reproduce the above copyright 23 1.1 joerg * notice, this list of conditions and the following disclaimer in 24 1.1 joerg * the documentation and/or other materials provided with the 25 1.1 joerg * distribution. 26 1.1 joerg * 27 1.1 joerg * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28 1.1 joerg * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 29 1.1 joerg * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 30 1.1 joerg * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 31 1.1 joerg * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 32 1.1 joerg * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 1.1 joerg * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 34 1.1 joerg * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 35 1.1 joerg * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 36 1.1 joerg * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 37 1.1 joerg * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 1.1 joerg * SUCH DAMAGE. 39 1.1 joerg */ 40 1.1 joerg 41 1.1 joerg #if HAVE_SYS_WAIT_H 42 1.1 joerg #include <sys/wait.h> 43 1.1 joerg #endif 44 1.1 joerg #include <ctype.h> 45 1.1 joerg #if HAVE_ERR_H 46 1.1 joerg #include <err.h> 47 1.1 joerg #endif 48 1.1 joerg #include <errno.h> 49 1.1 joerg #include <fcntl.h> 50 1.1 joerg #include <stdlib.h> 51 1.1 joerg #ifndef NETBSD 52 1.1 joerg #include <nbcompat/sha2.h> 53 1.1 joerg #else 54 1.1 joerg #include <sha2.h> 55 1.1 joerg #endif 56 1.1 joerg #include <signal.h> 57 1.1 joerg #ifdef NETBSD 58 1.1 joerg #include <unistd.h> 59 1.1 joerg #else 60 1.1 joerg #include <nbcompat/unistd.h> 61 1.1 joerg #endif 62 1.1 joerg 63 1.1 joerg #include <archive.h> 64 1.1 joerg #include <archive_entry.h> 65 1.1 joerg 66 1.1 joerg #include "lib.h" 67 1.1 joerg 68 1.1 joerg #define HASH_FNAME "+PKG_HASH" 69 1.1 joerg #define SIGNATURE_FNAME "+PKG_SIGNATURE" 70 1.1 joerg #define GPG_SIGNATURE_FNAME "+PKG_GPG_SIGNATURE" 71 1.1 joerg 72 1.1 joerg struct signature_archive { 73 1.1 joerg struct archive *archive; 74 1.1 joerg off_t pkg_size; 75 1.1 joerg size_t sign_block_len, sign_block_number, sign_cur_block; 76 1.1 joerg char **sign_blocks; 77 1.1 joerg unsigned char *sign_buf; 78 1.1 joerg }; 79 1.1 joerg 80 1.1 joerg static void 81 1.1 joerg hash_block(unsigned char *buf, size_t buf_len, 82 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]) 83 1.1 joerg { 84 1.1 joerg unsigned char digest[SHA512_DIGEST_LENGTH]; 85 1.1 joerg SHA512_CTX hash_ctx; 86 1.1 joerg int i; 87 1.1 joerg 88 1.1 joerg SHA512_Init(&hash_ctx); 89 1.1 joerg SHA512_Update(&hash_ctx, buf, buf_len); 90 1.1 joerg SHA512_Final(digest, &hash_ctx); 91 1.1 joerg for (i = 0; i < SHA512_DIGEST_LENGTH; ++i) { 92 1.1 joerg unsigned char c; 93 1.1 joerg 94 1.1 joerg c = digest[i] / 16; 95 1.1 joerg if (c < 10) 96 1.1 joerg hash[2 * i] = '0' + c; 97 1.1 joerg else 98 1.1 joerg hash[2 * i] = 'a' - 10 + c; 99 1.1 joerg 100 1.1 joerg c = digest[i] % 16; 101 1.1 joerg if (c < 10) 102 1.1 joerg hash[2 * i + 1] = '0' + c; 103 1.1 joerg else 104 1.1 joerg hash[2 * i + 1] = 'a' - 10 + c; 105 1.1 joerg } 106 1.1 joerg hash[2 * i] = '\0'; 107 1.1 joerg } 108 1.1 joerg 109 1.1 joerg static ssize_t 110 1.1 joerg verify_signature_read_cb(struct archive *archive, void *cookie, const void **buf) 111 1.1 joerg { 112 1.1 joerg struct signature_archive *state = cookie; 113 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]; 114 1.1 joerg ssize_t len, expected; 115 1.1 joerg 116 1.1 joerg if (state->sign_cur_block >= state->sign_block_number) 117 1.1 joerg return 0; 118 1.1 joerg 119 1.1 joerg /* The following works for sign_block_len > 1 */ 120 1.1 joerg if (state->sign_cur_block + 1 == state->sign_block_number) 121 1.1 joerg expected = state->pkg_size % state->sign_block_len; 122 1.1 joerg else 123 1.1 joerg expected = state->sign_block_len; 124 1.1 joerg 125 1.1 joerg len = archive_read_data(state->archive, state->sign_buf, expected); 126 1.1 joerg if (len != expected) { 127 1.1 joerg warnx("Short read from package"); 128 1.1 joerg return -1; 129 1.1 joerg } 130 1.1 joerg 131 1.1 joerg hash_block(state->sign_buf, len, hash); 132 1.1 joerg 133 1.1 joerg if (strcmp(hash, state->sign_blocks[state->sign_cur_block]) != 0) { 134 1.1 joerg warnx("Invalid signature of block %llu", 135 1.1 joerg (unsigned long long)state->sign_cur_block); 136 1.1 joerg return -1; 137 1.1 joerg } 138 1.1 joerg ++state->sign_cur_block; 139 1.1 joerg *buf = state->sign_buf; 140 1.1 joerg return len; 141 1.1 joerg } 142 1.1 joerg 143 1.1 joerg static void 144 1.1 joerg free_signature_int(struct signature_archive *state) 145 1.1 joerg { 146 1.1 joerg size_t i; 147 1.1 joerg 148 1.1 joerg if (state->sign_blocks != NULL) { 149 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 150 1.1 joerg free(state->sign_blocks[i]); 151 1.1 joerg } 152 1.1 joerg free(state->sign_blocks); 153 1.1 joerg free(state->sign_buf); 154 1.1 joerg free(state); 155 1.1 joerg } 156 1.1 joerg 157 1.1.1.4 joerg static int 158 1.1.1.4 joerg verify_signature_close_cb(struct archive *archive, void *cookie) 159 1.1 joerg { 160 1.1 joerg struct signature_archive *state = cookie; 161 1.1 joerg 162 1.1 joerg archive_read_finish(state->archive); 163 1.1 joerg free_signature_int(state); 164 1.1.1.4 joerg return 0; 165 1.1 joerg } 166 1.1 joerg 167 1.1 joerg static int 168 1.1.1.7 joerg read_file_from_archive(const char *archive_name, struct archive *archive, 169 1.1.1.7 joerg struct archive_entry **entry, 170 1.1 joerg const char *fname, char **content, size_t *len) 171 1.1 joerg { 172 1.1 joerg int r; 173 1.1 joerg 174 1.1 joerg *content = NULL; 175 1.1 joerg *len = 0; 176 1.1 joerg 177 1.1 joerg retry: 178 1.1 joerg if (*entry == NULL && 179 1.1 joerg (r = archive_read_next_header(archive, entry)) != ARCHIVE_OK) { 180 1.1.1.2 joerg if (r == ARCHIVE_FATAL) { 181 1.1.1.7 joerg warnx("Cannot read from archive `%s': %s", 182 1.1.1.7 joerg archive_name, archive_error_string(archive)); 183 1.1.1.5 joerg } else { 184 1.1.1.7 joerg warnx("Premature end of archive `%s'", archive_name); 185 1.1.1.2 joerg } 186 1.1.1.5 joerg *entry = NULL; 187 1.1.1.5 joerg return -1; 188 1.1 joerg } 189 1.1 joerg if (strcmp(archive_entry_pathname(*entry), "//") == 0) { 190 1.1 joerg archive_read_data_skip(archive); 191 1.1 joerg *entry = NULL; 192 1.1 joerg goto retry; 193 1.1 joerg } 194 1.1 joerg 195 1.1 joerg if (strcmp(fname, archive_entry_pathname(*entry)) != 0) 196 1.1.1.2 joerg return 1; 197 1.1 joerg 198 1.1 joerg if (archive_entry_size(*entry) > SSIZE_MAX - 1) { 199 1.1.1.7 joerg warnx("Signature of archive `%s' too large to process", 200 1.1.1.7 joerg archive_name); 201 1.1 joerg return 1; 202 1.1 joerg } 203 1.1 joerg *len = archive_entry_size(*entry); 204 1.1 joerg *content = xmalloc(*len + 1); 205 1.1 joerg 206 1.1.1.6 joerg if (archive_read_data(archive, *content, *len) != (ssize_t)*len) { 207 1.1.1.7 joerg warnx("Cannot read complete %s from archive `%s'", fname, 208 1.1.1.7 joerg archive_name); 209 1.1 joerg free(*content); 210 1.1 joerg *len = 0; 211 1.1 joerg *content = NULL; 212 1.1 joerg return 1; 213 1.1 joerg } 214 1.1 joerg (*content)[*len] = '\0'; 215 1.1 joerg *entry = NULL; 216 1.1 joerg 217 1.1 joerg return 0; 218 1.1 joerg } 219 1.1 joerg 220 1.1 joerg static int 221 1.1 joerg parse_hash_file(const char *hash_file, char **pkgname, 222 1.1 joerg struct signature_archive *state) 223 1.1 joerg { 224 1.1 joerg static const char block1[] = "pkgsrc signature\n\nversion: 1\npkgname: "; 225 1.1 joerg static const char block2[] = "algorithm: SHA512\nblock size: "; 226 1.1 joerg static const char block3[] = "file size: "; 227 1.1 joerg static const char block4[] = "end pkgsrc signature\n"; 228 1.1 joerg char *next; 229 1.1 joerg size_t i, len; 230 1.1 joerg 231 1.1 joerg *pkgname = NULL; 232 1.1 joerg 233 1.1 joerg if (strncmp(hash_file, block1, strlen(block1)) != 0) 234 1.1 joerg goto cleanup; 235 1.1 joerg hash_file += strlen(block1); 236 1.1 joerg 237 1.1 joerg len = strcspn(hash_file, "\n"); 238 1.1 joerg *pkgname = xmalloc(len + 1); 239 1.1 joerg memcpy(*pkgname, hash_file, len); 240 1.1 joerg (*pkgname)[len] = '\0'; 241 1.1 joerg for (i = 0; i < len; ++i) { 242 1.1 joerg if (!isgraph((unsigned char)(*pkgname)[i])) 243 1.1 joerg goto cleanup; 244 1.1 joerg } 245 1.1 joerg hash_file += len + 1; 246 1.1 joerg 247 1.1 joerg if (strncmp(hash_file, block2, strlen(block2)) != 0) 248 1.1 joerg goto cleanup; 249 1.1 joerg hash_file += strlen(block2); 250 1.1 joerg 251 1.1 joerg errno = 0; 252 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 253 1.1 joerg goto cleanup; 254 1.1 joerg state->sign_block_len = strtoul(hash_file, &next, 10); 255 1.1 joerg hash_file = next; 256 1.1 joerg 257 1.1 joerg /* Assert sane minimum block size of 1KB */ 258 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->sign_block_len < 1024) 259 1.1 joerg goto cleanup; 260 1.1 joerg 261 1.1 joerg if (strncmp(hash_file, block3, strlen(block3)) != 0) 262 1.1 joerg goto cleanup; 263 1.1 joerg hash_file += strlen(block3); 264 1.1 joerg 265 1.1 joerg errno = 0; 266 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 267 1.1 joerg goto cleanup; 268 1.1.1.6 joerg if (/* CONSTCOND */sizeof(off_t) >= sizeof(long long)) 269 1.1 joerg state->pkg_size = strtoll(hash_file, &next, 10); 270 1.1 joerg else 271 1.1 joerg state->pkg_size = strtol(hash_file, &next, 10); 272 1.1 joerg hash_file = next; 273 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->pkg_size < 1) 274 1.1 joerg goto cleanup; 275 1.1 joerg 276 1.1 joerg if (*hash_file++ != '\n') 277 1.1 joerg goto cleanup; 278 1.1 joerg 279 1.1 joerg if (state->pkg_size / state->sign_block_len > SSIZE_MAX) 280 1.1 joerg goto cleanup; 281 1.1 joerg state->sign_block_number = (state->pkg_size + 282 1.1 joerg state->sign_block_len - 1) / state->sign_block_len; 283 1.1 joerg 284 1.1 joerg state->sign_buf = xmalloc(state->sign_block_len); 285 1.1 joerg state->sign_blocks = xcalloc(state->sign_block_number, sizeof(char *)); 286 1.1 joerg 287 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) { 288 1.1 joerg len = strspn(hash_file, "01234567889abcdef"); 289 1.1 joerg if (len != SHA512_DIGEST_LENGTH * 2 || hash_file[len] != '\n') 290 1.1 joerg goto cleanup_hashes; 291 1.1 joerg state->sign_blocks[i] = xmalloc(len + 1); 292 1.1 joerg memcpy(state->sign_blocks[i], hash_file, len); 293 1.1 joerg state->sign_blocks[i][len] = '\0'; 294 1.1 joerg hash_file += len + 1; 295 1.1 joerg } 296 1.1 joerg 297 1.1 joerg if (strcmp(hash_file, block4) != 0) 298 1.1 joerg goto cleanup_hashes; 299 1.1 joerg 300 1.1 joerg return 0; 301 1.1 joerg 302 1.1 joerg cleanup_hashes: 303 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 304 1.1 joerg free(state->sign_blocks[i]); 305 1.1 joerg free(state->sign_blocks); 306 1.1 joerg state->sign_blocks = NULL; 307 1.1 joerg 308 1.1 joerg cleanup: 309 1.1 joerg warnx("Unknown format of hash file"); 310 1.1 joerg free(*pkgname); 311 1.1 joerg *pkgname = NULL; 312 1.1 joerg return -1; 313 1.1 joerg } 314 1.1 joerg 315 1.1 joerg int 316 1.1.1.7 joerg pkg_verify_signature(const char *archive_name, struct archive **archive, 317 1.1.1.7 joerg struct archive_entry **entry, char **pkgname) 318 1.1 joerg { 319 1.1 joerg struct signature_archive *state; 320 1.1 joerg struct archive_entry *my_entry; 321 1.1 joerg struct archive *a; 322 1.1 joerg char *hash_file, *signature_file; 323 1.1 joerg size_t hash_len, signature_len; 324 1.1 joerg int r, has_sig; 325 1.1 joerg 326 1.1 joerg *pkgname = NULL; 327 1.1 joerg 328 1.1.1.7.12.1 tls state = xcalloc(sizeof(*state), 1); 329 1.1 joerg 330 1.1.1.7 joerg r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME, 331 1.1 joerg &hash_file, &hash_len); 332 1.1 joerg if (r == -1) { 333 1.1.1.2 joerg archive_read_finish(*archive); 334 1.1.1.2 joerg *archive = NULL; 335 1.1 joerg free(state); 336 1.1 joerg goto no_valid_signature; 337 1.1 joerg } else if (r == 1) { 338 1.1 joerg free(state); 339 1.1 joerg goto no_valid_signature; 340 1.1 joerg } 341 1.1 joerg 342 1.1 joerg if (parse_hash_file(hash_file, pkgname, state)) 343 1.1 joerg goto no_valid_signature; 344 1.1 joerg 345 1.1.1.7 joerg r = read_file_from_archive(archive_name, *archive, entry, SIGNATURE_FNAME, 346 1.1 joerg &signature_file, &signature_len); 347 1.1.1.2 joerg if (r == -1) { 348 1.1.1.2 joerg archive_read_finish(*archive); 349 1.1.1.2 joerg *archive = NULL; 350 1.1.1.2 joerg free(state); 351 1.1.1.2 joerg free(hash_file); 352 1.1.1.2 joerg goto no_valid_signature; 353 1.1.1.2 joerg } else if (r != 0) { 354 1.1 joerg if (*entry != NULL) 355 1.1.1.7 joerg r = read_file_from_archive(archive_name, *archive, 356 1.1.1.7 joerg entry, GPG_SIGNATURE_FNAME, 357 1.1 joerg &signature_file, &signature_len); 358 1.1.1.2 joerg if (r == -1) { 359 1.1.1.2 joerg archive_read_finish(*archive); 360 1.1.1.2 joerg *archive = NULL; 361 1.1.1.2 joerg free(state); 362 1.1.1.2 joerg free(hash_file); 363 1.1.1.2 joerg goto no_valid_signature; 364 1.1.1.2 joerg } else if (r != 0) { 365 1.1 joerg free(hash_file); 366 1.1 joerg free(state); 367 1.1 joerg goto no_valid_signature; 368 1.1 joerg } 369 1.1 joerg has_sig = !detached_gpg_verify(hash_file, hash_len, 370 1.1 joerg signature_file, signature_len, gpg_keyring_verify); 371 1.1 joerg 372 1.1 joerg free(signature_file); 373 1.1 joerg } else { 374 1.1.1.2 joerg #ifdef HAVE_SSL 375 1.1 joerg has_sig = !easy_pkcs7_verify(hash_file, hash_len, signature_file, 376 1.1 joerg signature_len, certs_packages, 1); 377 1.1 joerg 378 1.1 joerg free(signature_file); 379 1.1.1.2 joerg #else 380 1.1.1.2 joerg warnx("No OpenSSL support compiled in, skipping signature"); 381 1.1.1.2 joerg has_sig = 0; 382 1.1.1.2 joerg free(signature_file); 383 1.1.1.2 joerg #endif 384 1.1 joerg } 385 1.1 joerg 386 1.1 joerg r = archive_read_next_header(*archive, &my_entry); 387 1.1 joerg if (r != ARCHIVE_OK) { 388 1.1 joerg warnx("Cannot read inner package: %s", 389 1.1 joerg archive_error_string(*archive)); 390 1.1 joerg free_signature_int(state); 391 1.1 joerg goto no_valid_signature; 392 1.1 joerg } 393 1.1 joerg 394 1.1 joerg if (archive_entry_size(my_entry) != state->pkg_size) { 395 1.1 joerg warnx("Package size doesn't match signature"); 396 1.1 joerg free_signature_int(state); 397 1.1 joerg goto no_valid_signature; 398 1.1 joerg } 399 1.1 joerg 400 1.1 joerg state->archive = *archive; 401 1.1 joerg 402 1.1 joerg a = archive_read_new(); 403 1.1 joerg archive_read_support_compression_all(a); 404 1.1 joerg archive_read_support_format_all(a); 405 1.1.1.4 joerg if (archive_read_open(a, state, NULL, verify_signature_read_cb, 406 1.1.1.4 joerg verify_signature_close_cb)) { 407 1.1 joerg warnx("Can't open signed package file"); 408 1.1 joerg archive_read_finish(a); 409 1.1 joerg goto no_valid_signature; 410 1.1 joerg } 411 1.1 joerg *archive = a; 412 1.1 joerg *entry = NULL; 413 1.1 joerg 414 1.1 joerg return has_sig ? 0 : -1; 415 1.1 joerg 416 1.1 joerg no_valid_signature: 417 1.1 joerg return -1; 418 1.1 joerg } 419 1.1 joerg 420 1.1 joerg int 421 1.1.1.7 joerg pkg_full_signature_check(const char *archive_name, struct archive **archive) 422 1.1 joerg { 423 1.1 joerg struct archive_entry *entry = NULL; 424 1.1 joerg char *pkgname; 425 1.1 joerg int r; 426 1.1 joerg 427 1.1.1.7 joerg if (pkg_verify_signature(archive_name, archive, &entry, &pkgname)) 428 1.1 joerg return -1; 429 1.1 joerg if (pkgname == NULL) 430 1.1 joerg return 0; 431 1.1 joerg 432 1.1 joerg /* XXX read PLIST and compare pkgname */ 433 1.1.1.2 joerg while ((r = archive_read_next_header(*archive, &entry)) == ARCHIVE_OK) 434 1.1.1.2 joerg archive_read_data_skip(*archive); 435 1.1 joerg 436 1.1 joerg free(pkgname); 437 1.1 joerg return r == ARCHIVE_EOF ? 0 : -1; 438 1.1 joerg } 439 1.1 joerg 440 1.1 joerg static char * 441 1.1 joerg extract_pkgname(int fd) 442 1.1 joerg { 443 1.1 joerg package_t plist; 444 1.1 joerg plist_t *p; 445 1.1 joerg struct archive *a; 446 1.1 joerg struct archive_entry *entry; 447 1.1 joerg char *buf; 448 1.1 joerg ssize_t len; 449 1.1 joerg int r; 450 1.1 joerg 451 1.1 joerg a = archive_read_new(); 452 1.1 joerg archive_read_support_compression_all(a); 453 1.1 joerg archive_read_support_format_all(a); 454 1.1 joerg if (archive_read_open_fd(a, fd, 1024)) { 455 1.1 joerg warnx("Cannot open binary package: %s", 456 1.1 joerg archive_error_string(a)); 457 1.1 joerg archive_read_finish(a); 458 1.1 joerg return NULL; 459 1.1 joerg } 460 1.1 joerg 461 1.1 joerg r = archive_read_next_header(a, &entry); 462 1.1 joerg if (r != ARCHIVE_OK) { 463 1.1 joerg warnx("Cannot extract package name: %s", 464 1.1 joerg r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); 465 1.1 joerg archive_read_finish(a); 466 1.1 joerg return NULL; 467 1.1 joerg } 468 1.1 joerg if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { 469 1.1 joerg warnx("Invalid binary package, doesn't start with +CONTENTS"); 470 1.1 joerg archive_read_finish(a); 471 1.1 joerg return NULL; 472 1.1 joerg } 473 1.1 joerg if (archive_entry_size(entry) > SSIZE_MAX - 1) { 474 1.1 joerg warnx("+CONTENTS too large to process"); 475 1.1 joerg archive_read_finish(a); 476 1.1 joerg return NULL; 477 1.1 joerg } 478 1.1 joerg 479 1.1 joerg len = archive_entry_size(entry); 480 1.1 joerg buf = xmalloc(len + 1); 481 1.1 joerg 482 1.1 joerg if (archive_read_data(a, buf, len) != len) { 483 1.1 joerg warnx("Short read when extracing +CONTENTS"); 484 1.1 joerg free(buf); 485 1.1 joerg archive_read_finish(a); 486 1.1 joerg return NULL; 487 1.1 joerg } 488 1.1 joerg buf[len] = '\0'; 489 1.1 joerg 490 1.1 joerg archive_read_finish(a); 491 1.1 joerg 492 1.1 joerg parse_plist(&plist, buf); 493 1.1 joerg free(buf); 494 1.1 joerg p = find_plist(&plist, PLIST_NAME); 495 1.1 joerg if (p != NULL) { 496 1.1 joerg buf = xstrdup(p->name); 497 1.1 joerg } else { 498 1.1 joerg warnx("Invalid PLIST: missing @name"); 499 1.1 joerg buf = NULL; 500 1.1 joerg } 501 1.1 joerg free_plist(&plist); 502 1.1 joerg 503 1.1 joerg if (lseek(fd, 0, SEEK_SET) != 0) { 504 1.1 joerg warn("Cannot seek in archive"); 505 1.1 joerg free(buf); 506 1.1 joerg return NULL; 507 1.1 joerg } 508 1.1 joerg 509 1.1 joerg return buf; 510 1.1 joerg } 511 1.1 joerg 512 1.1 joerg static const char hash_template[] = 513 1.1 joerg "pkgsrc signature\n" 514 1.1 joerg "\n" 515 1.1 joerg "version: 1\n" 516 1.1 joerg "pkgname: %s\n" 517 1.1 joerg "algorithm: SHA512\n" 518 1.1 joerg "block size: 65536\n" 519 1.1 joerg "file size: %lld\n" 520 1.1 joerg "\n"; 521 1.1 joerg 522 1.1 joerg static const char hash_trailer[] = "end pkgsrc signature\n"; 523 1.1 joerg 524 1.1.1.2 joerg #ifdef HAVE_SSL 525 1.1 joerg void 526 1.1 joerg pkg_sign_x509(const char *name, const char *output, const char *key_file, const char *cert_file) 527 1.1 joerg { 528 1.1 joerg struct archive *pkg; 529 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 530 1.1 joerg int fd; 531 1.1 joerg struct stat sb; 532 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 533 1.1 joerg unsigned char block[65536]; 534 1.1 joerg off_t i, size; 535 1.1 joerg size_t block_len, signature_len; 536 1.1 joerg 537 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 538 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 539 1.1 joerg if (fstat(fd, &sb) == -1) 540 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 541 1.1 joerg 542 1.1 joerg entry = archive_entry_new(); 543 1.1 joerg archive_entry_copy_stat(entry, &sb); 544 1.1 joerg 545 1.1 joerg pkgname = extract_pkgname(fd); 546 1.1 joerg hash_file = xasprintf(hash_template, pkgname, 547 1.1 joerg (long long)archive_entry_size(entry)); 548 1.1 joerg free(pkgname); 549 1.1 joerg 550 1.1 joerg for (i = 0; i < archive_entry_size(entry); i += block_len) { 551 1.1.1.6 joerg if (i + (off_t)sizeof(block) < archive_entry_size(entry)) 552 1.1 joerg block_len = sizeof(block); 553 1.1 joerg else 554 1.1 joerg block_len = archive_entry_size(entry) % sizeof(block); 555 1.1.1.6 joerg if (read(fd, block, block_len) != (ssize_t)block_len) 556 1.1 joerg err(2, "short read"); 557 1.1 joerg hash_block(block, block_len, hash); 558 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 559 1.1 joerg free(hash_file); 560 1.1 joerg hash_file = tmp; 561 1.1 joerg } 562 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 563 1.1 joerg free(hash_file); 564 1.1 joerg hash_file = tmp; 565 1.1 joerg 566 1.1 joerg if (easy_pkcs7_sign(hash_file, strlen(hash_file), &signature_file, 567 1.1 joerg &signature_len, key_file, cert_file)) 568 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 569 1.1 joerg 570 1.1 joerg lseek(fd, 0, SEEK_SET); 571 1.1 joerg 572 1.1 joerg sign_entry = archive_entry_clone(entry); 573 1.1 joerg hash_entry = archive_entry_clone(entry); 574 1.1 joerg pkgname = strrchr(name, '/'); 575 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 576 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 577 1.1 joerg archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); 578 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 579 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 580 1.1 joerg 581 1.1 joerg pkg = archive_write_new(); 582 1.1 joerg archive_write_set_compression_none(pkg); 583 1.1 joerg archive_write_set_format_ar_bsd(pkg); 584 1.1 joerg archive_write_open_filename(pkg, output); 585 1.1 joerg 586 1.1 joerg archive_write_header(pkg, hash_entry); 587 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 588 1.1 joerg archive_write_finish_entry(pkg); 589 1.1 joerg archive_entry_free(hash_entry); 590 1.1 joerg 591 1.1 joerg archive_write_header(pkg, sign_entry); 592 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 593 1.1 joerg archive_write_finish_entry(pkg); 594 1.1 joerg archive_entry_free(sign_entry); 595 1.1 joerg 596 1.1 joerg size = archive_entry_size(entry); 597 1.1 joerg archive_write_header(pkg, entry); 598 1.1 joerg 599 1.1 joerg for (i = 0; i < size; i += block_len) { 600 1.1.1.6 joerg if (i + (off_t)sizeof(block) < size) 601 1.1 joerg block_len = sizeof(block); 602 1.1 joerg else 603 1.1 joerg block_len = size % sizeof(block); 604 1.1.1.6 joerg if (read(fd, block, block_len) != (ssize_t)block_len) 605 1.1 joerg err(2, "short read"); 606 1.1 joerg archive_write_data(pkg, block, block_len); 607 1.1 joerg } 608 1.1 joerg archive_write_finish_entry(pkg); 609 1.1 joerg archive_entry_free(entry); 610 1.1 joerg 611 1.1 joerg archive_write_finish(pkg); 612 1.1 joerg 613 1.1.1.3 joerg close(fd); 614 1.1.1.3 joerg 615 1.1 joerg exit(0); 616 1.1 joerg } 617 1.1.1.2 joerg #endif 618 1.1 joerg 619 1.1 joerg void 620 1.1 joerg pkg_sign_gpg(const char *name, const char *output) 621 1.1 joerg { 622 1.1 joerg struct archive *pkg; 623 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 624 1.1 joerg int fd; 625 1.1 joerg struct stat sb; 626 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 627 1.1 joerg unsigned char block[65536]; 628 1.1 joerg off_t i, size; 629 1.1 joerg size_t block_len, signature_len; 630 1.1 joerg 631 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 632 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 633 1.1 joerg if (fstat(fd, &sb) == -1) 634 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 635 1.1 joerg 636 1.1 joerg entry = archive_entry_new(); 637 1.1 joerg archive_entry_copy_stat(entry, &sb); 638 1.1 joerg 639 1.1 joerg pkgname = extract_pkgname(fd); 640 1.1 joerg hash_file = xasprintf(hash_template, pkgname, 641 1.1 joerg (long long)archive_entry_size(entry)); 642 1.1 joerg free(pkgname); 643 1.1 joerg 644 1.1 joerg for (i = 0; i < archive_entry_size(entry); i += block_len) { 645 1.1.1.6 joerg if (i + (off_t)sizeof(block) < archive_entry_size(entry)) 646 1.1 joerg block_len = sizeof(block); 647 1.1 joerg else 648 1.1 joerg block_len = archive_entry_size(entry) % sizeof(block); 649 1.1.1.6 joerg if (read(fd, block, block_len) != (ssize_t)block_len) 650 1.1 joerg err(2, "short read"); 651 1.1 joerg hash_block(block, block_len, hash); 652 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 653 1.1 joerg free(hash_file); 654 1.1 joerg hash_file = tmp; 655 1.1 joerg } 656 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 657 1.1 joerg free(hash_file); 658 1.1 joerg hash_file = tmp; 659 1.1 joerg 660 1.1 joerg if (detached_gpg_sign(hash_file, strlen(hash_file), &signature_file, 661 1.1 joerg &signature_len, gpg_keyring_sign, gpg_sign_as)) 662 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 663 1.1 joerg 664 1.1 joerg lseek(fd, 0, SEEK_SET); 665 1.1 joerg 666 1.1 joerg sign_entry = archive_entry_clone(entry); 667 1.1 joerg hash_entry = archive_entry_clone(entry); 668 1.1 joerg pkgname = strrchr(name, '/'); 669 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 670 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 671 1.1 joerg archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); 672 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 673 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 674 1.1 joerg 675 1.1 joerg pkg = archive_write_new(); 676 1.1 joerg archive_write_set_compression_none(pkg); 677 1.1 joerg archive_write_set_format_ar_bsd(pkg); 678 1.1 joerg archive_write_open_filename(pkg, output); 679 1.1 joerg 680 1.1 joerg archive_write_header(pkg, hash_entry); 681 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 682 1.1 joerg archive_write_finish_entry(pkg); 683 1.1 joerg archive_entry_free(hash_entry); 684 1.1 joerg 685 1.1 joerg archive_write_header(pkg, sign_entry); 686 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 687 1.1 joerg archive_write_finish_entry(pkg); 688 1.1 joerg archive_entry_free(sign_entry); 689 1.1 joerg 690 1.1 joerg size = archive_entry_size(entry); 691 1.1 joerg archive_write_header(pkg, entry); 692 1.1 joerg 693 1.1 joerg for (i = 0; i < size; i += block_len) { 694 1.1.1.6 joerg if (i + (off_t)sizeof(block) < size) 695 1.1 joerg block_len = sizeof(block); 696 1.1 joerg else 697 1.1 joerg block_len = size % sizeof(block); 698 1.1.1.6 joerg if (read(fd, block, block_len) != (ssize_t)block_len) 699 1.1 joerg err(2, "short read"); 700 1.1 joerg archive_write_data(pkg, block, block_len); 701 1.1 joerg } 702 1.1 joerg archive_write_finish_entry(pkg); 703 1.1 joerg archive_entry_free(entry); 704 1.1 joerg 705 1.1 joerg archive_write_finish(pkg); 706 1.1 joerg 707 1.1.1.3 joerg close(fd); 708 1.1.1.3 joerg 709 1.1 joerg exit(0); 710 1.1 joerg } 711
Indexes created Mon Apr 20 00:23:12 UTC 2026