pkg_signature.c revision 1.4.8.1
1 1.4.8.1 perseant /* $NetBSD: pkg_signature.c,v 1.4.8.1 2025/08/02 05:23:13 perseant Exp $ */ 2 1.1 joerg 3 1.1 joerg #if HAVE_CONFIG_H 4 1.1 joerg #include "config.h" 5 1.1 joerg #endif 6 1.1 joerg #include <nbcompat.h> 7 1.1 joerg #if HAVE_SYS_CDEFS_H 8 1.1 joerg #include <sys/cdefs.h> 9 1.1 joerg #endif 10 1.4.8.1 perseant __RCSID("$NetBSD: pkg_signature.c,v 1.4.8.1 2025/08/02 05:23:13 perseant Exp $"); 11 1.1 joerg 12 1.1 joerg /*- 13 1.1 joerg * Copyright (c) 2008 Joerg Sonnenberger <joerg (at) NetBSD.org>. 14 1.1 joerg * All rights reserved. 15 1.1 joerg * 16 1.1 joerg * Redistribution and use in source and binary forms, with or without 17 1.1 joerg * modification, are permitted provided that the following conditions 18 1.1 joerg * are met: 19 1.1 joerg * 20 1.1 joerg * 1. Redistributions of source code must retain the above copyright 21 1.1 joerg * notice, this list of conditions and the following disclaimer. 22 1.1 joerg * 2. Redistributions in binary form must reproduce the above copyright 23 1.1 joerg * notice, this list of conditions and the following disclaimer in 24 1.1 joerg * the documentation and/or other materials provided with the 25 1.1 joerg * distribution. 26 1.1 joerg * 27 1.1 joerg * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28 1.1 joerg * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 29 1.1 joerg * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 30 1.1 joerg * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 31 1.1 joerg * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 32 1.1 joerg * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 33 1.1 joerg * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 34 1.1 joerg * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 35 1.1 joerg * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 36 1.1 joerg * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 37 1.1 joerg * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 38 1.1 joerg * SUCH DAMAGE. 39 1.1 joerg */ 40 1.1 joerg 41 1.1 joerg #if HAVE_SYS_WAIT_H 42 1.1 joerg #include <sys/wait.h> 43 1.1 joerg #endif 44 1.1 joerg #include <ctype.h> 45 1.1 joerg #if HAVE_ERR_H 46 1.1 joerg #include <err.h> 47 1.1 joerg #endif 48 1.1 joerg #include <errno.h> 49 1.1 joerg #include <fcntl.h> 50 1.3 joerg #include <limits.h> 51 1.1 joerg #include <stdlib.h> 52 1.1 joerg #ifndef NETBSD 53 1.1 joerg #include <nbcompat/sha2.h> 54 1.1 joerg #else 55 1.1 joerg #include <sha2.h> 56 1.1 joerg #endif 57 1.1 joerg #include <signal.h> 58 1.1 joerg #ifdef NETBSD 59 1.1 joerg #include <unistd.h> 60 1.1 joerg #else 61 1.1 joerg #include <nbcompat/unistd.h> 62 1.1 joerg #endif 63 1.1 joerg 64 1.1 joerg #include <archive.h> 65 1.1 joerg #include <archive_entry.h> 66 1.1 joerg 67 1.1 joerg #include "lib.h" 68 1.1 joerg 69 1.1 joerg #define HASH_FNAME "+PKG_HASH" 70 1.1 joerg #define SIGNATURE_FNAME "+PKG_SIGNATURE" 71 1.1 joerg #define GPG_SIGNATURE_FNAME "+PKG_GPG_SIGNATURE" 72 1.1 joerg 73 1.1 joerg struct signature_archive { 74 1.1 joerg struct archive *archive; 75 1.1 joerg off_t pkg_size; 76 1.1 joerg size_t sign_block_len, sign_block_number, sign_cur_block; 77 1.1 joerg char **sign_blocks; 78 1.1 joerg unsigned char *sign_buf; 79 1.1 joerg }; 80 1.1 joerg 81 1.1 joerg static void 82 1.1 joerg hash_block(unsigned char *buf, size_t buf_len, 83 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]) 84 1.1 joerg { 85 1.1 joerg unsigned char digest[SHA512_DIGEST_LENGTH]; 86 1.1 joerg SHA512_CTX hash_ctx; 87 1.1 joerg int i; 88 1.1 joerg 89 1.1 joerg SHA512_Init(&hash_ctx); 90 1.1 joerg SHA512_Update(&hash_ctx, buf, buf_len); 91 1.1 joerg SHA512_Final(digest, &hash_ctx); 92 1.1 joerg for (i = 0; i < SHA512_DIGEST_LENGTH; ++i) { 93 1.1 joerg unsigned char c; 94 1.1 joerg 95 1.1 joerg c = digest[i] / 16; 96 1.1 joerg if (c < 10) 97 1.1 joerg hash[2 * i] = '0' + c; 98 1.1 joerg else 99 1.1 joerg hash[2 * i] = 'a' - 10 + c; 100 1.1 joerg 101 1.1 joerg c = digest[i] % 16; 102 1.1 joerg if (c < 10) 103 1.1 joerg hash[2 * i + 1] = '0' + c; 104 1.1 joerg else 105 1.1 joerg hash[2 * i + 1] = 'a' - 10 + c; 106 1.1 joerg } 107 1.1 joerg hash[2 * i] = '\0'; 108 1.1 joerg } 109 1.1 joerg 110 1.1 joerg static ssize_t 111 1.1 joerg verify_signature_read_cb(struct archive *archive, void *cookie, const void **buf) 112 1.1 joerg { 113 1.1 joerg struct signature_archive *state = cookie; 114 1.1 joerg char hash[SHA512_DIGEST_STRING_LENGTH]; 115 1.1 joerg ssize_t len, expected; 116 1.1 joerg 117 1.1 joerg if (state->sign_cur_block >= state->sign_block_number) 118 1.1 joerg return 0; 119 1.1 joerg 120 1.1 joerg /* The following works for sign_block_len > 1 */ 121 1.1 joerg if (state->sign_cur_block + 1 == state->sign_block_number) 122 1.1 joerg expected = state->pkg_size % state->sign_block_len; 123 1.1 joerg else 124 1.1 joerg expected = state->sign_block_len; 125 1.1 joerg 126 1.1 joerg len = archive_read_data(state->archive, state->sign_buf, expected); 127 1.1 joerg if (len != expected) { 128 1.1 joerg warnx("Short read from package"); 129 1.1 joerg return -1; 130 1.1 joerg } 131 1.1 joerg 132 1.1 joerg hash_block(state->sign_buf, len, hash); 133 1.1 joerg 134 1.1 joerg if (strcmp(hash, state->sign_blocks[state->sign_cur_block]) != 0) { 135 1.1 joerg warnx("Invalid signature of block %llu", 136 1.1 joerg (unsigned long long)state->sign_cur_block); 137 1.1 joerg return -1; 138 1.1 joerg } 139 1.1 joerg ++state->sign_cur_block; 140 1.1 joerg *buf = state->sign_buf; 141 1.1 joerg return len; 142 1.1 joerg } 143 1.1 joerg 144 1.1 joerg static void 145 1.1 joerg free_signature_int(struct signature_archive *state) 146 1.1 joerg { 147 1.1 joerg size_t i; 148 1.1 joerg 149 1.1 joerg if (state->sign_blocks != NULL) { 150 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 151 1.1 joerg free(state->sign_blocks[i]); 152 1.1 joerg } 153 1.1 joerg free(state->sign_blocks); 154 1.1 joerg free(state->sign_buf); 155 1.1 joerg free(state); 156 1.1 joerg } 157 1.1 joerg 158 1.2 khorben static int 159 1.2 khorben verify_signature_close_cb(struct archive *archive, void *cookie) 160 1.1 joerg { 161 1.1 joerg struct signature_archive *state = cookie; 162 1.1 joerg 163 1.3 joerg archive_read_free(state->archive); 164 1.1 joerg free_signature_int(state); 165 1.2 khorben return 0; 166 1.1 joerg } 167 1.1 joerg 168 1.1 joerg static int 169 1.2 khorben read_file_from_archive(const char *archive_name, struct archive *archive, 170 1.2 khorben struct archive_entry **entry, 171 1.1 joerg const char *fname, char **content, size_t *len) 172 1.1 joerg { 173 1.1 joerg int r; 174 1.1 joerg 175 1.1 joerg *content = NULL; 176 1.1 joerg *len = 0; 177 1.1 joerg 178 1.1 joerg retry: 179 1.1 joerg if (*entry == NULL && 180 1.1 joerg (r = archive_read_next_header(archive, entry)) != ARCHIVE_OK) { 181 1.2 khorben if (r == ARCHIVE_FATAL) { 182 1.2 khorben warnx("Cannot read from archive `%s': %s", 183 1.2 khorben archive_name, archive_error_string(archive)); 184 1.2 khorben } else { 185 1.2 khorben warnx("Premature end of archive `%s'", archive_name); 186 1.2 khorben } 187 1.2 khorben *entry = NULL; 188 1.1 joerg return -1; 189 1.1 joerg } 190 1.1 joerg if (strcmp(archive_entry_pathname(*entry), "//") == 0) { 191 1.1 joerg archive_read_data_skip(archive); 192 1.1 joerg *entry = NULL; 193 1.1 joerg goto retry; 194 1.1 joerg } 195 1.1 joerg 196 1.1 joerg if (strcmp(fname, archive_entry_pathname(*entry)) != 0) 197 1.2 khorben return 1; 198 1.1 joerg 199 1.1 joerg if (archive_entry_size(*entry) > SSIZE_MAX - 1) { 200 1.2 khorben warnx("Signature of archive `%s' too large to process", 201 1.2 khorben archive_name); 202 1.1 joerg return 1; 203 1.1 joerg } 204 1.1 joerg *len = archive_entry_size(*entry); 205 1.1 joerg *content = xmalloc(*len + 1); 206 1.1 joerg 207 1.2 khorben if (archive_read_data(archive, *content, *len) != (ssize_t)*len) { 208 1.2 khorben warnx("Cannot read complete %s from archive `%s'", fname, 209 1.2 khorben archive_name); 210 1.1 joerg free(*content); 211 1.1 joerg *len = 0; 212 1.1 joerg *content = NULL; 213 1.1 joerg return 1; 214 1.1 joerg } 215 1.1 joerg (*content)[*len] = '\0'; 216 1.1 joerg *entry = NULL; 217 1.1 joerg 218 1.1 joerg return 0; 219 1.1 joerg } 220 1.1 joerg 221 1.1 joerg static int 222 1.1 joerg parse_hash_file(const char *hash_file, char **pkgname, 223 1.1 joerg struct signature_archive *state) 224 1.1 joerg { 225 1.1 joerg static const char block1[] = "pkgsrc signature\n\nversion: 1\npkgname: "; 226 1.1 joerg static const char block2[] = "algorithm: SHA512\nblock size: "; 227 1.1 joerg static const char block3[] = "file size: "; 228 1.1 joerg static const char block4[] = "end pkgsrc signature\n"; 229 1.1 joerg char *next; 230 1.1 joerg size_t i, len; 231 1.1 joerg 232 1.1 joerg *pkgname = NULL; 233 1.1 joerg 234 1.1 joerg if (strncmp(hash_file, block1, strlen(block1)) != 0) 235 1.1 joerg goto cleanup; 236 1.1 joerg hash_file += strlen(block1); 237 1.1 joerg 238 1.1 joerg len = strcspn(hash_file, "\n"); 239 1.1 joerg *pkgname = xmalloc(len + 1); 240 1.1 joerg memcpy(*pkgname, hash_file, len); 241 1.1 joerg (*pkgname)[len] = '\0'; 242 1.1 joerg for (i = 0; i < len; ++i) { 243 1.1 joerg if (!isgraph((unsigned char)(*pkgname)[i])) 244 1.1 joerg goto cleanup; 245 1.1 joerg } 246 1.1 joerg hash_file += len + 1; 247 1.1 joerg 248 1.1 joerg if (strncmp(hash_file, block2, strlen(block2)) != 0) 249 1.1 joerg goto cleanup; 250 1.1 joerg hash_file += strlen(block2); 251 1.1 joerg 252 1.1 joerg errno = 0; 253 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 254 1.1 joerg goto cleanup; 255 1.1 joerg state->sign_block_len = strtoul(hash_file, &next, 10); 256 1.1 joerg hash_file = next; 257 1.1 joerg 258 1.1 joerg /* Assert sane minimum block size of 1KB */ 259 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->sign_block_len < 1024) 260 1.1 joerg goto cleanup; 261 1.1 joerg 262 1.1 joerg if (strncmp(hash_file, block3, strlen(block3)) != 0) 263 1.1 joerg goto cleanup; 264 1.1 joerg hash_file += strlen(block3); 265 1.1 joerg 266 1.1 joerg errno = 0; 267 1.1 joerg if (!isdigit((unsigned char)*hash_file)) 268 1.1 joerg goto cleanup; 269 1.2 khorben if (/* CONSTCOND */sizeof(off_t) >= sizeof(long long)) 270 1.1 joerg state->pkg_size = strtoll(hash_file, &next, 10); 271 1.1 joerg else 272 1.1 joerg state->pkg_size = strtol(hash_file, &next, 10); 273 1.1 joerg hash_file = next; 274 1.1 joerg if (*hash_file++ != '\n' || errno == ERANGE || state->pkg_size < 1) 275 1.1 joerg goto cleanup; 276 1.1 joerg 277 1.1 joerg if (*hash_file++ != '\n') 278 1.1 joerg goto cleanup; 279 1.1 joerg 280 1.1 joerg if (state->pkg_size / state->sign_block_len > SSIZE_MAX) 281 1.1 joerg goto cleanup; 282 1.1 joerg state->sign_block_number = (state->pkg_size + 283 1.1 joerg state->sign_block_len - 1) / state->sign_block_len; 284 1.1 joerg 285 1.1 joerg state->sign_buf = xmalloc(state->sign_block_len); 286 1.1 joerg state->sign_blocks = xcalloc(state->sign_block_number, sizeof(char *)); 287 1.1 joerg 288 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) { 289 1.1 joerg len = strspn(hash_file, "01234567889abcdef"); 290 1.1 joerg if (len != SHA512_DIGEST_LENGTH * 2 || hash_file[len] != '\n') 291 1.1 joerg goto cleanup_hashes; 292 1.1 joerg state->sign_blocks[i] = xmalloc(len + 1); 293 1.1 joerg memcpy(state->sign_blocks[i], hash_file, len); 294 1.1 joerg state->sign_blocks[i][len] = '\0'; 295 1.1 joerg hash_file += len + 1; 296 1.1 joerg } 297 1.1 joerg 298 1.1 joerg if (strcmp(hash_file, block4) != 0) 299 1.1 joerg goto cleanup_hashes; 300 1.1 joerg 301 1.1 joerg return 0; 302 1.1 joerg 303 1.1 joerg cleanup_hashes: 304 1.1 joerg for (i = 0; i < state->sign_block_number; ++i) 305 1.1 joerg free(state->sign_blocks[i]); 306 1.1 joerg free(state->sign_blocks); 307 1.1 joerg state->sign_blocks = NULL; 308 1.1 joerg 309 1.1 joerg cleanup: 310 1.1 joerg warnx("Unknown format of hash file"); 311 1.1 joerg free(*pkgname); 312 1.1 joerg *pkgname = NULL; 313 1.1 joerg return -1; 314 1.1 joerg } 315 1.1 joerg 316 1.1 joerg int 317 1.2 khorben pkg_verify_signature(const char *archive_name, struct archive **archive, 318 1.2 khorben struct archive_entry **entry, char **pkgname) 319 1.1 joerg { 320 1.1 joerg struct signature_archive *state; 321 1.1 joerg struct archive_entry *my_entry; 322 1.1 joerg struct archive *a; 323 1.1 joerg char *hash_file, *signature_file; 324 1.1 joerg size_t hash_len, signature_len; 325 1.1 joerg int r, has_sig; 326 1.1 joerg 327 1.1 joerg *pkgname = NULL; 328 1.1 joerg 329 1.2 khorben state = xcalloc(sizeof(*state), 1); 330 1.1 joerg 331 1.2 khorben r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME, 332 1.1 joerg &hash_file, &hash_len); 333 1.1 joerg if (r == -1) { 334 1.3 joerg archive_read_free(*archive); 335 1.2 khorben *archive = NULL; 336 1.1 joerg free(state); 337 1.1 joerg goto no_valid_signature; 338 1.1 joerg } else if (r == 1) { 339 1.1 joerg free(state); 340 1.1 joerg goto no_valid_signature; 341 1.1 joerg } 342 1.1 joerg 343 1.1 joerg if (parse_hash_file(hash_file, pkgname, state)) 344 1.1 joerg goto no_valid_signature; 345 1.1 joerg 346 1.2 khorben r = read_file_from_archive(archive_name, *archive, entry, SIGNATURE_FNAME, 347 1.1 joerg &signature_file, &signature_len); 348 1.2 khorben if (r == -1) { 349 1.3 joerg archive_read_free(*archive); 350 1.2 khorben *archive = NULL; 351 1.2 khorben free(state); 352 1.2 khorben free(hash_file); 353 1.2 khorben goto no_valid_signature; 354 1.2 khorben } else if (r != 0) { 355 1.1 joerg if (*entry != NULL) 356 1.2 khorben r = read_file_from_archive(archive_name, *archive, 357 1.2 khorben entry, GPG_SIGNATURE_FNAME, 358 1.1 joerg &signature_file, &signature_len); 359 1.2 khorben if (r == -1) { 360 1.3 joerg archive_read_free(*archive); 361 1.2 khorben *archive = NULL; 362 1.2 khorben free(state); 363 1.2 khorben free(hash_file); 364 1.2 khorben goto no_valid_signature; 365 1.2 khorben } else if (r != 0) { 366 1.1 joerg free(hash_file); 367 1.1 joerg free(state); 368 1.1 joerg goto no_valid_signature; 369 1.1 joerg } 370 1.3 joerg has_sig = !gpg_verify(hash_file, hash_len, gpg_keyring_verify, 371 1.3 joerg signature_file, signature_len); 372 1.1 joerg 373 1.1 joerg free(signature_file); 374 1.1 joerg } else { 375 1.2 khorben #ifdef HAVE_SSL 376 1.1 joerg has_sig = !easy_pkcs7_verify(hash_file, hash_len, signature_file, 377 1.1 joerg signature_len, certs_packages, 1); 378 1.1 joerg 379 1.1 joerg free(signature_file); 380 1.2 khorben #else 381 1.2 khorben warnx("No OpenSSL support compiled in, skipping signature"); 382 1.2 khorben has_sig = 0; 383 1.2 khorben free(signature_file); 384 1.2 khorben #endif 385 1.1 joerg } 386 1.1 joerg 387 1.1 joerg r = archive_read_next_header(*archive, &my_entry); 388 1.1 joerg if (r != ARCHIVE_OK) { 389 1.1 joerg warnx("Cannot read inner package: %s", 390 1.1 joerg archive_error_string(*archive)); 391 1.1 joerg free_signature_int(state); 392 1.1 joerg goto no_valid_signature; 393 1.1 joerg } 394 1.1 joerg 395 1.1 joerg if (archive_entry_size(my_entry) != state->pkg_size) { 396 1.1 joerg warnx("Package size doesn't match signature"); 397 1.1 joerg free_signature_int(state); 398 1.1 joerg goto no_valid_signature; 399 1.1 joerg } 400 1.1 joerg 401 1.1 joerg state->archive = *archive; 402 1.1 joerg 403 1.3 joerg a = prepare_archive(); 404 1.2 khorben if (archive_read_open(a, state, NULL, verify_signature_read_cb, 405 1.2 khorben verify_signature_close_cb)) { 406 1.1 joerg warnx("Can't open signed package file"); 407 1.3 joerg archive_read_free(a); 408 1.1 joerg goto no_valid_signature; 409 1.1 joerg } 410 1.1 joerg *archive = a; 411 1.1 joerg *entry = NULL; 412 1.1 joerg 413 1.1 joerg return has_sig ? 0 : -1; 414 1.1 joerg 415 1.1 joerg no_valid_signature: 416 1.1 joerg return -1; 417 1.1 joerg } 418 1.1 joerg 419 1.1 joerg int 420 1.2 khorben pkg_full_signature_check(const char *archive_name, struct archive **archive) 421 1.1 joerg { 422 1.1 joerg struct archive_entry *entry = NULL; 423 1.1 joerg char *pkgname; 424 1.1 joerg int r; 425 1.1 joerg 426 1.2 khorben if (pkg_verify_signature(archive_name, archive, &entry, &pkgname)) 427 1.1 joerg return -1; 428 1.1 joerg if (pkgname == NULL) 429 1.1 joerg return 0; 430 1.1 joerg 431 1.1 joerg /* XXX read PLIST and compare pkgname */ 432 1.2 khorben while ((r = archive_read_next_header(*archive, &entry)) == ARCHIVE_OK) 433 1.2 khorben archive_read_data_skip(*archive); 434 1.1 joerg 435 1.1 joerg free(pkgname); 436 1.1 joerg return r == ARCHIVE_EOF ? 0 : -1; 437 1.1 joerg } 438 1.1 joerg 439 1.1 joerg static char * 440 1.1 joerg extract_pkgname(int fd) 441 1.1 joerg { 442 1.1 joerg package_t plist; 443 1.1 joerg plist_t *p; 444 1.1 joerg struct archive *a; 445 1.1 joerg struct archive_entry *entry; 446 1.1 joerg char *buf; 447 1.1 joerg ssize_t len; 448 1.1 joerg int r; 449 1.1 joerg 450 1.3 joerg a = prepare_archive(); 451 1.1 joerg if (archive_read_open_fd(a, fd, 1024)) { 452 1.1 joerg warnx("Cannot open binary package: %s", 453 1.1 joerg archive_error_string(a)); 454 1.3 joerg archive_read_free(a); 455 1.1 joerg return NULL; 456 1.1 joerg } 457 1.1 joerg 458 1.1 joerg r = archive_read_next_header(a, &entry); 459 1.1 joerg if (r != ARCHIVE_OK) { 460 1.1 joerg warnx("Cannot extract package name: %s", 461 1.1 joerg r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); 462 1.3 joerg archive_read_free(a); 463 1.1 joerg return NULL; 464 1.1 joerg } 465 1.1 joerg if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { 466 1.1 joerg warnx("Invalid binary package, doesn't start with +CONTENTS"); 467 1.3 joerg archive_read_free(a); 468 1.1 joerg return NULL; 469 1.1 joerg } 470 1.1 joerg if (archive_entry_size(entry) > SSIZE_MAX - 1) { 471 1.1 joerg warnx("+CONTENTS too large to process"); 472 1.3 joerg archive_read_free(a); 473 1.1 joerg return NULL; 474 1.1 joerg } 475 1.1 joerg 476 1.1 joerg len = archive_entry_size(entry); 477 1.1 joerg buf = xmalloc(len + 1); 478 1.1 joerg 479 1.1 joerg if (archive_read_data(a, buf, len) != len) { 480 1.1 joerg warnx("Short read when extracing +CONTENTS"); 481 1.1 joerg free(buf); 482 1.3 joerg archive_read_free(a); 483 1.1 joerg return NULL; 484 1.1 joerg } 485 1.1 joerg buf[len] = '\0'; 486 1.1 joerg 487 1.3 joerg archive_read_free(a); 488 1.1 joerg 489 1.1 joerg parse_plist(&plist, buf); 490 1.1 joerg free(buf); 491 1.1 joerg p = find_plist(&plist, PLIST_NAME); 492 1.1 joerg if (p != NULL) { 493 1.1 joerg buf = xstrdup(p->name); 494 1.1 joerg } else { 495 1.1 joerg warnx("Invalid PLIST: missing @name"); 496 1.1 joerg buf = NULL; 497 1.1 joerg } 498 1.1 joerg free_plist(&plist); 499 1.1 joerg 500 1.1 joerg if (lseek(fd, 0, SEEK_SET) != 0) { 501 1.1 joerg warn("Cannot seek in archive"); 502 1.1 joerg free(buf); 503 1.1 joerg return NULL; 504 1.1 joerg } 505 1.1 joerg 506 1.1 joerg return buf; 507 1.1 joerg } 508 1.1 joerg 509 1.1 joerg static const char hash_template[] = 510 1.1 joerg "pkgsrc signature\n" 511 1.1 joerg "\n" 512 1.1 joerg "version: 1\n" 513 1.1 joerg "pkgname: %s\n" 514 1.1 joerg "algorithm: SHA512\n" 515 1.1 joerg "block size: 65536\n" 516 1.1 joerg "file size: %lld\n" 517 1.1 joerg "\n"; 518 1.1 joerg 519 1.1 joerg static const char hash_trailer[] = "end pkgsrc signature\n"; 520 1.1 joerg 521 1.2 khorben #ifdef HAVE_SSL 522 1.1 joerg void 523 1.1 joerg pkg_sign_x509(const char *name, const char *output, const char *key_file, const char *cert_file) 524 1.1 joerg { 525 1.1 joerg struct archive *pkg; 526 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 527 1.1 joerg int fd; 528 1.1 joerg struct stat sb; 529 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 530 1.1 joerg unsigned char block[65536]; 531 1.1 joerg off_t i, size; 532 1.1 joerg size_t block_len, signature_len; 533 1.1 joerg 534 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 535 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 536 1.1 joerg if (fstat(fd, &sb) == -1) 537 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 538 1.1 joerg 539 1.1 joerg entry = archive_entry_new(); 540 1.1 joerg archive_entry_copy_stat(entry, &sb); 541 1.1 joerg 542 1.1 joerg pkgname = extract_pkgname(fd); 543 1.1 joerg hash_file = xasprintf(hash_template, pkgname, 544 1.1 joerg (long long)archive_entry_size(entry)); 545 1.1 joerg free(pkgname); 546 1.1 joerg 547 1.1 joerg for (i = 0; i < archive_entry_size(entry); i += block_len) { 548 1.2 khorben if (i + (off_t)sizeof(block) < archive_entry_size(entry)) 549 1.1 joerg block_len = sizeof(block); 550 1.1 joerg else 551 1.1 joerg block_len = archive_entry_size(entry) % sizeof(block); 552 1.2 khorben if (read(fd, block, block_len) != (ssize_t)block_len) 553 1.1 joerg err(2, "short read"); 554 1.1 joerg hash_block(block, block_len, hash); 555 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 556 1.1 joerg free(hash_file); 557 1.1 joerg hash_file = tmp; 558 1.1 joerg } 559 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 560 1.1 joerg free(hash_file); 561 1.1 joerg hash_file = tmp; 562 1.1 joerg 563 1.1 joerg if (easy_pkcs7_sign(hash_file, strlen(hash_file), &signature_file, 564 1.1 joerg &signature_len, key_file, cert_file)) 565 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 566 1.1 joerg 567 1.1 joerg lseek(fd, 0, SEEK_SET); 568 1.1 joerg 569 1.1 joerg sign_entry = archive_entry_clone(entry); 570 1.1 joerg hash_entry = archive_entry_clone(entry); 571 1.1 joerg pkgname = strrchr(name, '/'); 572 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 573 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 574 1.1 joerg archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); 575 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 576 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 577 1.1 joerg 578 1.1 joerg pkg = archive_write_new(); 579 1.1 joerg archive_write_set_format_ar_bsd(pkg); 580 1.1 joerg archive_write_open_filename(pkg, output); 581 1.1 joerg 582 1.1 joerg archive_write_header(pkg, hash_entry); 583 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 584 1.1 joerg archive_write_finish_entry(pkg); 585 1.1 joerg archive_entry_free(hash_entry); 586 1.1 joerg 587 1.1 joerg archive_write_header(pkg, sign_entry); 588 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 589 1.1 joerg archive_write_finish_entry(pkg); 590 1.1 joerg archive_entry_free(sign_entry); 591 1.1 joerg 592 1.1 joerg size = archive_entry_size(entry); 593 1.1 joerg archive_write_header(pkg, entry); 594 1.1 joerg 595 1.1 joerg for (i = 0; i < size; i += block_len) { 596 1.2 khorben if (i + (off_t)sizeof(block) < size) 597 1.1 joerg block_len = sizeof(block); 598 1.1 joerg else 599 1.1 joerg block_len = size % sizeof(block); 600 1.2 khorben if (read(fd, block, block_len) != (ssize_t)block_len) 601 1.1 joerg err(2, "short read"); 602 1.1 joerg archive_write_data(pkg, block, block_len); 603 1.1 joerg } 604 1.1 joerg archive_write_finish_entry(pkg); 605 1.1 joerg archive_entry_free(entry); 606 1.1 joerg 607 1.3 joerg archive_write_free(pkg); 608 1.1 joerg 609 1.2 khorben close(fd); 610 1.2 khorben 611 1.1 joerg exit(0); 612 1.1 joerg } 613 1.2 khorben #endif 614 1.1 joerg 615 1.1 joerg void 616 1.1 joerg pkg_sign_gpg(const char *name, const char *output) 617 1.1 joerg { 618 1.1 joerg struct archive *pkg; 619 1.1 joerg struct archive_entry *entry, *hash_entry, *sign_entry; 620 1.1 joerg int fd; 621 1.1 joerg struct stat sb; 622 1.1 joerg char *hash_file, *signature_file, *tmp, *pkgname, hash[SHA512_DIGEST_STRING_LENGTH]; 623 1.1 joerg unsigned char block[65536]; 624 1.1 joerg off_t i, size; 625 1.1 joerg size_t block_len, signature_len; 626 1.1 joerg 627 1.1 joerg if ((fd = open(name, O_RDONLY)) == -1) 628 1.1 joerg err(EXIT_FAILURE, "Cannot open binary package %s", name); 629 1.1 joerg if (fstat(fd, &sb) == -1) 630 1.1 joerg err(EXIT_FAILURE, "Cannot stat %s", name); 631 1.1 joerg 632 1.1 joerg entry = archive_entry_new(); 633 1.1 joerg archive_entry_copy_stat(entry, &sb); 634 1.4.8.1 perseant size = archive_entry_size(entry); 635 1.1 joerg 636 1.1 joerg pkgname = extract_pkgname(fd); 637 1.4.8.1 perseant hash_file = xasprintf(hash_template, pkgname, (long long)size); 638 1.1 joerg free(pkgname); 639 1.1 joerg 640 1.4.8.1 perseant for (i = 0; i < size; i += block_len) { 641 1.4.8.1 perseant if (i + (off_t)sizeof(block) < size) 642 1.1 joerg block_len = sizeof(block); 643 1.1 joerg else 644 1.4.8.1 perseant block_len = size % sizeof(block) ? 645 1.4.8.1 perseant size % sizeof(block) : sizeof(block); 646 1.2 khorben if (read(fd, block, block_len) != (ssize_t)block_len) 647 1.1 joerg err(2, "short read"); 648 1.1 joerg hash_block(block, block_len, hash); 649 1.1 joerg tmp = xasprintf("%s%s\n", hash_file, hash); 650 1.1 joerg free(hash_file); 651 1.1 joerg hash_file = tmp; 652 1.1 joerg } 653 1.1 joerg tmp = xasprintf("%s%s", hash_file, hash_trailer); 654 1.1 joerg free(hash_file); 655 1.1 joerg hash_file = tmp; 656 1.1 joerg 657 1.1 joerg if (detached_gpg_sign(hash_file, strlen(hash_file), &signature_file, 658 1.1 joerg &signature_len, gpg_keyring_sign, gpg_sign_as)) 659 1.1 joerg err(EXIT_FAILURE, "Cannot sign hash file"); 660 1.1 joerg 661 1.1 joerg lseek(fd, 0, SEEK_SET); 662 1.1 joerg 663 1.1 joerg sign_entry = archive_entry_clone(entry); 664 1.1 joerg hash_entry = archive_entry_clone(entry); 665 1.1 joerg pkgname = strrchr(name, '/'); 666 1.1 joerg archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); 667 1.1 joerg archive_entry_set_pathname(hash_entry, HASH_FNAME); 668 1.1 joerg archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); 669 1.1 joerg archive_entry_set_size(hash_entry, strlen(hash_file)); 670 1.1 joerg archive_entry_set_size(sign_entry, signature_len); 671 1.1 joerg 672 1.1 joerg pkg = archive_write_new(); 673 1.1 joerg archive_write_set_format_ar_bsd(pkg); 674 1.1 joerg archive_write_open_filename(pkg, output); 675 1.1 joerg 676 1.1 joerg archive_write_header(pkg, hash_entry); 677 1.1 joerg archive_write_data(pkg, hash_file, strlen(hash_file)); 678 1.1 joerg archive_write_finish_entry(pkg); 679 1.1 joerg archive_entry_free(hash_entry); 680 1.1 joerg 681 1.1 joerg archive_write_header(pkg, sign_entry); 682 1.1 joerg archive_write_data(pkg, signature_file, signature_len); 683 1.1 joerg archive_write_finish_entry(pkg); 684 1.1 joerg archive_entry_free(sign_entry); 685 1.1 joerg 686 1.1 joerg archive_write_header(pkg, entry); 687 1.1 joerg 688 1.1 joerg for (i = 0; i < size; i += block_len) { 689 1.2 khorben if (i + (off_t)sizeof(block) < size) 690 1.1 joerg block_len = sizeof(block); 691 1.1 joerg else 692 1.4.8.1 perseant block_len = size % sizeof(block) ? size % sizeof(block) : sizeof(block); 693 1.2 khorben if (read(fd, block, block_len) != (ssize_t)block_len) 694 1.1 joerg err(2, "short read"); 695 1.1 joerg archive_write_data(pkg, block, block_len); 696 1.1 joerg } 697 1.1 joerg archive_write_finish_entry(pkg); 698 1.1 joerg archive_entry_free(entry); 699 1.1 joerg 700 1.3 joerg archive_write_free(pkg); 701 1.1 joerg 702 1.2 khorben close(fd); 703 1.2 khorben 704 1.1 joerg exit(0); 705 1.1 joerg } 706
Indexes created Tue May 05 00:25:04 UTC 2026