emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added support for the long awaited feature: RSA signed repositories.

Browse Source
This commit is contained in:
Juan RP
2013-10-05 11:38:04 +02:00
parent ae2eea8937
commit 8d5c48b861
29 changed files with 1121 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

231
bin/xbps-rindex/sign.c Normal file
View File

@@ -0,0 +1,231 @@
/*-
* Copyright (c) 2013 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <assert.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/pem.h>
#include "defs.h"
static int
password_cb(char *buf, int size)
{
int len = 0;
char pass[BUFSIZ];
if (readpassphrase("Enter passphrase: ", pass, BUFSIZ, 0) == NULL)
return 0;
len = strlen(pass);
if (len <= 0)
return 0;
if (len > size)
len = size;
memset(buf, '\0', size);
memcpy(buf, pass, len);
memset(&pass, 0, BUFSIZ);
return len;
}
static RSA *
load_rsa_privkey(const char *path)
{
FILE *fp;
RSA *rsa = NULL;
if ((fp = fopen(path, "r")) == 0)
return NULL;
if ((rsa = RSA_new()) == NULL) {
fclose(fp);
return NULL;
}
rsa = PEM_read_RSAPrivateKey(fp, 0,
(pem_password_cb *)password_cb,
__UNCONST(path));
fclose(fp);
return rsa;
}
static char *
pubkey_from_privkey(RSA *rsa)
{
BIO *bp;
char *buf;
bp = BIO_new(BIO_s_mem());
assert(bp);
if (!PEM_write_bio_RSA_PUBKEY(bp, rsa)) {
fprintf(stderr, "error writing public key: %s\n",
ERR_error_string(ERR_get_error(), NULL));
BIO_free(bp);
return NULL;
}
/* XXX (xtraeme) 8192 should be always enough? */
buf = malloc(8192);
assert(buf);
BIO_read(bp, buf, 8192);
BIO_free(bp);
ERR_free_strings();
return buf;
}
static RSA *
rsa_sign_buf(const char *privkey, const char *buf,
unsigned char **sigret, unsigned int *siglen)
{
SHA256_CTX context;
RSA *rsa;
unsigned char sha256[SHA256_DIGEST_LENGTH];
ERR_load_crypto_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
rsa = load_rsa_privkey(privkey);
if (rsa == NULL) {
fprintf(stderr, "can't load private key from %s\n", privkey);
return NULL;
}
SHA256_Init(&context);
SHA256_Update(&context, buf, strlen(buf));
SHA256_Final(sha256, &context);
*sigret = calloc(1, RSA_size(rsa) + 1);
if (RSA_sign(NID_sha1, sha256, sizeof(sha256),
*sigret, siglen, rsa) == 0) {
fprintf(stderr, "%s: %s\n", privkey,
ERR_error_string(ERR_get_error(), NULL));
return NULL;
}
return rsa;
}
int
sign_repo(struct xbps_handle *xhp, const char *repodir,
const char *privkey, const char *signedby)
{
RSA *rsa = NULL;
struct repodata *rd;
struct xbps_repo *repo;
xbps_dictionary_t idx, meta;
xbps_data_t data;
unsigned int siglen;
unsigned char *sig;
char *buf, *xml, *defprivkey = NULL;
int rv = 0;
if (signedby == NULL) {
fprintf(stderr, "--signedby unset! cannot sign repository\n");
return -1;
}
/*
* Check that repository index exists and not empty, otherwise bail out.
*/
repo = xbps_repo_open(xhp, repodir);
if (repo == NULL) {
fprintf(stderr, "cannot read repository data: %s\n", strerror(errno));
return -1;
}
idx = xbps_repo_get_plist(repo, XBPS_REPOIDX);
xbps_repo_close(repo);
if (xbps_dictionary_count(idx) == 0) {
fprintf(stderr, "invalid number of objects in repository index!\n");
return -1;
}
/*
* Externalize the index and then sign it.
*/
xml = xbps_dictionary_externalize(idx);
if (xml == NULL) {
fprintf(stderr, "failed to externalize repository index: %s\n", strerror(errno));
xbps_object_release(idx);
return -1;
}
/*
* If privkey not set, default to ~/.ssh/id_rsa.
*/
if (privkey == NULL)
defprivkey = xbps_xasprintf("%s/.ssh/id_rsa", getenv("HOME"));
else
defprivkey = strdup(privkey);
rsa = rsa_sign_buf(defprivkey, xml, &sig, &siglen);
if (rsa == NULL) {
free(xml);
return -1;
}
/*
* Prepare the XBPS_REPOMETA for our repository data.
*/
meta = xbps_dictionary_create();
xbps_dictionary_set_cstring_nocopy(meta, "signature-by", signedby);
xbps_dictionary_set_cstring_nocopy(meta, "signature-type", "rsa");
data = xbps_data_create_data_nocopy(sig, siglen);
xbps_dictionary_set(meta, "signature", data);
buf = pubkey_from_privkey(rsa);
assert(buf);
data = xbps_data_create_data_nocopy(buf, strlen(buf));
xbps_dictionary_set(meta, "public-key", data);
xbps_dictionary_set_uint16(meta, "public-key-size", RSA_size(rsa) * 8);
/*
* and finally write our repodata file!
*/
rd = repodata_init(xhp, repodir);
assert(rd);
xml = xbps_dictionary_externalize(idx);
assert(xml);
rv = repodata_add_buf(rd, xml, XBPS_REPOIDX);
free(xml);
xml = xbps_dictionary_externalize(meta);
assert(xml);
rv = repodata_add_buf(rd, xml, XBPS_REPOMETA);
free(xml);
repodata_flush(rd);
free(buf);
RSA_free(rsa);
return rv;
}