Commit 79f43861 authored by Timo Teräs's avatar Timo Teräs

signing: verify and generate identity

fixes verification of non-repository packages while installing
them. this is final thing needed for full signing support
(fixes #46).
parent 718ef307
...@@ -128,8 +128,8 @@ static int add_main(void *ctx, int argc, char **argv) ...@@ -128,8 +128,8 @@ static int add_main(void *ctx, int argc, char **argv)
goto err; goto err;
} }
/* FIXME: should verify the package too */ apk_sign_ctx_init(&sctx, APK_SIGN_VERIFY_AND_GENERATE,
apk_sign_ctx_init(&sctx, APK_SIGN_GENERATE, NULL); NULL);
r = apk_pkg_read(&db, argv[i], &sctx, &pkg); r = apk_pkg_read(&db, argv[i], &sctx, &pkg);
apk_sign_ctx_free(&sctx); apk_sign_ctx_free(&sctx);
if (r != 0) { if (r != 0) {
......
...@@ -35,6 +35,7 @@ struct apk_name; ...@@ -35,6 +35,7 @@ struct apk_name;
#define APK_SIGN_VERIFY_IDENTITY 2 #define APK_SIGN_VERIFY_IDENTITY 2
#define APK_SIGN_GENERATE_V1 3 #define APK_SIGN_GENERATE_V1 3
#define APK_SIGN_GENERATE 4 #define APK_SIGN_GENERATE 4
#define APK_SIGN_VERIFY_AND_GENERATE 5
struct apk_sign_ctx { struct apk_sign_ctx {
int action; int action;
......
...@@ -311,6 +311,7 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action, ...@@ -311,6 +311,7 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
ctx->data_started = 1; ctx->data_started = 1;
break; break;
case APK_SIGN_GENERATE: case APK_SIGN_GENERATE:
case APK_SIGN_VERIFY_AND_GENERATE:
default: default:
action = APK_SIGN_GENERATE; action = APK_SIGN_GENERATE;
ctx->md = EVP_sha1(); ctx->md = EVP_sha1();
...@@ -466,6 +467,7 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data) ...@@ -466,6 +467,7 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
switch (sctx->action) { switch (sctx->action) {
case APK_SIGN_VERIFY: case APK_SIGN_VERIFY:
case APK_SIGN_VERIFY_AND_GENERATE:
if (sctx->signature.pkey == NULL) { if (sctx->signature.pkey == NULL) {
if (apk_flags & APK_ALLOW_UNTRUSTED) if (apk_flags & APK_ALLOW_UNTRUSTED)
break; break;
...@@ -502,6 +504,10 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data) ...@@ -502,6 +504,10 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
return -ECANCELED; return -ECANCELED;
break; break;
} }
if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
}
reset_digest: reset_digest:
EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL); EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment