36#include <openssl/err.h>
37#include <openssl/sha.h>
38#include <openssl/rsa.h>
39#include <openssl/ssl.h>
40#include <openssl/pem.h>
42#include "xbps_api_impl.h"
45rsa_verify_hash(
struct xbps_repo *repo, xbps_data_t pubkey,
46 unsigned char *sig,
unsigned int siglen,
47 unsigned char *sha256)
53 ERR_load_crypto_strings();
54 SSL_load_error_strings();
56 bio = BIO_new_mem_buf(xbps_data_data_nocopy(pubkey),
57 xbps_data_size(pubkey));
60 rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
63 repo->
uri, ERR_error_string(ERR_get_error(), NULL));
67 rv = RSA_verify(NID_sha256, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa);
72 return rv ? true :
false;
77 unsigned char *digest)
79 xbps_dictionary_t repokeyd = NULL;
82 unsigned char *sig_buf = NULL;
83 size_t sigbuflen, sigfilelen;
84 char *rkeyfile = NULL;
87 if (!xbps_dictionary_count(repo->
idxmeta)) {
102 if (xbps_object_type(repokeyd) != XBPS_TYPE_DICTIONARY) {
104 rkeyfile, strerror(errno));
108 pubkey = xbps_dictionary_get(repokeyd,
"public-key");
109 if (xbps_object_type(pubkey) != XBPS_TYPE_DATA)
112 if (!
xbps_mmap_file(sigfile, (
void *)&sig_buf, &sigbuflen, &sigfilelen)) {
114 sigfile, strerror(errno));
120 if (rsa_verify_hash(repo, pubkey, sig_buf, sigfilelen, digest))
129 (void)munmap(sig_buf, sigbuflen);
131 xbps_object_release(repokeyd);
140 unsigned char digest[XBPS_SHA256_DIGEST_SIZE];
148 snprintf(sig,
sizeof sig,
"%s.sig2", fname);
char metadir[XBPS_MAXPATH]
void xbps_dbg_printf(const char *fmt,...)
Prints debug messages to stderr.
xbps_dictionary_t idxmeta
xbps_dictionary_t xbps_plist_dictionary_from_file(const char *path)
char * xbps_pubkey2fp(xbps_data_t pubkey)
char * xbps_xasprintf(const char *fmt,...) __attribute__((format(printf
bool xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
char bool xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen)
bool xbps_verify_signature(struct xbps_repo *repo, const char *sigfile, unsigned char *digest)
bool xbps_file_sha256_raw(unsigned char *dst, size_t len, const char *file)