Compare commits
5 Commits
c1e106d9e9
...
986852c6ea
Author | SHA1 | Date |
---|---|---|
Aydin Mercan | 986852c6ea | |
Aydin Mercan | e24dc0a88b | |
Aydin Mercan | 06d32f6c02 | |
Aydin Mercan | fa22da2fb3 | |
Aydin Mercan | 6dccdfc791 |
|
@ -1180,7 +1180,7 @@ int adb_trust_write_signatures(struct apk_trust *trust, struct adb *db, struct a
|
|||
struct adb_sign_v0 v0;
|
||||
unsigned char buf[ADB_MAX_SIGNATURE_LEN];
|
||||
} sig;
|
||||
struct apk_trust_key *tkey;
|
||||
struct apk_trust_secret_key *tkey;
|
||||
apk_blob_t md;
|
||||
size_t siglen;
|
||||
int r;
|
||||
|
|
|
@ -442,7 +442,7 @@ int main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (apk_crypto_init() != 0) {
|
||||
apk_err(out, "failure to initialize");
|
||||
apk_err(out, "Failure to initialize cryptographic functionality");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ struct apk_trust_key {
|
|||
char *filename;
|
||||
};
|
||||
|
||||
struct apk_trust_secret {
|
||||
struct apk_trust_secret_key {
|
||||
struct list_head key_node;
|
||||
struct apk_secret_key key;
|
||||
char *filename;
|
||||
|
|
|
@ -93,7 +93,10 @@ uint8_t apk_digest_from_blob(struct apk_digest *d, apk_blob_t b)
|
|||
|
||||
int apk_digest_calc(struct apk_digest *d, uint8_t alg, const void *ptr, size_t sz)
|
||||
{
|
||||
union digest_state state;
|
||||
union {
|
||||
br_sha1_context sha1;
|
||||
br_md5_context md5;
|
||||
} state;
|
||||
|
||||
switch (alg) {
|
||||
case APK_DIGEST_SHA256:
|
||||
|
|
|
@ -314,6 +314,7 @@ void apk_public_key_free(struct apk_public_key *pub)
|
|||
|
||||
int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
||||
{
|
||||
const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
|
||||
uint8_t digest;
|
||||
|
||||
switch (signature_type) {
|
||||
|
@ -335,6 +336,12 @@ int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type
|
|||
return -APKE_CRYPTO_ERROR;
|
||||
}
|
||||
|
||||
if (signature_type == APK_SIGNATURE_CUTE) {
|
||||
if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
|
||||
return -APKE_CRYPTO_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -311,6 +311,7 @@ void apk_secret_key_free(struct apk_secret_key *sec)
|
|||
|
||||
int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
||||
{
|
||||
const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
|
||||
uint8_t digest;
|
||||
|
||||
switch (signature_type) {
|
||||
|
@ -332,6 +333,12 @@ int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
|||
return -APKE_CRYPTO_ERROR;
|
||||
}
|
||||
|
||||
if (signature_type == APK_SIGNATURE_CUTE) {
|
||||
if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
|
||||
return -APKE_CRYPTO_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -107,20 +107,17 @@ static int check_signing_key_trust(struct apk_sign_ctx *sctx)
|
|||
|
||||
static int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_file_info *fi, struct apk_istream *is)
|
||||
{
|
||||
static struct {
|
||||
char type[8];
|
||||
uint8_t alg;
|
||||
} signature_type[] = {
|
||||
{"RSA256", APK_SIGNATURE_RSA256},
|
||||
{"RSA512", APK_SIGNATURE_RSA512},
|
||||
{"CUTE", APK_SIGNATURE_CUTE},
|
||||
{"RSA", APK_SIGNATURE_RSA},
|
||||
static const char *signature_type[4] = {
|
||||
[APK_SIGNATURE_RSA] = "RSA",
|
||||
[APK_SIGNATURE_RSA512] = "RSA512",
|
||||
[APK_SIGNATURE_RSA256] = "RSA256",
|
||||
[APK_SIGNATURE_CUTE] = "CUTE",
|
||||
};
|
||||
|
||||
uint16_t signature_alg = APK_SIGNATURE_MAX;
|
||||
struct apk_public_key *public_key;
|
||||
const char *name = NULL;
|
||||
int r, i;
|
||||
int r;
|
||||
|
||||
if (ctx->data_started) {
|
||||
return 1;
|
||||
|
@ -166,10 +163,11 @@ static int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_
|
|||
|| ctx->signature.public_key != NULL)
|
||||
return 0;
|
||||
|
||||
for (i = 0; i < ARRAY_SIZE(signature_type); i++) {
|
||||
size_t slen = strlen(signature_type[i].type);
|
||||
if (strncmp(&fi->name[6], signature_type[i].type, slen) == 0 && fi->name[6 + slen] == '.') {
|
||||
signature_alg = signature_type[i].alg;
|
||||
for (uint16_t i = 0; i < ARRAY_SIZE(signature_type); i++) {
|
||||
size_t slen = strlen(signature_type[i]);
|
||||
|
||||
if (strncmp(&fi->name[6], signature_type[i], slen) == 0 && fi->name[6 + slen] == '.') {
|
||||
signature_alg = i;
|
||||
name = &fi->name[6 + slen + 1];
|
||||
break;
|
||||
}
|
||||
|
|
23
src/trust.c
23
src/trust.c
|
@ -21,6 +21,25 @@ static struct apk_trust_key *apk_trust_load_public(int dirfd, const char *filena
|
|||
return key;
|
||||
}
|
||||
|
||||
static struct apk_trust_secret_key *apk_trust_load_secret(int dirfd, const char *filename)
|
||||
{
|
||||
struct apk_trust_secret_key *key;
|
||||
int r;
|
||||
|
||||
key = calloc(1, sizeof *key);
|
||||
if (!key) return ERR_PTR(-ENOMEM);
|
||||
|
||||
r = apk_secret_key_load(&key->key, dirfd, filename);
|
||||
if (r != 0) {
|
||||
free(key);
|
||||
return ERR_PTR(r);
|
||||
}
|
||||
|
||||
list_init(&key->key_node);
|
||||
key->filename = strdup(filename);
|
||||
return key;
|
||||
}
|
||||
|
||||
static int __apk_trust_load_pubkey(void *pctx, int dirfd, const char *filename)
|
||||
{
|
||||
struct apk_trust *trust = pctx;
|
||||
|
@ -93,11 +112,11 @@ static int option_parse_signing(void *ctx, struct apk_ctx *ac, int optch, const
|
|||
{
|
||||
struct apk_trust *trust = &ac->trust;
|
||||
struct apk_out *out = &ac->out;
|
||||
struct apk_trust_key *key;
|
||||
struct apk_trust_secret_key *key;
|
||||
|
||||
switch (optch) {
|
||||
case OPT_SIGN_sign_key:
|
||||
key = apk_trust_load_public(AT_FDCWD, optarg);
|
||||
key = apk_trust_load_secret(AT_FDCWD, optarg);
|
||||
if (IS_ERR(key)) {
|
||||
apk_err(out, "Failed to load signing key: %s: %s",
|
||||
optarg, apk_error_str(PTR_ERR(key)));
|
||||
|
|
Loading…
Reference in New Issue