Compare commits
5 Commits
c1e106d9e9
...
986852c6ea
Author | SHA1 | Date |
---|---|---|
Aydin Mercan | 986852c6ea | |
Aydin Mercan | e24dc0a88b | |
Aydin Mercan | 06d32f6c02 | |
Aydin Mercan | fa22da2fb3 | |
Aydin Mercan | 6dccdfc791 |
|
@ -1180,7 +1180,7 @@ int adb_trust_write_signatures(struct apk_trust *trust, struct adb *db, struct a
|
||||||
struct adb_sign_v0 v0;
|
struct adb_sign_v0 v0;
|
||||||
unsigned char buf[ADB_MAX_SIGNATURE_LEN];
|
unsigned char buf[ADB_MAX_SIGNATURE_LEN];
|
||||||
} sig;
|
} sig;
|
||||||
struct apk_trust_key *tkey;
|
struct apk_trust_secret_key *tkey;
|
||||||
apk_blob_t md;
|
apk_blob_t md;
|
||||||
size_t siglen;
|
size_t siglen;
|
||||||
int r;
|
int r;
|
||||||
|
|
|
@ -442,7 +442,7 @@ int main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (apk_crypto_init() != 0) {
|
if (apk_crypto_init() != 0) {
|
||||||
apk_err(out, "failure to initialize");
|
apk_err(out, "Failure to initialize cryptographic functionality");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ struct apk_trust_key {
|
||||||
char *filename;
|
char *filename;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct apk_trust_secret {
|
struct apk_trust_secret_key {
|
||||||
struct list_head key_node;
|
struct list_head key_node;
|
||||||
struct apk_secret_key key;
|
struct apk_secret_key key;
|
||||||
char *filename;
|
char *filename;
|
||||||
|
|
|
@ -93,7 +93,10 @@ uint8_t apk_digest_from_blob(struct apk_digest *d, apk_blob_t b)
|
||||||
|
|
||||||
int apk_digest_calc(struct apk_digest *d, uint8_t alg, const void *ptr, size_t sz)
|
int apk_digest_calc(struct apk_digest *d, uint8_t alg, const void *ptr, size_t sz)
|
||||||
{
|
{
|
||||||
union digest_state state;
|
union {
|
||||||
|
br_sha1_context sha1;
|
||||||
|
br_md5_context md5;
|
||||||
|
} state;
|
||||||
|
|
||||||
switch (alg) {
|
switch (alg) {
|
||||||
case APK_DIGEST_SHA256:
|
case APK_DIGEST_SHA256:
|
||||||
|
|
|
@ -314,6 +314,7 @@ void apk_public_key_free(struct apk_public_key *pub)
|
||||||
|
|
||||||
int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
||||||
{
|
{
|
||||||
|
const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
|
||||||
uint8_t digest;
|
uint8_t digest;
|
||||||
|
|
||||||
switch (signature_type) {
|
switch (signature_type) {
|
||||||
|
@ -335,6 +336,12 @@ int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type
|
||||||
return -APKE_CRYPTO_ERROR;
|
return -APKE_CRYPTO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (signature_type == APK_SIGNATURE_CUTE) {
|
||||||
|
if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
|
||||||
|
return -APKE_CRYPTO_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -311,6 +311,7 @@ void apk_secret_key_free(struct apk_secret_key *sec)
|
||||||
|
|
||||||
int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
||||||
{
|
{
|
||||||
|
const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
|
||||||
uint8_t digest;
|
uint8_t digest;
|
||||||
|
|
||||||
switch (signature_type) {
|
switch (signature_type) {
|
||||||
|
@ -332,6 +333,12 @@ int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
|
||||||
return -APKE_CRYPTO_ERROR;
|
return -APKE_CRYPTO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (signature_type == APK_SIGNATURE_CUTE) {
|
||||||
|
if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
|
||||||
|
return -APKE_CRYPTO_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -107,20 +107,17 @@ static int check_signing_key_trust(struct apk_sign_ctx *sctx)
|
||||||
|
|
||||||
static int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_file_info *fi, struct apk_istream *is)
|
static int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_file_info *fi, struct apk_istream *is)
|
||||||
{
|
{
|
||||||
static struct {
|
static const char *signature_type[4] = {
|
||||||
char type[8];
|
[APK_SIGNATURE_RSA] = "RSA",
|
||||||
uint8_t alg;
|
[APK_SIGNATURE_RSA512] = "RSA512",
|
||||||
} signature_type[] = {
|
[APK_SIGNATURE_RSA256] = "RSA256",
|
||||||
{"RSA256", APK_SIGNATURE_RSA256},
|
[APK_SIGNATURE_CUTE] = "CUTE",
|
||||||
{"RSA512", APK_SIGNATURE_RSA512},
|
|
||||||
{"CUTE", APK_SIGNATURE_CUTE},
|
|
||||||
{"RSA", APK_SIGNATURE_RSA},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
uint16_t signature_alg = APK_SIGNATURE_MAX;
|
uint16_t signature_alg = APK_SIGNATURE_MAX;
|
||||||
struct apk_public_key *public_key;
|
struct apk_public_key *public_key;
|
||||||
const char *name = NULL;
|
const char *name = NULL;
|
||||||
int r, i;
|
int r;
|
||||||
|
|
||||||
if (ctx->data_started) {
|
if (ctx->data_started) {
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -166,10 +163,11 @@ static int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_
|
||||||
|| ctx->signature.public_key != NULL)
|
|| ctx->signature.public_key != NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
for (i = 0; i < ARRAY_SIZE(signature_type); i++) {
|
for (uint16_t i = 0; i < ARRAY_SIZE(signature_type); i++) {
|
||||||
size_t slen = strlen(signature_type[i].type);
|
size_t slen = strlen(signature_type[i]);
|
||||||
if (strncmp(&fi->name[6], signature_type[i].type, slen) == 0 && fi->name[6 + slen] == '.') {
|
|
||||||
signature_alg = signature_type[i].alg;
|
if (strncmp(&fi->name[6], signature_type[i], slen) == 0 && fi->name[6 + slen] == '.') {
|
||||||
|
signature_alg = i;
|
||||||
name = &fi->name[6 + slen + 1];
|
name = &fi->name[6 + slen + 1];
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
23
src/trust.c
23
src/trust.c
|
@ -21,6 +21,25 @@ static struct apk_trust_key *apk_trust_load_public(int dirfd, const char *filena
|
||||||
return key;
|
return key;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static struct apk_trust_secret_key *apk_trust_load_secret(int dirfd, const char *filename)
|
||||||
|
{
|
||||||
|
struct apk_trust_secret_key *key;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
key = calloc(1, sizeof *key);
|
||||||
|
if (!key) return ERR_PTR(-ENOMEM);
|
||||||
|
|
||||||
|
r = apk_secret_key_load(&key->key, dirfd, filename);
|
||||||
|
if (r != 0) {
|
||||||
|
free(key);
|
||||||
|
return ERR_PTR(r);
|
||||||
|
}
|
||||||
|
|
||||||
|
list_init(&key->key_node);
|
||||||
|
key->filename = strdup(filename);
|
||||||
|
return key;
|
||||||
|
}
|
||||||
|
|
||||||
static int __apk_trust_load_pubkey(void *pctx, int dirfd, const char *filename)
|
static int __apk_trust_load_pubkey(void *pctx, int dirfd, const char *filename)
|
||||||
{
|
{
|
||||||
struct apk_trust *trust = pctx;
|
struct apk_trust *trust = pctx;
|
||||||
|
@ -93,11 +112,11 @@ static int option_parse_signing(void *ctx, struct apk_ctx *ac, int optch, const
|
||||||
{
|
{
|
||||||
struct apk_trust *trust = &ac->trust;
|
struct apk_trust *trust = &ac->trust;
|
||||||
struct apk_out *out = &ac->out;
|
struct apk_out *out = &ac->out;
|
||||||
struct apk_trust_key *key;
|
struct apk_trust_secret_key *key;
|
||||||
|
|
||||||
switch (optch) {
|
switch (optch) {
|
||||||
case OPT_SIGN_sign_key:
|
case OPT_SIGN_sign_key:
|
||||||
key = apk_trust_load_public(AT_FDCWD, optarg);
|
key = apk_trust_load_secret(AT_FDCWD, optarg);
|
||||||
if (IS_ERR(key)) {
|
if (IS_ERR(key)) {
|
||||||
apk_err(out, "Failed to load signing key: %s: %s",
|
apk_err(out, "Failed to load signing key: %s: %s",
|
||||||
optarg, apk_error_str(PTR_ERR(key)));
|
optarg, apk_error_str(PTR_ERR(key)));
|
||||||
|
|
Loading…
Reference in New Issue