From 7da1e826ccb08fdd404524146736b3f12a473e31 Mon Sep 17 00:00:00 2001
From: chantra <chantr4@gmail.com>
Date: Mon, 31 Jan 2022 14:42:25 -0800
Subject: [PATCH 10/30] [rpm2extents] Make rpmkeys support reading metadata
from transcoded footer
If the file is seekable and is a transcoded file, read signature validation from transcoded file tail metadata
---
lib/rpmchecksig.c | 112 ++++++++++++++++++++++++++++++++++++++++++-
tests/rpm2extents.at | 34 ++++++++++++-
2 files changed, 144 insertions(+), 2 deletions(-)
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index fcdbb424f..6164d012c 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -24,6 +24,11 @@
#include "debug.h"
+/* magic value at end of file (64 bits) that indicates this is a transcoded
+ * rpm.
+ */
+#define MAGIC 3472329499408095051
+
int _print_pkts = 0;
static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen)
@@ -220,6 +225,107 @@ exit:
return rc;
}
+static rpmRC isTranscodedRpm(FD_t fd) {
+ rpmRC rc = RPMRC_NOTFOUND;
+ rpm_loff_t current;
+ uint64_t magic;
+ size_t len;
+
+ // If the file is not seekable, we cannot detect whether or not it is transcoded.
+ if(Fseek(fd, 0, SEEK_CUR) < 0) {
+ return RPMRC_FAIL;
+ }
+ current = Ftell(fd);
+
+ if(Fseek(fd, -(sizeof(magic)), SEEK_END) < 0) {
+ rpmlog(RPMLOG_ERR, _("isTranscodedRpm: failed to seek for magic\n"));
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+ len = sizeof(magic);
+ if (Fread(&magic, len, 1, fd) != len) {
+ rpmlog(RPMLOG_ERR, _("isTranscodedRpm: unable to read magic\n"));
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+ if (magic != MAGIC) {
+ rpmlog(RPMLOG_DEBUG, _("isTranscodedRpm: not transcoded\n"));
+ rc = RPMRC_NOTFOUND;
+ goto exit;
+ }
+ rc = RPMRC_OK;
+exit:
+ if (Fseek(fd, current, SEEK_SET) < 0) {
+ rpmlog(RPMLOG_ERR, _("isTranscodedRpm: unable to seek back to original location\n"));
+ }
+ return rc;
+}
+
+static int rpmpkgVerifySigsTranscoded(FD_t fd){
+ rpm_loff_t current;
+ uint64_t magic;
+ rpm_loff_t offset;
+ int32_t rc;
+ size_t len;
+ uint64_t content_len;
+ char *content = NULL;
+
+ current = Ftell(fd);
+
+ if(Fseek(fd, -(sizeof(magic) + 3 * sizeof(offset) ), SEEK_END) < 0) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: failed to seek for offset\n"));
+ rc = -1;
+ goto exit;
+ }
+
+ len = sizeof(offset);
+ if (Fread(&offset, len, 1, fd) != len) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read Signature Verification offset\n"));
+ rc = -1;
+ goto exit;
+ }
+
+ if(Fseek(fd, offset, SEEK_SET) < 0) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to seek signature verification offset\n"));
+ rc = -1;
+ goto exit;
+ }
+ len = sizeof(rc);
+ if (Fread(&rc, len, 1, fd) != len) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read Signature Verification RC\n"));
+ rc = -1;
+ goto exit;
+ }
+
+ len = sizeof(content_len);
+ if (Fread(&content_len, len, 1, fd) != len) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read signature content length\n"));
+ goto exit;
+ }
+
+ content = malloc(content_len + 1);
+ if(content == NULL) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to allocate memory to read signature content\n"));
+ goto exit;
+ }
+ content[content_len] = 0;
+ if (Fread(content, content_len, 1, fd) != content_len) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read signature content\n"));
+ goto exit;
+ }
+
+ rpmlog(RPMLOG_NOTICE, "%s", content);
+exit:
+ if(content){
+ free(content);
+ }
+ if (Fseek(fd, current, SEEK_SET) < 0) {
+ rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: unable to seek back to original location\n"));
+ }
+ return rc;
+
+}
+
static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
FD_t fd, const char *fn)
{
@@ -229,10 +335,14 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
.verbose = rpmIsVerbose(),
};
int rc;
- struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");
+ if(isTranscodedRpm(fd) == RPMRC_OK){
+ return rpmpkgVerifySigsTranscoded(fd);
+ }
+ struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
+
rc = rpmpkgRead(vs, fd, NULL, NULL, &msg);
if (rc)
diff --git a/tests/rpm2extents.at b/tests/rpm2extents.at
index baea987e4..18accfc75 100644
--- a/tests/rpm2extents.at
+++ b/tests/rpm2extents.at
@@ -29,7 +29,7 @@ AT_CHECK([runroot_other cat /data/RPMS/hello-2.0-1.x86_64.rpm | runroot_other rp
[ignore])
AT_CLEANUP
-# Check that tailer writes checksig return code and content.
+# Check that transcoder writes checksig return code and content.
#
AT_SETUP([rpm2extents signature])
AT_KEYWORDS([rpm2extents digest signature])
@@ -62,3 +62,35 @@ RPMSignOutput Content Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
],
[])
AT_CLEANUP
+
+AT_SETUP([rpm2extents signature verification])
+AT_KEYWORDS([rpm2extents digest signature])
+AT_CHECK([
+RPMDB_INIT
+
+runroot_other cat /data/RPMS/hello-2.0-1.x86_64-signed.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64-signed.rpm 2> /dev/null
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm; echo $?
+runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
+runroot_other cat /data/RPMS/hello-2.0-1.x86_64-signed.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64-signed.rpm
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm; echo $?
+],
+[0],
+[/tmp/hello-2.0-1.x86_64-signed.rpm:
+ Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
+ Header SHA256 digest: OK
+ Header SHA1 digest: OK
+ Payload SHA256 digest: OK
+ V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
+ MD5 digest: OK
+1
+/tmp/hello-2.0-1.x86_64-signed.rpm:
+ Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
+ Header SHA256 digest: OK
+ Header SHA1 digest: OK
+ Payload SHA256 digest: OK
+ V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
+ MD5 digest: OK
+0
+],
+[])
+AT_CLEANUP
--
2.35.1