Blob Blame History Raw
From 7da1e826ccb08fdd404524146736b3f12a473e31 Mon Sep 17 00:00:00 2001
From: chantra <chantr4@gmail.com>
Date: Mon, 31 Jan 2022 14:42:25 -0800
Subject: [PATCH 10/30] [rpm2extents] Make rpmkeys support reading metadata
 from transcoded footer

If the file is seekable and is a transcoded file, read signature validation from transcoded file tail metadata
---
 lib/rpmchecksig.c    | 112 ++++++++++++++++++++++++++++++++++++++++++-
 tests/rpm2extents.at |  34 ++++++++++++-
 2 files changed, 144 insertions(+), 2 deletions(-)

diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index fcdbb424f..6164d012c 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -24,6 +24,11 @@
 
 #include "debug.h"
 
+/* magic value at end of file (64 bits) that indicates this is a transcoded
+ * rpm.
+ */
+#define MAGIC 3472329499408095051
+
 static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen)
 {
     char const * const pgpmark = "-----BEGIN PGP ";
@@ -220,6 +225,107 @@ exit:
     return rc;
 }
 
+static rpmRC isTranscodedRpm(FD_t fd) {
+    rpmRC rc = RPMRC_NOTFOUND;
+    rpm_loff_t current;
+    uint64_t magic;
+    size_t len;
+
+    // If the file is not seekable, we cannot detect whether or not it is transcoded.
+    if(Fseek(fd, 0, SEEK_CUR) < 0) {
+        return RPMRC_FAIL;
+    }
+    current = Ftell(fd);
+
+    if(Fseek(fd, -(sizeof(magic)), SEEK_END) < 0) {
+	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: failed to seek for magic\n"));
+	rc = RPMRC_FAIL;
+	goto exit;
+    }
+    len = sizeof(magic);
+    if (Fread(&magic, len, 1, fd) != len) {
+	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: unable to read magic\n"));
+	rc = RPMRC_FAIL;
+	goto exit;
+    }
+    if (magic != MAGIC) {
+	rpmlog(RPMLOG_DEBUG, _("isTranscodedRpm: not transcoded\n"));
+	rc = RPMRC_NOTFOUND;
+	goto exit;
+    }
+    rc = RPMRC_OK;
+exit:
+    if (Fseek(fd, current, SEEK_SET) < 0) {
+	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: unable to seek back to original location\n"));
+    }
+    return rc;
+}
+
+static int rpmpkgVerifySigsTranscoded(FD_t fd){
+    rpm_loff_t current;
+    uint64_t magic;
+    rpm_loff_t offset;
+    int32_t rc;
+    size_t len;
+    uint64_t content_len;
+    char *content = NULL;
+
+    current = Ftell(fd);
+
+    if(Fseek(fd, -(sizeof(magic) + 3 * sizeof(offset) ), SEEK_END) < 0) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: failed to seek for offset\n"));
+	rc = -1;
+	goto exit;
+    }
+
+    len = sizeof(offset);
+    if (Fread(&offset, len, 1, fd) != len) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read Signature Verification offset\n"));
+	rc = -1;
+	goto exit;
+    }
+
+    if(Fseek(fd,  offset, SEEK_SET) < 0) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to seek signature verification offset\n"));
+	rc = -1;
+	goto exit;
+    }
+    len = sizeof(rc);
+    if (Fread(&rc, len, 1, fd) != len) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read Signature Verification RC\n"));
+	rc = -1;
+	goto exit;
+    }
+
+    len = sizeof(content_len);
+    if (Fread(&content_len, len, 1, fd) != len) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read signature content length\n"));
+	goto exit;
+    }
+
+    content = malloc(content_len + 1);
+    if(content == NULL) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to allocate memory to read signature content\n"));
+	goto exit;
+    }
+    content[content_len] = 0;
+    if (Fread(content, content_len, 1, fd) != content_len) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: Failed to read signature content\n"));
+	goto exit;
+    }
+
+    rpmlog(RPMLOG_NOTICE, "%s", content);
+exit:
+    if(content){
+	free(content);
+    }
+    if (Fseek(fd, current, SEEK_SET) < 0) {
+	rpmlog(RPMLOG_ERR, _("rpmpkgVerifySigsTranscoded: unable to seek back to original location\n"));
+    }
+    return rc;
+
+}
+
 static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
 			   FD_t fd, const char *fn)
 {
@@ -229,10 +335,14 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
 			    .verbose = rpmIsVerbose(),
     };
     int rc;
-    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
 
     rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");
 
+    if(isTranscodedRpm(fd) == RPMRC_OK){
+	return rpmpkgVerifySigsTranscoded(fd);
+    }
+    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
+
     rc = rpmpkgRead(vs, fd, NULL, NULL, &msg);
 
     if (rc)
diff --git a/tests/rpm2extents.at b/tests/rpm2extents.at
index baea987e4..18accfc75 100644
--- a/tests/rpm2extents.at
+++ b/tests/rpm2extents.at
@@ -29,7 +29,7 @@ AT_CHECK([runroot_other cat /data/RPMS/hello-2.0-1.x86_64.rpm | runroot_other rp
 [ignore])
 AT_CLEANUP
 
-# Check that tailer writes checksig return code and content.
+# Check that transcoder writes checksig return code and content.
 #
 AT_SETUP([rpm2extents signature])
 AT_KEYWORDS([rpm2extents digest signature])
@@ -62,3 +62,35 @@ RPMSignOutput Content     Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
 ],
 [])
 AT_CLEANUP
+
+AT_SETUP([rpm2extents signature verification])
+AT_KEYWORDS([rpm2extents digest signature])
+AT_CHECK([
+RPMDB_INIT
+
+runroot_other cat /data/RPMS/hello-2.0-1.x86_64-signed.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64-signed.rpm 2> /dev/null
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm; echo $?
+runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
+runroot_other cat /data/RPMS/hello-2.0-1.x86_64-signed.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64-signed.rpm
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64-signed.rpm; echo $?
+],
+[0],
+[/tmp/hello-2.0-1.x86_64-signed.rpm:
+    Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
+    Header SHA256 digest: OK
+    Header SHA1 digest: OK
+    Payload SHA256 digest: OK
+    V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
+    MD5 digest: OK
+1
+/tmp/hello-2.0-1.x86_64-signed.rpm:
+    Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
+    Header SHA256 digest: OK
+    Header SHA1 digest: OK
+    Payload SHA256 digest: OK
+    V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
+    MD5 digest: OK
+0
+],
+[])
+AT_CLEANUP
-- 
2.35.1