static int calculate_total_filesize(const char *local_paths, off_t *len)
{
int rc = 0;
char *paths = strdup(local_paths);
*len = 0;
for (char *path = strtok(paths, ";");
path != NULL;
path = strtok(NULL, ";")) {
FILE *fp = fopen(path, "rb");
if (!fp)
ERR_CLEANUP_MSG("can't open '%s'", path);
fseeko(fp, 0, SEEK_END);
off_t file_len = ftello(fp);
fseeko(fp, 0, SEEK_SET);
fclose(fp);
*len += file_len;
}
cleanup:
free(paths);
return rc;
}
int fwfile_add_local_file(struct archive *a, const char *resource_name, const char *local_path)
{
int rc = 0;
off_t copy_buffer_len = 64 * 1024;
char *copy_buffer = (char *) malloc(copy_buffer_len);
struct archive_entry *entry = 0;
FILE *fp = fopen(local_path, "rb");
if (!fp)
ERR_CLEANUP_MSG("can't open local file");
fseeko(fp, 0, SEEK_END);
off_t total_len = ftello(fp);
fseeko(fp, 0, SEEK_SET);
entry = archive_entry_new();
// Convert the resource name to an archive path (most resources should be in the data directory)
char archive_path[FWFILE_MAX_ARCHIVE_PATH];
size_t resource_name_len = strlen(resource_name);
if (resource_name_len + 6 > sizeof(archive_path))
ERR_CLEANUP_MSG("resource name is too long");
if (resource_name_len == '\0')
ERR_CLEANUP_MSG("resource name can't be empty");
if (resource_name[resource_name_len - 1] == '/')
ERR_CLEANUP_MSG("resource name can't end in a '/'");
if (resource_name[0] == '/') {
if (resource_name[1] == '\0')
ERR_CLEANUP_MSG("resource name can't be the root directory");
// This seems like it's just asking for trouble, so error out.
if (strcmp(resource_name, "/meta.conf") == 0)
ERR_CLEANUP_MSG("resources can't be named /meta.conf");
// Absolute paths are not intended to be commonly used and ones
// in /data won't work when applying the updates, so error out.
if (memcmp(resource_name, "/data/", 6) == 0 ||
strcmp(resource_name, "/data") == 0)
ERR_CLEANUP_MSG("use a normal resource name rather than specifying /data");
strcpy(archive_path, &resource_name[1]);
} else {
sprintf(archive_path, "data/%s", resource_name);
}
archive_entry_set_pathname(entry, archive_path);
archive_entry_set_size(entry, total_len);
archive_entry_set_filetype(entry, AE_IFREG);
archive_entry_set_perm(entry, 0644);
archive_write_header(a, entry);
size_t len = fread(copy_buffer, 1, (size_t)copy_buffer_len, fp);
off_t total_read = (off_t)len;
while (len > 0) {
off_t written = archive_write_data(a, copy_buffer, len);
if (written != (off_t) len)
ERR_CLEANUP_MSG("error writing to archive");
len = fread(copy_buffer, 1, copy_buffer_len, fp);
total_read += len;
}
if (total_read != total_len)
ERR_CLEANUP_MSG("read an unexpected amount of data");
cleanup:
archive_entry_free(entry);
if (fp)
fclose(fp);
free(copy_buffer);
return rc;
}
int fwfile_add_local_file(struct archive *a,
const char *resource_name,
const char *local_paths,
const struct fwfile_assertions *assertions)
{
int rc = 0;
off_t copy_buffer_len = 64 * 1024;
char *copy_buffer = (char *) malloc(copy_buffer_len);
struct archive_entry *entry = archive_entry_new();
off_t total_read = 0;
char *paths = strdup(local_paths);
FILE *fp = NULL;
if (*paths == '\0')
ERR_CLEANUP_MSG("must specify a host-path for resource '%s'", resource_name);
off_t total_len;
if (calculate_total_filesize(local_paths, &total_len) < 0)
goto cleanup; // Error set by calculate_total_filesize()
if (assertions) {
if (assertions->assert_gte >= 0 &&
!(total_len >= assertions->assert_gte))
ERR_CLEANUP_MSG("file size assertion failed on '%s'. Size is %d bytes. It must be >= %d bytes (%d blocks)",
local_paths, total_len, assertions->assert_gte, assertions->assert_gte / 512);
if (assertions->assert_lte >= 0 &&
!(total_len <= assertions->assert_lte))
ERR_CLEANUP_MSG("file size assertion failed on '%s'. Size is %d bytes. It must be <= %d bytes (%d blocks)",
local_paths, total_len, assertions->assert_lte, assertions->assert_lte / 512);
}
// Convert the resource name to an archive path (most resources should be in the data directory)
char archive_path[FWFILE_MAX_ARCHIVE_PATH];
size_t resource_name_len = strlen(resource_name);
if (resource_name_len + 6 > sizeof(archive_path))
ERR_CLEANUP_MSG("resource name '%s' is too long", resource_name);
if (resource_name_len == '\0')
ERR_CLEANUP_MSG("resource name can't be empty");
if (resource_name[resource_name_len - 1] == '/')
ERR_CLEANUP_MSG("resource name '%s' can't end in a '/'", resource_name);
if (resource_name[0] == '/') {
if (resource_name[1] == '\0')
ERR_CLEANUP_MSG("resource name can't be the root directory");
// This seems like it's just asking for trouble, so error out.
if (strcmp(resource_name, "/meta.conf") == 0)
ERR_CLEANUP_MSG("resources can't be named /meta.conf");
// Absolute paths are not intended to be commonly used and ones
// in /data won't work when applying the updates, so error out.
if (memcmp(resource_name, "/data/", 6) == 0 ||
strcmp(resource_name, "/data") == 0)
ERR_CLEANUP_MSG("use a normal resource name rather than specifying /data");
strcpy(archive_path, &resource_name[1]);
} else {
sprintf(archive_path, "data/%s", resource_name);
}
archive_entry_set_pathname(entry, archive_path);
archive_entry_set_size(entry, total_len);
archive_entry_set_filetype(entry, AE_IFREG);
archive_entry_set_perm(entry, 0644);
archive_write_header(a, entry);
for (char *path = strtok(paths, ";");
path != NULL;
path = strtok(NULL, ";")) {
fp = fopen(path, "rb");
if (!fp)
ERR_CLEANUP_MSG("can't open '%s'", path);
size_t len = fread(copy_buffer, 1, (size_t) copy_buffer_len, fp);
off_t file_read = (off_t) len;
while (len > 0) {
off_t written = archive_write_data(a, copy_buffer, len);
if (written != (off_t) len)
ERR_CLEANUP_MSG("error writing to archive");
len = fread(copy_buffer, 1, copy_buffer_len, fp);
file_read += len;
}
total_read += file_read;
fclose(fp);
fp = NULL;
}
if (total_read != total_len)
ERR_CLEANUP_MSG("read error for '%s'", paths);
cleanup:
archive_entry_free(entry);
if (fp)
fclose(fp);
free(copy_buffer);
free(paths);
return rc;
}
/**
* @brief Verify that the firmware archive is ok
* @param input_filename the firmware update filename
* @param public_keys the public keys if authentication check
* @return 0 if successful
*/
int fwup_verify(const char *input_filename, unsigned char * const *public_keys)
{
unsigned char *meta_conf_signature = NULL;
struct resource_list *all_resources = NULL;
cfg_t *cfg = NULL;
int rc = 0;
struct archive *a = archive_read_new();
archive_read_support_format_zip(a);
if (!input_filename)
ERR_CLEANUP_MSG("Specify an input firmware file");
rc = fwup_archive_open_filename(a, input_filename);
if (rc != ARCHIVE_OK)
ERR_CLEANUP_MSG("%s", archive_error_string(a));
struct archive_entry *ae;
rc = archive_read_next_header(a, &ae);
if (rc != ARCHIVE_OK)
ERR_CLEANUP_MSG("%s", archive_error_string(a));
if (strcmp(archive_entry_pathname(ae), "meta.conf.ed25519") == 0) {
off_t total_size;
if (archive_read_all_data(a, ae, (char **) &meta_conf_signature, crypto_sign_BYTES, &total_size) < 0)
ERR_CLEANUP_MSG("Error reading meta.conf.ed25519 from archive.\n"
"Check for file corruption or libarchive built without zlib support");
if (total_size != crypto_sign_BYTES)
ERR_CLEANUP_MSG("Unexpected meta.conf.ed25519 size: %d", total_size);
rc = archive_read_next_header(a, &ae);
if (rc != ARCHIVE_OK)
ERR_CLEANUP_MSG("Expecting more than meta.conf.ed25519 in archive");
}
if (strcmp(archive_entry_pathname(ae), "meta.conf") != 0)
ERR_CLEANUP_MSG("Expecting meta.conf to be at the beginning of %s", input_filename);
OK_OR_CLEANUP(cfgfile_parse_fw_ae(a, ae, &cfg, meta_conf_signature, public_keys));
OK_OR_CLEANUP(rlist_get_all(cfg, &all_resources));
while (archive_read_next_header(a, &ae) == ARCHIVE_OK) {
const char *filename = archive_entry_pathname(ae);
char resource_name[FWFILE_MAX_ARCHIVE_PATH];
OK_OR_CLEANUP(archive_filename_to_resource(filename, resource_name, sizeof(resource_name)));
OK_OR_CLEANUP(check_resource(all_resources, resource_name, a, ae));
}
// Check that all resources have been validated
for (struct resource_list *r = all_resources; r != NULL; r = r->next) {
if (!r->processed)
ERR_CLEANUP_MSG("Resource %s not found in archive", cfg_title(r->resource));
}
const char *success_message;
if (*public_keys && meta_conf_signature)
success_message = "Valid archive with a good signature\n";
else if (!*public_keys && meta_conf_signature)
success_message = "Valid archive with an unverified signature. Specify a public key to authenticate.\n";
else
success_message = "Valid archive without a signature\n";
fwup_output(FRAMING_TYPE_SUCCESS, 0, success_message);
cleanup:
rlist_free(all_resources);
archive_read_close(a);
archive_read_free(a);
if (meta_conf_signature)
free(meta_conf_signature);
if (cfg)
cfgfile_free(cfg);
return rc;
}
