int pkg_finish_repo(char *path, pem_password_cb *password_cb, char *rsa_key_path) { char repo_path[MAXPATHLEN + 1]; char repo_archive[MAXPATHLEN + 1]; struct packing *pack; int max_len = 0; unsigned char *sigret = NULL; int siglen = 0; RSA *rsa = NULL; char sha256[SHA256_DIGEST_LENGTH * 2 +1]; snprintf(repo_path, sizeof(repo_path), "%s/repo.sqlite", path); snprintf(repo_archive, sizeof(repo_archive), "%s/repo", path); packing_init(&pack, repo_archive, TXZ); if (rsa_key_path != NULL) { if (access(rsa_key_path, R_OK) == -1) { pkg_emit_errno("access", rsa_key_path); return EPKG_FATAL; } SSL_load_error_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); rsa = load_rsa_private_key(rsa_key_path, password_cb); max_len = RSA_size(rsa); sigret = malloc(max_len + 1); memset(sigret, 0, max_len); sha256_file(repo_path, sha256); if (RSA_sign(NID_sha1, sha256, sizeof(sha256), sigret, &siglen, rsa) == 0) { /* XXX pass back RSA errors correctly */ pkg_emit_error("%s: %lu", rsa_key_path, ERR_get_error()); return EPKG_FATAL; } packing_append_buffer(pack, sigret, "signature", siglen + 1); free(sigret); RSA_free(rsa); ERR_free_strings(); } packing_append_file(pack, repo_path, "repo.sqlite"); unlink(repo_path); packing_finish(pack); return (EPKG_OK); }
/** * Initialize the middlebox firewall application. * This sets up the firewall's policies. * * @param policy_file the configuration file (in libconfig format) that specifies * the firewall's policy. If NULL, a default policy is used. * * @return 0 on success, negative on error */ int signaling_hipfw_feedback_init(const char *key_file, const char *cert_file) { int err = 0; /* Load the host identity */ if (HIP_DEFAULT_HIPFW_ALGO == HIP_HI_ECDSA) { load_ecdsa_private_key(key_file, &ecdsa_key); hip_any_key_to_hit(ecdsa_key, &our_hit, 0, HIP_HI_ECDSA); } else if (HIP_DEFAULT_HIPFW_ALGO == HIP_HI_RSA) { load_rsa_private_key(key_file, &rsa_key); hip_any_key_to_hit(rsa_key, &our_hit, 0, HIP_HI_RSA); } HIP_DEBUG("Successfully Loaded the MiddleBox key.\n"); HIP_INFO_HIT("Our hit: ", &our_hit); mb_cert = load_x509_certificate(cert_file); /* Sockets */ hipfw_nat_sock_output_udp = init_raw_sock_v4(IPPROTO_UDP); if (hipfw_nat_sock_output_udp > 0) { HIP_DEBUG("Successfully initialized nat output socket. \n"); } else { HIP_DEBUG("Failed to bind output socket. \n"); } if (rtnl_open_byproto(&hipfw_nl_route, RTMGRP_LINK | RTMGRP_IPV6_IFADDR | IPPROTO_IPV6 | RTMGRP_IPV4_IFADDR | IPPROTO_IP, NETLINK_ROUTE) < 0) { err = 1; HIP_ERROR("Routing socket error: %s\n", strerror(errno)); goto out_err; } else { HIP_DEBUG("Successfully opened netlink socket \n"); } /* flush ip table rules to not catch our own notify... */ system_print("iptables -D HIPFW-OUTPUT 1"); system_print("iptables -D HIPFW-OUTPUT 1"); out_err: return err; }