static int calculate_total_filesize(const char *local_paths, off_t *len) { int rc = 0; char *paths = strdup(local_paths); *len = 0; for (char *path = strtok(paths, ";"); path != NULL; path = strtok(NULL, ";")) { FILE *fp = fopen(path, "rb"); if (!fp) ERR_CLEANUP_MSG("can't open '%s'", path); fseeko(fp, 0, SEEK_END); off_t file_len = ftello(fp); fseeko(fp, 0, SEEK_SET); fclose(fp); *len += file_len; } cleanup: free(paths); return rc; }
int fwfile_add_local_file(struct archive *a, const char *resource_name, const char *local_path) { int rc = 0; off_t copy_buffer_len = 64 * 1024; char *copy_buffer = (char *) malloc(copy_buffer_len); struct archive_entry *entry = 0; FILE *fp = fopen(local_path, "rb"); if (!fp) ERR_CLEANUP_MSG("can't open local file"); fseeko(fp, 0, SEEK_END); off_t total_len = ftello(fp); fseeko(fp, 0, SEEK_SET); entry = archive_entry_new(); // Convert the resource name to an archive path (most resources should be in the data directory) char archive_path[FWFILE_MAX_ARCHIVE_PATH]; size_t resource_name_len = strlen(resource_name); if (resource_name_len + 6 > sizeof(archive_path)) ERR_CLEANUP_MSG("resource name is too long"); if (resource_name_len == '\0') ERR_CLEANUP_MSG("resource name can't be empty"); if (resource_name[resource_name_len - 1] == '/') ERR_CLEANUP_MSG("resource name can't end in a '/'"); if (resource_name[0] == '/') { if (resource_name[1] == '\0') ERR_CLEANUP_MSG("resource name can't be the root directory"); // This seems like it's just asking for trouble, so error out. if (strcmp(resource_name, "/meta.conf") == 0) ERR_CLEANUP_MSG("resources can't be named /meta.conf"); // Absolute paths are not intended to be commonly used and ones // in /data won't work when applying the updates, so error out. if (memcmp(resource_name, "/data/", 6) == 0 || strcmp(resource_name, "/data") == 0) ERR_CLEANUP_MSG("use a normal resource name rather than specifying /data"); strcpy(archive_path, &resource_name[1]); } else { sprintf(archive_path, "data/%s", resource_name); } archive_entry_set_pathname(entry, archive_path); archive_entry_set_size(entry, total_len); archive_entry_set_filetype(entry, AE_IFREG); archive_entry_set_perm(entry, 0644); archive_write_header(a, entry); size_t len = fread(copy_buffer, 1, (size_t)copy_buffer_len, fp); off_t total_read = (off_t)len; while (len > 0) { off_t written = archive_write_data(a, copy_buffer, len); if (written != (off_t) len) ERR_CLEANUP_MSG("error writing to archive"); len = fread(copy_buffer, 1, copy_buffer_len, fp); total_read += len; } if (total_read != total_len) ERR_CLEANUP_MSG("read an unexpected amount of data"); cleanup: archive_entry_free(entry); if (fp) fclose(fp); free(copy_buffer); return rc; }
int fwfile_add_local_file(struct archive *a, const char *resource_name, const char *local_paths, const struct fwfile_assertions *assertions) { int rc = 0; off_t copy_buffer_len = 64 * 1024; char *copy_buffer = (char *) malloc(copy_buffer_len); struct archive_entry *entry = archive_entry_new(); off_t total_read = 0; char *paths = strdup(local_paths); FILE *fp = NULL; if (*paths == '\0') ERR_CLEANUP_MSG("must specify a host-path for resource '%s'", resource_name); off_t total_len; if (calculate_total_filesize(local_paths, &total_len) < 0) goto cleanup; // Error set by calculate_total_filesize() if (assertions) { if (assertions->assert_gte >= 0 && !(total_len >= assertions->assert_gte)) ERR_CLEANUP_MSG("file size assertion failed on '%s'. Size is %d bytes. It must be >= %d bytes (%d blocks)", local_paths, total_len, assertions->assert_gte, assertions->assert_gte / 512); if (assertions->assert_lte >= 0 && !(total_len <= assertions->assert_lte)) ERR_CLEANUP_MSG("file size assertion failed on '%s'. Size is %d bytes. It must be <= %d bytes (%d blocks)", local_paths, total_len, assertions->assert_lte, assertions->assert_lte / 512); } // Convert the resource name to an archive path (most resources should be in the data directory) char archive_path[FWFILE_MAX_ARCHIVE_PATH]; size_t resource_name_len = strlen(resource_name); if (resource_name_len + 6 > sizeof(archive_path)) ERR_CLEANUP_MSG("resource name '%s' is too long", resource_name); if (resource_name_len == '\0') ERR_CLEANUP_MSG("resource name can't be empty"); if (resource_name[resource_name_len - 1] == '/') ERR_CLEANUP_MSG("resource name '%s' can't end in a '/'", resource_name); if (resource_name[0] == '/') { if (resource_name[1] == '\0') ERR_CLEANUP_MSG("resource name can't be the root directory"); // This seems like it's just asking for trouble, so error out. if (strcmp(resource_name, "/meta.conf") == 0) ERR_CLEANUP_MSG("resources can't be named /meta.conf"); // Absolute paths are not intended to be commonly used and ones // in /data won't work when applying the updates, so error out. if (memcmp(resource_name, "/data/", 6) == 0 || strcmp(resource_name, "/data") == 0) ERR_CLEANUP_MSG("use a normal resource name rather than specifying /data"); strcpy(archive_path, &resource_name[1]); } else { sprintf(archive_path, "data/%s", resource_name); } archive_entry_set_pathname(entry, archive_path); archive_entry_set_size(entry, total_len); archive_entry_set_filetype(entry, AE_IFREG); archive_entry_set_perm(entry, 0644); archive_write_header(a, entry); for (char *path = strtok(paths, ";"); path != NULL; path = strtok(NULL, ";")) { fp = fopen(path, "rb"); if (!fp) ERR_CLEANUP_MSG("can't open '%s'", path); size_t len = fread(copy_buffer, 1, (size_t) copy_buffer_len, fp); off_t file_read = (off_t) len; while (len > 0) { off_t written = archive_write_data(a, copy_buffer, len); if (written != (off_t) len) ERR_CLEANUP_MSG("error writing to archive"); len = fread(copy_buffer, 1, copy_buffer_len, fp); file_read += len; } total_read += file_read; fclose(fp); fp = NULL; } if (total_read != total_len) ERR_CLEANUP_MSG("read error for '%s'", paths); cleanup: archive_entry_free(entry); if (fp) fclose(fp); free(copy_buffer); free(paths); return rc; }
/** * @brief Verify that the firmware archive is ok * @param input_filename the firmware update filename * @param public_keys the public keys if authentication check * @return 0 if successful */ int fwup_verify(const char *input_filename, unsigned char * const *public_keys) { unsigned char *meta_conf_signature = NULL; struct resource_list *all_resources = NULL; cfg_t *cfg = NULL; int rc = 0; struct archive *a = archive_read_new(); archive_read_support_format_zip(a); if (!input_filename) ERR_CLEANUP_MSG("Specify an input firmware file"); rc = fwup_archive_open_filename(a, input_filename); if (rc != ARCHIVE_OK) ERR_CLEANUP_MSG("%s", archive_error_string(a)); struct archive_entry *ae; rc = archive_read_next_header(a, &ae); if (rc != ARCHIVE_OK) ERR_CLEANUP_MSG("%s", archive_error_string(a)); if (strcmp(archive_entry_pathname(ae), "meta.conf.ed25519") == 0) { off_t total_size; if (archive_read_all_data(a, ae, (char **) &meta_conf_signature, crypto_sign_BYTES, &total_size) < 0) ERR_CLEANUP_MSG("Error reading meta.conf.ed25519 from archive.\n" "Check for file corruption or libarchive built without zlib support"); if (total_size != crypto_sign_BYTES) ERR_CLEANUP_MSG("Unexpected meta.conf.ed25519 size: %d", total_size); rc = archive_read_next_header(a, &ae); if (rc != ARCHIVE_OK) ERR_CLEANUP_MSG("Expecting more than meta.conf.ed25519 in archive"); } if (strcmp(archive_entry_pathname(ae), "meta.conf") != 0) ERR_CLEANUP_MSG("Expecting meta.conf to be at the beginning of %s", input_filename); OK_OR_CLEANUP(cfgfile_parse_fw_ae(a, ae, &cfg, meta_conf_signature, public_keys)); OK_OR_CLEANUP(rlist_get_all(cfg, &all_resources)); while (archive_read_next_header(a, &ae) == ARCHIVE_OK) { const char *filename = archive_entry_pathname(ae); char resource_name[FWFILE_MAX_ARCHIVE_PATH]; OK_OR_CLEANUP(archive_filename_to_resource(filename, resource_name, sizeof(resource_name))); OK_OR_CLEANUP(check_resource(all_resources, resource_name, a, ae)); } // Check that all resources have been validated for (struct resource_list *r = all_resources; r != NULL; r = r->next) { if (!r->processed) ERR_CLEANUP_MSG("Resource %s not found in archive", cfg_title(r->resource)); } const char *success_message; if (*public_keys && meta_conf_signature) success_message = "Valid archive with a good signature\n"; else if (!*public_keys && meta_conf_signature) success_message = "Valid archive with an unverified signature. Specify a public key to authenticate.\n"; else success_message = "Valid archive without a signature\n"; fwup_output(FRAMING_TYPE_SUCCESS, 0, success_message); cleanup: rlist_free(all_resources); archive_read_close(a); archive_read_free(a); if (meta_conf_signature) free(meta_conf_signature); if (cfg) cfgfile_free(cfg); return rc; }