bool record_create(record_t *record, const char *prog, int argc, char **argv)
{
char hash_buf[SHA1_STRING_LEN];
const char *prog_bin = prog;
unsigned i;
record_clear(record);
if (strrchr(prog, '/'))
prog_bin = strrchr(prog, '/') + 1;
if (!sha1_file(prog, hash_buf)) return false;
strlist_push_back(&record->prog_line, prog_bin);
strlist_push_back(&record->prog_line, sha1_file(prog, hash_buf));
for (i = 0; i < (unsigned)argc; ++i)
strlist_push_back(&record->prog_line, argv[i]);
strlist lib_list = STRLIST_INITIALIZER;
get_libs(&lib_list, prog);
for (i = 0; i < lib_list.count; ++i) {
const char *lib_path = strlist_get(&lib_list, i);
if (!sha1_file(lib_path, hash_buf)) continue;
strlist_push_back(&record->lib_line, lib_path);
strlist_push_back(&record->lib_line, sha1_file(lib_path, hash_buf));
}
record->enabled = true;
return true;
}
char *
crySha1File(const char *sFile, char sOutBuf[20])
{
if (sha1_file(sFile, (unsigned char *)sOutBuf) != 0) {
return NULL;
}
return sOutBuf;
}
static int sha1_file_wrap( const char *path, unsigned char *output )
{
#if defined(POLARSSL_FS_IO)
return sha1_file( path, output );
#else
((void) path);
((void) output);
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
CAMLprim value stub_sha1_file(value name)
{
CAMLparam1(name);
CAMLlocal1(result);
result = caml_alloc_string(20);
if (sha1_file(String_val(name), String_val(result)))
caml_failwith("file error");
CAMLreturn(result);
}
static int sha1_wrapper( char *filename, unsigned char *sum )
{
int ret = sha1_file( filename, sum );
if( ret == 1 )
fprintf( stderr, "failed to open: %s\n", filename );
if( ret == 2 )
fprintf( stderr, "failed to read: %s\n", filename );
return( ret );
}
static PyObject *
spam_sha1_file(PyObject *self, PyObject *args)
{
const char *filename;
int sts;
if (!PyArg_ParseTuple(args, "s", &filename))
return NULL;
std::string cs;
sts = sha1_file(filename, cs, false);
std::cout << cs << " " << filename << std::endl;
return Py_BuildValue("i", sts);
}
uint Sha::GetFileDigest(void* digest, LPCSTR fn, SHA_BITS bits) {
int rst;
if(bits == sha_160) {
rst = sha1_file((char*)fn, (byte*)digest);
} else if(bits == sha_224) {
rst = sha2_file((char*)fn, (byte*)digest, 1);
} else if(bits == sha_256) {
rst = sha2_file((char*)fn, (byte*)digest, 0);
} else if(bits == sha_384) {
rst = sha4_file((char*)fn, (byte*)digest, 1);
} else if(bits == sha_512) {
rst = sha4_file((char*)fn, (byte*)digest, 0);
} else {
_ASSERT(0);
return 0;
}
return rst ? 0 : bits;
}
int main(int argc, char* argv[])
{
FILE *infile;
unsigned char sha1[20];
struct stat st;
if (argc < 2)
usage(argv[0]);
if (!(infile = fopen(argv[1], "rb")))
die("Could not open %s", argv[1]);
if (stat(argv[1], &st) < 0)
die("Could not stat %s", argv[1]);
if (sha1_file(infile, st.st_size, sha1) < 0)
die("SHA1 failed");
fclose(infile);
print_sha1(NULL, sha1);
printf(" %s\n", argv[1]);
return 0;
}
struct file_record *make_fr(const char *path, const char *follow)
{
struct file_record *fr;
unsigned char sha1[20];
char xpath[PATH_MAX];
struct stat st;
FILE *infile;
PHOENIXFS_DBG("make_fr:: %s", path);
if (!(fr = malloc(sizeof(struct file_record))))
return NULL;
memset(fr, 0, sizeof(struct file_record));
build_xpath(xpath, path, 0);
if (lstat(xpath, &st) < 0) {
PHOENIXFS_DBG("make_fr:: can't stat %s", xpath);
free(fr);
return NULL;
}
/* No point computing SHA1 of symlinks */
if (S_ISLNK(st.st_mode)) {
PHOENIXFS_DBG("make_fr:: link %s to %s", path, follow);
memset(fr->sha1, 0, 20);
strcpy((char *) fr->follow, follow);
goto END;
}
/* Compute SHA1 of regular and executable files */
if (!(infile = fopen(xpath, "rb")) ||
(sha1_file(infile, st.st_size, sha1) < 0)) {
free(fr);
return NULL;
}
fclose(infile);
memcpy(fr->sha1, sha1, 20);
strcpy((char *) fr->follow, "\0");
END:
fill_fr(fr, &st);
return fr;
}
static int dag_check( void * instance_struct, struct dag *d){
struct archive_instance *a = (struct archive_instance*)instance_struct;
unsigned char digest[SHA1_DIGEST_LENGTH];
// Takes hash of filename and stores it in digest
sha1_file(d->filename, digest);
// Makes a c string copy of your hash address
a->source_makeflow = xxstrdup(sha1_string(digest));
// If a is in write mode using the -w flag
if (a->write) {
// Formats archive file directory
char *source_makeflow_file_dir = string_format("%s/files/%.2s", a->dir, a->source_makeflow);
// If the directory was not able to be created and directory already exists
if (!create_dir(source_makeflow_file_dir, 0777) && errno != EEXIST){
// Prints out a debug error
debug(D_ERROR|D_MAKEFLOW_HOOK, "could not create makeflow archiving directory %s: %d %s\n",
source_makeflow_file_dir, errno, strerror(errno));
// Frees memory for source_makeflow_file_dir
free(source_makeflow_file_dir);
return MAKEFLOW_HOOK_FAILURE;
}
// Gets the path of the archive file
char *source_makeflow_file_path = string_format("%s/%s", source_makeflow_file_dir, a->source_makeflow);
// Frees memory
free(source_makeflow_file_dir);
// If the file was unable to be copied to the new path
if (!copy_file_to_file(d->filename, source_makeflow_file_path)){
// Prints out debug error
debug(D_ERROR|D_MAKEFLOW_HOOK, "Could not archive source makeflow file %s\n", source_makeflow_file_path);
free(source_makeflow_file_path);
return MAKEFLOW_HOOK_FAILURE;
} else {
// Print out where it is stored at
debug(D_MAKEFLOW_HOOK, "Source makeflow %s stored at %s\n", d->filename, source_makeflow_file_path);
}
free(source_makeflow_file_path);
}
return MAKEFLOW_HOOK_SUCCESS;
}
uint Sha::GetFileDigest(void* digest,LPCWSTR fn,SHA_BITS bits){
String str = fn;
char buf[MAX_PATH];
int len = str.ToMultiByte(buf,MAX_PATH,CP_THREAD_ACP);
buf[len] = 0;
int rst;
if(bits==sha_160){
rst = sha1_file(buf,(byte*)digest);
}else if(bits==sha_224){
rst = sha2_file(buf,(byte*)digest,1);
}else if(bits==sha_256){
rst = sha2_file(buf,(byte*)digest,0);
}else if(bits==sha_384){
rst = sha4_file(buf,(byte*)digest,1);
}else if(bits==sha_512){
rst = sha4_file(buf,(byte*)digest,0);
}else{
_ASSERT(0);
return 0;
}
return rst?0:bits;
}
CAMLprim value stub_sha1_file(value name)
{
CAMLparam1(name);
CAMLlocal1(result);
sha1_digest digest;
const int len = caml_string_length(name);
char *name_dup = alloca(len);
memcpy(name_dup, String_val(name), len);
name_dup[len] = '\0';
caml_release_runtime_system();
if (sha1_file(name_dup, &digest)) {
caml_acquire_runtime_system();
caml_failwith("file error");
}
caml_acquire_runtime_system();
result = caml_alloc_string(sizeof(digest));
memcpy(String_val(result), &digest, sizeof(digest));
CAMLreturn(result);
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret, i, c;
rsa_context rsa;
unsigned char hash[20];
unsigned char buf[512];
ret = 1;
if( argc != 2 )
{
printf( "usage: rsa_verify <filename>\n" );
#ifdef WIN32
printf( "\n" );
#endif
goto exit;
}
printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
{
printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
fclose( f );
/*
* Extract the RSA signature from the text file
*/
ret = 1;
i = strlen( argv[1] );
memcpy( argv[1] + i, ".sig", 5 );
if( ( f = fopen( argv[1], "rb" ) ) == NULL )
{
printf( "\n ! Could not open %s\n\n", argv[1] );
goto exit;
}
argv[1][i] = '\0', i = 0;
while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c;
fclose( f );
if( i != rsa.len )
{
printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
/*
* Compute the SHA-1 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
*/
printf( "\n . Verifying the RSA/SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
{
printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
goto exit;
}
if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
}
printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
ret = 0;
exit:
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret, i;
rsa_context rsa;
unsigned char hash[20];
unsigned char buf[512];
ret = 1;
if( argc != 2 )
{
printf( "usage: rsa_sign <filename>\n" );
#ifdef WIN32
printf( "\n" );
#endif
goto exit;
}
printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
fclose( f );
/*
* Compute the SHA-1 hash of the input file,
* then calculate the RSA signature of the hash.
*/
printf( "\n . Generating the RSA/SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[1], hash ) ) != 0 )
{
printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
goto exit;
}
if( ( ret = rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
}
/*
* Write the signature into <filename>-sig.txt
*/
memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 );
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not create %s\n\n", argv[1] );
goto exit;
}
for( i = 0; i < rsa.len; i++ )
fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
fclose( f );
printf( "\n . Done (created \"%s\")\n\n", argv[1] );
exit:
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
static void scan_files()
{
/* Check file changes */
FILE *tmp_output = fopen("/tmp/.nlidout","w");
FILE *data_file = NULL;
struct stat file_mode;
char *enc_buf = NULL;
char *dec_buf = NULL;
if(verbose)
printf("Scanning\n");
if(lstat(encrypted_file, &file_mode)==-1)
{
fprintf(stderr, "Failed opening %s for scan procedure\n",encrypted_file);
return;
}
data_file = fopen(encrypted_file,"r");
if(!data_file)
{
fprintf(stderr, "Failed opening %s for scan procedure\n",encrypted_file);
return;
}
enc_buf = malloc(file_mode.st_size+1);
fread(enc_buf, 1, file_mode.st_size, data_file);
fclose(data_file);
dec_buf = encrypt_nl(enc_buf, file_mode.st_size);
fwrite(dec_buf, 1, file_mode.st_size, tmp_output);
fclose(tmp_output);
data_file = fopen("/tmp/.nlidout","r");
while(!feof(data_file))
{
char *line_buf = malloc(1024);
char *filename = NULL;
char *last_space = NULL;
char *thash = NULL;
char *hash = NULL;
if(!fgets(line_buf, 1024, data_file)) /* Possible newline at the end of the file */
{
free(line_buf);
break;
}
filename = line_buf;
last_space = strstr(line_buf, " ");
if(!last_space)
{
fprintf(stderr, "Failed scanning file, possibly corrupted\n");
free(line_buf);
return;
}
while(!hash)
{
char *buf = NULL;
if((buf = strstr(last_space," "))==NULL) /* There are no more spaces so! */
{
filename[last_space-filename-1] = '\0';
hash = last_space;
hash[strlen(hash)-1] = '\0';
}
else
last_space = buf+1;
}
thash = sha1_file(filename);
if(thash) /* Might be a protected file, or it might not exist! */
{
if(verbose)
printf("Checking %s - %s against %s\n",filename, thash, hash);
if(strcmp(thash,hash)!=0)
{
printf("%s has been modified\n",filename);
}
free(thash);
}
else
{
printf("%s couldn't be open, may of been deleted\n",filename);
}
free(line_buf);
unlink("/tmp/.nlidout");
}
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret = 1;
pk_context pk;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
unsigned char hash[20];
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
char filename[512];
const char *pers = "pk_sign";
size_t olen = 0;
entropy_init( &entropy );
pk_init( &pk );
if( argc != 3 )
{
polarssl_printf( "usage: pk_sign <key_file> <filename>\n" );
#if defined(_WIN32)
polarssl_printf( "\n" );
#endif
goto exit;
}
polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%04x\n", -ret );
goto exit;
}
polarssl_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
polarssl_printf( " failed\n ! Could not open '%s'\n", argv[1] );
goto exit;
}
/*
* Compute the SHA-1 hash of the input file,
* then calculate the signature of the hash.
*/
polarssl_printf( "\n . Generating the SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
polarssl_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
if( ( ret = pk_sign( &pk, POLARSSL_MD_SHA1, hash, 0, buf, &olen,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
polarssl_printf( " failed\n ! pk_sign returned -0x%04x\n", -ret );
goto exit;
}
/*
* Write the signature into <filename>-sig.txt
*/
snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
polarssl_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
polarssl_printf( "failed\n ! fwrite failed\n\n" );
goto exit;
}
fclose( f );
polarssl_printf( "\n . Done (created \"%s\")\n\n", filename );
exit:
pk_free( &pk );
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
polarssl_printf( " ! Last error was: %s\n", buf );
#endif
#if defined(_WIN32)
polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout );
getchar();
#endif
return( ret );
}
static int phoenixfs_release(const char *path, struct fuse_file_info *fi)
{
struct file_record *fr;
FILE *infile, *outfile;
struct stat st;
unsigned char sha1[20];
char sha1_digest[40];
char outfilename[40];
char inpath[PATH_MAX];
char outpath[PATH_MAX];
int rev, ret;
pthread_mutex_lock(&phoenixfs_mutexlock);
/* Don't recursively backup history */
if ((rev = parse_pathspec(xpath, path))) {
PHOENIXFS_DBG("release:: history: %s", path);
/* Inflate the original version back onto the filesystem */
if (!(fr = find_fr(xpath, 0))) {
PHOENIXFS_DBG("release:: Can't find revision 0!");
pthread_mutex_unlock(&phoenixfs_mutexlock);
return 0;
}
print_sha1(sha1_digest, fr->sha1);
sprintf(inpath, "%s/.git/loose/%s", ROOTENV->fsback, sha1_digest);
build_xpath(outpath, xpath, 0);
if (!(infile = fopen(inpath, "rb")) ||
!(outfile = fopen(outpath, "wb+"))) {
pthread_mutex_unlock(&phoenixfs_mutexlock);
return -errno;
}
PHOENIXFS_DBG("release:: history: zinflate %s onto %s",
sha1_digest, outpath);
rewind(infile);
rewind(outfile);
if (zinflate(infile, outfile) != Z_OK)
PHOENIXFS_DBG("release:: zinflate issue");
fflush(outfile);
fclose(infile);
fclose(outfile);
if (close(fi->fh) < 0) {
PHOENIXFS_DBG("release:: can't really close");
pthread_mutex_unlock(&phoenixfs_mutexlock);
return -errno;
}
pthread_mutex_unlock(&phoenixfs_mutexlock);
return 0;
}
/* Attempt to create a backup */
build_xpath(xpath, path, 0);
if (!(infile = fopen(xpath, "rb")) ||
(lstat(xpath, &st) < 0)) {
pthread_mutex_unlock(&phoenixfs_mutexlock);
return -errno;
}
if ((ret = sha1_file(infile, st.st_size, sha1)) < 0) {
fclose(infile);
pthread_mutex_unlock(&phoenixfs_mutexlock);
return ret;
}
print_sha1(outfilename, sha1);
sprintf(outpath, "%s/.git/loose/%s", ROOTENV->fsback, outfilename);
if (!access(outpath, F_OK)) {
/* SHA1 match; don't overwrite file as an optimization */
PHOENIXFS_DBG("release:: not overwriting: %s", outpath);
goto END;
}
if (!(outfile = fopen(outpath, "wb"))) {
fclose(infile);
pthread_mutex_unlock(&phoenixfs_mutexlock);
return -errno;
}
/* Rewind and seek back */
rewind(infile);
PHOENIXFS_DBG("release:: zdeflate %s onto %s", xpath, outfilename);
if (zdeflate(infile, outfile, -1) != Z_OK)
PHOENIXFS_DBG("release:: zdeflate issue");
mark_for_packing(sha1, st.st_size);
fclose(outfile);
END:
fclose(infile);
if (close(fi->fh) < 0) {
PHOENIXFS_DBG("release:: can't really close");
return -errno;
}
/* Update the fstree */
fstree_insert_update_file(path, NULL);
pthread_mutex_unlock(&phoenixfs_mutexlock);
return 0;
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret = 1;
size_t i;
pk_context pk;
unsigned char hash[20];
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
char filename[512];
pk_init( &pk );
if( argc != 3 )
{
printf( "usage: pk_verify <key_file> <filename>\n" );
#if defined(_WIN32)
printf( "\n" );
#endif
goto exit;
}
printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
printf( " failed\n ! pk_parse_public_keyfile returned -0x%04x\n", -ret );
goto exit;
}
/*
* Extract the signature from the text file
*/
ret = 1;
snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
printf( "\n ! Could not open %s\n\n", filename );
goto exit;
}
i = fread( buf, 1, sizeof(buf), f );
fclose( f );
/*
* Compute the SHA-1 hash of the input file and compare
* it with the hash decrypted from the signature.
*/
printf( "\n . Verifying the SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
if( ( ret = pk_verify( &pk, POLARSSL_MD_SHA1, hash, 0,
buf, i ) ) != 0 )
{
printf( " failed\n ! pk_verify returned -0x%04x\n", -ret );
goto exit;
}
printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
ret = 0;
exit:
pk_free( &pk );
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, sizeof(buf) );
printf( " ! Last error was: %s\n", buf );
#endif
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
static int verify_chunk_checksums(struct backup *backup, struct backup_chunk *chunk,
struct gzuncat *gzuc, int verbose, FILE *out)
{
int r;
if (out && verbose)
fprintf(out, "checking chunk %d checksums...\n", chunk->id);
/* validate file-prior-to-this-chunk checksum */
if (out && verbose > 1)
fprintf(out, " checking file checksum...\n");
char file_sha1[2 * SHA1_DIGEST_LENGTH + 1];
sha1_file(backup->fd, backup->data_fname, chunk->offset, file_sha1);
r = strncmp(chunk->file_sha1, file_sha1, sizeof(file_sha1));
if (r) {
syslog(LOG_DEBUG, "%s: %s (chunk %d) file checksum mismatch: %s on disk, %s in index\n",
__func__, backup->data_fname, chunk->id, file_sha1, chunk->file_sha1);
if (out)
fprintf(out, "file checksum mismatch for chunk %d: %s on disk, %s in index\n",
chunk->id, file_sha1, chunk->file_sha1);
goto done;
}
/* validate data-within-this-chunk checksum */
// FIXME length and data_sha1 are set at backup_append_end.
// detect and correctly report case where this hasn't occurred.
if (out && verbose > 1)
fprintf(out, " checking data length\n");
char buf[8192]; /* FIXME whatever */
size_t len = 0;
SHA_CTX sha_ctx;
SHA1_Init(&sha_ctx);
gzuc_member_start_from(gzuc, chunk->offset);
while (!gzuc_member_eof(gzuc)) {
ssize_t n = gzuc_read(gzuc, buf, sizeof(buf));
if (n >= 0) {
SHA1_Update(&sha_ctx, buf, n);
len += n;
}
}
gzuc_member_end(gzuc, NULL);
if (len != chunk->length) {
syslog(LOG_DEBUG, "%s: %s (chunk %d) data length mismatch: "
SIZE_T_FMT " on disk,"
SIZE_T_FMT " in index\n",
__func__, backup->data_fname, chunk->id, len, chunk->length);
if (out)
fprintf(out, "data length mismatch for chunk %d: "
SIZE_T_FMT " on disk,"
SIZE_T_FMT " in index\n",
chunk->id, len, chunk->length);
r = -1;
goto done;
}
if (out && verbose > 1)
fprintf(out, " checking data checksum...\n");
unsigned char sha1_raw[SHA1_DIGEST_LENGTH];
char data_sha1[2 * SHA1_DIGEST_LENGTH + 1];
SHA1_Final(sha1_raw, &sha_ctx);
r = bin_to_hex(sha1_raw, SHA1_DIGEST_LENGTH, data_sha1, BH_LOWER);
assert(r == 2 * SHA1_DIGEST_LENGTH);
r = strncmp(chunk->data_sha1, data_sha1, sizeof(data_sha1));
if (r) {
syslog(LOG_DEBUG, "%s: %s (chunk %d) data checksum mismatch: %s on disk, %s in index\n",
__func__, backup->data_fname, chunk->id, data_sha1, chunk->data_sha1);
if (out)
fprintf(out, "data checksum mismatch for chunk %d: %s on disk, %s in index\n",
chunk->id, data_sha1, chunk->data_sha1);
goto done;
}
done:
syslog(LOG_DEBUG, "%s: checksum %s!\n", __func__, r ? "failed" : "passed");
if (out && verbose)
fprintf(out, "%s\n", r ? "error" : "ok");
return r;
}
static void add_file(char *file, int recursive)
{
char buf[16] = { '\0' }; /* Buffing of a different nature! */
struct stat file_mode;
char *hash = NULL;
char *ftwrite = NULL;
char *encrypted = NULL;
memset(buf,' ', (recursive-1)*2);
if((lstat(file, &file_mode)) == -1)
{
fprintf(stderr,"%sCouldn't add %s\n",buf,file);
return;
}
if(S_ISDIR(file_mode.st_mode))
{
struct dirent *dir = NULL;
DIR *c_dir = NULL;
if(recursive>=16) /* 16 levels of recursion */
{
fprintf(stderr,"%sHit 16 levels of recursion- stopping here\n",buf);
return;
}
if(verbose)
printf("%sInside %s\n",buf,file);
c_dir = opendir(file);
if(!c_dir) /* Empty dir... I hope */
return;
while((dir = readdir(c_dir))!=NULL)
{
if(strcmp(dir->d_name,".")!=0 && strcmp(dir->d_name,"..")!=0)
{
char *fname = malloc(strlen(file)+strlen(dir->d_name)+2); /* \0 and / */
if(file[strlen(file)-1]!='/')
sprintf(fname, "%s/%s",file, dir->d_name);
else
sprintf(fname, "%s%s",file, dir->d_name);
add_file(fname, recursive+1);
free(fname);
}
}
return;
}
else if(!S_ISREG(file_mode.st_mode))
{
fprintf(stderr, "Not adding unregular file %s\n", file);
return;
}
if(tmp_file==NULL)
{
struct stat tmp_file_mode;
tmp_file = fopen(encrypted_file,"a+");
if(!tmp_file)
{
fprintf(stderr, "Failed creating temporary file - fatal error\n");
exit(0);
}
if(lstat(encrypted_file,&tmp_file_mode)==-1)
{
fprintf(stderr, "Failed statting the encrypted file - fatal error\n");
exit(0);
}
if(tmp_file_mode.st_size>0)
{
char *file_contents = NULL;
fseek(tmp_file,0,SEEK_SET);
file_contents = malloc(tmp_file_mode.st_size+1);
fread(file_contents,1,tmp_file_mode.st_size,tmp_file);
decrypted_buf = encrypt_nl(file_contents, tmp_file_mode.st_size); /* SHOULD BE DECRYPRY!T */
free(file_contents);
fclose(tmp_file);
tmp_file = fopen(encrypted_file, "w");
}
}
hash = sha1_file(file);
if(!hash)
{
fprintf(stderr, "Couldn't add %s - Failed to hash\n",file);
return;
}
/* Check to see if the file is already being looked after */
if(decrypted_buf)
{
char *offset = NULL;
if((offset = strstr(decrypted_buf, file))!=NULL)
{
if(strncmp(offset, file, strlen(file)) == 0)
{
/* Now check to make sure that the hash is the same */
if(strncmp(offset+strlen(file)+1,hash,40)!=0)
{
if(!updates)
{
fprintf(stderr, "%s the hash isn't the same as the one currently stored. To force an update use the `-u` command arguement.\n",file);
free(hash);
return;
}
else
{
if(verbose) /* Since we will encrypt and write the decrypted text back to the file, we just memcpy the new hash. */
{
printf("Updating %s\n",file);
}
memcpy(offset+strlen(file)+1,hash,40);
free(hash);
}
return;
}
else
{
printf("Hash is the same %s - %s\n",offset+strlen(file)+1, hash);
free(hash);
return;
}
}
free(hash);
return;
}
}
ftwrite = malloc(strlen(file)+strlen(hash)+3);
sprintf(ftwrite,"%s %s\n",file, hash);
encrypted = encrypt_nl(ftwrite,strlen(file)+strlen(hash)+2);
fwrite(encrypted,1,strlen(file)+strlen(hash)+2,tmp_file);
if(verbose)
printf("%sAdded %s\n",buf,file);
free(encrypted);
free(ftwrite);
free(hash);
}
static int interpolate (chirp_jobid_t id, char task_path[CHIRP_PATH_MAX], char serv_path[CHIRP_PATH_MAX])
{
int rc;
char *mark;
for (mark = serv_path; (mark = strchr(mark, '%')); ) {
switch (mark[1]) {
case 'g':
case 'h':
case 's':
{
/* replace with hash of task_path */
unsigned char digest[SHA1_DIGEST_LENGTH];
if (mark[1] == 'h')
CATCHUNIX(sha1_file(task_path, digest) ? 0 : -1);
else if (mark[1] == 'g')
sqlite3_randomness(SHA1_DIGEST_LENGTH, digest);
else if (mark[1] == 's') {
struct stat64 buf;
CATCHUNIX(stat64(task_path, &buf));
if (buf.st_size <= MAX_SIZE_HASH) {
CATCHUNIX(sha1_file(task_path, digest) ? 0 : -1);
} else {
sqlite3_randomness(SHA1_DIGEST_LENGTH, digest);
}
}
if (strlen(serv_path)+sizeof(digest)*2 < CHIRP_PATH_MAX) {
size_t i;
memmove(mark+sizeof(digest)*2, mark+2, strlen(mark+2)+1);
for (i = 0; i < sizeof(digest); i++) {
char hex[3];
CATCHUNIX(snprintf(hex, sizeof(hex), "%02X", (unsigned int)digest[i]));
assert(rc == 2);
mark[i*2] = hex[0];
mark[i*2+1] = hex[1];
}
mark += sizeof(digest)*2;
} else {
CATCH(ENAMETOOLONG);
}
break;
}
case 'j':
{
char str[64];
CATCHUNIX(snprintf(str, sizeof(str), "%" PRICHIRP_JOBID_T, id));
assert((size_t)rc < sizeof(str));
if (strlen(serv_path)+strlen(str) < CHIRP_PATH_MAX) {
memmove(mark+strlen(str), mark+2, strlen(mark+2)+1);
memcpy(mark, str, strlen(str));
mark += strlen(str);
} else {
CATCH(ENAMETOOLONG);
}
break;
}
default:
mark += 1; /* ignore */
break;
}
}
rc = 0;
goto out;
out:
return rc;
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret = 1;
rsa_context rsa;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
unsigned char hash[20];
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
char filename[512];
const char *pers = "rsa_sign_pss";
entropy_init( &entropy );
rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
if( argc != 3 )
{
printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
#if defined(_WIN32)
printf( "\n" );
#endif
goto exit;
}
printf( "\n . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = x509parse_keyfile( &rsa, argv[1], "" ) ) != 0 )
{
ret = 1;
printf( " failed\n ! Could not open '%s'\n", argv[1] );
goto exit;
}
/*
* Compute the SHA-1 hash of the input file,
* then calculate the RSA signature of the hash.
*/
printf( "\n . Generating the RSA/SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg,
RSA_PRIVATE, SIG_RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
}
/*
* Write the signature into <filename>-sig.txt
*/
snprintf( filename, 512, "%s.sig", argv[2] );
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, rsa.len, f ) != (size_t) rsa.len )
{
printf( "failed\n ! fwrite failed\n\n" );
goto exit;
}
fclose( f );
printf( "\n . Done (created \"%s\")\n\n", filename );
exit:
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret;
size_t i;
rsa_context rsa;
unsigned char hash[20];
unsigned char buf[512];
char filename[512];
ret = 1;
if( argc != 3 )
{
printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
#ifdef WIN32
printf( "\n" );
#endif
goto exit;
}
printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
if( ( ret = x509parse_public_keyfile( &rsa, argv[1] ) ) != 0 )
{
printf( " failed\n ! x509parse_public_key returned %d\n\n", ret );
goto exit;
}
/*
* Extract the RSA signature from the text file
*/
ret = 1;
snprintf( filename, 512, "%s.sig", argv[2] );
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
printf( "\n ! Could not open %s\n\n", filename );
goto exit;
}
i = fread( buf, 1, rsa.len, f );
fclose( f );
if( i != rsa.len )
{
printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
/*
* Compute the SHA-1 hash of the input file and compare
* it with the hash decrypted from the RSA signature.
*/
printf( "\n . Verifying the RSA/SHA-1 signature" );
fflush( stdout );
if( ( ret = sha1_file( argv[2], hash ) ) != 0 )
{
printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
goto exit;
}
printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" );
ret = 0;
exit:
#ifdef WIN32
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
