Browse Source

Check shares against configured hash value

If a share has a configured hash value, check the share data
against that value and discard the share if there is a mismatch.
develop
Damien Goutte-Gattat 5 years ago
parent
commit
20ba3ecf63
  1. 6
      configure.ac
  2. 49
      src/gfsec-use.c

6
configure.ac

@ -18,6 +18,12 @@ AC_PROG_INSTALL
dnl Check for some non-ubiquitous functions
ICP_CHECK_NOTCH_FUNCS
dnl Check for Libgcrypt
AM_PATH_LIBGCRYPT([1.6.0],
[CFLAGS="$CFLAGS $LIBGCRYPT_FLAGS"
LIBS="$LIBS $LIBGCRYPT_LIBS"],
[AC_MSG_ERROR([libgcrypt not found])])
dnl Check for Libgfshare
PKG_CHECK_MODULES([LIBGFSHARE], [libgfshare])

49
src/gfsec-use.c

@ -33,6 +33,7 @@
#include <err.h>
#include <libgfshare.h>
#include <gcrypt.h>
#include "util.h"
#include "share.h"
@ -170,6 +171,24 @@ get_share_display_name(gfsec_share_t *share)
return buffer;
}
static int
check_share(gfsec_share_t *share, gcry_md_hd_t md)
{
unsigned char *md_val;
int rc;
if ( ! share->sha256 )
return 0;
gcry_md_write(md, share->data, share->length);
md_val = gcry_md_read(md, 0);
rc = memcmp(share->sha256, md_val, 32) == 0 ? 0 : -1;
gcry_md_reset(md);
return rc;
}
int
main(int argc, char **argv)
{
@ -180,6 +199,7 @@ main(int argc, char **argv)
gfsec_share_t *share;
unsigned have_shares, have_full;
pid_t pid;
gcry_md_hd_t md;
struct option options[] = {
{ "help", 0, NULL, 'h' },
@ -219,6 +239,12 @@ main(int argc, char **argv)
gfsec_mtp_init();
if ( ! gcry_check_version(GCRYPT_VERSION) )
errx(EXIT_FAILURE, "libgcrypt version mismatch");
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
if ( get_config_file(cfg_file, cfg_path, sizeof(cfg_path)) == -1 )
err(EXIT_FAILURE, "Cannot find configuration file");
@ -228,21 +254,34 @@ main(int argc, char **argv)
if ( ! output_file && ! (output_file = cfg->output_file) )
errx(EXIT_FAILURE, "No output file specified");
if ( gcry_md_open(&md, GCRY_MD_SHA256, 0) )
errx(EXIT_FAILURE, "Cannot create hashing context");
share = cfg->shares;
while ( share ) {
if ( get_share_data(share) == 0 ) {
if ( (share->flags & GFSEC_SHARE_FLAGS_FULL) > 0 )
have_full = 1;
else
have_shares += 1;
if ( check_share(share, md) == -1 ) {
warnx("Share data in %s does not hash to the expected value",
get_share_display_name(share));
free(share->data);
share->data = NULL;
}
else {
if ( (share->flags & GFSEC_SHARE_FLAGS_FULL) > 0 )
have_full = 1;
else
have_shares += 1;
printf("Found share data in %s\n", get_share_display_name(share));
printf("Found share data in %s\n", get_share_display_name(share));
}
}
share = share->next;
}
gcry_md_close(md);
if ( have_full ) {
share = cfg->shares;
while ( share ) {

Loading…
Cancel
Save