/* * Copyright (C) 2021 Red Hat, Inc. * * SPDX-License-Identifier: LGPL-2.0+ * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library. If not, see . */ #include "config.h" #include "libglnx.h" #include static void assert_error_contains (GError **error, const char *msg) { g_assert (error != NULL); GError *actual = *error; g_assert (actual != NULL); if (strstr (actual->message, msg) == NULL) g_error ("%s does not contain %s", actual->message, msg); g_clear_error (error); } // Perhaps in the future we hook this up to a fuzzer static GBytes * corrupt (GBytes *input) { gsize len = 0; const guint8 *buf = g_bytes_get_data (input, &len); g_assert_cmpint (len, >, 0); g_assert_cmpint (len, <, G_MAXINT); g_autofree char *newbuf = g_memdup2 (buf, len); g_assert (newbuf != NULL); int o = g_random_int_range (0, len); newbuf[o] = (newbuf[0] + 1); return g_bytes_new_take (g_steal_pointer (&newbuf), len); } static gboolean run (GError **error) { g_autoptr (OstreeRepo) repo = ostree_repo_open_at (AT_FDCWD, "repo", NULL, error); if (!repo) return FALSE; g_autofree char *rev = NULL; if (!ostree_repo_resolve_rev (repo, "origin:main", FALSE, &rev, error)) return FALSE; g_assert (rev); g_autoptr (GVariant) commit = NULL; if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT, rev, &commit, error)) return FALSE; g_assert (commit); g_autoptr (GVariant) detached_meta = NULL; if (!ostree_repo_read_commit_detached_metadata (repo, rev, &detached_meta, NULL, error)) return FALSE; g_assert (detached_meta); g_autoptr (GBytes) commit_bytes = g_variant_get_data_as_bytes (commit); g_autoptr (GBytes) detached_meta_bytes = g_variant_get_data_as_bytes (detached_meta); g_autofree char *verify_report = NULL; if (!ostree_repo_signature_verify_commit_data (repo, "origin", commit_bytes, detached_meta_bytes, 0, &verify_report, error)) return FALSE; if (ostree_repo_signature_verify_commit_data (repo, "origin", commit_bytes, detached_meta_bytes, OSTREE_REPO_VERIFY_FLAGS_NO_GPG | OSTREE_REPO_VERIFY_FLAGS_NO_SIGNAPI, &verify_report, error)) return glnx_throw (error, "Should not have validated"); assert_error_contains (error, "No commit verification types enabled"); // No signatures g_autoptr (GBytes) empty = g_bytes_new_static ("", 0); if (ostree_repo_signature_verify_commit_data (repo, "origin", commit_bytes, empty, 0, &verify_report, error)) return glnx_throw (error, "Should not have validated"); assert_error_contains (error, "no signatures found"); // No such remote if (ostree_repo_signature_verify_commit_data (repo, "nosuchremote", commit_bytes, detached_meta_bytes, 0, &verify_report, error)) return glnx_throw (error, "Should not have validated"); assert_error_contains (error, "Remote \"nosuchremote\" not found"); // Corrupted commit g_autoptr (GBytes) corrupted_commit = corrupt (commit_bytes); if (ostree_repo_signature_verify_commit_data (repo, "origin", corrupted_commit, detached_meta_bytes, 0, &verify_report, error)) return glnx_throw (error, "Should not have validated"); assert_error_contains (error, "BAD signature"); return TRUE; } int main (int argc, char **argv) { g_autoptr (GError) error = NULL; if (!run (&error)) { g_printerr ("error: %s\n", error->message); exit (1); } }