From: job Date: Sun, 24 Apr 2022 12:25:25 +0000 (+0000) Subject: In filemode emit the hash which uniquely identifies a given Signed Object X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=d0b565d2eb32b84906e4d70b45bfb983012a898f;p=openbsd In filemode emit the hash which uniquely identifies a given Signed Object RPKI Signed Objects are not malleable; this means the SHA256 digest of an input file containing a signed object is a very stable identifier to associate with the decoded (validated) output shown in filemode. The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings). OK tb@ --- diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 4d6eb2fe55a..2cf310f8804 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.2 2022/04/21 12:59:03 claudio Exp $ */ +/* $OpenBSD: filemode.c,v 1.3 2022/04/24 12:25:25 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -265,6 +265,8 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) struct gbr *gbr = NULL; struct tal *tal = NULL; char *aia = NULL, *aki = NULL; + char filehash[SHA256_DIGEST_LENGTH]; + char *hash; enum rtype type; int is_ta = 0; @@ -284,10 +286,22 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) } } - if (outformats & FORMAT_JSON) + + if (!EVP_Digest(buf, len, filehash, NULL, EVP_sha256(), NULL)) + errx(1, "EVP_Digest failed in %s", __func__); + + if (base64_encode(filehash, sizeof(filehash), &hash) == -1) + errx(1, "base64_encode failed in %s", __func__); + + if (outformats & FORMAT_JSON) { printf("{\n\t\"file\": \"%s\",\n", file); - else + printf("\t\"hash_id\": \"%s\",\n", hash); + } else { printf("File: %s\n", file); + printf("Hash identifier: %s\n", hash); + } + + free(hash); type = rtype_from_file_extension(file);