...

Source file src/github.com/sassoftware/relic/lib/signappx/zipmeta.go

Documentation: github.com/sassoftware/relic/lib/signappx 

     1  //
     2  // Copyright (c) SAS Institute Inc.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  //
    16  
    17  package signappx
    18  
    19  import (
    20  	"crypto/hmac"
    21  	"errors"
    22  	"fmt"
    23  	"io"
    24  
    25  	"github.com/sassoftware/relic/lib/zipslicer"
    26  )
    27  
    28  func verifyMeta(r io.ReaderAt, size int64, sig *AppxSignature, skipDigests bool) error {
    29  	dir, err := zipslicer.Read(r, size)
    30  	if err != nil {
    31  		return err
    32  	}
    33  	sigIdx := -1
    34  	for i, f := range dir.File {
    35  		if f.Name == appxSignature {
    36  			sigIdx = i
    37  		} else if sigIdx >= 0 {
    38  			return errors.New("zip elements out of order")
    39  		}
    40  	}
    41  
    42  	// AXPC is a hash of everything except the central directory and signature file
    43  	axpc := sig.Hash.New()
    44  	sink := io.Writer(axpc)
    45  	if skipDigests {
    46  		sink = nil
    47  	}
    48  	// AXCD is a hash of the zip central directory with the signature file removed
    49  	axcd := sig.Hash.New()
    50  	if err := dir.Truncate(sigIdx, sink, axcd); err != nil {
    51  		return fmt.Errorf("verifying zip metadata: %s", err)
    52  	}
    53  	if !skipDigests {
    54  		calc := axpc.Sum(nil)
    55  		if expected := sig.HashValues["AXPC"]; !hmac.Equal(calc, expected) {
    56  			return fmt.Errorf("appx digest mismatch for zip contents: calculated %x != found %x", calc, expected)
    57  		}
    58  	}
    59  	calc := axcd.Sum(nil)
    60  	if expected := sig.HashValues["AXCD"]; !hmac.Equal(calc, expected) {
    61  		return fmt.Errorf("appx digest mismatch for zip directory: calculated %x != found %x", calc, expected)
    62  	}
    63  	return nil
    64  }
    65  

View as plain text