comments

Change-Id: I9b4a2067deca27c067d3b827d87204e87fa9c493

3 files changed, 34 insertions, 5 deletions

diff --git a/wgtpkg-digsig.c b/wgtpkg-digsig.c
index 6acfd6b..284acd1 100644
--- a/wgtpkg-digsig.c
+++ b/wgtpkg-digsig.c
@@ -132,22 +132,29 @@ static int check_one_reference(xmlNodePtr ref)
 
 	/* parse the uri */
 	u = xmlParseURI(uri);
-	if (u == NULL) {
+	if (!u) {
 		syslog(LOG_ERR, "error while parsing URI %s", uri);
 		goto error2;
 	}
 
+	/* check that unexpected parts are not there */
 	if (u->scheme || u->opaque || u->authority || u->server || u->user || u->query) {
 		syslog(LOG_ERR, "unexpected uri component in %s", uri);
 		goto error3;
 	}
 
+	/* check path and fragment */
+	if (!u->path && !u->fragment) {
+		syslog(LOG_ERR, "invalid uri %s", uri);
+		goto error3;
+	}
 	if (u->path && u->fragment) {
 		syslog(LOG_ERR, "not allowed to sign foreign fragment in %s", uri);
 		goto error3;
 	}
 
 	if (u->path) {
+		/* check that the path is valid */
 		fdesc = file_of_name(u->path);
 		if (fdesc == NULL) {
 			syslog(LOG_ERR, "reference to unknown file %s", u->path);
@@ -219,6 +226,7 @@ static int get_certificates(xmlNodePtr kinfo)
 	return 0;
 }
 
+/* checks the current document */
 static int checkdocument()
 {
 	int rc;
@@ -266,6 +274,7 @@ error:
 	return rc;
 }
 
+/* verify the digital signature of the file described by 'fdesc' */
 int verify_digsig(struct filedesc *fdesc)
 {
 	int res;
@@ -292,6 +301,7 @@ int verify_digsig(struct filedesc *fdesc)
 	return res;
 }
 
+/* check all the signature files */
 int check_all_signatures()
 {
 	int rc, irc;
@@ -302,7 +312,6 @@ int check_all_signatures()
 	rc = 0;
 	for (i = n ; i-- > 0 ; ) {
 		fdesc = signature_of_index(i);
-		assert ((fdesc->flags & flag_signature) != 0);
 		irc = verify_digsig(fdesc);
 		if (!irc)
 			rc = irc;
@@ -311,6 +320,9 @@ int check_all_signatures()
 	return rc;
 }
 
+/* create a signature of 'index' (0 for author, other values for distributors)
+using the private 'key' (filename) and the certificates 'certs' (filenames)
+as trusted chain */
 int create_digsig(int index, const char *key, const char **certs)
 {
 	struct filedesc *fdesc;
@@ -318,14 +330,18 @@ int create_digsig(int index, const char *key, const char **certs)
 	int rc, len;
 
 	rc = -1;
+
+	/* create the doc */
 	doc = xmlsec_create(index, key, certs);
 	if (doc == NULL)
 		goto error;
 
+	/* instanciate the filename */
 	fdesc = create_signature(index);
 	if (fdesc == NULL)
 		goto error2;
 
+	/* save the doc as file */
 	len = xmlSaveFormatFileEnc(fdesc->name, doc, NULL, 0);
 	if (len < 0) {
 		syslog(LOG_ERR, "xmlSaveFormatFileEnc to %s failed", fdesc->name);
diff --git a/wgtpkg-files.c b/wgtpkg-files.c
index 17e909a..06aac83 100644
--- a/wgtpkg-files.c
+++ b/wgtpkg-files.c
@@ -238,6 +238,7 @@ struct filedesc *create_signature(unsigned int number)
 	return result;
 }
 
+/* remove flags that are not related to being signature */
 void file_clear_flags()
 {
 	unsigned int i;
diff --git a/wgtpkg-xmlsec.c b/wgtpkg-xmlsec.c
index b2c2e50..843ea2b 100644
--- a/wgtpkg-xmlsec.c
+++ b/wgtpkg-xmlsec.c
@@ -42,12 +42,14 @@ static xmlSecKeysMngrPtr keymgr;
 #define CA_ROOT_DIRECTORY "./ca-certificates"
 #endif
 
+/* checks if a file match  uri (should not be a distributor signature) */
 static int file_match_cb(const char *uri)
 {
 	struct filedesc *fdesc = file_of_name(uri);
 	return fdesc != NULL && fdesc->type == type_file && (fdesc->flags & flag_distributor_signature) == 0;
 }
 
+/* open the file of uri */
 static void *file_open_cb(const char *file)
 {
 	struct filedesc *fdesc;
@@ -68,22 +70,26 @@ static void *file_open_cb(const char *file)
 	return f;
 }
 
+/* read the opened file */
 static int file_read_cb(void *context, char *buffer, int len)
 {
 	size_t r = fread(buffer, 1, len, (FILE*)context);
 	return r ? (int)r : feof((FILE*)context) ? 0 : - 1;
 }
 
+/* close the opened file */
 static int file_close_cb(void *context)
 {
 	return (int)fclose((FILE*)context);
 }
 
+/* echo an error message */
 static void errors_cb(const char *file, int line, const char *func, const char *errorObject, const char *errorSubject, int reason, const char *msg)
 {
 	syslog(LOG_ERR, "xmlSec error %3d: %s (subject=\"%s\", object=\"%s\")", reason, msg, errorSubject ? errorSubject : "?", errorObject ? errorObject : "?");
 }
 
+/* fills database with trusted keys */
 static int fill_trusted_keys()
 {
 	int err;
@@ -118,6 +124,7 @@ static int fill_trusted_keys()
 	
 }
 
+/* initialisation of access to xmlsec */
 int xmlsec_init()
 {
 
@@ -175,7 +182,7 @@ end:
 	return initstatus;
 }
 
-
+/* shuting down accesses to xmlsec */
 void xmlsec_shutdown()
 {
 	xmlSecKeysMngrDestroy(keymgr);
@@ -187,6 +194,7 @@ void xmlsec_shutdown()
 	xmlSecShutdown();
 }
 
+/* verify a signature */
 int xmlsec_verify(xmlNodePtr node)
 {
 	int rc;
@@ -212,9 +220,10 @@ int xmlsec_verify(xmlNodePtr node)
 	return rc;
 }
 
+/* templates for properties of signature files */
 static const struct { const char *id; const char *xml; } properties[2] = {
 	{
-		.id = "AuthorSignature",
+		.id = "AuthorSignature", /* template of properties for author signature */
 		.xml =
 			"<SignatureProperties xmlns:dsp=\"http://www.w3.org/2009/xmldsig-properties\">"
 			 "<SignatureProperty Id=\"profile\" Target=\"#AuthorSignature\">"
@@ -229,7 +238,7 @@ static const struct { const char *id; const char *xml; } properties[2] = {
 			"</SignatureProperties>"
 	},
 	{
-		.id = "DistributorSignature",
+		.id = "DistributorSignature", /* template of properties for distributor signature */
 		.xml = 
 			"<SignatureProperties xmlns:dsp=\"http://www.w3.org/2009/xmldsig-properties\">"
 			 "<SignatureProperty Id=\"profile\" Target=\"#DistributorSignature\">"
@@ -245,6 +254,9 @@ static const struct { const char *id; const char *xml; } properties[2] = {
 	}
 };
 
+/* create a signature of 'index' (0 for author, other values for distributors)
+using the private 'key' (filename) and the certificates 'certs' (filenames)
+as trusted chain */
 xmlDocPtr xmlsec_create(int index, const char *key, const char **certs)
 {
 	unsigned int i, fc, mask;