diff --git a/doc/checksums.txt b/doc/checksums.txt index 4d95e6e..cd58ac7 100644 --- a/doc/checksums.txt +++ b/doc/checksums.txt @@ -132,12 +132,40 @@ are strings of 32 hex digits: Usage at Read Time + Checking Before Image Tree Loading + +In order to check for a trustworthy loadable image tree, read the first 32 +blocks from to the session start and look in block 16 to 32 for the superblock +checksum tag by + iso_util_decode_md5_tag(block, &tag_type, &pos, + &range_start, &range_size, &next_tag, md5, 2); +If it appears and has plausible parameters, then check whether its MD5 matches +the MD5 of the data blocks which were read before. +(Keep the original MD5 context of the data blocks and clone one for obtaining +the MD5 bytes.) +Compute the block into the MD5 checksum after your are done with interpreting +it. + +If those MD5s match, then compute the checksum block into the kept MD5 context +and go on with reading and computing for the tree checksum tag. This will be +found at block address next_tag, verified and parsed by: + iso_util_decode_md5_tag(block, &tag_type, &pos, + &range_start, &range_size, &next_tag, md5, 3); +Again, if the parameters match the reading state, the MD5 must match the +MD5 computed from the data blocks which were before. +If so, then the tree is ok and safe to be loaded by iso_image_import(). + + Checking a Whole Session -In order to check the trustworthyness of a whole session, read from its start -up to the session tag. Read the blocks and submit each single one of them to +In order to check the trustworthyness of a whole session, continue reading +and checksumming after the tree was verified. - iso_util_decode_md5_tag(block, &pos, &range_start, &range_size, md5, 1); +Read and checksum the blocks. When reaching block address next_tag (from the +tree tag) submit this block to + + iso_util_decode_md5_tag(block, &tag_type, &pos, + &range_start, &range_size, &next_tag, md5, 1); If this returns 1, then check whether the returned parameters pos, range_start, and range_size match the state of block reading, and whether the returned @@ -145,29 +173,10 @@ bytes in parameter md5 match the MD5 computed from the data blocks which were read before the tag block. - Checking before Image Tree Loading - -In order to check for a trustworthy loadable image tree, read the first 32 -blocks to the session start and look in block 16 to 32 for the superblock -checksum tag by - iso_util_decode_md5_tag(block, &pos, &range_start, &range_size, md5, 2); -If one appears and has plausible parameters, then check whether its MD5 matches -the MD5 of the data blocks read before. -(Keep the original MD5 context of the data blocks and clone one for obtaining -the MD5 bytes.) - -If those MD5s match, then compute the checksum block into the kept MD5 context -and go on with searching for the tree checksum tag. This can be found in a -read-in block by: - iso_util_decode_md5_tag(block, &pos, &range_start, &range_size, md5, 3) -Again, if the parameters match the reading state, the MD5 must match the -MD5 computed from the data blocks before. -If so, then the tree is ok and safe to be loaded by iso_image_import(). - - Checking Single Files in a Loaded Image -The image has to be loaded, so you can obtain IsoNode objects which yield +Once the image has been loaded, you can obtain MD5 sums from IsoNode objects +which fulfill iso_node_get_type(node) == LIBISO_FILE The recorded checksum can be obtained by diff --git a/libisofs/libisofs.h b/libisofs/libisofs.h index ead093f..1515ead 100644 --- a/libisofs/libisofs.h +++ b/libisofs/libisofs.h @@ -5052,6 +5052,11 @@ int iso_file_get_md5(IsoImage *image, IsoFile *file, char md5[16], int flag); * start and look out for a session tag on the fly. See doc/checksum.txt . * @param data * A complete and aligned data block read from an ISO image session. + * @param tag_type + * 0= no tag + * 1= session tag + * 2= superblock tag + * 3= tree tag * @param pos * Returns the LBA where the tag supposes itself to be stored. * If this does not match the data block LBA then the tag might be @@ -5078,16 +5083,14 @@ int iso_file_get_md5(IsoImage *image, IsoFile *file, char md5[16], int flag); * 3= tree tag * @return * 0= not a checksum tag, return parameters are invalid - * 1= session tag found - * 2= superblock tag found - * 3= tree tag found + * 1= checksum tag found, return parameters arevalid * <0= error * return parameters are valid with error ISO_MD5_AREA_CORRUPTED * but not trustworthy because the tag seems corrupted. * * @since 0.6.22 */ -int iso_util_decode_md5_tag(char data[2048], uint32_t *pos, +int iso_util_decode_md5_tag(char data[2048], int *tag_type, uint32_t *pos, uint32_t *range_start, uint32_t *range_size, uint32_t *next_tag, char md5[16], int flag); diff --git a/libisofs/util.c b/libisofs/util.c index 86077e3..d0ffe4a 100644 --- a/libisofs/util.c +++ b/libisofs/util.c @@ -1563,7 +1563,7 @@ int iso_util_hex_to_bin(char *hex, char *bin, int bin_size, int *bin_count, } -int iso_util_decode_md5_tag(char data[2048], uint32_t *pos, +int iso_util_decode_md5_tag(char data[2048], int *tag_type, uint32_t *pos, uint32_t *range_start, uint32_t *range_size, uint32_t *next_tag, char md5[16], int flag) { @@ -1587,8 +1587,8 @@ int iso_util_decode_md5_tag(char data[2048], uint32_t *pos, break; if (i > magic_last ) return 0; - found = i; - cpt = data + magic_len[found] + 1; + *tag_type = i; + cpt = data + magic_len[*tag_type] + 1; if (strncmp(cpt, "pos=", 4) != 0) return 0; cpt+= 4; @@ -1607,7 +1607,7 @@ int iso_util_decode_md5_tag(char data[2048], uint32_t *pos, ret = iso_util_dec_to_uint32(cpt + 11, range_size, 0); if (ret <= 0) return 0; - if (found == 2 || found == 3) { + if (*tag_type == 2 || *tag_type == 3) { cpt = strstr(cpt, "next="); if (cpt == NULL) return(0); @@ -1639,6 +1639,6 @@ int iso_util_decode_md5_tag(char data[2048], uint32_t *pos, return ISO_MD5_AREA_CORRUPTED; if (*(cpt + 5 + 32) != '\n') return 0; - return(found); + return(1); }