image: Add facility to write unsigned images
Change image_write_signed to image_write, and conditionally write the signature if one is present. This will allow us to write unsigned images when detaching a sig from an image. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr
parent
a8f1453a53
commit
be7559abfe
3 changed files with 23 additions and 12 deletions
31
image.c
31
image.c
|
|
@ -17,6 +17,7 @@
|
|||
* USA.
|
||||
*/
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <stdint.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
|
@ -342,24 +343,32 @@ int image_hash_sha256(struct image *image, uint8_t digest[])
|
|||
return !rc;
|
||||
}
|
||||
|
||||
int image_write_signed(struct image *image, const char *filename)
|
||||
int image_write(struct image *image, const char *filename)
|
||||
{
|
||||
struct cert_table_header cert_table_header;
|
||||
int fd, rc, len, padlen;
|
||||
bool is_signed;
|
||||
uint8_t pad[8];
|
||||
|
||||
cert_table_header.size = image->sigsize;
|
||||
cert_table_header.revision = 0x0200; /* = revision 2 */
|
||||
cert_table_header.type = 0x0002; /* PKCS signedData */
|
||||
is_signed = image->sigbuf && image->sigsize;
|
||||
|
||||
len = sizeof(cert_table_header) + image->sigsize;
|
||||
/* optionally update the image to contain signature data */
|
||||
if (is_signed) {
|
||||
cert_table_header.size = image->sigsize;
|
||||
cert_table_header.revision = 0x0200; /* = revision 2 */
|
||||
cert_table_header.type = 0x0002; /* PKCS signedData */
|
||||
|
||||
/* pad to sizeof(pad)-byte boundary */
|
||||
padlen = align_up(len, sizeof(pad)) - len;
|
||||
len = sizeof(cert_table_header) + image->sigsize;
|
||||
|
||||
/* update the image to contain signature data */
|
||||
image->data_dir_sigtable->addr = image->size;
|
||||
image->data_dir_sigtable->size = len + padlen;
|
||||
/* pad to sizeof(pad)-byte boundary */
|
||||
padlen = align_up(len, sizeof(pad)) - len;
|
||||
|
||||
image->data_dir_sigtable->addr = image->size;
|
||||
image->data_dir_sigtable->size = len + padlen;
|
||||
} else {
|
||||
image->data_dir_sigtable->addr = 0;
|
||||
image->data_dir_sigtable->size = 0;
|
||||
}
|
||||
|
||||
fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
|
||||
if (fd < 0) {
|
||||
|
|
@ -370,6 +379,8 @@ int image_write_signed(struct image *image, const char *filename)
|
|||
rc = write_all(fd, image->buf, image->size);
|
||||
if (!rc)
|
||||
goto out;
|
||||
if (!is_signed)
|
||||
goto out;
|
||||
|
||||
rc = write_all(fd, &cert_table_header, sizeof(cert_table_header));
|
||||
if (!rc)
|
||||
|
|
|
|||
2
image.h
2
image.h
|
|
@ -80,7 +80,7 @@ struct image *image_load(const char *filename);
|
|||
int image_pecoff_parse(struct image *image);
|
||||
int image_find_regions(struct image *image);
|
||||
int image_hash_sha256(struct image *image, uint8_t digest[]);
|
||||
int image_write_signed(struct image *image, const char *filename);
|
||||
int image_write(struct image *image, const char *filename);
|
||||
int image_write_detached(struct image *image, const char *filename);
|
||||
|
||||
#endif /* IMAGE_H */
|
||||
|
|
|
|||
2
sbsign.c
2
sbsign.c
|
|
@ -212,7 +212,7 @@ int main(int argc, char **argv)
|
|||
if (ctx->detached)
|
||||
image_write_detached(ctx->image, ctx->outfilename);
|
||||
else
|
||||
image_write_signed(ctx->image, ctx->outfilename);
|
||||
image_write(ctx->image, ctx->outfilename);
|
||||
|
||||
talloc_free(ctx);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue