image: Add facility to write unsigned images
Change image_write_signed to image_write, and conditionally write the signature if one is present. This will allow us to write unsigned images when detaching a sig from an image. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
parent
a8f1453a53
commit
be7559abfe
3 changed files with 23 additions and 12 deletions
15
image.c
15
image.c
|
@ -17,6 +17,7 @@
|
||||||
* USA.
|
* USA.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <stdbool.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
@ -342,12 +343,17 @@ int image_hash_sha256(struct image *image, uint8_t digest[])
|
||||||
return !rc;
|
return !rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
int image_write_signed(struct image *image, const char *filename)
|
int image_write(struct image *image, const char *filename)
|
||||||
{
|
{
|
||||||
struct cert_table_header cert_table_header;
|
struct cert_table_header cert_table_header;
|
||||||
int fd, rc, len, padlen;
|
int fd, rc, len, padlen;
|
||||||
|
bool is_signed;
|
||||||
uint8_t pad[8];
|
uint8_t pad[8];
|
||||||
|
|
||||||
|
is_signed = image->sigbuf && image->sigsize;
|
||||||
|
|
||||||
|
/* optionally update the image to contain signature data */
|
||||||
|
if (is_signed) {
|
||||||
cert_table_header.size = image->sigsize;
|
cert_table_header.size = image->sigsize;
|
||||||
cert_table_header.revision = 0x0200; /* = revision 2 */
|
cert_table_header.revision = 0x0200; /* = revision 2 */
|
||||||
cert_table_header.type = 0x0002; /* PKCS signedData */
|
cert_table_header.type = 0x0002; /* PKCS signedData */
|
||||||
|
@ -357,9 +363,12 @@ int image_write_signed(struct image *image, const char *filename)
|
||||||
/* pad to sizeof(pad)-byte boundary */
|
/* pad to sizeof(pad)-byte boundary */
|
||||||
padlen = align_up(len, sizeof(pad)) - len;
|
padlen = align_up(len, sizeof(pad)) - len;
|
||||||
|
|
||||||
/* update the image to contain signature data */
|
|
||||||
image->data_dir_sigtable->addr = image->size;
|
image->data_dir_sigtable->addr = image->size;
|
||||||
image->data_dir_sigtable->size = len + padlen;
|
image->data_dir_sigtable->size = len + padlen;
|
||||||
|
} else {
|
||||||
|
image->data_dir_sigtable->addr = 0;
|
||||||
|
image->data_dir_sigtable->size = 0;
|
||||||
|
}
|
||||||
|
|
||||||
fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
|
fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
|
@ -370,6 +379,8 @@ int image_write_signed(struct image *image, const char *filename)
|
||||||
rc = write_all(fd, image->buf, image->size);
|
rc = write_all(fd, image->buf, image->size);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
goto out;
|
goto out;
|
||||||
|
if (!is_signed)
|
||||||
|
goto out;
|
||||||
|
|
||||||
rc = write_all(fd, &cert_table_header, sizeof(cert_table_header));
|
rc = write_all(fd, &cert_table_header, sizeof(cert_table_header));
|
||||||
if (!rc)
|
if (!rc)
|
||||||
|
|
2
image.h
2
image.h
|
@ -80,7 +80,7 @@ struct image *image_load(const char *filename);
|
||||||
int image_pecoff_parse(struct image *image);
|
int image_pecoff_parse(struct image *image);
|
||||||
int image_find_regions(struct image *image);
|
int image_find_regions(struct image *image);
|
||||||
int image_hash_sha256(struct image *image, uint8_t digest[]);
|
int image_hash_sha256(struct image *image, uint8_t digest[]);
|
||||||
int image_write_signed(struct image *image, const char *filename);
|
int image_write(struct image *image, const char *filename);
|
||||||
int image_write_detached(struct image *image, const char *filename);
|
int image_write_detached(struct image *image, const char *filename);
|
||||||
|
|
||||||
#endif /* IMAGE_H */
|
#endif /* IMAGE_H */
|
||||||
|
|
2
sbsign.c
2
sbsign.c
|
@ -212,7 +212,7 @@ int main(int argc, char **argv)
|
||||||
if (ctx->detached)
|
if (ctx->detached)
|
||||||
image_write_detached(ctx->image, ctx->outfilename);
|
image_write_detached(ctx->image, ctx->outfilename);
|
||||||
else
|
else
|
||||||
image_write_signed(ctx->image, ctx->outfilename);
|
image_write(ctx->image, ctx->outfilename);
|
||||||
|
|
||||||
talloc_free(ctx);
|
talloc_free(ctx);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue