vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

image: Add facility to write unsigned images

Browse source 
Change image_write_signed to image_write, and conditionally write the
signature if one is present.

This will allow us to write unsigned images when detaching a sig from an
image.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr 2012-06-12 10:19:08 +08:00
parent a8f1453a53
commit be7559abfe
3 changed files with 23 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
image.c
View file

@ -17,6 +17,7 @@
* USA. * USA.
*/ */
#include <stdbool.h>
#include <stdint.h> #include <stdint.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
@ -342,24 +343,32 @@ int image_hash_sha256(struct image *image, uint8_t digest[])
return !rc; return !rc;
} }
int image_write_signed(struct image *image, const char *filename) int image_write(struct image *image, const char *filename)
{ {
struct cert_table_header cert_table_header; struct cert_table_header cert_table_header;
int fd, rc, len, padlen; int fd, rc, len, padlen;
bool is_signed;
uint8_t pad[8]; uint8_t pad[8];
cert_table_header.size = image->sigsize; is_signed = image->sigbuf && image->sigsize;
cert_table_header.revision = 0x0200; /* = revision 2 */
cert_table_header.type = 0x0002; /* PKCS signedData */
len = sizeof(cert_table_header) + image->sigsize; /* optionally update the image to contain signature data */
if (is_signed) {
cert_table_header.size = image->sigsize;
cert_table_header.revision = 0x0200; /* = revision 2 */
cert_table_header.type = 0x0002; /* PKCS signedData */
/* pad to sizeof(pad)-byte boundary */ len = sizeof(cert_table_header) + image->sigsize;
padlen = align_up(len, sizeof(pad)) - len;
/* update the image to contain signature data */ /* pad to sizeof(pad)-byte boundary */
image->data_dir_sigtable->addr = image->size; padlen = align_up(len, sizeof(pad)) - len;
image->data_dir_sigtable->size = len + padlen;
image->data_dir_sigtable->addr = image->size;
image->data_dir_sigtable->size = len + padlen;
} else {
image->data_dir_sigtable->addr = 0;
image->data_dir_sigtable->size = 0;
}
fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd < 0) { if (fd < 0) {
@ -370,6 +379,8 @@ int image_write_signed(struct image *image, const char *filename)
rc = write_all(fd, image->buf, image->size); rc = write_all(fd, image->buf, image->size);
if (!rc) if (!rc)
goto out; goto out;
if (!is_signed)
goto out;
rc = write_all(fd, &cert_table_header, sizeof(cert_table_header)); rc = write_all(fd, &cert_table_header, sizeof(cert_table_header));
if (!rc) if (!rc)

2
image.h
View file

@ -80,7 +80,7 @@ struct image *image_load(const char *filename);
int image_pecoff_parse(struct image *image); int image_pecoff_parse(struct image *image);
int image_find_regions(struct image *image); int image_find_regions(struct image *image);
int image_hash_sha256(struct image *image, uint8_t digest[]); int image_hash_sha256(struct image *image, uint8_t digest[]);
int image_write_signed(struct image *image, const char *filename); int image_write(struct image *image, const char *filename);
int image_write_detached(struct image *image, const char *filename); int image_write_detached(struct image *image, const char *filename);
#endif /* IMAGE_H */ #endif /* IMAGE_H */

2
sbsign.c
View file

@ -212,7 +212,7 @@ int main(int argc, char **argv)
if (ctx->detached) if (ctx->detached)
image_write_detached(ctx->image, ctx->outfilename); image_write_detached(ctx->image, ctx->outfilename);
else else
image_write_signed(ctx->image, ctx->outfilename); image_write(ctx->image, ctx->outfilename);
talloc_free(ctx); talloc_free(ctx);