From d27647ba6977894c3e74f2b9c7c5c6536435c8b8 Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jeremy.kerr@canonical.com>
Date: Fri, 3 Aug 2012 10:03:14 +0800
Subject: [PATCH] image: add functions to add and remove signatures

Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:

 image_add_signature(image, sig, sigsize);
 image_remove_signature(image);

And warn when a signature is to be overwritten.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
---
 image.c                   | 20 ++++++++++++++++++++
 image.h                   |  2 ++
 sbattach.c                |  8 +++-----
 sbsign.c                  | 13 +++++++------
 tests/Makefile.am         |  4 +++-
 tests/reattach-warning.sh | 12 ++++++++++++
 tests/resign-warning.sh   |  9 +++++++++
 7 files changed, 56 insertions(+), 12 deletions(-)
 create mode 100755 tests/reattach-warning.sh
 create mode 100755 tests/resign-warning.sh

diff --git a/image.c b/image.c
index 2508766..dd353ff 100644
--- a/image.c
+++ b/image.c
@@ -390,6 +390,26 @@ int image_hash_sha256(struct image *image, uint8_t digest[])
 	return !rc;
 }
 
+int image_add_signature(struct image *image, void *sig, int size)
+{
+	/* we only support one signature at present */
+	if (image->sigbuf) {
+		fprintf(stderr, "warning: overwriting existing signature\n");
+		talloc_free(image->sigbuf);
+	}
+	image->sigbuf = sig;
+	image->sigsize = size;
+	return 0;
+}
+
+void image_remove_signature(struct image *image)
+{
+	if (image->sigbuf)
+		talloc_free(image->sigbuf);
+	image->sigbuf = NULL;
+	image->sigsize = 0;
+}
+
 int image_write(struct image *image, const char *filename)
 {
 	struct cert_table_header cert_table_header;
diff --git a/image.h b/image.h
index 261d400..ab203ed 100644
--- a/image.h
+++ b/image.h
@@ -92,6 +92,8 @@ struct image *image_load(const char *filename);
 
 int image_find_regions(struct image *image);
 int image_hash_sha256(struct image *image, uint8_t digest[]);
+int image_add_signature(struct image *, void *sig, int size);
+void image_remove_signature(struct image *image);
 int image_write(struct image *image, const char *filename);
 int image_write_detached(struct image *image, const char *filename);
 
diff --git a/sbattach.c b/sbattach.c
index 4110dc1..ce760cf 100644
--- a/sbattach.c
+++ b/sbattach.c
@@ -133,11 +133,10 @@ static int attach_sig(struct image *image, const char *image_filename,
 		goto out;
 	}
 
-	image->sigbuf = sigbuf;
-	image->sigsize = size;
+	image_add_signature(image, sigbuf, size);
 
 	tmp_buf = sigbuf;
-	p7 = d2i_PKCS7(NULL, &tmp_buf, image->sigsize);
+	p7 = d2i_PKCS7(NULL, &tmp_buf, size);
 	if (!p7) {
 		fprintf(stderr, "Unable to parse signature data in file: %s\n",
 				sig_filename);
@@ -168,8 +167,7 @@ static int remove_sig(struct image *image, const char *image_filename)
 {
 	int rc;
 
-	image->sigbuf = NULL;
-	image->sigsize = 0;
+	image_remove_signature(image);
 
 	rc = image_write(image, image_filename);
 	if (rc)
diff --git a/sbsign.c b/sbsign.c
index 50e1197..35bac8d 100644
--- a/sbsign.c
+++ b/sbsign.c
@@ -112,8 +112,8 @@ int main(int argc, char **argv)
 {
 	const char *keyfilename, *certfilename;
 	struct sign_context *ctx;
-	uint8_t *buf;
-	int rc, c;
+	uint8_t *buf, *tmp;
+	int rc, c, sigsize;
 
 	ctx = talloc_zero(NULL, struct sign_context);
 
@@ -220,12 +220,13 @@ int main(int argc, char **argv)
 	if (rc)
 		return EXIT_FAILURE;
 
-	ctx->image->sigsize = i2d_PKCS7(p7, NULL);
-	ctx->image->sigbuf = buf = talloc_array(ctx->image,
-			uint8_t, ctx->image->sigsize);
-	i2d_PKCS7(p7, &buf);
+	sigsize = i2d_PKCS7(p7, NULL);
+	tmp = buf = talloc_array(ctx->image, uint8_t, sigsize);
+	i2d_PKCS7(p7, &tmp);
 	ERR_print_errors_fp(stdout);
 
+	image_add_signature(ctx->image, buf, sigsize);
+
 	if (ctx->detached)
 		image_write_detached(ctx->image, ctx->outfilename);
 	else
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 03af648..4fb62b2 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -45,7 +45,9 @@ TESTS = sign-verify.sh \
 	verify-missing-image.sh \
 	verify-missing-cert.sh \
 	sign-invalidattach-verify.sh \
-	cert-table-header.sh
+	cert-table-header.sh \
+	resign-warning.sh \
+	reattach-warning.sh
 
 EXTRA_DIST = $(test_lds) test.S $(TESTS) $(check_SCRIPTS)
 CLEANFILES = $(test_key) $(test_cert) $(test_image)
diff --git a/tests/reattach-warning.sh b/tests/reattach-warning.sh
new file mode 100755
index 0000000..721a8b4
--- /dev/null
+++ b/tests/reattach-warning.sh
@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+. "$srcdir/common.sh"
+
+signed="test.signed"
+sig="test.sig"
+
+"$sbsign" --cert "$cert" --key "$key" --detached --output "$sig" "$image"
+cp "$image" "$signed"
+"$sbattach" --attach "$sig" "$signed"
+"$sbattach" --attach "$sig" "$signed" 2>&1 |
+	grep '^warning: overwriting'
diff --git a/tests/resign-warning.sh b/tests/resign-warning.sh
new file mode 100755
index 0000000..fd813be
--- /dev/null
+++ b/tests/resign-warning.sh
@@ -0,0 +1,9 @@
+#!/bin/bash -e
+
+. "$srcdir/common.sh"
+
+signed="test.signed"
+
+"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"
+"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$signed" 2>&1 |
+	grep '^warning: overwriting'