image: add functions to add and remove signatures

Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:

 image_add_signature(image, sig, sigsize);
 image_remove_signature(image);

And warn when a signature is to be overwritten.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>

image.c

@@ -390,6 +390,26 @@ int image_hash_sha256(struct image *image, uint8_t digest[])
 	return !rc;
 }
 
+int image_add_signature(struct image *image, void *sig, int size)
+{
+	/* we only support one signature at present */
+	if (image->sigbuf) {
+		fprintf(stderr, "warning: overwriting existing signature\n");
+		talloc_free(image->sigbuf);
+	}
+	image->sigbuf = sig;
+	image->sigsize = size;
+	return 0;
+}
+
+void image_remove_signature(struct image *image)
+{
+	if (image->sigbuf)
+		talloc_free(image->sigbuf);
+	image->sigbuf = NULL;
+	image->sigsize = 0;
+}
+
 int image_write(struct image *image, const char *filename)
 {
 	struct cert_table_header cert_table_header;

image.h

@@ -92,6 +92,8 @@ struct image *image_load(const char *filename);
 
 int image_find_regions(struct image *image);
 int image_hash_sha256(struct image *image, uint8_t digest[]);
+int image_add_signature(struct image *, void *sig, int size);
+void image_remove_signature(struct image *image);
 int image_write(struct image *image, const char *filename);
 int image_write_detached(struct image *image, const char *filename);
 

sbattach.c

@@ -133,11 +133,10 @@ static int attach_sig(struct image *image, const char *image_filename,
 		goto out;
 	}
 
-	image->sigbuf = sigbuf;
+	image_add_signature(image, sigbuf, size);
-	image->sigsize = size;
 
 	tmp_buf = sigbuf;
-	p7 = d2i_PKCS7(NULL, &tmp_buf, image->sigsize);
+	p7 = d2i_PKCS7(NULL, &tmp_buf, size);
 	if (!p7) {
 		fprintf(stderr, "Unable to parse signature data in file: %s\n",
 				sig_filename);
@@ -168,8 +167,7 @@ static int remove_sig(struct image *image, const char *image_filename)
 {
 	int rc;
 
-	image->sigbuf = NULL;
+	image_remove_signature(image);
-	image->sigsize = 0;
 
 	rc = image_write(image, image_filename);
 	if (rc)

sbsign.c

@@ -112,8 +112,8 @@ int main(int argc, char **argv)
 {
 	const char *keyfilename, *certfilename;
 	struct sign_context *ctx;
-	uint8_t *buf;
+	uint8_t *buf, *tmp;
-	int rc, c;
+	int rc, c, sigsize;
 
 	ctx = talloc_zero(NULL, struct sign_context);
 
@@ -220,12 +220,13 @@ int main(int argc, char **argv)
 	if (rc)
 		return EXIT_FAILURE;
 
-	ctx->image->sigsize = i2d_PKCS7(p7, NULL);
+	sigsize = i2d_PKCS7(p7, NULL);
-	ctx->image->sigbuf = buf = talloc_array(ctx->image,
+	tmp = buf = talloc_array(ctx->image, uint8_t, sigsize);
-			uint8_t, ctx->image->sigsize);
+	i2d_PKCS7(p7, &tmp);
-	i2d_PKCS7(p7, &buf);
 	ERR_print_errors_fp(stdout);
 
+	image_add_signature(ctx->image, buf, sigsize);
+
 	if (ctx->detached)
 		image_write_detached(ctx->image, ctx->outfilename);
 	else

tests/Makefile.am

@@ -45,7 +45,9 @@ TESTS = sign-verify.sh \
 	verify-missing-image.sh \
 	verify-missing-cert.sh \
 	sign-invalidattach-verify.sh \
-	cert-table-header.sh
+	cert-table-header.sh \
+	resign-warning.sh \
+	reattach-warning.sh
 
 EXTRA_DIST = $(test_lds) test.S $(TESTS) $(check_SCRIPTS)
 CLEANFILES = $(test_key) $(test_cert) $(test_image)

tests/reattach-warning.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+. "$srcdir/common.sh"
+
+signed="test.signed"
+sig="test.sig"
+
+"$sbsign" --cert "$cert" --key "$key" --detached --output "$sig" "$image"
+cp "$image" "$signed"
+"$sbattach" --attach "$sig" "$signed"
+"$sbattach" --attach "$sig" "$signed" 2>&1 |
+	grep '^warning: overwriting'

tests/resign-warning.sh

@@ -0,0 +1,9 @@
+#!/bin/bash -e
+
+. "$srcdir/common.sh"
+
+signed="test.signed"
+
+"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"
+"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$signed" 2>&1 |
+	grep '^warning: overwriting'