sbsigntools

Author	SHA1	Message	Date
Jeremy Kerr	1614a6e0f1	tests: Add test for PE/COFF cert table header validity Add a test to check the validity of the certificate table header, ensuring that parsing the header gives us the valid certificate. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-28 14:23:45 +08:00
James Bottomley	bf7e97bd1c	image: fix incorrect assumption about signature header The sbsign tools appear to assume that WIN_CERTIFICATE.dwLength is the length of the signature. It's not, it's the length of the signature plus the length of the WIN_CERTIFICATE header. UEFI Version 2.3.1, Errata A explicitly states this in section 27.2.5 (Code Definitions). I found this because I've been playing around with the tianocore secure boot UEFI images and I couldn't get efi binaries signed with your tools to verify. When you apply the fix, I've got the binaries to verify (at least with X509 KEK signatures). Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-28 10:47:55 +08:00
Jeremy Kerr	81d7825c98	sbsign: handle errors from PKCS7_sign_add_signer() Rather than causing a segfault (si == NULL), report an error and exit. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-28 10:18:08 +08:00
James Bottomley	8f8939d9bb	sbsign: fix failure to sign when key is password protected The current incarnation of sbsign doesn't all all ciphers to OpenSSL meaning that if the private key is encrypted, it can't decrypt it and instead it returns the unhelpful error message error reading private key ../certs/PK.key Fix this by adding all ciphers before trying to read the private key. Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-27 12:23:54 +08:00
Ivan Hu	14cff46671	configure: Add check for bfh.h We need bfd.h for the image object, so add a check for it in configure.ac. Signed-off-by: Ivan Hu <ivanh.hu@canonical.com> Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-20 11:59:32 +08:00
Ivan Hu	4d892eb723	tests: Add a test to check invalid PKCS7 signature attaching Add a test for the invalid PKCS7 signature attaching. This test generates 1K of zero bytes as an invalid signature to attach. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-19 17:11:25 +08:00
Ivan Hu	e80a975ff9	sbattach: Check that attached signatures are valid PKCS7 data Check detached signatures to ensure that we're attaching a valid PKCS7 object. If no, show a warning message and skip the attach action. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-19 17:09:48 +08:00
Jeremy Kerr	71f6b9b5cb	sbverify: Use a variable for image filename ... rather than using argv[optind] multiple times. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-14 10:32:50 +08:00
Jeremy Kerr	376974e386	image: Unconditionally parse PE/COFF data Rather than requiring an explicit image_pecoff_parse, do it unconditionally in image_load. We don't have any instances where we need to do this separately. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 17:39:34 +08:00
Jeremy Kerr	186f1d59d9	sbverify: Check for failed image load Currently, sbverify will segfault when it can't load an image file, as the image is used unconditionally. This change adds a check to ensure we continue with a valid image pointer. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 17:30:31 +08:00
Jeremy Kerr	0568983fab	tests: Add tests for missing image, cert & key files Currently causes a segfault in verify-missing-image.sh. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 17:30:31 +08:00
Jeremy Kerr	b3edb1fb72	tests: Execute tests in a clean (temporary) directory Instead of executing in the current (build) directory, create a temporary directory and change into it before running any tests. This ensures that tests aren't relying on left-overs from previous test runs. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 16:56:28 +08:00
Jeremy Kerr	1be14f0c9b	tests: Use COMPILE.S for assembing test object Currently, ASFLAGS is not used, as we call $(AS) directly. Use $(COMPILE.S) instead. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 16:23:00 +08:00
Jeremy Kerr	2added6a45	Version 0.2 We have a new tool (sbattach) now, so bump to version 0.2. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 14:30:29 +08:00
Jeremy Kerr	8e14f39980	docs: Add simple manpage for sbattach Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 14:28:57 +08:00
Jeremy Kerr	59641438fb	automake: Clean generated man files `make distcheck` fails with the following error: ERROR: files left in build directory after distclean: ./docs/sbverify.1 ./docs/sbsign.1 This change adds a CLEANFILES rule for the generated manpages. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 14:26:08 +08:00
Jeremy Kerr	b05afccde0	tests: Add a few simple tests Add a few tests for the sign, verify, attach and detach code. These require some additional infrastructure to create a sample PE/COFF executable, plus a key & cert for testing. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 14:23:26 +08:00
Jeremy Kerr	0c5de30566	Remove unused test.c file Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-13 10:02:59 +08:00
Jeremy Kerr	edf1d26d49	sbattach: Add too to manage detached signatures Add a third tool (`sbattach`) to attach and detach signatures from PE/COFF files. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-12 17:47:38 +08:00
Jeremy Kerr	be7559abfe	image: Add facility to write unsigned images Change image_write_signed to image_write, and conditionally write the signature if one is present. This will allow us to write unsigned images when detaching a sig from an image. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-12 10:19:08 +08:00
Jeremy Kerr	a8f1453a53	sbsign,sbverify: Update getopt_long optstrings The optstrings for sbsign and sbverify are out of sync with the long options, this change brings them up to date. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 19:49:28 +08:00
Jeremy Kerr	dc9ffc752f	sbverify: Add support for detached signatures Allow sbverify to read PKCS7 data from a separate file with the '--detached <file>' option. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 17:19:15 +08:00
Jeremy Kerr	f457bb21f1	sbverify: Split image signature table reading to separate function We'd like to read detached signatures too, so split the signature-buffer-reading code into a separate function. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 17:04:17 +08:00
Jeremy Kerr	ffc1f41ace	Fix warnings from added -W flags Fix a few warnings: idc.c: In function ‘IDC_get’: idc.c:248:12: warning: ‘idclen’ may be used uninitialised in this function [-Wuninitialized] image.c: In function ‘image_load’: image.c:37:15: warning: unused variable ‘bytes_read’ [-Wunused-variable] Plus, a bunch of strict-aliasing warnings: image.c:101:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] [ similar warnings trimmed ] when compiling image.c. Since struct external_PEI_DOS_hdr uses char[] types for all members, we need to use accessors here. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 16:54:42 +08:00
Jeremy Kerr	34edfd6348	automake: Add -Wall -Wextra CFLAGS Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 15:59:48 +08:00
Jeremy Kerr	3c9815acc6	sbsign: Add --detached option to create detached PKCS7 signatures Add an option (--detached) to sbsign, which creates a detached signature, rather than embedding it in the PE/COFF signature table. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 15:59:48 +08:00
Jeremy Kerr	f98a885cfa	sbsign: fix flag for verbose operation Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 14:54:57 +08:00
Jeremy Kerr	9786761e4f	docs: Fix manpage creation $(builddir) should be $(top_builddir), and we need a valid definition of MKDIR_P to create the docs. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-06-11 14:37:33 +08:00
Adam Conrad	b0619274fd	autogen.sh: Fix ccan_module assignment Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-29 09:33:05 +08:00
Jeremy Kerr	9a4440676c	image: use read_write_all from ccan Rather than using our own functions for reading/writing an entire buffer, use ccan's. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-28 22:44:39 +08:00
Jeremy Kerr	3bb18f8ed9	image: Fix format specifier for 32-bit builds Use %t rather than assuming typeof(ptr - int) == unsigned long. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-28 22:35:48 +08:00
Jeremy Kerr	3def238360	autoconfiscate Add autoconf & automake metadata, plus required files for automake to run without complaint. Requires an update to ccan, to get the --build-type argument to create-ccan-tree. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-28 22:35:48 +08:00
Jeremy Kerr	42c7160576	docs: Add initial manpages Mostly generated from help2man output. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-24 15:17:26 +08:00
Jeremy Kerr	fcf3cdf70a	sbsign,sbverify: help2man-ize usage output Update the usage output of sbsign and sbverify so that it can be better parsed by help2man. Also, add --version and --help. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-24 15:17:25 +08:00
Jeremy Kerr	e83712388f	Makefile: Add dist targets Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-24 15:17:24 +08:00
Jeremy Kerr	c74f1ceeb1	ccan: Add ccan import logic Add make logic to import lib/ccan from lib/ccan.git. We need to set some dependencies on $(obj) to ensure the the ccan headers are available before starting the main build. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-24 15:17:24 +08:00
Jeremy Kerr	90c4c8718e	Move ccan submodule Move the ccan git submodule to lib/ccan.git, so we can use ccan's create-ccan-tree utility. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-24 15:17:18 +08:00
Jeremy Kerr	3e6c9347be	Remove unused header Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-15 14:19:00 +08:00
Jeremy Kerr	e27f10f6c2	Remove pkcs7-simple test file Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-14 16:30:12 +08:00
Jeremy Kerr	f4b2d3618f	Makefile: add install target Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-14 16:06:01 +08:00
Jeremy Kerr	40bc6428d1	Makefile: Comment components Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-14 15:57:10 +08:00
Jeremy Kerr	17f77a9aab	sbverify: clean up openssl init Remove a duplicate call to ERR_load_crypto_strings, and move the digest init earlier. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-14 15:53:26 +08:00
Jeremy Kerr	c48e3922ca	sbverify: add check for invalid PKCS7 data Make sure d2i_PKCS7 returned a PKCS7 structure. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-14 15:52:03 +08:00
Jeremy Kerr	e3d6afbd61	sbverify: Add certificate chain verification Add an option (--cert <file>) to specify a root certificate (or certificates) to use as a trusted CA. Verification can be disabled with --no-verify. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-14 15:48:30 +08:00
Jeremy Kerr	e404a4d412	verify: move idc-related parsing to idc.c Extract the IDC-parsing code from IDC_check_hash, and use it to initialise a BIO. This BIO can then be used to perform the PKCS7 verification. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 23:12:18 -07:00
Jeremy Kerr	d5f1a61b99	sbsign: fix incorrect check for certificate load Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 21:35:09 -07:00
Jeremy Kerr	ef7966087d	image: reformat gap warnings Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 21:32:23 -07:00
Jeremy Kerr	f7f7ad00a3	image: add cert table to image size Don't warn when the certificate table is the only un-hashed data. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 21:31:43 -07:00
Jeremy Kerr	4e89b9a1ee	sbverify: Add check for image hash Add a check to match the calculated image's hash against the one found in the PKCS7 IndirectDataContext Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 21:21:20 -07:00
Jeremy Kerr	b929aaa655	sbverify: check for presence of signature table Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-05-12 10:47:21 -07:00

1 2

60 commits