Commit graph

12 commits

Author SHA1 Message Date
Jeremy Kerr
a8f1453a53 sbsign,sbverify: Update getopt_long optstrings
The optstrings for sbsign and sbverify are out of sync with the long
options, this change brings them up to date.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 19:49:28 +08:00
Jeremy Kerr
dc9ffc752f sbverify: Add support for detached signatures
Allow sbverify to read PKCS7 data from a separate file with the
'--detached <file>' option.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 17:19:15 +08:00
Jeremy Kerr
f457bb21f1 sbverify: Split image signature table reading to separate function
We'd like to read detached signatures too, so split the
signature-buffer-reading code into a separate function.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 17:04:17 +08:00
Jeremy Kerr
fcf3cdf70a sbsign,sbverify: help2man-ize usage output
Update the usage output of sbsign and sbverify so that it can be better
parsed by help2man. Also, add --version and --help.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-24 15:17:25 +08:00
Jeremy Kerr
17f77a9aab sbverify: clean up openssl init
Remove a duplicate call to ERR_load_crypto_strings, and move the digest
init earlier.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:53:26 +08:00
Jeremy Kerr
c48e3922ca sbverify: add check for invalid PKCS7 data
Make sure d2i_PKCS7 returned a PKCS7 structure.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:52:03 +08:00
Jeremy Kerr
e3d6afbd61 sbverify: Add certificate chain verification
Add an option (--cert <file>) to specify a root certificate (or
certificates) to use as a trusted CA.

Verification can be disabled with --no-verify.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:48:30 +08:00
Jeremy Kerr
e404a4d412 verify: move idc-related parsing to idc.c
Extract the IDC-parsing code from IDC_check_hash, and use it to
initialise a BIO. This BIO can then be used to perform the PKCS7
verification.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 23:12:18 -07:00
Jeremy Kerr
4e89b9a1ee sbverify: Add check for image hash
Add a check to match the calculated image's hash against the one found
in the PKCS7 IndirectDataContext

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:21:20 -07:00
Jeremy Kerr
b929aaa655 sbverify: check for presence of signature table
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 10:47:21 -07:00
Jeremy Kerr
1d3ebb7b24 Add copyright comments
GPLv3; the sources include parts of binutils, include parts of ccan,
and have been partially based of osslsigntool.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 18:14:42 +08:00
Jeremy Kerr
3b802fe3da Initial commit
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:25:19 +08:00