Commit graph

55 commits

Author SHA1 Message Date
Ivan Hu
4d892eb723 tests: Add a test to check invalid PKCS7 signature attaching
Add a test for the invalid PKCS7 signature attaching. This test
generates 1K of zero bytes as an invalid signature to attach.

Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-19 17:11:25 +08:00
Ivan Hu
e80a975ff9 sbattach: Check that attached signatures are valid PKCS7 data
Check detached signatures to ensure that we're attaching a valid PKCS7
object. If no, show a warning message and skip the attach action.

Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-19 17:09:48 +08:00
Jeremy Kerr
71f6b9b5cb sbverify: Use a variable for image filename
... rather than using argv[optind] multiple times.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-14 10:32:50 +08:00
Jeremy Kerr
376974e386 image: Unconditionally parse PE/COFF data
Rather than requiring an explicit image_pecoff_parse, do it
unconditionally in image_load. We don't have any instances where we need
to do this separately.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 17:39:34 +08:00
Jeremy Kerr
186f1d59d9 sbverify: Check for failed image load
Currently, sbverify will segfault when it can't load an image file, as
the image is used unconditionally. This change adds a check to ensure we
continue with a valid image pointer.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 17:30:31 +08:00
Jeremy Kerr
0568983fab tests: Add tests for missing image, cert & key files
Currently causes a segfault in verify-missing-image.sh.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 17:30:31 +08:00
Jeremy Kerr
b3edb1fb72 tests: Execute tests in a clean (temporary) directory
Instead of executing in the current (build) directory, create a
temporary directory and change into it before running any tests. This
ensures that tests aren't relying on left-overs from previous test runs.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 16:56:28 +08:00
Jeremy Kerr
1be14f0c9b tests: Use COMPILE.S for assembing test object
Currently, ASFLAGS is not used, as we call $(AS) directly. Use
$(COMPILE.S) instead.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 16:23:00 +08:00
Jeremy Kerr
2added6a45 Version 0.2
We have a new tool (sbattach) now, so bump to version 0.2.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:30:29 +08:00
Jeremy Kerr
8e14f39980 docs: Add simple manpage for sbattach
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:28:57 +08:00
Jeremy Kerr
59641438fb automake: Clean generated man files
`make distcheck` fails with the following error:

  ERROR: files left in build directory after distclean:
  ./docs/sbverify.1
  ./docs/sbsign.1

This change adds a CLEANFILES rule for the generated manpages.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:26:08 +08:00
Jeremy Kerr
b05afccde0 tests: Add a few simple tests
Add a few tests for the sign, verify, attach and detach code. These
require some additional infrastructure to create a sample PE/COFF
executable, plus a key & cert for testing.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:23:26 +08:00
Jeremy Kerr
0c5de30566 Remove unused test.c file
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 10:02:59 +08:00
Jeremy Kerr
edf1d26d49 sbattach: Add too to manage detached signatures
Add a third tool (`sbattach`) to attach and detach signatures from
PE/COFF files.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-12 17:47:38 +08:00
Jeremy Kerr
be7559abfe image: Add facility to write unsigned images
Change image_write_signed to image_write, and conditionally write the
signature if one is present.

This will allow us to write unsigned images when detaching a sig from an
image.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-12 10:19:08 +08:00
Jeremy Kerr
a8f1453a53 sbsign,sbverify: Update getopt_long optstrings
The optstrings for sbsign and sbverify are out of sync with the long
options, this change brings them up to date.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 19:49:28 +08:00
Jeremy Kerr
dc9ffc752f sbverify: Add support for detached signatures
Allow sbverify to read PKCS7 data from a separate file with the
'--detached <file>' option.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 17:19:15 +08:00
Jeremy Kerr
f457bb21f1 sbverify: Split image signature table reading to separate function
We'd like to read detached signatures too, so split the
signature-buffer-reading code into a separate function.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 17:04:17 +08:00
Jeremy Kerr
ffc1f41ace Fix warnings from added -W flags
Fix a few warnings:

 idc.c: In function ‘IDC_get’:
 idc.c:248:12: warning: ‘idclen’ may be used uninitialised in this function [-Wuninitialized]

 image.c: In function ‘image_load’:
 image.c:37:15: warning: unused variable ‘bytes_read’ [-Wunused-variable]

Plus, a bunch of strict-aliasing warnings:

 image.c:101:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
 [ similar warnings trimmed ]

when compiling image.c. Since struct external_PEI_DOS_hdr uses char[]
types for all members, we need to use accessors here.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 16:54:42 +08:00
Jeremy Kerr
34edfd6348 automake: Add -Wall -Wextra CFLAGS
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 15:59:48 +08:00
Jeremy Kerr
3c9815acc6 sbsign: Add --detached option to create detached PKCS7 signatures
Add an option (--detached) to sbsign, which creates a detached
signature, rather than embedding it in the PE/COFF signature table.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 15:59:48 +08:00
Jeremy Kerr
f98a885cfa sbsign: fix flag for verbose operation
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 14:54:57 +08:00
Jeremy Kerr
9786761e4f docs: Fix manpage creation
$(builddir) should be $(top_builddir), and we need a valid definition of
MKDIR_P to create the docs.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 14:37:33 +08:00
Adam Conrad
b0619274fd autogen.sh: Fix ccan_module assignment
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-29 09:33:05 +08:00
Jeremy Kerr
9a4440676c image: use read_write_all from ccan
Rather than using our own functions for reading/writing an entire
buffer, use ccan's.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:44:39 +08:00
Jeremy Kerr
3bb18f8ed9 image: Fix format specifier for 32-bit builds
Use %t rather than assuming typeof(ptr - int) == unsigned long.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:35:48 +08:00
Jeremy Kerr
3def238360 autoconfiscate
Add autoconf & automake metadata, plus required files for automake to
run without complaint.

Requires an update to ccan, to get the --build-type argument to
create-ccan-tree.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:35:48 +08:00
Jeremy Kerr
42c7160576 docs: Add initial manpages
Mostly generated from help2man output.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-24 15:17:26 +08:00
Jeremy Kerr
fcf3cdf70a sbsign,sbverify: help2man-ize usage output
Update the usage output of sbsign and sbverify so that it can be better
parsed by help2man. Also, add --version and --help.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-24 15:17:25 +08:00
Jeremy Kerr
e83712388f Makefile: Add dist targets
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-24 15:17:24 +08:00
Jeremy Kerr
c74f1ceeb1 ccan: Add ccan import logic
Add make logic to import lib/ccan from lib/ccan.git. We need to set some
dependencies on $(obj) to ensure the the ccan headers are available
before starting the main build.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-24 15:17:24 +08:00
Jeremy Kerr
90c4c8718e Move ccan submodule
Move the ccan git submodule to lib/ccan.git, so we can use ccan's
create-ccan-tree utility.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-24 15:17:18 +08:00
Jeremy Kerr
3e6c9347be Remove unused header
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-15 14:19:00 +08:00
Jeremy Kerr
e27f10f6c2 Remove pkcs7-simple test file
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 16:30:12 +08:00
Jeremy Kerr
f4b2d3618f Makefile: add install target
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 16:06:01 +08:00
Jeremy Kerr
40bc6428d1 Makefile: Comment components
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:57:10 +08:00
Jeremy Kerr
17f77a9aab sbverify: clean up openssl init
Remove a duplicate call to ERR_load_crypto_strings, and move the digest
init earlier.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:53:26 +08:00
Jeremy Kerr
c48e3922ca sbverify: add check for invalid PKCS7 data
Make sure d2i_PKCS7 returned a PKCS7 structure.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:52:03 +08:00
Jeremy Kerr
e3d6afbd61 sbverify: Add certificate chain verification
Add an option (--cert <file>) to specify a root certificate (or
certificates) to use as a trusted CA.

Verification can be disabled with --no-verify.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:48:30 +08:00
Jeremy Kerr
e404a4d412 verify: move idc-related parsing to idc.c
Extract the IDC-parsing code from IDC_check_hash, and use it to
initialise a BIO. This BIO can then be used to perform the PKCS7
verification.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 23:12:18 -07:00
Jeremy Kerr
d5f1a61b99 sbsign: fix incorrect check for certificate load
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:35:09 -07:00
Jeremy Kerr
ef7966087d image: reformat gap warnings
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:32:23 -07:00
Jeremy Kerr
f7f7ad00a3 image: add cert table to image size
Don't warn when the certificate table is the only un-hashed data.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:31:43 -07:00
Jeremy Kerr
4e89b9a1ee sbverify: Add check for image hash
Add a check to match the calculated image's hash against the one found
in the PKCS7 IndirectDataContext

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:21:20 -07:00
Jeremy Kerr
b929aaa655 sbverify: check for presence of signature table
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 10:47:21 -07:00
Jeremy Kerr
7c256bc407 Makefile: add $(tools) var
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:48:51 -07:00
Jeremy Kerr
902cb928b6 sbsigntool -> sbsign
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:45:22 -07:00
Jeremy Kerr
b3dc6529eb image: open output file with O_TRUNC
Prevents weirdness when overwriting old files.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:44:17 -07:00
Jeremy Kerr
fcf663b560 sbsigntooL: expand usage info
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 09:09:57 +08:00
Jeremy Kerr
0e9c5f7496 Add GPLv3 text in COPYING
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 09:01:05 +08:00