Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:
image_add_signature(image, sig, sigsize);
image_remove_signature(image);
And warn when a signature is to be overwritten.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
sbattach --detach isn't working, as we're not properly setting sigbuf in
image_pecoff parse.
This change ensures we populate sigbuf when we find a valid cert table.
Also, add a test case for this.
Bug report & initial patch from from Steve Langasek.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a test to check the validity of the certificate table header,
ensuring that parsing the header gives us the valid certificate.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a test for the invalid PKCS7 signature attaching. This test
generates 1K of zero bytes as an invalid signature to attach.
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a few tests for the sign, verify, attach and detach code. These
require some additional infrastructure to create a sample PE/COFF
executable, plus a key & cert for testing.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>