Commit graph

68 commits

Author SHA1 Message Date
Jeremy Kerr
c48e3922ca sbverify: add check for invalid PKCS7 data
Make sure d2i_PKCS7 returned a PKCS7 structure.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:52:03 +08:00
Jeremy Kerr
e3d6afbd61 sbverify: Add certificate chain verification
Add an option (--cert <file>) to specify a root certificate (or
certificates) to use as a trusted CA.

Verification can be disabled with --no-verify.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-14 15:48:30 +08:00
Jeremy Kerr
e404a4d412 verify: move idc-related parsing to idc.c
Extract the IDC-parsing code from IDC_check_hash, and use it to
initialise a BIO. This BIO can then be used to perform the PKCS7
verification.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 23:12:18 -07:00
Jeremy Kerr
d5f1a61b99 sbsign: fix incorrect check for certificate load
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:35:09 -07:00
Jeremy Kerr
ef7966087d image: reformat gap warnings
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:32:23 -07:00
Jeremy Kerr
f7f7ad00a3 image: add cert table to image size
Don't warn when the certificate table is the only un-hashed data.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:31:43 -07:00
Jeremy Kerr
4e89b9a1ee sbverify: Add check for image hash
Add a check to match the calculated image's hash against the one found
in the PKCS7 IndirectDataContext

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:21:20 -07:00
Jeremy Kerr
b929aaa655 sbverify: check for presence of signature table
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 10:47:21 -07:00
Jeremy Kerr
7c256bc407 Makefile: add $(tools) var
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:48:51 -07:00
Jeremy Kerr
902cb928b6 sbsigntool -> sbsign
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:45:22 -07:00
Jeremy Kerr
b3dc6529eb image: open output file with O_TRUNC
Prevents weirdness when overwriting old files.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:44:17 -07:00
Jeremy Kerr
fcf663b560 sbsigntooL: expand usage info
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 09:09:57 +08:00
Jeremy Kerr
0e9c5f7496 Add GPLv3 text in COPYING
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 09:01:05 +08:00
Jeremy Kerr
348a43e3f1 coff: remove unneeded coff includes
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-24 08:38:57 +08:00
Jeremy Kerr
1d3ebb7b24 Add copyright comments
GPLv3; the sources include parts of binutils, include parts of ccan,
and have been partially based of osslsigntool.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 18:14:42 +08:00
Jeremy Kerr
da5568e8ff image: warn about potential checksum differences
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:42:45 +08:00
Jeremy Kerr
d8eadfcc24 idc: allocate using the image context
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:36:08 +08:00
Jeremy Kerr
3b802fe3da Initial commit
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:25:19 +08:00