vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
sbsigntools/tests/cert-table-header.sh
Jeremy Kerr 1187df3459 tests: run tests for each arch 
Since we can sign i386 PE/COFF images, run the tests on both x86-64 and
i386 binaries.

We do this by moving test.pecoff to test-<arch>.pecoff, and using
automake's parallel-test option to add a wrapper to each test execution.
This wrapper calls each test once per arch (as defined in TEST_ARCHES),
and checks for failures in any invocation.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 13:14:09 +08:00

69 lines
1.7 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash -e
# Parse the data directory of a PE/COFF file and returns two hex values:
# the file offset and size of the signature table.
function sigtable_params() {
filename="$1"
objdump -p "$filename" | awk '/^Entry 4/ {print "0x"$3 " " "0x"$4}'
}
# Extract the signature from a file containing a signature table,
# and write to stdout
function extract_sig() {
filename="$1"
cert_table_header_size=8
params=($(hexdump -n$cert_table_header_size \
-e '/4 "%u " /2 "%04x " /2 "%04x\n"' \
"$filename"))
cert_size=${params[0]}
cert_revision=${params[1]}
cert_type=${params[2]}
# check type & revision
[ "$cert_revision" -eq '0200' ]
[ "$cert_type" -eq '0002' ]
dd if="$filename" bs=1 skip=$cert_table_header_size \
count=$(($cert_size - $cert_table_header_size)) 2>/dev/null
}
function repeat() {
str=$1
count=$2
for (( i = 0; $i < $count; i++ ))
do
echo -n "$str"
done
}
cert="test.cert"
signed="test.signed"
for i in {1..8}
do
# generate a variable-length parameter for the certificate subject
subj="/CN=$(repeat 'x' $i)"
# create a temporary cert, and sign the image with it
openssl req -x509 -sha256 -subj "$subj" -new -key "$key" -out "$cert"
"$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image"
# extract the sigtable
params=($(sigtable_params "$signed"))
# split and convert to base-10
sigtable_offset=$((${params[0]}))
sigtable_size=$((${params[1]}))
# check that we have a correctly-padded sigtable
[ $(($sigtable_size % 8)) -eq 0 ]
sigtable='test.sigtable'
dd if="$signed" bs=1 skip=$sigtable_offset count=$sigtable_size \
of=$sigtable 2>/dev/null
# extract sig, and feed to openssl's PKCS7 parser
extract_sig "$sigtable" | openssl pkcs7 -inform DER -noout
done
Reference in a new issue View git blame Copy permalink