rots-utils: add and sign timestamps

master
S.J.R. van Schaik 7 years ago
parent 5494d66eeb
commit 49cb64ba30
  1. 2
      include/image.h
  2. 12
      source/image.c
  3. 2
      source/pack.c
  4. 12
      source/sign.c
  5. 11
      source/verify.c

@ -6,12 +6,14 @@
#define ROTS_MAGIC "ROTS-IMG"
struct rots_hdr {
uint64_t timestamp;
uint64_t size;
};
struct rots_sig_hdr {
char *name;
char *digest;
uint64_t timestamp;
uint32_t size;
};

@ -111,6 +111,9 @@ int rots_read_hdr(FILE *fp, struct rots_hdr *hdr)
if (memcmp(magic, ROTS_MAGIC, 8) != 0)
return -1;
if (read_u64(fp, &hdr->timestamp) < sizeof hdr->timestamp)
return -1;
if (read_u64(fp, &hdr->size) < sizeof hdr->size)
return -1;
@ -122,6 +125,9 @@ int rots_write_hdr(FILE *fp, struct rots_hdr *hdr)
if (fwrite(ROTS_MAGIC, sizeof(char), 8, fp) < 8)
return -1;
if (write_u64(fp, hdr->timestamp) < sizeof hdr->timestamp)
return -1;
if (write_u64(fp, hdr->size) < sizeof hdr->size)
return -1;
@ -150,6 +156,9 @@ int rots_read_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
if (fread(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
goto err_free_digest;
if (read_u64(fp, &sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
goto err_free_digest;
if (read_u32(fp, &sig_hdr->size) < sizeof sig_hdr->size)
goto err_free_digest;
@ -182,6 +191,9 @@ int rots_write_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
if (fwrite(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
return -1;
if (write_u64(fp, sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
return -1;
if (write_u32(fp, sig_hdr->size) < sizeof sig_hdr->size)
return -1;

@ -1,4 +1,5 @@
#include <stdio.h>
#include <time.h>
#include <getopt.h>
@ -70,6 +71,7 @@ int do_pack(int argc, char *argv[])
}
get_file_size(&size, args.input);
hdr.timestamp = (uint64_t)time(NULL);
hdr.size = size;
if (rots_write_hdr(output, &hdr) < 0)

@ -1,6 +1,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <getopt.h>
@ -88,7 +89,8 @@ static int sign(const char *image, const char *name, const char *digest_name,
if (rots_read_hdr(fp, &hdr) < 0)
goto err_close_image;
size = hdr.size;
size = hdr.size + ftell(fp);
fseek(fp, 0, SEEK_SET);
if (!(ctx = EVP_MD_CTX_create()))
goto err_close_image;
@ -103,7 +105,7 @@ static int sign(const char *image, const char *name, const char *digest_name,
nbytes = fread(data, sizeof *data, min(size, sizeof data), fp);
if (nbytes == 0)
return -1;
goto err_destroy_ctx;
if (!(EVP_DigestSignUpdate(ctx, data, nbytes)))
goto err_destroy_ctx;
@ -111,6 +113,12 @@ static int sign(const char *image, const char *name, const char *digest_name,
size -= nbytes;
}
sig_hdr.timestamp = (uint64_t)time(NULL);
if (!(EVP_DigestSignUpdate(ctx, &sig_hdr.timestamp,
sizeof sig_hdr.timestamp)))
goto err_destroy_ctx;
if (!(EVP_DigestSignFinal(ctx, NULL, &sig_len)))
goto err_destroy_ctx;

@ -82,7 +82,7 @@ static X509 *X509_find_cert_by_common_name(const char *path, const char *name)
}
static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
unsigned char *sig, size_t sig_len)
struct rots_sig_hdr *sig_hdr, unsigned char *sig, size_t sig_len)
{
char data[512];
struct rots_hdr hdr;
@ -101,7 +101,8 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
if (rots_read_hdr(fp, &hdr) < 0)
goto err_close_image;
size = hdr.size;
size = hdr.size + ftell(fp);
fseek(fp, 0, SEEK_SET);
if (!(ctx = EVP_MD_CTX_create()))
goto err_close_image;
@ -124,6 +125,10 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
size -= nbytes;
}
if (!(EVP_DigestVerifyUpdate(ctx, &sig_hdr->timestamp,
sizeof sig_hdr->timestamp)))
goto err_destroy_ctx;
if (EVP_DigestVerifyFinal(ctx, sig, sig_len) == 1) {
ret = 0;
} else {
@ -195,7 +200,7 @@ static int verify_all(size_t *count, size_t *total, const char *ca_path, const c
goto err_close_image;
}
ret = verify(image, sig_hdr.digest, key, sig, sig_hdr.size);
ret = verify(image, sig_hdr.digest, key, &sig_hdr, sig, sig_hdr.size);
free(sig);
if (ret == 0)

Loading…
Cancel
Save