From 49cb64ba30db8e5146626bac0c027daf745b40c6 Mon Sep 17 00:00:00 2001
From: "S.J.R. van Schaik" <stephan@synkhronix.com>
Date: Fri, 7 Jul 2017 16:03:33 +0200
Subject: [PATCH] rots-utils: add and sign timestamps

---
 include/image.h |  2 ++
 source/image.c  | 12 ++++++++++++
 source/pack.c   |  2 ++
 source/sign.c   | 12 ++++++++++--
 source/verify.c | 11 ++++++++---
 5 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/include/image.h b/include/image.h
index 092a9ae..4b113f4 100644
--- a/include/image.h
+++ b/include/image.h
@@ -6,12 +6,14 @@
 #define ROTS_MAGIC "ROTS-IMG"
 
 struct rots_hdr {
+	uint64_t timestamp;
 	uint64_t size;
 };
 
 struct rots_sig_hdr {
 	char *name;
 	char *digest;
+	uint64_t timestamp;
 	uint32_t size;
 };
 
diff --git a/source/image.c b/source/image.c
index af58384..3a72194 100644
--- a/source/image.c
+++ b/source/image.c
@@ -111,6 +111,9 @@ int rots_read_hdr(FILE *fp, struct rots_hdr *hdr)
 	if (memcmp(magic, ROTS_MAGIC, 8) != 0)
 		return -1;
 
+	if (read_u64(fp, &hdr->timestamp) < sizeof hdr->timestamp)
+		return -1;
+
 	if (read_u64(fp, &hdr->size) < sizeof hdr->size)
 		return -1;
 
@@ -122,6 +125,9 @@ int rots_write_hdr(FILE *fp, struct rots_hdr *hdr)
 	if (fwrite(ROTS_MAGIC, sizeof(char), 8, fp) < 8)
 		return -1;
 
+	if (write_u64(fp, hdr->timestamp) < sizeof hdr->timestamp)
+		return -1;
+
 	if (write_u64(fp, hdr->size) < sizeof hdr->size)
 		return -1;
 
@@ -150,6 +156,9 @@ int rots_read_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
 	if (fread(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
 		goto err_free_digest;
 
+	if (read_u64(fp, &sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
+		goto err_free_digest;
+
 	if (read_u32(fp, &sig_hdr->size) < sizeof sig_hdr->size)
 		goto err_free_digest;
 
@@ -182,6 +191,9 @@ int rots_write_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
 	if (fwrite(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
 		return -1;
 
+	if (write_u64(fp, sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
+		return -1;
+
 	if (write_u32(fp, sig_hdr->size) < sizeof sig_hdr->size)
 		return -1;
 
diff --git a/source/pack.c b/source/pack.c
index d2057b8..d186916 100644
--- a/source/pack.c
+++ b/source/pack.c
@@ -1,4 +1,5 @@
 #include <stdio.h>
+#include <time.h>
 
 #include <getopt.h>
 
@@ -70,6 +71,7 @@ int do_pack(int argc, char *argv[])
 	}
 
 	get_file_size(&size, args.input);
+	hdr.timestamp = (uint64_t)time(NULL);
 	hdr.size = size;
 
 	if (rots_write_hdr(output, &hdr) < 0)
diff --git a/source/sign.c b/source/sign.c
index a12b920..6236dea 100644
--- a/source/sign.c
+++ b/source/sign.c
@@ -1,6 +1,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <time.h>
 
 #include <getopt.h>
 
@@ -88,7 +89,8 @@ static int sign(const char *image, const char *name, const char *digest_name,
 	if (rots_read_hdr(fp, &hdr) < 0)
 		goto err_close_image;
 
-	size = hdr.size;
+	size = hdr.size + ftell(fp);
+	fseek(fp, 0, SEEK_SET);
 
 	if (!(ctx = EVP_MD_CTX_create()))
 		goto err_close_image;
@@ -103,7 +105,7 @@ static int sign(const char *image, const char *name, const char *digest_name,
 		nbytes = fread(data, sizeof *data, min(size, sizeof data), fp);
 
 		if (nbytes == 0)
-			return -1;
+			goto err_destroy_ctx;
 
 		if (!(EVP_DigestSignUpdate(ctx, data, nbytes)))
 			goto err_destroy_ctx;
@@ -111,6 +113,12 @@ static int sign(const char *image, const char *name, const char *digest_name,
 		size -= nbytes;
 	}
 
+	sig_hdr.timestamp = (uint64_t)time(NULL);
+
+	if (!(EVP_DigestSignUpdate(ctx, &sig_hdr.timestamp,
+		sizeof sig_hdr.timestamp)))
+		goto err_destroy_ctx;
+
 	if (!(EVP_DigestSignFinal(ctx, NULL, &sig_len)))
 		goto err_destroy_ctx;
 
diff --git a/source/verify.c b/source/verify.c
index 500714b..60990b9 100644
--- a/source/verify.c
+++ b/source/verify.c
@@ -82,7 +82,7 @@ static X509 *X509_find_cert_by_common_name(const char *path, const char *name)
 }
 
 static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
-	unsigned char *sig, size_t sig_len)
+	struct rots_sig_hdr *sig_hdr, unsigned char *sig, size_t sig_len)
 {
 	char data[512];
 	struct rots_hdr hdr;
@@ -101,7 +101,8 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
 	if (rots_read_hdr(fp, &hdr) < 0)
 		goto err_close_image;
 
-	size = hdr.size;
+	size = hdr.size + ftell(fp);
+	fseek(fp, 0, SEEK_SET);
 
 	if (!(ctx = EVP_MD_CTX_create()))
 		goto err_close_image;
@@ -124,6 +125,10 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
 		size -= nbytes;
 	}
 
+	if (!(EVP_DigestVerifyUpdate(ctx, &sig_hdr->timestamp,
+		sizeof sig_hdr->timestamp)))
+		goto err_destroy_ctx;
+
 	if (EVP_DigestVerifyFinal(ctx, sig, sig_len) == 1) {
 		ret = 0;
 	} else {
@@ -195,7 +200,7 @@ static int verify_all(size_t *count, size_t *total, const char *ca_path, const c
 			goto err_close_image;
 		}
 
-		ret = verify(image, sig_hdr.digest, key, sig, sig_hdr.size);
+		ret = verify(image, sig_hdr.digest, key, &sig_hdr, sig, sig_hdr.size);
 		free(sig);
 
 		if (ret == 0)