TBM/tbm-utils
2
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

rots-utils: add and sign timestamps

Browse source
This commit is contained in:
S.J.R. van Schaik 2017-07-07 16:03:33 +02:00
parent 5494d66eeb
commit 49cb64ba30
5 changed files with 34 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/image.h
View file

@ -6,12 +6,14 @@
#define ROTS_MAGIC "ROTS-IMG" #define ROTS_MAGIC "ROTS-IMG"
struct rots_hdr { struct rots_hdr {
uint64_t timestamp;
uint64_t size; uint64_t size;
}; };
struct rots_sig_hdr { struct rots_sig_hdr {
char *name; char *name;
char *digest; char *digest;
uint64_t timestamp;
uint32_t size; uint32_t size;
}; };

12
source/image.c
View file

@ -111,6 +111,9 @@ int rots_read_hdr(FILE *fp, struct rots_hdr *hdr)
if (memcmp(magic, ROTS_MAGIC, 8) != 0) if (memcmp(magic, ROTS_MAGIC, 8) != 0)
return -1; return -1;
if (read_u64(fp, &hdr->timestamp) < sizeof hdr->timestamp)
return -1;
if (read_u64(fp, &hdr->size) < sizeof hdr->size) if (read_u64(fp, &hdr->size) < sizeof hdr->size)
return -1; return -1;
@ -122,6 +125,9 @@ int rots_write_hdr(FILE *fp, struct rots_hdr *hdr)
if (fwrite(ROTS_MAGIC, sizeof(char), 8, fp) < 8) if (fwrite(ROTS_MAGIC, sizeof(char), 8, fp) < 8)
return -1; return -1;
if (write_u64(fp, hdr->timestamp) < sizeof hdr->timestamp)
return -1;
if (write_u64(fp, hdr->size) < sizeof hdr->size) if (write_u64(fp, hdr->size) < sizeof hdr->size)
return -1; return -1;
@ -150,6 +156,9 @@ int rots_read_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
if (fread(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len) if (fread(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
goto err_free_digest; goto err_free_digest;
if (read_u64(fp, &sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
goto err_free_digest;
if (read_u32(fp, &sig_hdr->size) < sizeof sig_hdr->size) if (read_u32(fp, &sig_hdr->size) < sizeof sig_hdr->size)
goto err_free_digest; goto err_free_digest;
@ -182,6 +191,9 @@ int rots_write_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
if (fwrite(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len) if (fwrite(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
return -1; return -1;
if (write_u64(fp, sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
return -1;
if (write_u32(fp, sig_hdr->size) < sizeof sig_hdr->size) if (write_u32(fp, sig_hdr->size) < sizeof sig_hdr->size)
return -1; return -1;

2
source/pack.c
View file

@ -1,4 +1,5 @@
#include <stdio.h> #include <stdio.h>
#include <time.h>
#include <getopt.h> #include <getopt.h>
@ -70,6 +71,7 @@ int do_pack(int argc, char *argv[])
} }
get_file_size(&size, args.input); get_file_size(&size, args.input);
hdr.timestamp = (uint64_t)time(NULL);
hdr.size = size; hdr.size = size;
if (rots_write_hdr(output, &hdr) < 0) if (rots_write_hdr(output, &hdr) < 0)

12
source/sign.c
View file

@ -1,6 +1,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h>
#include <getopt.h> #include <getopt.h>
@ -88,7 +89,8 @@ static int sign(const char *image, const char *name, const char *digest_name,
if (rots_read_hdr(fp, &hdr) < 0) if (rots_read_hdr(fp, &hdr) < 0)
goto err_close_image; goto err_close_image;
size = hdr.size; size = hdr.size + ftell(fp);
fseek(fp, 0, SEEK_SET);
if (!(ctx = EVP_MD_CTX_create())) if (!(ctx = EVP_MD_CTX_create()))
goto err_close_image; goto err_close_image;
@ -103,7 +105,7 @@ static int sign(const char *image, const char *name, const char *digest_name,
nbytes = fread(data, sizeof *data, min(size, sizeof data), fp); nbytes = fread(data, sizeof *data, min(size, sizeof data), fp);
if (nbytes == 0) if (nbytes == 0)
return -1; goto err_destroy_ctx;
if (!(EVP_DigestSignUpdate(ctx, data, nbytes))) if (!(EVP_DigestSignUpdate(ctx, data, nbytes)))
goto err_destroy_ctx; goto err_destroy_ctx;
@ -111,6 +113,12 @@ static int sign(const char *image, const char *name, const char *digest_name,
size -= nbytes; size -= nbytes;
} }
sig_hdr.timestamp = (uint64_t)time(NULL);
if (!(EVP_DigestSignUpdate(ctx, &sig_hdr.timestamp,
sizeof sig_hdr.timestamp)))
goto err_destroy_ctx;
if (!(EVP_DigestSignFinal(ctx, NULL, &sig_len))) if (!(EVP_DigestSignFinal(ctx, NULL, &sig_len)))
goto err_destroy_ctx; goto err_destroy_ctx;

11
source/verify.c
View file

@ -82,7 +82,7 @@ static X509 *X509_find_cert_by_common_name(const char *path, const char *name)
} }
static int verify(const char *image, const char *digest_name, EVP_PKEY *key, static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
unsigned char *sig, size_t sig_len) struct rots_sig_hdr *sig_hdr, unsigned char *sig, size_t sig_len)
{ {
char data[512]; char data[512];
struct rots_hdr hdr; struct rots_hdr hdr;
@ -101,7 +101,8 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
if (rots_read_hdr(fp, &hdr) < 0) if (rots_read_hdr(fp, &hdr) < 0)
goto err_close_image; goto err_close_image;
size = hdr.size; size = hdr.size + ftell(fp);
fseek(fp, 0, SEEK_SET);
if (!(ctx = EVP_MD_CTX_create())) if (!(ctx = EVP_MD_CTX_create()))
goto err_close_image; goto err_close_image;
@ -124,6 +125,10 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
size -= nbytes; size -= nbytes;
} }
if (!(EVP_DigestVerifyUpdate(ctx, &sig_hdr->timestamp,
sizeof sig_hdr->timestamp)))
goto err_destroy_ctx;
if (EVP_DigestVerifyFinal(ctx, sig, sig_len) == 1) { if (EVP_DigestVerifyFinal(ctx, sig, sig_len) == 1) {
ret = 0; ret = 0;
} else { } else {
@ -195,7 +200,7 @@ static int verify_all(size_t *count, size_t *total, const char *ca_path, const c
goto err_close_image; goto err_close_image;
} }
ret = verify(image, sig_hdr.digest, key, sig, sig_hdr.size); ret = verify(image, sig_hdr.digest, key, &sig_hdr, sig, sig_hdr.size);
free(sig); free(sig);
if (ret == 0) if (ret == 0)