rots-utils: add and sign timestamps
This commit is contained in:
S.J.R. van Schaik
parent
5494d66eeb
commit
49cb64ba30
5 changed files with 34 additions and 5 deletions
|
|
@ -6,12 +6,14 @@
|
|||
#define ROTS_MAGIC "ROTS-IMG"
|
||||
|
||||
struct rots_hdr {
|
||||
uint64_t timestamp;
|
||||
uint64_t size;
|
||||
};
|
||||
|
||||
struct rots_sig_hdr {
|
||||
char *name;
|
||||
char *digest;
|
||||
uint64_t timestamp;
|
||||
uint32_t size;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -111,6 +111,9 @@ int rots_read_hdr(FILE *fp, struct rots_hdr *hdr)
|
|||
if (memcmp(magic, ROTS_MAGIC, 8) != 0)
|
||||
return -1;
|
||||
|
||||
if (read_u64(fp, &hdr->timestamp) < sizeof hdr->timestamp)
|
||||
return -1;
|
||||
|
||||
if (read_u64(fp, &hdr->size) < sizeof hdr->size)
|
||||
return -1;
|
||||
|
||||
|
|
@ -122,6 +125,9 @@ int rots_write_hdr(FILE *fp, struct rots_hdr *hdr)
|
|||
if (fwrite(ROTS_MAGIC, sizeof(char), 8, fp) < 8)
|
||||
return -1;
|
||||
|
||||
if (write_u64(fp, hdr->timestamp) < sizeof hdr->timestamp)
|
||||
return -1;
|
||||
|
||||
if (write_u64(fp, hdr->size) < sizeof hdr->size)
|
||||
return -1;
|
||||
|
||||
|
|
@ -150,6 +156,9 @@ int rots_read_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
|
|||
if (fread(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
|
||||
goto err_free_digest;
|
||||
|
||||
if (read_u64(fp, &sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
|
||||
goto err_free_digest;
|
||||
|
||||
if (read_u32(fp, &sig_hdr->size) < sizeof sig_hdr->size)
|
||||
goto err_free_digest;
|
||||
|
||||
|
|
@ -182,6 +191,9 @@ int rots_write_sig_hdr(FILE *fp, struct rots_sig_hdr *sig_hdr)
|
|||
if (fwrite(sig_hdr->digest, sizeof *sig_hdr->digest, len, fp) < len)
|
||||
return -1;
|
||||
|
||||
if (write_u64(fp, sig_hdr->timestamp) < sizeof sig_hdr->timestamp)
|
||||
return -1;
|
||||
|
||||
if (write_u32(fp, sig_hdr->size) < sizeof sig_hdr->size)
|
||||
return -1;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <getopt.h>
|
||||
|
||||
|
|
@ -70,6 +71,7 @@ int do_pack(int argc, char *argv[])
|
|||
}
|
||||
|
||||
get_file_size(&size, args.input);
|
||||
hdr.timestamp = (uint64_t)time(NULL);
|
||||
hdr.size = size;
|
||||
|
||||
if (rots_write_hdr(output, &hdr) < 0)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <getopt.h>
|
||||
|
||||
|
|
@ -88,7 +89,8 @@ static int sign(const char *image, const char *name, const char *digest_name,
|
|||
if (rots_read_hdr(fp, &hdr) < 0)
|
||||
goto err_close_image;
|
||||
|
||||
size = hdr.size;
|
||||
size = hdr.size + ftell(fp);
|
||||
fseek(fp, 0, SEEK_SET);
|
||||
|
||||
if (!(ctx = EVP_MD_CTX_create()))
|
||||
goto err_close_image;
|
||||
|
|
@ -103,7 +105,7 @@ static int sign(const char *image, const char *name, const char *digest_name,
|
|||
nbytes = fread(data, sizeof *data, min(size, sizeof data), fp);
|
||||
|
||||
if (nbytes == 0)
|
||||
return -1;
|
||||
goto err_destroy_ctx;
|
||||
|
||||
if (!(EVP_DigestSignUpdate(ctx, data, nbytes)))
|
||||
goto err_destroy_ctx;
|
||||
|
|
@ -111,6 +113,12 @@ static int sign(const char *image, const char *name, const char *digest_name,
|
|||
size -= nbytes;
|
||||
}
|
||||
|
||||
sig_hdr.timestamp = (uint64_t)time(NULL);
|
||||
|
||||
if (!(EVP_DigestSignUpdate(ctx, &sig_hdr.timestamp,
|
||||
sizeof sig_hdr.timestamp)))
|
||||
goto err_destroy_ctx;
|
||||
|
||||
if (!(EVP_DigestSignFinal(ctx, NULL, &sig_len)))
|
||||
goto err_destroy_ctx;
|
||||
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ static X509 *X509_find_cert_by_common_name(const char *path, const char *name)
|
|||
}
|
||||
|
||||
static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
|
||||
unsigned char *sig, size_t sig_len)
|
||||
struct rots_sig_hdr *sig_hdr, unsigned char *sig, size_t sig_len)
|
||||
{
|
||||
char data[512];
|
||||
struct rots_hdr hdr;
|
||||
|
|
@ -101,7 +101,8 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
|
|||
if (rots_read_hdr(fp, &hdr) < 0)
|
||||
goto err_close_image;
|
||||
|
||||
size = hdr.size;
|
||||
size = hdr.size + ftell(fp);
|
||||
fseek(fp, 0, SEEK_SET);
|
||||
|
||||
if (!(ctx = EVP_MD_CTX_create()))
|
||||
goto err_close_image;
|
||||
|
|
@ -124,6 +125,10 @@ static int verify(const char *image, const char *digest_name, EVP_PKEY *key,
|
|||
size -= nbytes;
|
||||
}
|
||||
|
||||
if (!(EVP_DigestVerifyUpdate(ctx, &sig_hdr->timestamp,
|
||||
sizeof sig_hdr->timestamp)))
|
||||
goto err_destroy_ctx;
|
||||
|
||||
if (EVP_DigestVerifyFinal(ctx, sig, sig_len) == 1) {
|
||||
ret = 0;
|
||||
} else {
|
||||
|
|
@ -195,7 +200,7 @@ static int verify_all(size_t *count, size_t *total, const char *ca_path, const c
|
|||
goto err_close_image;
|
||||
}
|
||||
|
||||
ret = verify(image, sig_hdr.digest, key, sig, sig_hdr.size);
|
||||
ret = verify(image, sig_hdr.digest, key, &sig_hdr, sig, sig_hdr.size);
|
||||
free(sig);
|
||||
|
||||
if (ret == 0)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue