Browse Source

[image] Add the "imgtrust" and "imgverify" commands

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 years ago
parent
commit
d1465f7b0b

+ 3
- 0
src/config/config.c View File

217
 #ifdef IMAGE_CMD
217
 #ifdef IMAGE_CMD
218
 REQUIRE_OBJECT ( image_cmd );
218
 REQUIRE_OBJECT ( image_cmd );
219
 #endif
219
 #endif
220
+#ifdef IMAGE_TRUST_CMD
221
+REQUIRE_OBJECT ( image_trust_cmd );
222
+#endif
220
 #ifdef DHCP_CMD
223
 #ifdef DHCP_CMD
221
 REQUIRE_OBJECT ( dhcp_cmd );
224
 REQUIRE_OBJECT ( dhcp_cmd );
222
 #endif
225
 #endif

+ 1
- 0
src/config/general.h View File

126
 //#define VLAN_CMD		/* VLAN commands */
126
 //#define VLAN_CMD		/* VLAN commands */
127
 //#define PXE_CMD		/* PXE commands */
127
 //#define PXE_CMD		/* PXE commands */
128
 //#define REBOOT_CMD		/* Reboot command */
128
 //#define REBOOT_CMD		/* Reboot command */
129
+//#define IMAGE_TRUST_CMD	/* Image trust management commands */
129
 
130
 
130
 /*
131
 /*
131
  * ROM-specific options
132
  * ROM-specific options

+ 172
- 0
src/hci/commands/image_trust_cmd.c View File

1
+/*
2
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3
+ *
4
+ * This program is free software; you can redistribute it and/or
5
+ * modify it under the terms of the GNU General Public License as
6
+ * published by the Free Software Foundation; either version 2 of the
7
+ * License, or any later version.
8
+ *
9
+ * This program is distributed in the hope that it will be useful, but
10
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12
+ * General Public License for more details.
13
+ *
14
+ * You should have received a copy of the GNU General Public License
15
+ * along with this program; if not, write to the Free Software
16
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17
+ */
18
+
19
+FILE_LICENCE ( GPL2_OR_LATER );
20
+
21
+#include <stdint.h>
22
+#include <stdio.h>
23
+#include <getopt.h>
24
+#include <ipxe/image.h>
25
+#include <ipxe/command.h>
26
+#include <ipxe/parseopt.h>
27
+#include <usr/imgmgmt.h>
28
+#include <usr/imgtrust.h>
29
+
30
+/** @file
31
+ *
32
+ * Image trust management commands
33
+ *
34
+ */
35
+
36
+/** "imgtrust" options */
37
+struct imgtrust_options {
38
+	/** Allow trusted images */
39
+	int allow;
40
+	/** Make trust requirement permanent */
41
+	int permanent;
42
+};
43
+
44
+/** "imgtrust" option list */
45
+static struct option_descriptor imgtrust_opts[] = {
46
+	OPTION_DESC ( "allow", 'a', no_argument,
47
+		      struct imgtrust_options, allow, parse_flag ),
48
+	OPTION_DESC ( "permanent", 'p', no_argument,
49
+		      struct imgtrust_options, permanent, parse_flag ),
50
+};
51
+
52
+/** "imgtrust" command descriptor */
53
+static struct command_descriptor imgtrust_cmd =
54
+	COMMAND_DESC ( struct imgtrust_options, imgtrust_opts, 0, 0,
55
+		       "[--allow] [--permanent]" );
56
+
57
+/**
58
+ * The "imgtrust" command
59
+ *
60
+ * @v argc		Argument count
61
+ * @v argv		Argument list
62
+ * @ret rc		Return status code
63
+ */
64
+static int imgtrust_exec ( int argc, char **argv ) {
65
+	struct imgtrust_options opts;
66
+	int rc;
67
+
68
+	/* Parse options */
69
+	if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 )
70
+		return rc;
71
+
72
+	/* Set trust requirement */
73
+	if ( ( rc = image_set_trust ( ( ! opts.allow ),
74
+				      opts.permanent ) ) != 0 ) {
75
+		printf ( "Could not set image trust requirement: %s\n",
76
+			 strerror ( rc ) );
77
+		return rc;
78
+	}
79
+
80
+	return 0;
81
+}
82
+
83
+/** "imgverify" options */
84
+struct imgverify_options {
85
+	/** Required signer common name */
86
+	const char *signer;
87
+	/** Keep signature after verification */
88
+	int keep;
89
+};
90
+
91
+/** "imgverify" option list */
92
+static struct option_descriptor imgverify_opts[] = {
93
+	OPTION_DESC ( "signer", 's', required_argument,
94
+		      struct imgverify_options, signer, parse_string ),
95
+	OPTION_DESC ( "keep", 'k', no_argument,
96
+		      struct imgverify_options, keep, parse_flag ),
97
+};
98
+
99
+/** "imgverify" command descriptor */
100
+static struct command_descriptor imgverify_cmd =
101
+	COMMAND_DESC ( struct imgverify_options, imgverify_opts, 2, 2,
102
+		       "[--signer <signer>] [--keep] <uri|image> "
103
+		       "<signature uri|image>" );
104
+
105
+/**
106
+ * The "imgverify" command
107
+ *
108
+ * @v argc		Argument count
109
+ * @v argv		Argument list
110
+ * @ret rc		Return status code
111
+ */
112
+static int imgverify_exec ( int argc, char **argv ) {
113
+	struct imgverify_options opts;
114
+	const char *image_name_uri;
115
+	const char *signature_name_uri;
116
+	struct image *image;
117
+	struct image *signature;
118
+	int rc;
119
+
120
+	/* Parse options */
121
+	if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 )
122
+		return rc;
123
+
124
+	/* Parse image name/URI string */
125
+	image_name_uri = argv[optind];
126
+
127
+	/* Parse signature name/URI string */
128
+	signature_name_uri = argv[ optind + 1 ];
129
+
130
+	/* Acquire the image */
131
+	if ( ( rc = imgacquire ( image_name_uri, &image ) ) != 0 )
132
+		goto err_acquire_image;
133
+
134
+	/* Acquire the signature image */
135
+	if ( ( rc = imgacquire ( signature_name_uri, &signature ) ) != 0 )
136
+		goto err_acquire_signature;
137
+
138
+	/* Verify image */
139
+	if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) {
140
+		printf ( "Could not verify: %s\n", strerror ( rc ) );
141
+		goto err_verify;
142
+	}
143
+
144
+	/* Success */
145
+	rc = 0;
146
+
147
+ err_verify:
148
+	/* Discard signature unless --keep was specified */
149
+	if ( ! opts.keep )
150
+		unregister_image ( signature );
151
+ err_acquire_signature:
152
+ err_acquire_image:
153
+	return rc;
154
+}
155
+
156
+/** Image trust management commands */
157
+struct command image_trust_commands[] __command = {
158
+	{
159
+		.name = "imgtrust",
160
+		.exec = imgtrust_exec,
161
+	},
162
+	{
163
+		.name = "imgverify",
164
+		.exec = imgverify_exec,
165
+	},
166
+};
167
+
168
+/* Drag in objects typically required for signature verification */
169
+REQUIRE_OBJECT ( rsa );
170
+REQUIRE_OBJECT ( md5 );
171
+REQUIRE_OBJECT ( sha1 );
172
+REQUIRE_OBJECT ( sha256 );

+ 1
- 0
src/include/ipxe/errfile.h View File

250
 #define ERRFILE_linux_entropy	      ( ERRFILE_OTHER | 0x00280000 )
250
 #define ERRFILE_linux_entropy	      ( ERRFILE_OTHER | 0x00280000 )
251
 #define ERRFILE_x509_test	      ( ERRFILE_OTHER | 0x00290000 )
251
 #define ERRFILE_x509_test	      ( ERRFILE_OTHER | 0x00290000 )
252
 #define ERRFILE_cms		      ( ERRFILE_OTHER | 0x002a0000 )
252
 #define ERRFILE_cms		      ( ERRFILE_OTHER | 0x002a0000 )
253
+#define ERRFILE_imgtrust	      ( ERRFILE_OTHER | 0x002b0000 )
253
 
254
 
254
 /** @} */
255
 /** @} */
255
 
256
 

+ 17
- 0
src/include/usr/imgtrust.h View File

1
+#ifndef _USR_IMGTRUST_H
2
+#define _USR_IMGTRUST_H
3
+
4
+/** @file
5
+ *
6
+ * Image trust management
7
+ *
8
+ */
9
+
10
+FILE_LICENCE ( GPL2_OR_LATER );
11
+
12
+#include <ipxe/image.h>
13
+
14
+extern int imgverify ( struct image *image, struct image *signature,
15
+		       const char *name );
16
+
17
+#endif /* _USR_IMGTRUST_H */

+ 81
- 0
src/usr/imgtrust.c View File

1
+/*
2
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3
+ *
4
+ * This program is free software; you can redistribute it and/or
5
+ * modify it under the terms of the GNU General Public License as
6
+ * published by the Free Software Foundation; either version 2 of the
7
+ * License, or any later version.
8
+ *
9
+ * This program is distributed in the hope that it will be useful, but
10
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
11
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12
+ * General Public License for more details.
13
+ *
14
+ * You should have received a copy of the GNU General Public License
15
+ * along with this program; if not, write to the Free Software
16
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17
+ */
18
+
19
+FILE_LICENCE ( GPL2_OR_LATER );
20
+
21
+#include <stdlib.h>
22
+#include <errno.h>
23
+#include <time.h>
24
+#include <ipxe/uaccess.h>
25
+#include <ipxe/image.h>
26
+#include <ipxe/cms.h>
27
+#include <usr/imgtrust.h>
28
+
29
+/** @file
30
+ *
31
+ * Image trust management
32
+ *
33
+ */
34
+
35
+/**
36
+ * Verify image using downloaded signature
37
+ *
38
+ * @v image		Image to verify
39
+ * @v signature		Image containing signature
40
+ * @v name		Required common name, or NULL to allow any name
41
+ * @ret rc		Return status code
42
+ */
43
+int imgverify ( struct image *image, struct image *signature,
44
+		const char *name ) {
45
+	size_t len;
46
+	void *data;
47
+	struct cms_signature sig;
48
+	time_t now;
49
+	int rc;
50
+
51
+	/* Mark image as untrusted */
52
+	image_untrust ( image );
53
+
54
+	/* Copy signature to internal memory */
55
+	len = signature->len;
56
+	data = malloc ( len );
57
+	if ( ! data ) {
58
+		rc = -ENOMEM;
59
+		goto err_alloc;
60
+	}
61
+	copy_from_user ( data, signature->data, 0, len );
62
+
63
+	/* Parse signature */
64
+	if ( ( rc = cms_parse ( &sig, data, len ) ) != 0 )
65
+		goto err_parse;
66
+
67
+	/* Use signature to verify image */
68
+	now = time ( NULL );
69
+	if ( ( rc = cms_verify ( &sig, image->data, image->len,
70
+				 name, now, NULL ) ) != 0 )
71
+		goto err_verify;
72
+
73
+	/* Mark image as trusted */
74
+	image_trust ( image );
75
+
76
+ err_verify:
77
+ err_parse:
78
+	free ( data );
79
+ err_alloc:
80
+	return rc;
81
+}

Loading…
Cancel
Save