robin.thoni
/
ipxe
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 11 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
4076 Révisions
2 Branches
Aborescence: 196751ce95
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '196751ce95'
${ noResults }
ipxe/src/usr/imgtrust.c

imgtrust.c 2.2KB
Historique Brut

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. /*

  2.  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  17.  */

  18. 

  19. FILE_LICENCE ( GPL2_OR_LATER );

  20. 

  21. #include <stdlib.h>

  22. #include <errno.h>

  23. #include <time.h>

  24. #include <syslog.h>

  25. #include <ipxe/uaccess.h>

  26. #include <ipxe/image.h>

  27. #include <ipxe/cms.h>

  28. #include <usr/imgtrust.h>

  29. 

  30. /** @file

  31.  *

  32.  * Image trust management

  33.  *

  34.  */

  35. 

  36. /**

  37.  * Verify image using downloaded signature

  38.  *

  39.  * @v image		Image to verify

  40.  * @v signature		Image containing signature

  41.  * @v name		Required common name, or NULL to allow any name

  42.  * @ret rc		Return status code

  43.  */

  44. int imgverify ( struct image *image, struct image *signature,

  45. 		const char *name ) {

  46. 	size_t len;

  47. 	void *data;

  48. 	struct cms_signature sig;

  49. 	time_t now;

  50. 	int rc;

  51. 

  52. 	/* Mark image as untrusted */

  53. 	image_untrust ( image );

  54. 

  55. 	/* Copy signature to internal memory */

  56. 	len = signature->len;

  57. 	data = malloc ( len );

  58. 	if ( ! data ) {

  59. 		rc = -ENOMEM;

  60. 		goto err_alloc;

  61. 	}

  62. 	copy_from_user ( data, signature->data, 0, len );

  63. 

  64. 	/* Parse signature */

  65. 	if ( ( rc = cms_parse ( &sig, data, len ) ) != 0 )

  66. 		goto err_parse;

  67. 

  68. 	/* Use signature to verify image */

  69. 	now = time ( NULL );

  70. 	if ( ( rc = cms_verify ( &sig, image->data, image->len,

  71. 				 name, now, NULL ) ) != 0 )

  72. 		goto err_verify;

  73. 

  74. 	/* Mark image as trusted */

  75. 	image_trust ( image );

  76. 	syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );

  77. 

  78. 	/* Free internal copy of signature */

  79. 	free ( data );

  80. 

  81. 	return 0;

  82. 

  83.  err_verify:

  84.  err_parse:

  85. 	free ( data );

  86.  err_alloc:

  87. 	syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",

  88. 		 image->name, strerror ( rc ) );

  89. 	return rc;

  90. }