diff options
| author | Dave Heller <hellerda@linux.vnet.ibm.com> | 2018-01-20 22:01:01 -0500 |
|---|---|---|
| committer | Dave Heller <hellerda@linux.vnet.ibm.com> | 2018-01-20 22:01:01 -0500 |
| commit | 549bd6bb2df937cea28eddf9d5e446af1eeb4ac3 (patch) | |
| tree | 6210c21dafb28d8c214ce2742f5048d01ec9bf6f | |
| parent | e34abf2f58039ff51c40982210891080662cda9a (diff) | |
| download | sb-signing-utils-549bd6bb2df937cea28eddf9d5e446af1eeb4ac3.tar.gz sb-signing-utils-549bd6bb2df937cea28eddf9d5e446af1eeb4ac3.zip | |
Remove dependence on 'xxd' (part 2)
This patch removes the second dependency in crtSignedContainer.sh, in the
generation of the payload hash, in Production mode. Now the .md files
are generated by create-container instead.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
| -rw-r--r-- | create-container.c | 60 | ||||
| -rwxr-xr-x | crtSignedContainer.sh | 5 |
2 files changed, 47 insertions, 18 deletions
diff --git a/create-container.c b/create-container.c index b93fe2c..c2b94a4 100644 --- a/create-container.c +++ b/create-container.c @@ -208,9 +208,10 @@ void getSigRaw(ecc_signature_t *sigraw, char *inFile) void writeHdr(void *hdr, const char *outFile, int hdr_type) { - int fdout; + FILE *fp; int r, hdr_sz; - unsigned char md[SHA512_DIGEST_LENGTH]; + unsigned char md_buf[SHA512_DIGEST_LENGTH]; + unsigned char *md = NULL; switch (hdr_type) { case CONTAINER_HDR: @@ -218,31 +219,60 @@ void writeHdr(void *hdr, const char *outFile, int hdr_type) break; case PREFIX_HDR: hdr_sz = sizeof(ROM_prefix_header_raw); - SHA512(hdr, hdr_sz, md); - verbose_print((char *) "PR header hash = ", md, sizeof(md)); + md = SHA512(hdr, hdr_sz, md_buf); + verbose_print((char *) "PR header hash = ", md_buf, sizeof(md_buf)); break; case SOFTWARE_HDR: hdr_sz = sizeof(ROM_sw_header_raw); - SHA512(hdr, hdr_sz, md); - verbose_print((char *) "SW header hash = ", md, sizeof(md)); + md = SHA512(hdr, hdr_sz, md_buf); + verbose_print((char *) "SW header hash = ", md_buf, sizeof(md_buf)); break; default: die(EX_SOFTWARE, "Unknown header type (%d)", hdr_type); } - fdout = open(outFile, O_WRONLY | O_CREAT | O_TRUNC, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if (fdout <= 0) - die(EX_CANTCREAT, "Cannot create output file: %s", outFile); + fp = fopen(outFile, "w"); + if (!fp) + die(EX_CANTCREAT, "Cannot create output file: %s: %s", outFile, + strerror(errno)); - r = write(fdout, (const void *) hdr, hdr_sz); - close(fdout); + r = fwrite((const void *) hdr, hdr_sz, 1, fp); + fclose(fp); + + if (r != 1) + die(EX_SOFTWARE, "Error writing header file: %s: %s", outFile, + strerror(errno)); + + debug_msg("Wrote %d bytes to %s", hdr_sz, outFile); - if (r < hdr_sz) - die(EX_SOFTWARE, "Error writing header file (r = %d)", r); + if (md) { + char *fn = malloc(strlen(outFile) + 7); - debug_msg("Wrote %d bytes to %s", r, outFile); + // Write the message digest in binary. + sprintf(fn, "%s.md.bin", outFile); + fp = fopen(fn, "w"); + if (!fp) + die(EX_CANTCREAT, "Cannot create output file: %s: %s", fn, + strerror(errno)); + + fwrite(md, SHA512_DIGEST_LENGTH, 1, fp); + fclose(fp); + + // Write the message digest in hexascii. + sprintf(fn, "%s.md", outFile); + + fp = fopen(fn, "w"); + if (!fp) + die(EX_CANTCREAT, "Cannot create output file: %s: %s", fn, + strerror(errno)); + + for (int i = 0; i < SHA512_DIGEST_LENGTH; i++) + fprintf(fp, "%02x", md[i]); + + fclose(fp); + free(fn); + } return; } diff --git a/crtSignedContainer.sh b/crtSignedContainer.sh index ecfa291..129251f 100755 --- a/crtSignedContainer.sh +++ b/crtSignedContainer.sh @@ -218,7 +218,7 @@ parseIni () { # # Check required programs -for p in date egrep tar xxd openssl sha512sum create-container print-container +for p in date egrep tar openssl create-container print-container do is_cmd_available $p || \ die "Required command \"$p\" not available or not found in PATH" @@ -768,11 +768,10 @@ then else test "$KEYFILE" == __getkey && continue echo "--> $P: Requesting signature for SW key $(to_upper $KEY)..." - sha512sum "$T/software_hdr" | cut -d' ' -f1 | xxd -p -r > "$T/software_hdr.sha512.bin" sf_client $SF_DEBUG_ARGS -project $SF_PROJECT -epwd "$SF_EPWD" \ -comments "Requesting sig for $LABEL from $SF_PROJECT" \ -url sftp://$SF_USER@$SF_SERVER -pkey "$SF_SSHKEY" \ - -payload "$T/software_hdr.sha512.bin" -o "$T/$SIGFILE" + -payload "$T/software_hdr.md.bin" -o "$T/$SIGFILE" rc=$? test $rc -ne 0 && die "Call to sf_client failed with error: $rc" |
