diff options
author | Dave Heller <hellerda@us.ibm.com> | 2017-07-16 13:32:36 -0400 |
---|---|---|
committer | Dave Heller <hellerda@us.ibm.com> | 2017-07-16 13:32:36 -0400 |
commit | a391a7347ca75a683f6a85ba139c50b48eb91714 (patch) | |
tree | 9d64110d897372041b4b6824aac3287521b62340 | |
parent | 4f6ed53e453efb5f57b6301c7f086478f71b757b (diff) | |
download | sb-signing-utils-a391a7347ca75a683f6a85ba139c50b48eb91714.tar.gz sb-signing-utils-a391a7347ca75a683f6a85ba139c50b48eb91714.zip |
Refactor some code and add container.c
-rw-r--r-- | container.c | 95 | ||||
-rw-r--r-- | create-container.c | 112 |
2 files changed, 120 insertions, 87 deletions
diff --git a/container.c b/container.c new file mode 100644 index 0000000..ba42234 --- /dev/null +++ b/container.c @@ -0,0 +1,95 @@ +/* Copyright 2017 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <config.h> + +#include "container.h" + +#include <stdio.h> +#include <stdlib.h> +#include <stdbool.h> +#include <unistd.h> +#include <string.h> +#include <regex.h> +#include <sysexits.h> + +extern char *progname; + +extern bool verbose; +extern int wrap; + +#define die(status, msg, ...) \ + { fprintf(stderr, "error: %s.%s() line %d: " msg "\n", progname, \ + __func__, __LINE__, __VA_ARGS__); exit(status); } + +#define debug_msg(msg, ...) \ + if (debug) fprintf(stderr, "--> %s.%s(): " msg "\n", progname, \ + __func__, __VA_ARGS__); + +#define verbose_msg(msg, ...) \ + if (verbose) fprintf(stdout, "--> %s: " msg "\n", progname, \ + __VA_ARGS__); + +void verbose_print(char *lead, unsigned char *buffer, size_t buflen) +{ + if (!verbose) + return; + unsigned int i, indent = 4; + char prelead[100]; + snprintf(prelead, 100, "--> %s: ", progname); + + char *pad = (((strlen(prelead) + strlen(lead)) % 2) == 0) ? "" : " "; + wrap = ((wrap % 2) == 0) ? wrap : wrap - 1; + indent = ((indent % 2) == 0) ? indent : indent - 1; + int col = fprintf(stdout, "%s%s%s", prelead, lead, pad); + for (i = 1; i < buflen + 1; i++) { + fprintf(stdout, "%02x", buffer[i - 1]); + col = col + 2; + if (((col % wrap) == 0) && (i < buflen)) { + fprintf(stdout, "\n%*c", indent, ' '); + col = indent; + } + } + fprintf(stdout, "\n"); +} + +int isValidHex(char *input, int len) { + int r; + size_t maxlen = 512; // sane limit + regex_t regexpr; + char pattern[48]; + char multiplier[8]; + bool result = false; + + if (strnlen(input, maxlen) >= maxlen) + die(EX_DATAERR, "input exceeded max length: %lu", maxlen); + + if (len > 0) + sprintf(multiplier, "{%d}", len * 2); + else + sprintf(multiplier, "+"); + + sprintf(pattern, "^(0x|0X)?[a-fA-F0-9]%s$", multiplier); + + if ((r = regcomp(®expr, pattern, REG_EXTENDED | REG_NOSUB))) + die(EX_SOFTWARE, "%s", "failure to compile regex"); + + if (!(r = regexec(®expr, input, 0, NULL, 0))) + result = true; + + regfree(®expr); + return result; +} diff --git a/create-container.c b/create-container.c index 8754a73..c048309 100644 --- a/create-container.c +++ b/create-container.c @@ -16,11 +16,12 @@ #include <config.h> -#include <stdbool.h> +#include "container.c" #include "container.h" #include <stdio.h> #include <stdlib.h> +#include <stdbool.h> #include <getopt.h> #include <unistd.h> #include <string.h> @@ -30,8 +31,8 @@ #include <sys/stat.h> #include <sys/mman.h> #include <fcntl.h> -#include <sysexits.h> #include <regex.h> +#include <sysexits.h> #include <openssl/ec.h> #include <openssl/ecdsa.h> @@ -48,41 +49,6 @@ int wrap = 100; void usage(int status); -#define die(status, msg, ...) \ - { fprintf(stderr, "--> %s.%s() line %d: error: " msg "\n", progname, \ - __func__, __LINE__, __VA_ARGS__); exit(status); } - -#define debug_msg(msg, ...) \ - if (debug) fprintf(stderr, "--> %s.%s(): " msg "\n", progname, \ - __func__, __VA_ARGS__); - -#define verbose_msg(msg, ...) \ - if (verbose) fprintf(stderr, "--> %s: " msg "\n", progname, \ - __VA_ARGS__); - -void verbose_print(char *lead, unsigned char *buffer, size_t buflen) -{ - if (!verbose) - return; - unsigned int i, indent = 4; - char prelead[100]; - snprintf(prelead, 100, "--> %s: ", progname); - - char *pad = (((strlen(prelead) + strlen(lead)) % 2) == 0) ? "" : " "; - wrap = ((wrap % 2) == 0) ? wrap : wrap - 1; - indent = ((indent % 2) == 0) ? indent : indent - 1; - int col = fprintf(stderr, "%s%s%s", prelead, lead, pad); - for (i = 1; i < buflen + 1; i++) { - fprintf(stderr, "%02x", buffer[i - 1]); - col = col + 2; - if (((col % wrap) == 0) && (i < buflen)) { - fprintf(stderr, "\n%*c", indent, ' '); - col = indent; - } - } - fprintf(stderr, "\n"); -} - void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *inFile) { EVP_PKEY* pkey; @@ -111,15 +77,15 @@ void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *inFile) key = EVP_PKEY_get1_EC_KEY(pkey); if (!key) - die(EX_SOFTWARE, "%s", "openssl error"); + die(EX_SOFTWARE, "%s", "Cannot EVP_PKEY_get1_EC_KEY"); ecgrp = EC_KEY_get0_group(key); if (!ecgrp) - die(EX_SOFTWARE, "%s", "openssl error"); + die(EX_SOFTWARE, "%s", "Cannot EC_KEY_get0_group"); ecpoint = EC_KEY_get0_public_key(key); if (!ecpoint) - die(EX_SOFTWARE, "%s", "openssl error"); + die(EX_SOFTWARE, "%s", "Cannot EC_KEY_get0_public_key"); pubkeyBN = EC_POINT_point2bn(ecgrp, ecpoint, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL); @@ -197,7 +163,7 @@ void writeHdr(void *hdr, const char *outFile, int hdr_type) } r = write(fdout, (const void *) hdr, hdr_sz); if (r < hdr_sz) - die(EX_SOFTWARE, "Unable to write container (r = %d)", r); + die(EX_SOFTWARE, "Cannot write container (r = %d)", r); debug_msg("Wrote %d bytes to %s", r, outFile); @@ -211,34 +177,6 @@ void writeHdr(void *hdr, const char *outFile, int hdr_type) return; } -int isValidHex(char *input, int len) { - int r; - size_t maxlen = 512; // sane limit - regex_t regexpr; - char pattern[48]; - char multiplier[8]; - bool result = false; - - if (strnlen(input, maxlen) >= maxlen) - die(EX_DATAERR, "input exceeded max length: %lu", maxlen); - - if (len > 0) - sprintf(multiplier, "{%d}", len); - else - sprintf(multiplier, "+"); - - sprintf(pattern, "^(0x|0X)?[a-fA-F0-9]%s$", multiplier); - - if ((r = regcomp(®expr, pattern, REG_EXTENDED | REG_NOSUB))) - die(EX_SOFTWARE, "%s", "failure to compile regex"); - - if (!(r = regexec(®expr, input, 0, NULL, 0))) - result = true; - - regfree(®expr); - return result; -} - __attribute__((__noreturn__)) void usage (int status) { if (status != 0) { @@ -336,8 +274,8 @@ int main(int argc, char* argv[]) int indexptr; unsigned int size, offset; void *container = malloc(SECURE_BOOT_HEADERS_SIZE); - struct stat s; char *buf = malloc(SECURE_BOOT_HEADERS_SIZE); + struct stat payload_st; off_t l; void *infile; int r; @@ -451,11 +389,11 @@ int main(int argc, char* argv[]) if (fdin <= 0) die(EX_NOINPUT, "Cannot open payload file: %s", params.payloadfn); - r = fstat(fdin, &s); + r = fstat(fdin, &payload_st); if (r != 0) die(EX_NOINPUT, "Cannot stat payload file: %s", params.payloadfn); - infile = mmap(NULL, s.st_size, PROT_READ, MAP_PRIVATE, fdin, 0); + infile = mmap(NULL, payload_st.st_size, PROT_READ, MAP_PRIVATE, fdin, 0); if (!infile) die(EX_OSERR, "%s", "Cannot mmap file"); @@ -467,7 +405,7 @@ int main(int argc, char* argv[]) // Container creation starts here. c->magic_number = cpu_to_be32(ROM_MAGIC_NUMBER); c->version = cpu_to_be16(1); - c->container_size = cpu_to_be64(SECURE_BOOT_HEADERS_SIZE + s.st_size); + c->container_size = cpu_to_be64(SECURE_BOOT_HEADERS_SIZE + payload_st.st_size); c->target_hrmor = 0; c->stack_pointer = 0; memset(c->hw_pkey_a, 0, sizeof(ecc_key_t)); @@ -490,7 +428,7 @@ int main(int argc, char* argv[]) } p = SHA512(c->hw_pkey_a, sizeof(ecc_key_t) * 3, md); if (!p) - die(EX_SOFTWARE, "%s", "openssl error"); + die(EX_SOFTWARE, "%s", "Cannot get SHA512"); verbose_print((char *) "HW keys hash = ", md, sizeof(md)); ph = container + sizeof(ROM_container_raw); @@ -498,7 +436,7 @@ int main(int argc, char* argv[]) ph->ver_alg.hash_alg = 1; ph->ver_alg.sig_alg = 1; if (params.hw_cs_offset) { - if (!isValidHex(params.hw_cs_offset, 8)) + if (!isValidHex(params.hw_cs_offset, 4)) die(EX_DATAERR, "%s", "Invalid input for hw-cs-offset, expecting a 4 byte hexadecimal value"); uint64_t data; @@ -510,7 +448,7 @@ int main(int argc, char* argv[]) } ph->reserved = 0; if (params.hw_flags) { - if (!isValidHex(params.hw_flags, 8)) + if (!isValidHex(params.hw_flags, 4)) die(EX_DATAERR, "%s", "Invalid input for hw-flags, expecting a 4 byte hexadecimal value"); uint32_t data; @@ -567,7 +505,7 @@ int main(int argc, char* argv[]) ph->payload_size = cpu_to_be64(ph->sw_key_count * sizeof(ecc_key_t)); p = SHA512(pd->sw_pkey_p, sizeof(ecc_key_t) * ph->sw_key_count, md); if (!p) - die(EX_SOFTWARE, "%s", "openssl error"); + die(EX_SOFTWARE, "%s", "Cannot get SHA512"); memcpy(ph->payload_hash, md, sizeof(sha2_hash_t)); verbose_print((char *) "SW keys hash = ", md, sizeof(md)); @@ -580,7 +518,7 @@ int main(int argc, char* argv[]) swh->ver_alg.hash_alg = 1; swh->ver_alg.sig_alg = 1; if (params.sw_cs_offset) { - if (!isValidHex(params.sw_cs_offset, 8)) + if (!isValidHex(params.sw_cs_offset, 4)) die(EX_DATAERR, "%s", "Invalid input for sw-cs-offset, expecting a 4 byte hexadecimal value"); uint64_t data; @@ -592,7 +530,7 @@ int main(int argc, char* argv[]) } swh->reserved = 0; if (params.sw_flags) { - if (!isValidHex(params.sw_flags, 8)) + if (!isValidHex(params.sw_flags, 4)) die(EX_DATAERR, "%s", "Invalid input for sw-flags, expecting a 4 byte hexadecimal value"); uint32_t data; @@ -603,10 +541,10 @@ int main(int argc, char* argv[]) swh->flags = cpu_to_be32(0x00000000); } swh->reserved_0 = 0; - swh->payload_size = cpu_to_be64(s.st_size); - p = SHA512(infile, s.st_size, md); + swh->payload_size = cpu_to_be64(payload_st.st_size); + p = SHA512(infile, payload_st.st_size, md); if (!p) - die(EX_SOFTWARE, "%s", "openssl error"); + die(EX_SOFTWARE, "%s", "Cannot get SHA512"); memcpy(swh->payload_hash, md, sizeof(sha2_hash_t)); verbose_print((char *) "Payload hash = ", md, sizeof(md)); @@ -654,7 +592,7 @@ int main(int argc, char* argv[]) verbose_msg("SW signature size = %4u (%#06x) at offset %4u (%#06x)", size, size, offset, offset); - verbose_msg("TOTAL HEADER SIZE = %4u (%#0x)", SECURE_BOOT_HEADERS_SIZE, + verbose_msg("TOTAL HEADER SIZE = %4d (%#0x)", SECURE_BOOT_HEADERS_SIZE, SECURE_BOOT_HEADERS_SIZE); verbose_msg("PAYLOAD SIZE = %4lu (%#0lx)", be64_to_cpu(swh->payload_size), be64_to_cpu(swh->payload_size)); @@ -664,10 +602,10 @@ int main(int argc, char* argv[]) // Write container. r = write(fdout, container, SECURE_BOOT_HEADERS_SIZE); if (r != 4096) - die(EX_SOFTWARE, "Unable to write container (r = %d)", r); - r = read(fdin, buf, s.st_size % 4096); - r = write(fdout, buf, s.st_size % 4096); - l = s.st_size - s.st_size % 4096; + die(EX_SOFTWARE, "Cannot write container (r = %d)", r); + r = read(fdin, buf, payload_st.st_size % 4096); + r = write(fdout, buf, payload_st.st_size % 4096); + l = payload_st.st_size - payload_st.st_size % 4096; while (l) { r = read(fdin, buf, 4096); r = write(fdout, buf, 4096); |