diff options
-rw-r--r-- | container.c | 43 | ||||
-rw-r--r-- | create-container.c | 24 | ||||
-rwxr-xr-x | crtSignedContainer.sh | 29 | ||||
-rw-r--r-- | print-container.c | 1 |
4 files changed, 77 insertions, 20 deletions
diff --git a/container.c b/container.c index 1f180a5..ceaa979 100644 --- a/container.c +++ b/container.c @@ -76,6 +76,11 @@ void debug_print(char *lead, unsigned char *buffer, size_t buflen) hex_print(lead, buffer, buflen); } +/** + * Validate hexadecimal ASCII input of a given length. + * - len is the byte len of the resulting value, not the len of the hexascii. + * - len = 0 means validate input of arbitrary length. +*/ int isValidHex(char *input, int len) { int r; size_t maxlen = 512; // sane limit @@ -88,9 +93,9 @@ int isValidHex(char *input, int len) { die(EX_DATAERR, "input exceeded max length: %lu", maxlen); if (len > 0) - sprintf(multiplier, "{%d}", len * 2); + sprintf(multiplier, "{%d}", len * 2); // allow this (byte) len only else - sprintf(multiplier, "+"); + sprintf(multiplier, "+"); // unlimited sprintf(pattern, "^(0x|0X)?[a-fA-F0-9]%s$", multiplier); @@ -103,3 +108,37 @@ int isValidHex(char *input, int len) { regfree(®expr); return result; } + +/** + * Validate ASCII input up to a given length. + * - len is the expected len of the ascii input. + * - len = 0 means validate input of arbitrary length. + * - NOTE: not all ascii chars are allowed here. + */ +int isValidAscii(char *input, int len) { + int r; + size_t maxlen = 256; // sane limit + regex_t regexpr; + char pattern[48]; + char multiplier[8]; + bool result = false; + + if (strnlen(input, maxlen) >= maxlen) + die(EX_DATAERR, "input exceeded max length: %lu", maxlen); + + if (len > 0) + sprintf(multiplier, "{,%d}", len); // allow *up to* this len + else + sprintf(multiplier, "+"); // unlimited + + sprintf(pattern, "^[a-zA-Z0-9_+-]%s$", multiplier); + + if ((r = regcomp(®expr, pattern, REG_EXTENDED | REG_NOSUB))) + die(EX_SOFTWARE, "%s", "failure to compile regex"); + + if (!(r = regexec(®expr, input, 0, NULL, 0))) + result = true; + + regfree(®expr); + return result; +} diff --git a/create-container.c b/create-container.c index eb078d8..c4b248d 100644 --- a/create-container.c +++ b/create-container.c @@ -244,12 +244,13 @@ __attribute__((__noreturn__)) void usage (int status) " -P, --sw_sig_p file containing SW key P signature in DER format\n" " -Q, --sw_sig_q file containing SW key Q signature in DER format\n" " -R, --sw_sig_r file containing SW key R signature in DER format\n" - " -L, --payload file containing the payload to be signed\n" + " -l, --payload file containing the payload to be signed\n" " -I, --imagefile file to write containerized image (output)\n" " -o, --hw-cs-offset code start offset for prefix header in hex\n" " -O, --sw-cs-offset code start offset for software header in hex\n" " -f, --hw-flags prefix header flags in hex\n" " -F, --sw-flags software header flags in hex\n" + " -L, --label character field up to 8 bytes, written to SW header\n" " --dumpPrefixHdr file to dump Prefix header blob (to be signed)\n" " --dumpSwHdr file to dump Software header blob (to be signed)\n" "Note:\n" @@ -277,12 +278,13 @@ static struct option const opts[] = { { "sw_sig_p", required_argument, 0, 'P' }, { "sw_sig_q", required_argument, 0, 'Q' }, { "sw_sig_r", required_argument, 0, 'R' }, - { "payload", required_argument, 0, 'L' }, + { "payload", required_argument, 0, 'l' }, { "imagefile", required_argument, 0, 'I' }, { "hw-cs-offset", required_argument, 0, 'o' }, { "sw-cs-offset", required_argument, 0, 'O' }, { "hw-flags", required_argument, 0, 'f' }, { "sw-flags", required_argument, 0, 'F' }, + { "label", required_argument, 0, 'L' }, { "dumpPrefixHdr", required_argument, 0, 128 }, { "dumpSwHdr", required_argument, 0, 129 }, {} @@ -307,6 +309,7 @@ static struct { char *sw_cs_offset; char *hw_flags; char *sw_flags; + char *label; char *prhdrfn; char *swhdrfn; } params; @@ -344,7 +347,7 @@ int main(int argc, char* argv[]) while (1) { int opt; - opt = getopt_long(argc, argv, "hvdw:a:b:c:p:q:r:A:B:C:P:Q:R:L:I:o:O:f:F:", + opt = getopt_long(argc, argv, "hvdw:a:b:c:p:q:r:A:B:C:P:Q:R:L:I:o:O:f:F:l:", opts, &indexptr); if (opt == -1) break; @@ -400,7 +403,7 @@ int main(int argc, char* argv[]) case 'R': params.sw_sigfn_r = optarg; break; - case 'L': + case 'l': params.payloadfn = optarg; break; case 'I': @@ -418,6 +421,9 @@ int main(int argc, char* argv[]) case 'F': params.sw_flags = optarg; break; + case 'L': + params.label = optarg; + break; case 128: params.prhdrfn = optarg; break; @@ -587,6 +593,16 @@ int main(int argc, char* argv[]) } swh->reserved = 0; + // Add component ID (label). + if (params.label) { + if (!isValidAscii(params.label, 8)) + die(EX_DATAERR, "%s", + "Invalid input for label, expecting a 8 char ASCII value"); + strncpy((char *) &swh->reserved, params.label, 8); + verbose_msg("component ID (was reserved) = %s", + (char * ) &swh->reserved); + } + // Set flags. if (params.sw_flags) { if (!isValidHex(params.sw_flags, 4)) diff --git a/crtSignedContainer.sh b/crtSignedContainer.sh index 39d2c9b..88a8e95 100755 --- a/crtSignedContainer.sh +++ b/crtSignedContainer.sh @@ -26,7 +26,7 @@ usage () { echo " -i, --out file to write containerized payload" echo " -o, --code-start-offset code start offset for software header in hex" echo " -f, --flags prefix header flags in hex" - echo " -e, --eyeCatch name or identifier of the module being built" + echo " -L, --label name or identifier of the module being built (8 char max)" echo " --validate validate the container after build" echo " --verify verify the container after build, against the provided" echo " value, or filename containing value, of the HW Keys hash" @@ -100,7 +100,8 @@ for arg in "$@"; do "--code-start-offset") set -- "$@" "-o" ;; "--protectedPayload") set -- "$@" "-l" ;; "--out") set -- "$@" "-i" ;; - "--eyeCatch") set -- "$@" "-e" ;; + "--label ") set -- "$@" "-L" ;; + "--sign-project-FW-token") set -- "$@" "-L" ;; "--validate") set -- "$@" "-8" ;; "--verify") set -- "$@" "-9" ;; *) set -- "$@" "$arg" @@ -108,7 +109,7 @@ for arg in "$@"; do done # Process command-line arguments -while getopts ?dvw:a:b:c:p:q:r:f:o:l:i:e:89: opt +while getopts ?dvw:a:b:c:p:q:r:f:o:l:i:L:89: opt do case "$opt" in v) VERBOSE="TRUE";; @@ -124,7 +125,7 @@ do o) CS_OFFSET="`echo $OPTARG | tr A-Z a-z`";; l) PAYLOAD="`echo $OPTARG`";; i) OUTPUT="`echo $OPTARG`";; - e) eyeCatch="`echo $OPTARG`";; + L) LABEL="`echo $OPTARG`";; 8) VALIDATE="TRUE";; 9) VERIFY="`echo $OPTARG`";; h|\?) usage;; @@ -151,26 +152,26 @@ for KEY in SW_KEY_P SW_KEY_Q SW_KEY_R; do done # Set cache directory -: ${TMPDIR:=/tmp} +set ${TMPDIR:=/tmp} SCRATCH_DIR=$TMPDIR moniker="SIGNTOOL" KEEP_CACHE=true -test -z "$eyeCatch" && KEEP_CACHE=false && eyeCatch="IMAGE" +test -z "$LABEL" && KEEP_CACHE=false && LABEL="IMAGE" -T=$(ls -1dt $SCRATCH_DIR/${moniker}_* 2>/dev/null | head -1) +TOPDIR=$(ls -1dt $SCRATCH_DIR/${moniker}_* 2>/dev/null | head -1) -if [ -n "$T" ]; then - crtTime=$(date -d @$(basename $T | cut -d_ -f2)) - echo "--> $P: Using existing cache dir: $T, created: $crtTime" +if [ -n "$TOPDIR" ]; then + crtTime=$(date -d @$(basename $TOPDIR | cut -d_ -f2)) + echo "--> $P: Using existing cache dir: $TOPDIR, created: $crtTime" else buildID="${moniker}_$(date +%s)" - T=$SCRATCH_DIR/$buildID - echo "--> $P: Creating new cache dir: $T" - mkdir $T + TOPDIR=$SCRATCH_DIR/$buildID + echo "--> $P: Creating new cache dir: $TOPDIR" + mkdir $TOPDIR fi -T=$T/$eyeCatch +T=$TOPDIR/$LABEL if [ -d "$T" ]; then echo "--> $P: Using existing cache subdir: $T" diff --git a/print-container.c b/print-container.c index d692705..5d7c6ab 100644 --- a/print-container.c +++ b/print-container.c @@ -207,6 +207,7 @@ static void display_container(struct parsed_stb_container c) display_version_raw(c.sh->ver_alg); printf("code_start_offset: %08lx\n", be64_to_cpu(c.sh->code_start_offset)); printf("reserved: %08lx\n", be64_to_cpu(c.sh->reserved)); + printf("reserved (ASCII): %s\n", (unsigned char *) &(c.sh->reserved)); printf("flags: %08x\n", be32_to_cpu(c.sh->flags)); printf("reserved_0: %02x\n", c.sh->reserved_0); printf("payload_size: %08lx (%lu)\n", be64_to_cpu(c.sh->payload_size), |