src/usr/imgtrust.c

a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/*
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * This program is free software; you can redistribute it and/or
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * modify it under the terms of the GNU General Public License as
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * published by the Free Software Foundation; either version 2 of the
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * License, or any later version.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * This program is distributed in the hope that it will be useful, but
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * WITHOUT ANY WARRANTY; without even the implied warranty of
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * General Public License for more details.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * You should have received a copy of the GNU General Public License
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * along with this program; if not, write to the Free Software
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncFILE_LICENCE ( GPL2_OR_LATER );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <stdlib.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <errno.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <time.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <syslog.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/uaccess.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/image.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <ipxe/cms.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync#include <usr/imgtrust.h>
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/** @file
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Image trust management
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync/**
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * Verify image using downloaded signature
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync *
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * @v image     Image to verify
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * @v signature     Image containing signature
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * @v name      Required common name, or NULL to allow any name
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync * @ret rc      Return status code
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsyncint imgverify ( struct image *image, struct image *signature,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        const char *name ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    size_t len;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    void *data;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    struct cms_signature *sig;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    time_t now;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    int rc;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Mark image as untrusted */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    image_untrust ( image );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Copy signature to internal memory */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    len = signature->len;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    data = malloc ( len );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    if ( ! data ) {
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        rc = -ENOMEM;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        goto err_alloc;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    }
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    copy_from_user ( data, signature->data, 0, len );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Parse signature */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 )
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        goto err_parse;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Free internal copy of signature */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    free ( data );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    data = NULL;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Use signature to verify image */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    now = time ( NULL );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    if ( ( rc = cms_verify ( sig, image->data, image->len,
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync                 name, now, NULL ) ) != 0 )
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync        goto err_verify;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Drop reference to signature */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    cms_put ( sig );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    sig = NULL;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    /* Mark image as trusted */
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    image_trust ( image );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    return 0;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync err_verify:
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    cms_put ( sig );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync err_parse:
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    free ( data );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync err_alloc:
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync         image->name, strerror ( rc ) );
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync    return rc;
a734c64bff58bda2fa48c2795453e092167b0ff7vboxsync}