diff options
author | Michael Brown <mcb30@ipxe.org> | 2012-03-22 13:46:38 +0000 |
---|---|---|
committer | Michael Brown <mcb30@ipxe.org> | 2012-03-25 00:11:43 +0000 |
commit | d1465f7b0b4e3df4af1abf65462fe1d89e53a80a (patch) | |
tree | 603e3d9c50ed2fc089cfb83353404e29f46c1dcc | |
parent | 1c127a696215bd75917c3ba836c2db11636b3ffb (diff) | |
download | ipxe-d1465f7b0b4e3df4af1abf65462fe1d89e53a80a.zip ipxe-d1465f7b0b4e3df4af1abf65462fe1d89e53a80a.tar.gz ipxe-d1465f7b0b4e3df4af1abf65462fe1d89e53a80a.tar.bz2 |
[image] Add the "imgtrust" and "imgverify" commands
Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r-- | src/config/config.c | 3 | ||||
-rw-r--r-- | src/config/general.h | 1 | ||||
-rw-r--r-- | src/hci/commands/image_trust_cmd.c | 172 | ||||
-rw-r--r-- | src/include/ipxe/errfile.h | 1 | ||||
-rw-r--r-- | src/include/usr/imgtrust.h | 17 | ||||
-rw-r--r-- | src/usr/imgtrust.c | 81 |
6 files changed, 275 insertions, 0 deletions
diff --git a/src/config/config.c b/src/config/config.c index bdf6b5c..d6c4d06 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -217,6 +217,9 @@ REQUIRE_OBJECT ( route_cmd ); #ifdef IMAGE_CMD REQUIRE_OBJECT ( image_cmd ); #endif +#ifdef IMAGE_TRUST_CMD +REQUIRE_OBJECT ( image_trust_cmd ); +#endif #ifdef DHCP_CMD REQUIRE_OBJECT ( dhcp_cmd ); #endif diff --git a/src/config/general.h b/src/config/general.h index 99136c1..a10696e 100644 --- a/src/config/general.h +++ b/src/config/general.h @@ -126,6 +126,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); //#define VLAN_CMD /* VLAN commands */ //#define PXE_CMD /* PXE commands */ //#define REBOOT_CMD /* Reboot command */ +//#define IMAGE_TRUST_CMD /* Image trust management commands */ /* * ROM-specific options diff --git a/src/hci/commands/image_trust_cmd.c b/src/hci/commands/image_trust_cmd.c new file mode 100644 index 0000000..25e77dd --- /dev/null +++ b/src/hci/commands/image_trust_cmd.c @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + +#include <stdint.h> +#include <stdio.h> +#include <getopt.h> +#include <ipxe/image.h> +#include <ipxe/command.h> +#include <ipxe/parseopt.h> +#include <usr/imgmgmt.h> +#include <usr/imgtrust.h> + +/** @file + * + * Image trust management commands + * + */ + +/** "imgtrust" options */ +struct imgtrust_options { + /** Allow trusted images */ + int allow; + /** Make trust requirement permanent */ + int permanent; +}; + +/** "imgtrust" option list */ +static struct option_descriptor imgtrust_opts[] = { + OPTION_DESC ( "allow", 'a', no_argument, + struct imgtrust_options, allow, parse_flag ), + OPTION_DESC ( "permanent", 'p', no_argument, + struct imgtrust_options, permanent, parse_flag ), +}; + +/** "imgtrust" command descriptor */ +static struct command_descriptor imgtrust_cmd = + COMMAND_DESC ( struct imgtrust_options, imgtrust_opts, 0, 0, + "[--allow] [--permanent]" ); + +/** + * The "imgtrust" command + * + * @v argc Argument count + * @v argv Argument list + * @ret rc Return status code + */ +static int imgtrust_exec ( int argc, char **argv ) { + struct imgtrust_options opts; + int rc; + + /* Parse options */ + if ( ( rc = parse_options ( argc, argv, &imgtrust_cmd, &opts ) ) != 0 ) + return rc; + + /* Set trust requirement */ + if ( ( rc = image_set_trust ( ( ! opts.allow ), + opts.permanent ) ) != 0 ) { + printf ( "Could not set image trust requirement: %s\n", + strerror ( rc ) ); + return rc; + } + + return 0; +} + +/** "imgverify" options */ +struct imgverify_options { + /** Required signer common name */ + const char *signer; + /** Keep signature after verification */ + int keep; +}; + +/** "imgverify" option list */ +static struct option_descriptor imgverify_opts[] = { + OPTION_DESC ( "signer", 's', required_argument, + struct imgverify_options, signer, parse_string ), + OPTION_DESC ( "keep", 'k', no_argument, + struct imgverify_options, keep, parse_flag ), +}; + +/** "imgverify" command descriptor */ +static struct command_descriptor imgverify_cmd = + COMMAND_DESC ( struct imgverify_options, imgverify_opts, 2, 2, + "[--signer <signer>] [--keep] <uri|image> " + "<signature uri|image>" ); + +/** + * The "imgverify" command + * + * @v argc Argument count + * @v argv Argument list + * @ret rc Return status code + */ +static int imgverify_exec ( int argc, char **argv ) { + struct imgverify_options opts; + const char *image_name_uri; + const char *signature_name_uri; + struct image *image; + struct image *signature; + int rc; + + /* Parse options */ + if ( ( rc = parse_options ( argc, argv, &imgverify_cmd, &opts ) ) != 0 ) + return rc; + + /* Parse image name/URI string */ + image_name_uri = argv[optind]; + + /* Parse signature name/URI string */ + signature_name_uri = argv[ optind + 1 ]; + + /* Acquire the image */ + if ( ( rc = imgacquire ( image_name_uri, &image ) ) != 0 ) + goto err_acquire_image; + + /* Acquire the signature image */ + if ( ( rc = imgacquire ( signature_name_uri, &signature ) ) != 0 ) + goto err_acquire_signature; + + /* Verify image */ + if ( ( rc = imgverify ( image, signature, opts.signer ) ) != 0 ) { + printf ( "Could not verify: %s\n", strerror ( rc ) ); + goto err_verify; + } + + /* Success */ + rc = 0; + + err_verify: + /* Discard signature unless --keep was specified */ + if ( ! opts.keep ) + unregister_image ( signature ); + err_acquire_signature: + err_acquire_image: + return rc; +} + +/** Image trust management commands */ +struct command image_trust_commands[] __command = { + { + .name = "imgtrust", + .exec = imgtrust_exec, + }, + { + .name = "imgverify", + .exec = imgverify_exec, + }, +}; + +/* Drag in objects typically required for signature verification */ +REQUIRE_OBJECT ( rsa ); +REQUIRE_OBJECT ( md5 ); +REQUIRE_OBJECT ( sha1 ); +REQUIRE_OBJECT ( sha256 ); diff --git a/src/include/ipxe/errfile.h b/src/include/ipxe/errfile.h index e0473a1..b3fbb39 100644 --- a/src/include/ipxe/errfile.h +++ b/src/include/ipxe/errfile.h @@ -250,6 +250,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define ERRFILE_linux_entropy ( ERRFILE_OTHER | 0x00280000 ) #define ERRFILE_x509_test ( ERRFILE_OTHER | 0x00290000 ) #define ERRFILE_cms ( ERRFILE_OTHER | 0x002a0000 ) +#define ERRFILE_imgtrust ( ERRFILE_OTHER | 0x002b0000 ) /** @} */ diff --git a/src/include/usr/imgtrust.h b/src/include/usr/imgtrust.h new file mode 100644 index 0000000..f47105a --- /dev/null +++ b/src/include/usr/imgtrust.h @@ -0,0 +1,17 @@ +#ifndef _USR_IMGTRUST_H +#define _USR_IMGTRUST_H + +/** @file + * + * Image trust management + * + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + +#include <ipxe/image.h> + +extern int imgverify ( struct image *image, struct image *signature, + const char *name ); + +#endif /* _USR_IMGTRUST_H */ diff --git a/src/usr/imgtrust.c b/src/usr/imgtrust.c new file mode 100644 index 0000000..5ea2026 --- /dev/null +++ b/src/usr/imgtrust.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + +#include <stdlib.h> +#include <errno.h> +#include <time.h> +#include <ipxe/uaccess.h> +#include <ipxe/image.h> +#include <ipxe/cms.h> +#include <usr/imgtrust.h> + +/** @file + * + * Image trust management + * + */ + +/** + * Verify image using downloaded signature + * + * @v image Image to verify + * @v signature Image containing signature + * @v name Required common name, or NULL to allow any name + * @ret rc Return status code + */ +int imgverify ( struct image *image, struct image *signature, + const char *name ) { + size_t len; + void *data; + struct cms_signature sig; + time_t now; + int rc; + + /* Mark image as untrusted */ + image_untrust ( image ); + + /* Copy signature to internal memory */ + len = signature->len; + data = malloc ( len ); + if ( ! data ) { + rc = -ENOMEM; + goto err_alloc; + } + copy_from_user ( data, signature->data, 0, len ); + + /* Parse signature */ + if ( ( rc = cms_parse ( &sig, data, len ) ) != 0 ) + goto err_parse; + + /* Use signature to verify image */ + now = time ( NULL ); + if ( ( rc = cms_verify ( &sig, image->data, image->len, + name, now, NULL ) ) != 0 ) + goto err_verify; + + /* Mark image as trusted */ + image_trust ( image ); + + err_verify: + err_parse: + free ( data ); + err_alloc: + return rc; +} |