iPXE
imgtrust.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdlib.h>
27 #include <errno.h>
28 #include <time.h>
29 #include <syslog.h>
30 #include <ipxe/uaccess.h>
31 #include <ipxe/image.h>
32 #include <ipxe/cms.h>
33 #include <ipxe/validator.h>
34 #include <ipxe/monojob.h>
35 #include <usr/imgtrust.h>
36 
37 /** @file
38  *
39  * Image trust management
40  *
41  */
42 
43 /**
44  * Verify image using downloaded signature
45  *
46  * @v image Image to verify
47  * @v signature Image containing signature
48  * @v name Required common name, or NULL to allow any name
49  * @ret rc Return status code
50  */
51 int imgverify ( struct image *image, struct image *signature,
52  const char *name ) {
53  struct asn1_cursor *data;
54  struct cms_signature *sig;
55  struct cms_signer_info *info;
56  time_t now;
57  int next;
58  int rc;
59 
60  /* Mark image as untrusted */
61  image_untrust ( image );
62 
63  /* Get raw signature data */
64  next = image_asn1 ( signature, 0, &data );
65  if ( next < 0 ) {
66  rc = next;
67  goto err_asn1;
68  }
69 
70  /* Parse signature */
71  if ( ( rc = cms_signature ( data->data, data->len, &sig ) ) != 0 )
72  goto err_parse;
73 
74  /* Free raw signature data */
75  free ( data );
76  data = NULL;
77 
78  /* Complete all certificate chains */
79  list_for_each_entry ( info, &sig->info, list ) {
80  if ( ( rc = create_validator ( &monojob, info->chain ) ) != 0 )
81  goto err_create_validator;
82  if ( ( rc = monojob_wait ( NULL, 0 ) ) != 0 )
83  goto err_validator_wait;
84  }
85 
86  /* Use signature to verify image */
87  now = time ( NULL );
88  if ( ( rc = cms_verify ( sig, image->data, image->len,
89  name, now, NULL, NULL ) ) != 0 )
90  goto err_verify;
91 
92  /* Drop reference to signature */
93  cms_put ( sig );
94  sig = NULL;
95 
96  /* Mark image as trusted */
97  image_trust ( image );
98  syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );
99 
100  return 0;
101 
102  err_verify:
103  err_validator_wait:
104  err_create_validator:
105  cms_put ( sig );
106  err_parse:
107  free ( data );
108  err_asn1:
109  syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
110  image->name, strerror ( rc ) );
111  return rc;
112 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
const char * name
Definition: ath9k_hw.c:1984
int imgverify(struct image *image, struct image *signature, const char *name)
Verify image using downloaded signature.
Definition: imgtrust.c:51
userptr_t data
Raw file image.
Definition: image.h:41
u32 info
Definition: ar9003_mac.h:67
u8 sig
Definition: CIB_PRM.h:43
uint32_t next
Next descriptor address.
Definition: myson.h:18
int monojob_wait(const char *string, unsigned long timeout)
Wait for single foreground job to complete.
Definition: monojob.c:81
Error codes.
static void cms_put(struct cms_signature *sig)
Drop reference to CMS signature.
Definition: cms.h:66
int image_asn1(struct image *image, size_t offset, struct asn1_cursor **cursor)
Extract ASN.1 object from image.
Definition: asn1.c:854
An executable image.
Definition: image.h:24
#define LOG_ERR
Error: error conditions.
Definition: syslog.h:35
Access to external ("user") memory.
u8 signature
Definition: CIB_PRM.h:35
Single foreground job.
Certificate validator.
Executable images.
CMS signer information.
Definition: cms.h:20
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition: list.h:420
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
Image trust management.
struct interface monojob
Definition: monojob.c:56
static void image_untrust(struct image *image)
Set image as untrusted.
Definition: image.h:233
System logger.
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
size_t len
Length of raw file image.
Definition: image.h:43
struct list_head list
List of signer information blocks.
Definition: cms.h:22
Date and time.
#define syslog(priority, fmt,...)
Write message to system log.
Definition: syslog.h:93
int cms_verify(struct cms_signature *sig, userptr_t data, size_t len, const char *name, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature.
Definition: cms.c:681
A CMS signature.
Definition: cms.h:39
struct arbelprm_port_state_change_st data
Message.
Definition: arbel.h:12
static void image_trust(struct image *image)
Set image as trusted.
Definition: image.h:224
int create_validator(struct interface *job, struct x509_chain *chain)
Instantiate a certificate validator.
Definition: validator.c:626
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
uint64_t time
Current time.
Definition: ntlm.h:20
Cryptographic Message Syntax (PKCS #7)
char * name
Name.
Definition: image.h:34
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362
#define LOG_NOTICE
Notice: normal but significant conditions.
Definition: syslog.h:41
An ASN.1 object cursor.
Definition: asn1.h:19