--- /dev/null
+/*
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <syslog.h>
+#include <ipxe/uaccess.h>
+#include <ipxe/image.h>
+#include <ipxe/cms.h>
+#include <ipxe/validator.h>
+#include <ipxe/monojob.h>
+#include <usr/imgtrust.h>
+
+/** @file
+ *
+ * Image trust management
+ *
+ */
+
+/**
+ * Verify image using downloaded signature
+ *
+ * @v image Image to verify
+ * @v signature Image containing signature
+ * @v name Required common name, or NULL to allow any name
+ * @ret rc Return status code
+ */
+int imgverify ( struct image *image, struct image *signature,
+ const char *name ) {
+ size_t len;
+ void *data;
+ struct cms_signature *sig;
+ struct cms_signer_info *info;
+ time_t now;
+ int rc;
+
+ /* Mark image as untrusted */
+ image_untrust ( image );
+
+ /* Copy signature to internal memory */
+ len = signature->len;
+ data = malloc ( len );
+ if ( ! data ) {
+ rc = -ENOMEM;
+ goto err_alloc;
+ }
+ copy_from_user ( data, signature->data, 0, len );
+
+ /* Parse signature */
+ if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 )
+ goto err_parse;
+
+ /* Free internal copy of signature */
+ free ( data );
+ data = NULL;
+
+ /* Complete all certificate chains */
+ list_for_each_entry ( info, &sig->info, list ) {
+ if ( ( rc = create_validator ( &monojob, info->chain ) ) != 0 )
+ goto err_create_validator;
+ if ( ( rc = monojob_wait ( NULL, 0 ) ) != 0 )
+ goto err_validator_wait;
+ }
+
+ /* Use signature to verify image */
+ now = time ( NULL );
+ if ( ( rc = cms_verify ( sig, image->data, image->len,
+ name, now, NULL, NULL ) ) != 0 )
+ goto err_verify;
+
+ /* Drop reference to signature */
+ cms_put ( sig );
+ sig = NULL;
+
+ /* Mark image as trusted */
+ image_trust ( image );
+ syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );
+
+ return 0;
+
+ err_verify:
+ err_validator_wait:
+ err_create_validator:
+ cms_put ( sig );
+ err_parse:
+ free ( data );
+ err_alloc:
+ syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
+ image->name, strerror ( rc ) );
+ return rc;
+}
Code Review / kvmfornfv.git / blobdiff