void check_crypto_v2(const struct check_opt *opt)
{
if (opt->dochecksum)
chksum();
if (opt->doversion || opt->dohardwareversion || opt->doremoveversion)
check_version_info(0, opt->doversion, opt->dohardwareversion,
opt->doremoveversion, 1);
/*
* Modern signed image support is backward compatible, so we don't
* do the crypto check until this point. (That is we have stripped
* of old style 16bit checksum and the product/version information).
* We also leave the sign structures on the image data, so they get
* written to flash as well. However, if it is a gzipped image, we
* will need to trim off the signature before we decompress.
*/
if (opt->dochecksum) {
int cryptorc = check_crypto_signature();
/*
* If there is SHA256 or crypto info, there should also be an extra
* copy of the version info just before it. (ie. a signed/checksummed
* copy.) If we care about version info (and there's a crypto header
* present), check this stuff too.
*/
if ((opt->doversion || opt->dohardwareversion) && cryptorc == CRYPTO_CHECK_OK) {
int rc = check_version_info(fb_meta_len(), opt->doversion, opt->dohardwareversion, 0, 0);
if (rc == 5)
notice("Warning: no signed version information present in image.");
}
}
}
/*
* The last few bytes of the image look like the following:
*
* \0version\0vendore_name\0product_namechksum
* the chksum is 16bits wide, and the version is no more than 20bytes.
*
* version is w.x.y[nz], where n is ubpi, and w, x, y and z are 1 or 2 digit
* numbers.
*
*/
int check_vendor(char *vendorName, char *productName, char *version)
{
struct fileblock_t *currBlock;
int versionInfo;
char *cp;
char imageVendorName[MAX_VENDOR_SIZE];
char imageProductName[MAX_PRODUCT_SIZE];
char imageVersion[MAX_VERSION_SIZE];
/*
* Point to what should be the last byte in the product name string.
*/
if (fileblocks == NULL)
return 5;
for (currBlock = fileblocks; currBlock->next; currBlock = currBlock->next);
cp = currBlock->data + currBlock->length - 1;
/*
* Now try to get the vendor/product/version strings, from the end
* of the image
*/
cp = get_string(&currBlock, cp, imageProductName, MAX_PRODUCT_SIZE);
if (cp == NULL)
return 5;
cp = get_string(&currBlock, cp, imageVendorName, MAX_VENDOR_SIZE);
if (cp == NULL)
return 5;
cp = get_string(&currBlock, cp, imageVersion, MAX_VERSION_SIZE);
if (cp == NULL)
return 5;
#ifdef CONFIG_PROP_LOGD_LOGD
memcpy(new_image_version, imageVersion, MAX_VERSION_SIZE);
new_image_version[MAX_VERSION_SIZE] = '\0';
#endif
/* Looks like there was versioning information there, strip it off
* now so that we don't write it to flash, or try to decompress it, etc */
remove_data(strlen(imageProductName) + strlen(imageVendorName) + strlen(imageVersion) + 3);
/*
* Check the product name.
*/
if (strcmp(productName, imageProductName) != 0)
return 1;
/*
* Check the vendor name.
*/
if (strcmp(vendorName, imageVendorName) != 0)
return 2;
/*
* Check the version number.
*/
versionInfo = check_version_info(version, imageVersion);
return versionInfo;
}
void check_crypto_v1(const struct check_opt *opt)
{
check_crypto_signature();
if (opt->dochecksum)
chksum();
if (opt->doversion || opt->dohardwareversion || opt->doremoveversion)
check_version_info(0, opt->doversion, opt->dohardwareversion,
opt->doremoveversion, 1);
}
/*
* The last few bytes of the image look like the following:
*
* \0version\0vendore_name\0product_namechksum
* the chksum is 16bits wide, and the version is no more than 20bytes.
*
* version is w.x.y[nz], where n is ubpi, and w, x, y and z are 1 or 2 digit
* numbers.
*
* vendorName and productName may be a comma separated list of names
* which are acceptable
*/
int check_vendor(void)
{
int versionInfo;
/*
* Point to what should be the last byte in the product name string.
*/
if (fb_seek_end(1) != 0)
return 5;
/*
* Now try to get the vendor/product/version strings, from the end
* of the image
*/
if (get_string(imageProductName, MAX_PRODUCT_SIZE) != 0)
return 5;
if (get_string(imageVendorName, MAX_VENDOR_SIZE) != 0)
return 5;
if (get_string(imageVersion, MAX_VERSION_SIZE) != 0)
return 5;
/* Looks like there was versioning information there, strip it off
* now so that we don't write it to flash, or try to decompress it, etc */
fb_trim(strlen(imageProductName) + strlen(imageVendorName) + strlen(imageVersion) + 3);
/*
* Check the product name. Our product name may be a comma separated list of names.
*/
if (!check_match(imageProductName, our_product_name)) {
return 1;
}
/*
* Check the vendor name. Our vendor name may be a comma separated list of names.
*/
if (!check_match(imageVendorName, our_vendor_name)) {
return 2;
}
/*
* Check the version number.
*/
versionInfo = check_version_info(our_image_version, imageVersion);
return versionInfo;
}
