void check_crypto_v2(const struct check_opt *opt) { if (opt->dochecksum) chksum(); if (opt->doversion || opt->dohardwareversion || opt->doremoveversion) check_version_info(0, opt->doversion, opt->dohardwareversion, opt->doremoveversion, 1); /* * Modern signed image support is backward compatible, so we don't * do the crypto check until this point. (That is we have stripped * of old style 16bit checksum and the product/version information). * We also leave the sign structures on the image data, so they get * written to flash as well. However, if it is a gzipped image, we * will need to trim off the signature before we decompress. */ if (opt->dochecksum) { int cryptorc = check_crypto_signature(); /* * If there is SHA256 or crypto info, there should also be an extra * copy of the version info just before it. (ie. a signed/checksummed * copy.) If we care about version info (and there's a crypto header * present), check this stuff too. */ if ((opt->doversion || opt->dohardwareversion) && cryptorc == CRYPTO_CHECK_OK) { int rc = check_version_info(fb_meta_len(), opt->doversion, opt->dohardwareversion, 0, 0); if (rc == 5) notice("Warning: no signed version information present in image."); } } }
/* * The last few bytes of the image look like the following: * * \0version\0vendore_name\0product_namechksum * the chksum is 16bits wide, and the version is no more than 20bytes. * * version is w.x.y[nz], where n is ubpi, and w, x, y and z are 1 or 2 digit * numbers. * */ int check_vendor(char *vendorName, char *productName, char *version) { struct fileblock_t *currBlock; int versionInfo; char *cp; char imageVendorName[MAX_VENDOR_SIZE]; char imageProductName[MAX_PRODUCT_SIZE]; char imageVersion[MAX_VERSION_SIZE]; /* * Point to what should be the last byte in the product name string. */ if (fileblocks == NULL) return 5; for (currBlock = fileblocks; currBlock->next; currBlock = currBlock->next); cp = currBlock->data + currBlock->length - 1; /* * Now try to get the vendor/product/version strings, from the end * of the image */ cp = get_string(&currBlock, cp, imageProductName, MAX_PRODUCT_SIZE); if (cp == NULL) return 5; cp = get_string(&currBlock, cp, imageVendorName, MAX_VENDOR_SIZE); if (cp == NULL) return 5; cp = get_string(&currBlock, cp, imageVersion, MAX_VERSION_SIZE); if (cp == NULL) return 5; #ifdef CONFIG_PROP_LOGD_LOGD memcpy(new_image_version, imageVersion, MAX_VERSION_SIZE); new_image_version[MAX_VERSION_SIZE] = '\0'; #endif /* Looks like there was versioning information there, strip it off * now so that we don't write it to flash, or try to decompress it, etc */ remove_data(strlen(imageProductName) + strlen(imageVendorName) + strlen(imageVersion) + 3); /* * Check the product name. */ if (strcmp(productName, imageProductName) != 0) return 1; /* * Check the vendor name. */ if (strcmp(vendorName, imageVendorName) != 0) return 2; /* * Check the version number. */ versionInfo = check_version_info(version, imageVersion); return versionInfo; }
void check_crypto_v1(const struct check_opt *opt) { check_crypto_signature(); if (opt->dochecksum) chksum(); if (opt->doversion || opt->dohardwareversion || opt->doremoveversion) check_version_info(0, opt->doversion, opt->dohardwareversion, opt->doremoveversion, 1); }
/* * The last few bytes of the image look like the following: * * \0version\0vendore_name\0product_namechksum * the chksum is 16bits wide, and the version is no more than 20bytes. * * version is w.x.y[nz], where n is ubpi, and w, x, y and z are 1 or 2 digit * numbers. * * vendorName and productName may be a comma separated list of names * which are acceptable */ int check_vendor(void) { int versionInfo; /* * Point to what should be the last byte in the product name string. */ if (fb_seek_end(1) != 0) return 5; /* * Now try to get the vendor/product/version strings, from the end * of the image */ if (get_string(imageProductName, MAX_PRODUCT_SIZE) != 0) return 5; if (get_string(imageVendorName, MAX_VENDOR_SIZE) != 0) return 5; if (get_string(imageVersion, MAX_VERSION_SIZE) != 0) return 5; /* Looks like there was versioning information there, strip it off * now so that we don't write it to flash, or try to decompress it, etc */ fb_trim(strlen(imageProductName) + strlen(imageVendorName) + strlen(imageVersion) + 3); /* * Check the product name. Our product name may be a comma separated list of names. */ if (!check_match(imageProductName, our_product_name)) { return 1; } /* * Check the vendor name. Our vendor name may be a comma separated list of names. */ if (!check_match(imageVendorName, our_vendor_name)) { return 2; } /* * Check the version number. */ versionInfo = check_version_info(our_image_version, imageVersion); return versionInfo; }