guest: replace TIMESTAMP_LEN with actual sized structs

TIMESTAMP_LEN is incredibly misleading. In its current form, it refers to an 8-byte header consisting of a 1-byte version number, and 7 bytes of a timestamp (truncated at pad1). This is obviously confusing as sizeof(timestamp_t) == 16, and this also includes a version byte for some reason. This commit attempts to clean this up a bit, by using the struct defined in libstb-secvar that defines the layout of this header, so that types and sizeof() can be used to get these offset/size values, instead of undocumented mislabled constants. This includes a version bump of libstb-secvar, which includes a commit exposing the variable header struct in pseries.h. Signed-off-by: Eric Richter <[email protected]>
open-power · Dec 8, 2023 · f8cc95f · f8cc95f
1 parent 8bf024b
commit f8cc95f
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 23 deletions.
diff --git a/backends/guest/common/util.c b/backends/guest/common/util.c
@@ -45,17 +45,14 @@ void print_timestamp(timestamp_t t)
 	       t.second);
 }
 
-void read_timestamp(const uint8_t *esl_data)
+void read_timestamp(const struct signed_variable_header *data)
 {
 	timestamp_t timestamp;
 
-	if (esl_data == NULL)
+	if (data == NULL)
 		return;
 
-	// Special case: data read in from firmware contains a 16-bytes header, containing
-	//  a one-byte version number, then 15 bytes of timestamp -- truncating the trailing
-	//  padding byte at the end of the struct.
-	memcpy(&timestamp, esl_data + 1, TIMESTAMP_LEN - 1);
+	memcpy(&timestamp, &data->timestamp, sizeof(data->timestamp));
 	printf("\tTimestamp: ");
 	print_timestamp(timestamp);
 }

diff --git a/backends/guest/common/verify.c b/backends/guest/common/verify.c
@@ -71,9 +71,10 @@ static int update_variable(const char *variable_name, const uint8_t *auth_data,
 		prlog(PR_INFO, "\tappend update: %s\n\n", (append_update ? "True" : "False"));
 
 		if (*new_esl_data != NULL) {
-			read_timestamp(*new_esl_data);
-			rc = print_esl_buffer((*new_esl_data + TIMESTAMP_LEN),
-					      (*new_esl_data_size - TIMESTAMP_LEN), variable_name);
+			read_timestamp((struct signed_variable_header *)*new_esl_data);
+			rc = print_esl_buffer((*new_esl_data + GUEST_HEADER_LEN),
+					      (*new_esl_data_size - GUEST_HEADER_LEN),
+					      variable_name);
 			if (rc != SUCCESS)
 				return rc;
 		}
@@ -98,7 +99,7 @@ static int get_current_esl_data(const char *esl_file, uint8_t **current_esl_data
 	}
 
 	buffer = get_data_from_file(esl_file, SIZE_MAX, &buffer_size);
-	if (buffer != NULL && buffer_size >= TIMESTAMP_LEN) {
+	if (buffer != NULL && buffer_size >= GUEST_HEADER_LEN) {
 		if (buffer_size == DEFAULT_PK_LEN) {
 			if (verbose >= PR_DEBUG)
 				print_raw(buffer, buffer_size);
@@ -107,8 +108,9 @@ static int get_current_esl_data(const char *esl_file, uint8_t **current_esl_data
 			buffer_size = 0;
 		} else {
 			if (verbose >= PR_INFO)
-				read_timestamp(buffer);
-			rc = validate_esl(buffer + TIMESTAMP_LEN, buffer_size - TIMESTAMP_LEN);
+				read_timestamp((struct signed_variable_header *)buffer);
+			rc = validate_esl(buffer + GUEST_HEADER_LEN,
+					  buffer_size - GUEST_HEADER_LEN);
 			if (rc != SUCCESS) {
 				free(buffer);
 				return rc;

diff --git a/backends/guest/guest_svc_read.c b/backends/guest/guest_svc_read.c
@@ -266,10 +266,11 @@ static int read_path(const char *path, const int is_print_raw, const char *varia
 		if (rc == SUCCESS) {
 			if (is_print_raw || esl_data_size == DEFAULT_PK_LEN)
 				print_raw(esl_data, esl_data_size);
-			else if (esl_data_size >= TIMESTAMP_LEN) {
-				read_timestamp(esl_data);
-				rc = print_esl_buffer(esl_data + TIMESTAMP_LEN,
-						      esl_data_size - TIMESTAMP_LEN, variable_name);
+			else if (esl_data_size >= GUEST_HEADER_LEN) {
+				read_timestamp((struct signed_variable_header *)esl_data);
+				rc = print_esl_buffer(esl_data + GUEST_HEADER_LEN,
+						      esl_data_size - GUEST_HEADER_LEN,
+						      variable_name);
 			} else
 				prlog(PR_WARNING, "WARNING: The %s database is empty.\n",
 				      variable_name);
@@ -294,10 +295,10 @@ static int read_path(const char *path, const int is_print_raw, const char *varia
 				    (esl_data_size == DEFAULT_PK_LEN &&
 				     strcmp(defined_sb_variables[i], PK_VARIABLE) == 0))
 					print_raw(esl_data, esl_data_size);
-				else if (esl_data_size >= TIMESTAMP_LEN) {
-					read_timestamp(esl_data);
-					rc = print_esl_buffer(esl_data + TIMESTAMP_LEN,
-							      esl_data_size - TIMESTAMP_LEN,
+				else if (esl_data_size >= GUEST_HEADER_LEN) {
+					read_timestamp((struct signed_variable_header *)esl_data);
+					rc = print_esl_buffer(esl_data + GUEST_HEADER_LEN,
+							      esl_data_size - GUEST_HEADER_LEN,
 							      defined_sb_variables[i]);
 				} else
 					prlog(PR_WARNING, "WARNING: The %s database is empty.\n",

diff --git a/backends/guest/include/common/util.h b/backends/guest/include/common/util.h
@@ -10,7 +10,6 @@
 
 #define DEFAULT_PK_LEN 31
 #define APPEND_HEADER_LEN 8
-#define TIMESTAMP_LEN 8
 #define PK_VARIABLE "PK"
 #define PK_LEN 2
 #define KEK_VARIABLE "KEK"
@@ -52,6 +51,8 @@ struct signature_type_info {
 	size_t size;
 };
 
+#define GUEST_HEADER_LEN sizeof(struct signed_variable_header)
+
 extern const struct signature_type_info signature_type_list[];
 
 /*
@@ -61,7 +62,7 @@ bool is_trustedcadb_variable(const char *variable_name);
 
 void print_timestamp(timestamp_t t);
 
-void read_timestamp(const uint8_t *esl_data);
+void read_timestamp(const struct signed_variable_header *esl_data);
 
 /*
  * creates the append header using append flag

diff --git a/external/libstb-secvar b/external/libstb-secvar