diff --git a/backends/guest/common/util.c b/backends/guest/common/util.c index e56a833..512db88 100644 --- a/backends/guest/common/util.c +++ b/backends/guest/common/util.c @@ -45,17 +45,14 @@ void print_timestamp(timestamp_t t) t.second); } -void read_timestamp(const uint8_t *esl_data) +void read_timestamp(const struct signed_variable_header *data) { timestamp_t timestamp; - if (esl_data == NULL) + if (data == NULL) return; - // Special case: data read in from firmware contains a 16-bytes header, containing - // a one-byte version number, then 15 bytes of timestamp -- truncating the trailing - // padding byte at the end of the struct. - memcpy(×tamp, esl_data + 1, TIMESTAMP_LEN - 1); + memcpy(×tamp, &data->timestamp, sizeof(data->timestamp)); printf("\tTimestamp: "); print_timestamp(timestamp); } diff --git a/backends/guest/common/verify.c b/backends/guest/common/verify.c index 6f020c2..e129983 100644 --- a/backends/guest/common/verify.c +++ b/backends/guest/common/verify.c @@ -71,9 +71,10 @@ static int update_variable(const char *variable_name, const uint8_t *auth_data, prlog(PR_INFO, "\tappend update: %s\n\n", (append_update ? "True" : "False")); if (*new_esl_data != NULL) { - read_timestamp(*new_esl_data); - rc = print_esl_buffer((*new_esl_data + TIMESTAMP_LEN), - (*new_esl_data_size - TIMESTAMP_LEN), variable_name); + read_timestamp((struct signed_variable_header *)*new_esl_data); + rc = print_esl_buffer((*new_esl_data + GUEST_HEADER_LEN), + (*new_esl_data_size - GUEST_HEADER_LEN), + variable_name); if (rc != SUCCESS) return rc; } @@ -98,7 +99,7 @@ static int get_current_esl_data(const char *esl_file, uint8_t **current_esl_data } buffer = get_data_from_file(esl_file, SIZE_MAX, &buffer_size); - if (buffer != NULL && buffer_size >= TIMESTAMP_LEN) { + if (buffer != NULL && buffer_size >= GUEST_HEADER_LEN) { if (buffer_size == DEFAULT_PK_LEN) { if (verbose >= PR_DEBUG) print_raw(buffer, buffer_size); @@ -107,8 +108,9 @@ static int get_current_esl_data(const char *esl_file, uint8_t **current_esl_data buffer_size = 0; } else { if (verbose >= PR_INFO) - read_timestamp(buffer); - rc = validate_esl(buffer + TIMESTAMP_LEN, buffer_size - TIMESTAMP_LEN); + read_timestamp((struct signed_variable_header *)buffer); + rc = validate_esl(buffer + GUEST_HEADER_LEN, + buffer_size - GUEST_HEADER_LEN); if (rc != SUCCESS) { free(buffer); return rc; diff --git a/backends/guest/guest_svc_read.c b/backends/guest/guest_svc_read.c index 538f267..84eb9b0 100644 --- a/backends/guest/guest_svc_read.c +++ b/backends/guest/guest_svc_read.c @@ -266,10 +266,11 @@ static int read_path(const char *path, const int is_print_raw, const char *varia if (rc == SUCCESS) { if (is_print_raw || esl_data_size == DEFAULT_PK_LEN) print_raw(esl_data, esl_data_size); - else if (esl_data_size >= TIMESTAMP_LEN) { - read_timestamp(esl_data); - rc = print_esl_buffer(esl_data + TIMESTAMP_LEN, - esl_data_size - TIMESTAMP_LEN, variable_name); + else if (esl_data_size >= GUEST_HEADER_LEN) { + read_timestamp((struct signed_variable_header *)esl_data); + rc = print_esl_buffer(esl_data + GUEST_HEADER_LEN, + esl_data_size - GUEST_HEADER_LEN, + variable_name); } else prlog(PR_WARNING, "WARNING: The %s database is empty.\n", variable_name); @@ -294,10 +295,10 @@ static int read_path(const char *path, const int is_print_raw, const char *varia (esl_data_size == DEFAULT_PK_LEN && strcmp(defined_sb_variables[i], PK_VARIABLE) == 0)) print_raw(esl_data, esl_data_size); - else if (esl_data_size >= TIMESTAMP_LEN) { - read_timestamp(esl_data); - rc = print_esl_buffer(esl_data + TIMESTAMP_LEN, - esl_data_size - TIMESTAMP_LEN, + else if (esl_data_size >= GUEST_HEADER_LEN) { + read_timestamp((struct signed_variable_header *)esl_data); + rc = print_esl_buffer(esl_data + GUEST_HEADER_LEN, + esl_data_size - GUEST_HEADER_LEN, defined_sb_variables[i]); } else prlog(PR_WARNING, "WARNING: The %s database is empty.\n", diff --git a/backends/guest/include/common/util.h b/backends/guest/include/common/util.h index 32ca34c..0f75e5b 100644 --- a/backends/guest/include/common/util.h +++ b/backends/guest/include/common/util.h @@ -10,7 +10,6 @@ #define DEFAULT_PK_LEN 31 #define APPEND_HEADER_LEN 8 -#define TIMESTAMP_LEN 8 #define PK_VARIABLE "PK" #define PK_LEN 2 #define KEK_VARIABLE "KEK" @@ -52,6 +51,8 @@ struct signature_type_info { size_t size; }; +#define GUEST_HEADER_LEN sizeof(struct signed_variable_header) + extern const struct signature_type_info signature_type_list[]; /* @@ -61,7 +62,7 @@ bool is_trustedcadb_variable(const char *variable_name); void print_timestamp(timestamp_t t); -void read_timestamp(const uint8_t *esl_data); +void read_timestamp(const struct signed_variable_header *esl_data); /* * creates the append header using append flag diff --git a/external/libstb-secvar b/external/libstb-secvar index 276afde..45caf3b 160000 --- a/external/libstb-secvar +++ b/external/libstb-secvar @@ -1 +1 @@ -Subproject commit 276afde9b7c396d1320047fdec3340ea0d465bf0 +Subproject commit 45caf3bdbfb0973ef0074bd8f2303183907a5e2d