Fixed spec file format

2017-06-06 13:28:56 -07:00 · 2017-06-06 13:28:56 -07:00 · b3286924e0
--- a/lsvmload/specialize.c
+++ b/lsvmload/specialize.c
@ -31,6 +31,7 @@
 #include <lsvmutils/efifile.h>
 #include <lsvmutils/alloc.h>
 #include <lsvmutils/luksblkdev.h>
+#include <lsvmutils/specialize.h>
 #include "globals.h"
 #include "log.h"
 #include "progress.h"
@ -141,6 +142,8 @@ int LoadDecryptCopySpecializeFile(
    UINTN mkSize;
    UINT8* specializeData = NULL;
    UINTN specializeSize = 0;
+    const UINT8* finalSpecData;
+    UINTN finalSpecDataSize;

    /* Check for null parameters */
    if (!imageHandle || !bootdev || !path)
@ -190,13 +193,23 @@ int LoadDecryptCopySpecializeFile(

        LOGI(L"Loaded %s", Wcs(path));

+        if (FindSpecFile(
+            specializeData,
+            specializeSize,
+            &finalSpecData,
+            &finalSpecDataSize) != 0)
+        {
+            LOGE(L"%a: failed to deserialize spec data", Str(func));
+            goto done;         
+        }
+
        PutProgress(L"Creating /lsvmload/specialize");

        /* Copy file to boot partition */
        if (EXT2Put(
            bootfs, 
-            specializeData, 
-            specializeSize, 
+            finalSpecData, 
+            finalSpecDataSize, 
            "/lsvmload/specialize",
            EXT2_FILE_MODE_RW0_000_000) != EXT2_ERR_NONE)
        {
--- a/lsvmtool/lsvmtoolmain.c
+++ b/lsvmtool/lsvmtoolmain.c
@ -82,6 +82,7 @@
 #include <xz/lzmaextras.h>
 #include <lsvmutils/policy.h>
 #include <lsvmutils/lsvmloadpolicy.h>
+#include <lsvmutils/specialize.h>
 #include <zlib.h>
 #include "zlibextras.h"
 #include "dbxupdate.h"
@ -4410,6 +4411,56 @@ done:
    return status;
 }

+static int _deserialize_specfile_command(
+    int argc,
+    const char **argv)
+{
+    int status = 1;
+    const char* infile;
+    const char* outfile;
+    unsigned char* inData = NULL;
+    const unsigned char* outData = NULL;
+    size_t inDataSize;
+    UINTN outDataSize;
+
+    if (argc != 3)
+    {
+        fprintf(stderr, "Usage: %s INFILE OUTFILE\n", argv[0]);
+        goto done;
+    }
+
+    infile = argv[1];
+    outfile = argv[2];
+
+    if (LoadFile(infile, 1, &inData, &inDataSize) != 0)
+    {
+        fprintf(stderr, "%s: failed to read: %s\n", argv[0], infile);
+        goto done;
+    }
+
+    if (FindSpecFile(inData, inDataSize, &outData, &outDataSize) != 0)
+    {
+        fprintf(stderr, "%s: failed to find spec file: %s\n", argv[0], infile);
+        goto done;
+    }
+
+    if (PutFile(outfile, outData, outDataSize) != 0)
+    {
+        fprintf(stderr, "%s: failed to write file: %s\n", argv[0], outfile);
+        goto done;
+    }
+  
+    status = 0;
+
+done: 
+    if (inData != NULL)
+    {
+        free(inData);
+    }
+    /* We do NOT free outData, since FindSpecFile sets outfile to an offset in inData. */
+    return status;
+}
+
 /*
 **==============================================================================
 **
@ -4795,6 +4846,11 @@ static Command _commands[] =
        "Deserializes the boot+rootkey from unsealed data",
        _deserializekeys_command,
    },
+    {
+        "deserialize_specfile",
+        "Deserializes the specialization file",
+        _deserialize_specfile_command,
+    },
 };

 static size_t _ncommands = sizeof(_commands) / sizeof(_commands[0]);
--- a/lsvmutils/efi.mak
+++ b/lsvmutils/efi.mak
@ -16,7 +16,7 @@ INCLUDES += $(EFI_INCLUDES)
 INCLUDES += -I$(TOP)/3rdparty
 INCLUDES += -I$(TOP)/3rdparty/openssl/efi/$(OPENSSLPACKAGE)/include

-SOURCES = alloc.c buf.c conf.c error.c ext2.c getopt.c peimage.c print.c sha.c strarr.c strings.c tpmbuf.c utils.c tpm2.c tcg2.c dump.c luks.c efifile.c blkdev.c efiblkdev.c efibio.c luksblkdev.c gpt.c guid.c vfat.c memblkdev.c luksopenssl.c cpio.c initrd.c cacheblkdev.c grubcfg.c pass.c heap.c tpm2crypt.c keys.c measure.c policy.c vars.c lsvmloadpolicy.c uefidb.c
+SOURCES = alloc.c buf.c conf.c error.c ext2.c getopt.c peimage.c print.c sha.c strarr.c strings.c tpmbuf.c utils.c tpm2.c tcg2.c dump.c luks.c efifile.c blkdev.c efiblkdev.c efibio.c luksblkdev.c gpt.c guid.c vfat.c memblkdev.c luksopenssl.c cpio.c initrd.c cacheblkdev.c grubcfg.c pass.c heap.c tpm2crypt.c keys.c measure.c policy.c vars.c lsvmloadpolicy.c uefidb.c specialize.c

 OBJECTS = $(SOURCES:.c=.o)

--- a/lsvmutils/linux.mak
+++ b/lsvmutils/linux.mak
@ -15,7 +15,7 @@ INCLUDES += $(EFI_INCLUDES)
 INCLUDES += -I$(TOP)/3rdparty
 INCLUDES += -I$(TOP)/3rdparty/openssl/linux/$(OPENSSLPACKAGE)/include

-SOURCES = alloc.c buf.c conf.c error.c ext2.c file.c getopt.c peimage.c print.c sha.c strarr.c strings.c tcg2.c tpm2.c tpmbuf.c utils.c blkdev.c linuxblkdev.c luks.c dump.c luksblkdev.c gpt.c guid.c vfat.c memblkdev.c luksopenssl.c uefidb.c cpio.c initrd.c cacheblkdev.c grubcfg.c exec.c pass.c heap.c tpm2crypt.c keys.c uefidbx.c policy.c measure.c vars.c lsvmloadpolicy.c
+SOURCES = alloc.c buf.c conf.c error.c ext2.c file.c getopt.c peimage.c print.c sha.c strarr.c strings.c tcg2.c tpm2.c tpmbuf.c utils.c blkdev.c linuxblkdev.c luks.c dump.c luksblkdev.c gpt.c guid.c vfat.c memblkdev.c luksopenssl.c uefidb.c cpio.c initrd.c cacheblkdev.c grubcfg.c exec.c pass.c heap.c tpm2crypt.c keys.c uefidbx.c policy.c measure.c vars.c lsvmloadpolicy.c specialize.c

 OBJECTS = $(SOURCES:.c=.o)

--- a/lsvmutils/specialize.c
+++ b/lsvmutils/specialize.c
@ -0,0 +1,117 @@
+/*
+**==============================================================================
+**
+** LSVMTools 
+** 
+** MIT License
+** 
+** Copyright (c) Microsoft Corporation. All rights reserved.
+** 
+** Permission is hereby granted, free of charge, to any person obtaining a copy
+** of this software and associated documentation files (the "Software"), to deal
+** in the Software without restriction, including without limitation the rights
+** to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+** copies of the Software, and to permit persons to whom the Software is
+** furnished to do so, subject to the following conditions:
+** 
+** The above copyright notice and this permission notice shall be included in 
+** all copies or substantial portions of the Software.
+** 
+** THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+** IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+** FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+** AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+** LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+** OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+** SOFTWARE
+**
+**==============================================================================
+*/
+#include "config.h"
+#include "eficommon.h"
+#include "specialize.h"
+
+static int _GetSpecFile(
+    SPECIALIZATION_CLEAR_DATA_HEADER* hdr,
+    const UINT8* data,
+    UINTN size,
+    const UINT8** out,
+    UINTN* outSize)
+{
+    const UINT8* dataCur;
+    UINT32 i;
+
+    dataCur = data;
+    for (i = 0; i < hdr->FileCount; i++)
+    {
+        SPECIALIZATION_CLEAR_DATA_FILE_ENTRY* entry;
+        UINT32 max;
+        BOOLEAN isSpecFile = FALSE;
+	
+        /* First validate inputs. */
+        if (dataCur + SPECIALIZATION_CLEAR_DATA_FILE_ENTRY_SIZE > data + size)
+        {
+            return -1;
+        }
+
+        /* Right now, we only check the unattend or autounattend file. */
+        entry = (SPECIALIZATION_CLEAR_DATA_FILE_ENTRY*) dataCur; 
+
+        isSpecFile = Memcmp(dataCur + entry->FileNameOffset,
+                            SPEC_UNATTEND_FILENAME,
+                            sizeof(SPEC_UNATTEND_FILENAME) - sizeof(CHAR16));
+
+        isSpecFile = isSpecFile ||
+                     Memcmp(dataCur + entry->FileNameOffset,
+                            SPEC_UNATTEND_FILENAME_ALTERNATE,
+                            sizeof(SPEC_UNATTEND_FILENAME_ALTERNATE) - sizeof(CHAR16));
+
+        /* Found the specialization file. */
+        if (isSpecFile)
+        {
+            *out = dataCur + entry->FilePayloadOffset;
+            *outSize = entry->FilePayloadSize;
+            return 0;
+        }
+
+        /* Advance to next entry. */
+        max = entry->FilePayloadOffset + entry->FilePayloadSize;
+        if (max < entry->FileNameOffset + entry->FileNameSize)
+        {
+            max = entry->FileNameOffset + entry->FileNameSize;
+        }
+        dataCur += max;
+    }
+    /* Spec file not found, so return an error. */
+    return -1;
+}
+
+int FindSpecFile(
+    const UINT8* data,
+    UINTN size,
+    const UINT8** out,
+    UINTN* outSize)
+{
+    SPECIALIZATION_CLEAR_DATA_HEADER* hdr;
+    int rc = -1;
+
+     /* Check size of data */
+    if (size < sizeof(SPECIALIZATION_CLEAR_DATA_HEADER))
+    {
+        goto done;
+    }
+
+    /* Now parse the spec files. */
+    hdr = (SPECIALIZATION_CLEAR_DATA_HEADER*) data;
+    data += sizeof(*hdr);
+    size -=  sizeof(*hdr);
+    if (_GetSpecFile(hdr, data, size, out, outSize) != 0)
+    {
+        goto done;
+    }
+
+    rc = 0;
+
+done:
+    return rc;
+}
--- a/lsvmutils/specialize.h
+++ b/lsvmutils/specialize.h
@ -0,0 +1,70 @@
+/*
+**==============================================================================
+**
+** LSVMTools 
+** 
+** MIT License
+** 
+** Copyright (c) Microsoft Corporation. All rights reserved.
+** 
+** Permission is hereby granted, free of charge, to any person obtaining a copy
+** of this software and associated documentation files (the "Software"), to deal
+** in the Software without restriction, including without limitation the rights
+** to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+** copies of the Software, and to permit persons to whom the Software is
+** furnished to do so, subject to the following conditions:
+** 
+** The above copyright notice and this permission notice shall be included in 
+** all copies or substantial portions of the Software.
+** 
+** THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+** IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+** FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+** AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+** LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+** OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+** SOFTWARE
+**
+**==============================================================================
+*/
+#ifndef _lsvmutils_specialize_h
+#define _lsvmutils_specialize_h
+
+#include <lsvmutils/error.h>
+
+#define SPEC_UNATTEND_FILENAME "unattend.xml"
+#define SPEC_UNATTEND_FILENAME_ALTERNATE "Autounattend.xml"
+
+/*
+ * This is the format of the Ciphertext:
+ * SPECIALIZATION_CLEAR_DATA_HEADER || ENTRY1 || (NAME1 | PAYLOAD1) || Entry2 || ... 
+ */ 
+typedef struct _SPECIALIZATION_CLEAR_DATA_HEADER
+{
+    UINT32 Length;
+    UINT32 FileCount;
+
+} SPECIALIZATION_CLEAR_DATA_HEADER, *PSPECIALIZATION_CLEAR_DATA_HEADER;
+
+#define SPECIALIZATION_CLEAR_DATA_HEADER_SIZE   (sizeof(SPECIALIZATION_CLEAR_DATA_HEADER))
+
+typedef struct _SPECIALIZATION_CLEAR_DATA_FILE_ENTRY
+{
+    UINT32 FileType;
+    UINT32 FileNameSize;
+    UINT32 FileNameOffset;
+    UINT32 FilePayloadSize;
+    UINT32 FilePayloadOffset;
+
+} SPECIALIZATION_CLEAR_DATA_FILE_ENTRY, *PSPECIALIZATION_CLEAR_DATA_FILE_ENTRY;
+
+#define SPECIALIZATION_CLEAR_DATA_FILE_ENTRY_SIZE   (sizeof(SPECIALIZATION_CLEAR_DATA_FILE_ENTRY))
+
+/* Note that this function doesn't allocate memory, it simply changes *out to the spec data. */
+int FindSpecFile(
+    const UINT8* data,
+    UINTN size,
+    const UINT8** out,
+    UINTN* outSize);
+
+#endif /* _lsvmutils_specialize_h */