Skip to content

Commit 3bdaced

Browse files
committed
[WIP] decode_payload: Skip over signature entries that cause errors
Either the printf escaping gives wrong binary data or the random dummy key signature is really broken for the oem-ami.gz 3745.1.0 amd64 payload. The error reported is: RSA operation error 007E9295D47F0000:error:02000084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:crypto/rsa/rsa_ossl.c:661: 007E9295D47F0000:error:1C880004:Provider routines:rsa_verify_recover:RSA lib:providers/implementations/signature/rsa_sig.c:748:
1 parent e4b5571 commit 3bdaced

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

decode_payload

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ while IFS= read -r LINE; do
142142
"data:"*)
143143
SIGDATA=$(echo "${LINE}" | cut -d '"' -f 2- | head -c-2 | sed 's/%/%%/g')
144144
# This is a workaround for the dev-key vs prod-key case: sed '/signatures {/d' | sed '/ version: 2/d'
145-
SIGHEX=$(printf -- "${SIGDATA}" | sed '/signatures {/d' | sed '/ version: 2/d' | openssl rsautl -verify -pubin -inkey "${PUBKEY}" -raw | tail -c 32 | od -An -vtx1 -w1024 | tr -d ' ')
145+
SIGHEX=$(printf -- "${SIGDATA}" | sed '/signatures {/d' | sed '/ version: 2/d' | openssl rsautl -verify -pubin -inkey "${PUBKEY}" -raw | tail -c 32 | od -An -vtx1 -w1024 | tr -d ' ' || true)
146146
# The raw output instead of asn1parse is used to easily extract the sha256 checksum (done by tail -c 32)
147147
# We also calculate the payload hash that the signature was done for, note that it's of course not the whole file but only up to the attached signature itself
148148
PAYLOADHASH=$(head -c "$((20 + MLEN + SIGOFFSET))" "${FILE}" | sha256sum | cut -d ' ' -f 1)

0 commit comments

Comments
 (0)