From e3cea2d17c2882c5460160850ae7aa0b6ff7b460 Mon Sep 17 00:00:00 2001
From: Diederik de Groot <dkgroot@talon.nl>
Date: Thu, 12 Mar 2020 14:55:07 +0100
Subject: [PATCH] - Extended tlvfile to include CAPF, SRST and TVS   - Update
 the tlvfile help text   - Update TLV Handling. Update index.php error output
 when no filename is provided. Update gitignore - Use readfile - Add .cache
 folder

Signed-off-by: Diederik de Groot <ddegroot@talon.nl>
---
 .gitignore                  | 10 +++++++++-
 tftpboot/.cache/.git_keep   |  0
 tftpboot/index.php          | 19 +++++++------------
 tools/certutils/TLV/Tags.pm |  2 +-
 tools/certutils/tlvfile     | 18 +++++++++++++++---
 5 files changed, 32 insertions(+), 17 deletions(-)
 create mode 100644 tftpboot/.cache/.git_keep

diff --git a/.gitignore b/.gitignore
index 3aa3b4b..ba5d398 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,14 @@
 env/
 *~
 *.bak
+*.enc
+*.sgn
+.requirements_satisfied
 etc/nginx/site-available/nginx.rules
 etc/tftpd-hpa/tftpd.rules
-.requirements_satisfied
+etc/certs/*.pem
+tftpboot/settings/*.cnf.xml
+tftpboot/settings/*.tlv
+tftpboot/settings/authorized_keys
+tftpboot/settings/*.jar
+tftpboot/settings/*.json
diff --git a/tftpboot/.cache/.git_keep b/tftpboot/.cache/.git_keep
new file mode 100644
index 0000000..e69de29
diff --git a/tftpboot/index.php b/tftpboot/index.php
index c7024b3..e050b82 100644
--- a/tftpboot/index.php
+++ b/tftpboot/index.php
@@ -29,29 +29,24 @@ function send_fallback_html($message) {
 	flush();
 }
 
-function sendfile($file) {
-	if (file_exists($file)) {
+function sendfile($filename) {
+	if (file_exists($filename)) {
 		while (ob_get_level()) {ob_end_clean();}
 		header('Content-Description: File Transfer');
 		header('Content-Type: application/octet-stream');
-		header('Content-Disposition: attachment; filename=' . basename($file));
+		header('Content-Disposition: attachment; filename=' . basename($filename));
 		header('Content-Transfer-Encoding: binary');
 		header('Expires: 0');
 		header('Cache-Control: must-revalidate');
 		header('Pragma: public');
-		header('Content-Length: ' . filesize($file));
+		header('Content-Length: ' . filesize($filename));
 
 		/* want to stream out, so don't use file_get_contents() in this case */
-		if ($fd = fopen($file, 'rb')) {
-			while (!feof($fd)) {
-				print fread($fd, 1024);
-			}
-			fclose($fd);
-		}
+		return readfile ($filename, FALSE);
 	}
 }
 if (!$request || empty($request) || !array_key_exists('filename',$request) || empty($request['filename'])) {
-	send_fallback_html("Empty request sent");
+	send_fallback_html("Empty 'filename' request sent");
 	exit();
 }
 try {
@@ -64,4 +59,4 @@ try {
 } catch(Exception $e) {
 	send_fallback_html($e->getMessage());
 }
-?>
\ No newline at end of file
+?>
diff --git a/tools/certutils/TLV/Tags.pm b/tools/certutils/TLV/Tags.pm
index ad87db9..a064e2d 100644
--- a/tools/certutils/TLV/Tags.pm
+++ b/tools/certutils/TLV/Tags.pm
@@ -15,7 +15,7 @@ our %EXPORT_TAGS = (header   => [qw/HEADER_VERSION HEADER_LENGTH HEADER_SIGNER_I
                                     RECORD_SERIAL_NUMBER RECORD_PUBLIC_KEY RECORD_SIGNATURE RECORD_CERTIFICATE
                                     RECORD_IP_ADDRESS RECORD_CERTIFICATE_HASH RECORD_HASH_ALGORITHM/],
                     digest   => [qw/DIGEST_SHA1 DIGEST_SHA256 DIGEST_SHA384 DIGEST_SHA512/],
-                    function => [qw/FUNCTION_SAST FUNCTION_CCM FUNCTION_CCM_TFTP FUNCTION_TFTP FUNCTION_HTTPS/]);
+                    function => [qw/FUNCTION_SAST FUNCTION_CCM FUNCTION_CCM_TFTP FUNCTION_TFTP FUNCTION_CAPF FUNCTION_SRST FUNCTION_HTTPS FUNCTION_TVS/]);
 
 our @EXPORT_OK = (@{$EXPORT_TAGS{header}}, @{$EXPORT_TAGS{record}}, @{$EXPORT_TAGS{digest}}, @{$EXPORT_TAGS{function}});
 
diff --git a/tools/certutils/tlvfile b/tools/certutils/tlvfile
index 8cbe64a..929da1c 100755
--- a/tools/certutils/tlvfile
+++ b/tools/certutils/tlvfile
@@ -176,7 +176,6 @@ sub parse_tlv {
                 $record_function = $function;
 
                 print 'Function:                 ';
-
                 if ($function == FUNCTION_SAST) {
                     print 'SAST';
                 } elsif ($function == FUNCTION_CCM) {
@@ -185,10 +184,17 @@ sub parse_tlv {
                     print 'CCM+TFTP';
                 } elsif ($function == FUNCTION_TFTP) {
                     print 'TFTP';
+                } elsif ($function == FUNCTION_CAPF) {
+                    print 'CAPF';
+               } elsif ($function == FUNCTION_SRST) {
+                   print 'SRST';
                 } elsif ($function == FUNCTION_HTTPS) {
                     print 'HTTPS';
+               } elsif ($function == FUNCTION_TVS) {
+                   print 'TVS';
+                } else {
+                    print 'Unknown';
                 }
-
                 print "\n";
             } elsif ($parser->tag == RECORD_ISSUER_NAME) {
                 my $issuer_name = unpack ('Z*', $parser->next_value);
@@ -432,8 +438,14 @@ sub build_tlv {
                 FUNCTION_CCM_TFTP;
             } elsif ($function eq 'TFTP') {
                 FUNCTION_TFTP;
+            } elsif ($function eq 'CAPF') {
+                FUNCTION_CAPF;
+            } elsif ($function eq 'SRST') {
+                FUNCTION_SRST;
             } elsif ($function eq 'HTTPS') {
                 FUNCTION_HTTPS;
+            } elsif ($function eq 'TVS') {
+                FUNCTION_TVS;
             } else {
                 die 'Unknown record function: ' . $function;
             };
@@ -525,7 +537,7 @@ eval {
               '  -d --digest <name>         signature digest (sha1, sha256)', "\n",
               '  -F --filename <name>       header filename in built .tlv file (optional)', "\n",
               '  -r --record <file>         additional record certificate', "\n",
-              '  -f --function <name>       record function (sast, ccm, ccm+tftp tftp, https)', "\n",
+              '  -f --function <name>       record function (sast, ccm, ccm+tftp, tftp, capf, srst, https, tvs)', "\n",
               '  -h --help                  print this help and exit', "\n",
               "\n";