futility: show some information about .pem files

We use the .pem files to generate our public and private key files. Since we display the sha1sums of those files to help keep track of them, we might as well also display the same information about the RSA .pem files, too. BUG=chromium:231574 BRANCH=none TEST=make runtests futility show tests/testkeys/*.pem Change-Id: Ibfd1e016d65981d477ed7d117d23dedf48b95873 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/246769 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/261741 Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
author: Bill Richardson <wfrichar@chromium.org> 2015-02-05 11:58:00 -0800
committer: ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> 2015-03-23 08:57:55 +0000
commit: a2c438457b5faca3f5b1a03263a671923348f6f2 (patch)
tree: de0016018612f2145a51e03eb19eaa63baa37a8d
parent: c5cd41f54b54bcb24448bfff5e49cfad1d10a2f2 (diff)
download: vboot-a2c438457b5faca3f5b1a03263a671923348f6f2.tar.gz
6 files changed, 86 insertions, 2 deletions
diff --git a/futility/file_type.c b/futility/file_type.c
index 8e83406a..f542a91a 100644
--- a/futility/file_type.c
+++ b/futility/file_type.c
@@ -34,6 +34,7 @@ static const char * const type_strings[] = {
 	"VbPrivateKey",
 	"vb21 public key",
 	"vb21 private key",
+	"RSA private key",
 };
 BUILD_ASSERT(ARRAY_SIZE(type_strings) == NUM_FILE_TYPES);
 
@@ -53,6 +54,7 @@ enum futil_file_type (*recognizers[])(uint8_t *buf, uint32_t len) = {
 	&recognize_vblock1,
 	&recognize_vb1_key,
 	&recognize_vb2_key,
+	&recognize_pem,
 };
 
 /* Try to figure out what we're looking at */
diff --git a/futility/file_type.h b/futility/file_type.h
index 43492b20..5e92a399 100644
--- a/futility/file_type.h
+++ b/futility/file_type.h
@@ -25,6 +25,7 @@ enum futil_file_type {
 	FILE_TYPE_PRIVKEY,			/* VbPrivateKey */
 	FILE_TYPE_VB2_PUBKEY,			/* struct vb2_public_key */
 	FILE_TYPE_VB2_PRIVKEY,			/* struct vb2_private_key */
+	FILE_TYPE_PEM,				/* RSA .pem file */
 
 	NUM_FILE_TYPES
 };
@@ -51,5 +52,6 @@ enum futil_file_type recognize_vblock1(uint8_t *buf, uint32_t len);
 enum futil_file_type recognize_gpt(uint8_t *buf, uint32_t len);
 enum futil_file_type recognize_vb1_key(uint8_t *buf, uint32_t len);
 enum futil_file_type recognize_vb2_key(uint8_t *buf, uint32_t len);
+enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len);
 
 #endif	/* VBOOT_REFERENCE_FUTILITY_FILE_TYPE_H_ */
diff --git a/futility/traversal.c b/futility/traversal.c
index 3a96cdc2..548d9538 100644
--- a/futility/traversal.c
+++ b/futility/traversal.c
@@ -33,6 +33,7 @@ static int (* const cb_show_funcs[])(struct futil_traverse_state_s *state) = {
 	futil_cb_show_privkey,		/* CB_PRIVKEY */
 	futil_cb_show_vb2_pubkey,	/* CB_VB2_PUBKEY */
 	futil_cb_show_vb2_privkey,	/* CB_VB2_PRIVKEY */
+	futil_cb_show_pem,		/* CB_PEM */
 };
 BUILD_ASSERT(ARRAY_SIZE(cb_show_funcs) == NUM_CB_COMPONENTS);
 
@@ -55,6 +56,7 @@ static int (* const cb_sign_funcs[])(struct futil_traverse_state_s *state) = {
 	NULL,				/* CB_PRIVKEY */
 	NULL,				/* CB_VB2_PUBKEY */
 	NULL,				/* CB_VB2_PRIVKEY */
+	NULL,				/* CB_PEM */
 };
 BUILD_ASSERT(ARRAY_SIZE(cb_sign_funcs) == NUM_CB_COMPONENTS);
 
@@ -86,6 +88,7 @@ static const struct {
 	{CB_PRIVKEY,       "VbPrivateKey"},	/* FILE_TYPE_PRIVKEY */
 	{CB_VB2_PUBKEY,    "vb21 public key"},	/* FILE_TYPE_VB2_PUBKEY */
 	{CB_VB2_PRIVKEY,   "vb21 private key"},	/* FILE_TYPE_VB2_PRIVKEY */
+	{CB_PEM,           "RSA private key"},	/* FILE_TYPE_PEM */
 };
 BUILD_ASSERT(ARRAY_SIZE(direct_callback) == NUM_FILE_TYPES);
 
@@ -160,6 +163,7 @@ static const char * const futil_cb_component_str[] = {
 	"CB_PRIVKEY",
 	"CB_VB2_PUBKEY",
 	"CB_VB2_PRIVKEY",
+	"CB_PEM",
 };
 BUILD_ASSERT(ARRAY_SIZE(futil_cb_component_str) == NUM_CB_COMPONENTS);
 
diff --git a/futility/traversal.h b/futility/traversal.h
index 5bdc7c5c..e975469a 100644
--- a/futility/traversal.h
+++ b/futility/traversal.h
@@ -38,6 +38,7 @@ enum futil_cb_component {
 	CB_PRIVKEY,
 	CB_VB2_PUBKEY,
 	CB_VB2_PRIVKEY,
+	CB_PEM,
 
 	NUM_CB_COMPONENTS
 };
@@ -87,6 +88,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state);
 int futil_cb_show_privkey(struct futil_traverse_state_s *state);
 int futil_cb_show_vb2_pubkey(struct futil_traverse_state_s *state);
 int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state);
+int futil_cb_show_pem(struct futil_traverse_state_s *state);
 
 int futil_cb_sign_pubkey(struct futil_traverse_state_s *state);
 int futil_cb_sign_fw_main(struct futil_traverse_state_s *state);
diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c
index 35541617..68287ce1 100644
--- a/futility/vb2_helper.c
+++ b/futility/vb2_helper.c
@@ -4,6 +4,9 @@
  * found in the LICENSE file.
  */
 
+#define OPENSSL_NO_SHA
+#include <openssl/pem.h>
+
 #include "2sysincludes.h"
 #include "2common.h"
 #include "2guid.h"
@@ -145,3 +148,70 @@ int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state)
 	vb2_private_key_free(key);
 	return 0;
 }
+
+static RSA *rsa_from_buffer(uint8_t *buf, uint32_t len)
+{
+	BIO *bp;
+	RSA *rsa_key;
+
+	bp = BIO_new_mem_buf(buf, len);
+	if (!bp)
+		return 0;
+
+	rsa_key = PEM_read_bio_RSAPrivateKey(bp, NULL, NULL, NULL);
+	if (!rsa_key) {
+		BIO_free(bp);
+		return 0;
+	}
+
+	BIO_free(bp);
+
+	return rsa_key;
+}
+
+enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len)
+{
+	RSA *rsa_key = rsa_from_buffer(buf, len);
+
+	if (rsa_key) {
+		RSA_free(rsa_key);
+		return FILE_TYPE_PEM;
+	}
+
+	return FILE_TYPE_UNKNOWN;
+}
+
+int futil_cb_show_pem(struct futil_traverse_state_s *state)
+{
+	RSA *rsa_key;
+	uint8_t *keyb, *digest;
+	uint32_t keyb_len;
+	int i, bits;
+
+	printf("Private Key file:      %s\n", state->in_filename);
+
+	/* We're called only after recognize_pem, so this should work. */
+	rsa_key = rsa_from_buffer(state->my_area->buf, state->my_area->len);
+	if (!rsa_key)
+		DIE;
+
+	bits = BN_num_bits(rsa_key->n);
+	printf("  Key length:          %d\n", bits);
+
+	if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) {
+		printf("  Key sha1sum:         <error>");
+		RSA_free(rsa_key);
+		return 1;
+	}
+
+	printf("  Key sha1sum:         ");
+	digest = DigestBuf(keyb, keyb_len, SHA1_DIGEST_ALGORITHM);
+	for (i = 0; i < SHA1_DIGEST_SIZE; i++)
+		printf("%02x", digest[i]);
+	printf("\n");
+
+	free(digest);
+	free(keyb);
+	RSA_free(rsa_key);
+	return 0;
+}
diff --git a/tests/futility/test_create.sh b/tests/futility/test_create.sh
index 3c1d38e2..78b9e04a 100755
--- a/tests/futility/test_create.sh
+++ b/tests/futility/test_create.sh
@@ -37,8 +37,12 @@ done
 # Demonstrate that the sha1sums are the same for all the keys created from the
 # same .pem files, both public and private, vb1 and vb21.
 for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
-  num=$(${FUTILITY} show ${TMP}_key_${sig}.* | grep sha1sum | uniq | wc -l)
-  [ "$num" -eq "1" ]
+  pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" |
+    awk '/sha1sum/ {print $3}')
+  key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* |
+    awk '/sha1sum/ {print $3}' | uniq)
+  # note that this also tests that all the key_sums are the same
+  [ "$pem_sum" = "$key_sums" ]
 done
 
 # cleanup
author	Bill Richardson <wfrichar@chromium.org>	2015-02-05 11:58:00 -0800
committer	ChromeOS Commit Bot <chromeos-commit-bot@chromium.org>	2015-03-23 08:57:55 +0000
commit	a2c438457b5faca3f5b1a03263a671923348f6f2 (patch)
tree	de0016018612f2145a51e03eb19eaa63baa37a8d
parent	c5cd41f54b54bcb24448bfff5e49cfad1d10a2f2 (diff)
download	vboot-a2c438457b5faca3f5b1a03263a671923348f6f2.tar.gz