diff options
author | Bill Richardson <wfrichar@chromium.org> | 2015-02-05 11:58:00 -0800 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-03-10 23:45:30 +0000 |
commit | 64b3697297f1d99176eaf081f3194a68b3bac2f8 (patch) | |
tree | ca49e3bea1593c992743edf1094469f542fda219 | |
parent | 3855e2e948f235c7e4725e5a33b06878fa7b3130 (diff) | |
download | vboot-64b3697297f1d99176eaf081f3194a68b3bac2f8.tar.gz |
futility: show some information about .pem files
We use the .pem files to generate our public and private key
files. Since we display the sha1sums of those files to help keep
track of them, we might as well also display the same information
about the RSA .pem files, too.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
futility show tests/testkeys/*.pem
Change-Id: Ibfd1e016d65981d477ed7d117d23dedf48b95873
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246769
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | futility/file_type.c | 2 | ||||
-rw-r--r-- | futility/file_type.h | 2 | ||||
-rw-r--r-- | futility/traversal.c | 4 | ||||
-rw-r--r-- | futility/traversal.h | 2 | ||||
-rw-r--r-- | futility/vb2_helper.c | 70 | ||||
-rwxr-xr-x | tests/futility/test_create.sh | 8 |
6 files changed, 86 insertions, 2 deletions
diff --git a/futility/file_type.c b/futility/file_type.c index 8e83406a..f542a91a 100644 --- a/futility/file_type.c +++ b/futility/file_type.c @@ -34,6 +34,7 @@ static const char * const type_strings[] = { "VbPrivateKey", "vb21 public key", "vb21 private key", + "RSA private key", }; BUILD_ASSERT(ARRAY_SIZE(type_strings) == NUM_FILE_TYPES); @@ -53,6 +54,7 @@ enum futil_file_type (*recognizers[])(uint8_t *buf, uint32_t len) = { &recognize_vblock1, &recognize_vb1_key, &recognize_vb2_key, + &recognize_pem, }; /* Try to figure out what we're looking at */ diff --git a/futility/file_type.h b/futility/file_type.h index 43492b20..5e92a399 100644 --- a/futility/file_type.h +++ b/futility/file_type.h @@ -25,6 +25,7 @@ enum futil_file_type { FILE_TYPE_PRIVKEY, /* VbPrivateKey */ FILE_TYPE_VB2_PUBKEY, /* struct vb2_public_key */ FILE_TYPE_VB2_PRIVKEY, /* struct vb2_private_key */ + FILE_TYPE_PEM, /* RSA .pem file */ NUM_FILE_TYPES }; @@ -51,5 +52,6 @@ enum futil_file_type recognize_vblock1(uint8_t *buf, uint32_t len); enum futil_file_type recognize_gpt(uint8_t *buf, uint32_t len); enum futil_file_type recognize_vb1_key(uint8_t *buf, uint32_t len); enum futil_file_type recognize_vb2_key(uint8_t *buf, uint32_t len); +enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len); #endif /* VBOOT_REFERENCE_FUTILITY_FILE_TYPE_H_ */ diff --git a/futility/traversal.c b/futility/traversal.c index 3a96cdc2..548d9538 100644 --- a/futility/traversal.c +++ b/futility/traversal.c @@ -33,6 +33,7 @@ static int (* const cb_show_funcs[])(struct futil_traverse_state_s *state) = { futil_cb_show_privkey, /* CB_PRIVKEY */ futil_cb_show_vb2_pubkey, /* CB_VB2_PUBKEY */ futil_cb_show_vb2_privkey, /* CB_VB2_PRIVKEY */ + futil_cb_show_pem, /* CB_PEM */ }; BUILD_ASSERT(ARRAY_SIZE(cb_show_funcs) == NUM_CB_COMPONENTS); @@ -55,6 +56,7 @@ static int (* const cb_sign_funcs[])(struct futil_traverse_state_s *state) = { NULL, /* CB_PRIVKEY */ NULL, /* CB_VB2_PUBKEY */ NULL, /* CB_VB2_PRIVKEY */ + NULL, /* CB_PEM */ }; BUILD_ASSERT(ARRAY_SIZE(cb_sign_funcs) == NUM_CB_COMPONENTS); @@ -86,6 +88,7 @@ static const struct { {CB_PRIVKEY, "VbPrivateKey"}, /* FILE_TYPE_PRIVKEY */ {CB_VB2_PUBKEY, "vb21 public key"}, /* FILE_TYPE_VB2_PUBKEY */ {CB_VB2_PRIVKEY, "vb21 private key"}, /* FILE_TYPE_VB2_PRIVKEY */ + {CB_PEM, "RSA private key"}, /* FILE_TYPE_PEM */ }; BUILD_ASSERT(ARRAY_SIZE(direct_callback) == NUM_FILE_TYPES); @@ -160,6 +163,7 @@ static const char * const futil_cb_component_str[] = { "CB_PRIVKEY", "CB_VB2_PUBKEY", "CB_VB2_PRIVKEY", + "CB_PEM", }; BUILD_ASSERT(ARRAY_SIZE(futil_cb_component_str) == NUM_CB_COMPONENTS); diff --git a/futility/traversal.h b/futility/traversal.h index 5bdc7c5c..e975469a 100644 --- a/futility/traversal.h +++ b/futility/traversal.h @@ -38,6 +38,7 @@ enum futil_cb_component { CB_PRIVKEY, CB_VB2_PUBKEY, CB_VB2_PRIVKEY, + CB_PEM, NUM_CB_COMPONENTS }; @@ -87,6 +88,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state); int futil_cb_show_privkey(struct futil_traverse_state_s *state); int futil_cb_show_vb2_pubkey(struct futil_traverse_state_s *state); int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state); +int futil_cb_show_pem(struct futil_traverse_state_s *state); int futil_cb_sign_pubkey(struct futil_traverse_state_s *state); int futil_cb_sign_fw_main(struct futil_traverse_state_s *state); diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c index 35541617..68287ce1 100644 --- a/futility/vb2_helper.c +++ b/futility/vb2_helper.c @@ -4,6 +4,9 @@ * found in the LICENSE file. */ +#define OPENSSL_NO_SHA +#include <openssl/pem.h> + #include "2sysincludes.h" #include "2common.h" #include "2guid.h" @@ -145,3 +148,70 @@ int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state) vb2_private_key_free(key); return 0; } + +static RSA *rsa_from_buffer(uint8_t *buf, uint32_t len) +{ + BIO *bp; + RSA *rsa_key; + + bp = BIO_new_mem_buf(buf, len); + if (!bp) + return 0; + + rsa_key = PEM_read_bio_RSAPrivateKey(bp, NULL, NULL, NULL); + if (!rsa_key) { + BIO_free(bp); + return 0; + } + + BIO_free(bp); + + return rsa_key; +} + +enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len) +{ + RSA *rsa_key = rsa_from_buffer(buf, len); + + if (rsa_key) { + RSA_free(rsa_key); + return FILE_TYPE_PEM; + } + + return FILE_TYPE_UNKNOWN; +} + +int futil_cb_show_pem(struct futil_traverse_state_s *state) +{ + RSA *rsa_key; + uint8_t *keyb, *digest; + uint32_t keyb_len; + int i, bits; + + printf("Private Key file: %s\n", state->in_filename); + + /* We're called only after recognize_pem, so this should work. */ + rsa_key = rsa_from_buffer(state->my_area->buf, state->my_area->len); + if (!rsa_key) + DIE; + + bits = BN_num_bits(rsa_key->n); + printf(" Key length: %d\n", bits); + + if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) { + printf(" Key sha1sum: <error>"); + RSA_free(rsa_key); + return 1; + } + + printf(" Key sha1sum: "); + digest = DigestBuf(keyb, keyb_len, SHA1_DIGEST_ALGORITHM); + for (i = 0; i < SHA1_DIGEST_SIZE; i++) + printf("%02x", digest[i]); + printf("\n"); + + free(digest); + free(keyb); + RSA_free(rsa_key); + return 0; +} diff --git a/tests/futility/test_create.sh b/tests/futility/test_create.sh index 3c1d38e2..78b9e04a 100755 --- a/tests/futility/test_create.sh +++ b/tests/futility/test_create.sh @@ -37,8 +37,12 @@ done # Demonstrate that the sha1sums are the same for all the keys created from the # same .pem files, both public and private, vb1 and vb21. for sig in rsa1024 rsa2048 rsa4096 rsa8192; do - num=$(${FUTILITY} show ${TMP}_key_${sig}.* | grep sha1sum | uniq | wc -l) - [ "$num" -eq "1" ] + pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" | + awk '/sha1sum/ {print $3}') + key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* | + awk '/sha1sum/ {print $3}' | uniq) + # note that this also tests that all the key_sums are the same + [ "$pem_sum" = "$key_sums" ] done # cleanup |