diff options
| author | Gaurav Shah <gauravsh@google.com> | 2010-03-04 10:22:36 -0800 |
|---|---|---|
| committer | Gaurav Shah <gauravsh@google.com> | 2010-03-04 10:22:36 -0800 |
| commit | cb3d22e971b04ebca00c63a640c7d3dca1010c13 (patch) | |
| tree | 92d58c94365212a71804f707330f762423e04d5a | |
| parent | 80d129b89da766195a4cda239e8e24989c8cb872 (diff) | |
| download | vboot-cb3d22e971b04ebca00c63a640c7d3dca1010c13.tar.gz | |
Fix RSA verification test.
I previously refactored some of the signature generation code to directly use the OpenSSL library instead of invoking the "openssl" command line utility. The signature_digest command line utility got lost in the process. This restores the utility which in turn fixes the RSA verification test.
Review URL: http://codereview.chromium.org/669040
| -rw-r--r-- | tests/Makefile | 2 | ||||
| -rwxr-xr-x | tests/run_rsa_tests.sh | 4 | ||||
| -rw-r--r-- | utils/Makefile | 12 | ||||
| -rw-r--r-- | utils/signature_digest_utility.c | 54 |
4 files changed, 65 insertions, 7 deletions
diff --git a/tests/Makefile b/tests/Makefile index 6bdbae0c..fb355c2f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -3,7 +3,7 @@ # found in the LICENSE file. CC ?= gcc -CFLAGS = -Wall -DNDEBUG +CFLAGS = -Wall -DNDEBUG -O3 INCLUDES ?= -I../include/ TOP ?= ../ diff --git a/tests/run_rsa_tests.sh b/tests/run_rsa_tests.sh index a54e5b5b..2439c329 100755 --- a/tests/run_rsa_tests.sh +++ b/tests/run_rsa_tests.sh @@ -26,8 +26,8 @@ function generate_signatures { do for hashalgo in ${hash_algos[@]} do - ${UTIL_DIR}/signature_digest $algorithmcounter $1 | openssl rsautl -sign \ - -pkcs -inkey ${KEY_DIR}/key_rsa${keylen}.pem \ + ${UTIL_DIR}/signature_digest_utility $algorithmcounter $1 | openssl \ + rsautl -sign -pkcs -inkey ${KEY_DIR}/key_rsa${keylen}.pem \ > $1.rsa${keylen}\_${hashalgo}.sig let algorithmcounter=algorithmcounter+1 done diff --git a/utils/Makefile b/utils/Makefile index 57769567..f2f7e10e 100644 --- a/utils/Makefile +++ b/utils/Makefile @@ -4,15 +4,16 @@ CC ?= gcc CXX ?= g++ -CFLAGS = -Wall -DNDEBUG +CFLAGS = -Wall -DNDEBUG -O3 INCLUDES ?= -I../include/ TOP ?= ../ LIBS = firmware_image.o kernel_image.o signature_digest.o file_keys.o FIRMWARELIBS = $(TOP)/crypto/libcrypto.a $(TOP)/common/libcommon.a -all: dumpRSAPublicKey verify_data file_keys.o signature_digest.o firmware_image.o \ - kernel_image.o signature_digest.o firmware_utility kernel_utility +all: dumpRSAPublicKey verify_data file_keys.o signature_digest.o \ + firmware_image.o kernel_image.o signature_digest.o \ + signature_digest_utility firmware_utility kernel_utility dumpRSAPublicKey: dumpRSAPublicKey.c $(CC) $(CFLAGS) $< -o $@ -lcrypto @@ -20,6 +21,9 @@ dumpRSAPublicKey: dumpRSAPublicKey.c verify_data: verify_data.c $(LIBS) $(FIRMWARELIBS) $(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto +signature_digest_utility: signature_digest_utility.c $(LIBS) $(FIRMWARELIBS) + $(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto + firmware_utility: firmware_utility.cc $(LIBS) $(FIRMWARELIBS) $(CXX) $(CFLAGS) $(INCLUDES) -ggdb -D__STDC_LIMIT_MACROS $< \ -o $@ $(FIRMWARELIBS) $(LIBS) -lcrypto @@ -41,4 +45,4 @@ kernel_image.o: kernel_image.c $(CC) $(CFLAGS) -ansi $(INCLUDES) -c $< -o $@ clean: rm -f dumpRSAPublicKey verify_data signature_digest firmware_utility \ - kernel_utility $(LIBS) + kernel_utility signature_digest_utility $(LIBS) diff --git a/utils/signature_digest_utility.c b/utils/signature_digest_utility.c new file mode 100644 index 00000000..b1f6dde9 --- /dev/null +++ b/utils/signature_digest_utility.c @@ -0,0 +1,54 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Utility that outputs the cryptographic digest of a contents of a + * file in a format that can be directly used to generate PKCS#1 v1.5 + * signatures via the "openssl" command line utility. + */ + + +#include <stdio.h> +#include <stdlib.h> + +#include "file_keys.h" +#include "padding.h" +#include "signature_digest.h" +#include "utility.h" + +int main(int argc, char* argv[]) { + int algorithm = -1; + int error_code = 0; + uint8_t* buf = NULL; + uint8_t* signature_digest = NULL; + uint32_t len; + uint32_t signature_digest_len; + + if (argc != 3) { + fprintf(stderr, "Usage: %s <algoid> <file>", argv[0]); + return -1; + } + algorithm = atoi(argv[1]); + if (algorithm < 0 || algorithm >= kNumAlgorithms) { + fprintf(stderr, "Invalid Algorithm!\n"); + return -1; + } + + buf = BufferFromFile(argv[2], &len); + if (!buf) { + fprintf(stderr, "Could read file: %s\n", argv[2]); + return -1; + } + + signature_digest = SignatureDigest(buf, len, algorithm); + signature_digest_len = (hash_size_map[algorithm] + + digestinfo_size_map[algorithm]); + if (!signature_digest) + error_code = -1; + if(signature_digest && + 1 != fwrite(signature_digest, signature_digest_len, 1, stdout)) + error_code = -1; + Free(signature_digest); + Free(buf); + return error_code; +} |