diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2015-03-03 18:45:10 -0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-03-10 23:46:03 +0000 |
| commit | 0f21441e78114805e2baf61b1cabc6a5b55183c6 (patch) | |
| tree | 6bf6642cc33671b3048d0d503947c71085bc8179 /firmware/2lib | |
| parent | 9c647efd7fbbed299d289951e116b793ab7ec732 (diff) | |
| download | vboot-0f21441e78114805e2baf61b1cabc6a5b55183c6.tar.gz | |
vb21: Replace the key GUID with a sha1sum instead
We want a quick and human-friendly way to match keys with
signatures, so we decided to give each key a unique GUID and
carry that ID around when signing things.
But then we realized that we could autogenerate a unique
identifier from the .pem file itself, which is even better
because then we can match our binary keypair structs with the
openssl file used to generate them.
This change replaces the GUID id with a sha1sum calculated from
the public key's "keyb" blob.
BUG=none
BRANCH=none
TEST=make runtests
Also:
futility show tests/testkeys/key_rsa4096.pem
futility create tests/testkeys/key_rsa4096.pem foo
futility show foo.vbp*
Note that the GUID is the same for all files.
Change-Id: Ie44e46c83433718b1ff0163c1e7c51ec331b99f9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/256181
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'firmware/2lib')
| -rw-r--r-- | firmware/2lib/include/2guid.h | 31 |
1 files changed, 7 insertions, 24 deletions
diff --git a/firmware/2lib/include/2guid.h b/firmware/2lib/include/2guid.h index 3e892d9c..a8fd346b 100644 --- a/firmware/2lib/include/2guid.h +++ b/firmware/2lib/include/2guid.h @@ -9,34 +9,17 @@ #define VBOOT_REFERENCE_VBOOT_2GUID_H_ #include <stdint.h> -#define UUID_NODE_LEN 6 -#define GUID_SIZE 16 +#define NUM_GUID_BYTES 20 struct vb2_guid { - union { - struct { - uint32_t time_low; - uint16_t time_mid; - uint16_t time_high_and_version; - uint8_t clock_seq_high_and_reserved; - uint8_t clock_seq_low; - uint8_t node[UUID_NODE_LEN]; - } uuid; - uint8_t raw[GUID_SIZE]; - }; + uint8_t raw[NUM_GUID_BYTES]; } __attribute__((packed)); -#define EXPECTED_GUID_SIZE GUID_SIZE +#define EXPECTED_GUID_SIZE NUM_GUID_BYTES -/* Key GUIDs to use for VB2_SIG_NONE and hash algorithms */ - -#define VB2_GUID_NONE_SHA1 \ - {{{0xcfb5687a,0x6092,0x11e4,0x96,0xe1,{0x8f,0x3b,0x1a,0x60,0xa2,0x1d}}}} - -#define VB2_GUID_NONE_SHA256 \ - {{{0x0e4114e0,0x6093,0x11e4,0x9d,0xcb,{0x8f,0x8a,0xf4,0xca,0x2e,0x32}}}} - -#define VB2_GUID_NONE_SHA512 \ - {{{0x1c695960,0x6093,0x11e4,0x82,0x63,{0xdb,0xee,0xe9,0x3c,0xcd,0x7e}}}} +/* GUIDs to use for "keys" with sig_alg==VB2_SIG_NONE */ +#define VB2_GUID_NONE_SHA1 {{0x00, 0x01,} } +#define VB2_GUID_NONE_SHA256 {{0x02, 0x56,} } +#define VB2_GUID_NONE_SHA512 {{0x05, 0x12,} } #endif /* VBOOT_REFERENCE_VBOOT_2GUID_H_ */ |