diff options
author | Bill Richardson <wfrichar@chromium.org> | 2015-02-05 10:44:54 -0800 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-03-10 23:45:26 +0000 |
commit | 3855e2e948f235c7e4725e5a33b06878fa7b3130 (patch) | |
tree | 3fc38f3a8f225d326ab481bd9919843fdea7ddfa /futility | |
parent | add997fa941ef1a65207bee909a88e368a9b3d22 (diff) | |
download | vboot-3855e2e948f235c7e4725e5a33b06878fa7b3130.tar.gz |
futility: show sha1sums for private keys too
Because all of our private key structs carry around the openssl
struct rsa_st data blobs, we can use those blobs to extract the
corresponding public key and generate a digest of it.
This lets us match our public and private keys without having to
rely on the filenames. There's no crypto verification without
actually *using* them, of course, but it's handy for quick reference.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
This also adds a test to ensure that all the public and private
keys generated from the same .pem file have the same sha1sums.
Change-Id: If83492437e3ef37f7c4ebca4675336b75f631901
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246768
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'futility')
-rw-r--r-- | futility/cmd_show.c | 18 | ||||
-rw-r--r-- | futility/vb2_helper.c | 24 |
2 files changed, 40 insertions, 2 deletions
diff --git a/futility/cmd_show.c b/futility/cmd_show.c index f5f841c1..f4681f37 100644 --- a/futility/cmd_show.c +++ b/futility/cmd_show.c @@ -3,6 +3,10 @@ * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ + +#define OPENSSL_NO_SHA +#include <openssl/rsa.h> + #include <errno.h> #include <fcntl.h> #include <getopt.h> @@ -109,15 +113,27 @@ int futil_cb_show_pubkey(struct futil_traverse_state_s *state) int futil_cb_show_privkey(struct futil_traverse_state_s *state) { VbPrivateKey key; - int alg_okay; + const unsigned char *start; + int len, alg_okay; key.algorithm = *(typeof(key.algorithm) *)state->my_area->buf; + start = state->my_area->buf + sizeof(key.algorithm); + len = state->my_area->len - sizeof(key.algorithm); + key.rsa_private_key = d2i_RSAPrivateKey(NULL, &start, len); printf("Private Key file: %s\n", state->in_filename); printf(" Vboot API: 1.0\n"); alg_okay = key.algorithm < kNumAlgorithms; printf(" Algorithm: %" PRIu64 " %s\n", key.algorithm, alg_okay ? algo_strings[key.algorithm] : "(unknown)"); + printf(" Key sha1sum: "); + if (key.rsa_private_key) { + PrintPrivKeySha1Sum(&key); + RSA_free(key.rsa_private_key); + } else { + printf("<error>"); + } + printf("\n"); if (alg_okay) state->my_area->_flags |= AREA_IS_VALID; diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c index 10aa6097..35541617 100644 --- a/futility/vb2_helper.c +++ b/futility/vb2_helper.c @@ -8,6 +8,7 @@ #include "2common.h" #include "2guid.h" #include "2rsa.h" +#include "util_misc.h" #include "vb2_common.h" #include "vb2_struct.h" @@ -91,6 +92,25 @@ int futil_cb_show_vb2_pubkey(struct futil_traverse_state_s *state) return 0; } +static void vb2_print_private_key_sha1sum(struct vb2_private_key *key) +{ + uint8_t *buf, *digest; + uint32_t buflen; + int i; + + if (vb_keyb_from_rsa(key->rsa_private_key, &buf, &buflen)) { + printf("<error>"); + return; + } + + digest = DigestBuf(buf, buflen, SHA1_DIGEST_ALGORITHM); + for (i = 0; i < SHA1_DIGEST_SIZE; i++) + printf("%02x", digest[i]); + + free(digest); + free(buf); +} + int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state) { struct vb2_private_key *key = 0; @@ -118,7 +138,9 @@ int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state) printf(" Hash Algorithm: %d %s\n", key->hash_alg, entry ? entry->name : "(invalid)"); printf(" GUID: %s\n", guid_str); - + printf(" Key sha1sum: "); + vb2_print_private_key_sha1sum(key); + printf("\n"); vb2_private_key_free(key); return 0; |