diff options
author | Bill Richardson <wfrichar@chromium.org> | 2015-03-03 18:45:10 -0800 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-03-10 23:46:03 +0000 |
commit | 0f21441e78114805e2baf61b1cabc6a5b55183c6 (patch) | |
tree | 6bf6642cc33671b3048d0d503947c71085bc8179 /host/lib21 | |
parent | 9c647efd7fbbed299d289951e116b793ab7ec732 (diff) | |
download | vboot-0f21441e78114805e2baf61b1cabc6a5b55183c6.tar.gz |
vb21: Replace the key GUID with a sha1sum instead
We want a quick and human-friendly way to match keys with
signatures, so we decided to give each key a unique GUID and
carry that ID around when signing things.
But then we realized that we could autogenerate a unique
identifier from the .pem file itself, which is even better
because then we can match our binary keypair structs with the
openssl file used to generate them.
This change replaces the GUID id with a sha1sum calculated from
the public key's "keyb" blob.
BUG=none
BRANCH=none
TEST=make runtests
Also:
futility show tests/testkeys/key_rsa4096.pem
futility create tests/testkeys/key_rsa4096.pem foo
futility show foo.vbp*
Note that the GUID is the same for all files.
Change-Id: Ie44e46c83433718b1ff0163c1e7c51ec331b99f9
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/256181
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'host/lib21')
-rw-r--r-- | host/lib21/host_misc.c | 105 | ||||
-rw-r--r-- | host/lib21/include/host_misc2.h | 2 |
2 files changed, 51 insertions, 56 deletions
diff --git a/host/lib21/host_misc.c b/host/lib21/host_misc.c index c55996eb..5e8a7cb5 100644 --- a/host/lib21/host_misc.c +++ b/host/lib21/host_misc.c @@ -5,7 +5,9 @@ * Host functions for verified boot. */ +#include <ctype.h> #include <stdio.h> +#include <string.h> #include <unistd.h> #include "2sysincludes.h" @@ -94,71 +96,64 @@ uint32_t vb2_desc_size(const char *desc) return roundup32(strlen(desc) + 1); } -int vb2_str_to_guid(const char *str, struct vb2_guid *guid) +static const char *onedigit(const char *str, uint8_t *vptr) { - uint32_t time_low; - uint16_t time_mid; - uint16_t time_high_and_version; - unsigned int chunk[11]; - - if (!str || - 11 != sscanf(str, - "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", - chunk+0, - chunk+1, - chunk+2, - chunk+3, - chunk+4, - chunk+5, - chunk+6, - chunk+7, - chunk+8, - chunk+9, - chunk+10)) { - return VB2_ERROR_STR_TO_GUID; - } + uint8_t val = 0; + char c; - time_low = chunk[0] & 0xffffffff; - time_mid = chunk[1] & 0xffff; - time_high_and_version = chunk[2] & 0xffff; + for (; (c = *str++) && !isxdigit(c);) + ; + if (!c) + return 0; - guid->uuid.time_low = htole32(time_low); - guid->uuid.time_mid = htole16(time_mid); - guid->uuid.time_high_and_version = htole16(time_high_and_version); + if (c >= '0' && c <= '9') + val = c - '0'; + else if (c >= 'A' && c <= 'F') + val = 10 + c - 'A'; + else if (c >= 'a' && c <= 'f') + val = 10 + c - 'a'; - guid->uuid.clock_seq_high_and_reserved = chunk[3] & 0xff; - guid->uuid.clock_seq_low = chunk[4] & 0xff; - guid->uuid.node[0] = chunk[5] & 0xff; - guid->uuid.node[1] = chunk[6] & 0xff; - guid->uuid.node[2] = chunk[7] & 0xff; - guid->uuid.node[3] = chunk[8] & 0xff; - guid->uuid.node[4] = chunk[9] & 0xff; - guid->uuid.node[5] = chunk[10] & 0xff; + *vptr = val; + return str; +} - return VB2_SUCCESS; +static const char *onebyte(const char *str, uint8_t *vptr) +{ + uint8_t val; + uint8_t digit; + + str = onedigit(str, &digit); + if (!str) + return 0; + val = digit << 4; + + str = onedigit(str, &digit); + if (!str) + return 0; + val |= digit; + + *vptr = val; + return str; } -int vb2_guid_to_str(const struct vb2_guid *guid, - char *buf, unsigned int buflen) +int vb2_str_to_guid(const char *str, struct vb2_guid *guid) { - int n; + uint8_t val; + int i; - if (!buf || buflen < VB2_GUID_MIN_STRLEN) - return VB2_ERROR_GUID_TO_STR; + if (!str) + return VB2_ERROR_STR_TO_GUID; - n = snprintf(buf, buflen, - "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", - le32toh(guid->uuid.time_low), - le16toh(guid->uuid.time_mid), - le16toh(guid->uuid.time_high_and_version), - guid->uuid.clock_seq_high_and_reserved, - guid->uuid.clock_seq_low, - guid->uuid.node[0], guid->uuid.node[1], - guid->uuid.node[2], guid->uuid.node[3], - guid->uuid.node[4], guid->uuid.node[5]); + memset(guid, 0, sizeof(*guid)); - if (n != VB2_GUID_MIN_STRLEN - 1) - return VB2_ERROR_GUID_TO_STR; + for (i = 0; i < NUM_GUID_BYTES; i++) { - return VB2_SUCCESS; + str = onebyte(str, &val); + if (!str) + break; + guid->raw[i] = val; + } + + /* If we get at least one valid byte, that's good enough. */ + return i ? VB2_SUCCESS : VB2_ERROR_STR_TO_GUID; } diff --git a/host/lib21/include/host_misc2.h b/host/lib21/include/host_misc2.h index 5d1679be..86ec13f0 100644 --- a/host/lib21/include/host_misc2.h +++ b/host/lib21/include/host_misc2.h @@ -12,7 +12,7 @@ #include "2guid.h" /* Length of string representation, including trailing '\0' */ -#define VB2_GUID_MIN_STRLEN 37 +#define VB2_GUID_MIN_STRLEN (2 * NUM_GUID_BYTES + 1) /** * Convert string to struct vb2_guid. |