diff options
author | Randall Spangler <rspangler@chromium.org> | 2010-06-11 11:16:20 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2010-06-11 11:16:20 -0700 |
commit | 729b87258b5dd499ce3c910499c010d3840628df (patch) | |
tree | 8945cb5f12badf7bd7663dd9a7d94faf3769a53a /host/lib | |
parent | 7d6898dbaa8d530dd534d4680e274f7059e4a389 (diff) | |
download | vboot-729b87258b5dd499ce3c910499c010d3840628df.tar.gz |
Clean up of key block functions
No substantial new code, just making the old code consistent.
Review URL: http://codereview.chromium.org/2729021
Diffstat (limited to 'host/lib')
-rw-r--r-- | host/lib/host_common.c | 52 | ||||
-rw-r--r-- | host/lib/host_keyblock.c | 106 |
2 files changed, 106 insertions, 52 deletions
diff --git a/host/lib/host_common.c b/host/lib/host_common.c index 03efd2a4..3d0a23db 100644 --- a/host/lib/host_common.c +++ b/host/lib/host_common.c @@ -14,58 +14,6 @@ #include "vboot_common.h" -VbKeyBlockHeader* CreateKeyBlock(const VbPublicKey* data_key, - const VbPrivateKey* signing_key, - uint64_t flags) { - - VbKeyBlockHeader* h; - uint64_t signed_size = sizeof(VbKeyBlockHeader) + data_key->key_size; - uint64_t block_size = (signed_size + SHA512_DIGEST_SIZE + - siglen_map[signing_key->algorithm]); - uint8_t* data_key_dest; - uint8_t* block_sig_dest; - uint8_t* block_chk_dest; - VbSignature *sigtmp; - - /* Allocate key block */ - h = (VbKeyBlockHeader*)Malloc(block_size); - if (!h) - return NULL; - data_key_dest = (uint8_t*)(h + 1); - block_chk_dest = data_key_dest + data_key->key_size; - block_sig_dest = block_chk_dest + SHA512_DIGEST_SIZE; - - Memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); - h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; - h->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; - h->key_block_size = block_size; - h->key_block_flags = flags; - - /* Copy data key */ - PublicKeyInit(&h->data_key, data_key_dest, data_key->key_size); - PublicKeyCopy(&h->data_key, data_key); - - /* Set up signature structs so we can calculate the signatures */ - SignatureInit(&h->key_block_checksum, block_chk_dest, - SHA512_DIGEST_SIZE, signed_size); - SignatureInit(&h->key_block_signature, block_sig_dest, - siglen_map[signing_key->algorithm], signed_size); - - /* Calculate checksum */ - sigtmp = CalculateChecksum((uint8_t*)h, signed_size); - SignatureCopy(&h->key_block_checksum, sigtmp); - Free(sigtmp); - - /* Calculate signature */ - sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key); - SignatureCopy(&h->key_block_signature, sigtmp); - Free(sigtmp); - - /* Return the header */ - return h; -} - - VbFirmwarePreambleHeader* CreateFirmwarePreamble( uint64_t firmware_version, const VbPublicKey* kernel_subkey, diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c new file mode 100644 index 00000000..af59059f --- /dev/null +++ b/host/lib/host_keyblock.c @@ -0,0 +1,106 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Host functions for verified boot. + */ + +/* TODO: change all 'return 0', 'return 1' into meaningful return codes */ + +#include "host_keyblock.h" + +#include "cryptolib.h" +#include "host_common.h" +#include "utility.h" +#include "vboot_common.h" + + +VbKeyBlockHeader* KeyBlockCreate(const VbPublicKey* data_key, + const VbPrivateKey* signing_key, + uint64_t flags) { + + VbKeyBlockHeader* h; + uint64_t signed_size = sizeof(VbKeyBlockHeader) + data_key->key_size; + uint64_t block_size = (signed_size + SHA512_DIGEST_SIZE + + siglen_map[signing_key->algorithm]); + uint8_t* data_key_dest; + uint8_t* block_sig_dest; + uint8_t* block_chk_dest; + VbSignature *sigtmp; + + /* Allocate key block */ + h = (VbKeyBlockHeader*)Malloc(block_size); + if (!h) + return NULL; + data_key_dest = (uint8_t*)(h + 1); + block_chk_dest = data_key_dest + data_key->key_size; + block_sig_dest = block_chk_dest + SHA512_DIGEST_SIZE; + + Memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); + h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; + h->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; + h->key_block_size = block_size; + h->key_block_flags = flags; + + /* Copy data key */ + PublicKeyInit(&h->data_key, data_key_dest, data_key->key_size); + PublicKeyCopy(&h->data_key, data_key); + + /* Set up signature structs so we can calculate the signatures */ + SignatureInit(&h->key_block_checksum, block_chk_dest, + SHA512_DIGEST_SIZE, signed_size); + SignatureInit(&h->key_block_signature, block_sig_dest, + siglen_map[signing_key->algorithm], signed_size); + + /* Calculate checksum */ + sigtmp = CalculateChecksum((uint8_t*)h, signed_size); + SignatureCopy(&h->key_block_checksum, sigtmp); + Free(sigtmp); + + /* Calculate signature */ + sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key); + SignatureCopy(&h->key_block_signature, sigtmp); + Free(sigtmp); + + /* Return the header */ + return h; +} + + +/* Read a key block from a .keyblock file. Caller owns the returned + * pointer, and must free it with Free(). + * + * Returns NULL if error. */ +VbKeyBlockHeader* KeyBlockRead(const char* filename) { + + VbKeyBlockHeader* block; + uint64_t file_size; + + block = (VbKeyBlockHeader*)ReadFile(filename, &file_size); + if (!block) { + debug("Error reading key block file: %s\n", filename); + return NULL; + } + + /* Verify the hash of the key block, since we can do that without + * the public signing key. */ + if (0 != KeyBlockVerify(block, file_size, NULL)) { + debug("Invalid key block file: filename\n", filename); + Free(block); + return NULL; + } + + return block; +} + + +/* Write a key block to a file in .keyblock format. */ +int KeyBlockWrite(const char* filename, const VbKeyBlockHeader* key_block) { + + if (0 != WriteFile(filename, key_block, key_block->key_block_size)) { + debug("KeyBlockWrite() error writing key block\n"); + return 1; + } + + return 0; +} |