diff options
author | Bill Richardson <wfrichar@chromium.org> | 2015-02-05 10:44:54 -0800 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-03-10 23:45:26 +0000 |
commit | 3855e2e948f235c7e4725e5a33b06878fa7b3130 (patch) | |
tree | 3fc38f3a8f225d326ab481bd9919843fdea7ddfa /host | |
parent | add997fa941ef1a65207bee909a88e368a9b3d22 (diff) | |
download | vboot-3855e2e948f235c7e4725e5a33b06878fa7b3130.tar.gz |
futility: show sha1sums for private keys too
Because all of our private key structs carry around the openssl
struct rsa_st data blobs, we can use those blobs to extract the
corresponding public key and generate a digest of it.
This lets us match our public and private keys without having to
rely on the filenames. There's no crypto verification without
actually *using* them, of course, but it's handy for quick reference.
BUG=chromium:231574
BRANCH=none
TEST=make runtests
This also adds a test to ensure that all the public and private
keys generated from the same .pem file have the same sha1sums.
Change-Id: If83492437e3ef37f7c4ebca4675336b75f631901
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/246768
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'host')
-rw-r--r-- | host/lib/include/util_misc.h | 8 | ||||
-rw-r--r-- | host/lib/util_misc.c | 19 |
2 files changed, 25 insertions, 2 deletions
diff --git a/host/lib/include/util_misc.h b/host/lib/include/util_misc.h index 0a6ed4c4..d5a08fe3 100644 --- a/host/lib/include/util_misc.h +++ b/host/lib/include/util_misc.h @@ -8,11 +8,15 @@ #ifndef VBOOT_REFERENCE_UTIL_MISC_H_ #define VBOOT_REFERENCE_UTIL_MISC_H_ +#include "host_key.h" #include "vboot_struct.h" struct rsa_st; -/* Prints the sha1sum of the given VbPublicKey to stdout. */ -void PrintPubKeySha1Sum(VbPublicKey* key); +/* Prints the sha1sum of a VbPublicKey to stdout. */ +void PrintPubKeySha1Sum(VbPublicKey *key); + +/* Prints the sha1sum of a VbPrivateKey to stdout. */ +void PrintPrivKeySha1Sum(VbPrivateKey *key); /* * Our packed RSBPublicKey buffer (historically in files ending with ".keyb", diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c index d2c21f52..ecaf8ea3 100644 --- a/host/lib/util_misc.c +++ b/host/lib/util_misc.c @@ -29,6 +29,25 @@ void PrintPubKeySha1Sum(VbPublicKey *key) free(digest); } +void PrintPrivKeySha1Sum(VbPrivateKey *key) +{ + uint8_t *buf, *digest; + uint32_t buflen; + int i; + + if (vb_keyb_from_rsa(key->rsa_private_key, &buf, &buflen)) { + printf("<error>"); + return; + } + + digest = DigestBuf(buf, buflen, SHA1_DIGEST_ALGORITHM); + for (i = 0; i < SHA1_DIGEST_SIZE; i++) + printf("%02x", digest[i]); + + free(digest); + free(buf); +} + int vb_keyb_from_rsa(struct rsa_st *rsa_private_key, uint8_t **keyb_data, uint32_t *keyb_size) { |