diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-06-30 11:30:32 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-09-06 22:02:19 -0700 |
commit | 7d0cc747c75408a6edabbf4adeb4e898b6118e97 (patch) | |
tree | 6edafef238d614c3e15a4321c7a594d9037b634a /host | |
parent | a62ffa8d61de19d8992c32a886e44c0aecb7e01b (diff) | |
download | vboot-7d0cc747c75408a6edabbf4adeb4e898b6118e97.tar.gz |
vboot: Remove vboot1 host signature functions
These have been superseded by their vboot2 equivalents. No firmware
changes; host-only.
BUG=chromium:611535
BRANCH=none
TEST=make runtests
Change-Id: I36b5d3357767f32489efb7e480049620dcc0fce4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/363970
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'host')
-rw-r--r-- | host/lib/host_keyblock.c | 8 | ||||
-rw-r--r-- | host/lib/host_signature.c | 319 | ||||
-rw-r--r-- | host/lib/include/host_signature.h | 27 | ||||
-rw-r--r-- | host/linktest/main.c | 5 |
4 files changed, 169 insertions, 190 deletions
diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c index e4497727..21fa0995 100644 --- a/host/lib/host_keyblock.c +++ b/host/lib/host_keyblock.c @@ -131,10 +131,10 @@ struct vb2_keyblock *vb2_create_keyblock_external( free(chk); /* Calculate signature */ -struct vb2_signature *sigtmp = (struct vb2_signature *) - CalculateSignature_external((uint8_t*)h, signed_size, - signing_key_pem_file, algorithm, - external_signer); + struct vb2_signature *sigtmp = + vb2_external_signature((uint8_t*)h, signed_size, + signing_key_pem_file, algorithm, + external_signer); free(sigtmp); /* Return the header */ diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c index db810f36..22e52c97 100644 --- a/host/lib/host_signature.c +++ b/host/lib/host_signature.c @@ -18,179 +18,160 @@ #include "2sysincludes.h" #include "2common.h" +#include "2rsa.h" #include "2sha.h" -#include "cryptolib.h" -#include "file_keys.h" #include "host_common.h" -#include "vboot_common.h" +#include "host_signature2.h" +#include "vb2_common.h" - -VbSignature* SignatureAlloc(uint64_t sig_size, uint64_t data_size) { - VbSignature* sig = (VbSignature*)malloc(sizeof(VbSignature) + sig_size); - if (!sig) - return NULL; - - sig->sig_offset = sizeof(VbSignature); - sig->sig_size = sig_size; - sig->data_size = data_size; - return sig; -} - - -void SignatureInit(VbSignature* sig, uint8_t* sig_data, - uint64_t sig_size, uint64_t data_size) { - sig->sig_offset = OffsetOf(sig, sig_data); - sig->sig_size = sig_size; - sig->data_size = data_size; -} - - -int SignatureCopy(VbSignature* dest, const VbSignature* src) { - if (dest->sig_size < src->sig_size) - return 1; - dest->sig_size = src->sig_size; - dest->data_size = src->data_size; - Memcpy(GetSignatureData(dest), GetSignatureDataC(src), src->sig_size); - return 0; -} - -/* Invoke [external_signer] command with [pem_file] as - * an argument, contents of [inbuf] passed redirected to stdin, - * and the stdout of the command is put back into [outbuf]. - * Returns -1 on error, 0 on success. +/* Invoke [external_signer] command with [pem_file] as an argument, contents of + * [inbuf] passed redirected to stdin, and the stdout of the command is put + * back into [outbuf]. Returns -1 on error, 0 on success. */ -int InvokeExternalSigner(uint64_t size, - const uint8_t* inbuf, - uint8_t* outbuf, - uint64_t outbufsize, - const char* pem_file, - const char* external_signer) { - - int rv = 0, n; - int p_to_c[2], c_to_p[2]; /* pipe descriptors */ - pid_t pid; - - VBDEBUG(("Will invoke \"%s %s\" to perform signing.\n" - "Input to the signer will be provided on standard in.\n" - "Output of the signer will be read from standard out.\n", - external_signer, pem_file)); - - /* Need two pipes since we want to invoke the external_signer as - * a co-process writing to its stdin and reading from its stdout. */ - if (pipe(p_to_c) < 0 || pipe(c_to_p) < 0) { - VBDEBUG(("pipe() error\n")); - return -1; - } - if ((pid = fork()) < 0) { - VBDEBUG(("fork() error")); - return -1; - } - else if (pid > 0) { /* Parent. */ - close(p_to_c[STDIN_FILENO]); - close(c_to_p[STDOUT_FILENO]); - - /* We provide input to the child process (external signer). */ - if (write(p_to_c[STDOUT_FILENO], inbuf, size) != size) { - VBDEBUG(("write() error while providing input to external signer\n")); - rv = -1; - } else { - close(p_to_c[STDOUT_FILENO]); /* Send EOF to child (signer process). */ - do { - n = read(c_to_p[STDIN_FILENO], outbuf, outbufsize); - outbuf += n; - outbufsize -= n; - } while (n > 0 && outbufsize); - - if (n < 0) { - VBDEBUG(("read() error while reading output from external signer\n")); - rv = -1; - } - } - if (waitpid(pid, NULL, 0) < 0) { - VBDEBUG(("waitpid() error\n")); - rv = -1; - } - } else { /* Child. */ - close (p_to_c[STDOUT_FILENO]); - close (c_to_p[STDIN_FILENO]); - /* Map the stdin to the first pipe (this pipe gets input - * from the parent) */ - if (STDIN_FILENO != p_to_c[STDIN_FILENO]) { - if (dup2(p_to_c[STDIN_FILENO], STDIN_FILENO) != STDIN_FILENO) { - VBDEBUG(("stdin dup2() failed (external signer)\n")); - close(p_to_c[0]); - return -1; - } - } - /* Map the stdout to the second pipe (this pipe sends back - * signer output to the parent) */ - if (STDOUT_FILENO != c_to_p[STDOUT_FILENO]) { - if (dup2(c_to_p[STDOUT_FILENO], STDOUT_FILENO) != STDOUT_FILENO) { - VBDEBUG(("stdout dup2() failed (external signer)\n")); - close(c_to_p[STDOUT_FILENO]); - return -1; - } - } - /* External signer is invoked here. */ - if (execl(external_signer, external_signer, pem_file, (char *) 0) < 0) { - VBDEBUG(("execl() of external signer failed\n")); - } - } - return rv; +static int sign_external(uint32_t size, + const uint8_t *inbuf, + uint8_t *outbuf, + uint32_t outbufsize, + const char *pem_file, + const char *external_signer) +{ + int rv = 0, n; + int p_to_c[2], c_to_p[2]; /* pipe descriptors */ + pid_t pid; + + VB2_DEBUG("Will invoke \"%s %s\" to perform signing.\n" + "Input to the signer will be provided on standard in.\n" + "Output of the signer will be read from standard out.\n", + external_signer, pem_file); + + /* Need two pipes since we want to invoke the external_signer as + * a co-process writing to its stdin and reading from its stdout. */ + if (pipe(p_to_c) < 0 || pipe(c_to_p) < 0) { + VB2_DEBUG("pipe() error\n"); + return -1; + } + if ((pid = fork()) < 0) { + VB2_DEBUG("fork() error\n"); + return -1; + } else if (pid > 0) { /* Parent. */ + close(p_to_c[STDIN_FILENO]); + close(c_to_p[STDOUT_FILENO]); + + /* We provide input to the child process (external signer). */ + if (write(p_to_c[STDOUT_FILENO], inbuf, size) != size) { + VB2_DEBUG("write() error\n"); + rv = -1; + } else { + /* Send EOF to child (signer process). */ + close(p_to_c[STDOUT_FILENO]); + + do { + n = read(c_to_p[STDIN_FILENO], outbuf, + outbufsize); + outbuf += n; + outbufsize -= n; + } while (n > 0 && outbufsize); + + if (n < 0) { + VB2_DEBUG("read() error\n"); + rv = -1; + } + } + if (waitpid(pid, NULL, 0) < 0) { + VB2_DEBUG("waitpid() error\n"); + rv = -1; + } + } else { /* Child. */ + close (p_to_c[STDOUT_FILENO]); + close (c_to_p[STDIN_FILENO]); + /* Map the stdin to the first pipe (this pipe gets input + * from the parent) */ + if (STDIN_FILENO != p_to_c[STDIN_FILENO]) { + if (dup2(p_to_c[STDIN_FILENO], STDIN_FILENO) != + STDIN_FILENO) { + VB2_DEBUG("stdin dup2() failed\n"); + close(p_to_c[0]); + return -1; + } + } + /* Map the stdout to the second pipe (this pipe sends back + * signer output to the parent) */ + if (STDOUT_FILENO != c_to_p[STDOUT_FILENO]) { + if (dup2(c_to_p[STDOUT_FILENO], STDOUT_FILENO) != + STDOUT_FILENO) { + VB2_DEBUG("stdout dup2() failed\n"); + close(c_to_p[STDOUT_FILENO]); + return -1; + } + } + /* External signer is invoked here. */ + if (execl(external_signer, external_signer, pem_file, + (char *) 0) < 0) { + VB2_DEBUG("execl() of external signer failed\n"); + } + } + return rv; } -VbSignature* CalculateSignature_external(const uint8_t* data, uint64_t size, - const char* key_file, - uint64_t key_algorithm, - const char* external_signer) { - int vb2_alg = vb2_crypto_to_hash(key_algorithm); - uint8_t digest[VB2_MAX_DIGEST_SIZE]; - int digest_size = vb2_digest_size(vb2_alg); - - const uint8_t* digestinfo = hash_digestinfo_map[key_algorithm]; - uint64_t digestinfo_size = digestinfo_size_map[key_algorithm]; - - uint8_t* signature_digest; - uint64_t signature_digest_len = digest_size + digestinfo_size; - - VbSignature* sig; - int rv; - - /* Calculate the digest */ - if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg, - digest, sizeof(digest))) - return NULL; - - /* Prepend the digest info to the digest */ - signature_digest = malloc(signature_digest_len); - if (!signature_digest) - return NULL; - - Memcpy(signature_digest, digestinfo, digestinfo_size); - Memcpy(signature_digest + digestinfo_size, digest, digest_size); - - /* Allocate output signature */ - sig = SignatureAlloc(siglen_map[key_algorithm], size); - if (!sig) { - free(signature_digest); - return NULL; - } - - /* Sign the signature_digest into our output buffer */ - rv = InvokeExternalSigner(signature_digest_len, /* Input length */ - signature_digest, /* Input data */ - GetSignatureData(sig), /* Output sig */ - siglen_map[key_algorithm], /* Max Output sig size */ - key_file, /* Key file to use */ - external_signer); /* External cmd to invoke */ - free(signature_digest); - - if (-1 == rv) { - VBDEBUG(("SignatureBuf(): RSA_private_encrypt() failed.\n")); - free(sig); - return NULL; - } - - /* Return the signature */ - return sig; +struct vb2_signature *vb2_external_signature(const uint8_t *data, + uint32_t size, + const char *key_file, + uint32_t key_algorithm, + const char *external_signer) +{ + int vb2_alg = vb2_crypto_to_hash(key_algorithm); + uint8_t digest[VB2_MAX_DIGEST_SIZE]; + int digest_size = vb2_digest_size(vb2_alg); + + uint32_t digest_info_size = 0; + const uint8_t *digest_info = NULL; + if (VB2_SUCCESS != vb2_digest_info(vb2_alg, + &digest_info, &digest_info_size)) + return NULL; + + + uint8_t *signature_digest; + uint64_t signature_digest_len = digest_size + digest_info_size; + + int rv; + + /* Calculate the digest */ + if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg, + digest, sizeof(digest))) + return NULL; + + /* Prepend the digest info to the digest */ + signature_digest = calloc(signature_digest_len, 1); + if (!signature_digest) + return NULL; + + memcpy(signature_digest, digest_info, digest_info_size); + memcpy(signature_digest + digest_info_size, digest, digest_size); + + /* Allocate output signature */ + uint32_t sig_size = + vb2_rsa_sig_size(vb2_crypto_to_signature(key_algorithm)); + struct vb2_signature *sig = vb2_alloc_signature(sig_size, size); + if (!sig) { + free(signature_digest); + return NULL; + } + + /* Sign the signature_digest into our output buffer */ + rv = sign_external(signature_digest_len, /* Input length */ + signature_digest, /* Input data */ + vb2_signature_data(sig), /* Output sig */ + sig_size, /* Max Output sig size */ + key_file, /* Key file to use */ + external_signer); /* External cmd to invoke */ + free(signature_digest); + + if (-1 == rv) { + VB2_DEBUG("RSA_private_encrypt() failed.\n"); + free(sig); + return NULL; + } + + /* Return the signature */ + return sig; } diff --git a/host/lib/include/host_signature.h b/host/lib/include/host_signature.h index df907d28..4fb94d60 100644 --- a/host/lib/include/host_signature.h +++ b/host/lib/include/host_signature.h @@ -24,8 +24,6 @@ struct vb2_signature; * @param sig_size Size of signature data buffer in bytes * @param data_size Amount of data signed in bytes */ -void SignatureInit(VbSignature* sig, uint8_t* sig_data, - uint64_t sig_size, uint64_t data_size); void vb2_init_signature(struct vb2_signature *sig, uint8_t *sig_data, uint32_t sig_size, uint32_t data_size); @@ -38,7 +36,6 @@ void vb2_init_signature(struct vb2_signature *sig, uint8_t *sig_data, * * @return The signature or NULL if error. Caller must free() it. */ -VbSignature* SignatureAlloc(uint64_t sig_size, uint64_t data_size); struct vb2_signature *vb2_alloc_signature(uint32_t sig_size, uint32_t data_size); @@ -49,7 +46,6 @@ struct vb2_signature *vb2_alloc_signature(uint32_t sig_size, * @param src Source signature * * @return VB2_SUCCESS, or non-zero if error. */ -int SignatureCopy(VbSignature* dest, const VbSignature* src); int vb2_copy_signature(struct vb2_signature *dest, const struct vb2_signature *src); @@ -76,14 +72,21 @@ struct vb2_signature *vb2_calculate_signature( const uint8_t *data, uint32_t size, const struct vb2_private_key *key); -/* Calculates a signature for the data using the specified key and - * an external program. - * Caller owns the returned pointer, and must free it with Free(). +/** + * Calculate a signature for the data using an external signer. + * + * @param data Pointer to data to sign + * @param size Length of data in bytes + * @param key_file Name of file containing private key + * @param key_algorithm Key algorithm + * @param external_signer Path to external signer program * - * Returns NULL on error. */ -VbSignature* CalculateSignature_external(const uint8_t* data, uint64_t size, - const char* key_file, - uint64_t key_algorithm, - const char* external_signer); + * @return The signature, or NULL if error. Caller must free() it. + */ +struct vb2_signature *vb2_external_signature(const uint8_t *data, + uint32_t size, + const char *key_file, + uint32_t key_algorithm, + const char *external_signer); #endif /* VBOOT_REFERENCE_HOST_SIGNATURE_H_ */ diff --git a/host/linktest/main.c b/host/linktest/main.c index b5dc1732..8db150b8 100644 --- a/host/linktest/main.c +++ b/host/linktest/main.c @@ -19,11 +19,6 @@ int main(void) ReadFile(0, 0); WriteFile(0, 0, 0); - /* host_signature.h */ - SignatureInit(0, 0, 0, 0); - SignatureAlloc(0, 0); - SignatureCopy(0, 0); - /* file_keys.h */ BufferFromFile(0, 0); RSAPublicKeyFromFile(0); |