diff options
| author | Gaurav Shah <gauravsh@google.com> | 2010-01-28 19:43:24 -0800 |
|---|---|---|
| committer | Gaurav Shah <gauravsh@google.com> | 2010-01-28 19:43:24 -0800 |
| commit | 8bf29d8ea10392c03f8d11561a4e63182f6211a3 (patch) | |
| tree | 38fef724dae61263b3bf7eac361cf68103d2e7ac /tests | |
| parent | 321f310040b6ad281c0e4930defe551c5670859c (diff) | |
| download | vboot-8bf29d8ea10392c03f8d11561a4e63182f6211a3.tar.gz | |
Utility to output digests in format suitable for RSA signatures.
The current stable version of OpenSSL(0.9.8d) does not support RSA signature with SHA-256 and SHA-512 message digests. This utility outputs the hash of file data in a format suitable for use with the "openssl" command-line tool fir generating RSA signatures.
Also modified the tests to use this to generate RSA signature rather than "openssl pkeyutl" which is not supported on current stable version of OpenSSL.
Review URL: http://codereview.chromium.org/552227
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Makefile | 7 | ||||
| -rwxr-xr-x | tests/run_tests.sh | 22 | ||||
| -rw-r--r-- | tests/signature_digest.c | 68 | ||||
| -rw-r--r-- | tests/signature_digest.h | 16 |
4 files changed, 100 insertions, 13 deletions
diff --git a/tests/Makefile b/tests/Makefile index 31906c4f..8fcd21fc 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -2,11 +2,11 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. -SRCS=sha_tests.c verify_data.c digest_utility.c +SRCS=sha_tests.c verify_data.c digest_utility.c signature_digest.c OBJS=$(SRCS:.c=.o) LIBS=$(TOP)/crypto/libcrypto.a $(TOP)/common/libcommon.a -tests: sha_tests verify_data +tests: sha_tests verify_data signature_digest sha_tests: sha_tests.c $(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ $(LIBS) @@ -14,6 +14,9 @@ sha_tests: sha_tests.c verify_data: verify_data.c digest_utility.o $(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ digest_utility.o $(LIBS) +signature_digest: signature_digest.c digest_utility.o + $(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ digest_utility.o $(LIBS) + digest_utility.o: digest_utility.c $(CC) $(CFLAGS) $(INCLUDES) -c $< -o $@ clean: diff --git a/tests/run_tests.sh b/tests/run_tests.sh index bfde0a20..7fe68fe0 100755 --- a/tests/run_tests.sh +++ b/tests/run_tests.sh @@ -28,32 +28,32 @@ function generate_keys { # Generate public key signatures on an input file for various combinations # of message digest algorithms and RSA key sizes. function generate_signatures { - for i in ${hash_algos[@]} + algorithmcounter=0 + for keylen in ${key_lengths[@]} do - for j in ${key_lengths[@]} + for hashalgo in ${hash_algos[@]} do - openssl dgst -binary -$i $1 >$1.digest.$i - openssl pkeyutl -in $1.digest.$i -inkey key_rsa$j.pem \ - -pkeyopt digest:$i > $1.rsa$j\_$i.sig + ./signature_digest $algorithmcounter $1 | openssl rsautl -sign -pkcs \ + -inkey key_rsa${keylen}.pem > $1.rsa${keylen}\_${hashalgo}.sig + let algorithmcounter=algorithmcounter+1 done done } function test_signatures { algorithmcounter=0 - for rsaalgo in ${key_lengths[@]} + for keylen in ${key_lengths[@]} do for hashalgo in ${hash_algos[@]} do - echo "For RSA-$rsaalgo and $hashalgo:" - ./verify_data $algorithmcounter key_rsa${rsaalgo}.keyb \ - ${TEST_FILE}.rsa${rsaalgo}_${hashalgo}.sig ${TEST_FILE} + echo "For RSA-$keylen and $hashalgo:" + ./verify_data $algorithmcounter key_rsa${keylen}.keyb \ + ${TEST_FILE}.rsa${keylen}\_${hashalgo}.sig ${TEST_FILE} let algorithmcounter=algorithmcounter+1 done done } - function pre_work { # Generate a file with random bytes for signature tests. echo "Generating test file..." @@ -65,7 +65,7 @@ function pre_work { } function cleanup { - rm ${TEST_FILE} ${TEST_FILE}.digest.* ${TEST_FILE}.*.sig key_rsa*.* + rm ${TEST_FILE} ${TEST_FILE}.*.sig key_rsa*.* } echo "Testing message digests..." diff --git a/tests/signature_digest.c b/tests/signature_digest.c new file mode 100644 index 00000000..89d98fe1 --- /dev/null +++ b/tests/signature_digest.c @@ -0,0 +1,68 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Utility that outputs the message digest of the contents of a file in a + * format that can be used as input to OpenSSL for an RSA signature. + * Needed until the stable OpenSSL release supports SHA-256/512 digests for + * RSA signatures. + * Outputs DigestInfo || Digest where DigestInfo is the OID depending on the + * choice of the hash algorithm (see padding.c). + * + */ + +#include "signature_digest.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +#include "digest_utility.h" +#include "padding.h" +#include "sha.h" + +uint8_t* prepend_digestinfo(int algorithm, uint8_t* digest) { + const int digest_size = hash_size_map[algorithm]; + const int digestinfo_size = digestinfo_size_map[algorithm]; + const uint8_t* digestinfo = hash_digestinfo_map[algorithm]; + uint8_t* p = malloc(digestinfo_size + digest_size); + memcpy(p, digestinfo, digestinfo_size); + memcpy(p + digestinfo_size, digest, digest_size); + return p; +} + +int main(int argc, char* argv[]) { + int i, algorithm; + uint8_t* digest = NULL; + uint8_t* signature = NULL; + uint8_t* info_digest = NULL; + + if (argc != 3) { + fprintf(stderr, "Usage: %s <algorithm> <input file>\n\n", + argv[0]); + fprintf(stderr, "where <algorithm> is the signature algorithm to use:\n"); + for(i = 0; i<kNumAlgorithms; i++) + fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]); + return -1; + } + + algorithm = atoi(argv[1]); + if (algorithm >= kNumAlgorithms) { + fprintf(stderr, "Invalid Algorithm!\n"); + goto failure; + } + + if (!(digest = calculate_digest(argv[2], algorithm))) + goto failure; + + info_digest = prepend_digestinfo(algorithm, digest); + write(1, info_digest, hash_size_map[algorithm] + + digestinfo_size_map[algorithm]); + +failure: + free(digest); + free(info_digest); + free(signature); + + return 0; +} diff --git a/tests/signature_digest.h b/tests/signature_digest.h new file mode 100644 index 00000000..fcd72753 --- /dev/null +++ b/tests/signature_digest.h @@ -0,0 +1,16 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#ifndef VBOOT_REFERENCE_SIGNATURE_DIGEST_H_ +#define VBOOT_REFERENCE_SIGNATURE_DIGEST_H_ + +#include <inttypes.h> + +/* Returns a buffer with DigestInfo (which depends on [algorithm]) + * prepended to [digest]. + */ +uint8_t* prepend_digestinfo(int algorithm, uint8_t* digest); + +#endif /* VBOOT_REFERENCE_SIGNATURE_DIGEST_H_ */ |