diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-10-14 15:37:25 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-10-29 19:41:09 -0700 |
commit | 5a9f498182586f64865b51c874619d674f5d842c (patch) | |
tree | 79f69ff6aa363b6f53e010773f20f5f22771e06c /utility | |
parent | 13b109762a3bfec025a9bfcb3ead927d0291280e (diff) | |
download | vboot-5a9f498182586f64865b51c874619d674f5d842c.tar.gz |
host,test: Remove unneeded vb1 rsa functions
Another in a continued stream of refactoring. This change removes more
of the vb1 rsa library code and associated tests, in favor of their vb2
equivalents. This change touches only host-side code and its tests, not
firmware.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: I1973bc2f03c60da62232e30bab0fa5fe791b6b34
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400901
Diffstat (limited to 'utility')
-rw-r--r-- | utility/include/verify_data.h | 20 | ||||
-rw-r--r-- | utility/pad_digest_utility.c | 5 | ||||
-rw-r--r-- | utility/signature_digest_utility.c | 8 | ||||
-rw-r--r-- | utility/verify_data.c | 182 |
4 files changed, 119 insertions, 96 deletions
diff --git a/utility/include/verify_data.h b/utility/include/verify_data.h deleted file mode 100644 index 51b9fd6d..00000000 --- a/utility/include/verify_data.h +++ /dev/null @@ -1,20 +0,0 @@ -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef VBOOT_REFERENCE_VERIFY_DATA_H_ -#define VBOOT_REFERENCE_VERIFY_DATA_H_ - -/* Reads a pre-processed key from [input_file] and - * returns it in a RSAPublicKey structure. - * Caller owns the returned key and must free it. - */ -RSAPublicKey* read_RSAkey(char *input_file); - -/* Return a signature of [len] bytes read from [input_file]. - * Caller owns the returned signature and must free it. - */ -uint8_t* read_signature(char *input_file, int len); - -#endif /* VBOOT_REFERENCE_VERIFY_DATA_H_ */ diff --git a/utility/pad_digest_utility.c b/utility/pad_digest_utility.c index 86d6694b..440cca3a 100644 --- a/utility/pad_digest_utility.c +++ b/utility/pad_digest_utility.c @@ -31,7 +31,7 @@ int main(int argc, char* argv[]) { int error_code = 0; uint8_t* digest = NULL; uint8_t* padded_digest = NULL; - uint64_t len; + uint32_t len; uint32_t padded_digest_len; if (argc != 3) { @@ -44,8 +44,7 @@ int main(int argc, char* argv[]) { return -1; } - digest = BufferFromFile(argv[2], &len); - if (!digest) { + if (VB2_SUCCESS != vb2_read_file(argv[2], &digest, &len)) { fprintf(stderr, "Could not read file: %s\n", argv[2]); return -1; } diff --git a/utility/signature_digest_utility.c b/utility/signature_digest_utility.c index 781f9ff6..0ed1a99d 100644 --- a/utility/signature_digest_utility.c +++ b/utility/signature_digest_utility.c @@ -11,6 +11,9 @@ #include <stdio.h> #include <stdlib.h> +#include "2sysincludes.h" +#include "2common.h" + #include "file_keys.h" #include "host_common.h" #include "padding.h" @@ -22,7 +25,7 @@ int main(int argc, char* argv[]) { int error_code = 0; uint8_t* buf = NULL; uint8_t* signature_digest = NULL; - uint64_t len; + uint32_t len; uint32_t signature_digest_len; if (argc != 3) { @@ -35,8 +38,7 @@ int main(int argc, char* argv[]) { return -1; } - buf = BufferFromFile(argv[2], &len); - if (!buf) { + if (VB2_SUCCESS != vb2_read_file(argv[2], &buf, &len)) { fprintf(stderr, "Could not read file: %s\n", argv[2]); return -1; } diff --git a/utility/verify_data.c b/utility/verify_data.c index ed4bcc16..d68f8909 100644 --- a/utility/verify_data.c +++ b/utility/verify_data.c @@ -15,88 +15,130 @@ #include <sys/types.h> #include <unistd.h> +#define _STUB_IMPLEMENTATION_ /* For malloc()/free() */ + #include "2sysincludes.h" #include "2common.h" #include "2sha.h" +#include "2rsa.h" #include "cryptolib.h" #include "file_keys.h" -#include "verify_data.h" +#include "host_key.h" +#include "host_misc.h" +#include "vb2_common.h" /* ANSI Color coding sequences. */ #define COL_GREEN "\e[1;32m" #define COL_RED "\e[0;31m" #define COL_STOP "\e[m" -uint8_t* read_signature(char* input_file, int len) { - int i, sigfd; - uint8_t* signature = NULL; - if ((sigfd = open(input_file, O_RDONLY)) == -1) { - fprintf(stderr, "Couldn't open signature file\n"); - return NULL; - } - - /* Read the signature into a buffer*/ - signature = (uint8_t*) malloc(len); - if (!signature) { - close(sigfd); - return NULL; - } - - if( (i = read(sigfd, signature, len)) != len ) { - fprintf(stderr, "Wrong signature length - Expected = %d, Received = %d\n", - len, i); - close(sigfd); - free(signature); - return NULL; - } - - close(sigfd); - return signature; +uint8_t* read_signature(char* input_file, int len) +{ + int i, sigfd; + uint8_t* signature = NULL; + if ((sigfd = open(input_file, O_RDONLY)) == -1) { + fprintf(stderr, "Couldn't open signature file\n"); + return NULL; + } + + /* Read the signature into a buffer*/ + signature = (uint8_t*) malloc(len); + if (!signature) { + close(sigfd); + return NULL; + } + + if( (i = read(sigfd, signature, len)) != len ) { + fprintf(stderr, "Expected signature length %d, Received %d\n", + len, i); + close(sigfd); + free(signature); + return NULL; + } + + close(sigfd); + return signature; } -int main(int argc, char* argv[]) { - int i, algorithm, sig_len; - int return_code = 1; /* Default to error. */ - uint8_t digest[VB2_MAX_DIGEST_SIZE]; - uint8_t* signature = NULL; - RSAPublicKey* key = NULL; - - if (argc!=5) { - fprintf(stderr, "Usage: %s <algorithm> <key file> <signature file>" - " <input file>\n\n", argv[0]); - fprintf(stderr, "where <algorithm> depends on the signature algorithm" - " used:\n"); - for(i = 0; i<kNumAlgorithms; i++) - fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]); - return -1; - } - - algorithm = atoi(argv[1]); - if (algorithm >= kNumAlgorithms) { - fprintf(stderr, "Invalid Algorithm!\n"); - return 0; - } - /* Length of the RSA Signature/RSA Key */ - sig_len = siglen_map[algorithm]; - if ((key = RSAPublicKeyFromFile(argv[2])) && - (signature = read_signature(argv[3], sig_len)) && - (VB2_SUCCESS == DigestFile(argv[4], vb2_crypto_to_hash(algorithm), - digest, sizeof(digest)))) { - if (RSAVerify(key, signature, sig_len, algorithm, digest)) { - return_code = 0; - fprintf(stderr, "Signature Verification " - COL_GREEN "SUCCEEDED" COL_STOP "\n"); - } else { - fprintf(stderr, "Signature Verification " - COL_RED "FAILED" COL_STOP "\n"); - } - } - else - return_code = -1; - - free(key); - free(signature); - - return return_code; +int main(int argc, char* argv[]) +{ + uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES] + __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); + struct vb2_workbuf wb; + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + int return_code = 1; /* Default to error. */ + uint8_t digest[VB2_MAX_DIGEST_SIZE]; + struct vb2_packed_key *pk = NULL; + uint8_t *signature = NULL; + uint32_t sig_len = 0; + + if (argc != 5) { + int i; + fprintf(stderr, + "Usage: %s <algorithm> <key file> <signature file>" + " <input file>\n\n", argv[0]); + fprintf(stderr, + "where <algorithm> depends on the signature algorithm" + " used:\n"); + for(i = 0; i < VB2_ALG_COUNT; i++) + fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]); + return -1; + } + + int algorithm = atoi(argv[1]); + if (algorithm >= kNumAlgorithms) { + fprintf(stderr, "Invalid algorithm %d\n", algorithm); + goto error; + } + + pk = vb2_read_packed_keyb(argv[2], algorithm, 0); + if (!pk) { + fprintf(stderr, "Can't read RSA public key.\n"); + goto error; + } + + struct vb2_public_key k2; + if (VB2_SUCCESS != vb2_unpack_key(&k2, (const uint8_t *)pk, + pk->key_offset + pk->key_size)) { + fprintf(stderr, "Can't unpack RSA public key.\n"); + goto error; + } + + if (VB2_SUCCESS != vb2_read_file(argv[3], &signature, &sig_len)) { + fprintf(stderr, "Can't read signature.\n"); + goto error; + } + + uint32_t expect_sig_size = + vb2_rsa_sig_size(vb2_crypto_to_signature(algorithm)); + if (sig_len != expect_sig_size) { + fprintf(stderr, "Expected signature size %u, got %u\n", + expect_sig_size, sig_len); + goto error; + } + + if (VB2_SUCCESS != DigestFile(argv[4], vb2_crypto_to_hash(algorithm), + digest, sizeof(digest))) { + fprintf(stderr, "Error calculating digest.\n"); + goto error; + } + + if (VB2_SUCCESS == vb2_rsa_verify_digest(&k2, signature, digest, &wb)) { + return_code = 0; + fprintf(stderr, "Signature Verification " + COL_GREEN "SUCCEEDED" COL_STOP "\n"); + } else { + fprintf(stderr, "Signature Verification " + COL_RED "FAILED" COL_STOP "\n"); + } + +error: + if (pk) + free(pk); + if (signature) + free(signature); + + return return_code; } |