diff options
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | futility/cmd_show.c | 2 | ||||
-rw-r--r-- | futility/file_type.c | 5 | ||||
-rw-r--r-- | futility/file_type.h | 5 | ||||
-rw-r--r-- | futility/traversal.c | 8 | ||||
-rw-r--r-- | futility/traversal.h | 4 | ||||
-rw-r--r-- | futility/vb1_helper.c | 13 | ||||
-rw-r--r-- | futility/vb2_helper.c | 125 | ||||
-rw-r--r-- | host/lib21/host_key.c | 2 |
9 files changed, 157 insertions, 10 deletions
@@ -617,7 +617,8 @@ FUTIL_SRCS = \ futility/cmd_vbutil_keyblock.c \ futility/file_type.c \ futility/traversal.c \ - futility/vb1_helper.c + futility/vb1_helper.c \ + futility/vb2_helper.c # List of commands built in futility and futility_s. FUTIL_STATIC_CMD_LIST = ${BUILD}/gen/futility_static_cmds.c diff --git a/futility/cmd_show.c b/futility/cmd_show.c index 875689d5..f5f841c1 100644 --- a/futility/cmd_show.c +++ b/futility/cmd_show.c @@ -46,6 +46,7 @@ static struct local_data_s { static void show_key(VbPublicKey *pubkey, const char *sp) { + printf("%sVboot API: 1.0\n", sp); printf("%sAlgorithm: %" PRIu64 " %s\n", sp, pubkey->algorithm, (pubkey->algorithm < kNumAlgorithms ? algo_strings[pubkey->algorithm] : "(invalid)")); @@ -113,6 +114,7 @@ int futil_cb_show_privkey(struct futil_traverse_state_s *state) key.algorithm = *(typeof(key.algorithm) *)state->my_area->buf; printf("Private Key file: %s\n", state->in_filename); + printf(" Vboot API: 1.0\n"); alg_okay = key.algorithm < kNumAlgorithms; printf(" Algorithm: %" PRIu64 " %s\n", key.algorithm, alg_okay ? algo_strings[key.algorithm] : "(unknown)"); diff --git a/futility/file_type.c b/futility/file_type.c index 6696bb48..8e83406a 100644 --- a/futility/file_type.c +++ b/futility/file_type.c @@ -32,6 +32,8 @@ static const char * const type_strings[] = { "raw kernel", "chromiumos disk image", "VbPrivateKey", + "vb21 public key", + "vb21 private key", }; BUILD_ASSERT(ARRAY_SIZE(type_strings) == NUM_FILE_TYPES); @@ -49,7 +51,8 @@ enum futil_file_type (*recognizers[])(uint8_t *buf, uint32_t len) = { &recognize_bios_image, &recognize_gbb, &recognize_vblock1, - &recognize_privkey, + &recognize_vb1_key, + &recognize_vb2_key, }; /* Try to figure out what we're looking at */ diff --git a/futility/file_type.h b/futility/file_type.h index a94ff2c8..43492b20 100644 --- a/futility/file_type.h +++ b/futility/file_type.h @@ -23,6 +23,8 @@ enum futil_file_type { FILE_TYPE_CHROMIUMOS_DISK, /* At least it has a GPT */ FILE_TYPE_PRIVKEY, /* VbPrivateKey */ + FILE_TYPE_VB2_PUBKEY, /* struct vb2_public_key */ + FILE_TYPE_VB2_PRIVKEY, /* struct vb2_private_key */ NUM_FILE_TYPES }; @@ -47,6 +49,7 @@ enum futil_file_type recognize_bios_image(uint8_t *buf, uint32_t len); enum futil_file_type recognize_gbb(uint8_t *buf, uint32_t len); enum futil_file_type recognize_vblock1(uint8_t *buf, uint32_t len); enum futil_file_type recognize_gpt(uint8_t *buf, uint32_t len); -enum futil_file_type recognize_privkey(uint8_t *buf, uint32_t len); +enum futil_file_type recognize_vb1_key(uint8_t *buf, uint32_t len); +enum futil_file_type recognize_vb2_key(uint8_t *buf, uint32_t len); #endif /* VBOOT_REFERENCE_FUTILITY_FILE_TYPE_H_ */ diff --git a/futility/traversal.c b/futility/traversal.c index 8421b253..3a96cdc2 100644 --- a/futility/traversal.c +++ b/futility/traversal.c @@ -31,6 +31,8 @@ static int (* const cb_show_funcs[])(struct futil_traverse_state_s *state) = { NULL, /* CB_RAW_FIRMWARE */ NULL, /* CB_RAW_KERNEL */ futil_cb_show_privkey, /* CB_PRIVKEY */ + futil_cb_show_vb2_pubkey, /* CB_VB2_PUBKEY */ + futil_cb_show_vb2_privkey, /* CB_VB2_PRIVKEY */ }; BUILD_ASSERT(ARRAY_SIZE(cb_show_funcs) == NUM_CB_COMPONENTS); @@ -51,6 +53,8 @@ static int (* const cb_sign_funcs[])(struct futil_traverse_state_s *state) = { futil_cb_sign_raw_firmware, /* CB_RAW_FIRMWARE */ futil_cb_create_kernel_part, /* CB_RAW_KERNEL */ NULL, /* CB_PRIVKEY */ + NULL, /* CB_VB2_PUBKEY */ + NULL, /* CB_VB2_PRIVKEY */ }; BUILD_ASSERT(ARRAY_SIZE(cb_sign_funcs) == NUM_CB_COMPONENTS); @@ -80,6 +84,8 @@ static const struct { {CB_RAW_KERNEL, "raw kernel"}, /* FILE_TYPE_RAW_KERNEL */ {0, "chromiumos disk"}, /* FILE_TYPE_CHROMIUMOS_DISK */ {CB_PRIVKEY, "VbPrivateKey"}, /* FILE_TYPE_PRIVKEY */ + {CB_VB2_PUBKEY, "vb21 public key"}, /* FILE_TYPE_VB2_PUBKEY */ + {CB_VB2_PRIVKEY, "vb21 private key"}, /* FILE_TYPE_VB2_PRIVKEY */ }; BUILD_ASSERT(ARRAY_SIZE(direct_callback) == NUM_FILE_TYPES); @@ -152,6 +158,8 @@ static const char * const futil_cb_component_str[] = { "CB_RAW_FIRMWARE", "CB_RAW_KERNEL", "CB_PRIVKEY", + "CB_VB2_PUBKEY", + "CB_VB2_PRIVKEY", }; BUILD_ASSERT(ARRAY_SIZE(futil_cb_component_str) == NUM_CB_COMPONENTS); diff --git a/futility/traversal.h b/futility/traversal.h index 53088d5b..5bdc7c5c 100644 --- a/futility/traversal.h +++ b/futility/traversal.h @@ -36,6 +36,8 @@ enum futil_cb_component { CB_RAW_FIRMWARE, CB_RAW_KERNEL, CB_PRIVKEY, + CB_VB2_PUBKEY, + CB_VB2_PRIVKEY, NUM_CB_COMPONENTS }; @@ -83,6 +85,8 @@ int futil_cb_show_fw_main(struct futil_traverse_state_s *state); int futil_cb_show_fw_preamble(struct futil_traverse_state_s *state); int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state); int futil_cb_show_privkey(struct futil_traverse_state_s *state); +int futil_cb_show_vb2_pubkey(struct futil_traverse_state_s *state); +int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state); int futil_cb_sign_pubkey(struct futil_traverse_state_s *state); int futil_cb_sign_fw_main(struct futil_traverse_state_s *state); diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c index 3d3225a1..e039e41b 100644 --- a/futility/vb1_helper.c +++ b/futility/vb1_helper.c @@ -718,7 +718,6 @@ uint8_t *CreateKernelBlob(uint8_t *vmlinuz_buf, uint64_t vmlinuz_size, enum futil_file_type recognize_vblock1(uint8_t *buf, uint32_t len) { VbKeyBlockHeader *key_block = (VbKeyBlockHeader *)buf; - VbPublicKey *pubkey = (VbPublicKey *)buf; VbFirmwarePreambleHeader *fw_preamble; VbKernelPreambleHeader *kern_preamble; RSAPublicKey *rsa; @@ -743,18 +742,20 @@ enum futil_file_type recognize_vblock1(uint8_t *buf, uint32_t len) return FILE_TYPE_KEYBLOCK; } - /* Maybe just a VbPublicKey? */ - if (PublicKeyLooksOkay(pubkey, len)) - return FILE_TYPE_PUBKEY; - return FILE_TYPE_UNKNOWN; } -enum futil_file_type recognize_privkey(uint8_t *buf, uint32_t len) +enum futil_file_type recognize_vb1_key(uint8_t *buf, uint32_t len) { + VbPublicKey *pubkey = (VbPublicKey *)buf; VbPrivateKey key; const unsigned char *start; + /* Maybe just a VbPublicKey? */ + if (len >= sizeof(VbPublicKey) && PublicKeyLooksOkay(pubkey, len)) + return FILE_TYPE_PUBKEY; + + /* How about a VbPrivateKey? */ if (len < sizeof(key.algorithm)) return FILE_TYPE_UNKNOWN; diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c new file mode 100644 index 00000000..10aa6097 --- /dev/null +++ b/futility/vb2_helper.c @@ -0,0 +1,125 @@ +/* + * Copyright 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "2sysincludes.h" +#include "2common.h" +#include "2guid.h" +#include "2rsa.h" +#include "vb2_common.h" +#include "vb2_struct.h" + +#include "host_common.h" +#include "host_key2.h" +#include "host_misc2.h" + +#include "file_type.h" +#include "futility.h" +#include "traversal.h" + +enum futil_file_type recognize_vb2_key(uint8_t *buf, uint32_t len) +{ + struct vb2_public_key pubkey; + struct vb2_private_key *privkey = 0; + + /* The pubkey points into buf, so nothing to free */ + if (VB2_SUCCESS == vb2_unpack_key(&pubkey, buf, len)) + return FILE_TYPE_VB2_PUBKEY; + + /* The private key unpacks into new structs */ + if (VB2_SUCCESS == vb2_private_key_unpack(&privkey, buf, len)) { + vb2_private_key_free(privkey); + return FILE_TYPE_VB2_PRIVKEY; + } + + return FILE_TYPE_UNKNOWN; +} + +static void vb2_print_public_key_sha1sum(struct vb2_public_key *key) +{ + struct vb2_packed_key *pkey; + uint8_t *digest; + int i; + + if (vb2_public_key_pack(&pkey, key)) { + printf("<error>"); + return; + } + + digest = DigestBuf((uint8_t *)pkey + pkey->key_offset, + pkey->key_size, SHA1_DIGEST_ALGORITHM); + for (i = 0; i < SHA1_DIGEST_SIZE; i++) + printf("%02x", digest[i]); + + free(digest); + free(pkey); +} + +int futil_cb_show_vb2_pubkey(struct futil_traverse_state_s *state) +{ + struct vb2_public_key key; + char guid_str[VB2_GUID_MIN_STRLEN]; + const struct vb2_text_vs_enum *entry; + + /* The key's members will point into the state buffer after this. Don't + * free anything. */ + if (VB2_SUCCESS != vb2_unpack_key(&key, state->my_area->buf, + state->my_area->len)) + return 1; + + if (VB2_SUCCESS != vb2_guid_to_str(key.guid, guid_str, + sizeof(guid_str))) + return 1; + + printf("Public Key file: %s\n", state->in_filename); + printf(" Vboot API: 2.1\n"); + printf(" Desc: \"%s\"\n", key.desc); + entry = vb2_lookup_by_num(vb2_text_vs_sig, key.sig_alg); + printf(" Signature Algorithm: %d %s\n", key.sig_alg, + entry ? entry->name : "(invalid)"); + entry = vb2_lookup_by_num(vb2_text_vs_hash, key.hash_alg); + printf(" Hash Algorithm: %d %s\n", key.hash_alg, + entry ? entry->name : "(invalid)"); + printf(" GUID: %s\n", guid_str); + printf(" Version: 0x%08x\n", key.version); + printf(" Key sha1sum: "); + vb2_print_public_key_sha1sum(&key); + printf("\n"); + + return 0; +} + +int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state) +{ + struct vb2_private_key *key = 0; + char guid_str[VB2_GUID_MIN_STRLEN]; + const struct vb2_text_vs_enum *entry; + + if (VB2_SUCCESS != vb2_private_key_unpack(&key, state->my_area->buf, + state->my_area->len)) + return 1; + + if (VB2_SUCCESS != vb2_guid_to_str(&key->guid, guid_str, + sizeof(guid_str))) { + vb2_private_key_free(key); + return 1; + } + + + printf("Private key file: %s\n", state->in_filename); + printf(" Vboot API: 2.1\n"); + printf(" Desc: \"%s\"\n", key->desc ? key->desc : ""); + entry = vb2_lookup_by_num(vb2_text_vs_sig, key->sig_alg); + printf(" Signature Algorithm: %d %s\n", key->sig_alg, + entry ? entry->name : "(invalid)"); + entry = vb2_lookup_by_num(vb2_text_vs_hash, key->hash_alg); + printf(" Hash Algorithm: %d %s\n", key->hash_alg, + entry ? entry->name : "(invalid)"); + printf(" GUID: %s\n", guid_str); + + + vb2_private_key_free(key); + return 0; +} diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c index 4acba9cb..78a6d2ec 100644 --- a/host/lib21/host_key.c +++ b/host/lib21/host_key.c @@ -270,7 +270,7 @@ int vb2_private_key_write(const struct vb2_private_key *key, memcpy(buf, &pkey, sizeof(pkey)); /* strcpy() is ok here because we checked the length above */ - if (key->desc) + if (pkey.c.desc_size) strcpy((char *)buf + pkey.c.fixed_size, key->desc); if (rsabuf) { |