diff options
-rw-r--r-- | futility/file_type.c | 2 | ||||
-rw-r--r-- | futility/file_type.h | 2 | ||||
-rw-r--r-- | futility/traversal.c | 4 | ||||
-rw-r--r-- | futility/traversal.h | 2 | ||||
-rw-r--r-- | futility/vb2_helper.c | 70 | ||||
-rwxr-xr-x | tests/futility/test_create.sh | 8 |
6 files changed, 86 insertions, 2 deletions
diff --git a/futility/file_type.c b/futility/file_type.c index 8e83406a..f542a91a 100644 --- a/futility/file_type.c +++ b/futility/file_type.c @@ -34,6 +34,7 @@ static const char * const type_strings[] = { "VbPrivateKey", "vb21 public key", "vb21 private key", + "RSA private key", }; BUILD_ASSERT(ARRAY_SIZE(type_strings) == NUM_FILE_TYPES); @@ -53,6 +54,7 @@ enum futil_file_type (*recognizers[])(uint8_t *buf, uint32_t len) = { &recognize_vblock1, &recognize_vb1_key, &recognize_vb2_key, + &recognize_pem, }; /* Try to figure out what we're looking at */ diff --git a/futility/file_type.h b/futility/file_type.h index 43492b20..5e92a399 100644 --- a/futility/file_type.h +++ b/futility/file_type.h @@ -25,6 +25,7 @@ enum futil_file_type { FILE_TYPE_PRIVKEY, /* VbPrivateKey */ FILE_TYPE_VB2_PUBKEY, /* struct vb2_public_key */ FILE_TYPE_VB2_PRIVKEY, /* struct vb2_private_key */ + FILE_TYPE_PEM, /* RSA .pem file */ NUM_FILE_TYPES }; @@ -51,5 +52,6 @@ enum futil_file_type recognize_vblock1(uint8_t *buf, uint32_t len); enum futil_file_type recognize_gpt(uint8_t *buf, uint32_t len); enum futil_file_type recognize_vb1_key(uint8_t *buf, uint32_t len); enum futil_file_type recognize_vb2_key(uint8_t *buf, uint32_t len); +enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len); #endif /* VBOOT_REFERENCE_FUTILITY_FILE_TYPE_H_ */ diff --git a/futility/traversal.c b/futility/traversal.c index 3a96cdc2..548d9538 100644 --- a/futility/traversal.c +++ b/futility/traversal.c @@ -33,6 +33,7 @@ static int (* const cb_show_funcs[])(struct futil_traverse_state_s *state) = { futil_cb_show_privkey, /* CB_PRIVKEY */ futil_cb_show_vb2_pubkey, /* CB_VB2_PUBKEY */ futil_cb_show_vb2_privkey, /* CB_VB2_PRIVKEY */ + futil_cb_show_pem, /* CB_PEM */ }; BUILD_ASSERT(ARRAY_SIZE(cb_show_funcs) == NUM_CB_COMPONENTS); @@ -55,6 +56,7 @@ static int (* const cb_sign_funcs[])(struct futil_traverse_state_s *state) = { NULL, /* CB_PRIVKEY */ NULL, /* CB_VB2_PUBKEY */ NULL, /* CB_VB2_PRIVKEY */ + NULL, /* CB_PEM */ }; BUILD_ASSERT(ARRAY_SIZE(cb_sign_funcs) == NUM_CB_COMPONENTS); @@ -86,6 +88,7 @@ static const struct { {CB_PRIVKEY, "VbPrivateKey"}, /* FILE_TYPE_PRIVKEY */ {CB_VB2_PUBKEY, "vb21 public key"}, /* FILE_TYPE_VB2_PUBKEY */ {CB_VB2_PRIVKEY, "vb21 private key"}, /* FILE_TYPE_VB2_PRIVKEY */ + {CB_PEM, "RSA private key"}, /* FILE_TYPE_PEM */ }; BUILD_ASSERT(ARRAY_SIZE(direct_callback) == NUM_FILE_TYPES); @@ -160,6 +163,7 @@ static const char * const futil_cb_component_str[] = { "CB_PRIVKEY", "CB_VB2_PUBKEY", "CB_VB2_PRIVKEY", + "CB_PEM", }; BUILD_ASSERT(ARRAY_SIZE(futil_cb_component_str) == NUM_CB_COMPONENTS); diff --git a/futility/traversal.h b/futility/traversal.h index 5bdc7c5c..e975469a 100644 --- a/futility/traversal.h +++ b/futility/traversal.h @@ -38,6 +38,7 @@ enum futil_cb_component { CB_PRIVKEY, CB_VB2_PUBKEY, CB_VB2_PRIVKEY, + CB_PEM, NUM_CB_COMPONENTS }; @@ -87,6 +88,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state); int futil_cb_show_privkey(struct futil_traverse_state_s *state); int futil_cb_show_vb2_pubkey(struct futil_traverse_state_s *state); int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state); +int futil_cb_show_pem(struct futil_traverse_state_s *state); int futil_cb_sign_pubkey(struct futil_traverse_state_s *state); int futil_cb_sign_fw_main(struct futil_traverse_state_s *state); diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c index 35541617..68287ce1 100644 --- a/futility/vb2_helper.c +++ b/futility/vb2_helper.c @@ -4,6 +4,9 @@ * found in the LICENSE file. */ +#define OPENSSL_NO_SHA +#include <openssl/pem.h> + #include "2sysincludes.h" #include "2common.h" #include "2guid.h" @@ -145,3 +148,70 @@ int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state) vb2_private_key_free(key); return 0; } + +static RSA *rsa_from_buffer(uint8_t *buf, uint32_t len) +{ + BIO *bp; + RSA *rsa_key; + + bp = BIO_new_mem_buf(buf, len); + if (!bp) + return 0; + + rsa_key = PEM_read_bio_RSAPrivateKey(bp, NULL, NULL, NULL); + if (!rsa_key) { + BIO_free(bp); + return 0; + } + + BIO_free(bp); + + return rsa_key; +} + +enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len) +{ + RSA *rsa_key = rsa_from_buffer(buf, len); + + if (rsa_key) { + RSA_free(rsa_key); + return FILE_TYPE_PEM; + } + + return FILE_TYPE_UNKNOWN; +} + +int futil_cb_show_pem(struct futil_traverse_state_s *state) +{ + RSA *rsa_key; + uint8_t *keyb, *digest; + uint32_t keyb_len; + int i, bits; + + printf("Private Key file: %s\n", state->in_filename); + + /* We're called only after recognize_pem, so this should work. */ + rsa_key = rsa_from_buffer(state->my_area->buf, state->my_area->len); + if (!rsa_key) + DIE; + + bits = BN_num_bits(rsa_key->n); + printf(" Key length: %d\n", bits); + + if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) { + printf(" Key sha1sum: <error>"); + RSA_free(rsa_key); + return 1; + } + + printf(" Key sha1sum: "); + digest = DigestBuf(keyb, keyb_len, SHA1_DIGEST_ALGORITHM); + for (i = 0; i < SHA1_DIGEST_SIZE; i++) + printf("%02x", digest[i]); + printf("\n"); + + free(digest); + free(keyb); + RSA_free(rsa_key); + return 0; +} diff --git a/tests/futility/test_create.sh b/tests/futility/test_create.sh index 3c1d38e2..78b9e04a 100755 --- a/tests/futility/test_create.sh +++ b/tests/futility/test_create.sh @@ -37,8 +37,12 @@ done # Demonstrate that the sha1sums are the same for all the keys created from the # same .pem files, both public and private, vb1 and vb21. for sig in rsa1024 rsa2048 rsa4096 rsa8192; do - num=$(${FUTILITY} show ${TMP}_key_${sig}.* | grep sha1sum | uniq | wc -l) - [ "$num" -eq "1" ] + pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" | + awk '/sha1sum/ {print $3}') + key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* | + awk '/sha1sum/ {print $3}' | uniq) + # note that this also tests that all the key_sums are the same + [ "$pem_sum" = "$key_sums" ] done # cleanup |