summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--futility/file_type.c2
-rw-r--r--futility/file_type.h2
-rw-r--r--futility/traversal.c4
-rw-r--r--futility/traversal.h2
-rw-r--r--futility/vb2_helper.c70
-rwxr-xr-xtests/futility/test_create.sh8
6 files changed, 86 insertions, 2 deletions
diff --git a/futility/file_type.c b/futility/file_type.c
index 8e83406a..f542a91a 100644
--- a/futility/file_type.c
+++ b/futility/file_type.c
@@ -34,6 +34,7 @@ static const char * const type_strings[] = {
"VbPrivateKey",
"vb21 public key",
"vb21 private key",
+ "RSA private key",
};
BUILD_ASSERT(ARRAY_SIZE(type_strings) == NUM_FILE_TYPES);
@@ -53,6 +54,7 @@ enum futil_file_type (*recognizers[])(uint8_t *buf, uint32_t len) = {
&recognize_vblock1,
&recognize_vb1_key,
&recognize_vb2_key,
+ &recognize_pem,
};
/* Try to figure out what we're looking at */
diff --git a/futility/file_type.h b/futility/file_type.h
index 43492b20..5e92a399 100644
--- a/futility/file_type.h
+++ b/futility/file_type.h
@@ -25,6 +25,7 @@ enum futil_file_type {
FILE_TYPE_PRIVKEY, /* VbPrivateKey */
FILE_TYPE_VB2_PUBKEY, /* struct vb2_public_key */
FILE_TYPE_VB2_PRIVKEY, /* struct vb2_private_key */
+ FILE_TYPE_PEM, /* RSA .pem file */
NUM_FILE_TYPES
};
@@ -51,5 +52,6 @@ enum futil_file_type recognize_vblock1(uint8_t *buf, uint32_t len);
enum futil_file_type recognize_gpt(uint8_t *buf, uint32_t len);
enum futil_file_type recognize_vb1_key(uint8_t *buf, uint32_t len);
enum futil_file_type recognize_vb2_key(uint8_t *buf, uint32_t len);
+enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len);
#endif /* VBOOT_REFERENCE_FUTILITY_FILE_TYPE_H_ */
diff --git a/futility/traversal.c b/futility/traversal.c
index 3a96cdc2..548d9538 100644
--- a/futility/traversal.c
+++ b/futility/traversal.c
@@ -33,6 +33,7 @@ static int (* const cb_show_funcs[])(struct futil_traverse_state_s *state) = {
futil_cb_show_privkey, /* CB_PRIVKEY */
futil_cb_show_vb2_pubkey, /* CB_VB2_PUBKEY */
futil_cb_show_vb2_privkey, /* CB_VB2_PRIVKEY */
+ futil_cb_show_pem, /* CB_PEM */
};
BUILD_ASSERT(ARRAY_SIZE(cb_show_funcs) == NUM_CB_COMPONENTS);
@@ -55,6 +56,7 @@ static int (* const cb_sign_funcs[])(struct futil_traverse_state_s *state) = {
NULL, /* CB_PRIVKEY */
NULL, /* CB_VB2_PUBKEY */
NULL, /* CB_VB2_PRIVKEY */
+ NULL, /* CB_PEM */
};
BUILD_ASSERT(ARRAY_SIZE(cb_sign_funcs) == NUM_CB_COMPONENTS);
@@ -86,6 +88,7 @@ static const struct {
{CB_PRIVKEY, "VbPrivateKey"}, /* FILE_TYPE_PRIVKEY */
{CB_VB2_PUBKEY, "vb21 public key"}, /* FILE_TYPE_VB2_PUBKEY */
{CB_VB2_PRIVKEY, "vb21 private key"}, /* FILE_TYPE_VB2_PRIVKEY */
+ {CB_PEM, "RSA private key"}, /* FILE_TYPE_PEM */
};
BUILD_ASSERT(ARRAY_SIZE(direct_callback) == NUM_FILE_TYPES);
@@ -160,6 +163,7 @@ static const char * const futil_cb_component_str[] = {
"CB_PRIVKEY",
"CB_VB2_PUBKEY",
"CB_VB2_PRIVKEY",
+ "CB_PEM",
};
BUILD_ASSERT(ARRAY_SIZE(futil_cb_component_str) == NUM_CB_COMPONENTS);
diff --git a/futility/traversal.h b/futility/traversal.h
index 5bdc7c5c..e975469a 100644
--- a/futility/traversal.h
+++ b/futility/traversal.h
@@ -38,6 +38,7 @@ enum futil_cb_component {
CB_PRIVKEY,
CB_VB2_PUBKEY,
CB_VB2_PRIVKEY,
+ CB_PEM,
NUM_CB_COMPONENTS
};
@@ -87,6 +88,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state);
int futil_cb_show_privkey(struct futil_traverse_state_s *state);
int futil_cb_show_vb2_pubkey(struct futil_traverse_state_s *state);
int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state);
+int futil_cb_show_pem(struct futil_traverse_state_s *state);
int futil_cb_sign_pubkey(struct futil_traverse_state_s *state);
int futil_cb_sign_fw_main(struct futil_traverse_state_s *state);
diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c
index 35541617..68287ce1 100644
--- a/futility/vb2_helper.c
+++ b/futility/vb2_helper.c
@@ -4,6 +4,9 @@
* found in the LICENSE file.
*/
+#define OPENSSL_NO_SHA
+#include <openssl/pem.h>
+
#include "2sysincludes.h"
#include "2common.h"
#include "2guid.h"
@@ -145,3 +148,70 @@ int futil_cb_show_vb2_privkey(struct futil_traverse_state_s *state)
vb2_private_key_free(key);
return 0;
}
+
+static RSA *rsa_from_buffer(uint8_t *buf, uint32_t len)
+{
+ BIO *bp;
+ RSA *rsa_key;
+
+ bp = BIO_new_mem_buf(buf, len);
+ if (!bp)
+ return 0;
+
+ rsa_key = PEM_read_bio_RSAPrivateKey(bp, NULL, NULL, NULL);
+ if (!rsa_key) {
+ BIO_free(bp);
+ return 0;
+ }
+
+ BIO_free(bp);
+
+ return rsa_key;
+}
+
+enum futil_file_type recognize_pem(uint8_t *buf, uint32_t len)
+{
+ RSA *rsa_key = rsa_from_buffer(buf, len);
+
+ if (rsa_key) {
+ RSA_free(rsa_key);
+ return FILE_TYPE_PEM;
+ }
+
+ return FILE_TYPE_UNKNOWN;
+}
+
+int futil_cb_show_pem(struct futil_traverse_state_s *state)
+{
+ RSA *rsa_key;
+ uint8_t *keyb, *digest;
+ uint32_t keyb_len;
+ int i, bits;
+
+ printf("Private Key file: %s\n", state->in_filename);
+
+ /* We're called only after recognize_pem, so this should work. */
+ rsa_key = rsa_from_buffer(state->my_area->buf, state->my_area->len);
+ if (!rsa_key)
+ DIE;
+
+ bits = BN_num_bits(rsa_key->n);
+ printf(" Key length: %d\n", bits);
+
+ if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) {
+ printf(" Key sha1sum: <error>");
+ RSA_free(rsa_key);
+ return 1;
+ }
+
+ printf(" Key sha1sum: ");
+ digest = DigestBuf(keyb, keyb_len, SHA1_DIGEST_ALGORITHM);
+ for (i = 0; i < SHA1_DIGEST_SIZE; i++)
+ printf("%02x", digest[i]);
+ printf("\n");
+
+ free(digest);
+ free(keyb);
+ RSA_free(rsa_key);
+ return 0;
+}
diff --git a/tests/futility/test_create.sh b/tests/futility/test_create.sh
index 3c1d38e2..78b9e04a 100755
--- a/tests/futility/test_create.sh
+++ b/tests/futility/test_create.sh
@@ -37,8 +37,12 @@ done
# Demonstrate that the sha1sums are the same for all the keys created from the
# same .pem files, both public and private, vb1 and vb21.
for sig in rsa1024 rsa2048 rsa4096 rsa8192; do
- num=$(${FUTILITY} show ${TMP}_key_${sig}.* | grep sha1sum | uniq | wc -l)
- [ "$num" -eq "1" ]
+ pem_sum=$(${FUTILITY} show "${TESTKEYS}/key_${sig}.pem" |
+ awk '/sha1sum/ {print $3}')
+ key_sums=$(${FUTILITY} show ${TMP}_key_${sig}.* |
+ awk '/sha1sum/ {print $3}' | uniq)
+ # note that this also tests that all the key_sums are the same
+ [ "$pem_sum" = "$key_sums" ]
done
# cleanup
View Lorry Controller Status