1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Host functions for keys.
*/
/* TODO: change all 'return 0', 'return 1' into meaningful return codes */
#include <openssl/pem.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
#include "2sha.h"
#include "cryptolib.h"
#include "host_common.h"
#include "host_key.h"
#include "host_key2.h"
#include "host_misc.h"
#include "vb2_common.h"
#include "vboot_common.h"
enum vb2_crypto_algorithm vb2_get_crypto_algorithm(
enum vb2_hash_algorithm hash_alg,
enum vb2_signature_algorithm sig_alg)
{
/* Make sure algorithms are in the range supported by crypto alg */
if (sig_alg < VB2_SIG_RSA1024 || sig_alg > VB2_SIG_RSA8192)
return VB2_ALG_COUNT;
if (hash_alg < VB2_HASH_SHA1 || hash_alg > VB2_HASH_SHA512)
return VB2_ALG_COUNT;
return (sig_alg - VB2_SIG_RSA1024)
* (VB2_HASH_SHA512 - VB2_HASH_SHA1 + 1)
+ (hash_alg - VB2_HASH_SHA1);
};
struct vb2_private_key *vb2_read_private_key(const char *filename)
{
uint8_t *buf = NULL;
uint32_t bufsize = 0;
if (VB2_SUCCESS != vb2_read_file(filename, &buf, &bufsize)) {
VbExError("unable to read from file %s\n", filename);
return NULL;
}
struct vb2_private_key *key =
(struct vb2_private_key *)calloc(sizeof(*key), 1);
if (!key) {
VbExError("Unable to allocate private key\n");
free(buf);
return NULL;
}
uint64_t alg = *(uint64_t *)buf;
key->hash_alg = vb2_crypto_to_hash(alg);
key->sig_alg = vb2_crypto_to_signature(alg);
const unsigned char *start = buf + sizeof(alg);
key->rsa_private_key =
d2i_RSAPrivateKey(0, &start, bufsize - sizeof(alg));
if (!key->rsa_private_key) {
VbExError("Unable to parse RSA private key\n");
free(buf);
free(key);
return NULL;
}
free(buf);
return key;
}
struct vb2_private_key *vb2_read_private_key_pem(
const char* filename,
enum vb2_crypto_algorithm algorithm)
{
if (algorithm >= VB2_ALG_COUNT) {
VB2_DEBUG("%s() called with invalid algorithm!\n",
__FUNCTION__);
return NULL;
}
/* Read private key */
FILE *f = fopen(filename, "r");
if (!f) {
VB2_DEBUG("%s(): Couldn't open key file: %s\n",
__FUNCTION__, filename);
return NULL;
}
struct rsa_st *rsa_key = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL);
fclose(f);
if (!rsa_key) {
VB2_DEBUG("%s(): Couldn't read private key from file: %s\n",
__FUNCTION__, filename);
return NULL;
}
/* Store key and algorithm in our struct */
struct vb2_private_key *key =
(struct vb2_private_key *)calloc(sizeof(*key), 1);
if (!key) {
RSA_free(rsa_key);
return NULL;
}
key->rsa_private_key = rsa_key;
key->hash_alg = vb2_crypto_to_hash(algorithm);
key->sig_alg = vb2_crypto_to_signature(algorithm);
/* Return the key */
return key;
}
void vb2_free_private_key(struct vb2_private_key *key)
{
if (!key)
return;
if (key->rsa_private_key)
RSA_free(key->rsa_private_key);
free(key);
}
int vb2_write_private_key(const char *filename,
const struct vb2_private_key *key)
{
/* Convert back to legacy vb1 algorithm enum */
uint64_t alg = vb2_get_crypto_algorithm(key->hash_alg, key->sig_alg);
if (alg == VB2_ALG_COUNT)
return VB2_ERROR_VB1_CRYPTO_ALGORITHM;
uint8_t *outbuf = NULL;
int buflen = i2d_RSAPrivateKey(key->rsa_private_key, &outbuf);
if (buflen <= 0) {
fprintf(stderr, "Unable to write private key buffer\n");
return VB2_ERROR_PRIVATE_KEY_WRITE_RSA;
}
FILE *f = fopen(filename, "wb");
if (!f) {
fprintf(stderr, "Unable to open file %s\n", filename);
free(outbuf);
return VB2_ERROR_PRIVATE_KEY_WRITE_FILE;
}
if (1 != fwrite(&alg, sizeof(alg), 1, f) ||
1 != fwrite(outbuf, buflen, 1, f)) {
fprintf(stderr, "Unable to write to file %s\n", filename);
fclose(f);
unlink(filename); /* Delete any partial file */
free(outbuf);
return VB2_ERROR_PRIVATE_KEY_WRITE_FILE;
}
fclose(f);
free(outbuf);
return VB2_SUCCESS;
}
void vb2_init_packed_key(struct vb2_packed_key *key, uint8_t *key_data,
uint32_t key_size)
{
memset(key, 0, sizeof(*key));
key->key_offset = vb2_offset_of(key, key_data);
key->key_size = key_size;
key->algorithm = VB2_ALG_COUNT; /* Key not present yet */
}
int vb2_copy_packed_key(struct vb2_packed_key *dest,
const struct vb2_packed_key *src)
{
if (dest->key_size < src->key_size)
return VB2_ERROR_COPY_KEY_SIZE;
dest->key_size = src->key_size;
dest->algorithm = src->algorithm;
dest->key_version = src->key_version;
memcpy((uint8_t *)vb2_packed_key_data(dest),
vb2_packed_key_data(src), src->key_size);
return VB2_SUCCESS;
}
struct vb2_packed_key *vb2_read_packed_key(const char *filename)
{
struct vb2_packed_key *key;
uint32_t file_size;
if (VB2_SUCCESS !=
vb2_read_file(filename, (uint8_t **)&key, &file_size)) {
return NULL;
}
if (packed_key_looks_ok(key, file_size))
return key;
/* Error */
free(key);
return NULL;
}
|
