OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Verified boot key block utility | 5 * Verified boot key block utility |
6 */ | 6 */ |
7 | 7 |
8 #include <getopt.h> | 8 #include <getopt.h> |
9 #include <inttypes.h> /* For PRIu64 */ | 9 #include <inttypes.h> /* For PRIu64 */ |
10 #include <stdio.h> | 10 #include <stdio.h> |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 if (!data_key) { | 92 if (!data_key) { |
93 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n"); | 93 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n"); |
94 return 1; | 94 return 1; |
95 } | 95 } |
96 signing_key = PrivateKeyRead(signprivate, algorithm); | 96 signing_key = PrivateKeyRead(signprivate, algorithm); |
97 if (!signing_key) { | 97 if (!signing_key) { |
98 fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n"); | 98 fprintf(stderr, "vbutil_keyblock: Error reading signing key.\n"); |
99 return 1; | 99 return 1; |
100 } | 100 } |
101 | 101 |
102 block = CreateKeyBlock(data_key, signing_key, flags); | 102 block = KeyBlockCreate(data_key, signing_key, flags); |
103 Free(data_key); | 103 Free(data_key); |
104 Free(signing_key); | 104 Free(signing_key); |
105 | 105 |
106 if (0 != WriteFile(outfile, block, block->key_block_size)) { | 106 if (0 != KeyBlockWrite(outfile, block)) { |
107 fprintf(stderr, "vbutil_keyblock: Error writing key block.\n"); | 107 fprintf(stderr, "vbutil_keyblock: Error writing key block.\n"); |
108 return 1; | 108 return 1; |
109 } | 109 } |
110 Free(block); | 110 Free(block); |
111 return 0; | 111 return 0; |
112 } | 112 } |
113 | 113 |
114 | 114 |
115 static int Unpack(const char* infile, const char* datapubkey, | 115 static int Unpack(const char* infile, const char* datapubkey, |
116 const char* signpubkey) { | 116 const char* signpubkey) { |
117 VbPublicKey* data_key; | 117 VbPublicKey* data_key; |
118 VbPublicKey* sign_key; | 118 VbPublicKey* sign_key; |
119 VbKeyBlockHeader* block; | 119 VbKeyBlockHeader* block; |
120 uint64_t block_size; | |
121 | 120 |
122 if (!infile || !signpubkey) { | 121 if (!infile || !signpubkey) { |
123 fprintf(stderr, "vbutil_keyblock: Must specify filename and signpubkey\n"); | 122 fprintf(stderr, "vbutil_keyblock: Must specify filename and signpubkey\n"); |
124 return 1; | 123 return 1; |
125 } | 124 } |
126 | 125 |
127 sign_key = PublicKeyRead(signpubkey); | 126 sign_key = PublicKeyRead(signpubkey); |
128 if (!sign_key) { | 127 if (!sign_key) { |
129 fprintf(stderr, "vbutil_keyblock: Error reading signpubkey.\n"); | 128 fprintf(stderr, "vbutil_keyblock: Error reading signpubkey.\n"); |
130 return 1; | 129 return 1; |
131 } | 130 } |
132 | 131 |
133 block = (VbKeyBlockHeader*)ReadFile(infile, &block_size); | 132 block = KeyBlockRead(infile); |
134 if (!block) { | 133 if (!block) { |
135 fprintf(stderr, "vbutil_keyblock: Error reading key block.\n"); | 134 fprintf(stderr, "vbutil_keyblock: Error reading key block.\n"); |
136 return 1; | 135 return 1; |
137 } | 136 } |
138 if (0 != VerifyKeyBlock(block, block_size, sign_key)) { | 137 /* Verify the block with the signing public key, since |
| 138 * KeyBlockRead() only verified the hash. */ |
| 139 /* TODO: should just print a warning, since self-signed key blocks |
| 140 * won't have a public key; signpubkey should also be an optional |
| 141 * argument. */ |
| 142 if (0 != KeyBlockVerify(block, block->key_block_size, sign_key)) { |
139 fprintf(stderr, "vbutil_keyblock: Error verifying key block.\n"); | 143 fprintf(stderr, "vbutil_keyblock: Error verifying key block.\n"); |
140 return 1; | 144 return 1; |
141 } | 145 } |
142 Free(sign_key); | 146 Free(sign_key); |
143 | 147 |
144 printf("Key block file: %s\n", infile); | 148 printf("Key block file: %s\n", infile); |
145 printf("Flags: %" PRIu64 "\n", block->key_block_flags); | 149 printf("Flags: %" PRIu64 "\n", block->key_block_flags); |
146 | 150 |
147 data_key = &block->data_key; | 151 data_key = &block->data_key; |
148 printf("Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm, | 152 printf("Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm, |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
220 switch(mode) { | 224 switch(mode) { |
221 case OPT_MODE_PACK: | 225 case OPT_MODE_PACK: |
222 return Pack(filename, datapubkey, signprivate, algorithm, flags); | 226 return Pack(filename, datapubkey, signprivate, algorithm, flags); |
223 case OPT_MODE_UNPACK: | 227 case OPT_MODE_UNPACK: |
224 return Unpack(filename, datapubkey, signpubkey); | 228 return Unpack(filename, datapubkey, signpubkey); |
225 default: | 229 default: |
226 printf("Must specify a mode.\n"); | 230 printf("Must specify a mode.\n"); |
227 return PrintHelp(); | 231 return PrintHelp(); |
228 } | 232 } |
229 } | 233 } |
OLD | NEW |