OLD | NEW |
---|---|
(Empty) | |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | |
2 * Use of this source code is governed by a BSD-style license that can be | |
3 * found in the LICENSE file. | |
4 * | |
5 * Host functions for keys. | |
6 */ | |
7 | |
8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ | |
9 | |
10 #define OPENSSL_NO_SHA | |
11 #include <openssl/engine.h> | |
12 #include <openssl/pem.h> | |
13 #include <openssl/rsa.h> | |
14 | |
15 #include <stdio.h> | |
16 #include <stdlib.h> | |
17 #include <unistd.h> | |
18 | |
19 #include "host_key.h" | |
20 | |
21 #include "cryptolib.h" | |
22 #include "file_keys.h" | |
23 #include "utility.h" | |
24 #include "vboot_common.h" | |
25 | |
26 | |
27 VbPrivateKey* PrivateKeyRead(const char* filename, uint64_t algorithm) { | |
28 | |
29 VbPrivateKey* key; | |
30 RSA* rsa_key; | |
31 FILE* f; | |
32 | |
33 if (algorithm >= kNumAlgorithms) { | |
34 debug("PrivateKeyRead() called with invalid algorithm!\n"); | |
35 return NULL; | |
36 } | |
37 | |
38 /* Read private key */ | |
39 f = fopen(filename, "r"); | |
40 if (!f) { | |
41 debug("PrivateKeyRead(): Couldn't open key file: %s\n", filename); | |
42 return NULL; | |
43 } | |
44 rsa_key = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL); | |
45 fclose(f); | |
46 if (!rsa_key) { | |
47 debug("PrivateKeyRead(): Couldn't read private key from file: %s\n", | |
48 filename); | |
49 return NULL; | |
50 } | |
51 | |
52 /* Store key and algorithm in our struct */ | |
53 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey)); | |
54 if (!key) { | |
55 RSA_free(rsa_key); | |
56 return NULL; | |
57 } | |
58 key->rsa_private_key = rsa_key; | |
59 key->algorithm = algorithm; | |
60 | |
61 /* Return the key */ | |
62 return key; | |
63 } | |
64 | |
65 | |
66 void PrivateKeyFree(VbPrivateKey* key) { | |
67 if (!key) | |
68 return; | |
69 if (key->rsa_private_key) | |
70 RSA_free(key->rsa_private_key); | |
71 Free(key); | |
72 } | |
73 | |
74 | |
75 void PublicKeyInit(VbPublicKey* key, uint8_t* key_data, uint64_t key_size) { | |
76 key->key_offset = OffsetOf(key, key_data); | |
77 key->key_size = key_size; | |
78 key->algorithm = kNumAlgorithms; /* Key not present yet */ | |
79 key->key_version = 0; | |
80 } | |
81 | |
82 | |
83 /* Allocate a new public key with space for a [key_size] byte key. */ | |
gauravsh
2010/06/10 14:44:13
nit: there's a possibility of confusion with what
| |
84 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, | |
85 uint64_t version) { | |
86 VbPublicKey* key = (VbPublicKey*)Malloc(sizeof(VbPublicKey) + key_size); | |
87 if (!key) | |
88 return NULL; | |
89 | |
90 key->algorithm = algorithm; | |
91 key->key_version = version; | |
92 key->key_size = key_size; | |
93 key->key_offset = sizeof(VbPublicKey); | |
94 return key; | |
95 } | |
96 | |
97 | |
98 /* Copy a public key from [src] to [dest]. | |
99 * | |
100 * Returns zero if success, non-zero if error. */ | |
101 int PublicKeyCopy(VbPublicKey* dest, const VbPublicKey* src) { | |
102 if (dest->key_size < src->key_size) | |
gauravsh
2010/06/10 14:44:13
shouldn't we always return an error if dest key_si
| |
103 return 1; | |
104 | |
105 dest->key_size = src->key_size; | |
106 dest->algorithm = src->algorithm; | |
107 dest->key_version = src->key_version; | |
108 Memcpy(GetPublicKeyData(dest), GetPublicKeyDataC(src), src->key_size); | |
109 return 0; | |
110 } | |
111 | |
112 | |
113 VbPublicKey* PublicKeyRead(const char* filename, uint64_t algorithm, | |
114 uint64_t version) { | |
115 | |
116 VbPublicKey* key; | |
117 uint8_t* key_data; | |
118 uint64_t key_size; | |
119 | |
120 if (algorithm >= kNumAlgorithms) { | |
121 debug("PublicKeyRead() called with invalid algorithm!\n"); | |
122 return NULL; | |
123 } | |
124 if (version > 0xFFFF) { | |
125 /* Currently, TPM only supports 16-bit version */ | |
126 debug("PublicKeyRead() called with invalid version!\n"); | |
127 return NULL; | |
128 } | |
129 | |
130 key_data = BufferFromFile(filename, &key_size); | |
131 if (!key_data) | |
132 return NULL; | |
133 | |
134 /* TODO: sanity-check key length based on algorithm */ | |
135 | |
136 key = PublicKeyAlloc(key_size, algorithm, version); | |
137 if (!key) { | |
138 Free(key_data); | |
139 return NULL; | |
140 } | |
141 Memcpy(GetPublicKeyData(key), key_data, key_size); | |
142 | |
143 Free(key_data); | |
144 return key; | |
145 } | |
OLD | NEW |