| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Host functions for keys. | 5 * Host functions for keys. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ | 8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ |
| 9 | 9 |
| 10 #define OPENSSL_NO_SHA | 10 #define OPENSSL_NO_SHA |
| 11 #include <openssl/engine.h> | 11 #include <openssl/engine.h> |
| 12 #include <openssl/pem.h> | 12 #include <openssl/pem.h> |
| 13 #include <openssl/rsa.h> | 13 #include <openssl/rsa.h> |
| 14 #include <openssl/x509.h> |
| 14 | 15 |
| 15 #include <stdio.h> | 16 #include <stdio.h> |
| 16 #include <stdlib.h> | 17 #include <stdlib.h> |
| 17 #include <unistd.h> | 18 #include <unistd.h> |
| 18 | 19 |
| 19 #include "host_key.h" | 20 #include "host_key.h" |
| 20 | 21 |
| 21 #include "cryptolib.h" | 22 #include "cryptolib.h" |
| 22 #include "host_misc.h" | 23 #include "host_misc.h" |
| 23 #include "utility.h" | 24 #include "utility.h" |
| 24 #include "vboot_common.h" | 25 #include "vboot_common.h" |
| 25 | 26 |
| 26 | 27 |
| 27 VbPrivateKey* PrivateKeyReadPem(const char* filename, uint64_t algorithm) { | 28 VbPrivateKey* PrivateKeyReadPem(const char* filename, uint64_t algorithm) { |
| 28 | 29 |
| 29 VbPrivateKey* key; | 30 VbPrivateKey* key; |
| 30 RSA* rsa_key; | 31 RSA* rsa_key; |
| 31 FILE* f; | 32 FILE* f; |
| 32 | 33 |
| 33 if (algorithm >= kNumAlgorithms) { | 34 if (algorithm >= kNumAlgorithms) { |
| 34 debug("%s() called with invalid algorithm!\n", __FUNCTION__); | 35 VBDEBUG(("%s() called with invalid algorithm!\n", __FUNCTION__)); |
| 35 return NULL; | 36 return NULL; |
| 36 } | 37 } |
| 37 | 38 |
| 38 /* Read private key */ | 39 /* Read private key */ |
| 39 f = fopen(filename, "r"); | 40 f = fopen(filename, "r"); |
| 40 if (!f) { | 41 if (!f) { |
| 41 debug("%s(): Couldn't open key file: %s\n", __FUNCTION__, filename); | 42 VBDEBUG(("%s(): Couldn't open key file: %s\n", __FUNCTION__, filename)); |
| 42 return NULL; | 43 return NULL; |
| 43 } | 44 } |
| 44 rsa_key = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL); | 45 rsa_key = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL); |
| 45 fclose(f); | 46 fclose(f); |
| 46 if (!rsa_key) { | 47 if (!rsa_key) { |
| 47 debug("%s(): Couldn't read private key from file: %s\n", __FUNCTION__, | 48 VBDEBUG(("%s(): Couldn't read private key from file: %s\n", __FUNCTION__, |
| 48 filename); | 49 filename)); |
| 49 return NULL; | 50 return NULL; |
| 50 } | 51 } |
| 51 | 52 |
| 52 /* Store key and algorithm in our struct */ | 53 /* Store key and algorithm in our struct */ |
| 53 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey)); | 54 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey)); |
| 54 if (!key) { | 55 if (!key) { |
| 55 RSA_free(rsa_key); | 56 RSA_free(rsa_key); |
| 56 return NULL; | 57 return NULL; |
| 57 } | 58 } |
| 58 key->rsa_private_key = rsa_key; | 59 key->rsa_private_key = rsa_key; |
| 59 key->algorithm = algorithm; | 60 key->algorithm = algorithm; |
| 60 | 61 |
| 61 /* Return the key */ | 62 /* Return the key */ |
| 62 return key; | 63 return key; |
| 63 } | 64 } |
| 64 | 65 |
| 65 | 66 |
| 66 void PrivateKeyFree(VbPrivateKey* key) { | 67 void PrivateKeyFree(VbPrivateKey* key) { |
| 67 if (!key) | 68 if (!key) |
| 68 return; | 69 return; |
| 69 if (key->rsa_private_key) | 70 if (key->rsa_private_key) |
| 70 RSA_free(key->rsa_private_key); | 71 RSA_free(key->rsa_private_key); |
| 71 Free(key); | 72 Free(key); |
| 72 } | 73 } |
| 73 | 74 |
| 74 | 75 |
| 76 /* Write a private key to a file in .vbprivk format. */ |
| 77 int PrivateKeyWrite(const char* filename, const VbPrivateKey* key) { |
| 78 uint8_t *outbuf = 0; |
| 79 int buflen; |
| 80 FILE *f; |
| 81 |
| 82 buflen = i2d_RSAPrivateKey(key->rsa_private_key, &outbuf); |
| 83 if (buflen <= 0) { |
| 84 error("Unable to write private key buffer\n"); |
| 85 return 1; |
| 86 } |
| 87 |
| 88 f = fopen(filename, "wb"); |
| 89 if (!f) { |
| 90 error("Unable to open file %s\n", filename); |
| 91 Free(outbuf); |
| 92 return 1; |
| 93 } |
| 94 |
| 95 if (1 != fwrite(&key->algorithm, sizeof(key->algorithm), 1, f)) { |
| 96 error("Unable to write to file %s\n", filename); |
| 97 fclose(f); |
| 98 Free(outbuf); |
| 99 unlink(filename); /* Delete any partial file */ |
| 100 } |
| 101 |
| 102 if (1 != fwrite(outbuf, buflen, 1, f)) { |
| 103 error("Unable to write to file %s\n", filename); |
| 104 fclose(f); |
| 105 unlink(filename); /* Delete any partial file */ |
| 106 Free(outbuf); |
| 107 } |
| 108 |
| 109 fclose(f); |
| 110 Free(outbuf); |
| 111 return 0; |
| 112 } |
| 113 |
| 114 VbPrivateKey* PrivateKeyRead(const char* filename) { |
| 115 VbPrivateKey *key; |
| 116 uint64_t filelen = 0; |
| 117 uint8_t *buffer; |
| 118 const unsigned char *start; |
| 119 |
| 120 buffer = ReadFile(filename, &filelen); |
| 121 if (!buffer) { |
| 122 error("unable to read from file %s\n", filename); |
| 123 return 0; |
| 124 } |
| 125 |
| 126 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey)); |
| 127 if (!key) { |
| 128 error("Unable to allocate VbPrivateKey\n"); |
| 129 Free(buffer); |
| 130 return 0; |
| 131 } |
| 132 |
| 133 key->algorithm = *(typeof(key->algorithm) *)buffer; |
| 134 start = buffer + sizeof(key->algorithm); |
| 135 |
| 136 key->rsa_private_key = d2i_RSAPrivateKey(0, &start, |
| 137 filelen - sizeof(key->algorithm)); |
| 138 |
| 139 if (!key->rsa_private_key) { |
| 140 error("Unable to parse RSA private key\n"); |
| 141 Free(buffer); |
| 142 Free(key); |
| 143 return 0; |
| 144 } |
| 145 |
| 146 Free(buffer); |
| 147 return key; |
| 148 } |
| 149 |
| 150 |
| 151 |
| 152 |
| 75 /* Allocate a new public key with space for a [key_size] byte key. */ | 153 /* Allocate a new public key with space for a [key_size] byte key. */ |
| 76 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, | 154 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, |
| 77 uint64_t version) { | 155 uint64_t version) { |
| 78 VbPublicKey* key = (VbPublicKey*)Malloc(sizeof(VbPublicKey) + key_size); | 156 VbPublicKey* key = (VbPublicKey*)Malloc(sizeof(VbPublicKey) + key_size); |
| 79 if (!key) | 157 if (!key) |
| 80 return NULL; | 158 return NULL; |
| 81 | 159 |
| 82 key->algorithm = algorithm; | 160 key->algorithm = algorithm; |
| 83 key->key_version = version; | 161 key->key_version = version; |
| 84 key->key_size = key_size; | 162 key->key_size = key_size; |
| 85 key->key_offset = sizeof(VbPublicKey); | 163 key->key_offset = sizeof(VbPublicKey); |
| 86 return key; | 164 return key; |
| 87 } | 165 } |
| 88 | 166 |
| 89 | 167 |
| 90 VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm, | 168 VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm, |
| 91 uint64_t version) { | 169 uint64_t version) { |
| 92 VbPublicKey* key; | 170 VbPublicKey* key; |
| 93 uint8_t* key_data; | 171 uint8_t* key_data; |
| 94 uint64_t key_size; | 172 uint64_t key_size; |
| 95 | 173 |
| 96 if (algorithm >= kNumAlgorithms) { | 174 if (algorithm >= kNumAlgorithms) { |
| 97 debug("PublicKeyReadKeyb() called with invalid algorithm!\n"); | 175 VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n")); |
| 98 return NULL; | 176 return NULL; |
| 99 } | 177 } |
| 100 if (version > 0xFFFF) { | 178 if (version > 0xFFFF) { |
| 101 /* Currently, TPM only supports 16-bit version */ | 179 /* Currently, TPM only supports 16-bit version */ |
| 102 debug("PublicKeyReadKeyb() called with invalid version!\n"); | 180 VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n")); |
| 103 return NULL; | 181 return NULL; |
| 104 } | 182 } |
| 105 | 183 |
| 106 key_data = ReadFile(filename, &key_size); | 184 key_data = ReadFile(filename, &key_size); |
| 107 if (!key_data) | 185 if (!key_data) |
| 108 return NULL; | 186 return NULL; |
| 109 | 187 |
| 110 if (RSAProcessedKeySize(algorithm) != key_size) { | 188 if (RSAProcessedKeySize(algorithm) != key_size) { |
| 111 debug("PublicKeyReadKeyb() wrong key size for algorithm\n"); | 189 VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n")); |
| 112 Free(key_data); | 190 Free(key_data); |
| 113 return NULL; | 191 return NULL; |
| 114 } | 192 } |
| 115 | 193 |
| 116 key = PublicKeyAlloc(key_size, algorithm, version); | 194 key = PublicKeyAlloc(key_size, algorithm, version); |
| 117 if (!key) { | 195 if (!key) { |
| 118 Free(key_data); | 196 Free(key_data); |
| 119 return NULL; | 197 return NULL; |
| 120 } | 198 } |
| 121 Memcpy(GetPublicKeyData(key), key_data, key_size); | 199 Memcpy(GetPublicKeyData(key), key_data, key_size); |
| 122 | 200 |
| 123 Free(key_data); | 201 Free(key_data); |
| 124 return key; | 202 return key; |
| 125 } | 203 } |
| 126 | 204 |
| 127 | 205 |
| 128 VbPublicKey* PublicKeyRead(const char* filename) { | 206 VbPublicKey* PublicKeyRead(const char* filename) { |
| 129 VbPublicKey* key; | 207 VbPublicKey* key; |
| 130 uint64_t file_size; | 208 uint64_t file_size; |
| 131 | 209 |
| 132 key = (VbPublicKey*)ReadFile(filename, &file_size); | 210 key = (VbPublicKey*)ReadFile(filename, &file_size); |
| 133 if (!key) | 211 if (!key) |
| 134 return NULL; | 212 return NULL; |
| 135 | 213 |
| 136 do { | 214 do { |
| 137 /* Sanity-check key data */ | 215 /* Sanity-check key data */ |
| 138 if (0 != VerifyPublicKeyInside(key, file_size, key)) { | 216 if (0 != VerifyPublicKeyInside(key, file_size, key)) { |
| 139 debug("PublicKeyRead() not a VbPublicKey\n"); | 217 VBDEBUG(("PublicKeyRead() not a VbPublicKey\n")); |
| 140 break; | 218 break; |
| 141 } | 219 } |
| 142 if (key->algorithm >= kNumAlgorithms) { | 220 if (key->algorithm >= kNumAlgorithms) { |
| 143 debug("PublicKeyRead() invalid algorithm\n"); | 221 VBDEBUG(("PublicKeyRead() invalid algorithm\n")); |
| 144 break; | 222 break; |
| 145 } | 223 } |
| 146 if (key->key_version > 0xFFFF) { | 224 if (key->key_version > 0xFFFF) { |
| 147 debug("PublicKeyRead() invalid version\n"); | 225 VBDEBUG(("PublicKeyRead() invalid version\n")); |
| 148 break; /* Currently, TPM only supports 16-bit version */ | 226 break; /* Currently, TPM only supports 16-bit version */ |
| 149 } | 227 } |
| 150 if (RSAProcessedKeySize(key->algorithm) != key->key_size) { | 228 if (RSAProcessedKeySize(key->algorithm) != key->key_size) { |
| 151 debug("PublicKeyRead() wrong key size for algorithm\n"); | 229 VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n")); |
| 152 break; | 230 break; |
| 153 } | 231 } |
| 154 | 232 |
| 155 /* Success */ | 233 /* Success */ |
| 156 return key; | 234 return key; |
| 157 | 235 |
| 158 } while(0); | 236 } while(0); |
| 159 | 237 |
| 160 /* Error */ | 238 /* Error */ |
| 161 Free(key); | 239 Free(key); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 174 if (0 != PublicKeyCopy(kcopy, key)) { | 252 if (0 != PublicKeyCopy(kcopy, key)) { |
| 175 Free(kcopy); | 253 Free(kcopy); |
| 176 return 1; | 254 return 1; |
| 177 } | 255 } |
| 178 | 256 |
| 179 /* Write the copy, then free it */ | 257 /* Write the copy, then free it */ |
| 180 rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size); | 258 rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size); |
| 181 Free(kcopy); | 259 Free(kcopy); |
| 182 return rv; | 260 return rv; |
| 183 } | 261 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2871033:
Switch to using .vbprivk for signing everything now. (Closed)
Base URL: ssh://git@chromiumos-git//vboot_reference.git