| Index: host/lib/host_key.c
|
| diff --git a/host/lib/host_key.c b/host/lib/host_key.c
|
| index fd25afd993e189fa7db495b8c7db4e74c33f494c..da91e666d4354792676206213bcce3a10f53da3d 100644
|
| --- a/host/lib/host_key.c
|
| +++ b/host/lib/host_key.c
|
| @@ -11,6 +11,7 @@
|
| #include <openssl/engine.h>
|
| #include <openssl/pem.h>
|
| #include <openssl/rsa.h>
|
| +#include <openssl/x509.h>
|
|
|
| #include <stdio.h>
|
| #include <stdlib.h>
|
| @@ -31,21 +32,21 @@ VbPrivateKey* PrivateKeyReadPem(const char* filename, uint64_t algorithm) {
|
| FILE* f;
|
|
|
| if (algorithm >= kNumAlgorithms) {
|
| - debug("%s() called with invalid algorithm!\n", __FUNCTION__);
|
| + VBDEBUG(("%s() called with invalid algorithm!\n", __FUNCTION__));
|
| return NULL;
|
| }
|
|
|
| /* Read private key */
|
| f = fopen(filename, "r");
|
| if (!f) {
|
| - debug("%s(): Couldn't open key file: %s\n", __FUNCTION__, filename);
|
| + VBDEBUG(("%s(): Couldn't open key file: %s\n", __FUNCTION__, filename));
|
| return NULL;
|
| }
|
| rsa_key = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL);
|
| fclose(f);
|
| if (!rsa_key) {
|
| - debug("%s(): Couldn't read private key from file: %s\n", __FUNCTION__,
|
| - filename);
|
| + VBDEBUG(("%s(): Couldn't read private key from file: %s\n", __FUNCTION__,
|
| + filename));
|
| return NULL;
|
| }
|
|
|
| @@ -72,6 +73,83 @@ void PrivateKeyFree(VbPrivateKey* key) {
|
| }
|
|
|
|
|
| +/* Write a private key to a file in .vbprivk format. */
|
| +int PrivateKeyWrite(const char* filename, const VbPrivateKey* key) {
|
| + uint8_t *outbuf = 0;
|
| + int buflen;
|
| + FILE *f;
|
| +
|
| + buflen = i2d_RSAPrivateKey(key->rsa_private_key, &outbuf);
|
| + if (buflen <= 0) {
|
| + error("Unable to write private key buffer\n");
|
| + return 1;
|
| + }
|
| +
|
| + f = fopen(filename, "wb");
|
| + if (!f) {
|
| + error("Unable to open file %s\n", filename);
|
| + Free(outbuf);
|
| + return 1;
|
| + }
|
| +
|
| + if (1 != fwrite(&key->algorithm, sizeof(key->algorithm), 1, f)) {
|
| + error("Unable to write to file %s\n", filename);
|
| + fclose(f);
|
| + Free(outbuf);
|
| + unlink(filename); /* Delete any partial file */
|
| + }
|
| +
|
| + if (1 != fwrite(outbuf, buflen, 1, f)) {
|
| + error("Unable to write to file %s\n", filename);
|
| + fclose(f);
|
| + unlink(filename); /* Delete any partial file */
|
| + Free(outbuf);
|
| + }
|
| +
|
| + fclose(f);
|
| + Free(outbuf);
|
| + return 0;
|
| +}
|
| +
|
| +VbPrivateKey* PrivateKeyRead(const char* filename) {
|
| + VbPrivateKey *key;
|
| + uint64_t filelen = 0;
|
| + uint8_t *buffer;
|
| + const unsigned char *start;
|
| +
|
| + buffer = ReadFile(filename, &filelen);
|
| + if (!buffer) {
|
| + error("unable to read from file %s\n", filename);
|
| + return 0;
|
| + }
|
| +
|
| + key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey));
|
| + if (!key) {
|
| + error("Unable to allocate VbPrivateKey\n");
|
| + Free(buffer);
|
| + return 0;
|
| + }
|
| +
|
| + key->algorithm = *(typeof(key->algorithm) *)buffer;
|
| + start = buffer + sizeof(key->algorithm);
|
| +
|
| + key->rsa_private_key = d2i_RSAPrivateKey(0, &start,
|
| + filelen - sizeof(key->algorithm));
|
| +
|
| + if (!key->rsa_private_key) {
|
| + error("Unable to parse RSA private key\n");
|
| + Free(buffer);
|
| + Free(key);
|
| + return 0;
|
| + }
|
| +
|
| + Free(buffer);
|
| + return key;
|
| +}
|
| +
|
| +
|
| +
|
| +
|
| /* Allocate a new public key with space for a [key_size] byte key. */
|
| VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm,
|
| uint64_t version) {
|
| @@ -94,12 +172,12 @@ VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,
|
| uint64_t key_size;
|
|
|
| if (algorithm >= kNumAlgorithms) {
|
| - debug("PublicKeyReadKeyb() called with invalid algorithm!\n");
|
| + VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n"));
|
| return NULL;
|
| }
|
| if (version > 0xFFFF) {
|
| /* Currently, TPM only supports 16-bit version */
|
| - debug("PublicKeyReadKeyb() called with invalid version!\n");
|
| + VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n"));
|
| return NULL;
|
| }
|
|
|
| @@ -108,7 +186,7 @@ VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,
|
| return NULL;
|
|
|
| if (RSAProcessedKeySize(algorithm) != key_size) {
|
| - debug("PublicKeyReadKeyb() wrong key size for algorithm\n");
|
| + VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n"));
|
| Free(key_data);
|
| return NULL;
|
| }
|
| @@ -136,19 +214,19 @@ VbPublicKey* PublicKeyRead(const char* filename) {
|
| do {
|
| /* Sanity-check key data */
|
| if (0 != VerifyPublicKeyInside(key, file_size, key)) {
|
| - debug("PublicKeyRead() not a VbPublicKey\n");
|
| + VBDEBUG(("PublicKeyRead() not a VbPublicKey\n"));
|
| break;
|
| }
|
| if (key->algorithm >= kNumAlgorithms) {
|
| - debug("PublicKeyRead() invalid algorithm\n");
|
| + VBDEBUG(("PublicKeyRead() invalid algorithm\n"));
|
| break;
|
| }
|
| if (key->key_version > 0xFFFF) {
|
| - debug("PublicKeyRead() invalid version\n");
|
| + VBDEBUG(("PublicKeyRead() invalid version\n"));
|
| break; /* Currently, TPM only supports 16-bit version */
|
| }
|
| if (RSAProcessedKeySize(key->algorithm) != key->key_size) {
|
| - debug("PublicKeyRead() wrong key size for algorithm\n");
|
| + VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n"));
|
| break;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2871033:
Switch to using .vbprivk for signing everything now. (Closed)
Base URL: ssh://git@chromiumos-git//vboot_reference.git