OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Developer file-signing utility | 5 * Developer file-signing utility |
6 */ | 6 */ |
7 | 7 |
8 #include <errno.h> | 8 #include <errno.h> |
9 #include <getopt.h> | 9 #include <getopt.h> |
10 #include <inttypes.h> /* For PRIu64 */ | 10 #include <inttypes.h> /* For PRIu64 */ |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
60 " Private key to sign file data, in .vbprivk format\n" | 60 " Private key to sign file data, in .vbprivk format\n" |
61 " --vblock <file> Output signature in .vblock format\n" | 61 " --vblock <file> Output signature in .vblock format\n" |
62 "\n", | 62 "\n", |
63 progname); | 63 progname); |
64 fprintf(stderr, | 64 fprintf(stderr, |
65 "OR\n\n" | 65 "OR\n\n" |
66 "Usage: %s --verify <file> [PARAMETERS]\n" | 66 "Usage: %s --verify <file> [PARAMETERS]\n" |
67 "\n" | 67 "\n" |
68 " Required parameters:\n" | 68 " Required parameters:\n" |
69 " --vblock <file> Signature file in .vblock format\n" | 69 " --vblock <file> Signature file in .vblock format\n" |
| 70 "\n" |
| 71 " Optional parameters:\n" |
| 72 " --keyblock <file>" |
| 73 " Extract .keyblock to file if verification succeeds\n" |
70 "\n", | 74 "\n", |
71 progname); | 75 progname); |
72 return 1; | 76 return 1; |
73 } | 77 } |
74 | 78 |
75 static void Debug(const char *format, ...) { | 79 static void Debug(const char *format, ...) { |
76 if (!opt_debug) | 80 if (!opt_debug) |
77 return; | 81 return; |
78 | 82 |
79 va_list ap; | 83 va_list ap; |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
158 Free(preamble); | 162 Free(preamble); |
159 Free(body_sig); | 163 Free(body_sig); |
160 Free(signing_key); | 164 Free(signing_key); |
161 Free(key_block); | 165 Free(key_block); |
162 Free(file_data); | 166 Free(file_data); |
163 | 167 |
164 /* Success */ | 168 /* Success */ |
165 return 0; | 169 return 0; |
166 } | 170 } |
167 | 171 |
168 static int Verify(const char* filename, const char* vblock_file) { | 172 static int Verify(const char* filename, const char* vblock_file, |
| 173 const char* keyblock_file) { |
169 uint8_t* file_data; | 174 uint8_t* file_data; |
170 uint64_t file_size; | 175 uint64_t file_size; |
171 uint8_t* buf; | 176 uint8_t* buf; |
172 uint64_t buf_size; | 177 uint64_t buf_size; |
173 VbKeyBlockHeader* key_block; | 178 VbKeyBlockHeader* key_block; |
174 VbKernelPreambleHeader* preamble; | 179 VbKernelPreambleHeader* preamble; |
175 VbPublicKey* data_key; | 180 VbPublicKey* data_key; |
176 RSAPublicKey* rsa; | 181 RSAPublicKey* rsa; |
177 uint64_t current_buf_offset = 0; | 182 uint64_t current_buf_offset = 0; |
178 | 183 |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
249 preamble->bootloader_address); | 254 preamble->bootloader_address); |
250 printf(" Bootloader size: 0x%" PRIx64 "\n", preamble->bootloader_size); | 255 printf(" Bootloader size: 0x%" PRIx64 "\n", preamble->bootloader_size); |
251 | 256 |
252 /* Verify body */ | 257 /* Verify body */ |
253 if (0 != VerifyData(file_data, file_size, &preamble->body_signature, rsa)) { | 258 if (0 != VerifyData(file_data, file_size, &preamble->body_signature, rsa)) { |
254 error("Error verifying kernel body.\n"); | 259 error("Error verifying kernel body.\n"); |
255 return 1; | 260 return 1; |
256 } | 261 } |
257 printf("Body verification succeeded.\n"); | 262 printf("Body verification succeeded.\n"); |
258 | 263 |
| 264 if (keyblock_file) { |
| 265 if (0 != WriteFile(keyblock_file, key_block, key_block->key_block_size)) { |
| 266 error("Unable to export keyblock file\n"); |
| 267 return 1; |
| 268 } |
| 269 printf("Key block exported to %s\n", keyblock_file); |
| 270 } |
| 271 |
259 return 0; | 272 return 0; |
260 } | 273 } |
261 | 274 |
262 | 275 |
263 int main(int argc, char* argv[]) { | 276 int main(int argc, char* argv[]) { |
264 char* filename = NULL; | 277 char* filename = NULL; |
265 char* keyblock_file = NULL; | 278 char* keyblock_file = NULL; |
266 char* signprivate_file = NULL; | 279 char* signprivate_file = NULL; |
267 char* vblock_file = NULL; | 280 char* vblock_file = NULL; |
268 int mode = 0; | 281 int mode = 0; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
322 fprintf(stderr, "Some required options are missing\n"); | 335 fprintf(stderr, "Some required options are missing\n"); |
323 return PrintHelp(progname); | 336 return PrintHelp(progname); |
324 } | 337 } |
325 return Sign(filename, keyblock_file, signprivate_file, vblock_file); | 338 return Sign(filename, keyblock_file, signprivate_file, vblock_file); |
326 | 339 |
327 case OPT_MODE_VERIFY: | 340 case OPT_MODE_VERIFY: |
328 if (!vblock_file) { | 341 if (!vblock_file) { |
329 fprintf(stderr, "Some required options are missing\n"); | 342 fprintf(stderr, "Some required options are missing\n"); |
330 return PrintHelp(progname); | 343 return PrintHelp(progname); |
331 } | 344 } |
332 return Verify(filename, vblock_file); | 345 return Verify(filename, vblock_file, keyblock_file); |
333 | 346 |
334 default: | 347 default: |
335 fprintf(stderr, | 348 fprintf(stderr, |
336 "You must specify either --sign or --verify\n"); | 349 "You must specify either --sign or --verify\n"); |
337 return PrintHelp(progname); | 350 return PrintHelp(progname); |
338 } | 351 } |
339 | 352 |
340 /* NOTREACHED */ | 353 /* NOTREACHED */ |
341 return 1; | 354 return 1; |
342 } | 355 } |
OLD | NEW |