| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Host functions for keys. | 5 * Host functions for keys. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ | 8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ |
| 9 | 9 |
| 10 #define OPENSSL_NO_SHA | 10 #define OPENSSL_NO_SHA |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 109 fclose(f); | 109 fclose(f); |
| 110 Free(outbuf); | 110 Free(outbuf); |
| 111 return 0; | 111 return 0; |
| 112 } | 112 } |
| 113 | 113 |
| 114 VbPrivateKey* PrivateKeyRead(const char* filename) { | 114 VbPrivateKey* PrivateKeyRead(const char* filename) { |
| 115 VbPrivateKey *key; | 115 VbPrivateKey *key; |
| 116 uint64_t filelen = 0; | 116 uint64_t filelen = 0; |
| 117 uint8_t *buffer; | 117 uint8_t *buffer; |
| 118 const unsigned char *start; | 118 const unsigned char *start; |
| 119 | 119 |
| 120 buffer = ReadFile(filename, &filelen); | 120 buffer = ReadFile(filename, &filelen); |
| 121 if (!buffer) { | 121 if (!buffer) { |
| 122 error("unable to read from file %s\n", filename); | 122 error("unable to read from file %s\n", filename); |
| 123 return 0; | 123 return 0; |
| 124 } | 124 } |
| 125 | 125 |
| 126 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey)); | 126 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey)); |
| 127 if (!key) { | 127 if (!key) { |
| 128 error("Unable to allocate VbPrivateKey\n"); | 128 error("Unable to allocate VbPrivateKey\n"); |
| 129 Free(buffer); | 129 Free(buffer); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 141 Free(buffer); | 141 Free(buffer); |
| 142 Free(key); | 142 Free(key); |
| 143 return 0; | 143 return 0; |
| 144 } | 144 } |
| 145 | 145 |
| 146 Free(buffer); | 146 Free(buffer); |
| 147 return key; | 147 return key; |
| 148 } | 148 } |
| 149 | 149 |
| 150 | 150 |
| 151 | |
| 152 | |
| 153 /* Allocate a new public key with space for a [key_size] byte key. */ | 151 /* Allocate a new public key with space for a [key_size] byte key. */ |
| 154 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, | 152 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, |
| 155 uint64_t version) { | 153 uint64_t version) { |
| 156 VbPublicKey* key = (VbPublicKey*)Malloc(sizeof(VbPublicKey) + key_size); | 154 VbPublicKey* key = (VbPublicKey*)Malloc(sizeof(VbPublicKey) + key_size); |
| 157 if (!key) | 155 if (!key) |
| 158 return NULL; | 156 return NULL; |
| 159 | 157 |
| 160 key->algorithm = algorithm; | 158 key->algorithm = algorithm; |
| 161 key->key_version = version; | 159 key->key_version = version; |
| 162 key->key_size = key_size; | 160 key->key_size = key_size; |
| 163 key->key_offset = sizeof(VbPublicKey); | 161 key->key_offset = sizeof(VbPublicKey); |
| 164 return key; | 162 return key; |
| 165 } | 163 } |
| 166 | 164 |
| 167 | |
| 168 VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm, | 165 VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm, |
| 169 uint64_t version) { | 166 uint64_t version) { |
| 170 VbPublicKey* key; | 167 VbPublicKey* key; |
| 171 uint8_t* key_data; | 168 uint8_t* key_data; |
| 172 uint64_t key_size; | 169 uint64_t key_size; |
| 170 int expected_key_size; |
| 173 | 171 |
| 174 if (algorithm >= kNumAlgorithms) { | 172 if (algorithm >= kNumAlgorithms) { |
| 175 VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n")); | 173 VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n")); |
| 176 return NULL; | 174 return NULL; |
| 177 } | 175 } |
| 178 if (version > 0xFFFF) { | 176 if (version > 0xFFFF) { |
| 179 /* Currently, TPM only supports 16-bit version */ | 177 /* Currently, TPM only supports 16-bit version */ |
| 180 VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n")); | 178 VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n")); |
| 181 return NULL; | 179 return NULL; |
| 182 } | 180 } |
| 183 | 181 |
| 184 key_data = ReadFile(filename, &key_size); | 182 key_data = ReadFile(filename, &key_size); |
| 185 if (!key_data) | 183 if (!key_data) |
| 186 return NULL; | 184 return NULL; |
| 187 | 185 |
| 188 if (RSAProcessedKeySize(algorithm) != key_size) { | 186 if (!RSAProcessedKeySize(algorithm, &expected_key_size) || |
| 187 expected_key_size != key_size) { |
| 189 VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n")); | 188 VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n")); |
| 190 Free(key_data); | 189 Free(key_data); |
| 191 return NULL; | 190 return NULL; |
| 192 } | 191 } |
| 193 | 192 |
| 194 key = PublicKeyAlloc(key_size, algorithm, version); | 193 key = PublicKeyAlloc(key_size, algorithm, version); |
| 195 if (!key) { | 194 if (!key) { |
| 196 Free(key_data); | 195 Free(key_data); |
| 197 return NULL; | 196 return NULL; |
| 198 } | 197 } |
| 199 Memcpy(GetPublicKeyData(key), key_data, key_size); | 198 Memcpy(GetPublicKeyData(key), key_data, key_size); |
| 200 | 199 |
| 201 Free(key_data); | 200 Free(key_data); |
| 202 return key; | 201 return key; |
| 203 } | 202 } |
| 204 | 203 |
| 205 | 204 |
| 206 VbPublicKey* PublicKeyRead(const char* filename) { | 205 VbPublicKey* PublicKeyRead(const char* filename) { |
| 207 VbPublicKey* key; | 206 VbPublicKey* key; |
| 208 uint64_t file_size; | 207 uint64_t file_size; |
| 208 int key_size; |
| 209 | 209 |
| 210 key = (VbPublicKey*)ReadFile(filename, &file_size); | 210 key = (VbPublicKey*)ReadFile(filename, &file_size); |
| 211 if (!key) | 211 if (!key) |
| 212 return NULL; | 212 return NULL; |
| 213 | 213 |
| 214 do { | 214 do { |
| 215 /* Sanity-check key data */ | 215 /* Sanity-check key data */ |
| 216 if (0 != VerifyPublicKeyInside(key, file_size, key)) { | 216 if (0 != VerifyPublicKeyInside(key, file_size, key)) { |
| 217 VBDEBUG(("PublicKeyRead() not a VbPublicKey\n")); | 217 VBDEBUG(("PublicKeyRead() not a VbPublicKey\n")); |
| 218 break; | 218 break; |
| 219 } | 219 } |
| 220 if (key->algorithm >= kNumAlgorithms) { | 220 if (key->algorithm >= kNumAlgorithms) { |
| 221 VBDEBUG(("PublicKeyRead() invalid algorithm\n")); | 221 VBDEBUG(("PublicKeyRead() invalid algorithm\n")); |
| 222 break; | 222 break; |
| 223 } | 223 } |
| 224 if (key->key_version > 0xFFFF) { | 224 if (key->key_version > 0xFFFF) { |
| 225 VBDEBUG(("PublicKeyRead() invalid version\n")); | 225 VBDEBUG(("PublicKeyRead() invalid version\n")); |
| 226 break; /* Currently, TPM only supports 16-bit version */ | 226 break; /* Currently, TPM only supports 16-bit version */ |
| 227 } | 227 } |
| 228 if (RSAProcessedKeySize(key->algorithm) != key->key_size) { | 228 if (!RSAProcessedKeySize(key->algorithm, &key_size) || |
| 229 key_size != key->key_size) { |
| 229 VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n")); | 230 VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n")); |
| 230 break; | 231 break; |
| 231 } | 232 } |
| 232 | 233 |
| 233 /* Success */ | 234 /* Success */ |
| 234 return key; | 235 return key; |
| 235 | 236 |
| 236 } while(0); | 237 } while(0); |
| 237 | 238 |
| 238 /* Error */ | 239 /* Error */ |
| 239 Free(key); | 240 Free(key); |
| 240 return NULL; | 241 return NULL; |
| 241 } | 242 } |
| 242 | 243 |
| 243 | |
| 244 int PublicKeyWrite(const char* filename, const VbPublicKey* key) { | 244 int PublicKeyWrite(const char* filename, const VbPublicKey* key) { |
| 245 VbPublicKey* kcopy; | 245 VbPublicKey* kcopy; |
| 246 int rv; | 246 int rv; |
| 247 | 247 |
| 248 /* Copy the key, so its data is contiguous with the header */ | 248 /* Copy the key, so its data is contiguous with the header */ |
| 249 kcopy = PublicKeyAlloc(key->key_size, 0, 0); | 249 kcopy = PublicKeyAlloc(key->key_size, 0, 0); |
| 250 if (!kcopy) | 250 if (!kcopy) |
| 251 return 1; | 251 return 1; |
| 252 if (0 != PublicKeyCopy(kcopy, key)) { | 252 if (0 != PublicKeyCopy(kcopy, key)) { |
| 253 Free(kcopy); | 253 Free(kcopy); |
| 254 return 1; | 254 return 1; |
| 255 } | 255 } |
| 256 | 256 |
| 257 /* Write the copy, then free it */ | 257 /* Write the copy, then free it */ |
| 258 rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size); | 258 rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size); |
| 259 Free(kcopy); | 259 Free(kcopy); |
| 260 return rv; | 260 return rv; |
| 261 } | 261 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3136017:
Add additional sanity checks to RSA verification code. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git