Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(510)

Side by Side Diff: host/lib/host_key.c

Issue 3136017: Add additional sanity checks to RSA verification code. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « host/lib/file_keys.c ('k') | host/lib/signature_digest.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * Host functions for keys. 5 * Host functions for keys.
6 */ 6 */
7 7
8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ 8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */
9 9
10 #define OPENSSL_NO_SHA 10 #define OPENSSL_NO_SHA
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
109 fclose(f); 109 fclose(f);
110 Free(outbuf); 110 Free(outbuf);
111 return 0; 111 return 0;
112 } 112 }
113 113
114 VbPrivateKey* PrivateKeyRead(const char* filename) { 114 VbPrivateKey* PrivateKeyRead(const char* filename) {
115 VbPrivateKey *key; 115 VbPrivateKey *key;
116 uint64_t filelen = 0; 116 uint64_t filelen = 0;
117 uint8_t *buffer; 117 uint8_t *buffer;
118 const unsigned char *start; 118 const unsigned char *start;
119 119
120 buffer = ReadFile(filename, &filelen); 120 buffer = ReadFile(filename, &filelen);
121 if (!buffer) { 121 if (!buffer) {
122 error("unable to read from file %s\n", filename); 122 error("unable to read from file %s\n", filename);
123 return 0; 123 return 0;
124 } 124 }
125 125
126 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey)); 126 key = (VbPrivateKey*)Malloc(sizeof(VbPrivateKey));
127 if (!key) { 127 if (!key) {
128 error("Unable to allocate VbPrivateKey\n"); 128 error("Unable to allocate VbPrivateKey\n");
129 Free(buffer); 129 Free(buffer);
(...skipping 11 matching lines...) Expand all
141 Free(buffer); 141 Free(buffer);
142 Free(key); 142 Free(key);
143 return 0; 143 return 0;
144 } 144 }
145 145
146 Free(buffer); 146 Free(buffer);
147 return key; 147 return key;
148 } 148 }
149 149
150 150
151
152
153 /* Allocate a new public key with space for a [key_size] byte key. */ 151 /* Allocate a new public key with space for a [key_size] byte key. */
154 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, 152 VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm,
155 uint64_t version) { 153 uint64_t version) {
156 VbPublicKey* key = (VbPublicKey*)Malloc(sizeof(VbPublicKey) + key_size); 154 VbPublicKey* key = (VbPublicKey*)Malloc(sizeof(VbPublicKey) + key_size);
157 if (!key) 155 if (!key)
158 return NULL; 156 return NULL;
159 157
160 key->algorithm = algorithm; 158 key->algorithm = algorithm;
161 key->key_version = version; 159 key->key_version = version;
162 key->key_size = key_size; 160 key->key_size = key_size;
163 key->key_offset = sizeof(VbPublicKey); 161 key->key_offset = sizeof(VbPublicKey);
164 return key; 162 return key;
165 } 163 }
166 164
167
168 VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm, 165 VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,
169 uint64_t version) { 166 uint64_t version) {
170 VbPublicKey* key; 167 VbPublicKey* key;
171 uint8_t* key_data; 168 uint8_t* key_data;
172 uint64_t key_size; 169 uint64_t key_size;
170 int expected_key_size;
173 171
174 if (algorithm >= kNumAlgorithms) { 172 if (algorithm >= kNumAlgorithms) {
175 VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n")); 173 VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n"));
176 return NULL; 174 return NULL;
177 } 175 }
178 if (version > 0xFFFF) { 176 if (version > 0xFFFF) {
179 /* Currently, TPM only supports 16-bit version */ 177 /* Currently, TPM only supports 16-bit version */
180 VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n")); 178 VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n"));
181 return NULL; 179 return NULL;
182 } 180 }
183 181
184 key_data = ReadFile(filename, &key_size); 182 key_data = ReadFile(filename, &key_size);
185 if (!key_data) 183 if (!key_data)
186 return NULL; 184 return NULL;
187 185
188 if (RSAProcessedKeySize(algorithm) != key_size) { 186 if (!RSAProcessedKeySize(algorithm, &expected_key_size) ||
187 expected_key_size != key_size) {
189 VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n")); 188 VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n"));
190 Free(key_data); 189 Free(key_data);
191 return NULL; 190 return NULL;
192 } 191 }
193 192
194 key = PublicKeyAlloc(key_size, algorithm, version); 193 key = PublicKeyAlloc(key_size, algorithm, version);
195 if (!key) { 194 if (!key) {
196 Free(key_data); 195 Free(key_data);
197 return NULL; 196 return NULL;
198 } 197 }
199 Memcpy(GetPublicKeyData(key), key_data, key_size); 198 Memcpy(GetPublicKeyData(key), key_data, key_size);
200 199
201 Free(key_data); 200 Free(key_data);
202 return key; 201 return key;
203 } 202 }
204 203
205 204
206 VbPublicKey* PublicKeyRead(const char* filename) { 205 VbPublicKey* PublicKeyRead(const char* filename) {
207 VbPublicKey* key; 206 VbPublicKey* key;
208 uint64_t file_size; 207 uint64_t file_size;
208 int key_size;
209 209
210 key = (VbPublicKey*)ReadFile(filename, &file_size); 210 key = (VbPublicKey*)ReadFile(filename, &file_size);
211 if (!key) 211 if (!key)
212 return NULL; 212 return NULL;
213 213
214 do { 214 do {
215 /* Sanity-check key data */ 215 /* Sanity-check key data */
216 if (0 != VerifyPublicKeyInside(key, file_size, key)) { 216 if (0 != VerifyPublicKeyInside(key, file_size, key)) {
217 VBDEBUG(("PublicKeyRead() not a VbPublicKey\n")); 217 VBDEBUG(("PublicKeyRead() not a VbPublicKey\n"));
218 break; 218 break;
219 } 219 }
220 if (key->algorithm >= kNumAlgorithms) { 220 if (key->algorithm >= kNumAlgorithms) {
221 VBDEBUG(("PublicKeyRead() invalid algorithm\n")); 221 VBDEBUG(("PublicKeyRead() invalid algorithm\n"));
222 break; 222 break;
223 } 223 }
224 if (key->key_version > 0xFFFF) { 224 if (key->key_version > 0xFFFF) {
225 VBDEBUG(("PublicKeyRead() invalid version\n")); 225 VBDEBUG(("PublicKeyRead() invalid version\n"));
226 break; /* Currently, TPM only supports 16-bit version */ 226 break; /* Currently, TPM only supports 16-bit version */
227 } 227 }
228 if (RSAProcessedKeySize(key->algorithm) != key->key_size) { 228 if (!RSAProcessedKeySize(key->algorithm, &key_size) ||
229 key_size != key->key_size) {
229 VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n")); 230 VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n"));
230 break; 231 break;
231 } 232 }
232 233
233 /* Success */ 234 /* Success */
234 return key; 235 return key;
235 236
236 } while(0); 237 } while(0);
237 238
238 /* Error */ 239 /* Error */
239 Free(key); 240 Free(key);
240 return NULL; 241 return NULL;
241 } 242 }
242 243
243
244 int PublicKeyWrite(const char* filename, const VbPublicKey* key) { 244 int PublicKeyWrite(const char* filename, const VbPublicKey* key) {
245 VbPublicKey* kcopy; 245 VbPublicKey* kcopy;
246 int rv; 246 int rv;
247 247
248 /* Copy the key, so its data is contiguous with the header */ 248 /* Copy the key, so its data is contiguous with the header */
249 kcopy = PublicKeyAlloc(key->key_size, 0, 0); 249 kcopy = PublicKeyAlloc(key->key_size, 0, 0);
250 if (!kcopy) 250 if (!kcopy)
251 return 1; 251 return 1;
252 if (0 != PublicKeyCopy(kcopy, key)) { 252 if (0 != PublicKeyCopy(kcopy, key)) {
253 Free(kcopy); 253 Free(kcopy);
254 return 1; 254 return 1;
255 } 255 }
256 256
257 /* Write the copy, then free it */ 257 /* Write the copy, then free it */
258 rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size); 258 rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size);
259 Free(kcopy); 259 Free(kcopy);
260 return rv; 260 return rv;
261 } 261 }
OLDNEW
« no previous file with comments | « host/lib/file_keys.c ('k') | host/lib/signature_digest.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698