Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: utility/vbutil_keyblock.c

Issue 3594010: Address some security concerns in the cgpt tool. (Closed) Base URL: http://git.chromium.org/git/vboot_reference.git
Patch Set: A little more cleanup. Take one more look, please. Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « cgpt/cmd_show.c ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * Verified boot key block utility 5 * Verified boot key block utility
6 */ 6 */
7 7
8 #include <getopt.h> 8 #include <getopt.h>
9 #include <inttypes.h> /* For PRIu64 */ 9 #include <inttypes.h> /* For PRIu64 */
10 #include <stdio.h> 10 #include <stdio.h>
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
120 } 120 }
121 121
122 block = KeyBlockRead(infile); 122 block = KeyBlockRead(infile);
123 if (!block) { 123 if (!block) {
124 fprintf(stderr, "vbutil_keyblock: Error reading key block.\n"); 124 fprintf(stderr, "vbutil_keyblock: Error reading key block.\n");
125 return 1; 125 return 1;
126 } 126 }
127 127
128 /* If the block is signed, then verify it with the signing public key, since 128 /* If the block is signed, then verify it with the signing public key, since
129 KeyBlockRead() only verified the hash. */ 129 KeyBlockRead() only verified the hash. */
130 if (block->key_block_signature.sig_size && signpubkey) { 130 if (block->key_block_signature.sig_size) {
131 if (!signpubkey) {
132 fprintf(stderr,
133 "vbutil_keyblock: keyblock requires public key to verify\n");
134 return 1;
135 }
131 sign_key = PublicKeyRead(signpubkey); 136 sign_key = PublicKeyRead(signpubkey);
132 if (!sign_key) { 137 if (!sign_key) {
133 fprintf(stderr, "vbutil_keyblock: Error reading signpubkey.\n"); 138 fprintf(stderr, "vbutil_keyblock: Error reading signpubkey.\n");
134 return 1; 139 return 1;
135 } 140 }
136 if (0 != KeyBlockVerify(block, block->key_block_size, sign_key, 0)) { 141 if (0 != KeyBlockVerify(block, block->key_block_size, sign_key, 0)) {
137 fprintf(stderr, "vbutil_keyblock: Error verifying key block.\n"); 142 fprintf(stderr, "vbutil_keyblock: Error verifying key block.\n");
138 return 1; 143 return 1;
139 } 144 }
145 printf("Signature algorithm: %" PRIu64 " %s\n", sign_key->algorithm,
146 (sign_key->algorithm < kNumAlgorithms ?
147 algo_strings[sign_key->algorithm] : "(invalid)"));
140 Free(sign_key); 148 Free(sign_key);
149 } else {
150 printf("Signature Algorithm: <none>\n");
141 } 151 }
142 152
143 printf("Key block file: %s\n", infile); 153 printf("Key block file: %s\n", infile);
144 printf("Signature %s\n", sign_key ? "valid" : "ignored"); 154 printf("Flags: %" PRIu64 "\n", block->key_block_flags);
145 printf("Flags: %" PRIu64 " ", block->key_block_flags);
146 if (block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_0) 155 if (block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_0)
147 printf(" !DEV"); 156 printf(" !DEV");
148 if (block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_1) 157 if (block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_1)
149 printf(" DEV"); 158 printf(" DEV");
150 if (block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_0) 159 if (block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_0)
151 printf(" !REC"); 160 printf(" !REC");
152 if (block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_1) 161 if (block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_1)
153 printf(" REC"); 162 printf(" REC");
154 printf("\n"); 163 printf("\n");
155 164
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
235 switch(mode) { 244 switch(mode) {
236 case OPT_MODE_PACK: 245 case OPT_MODE_PACK:
237 return Pack(filename, datapubkey, signprivate, flags); 246 return Pack(filename, datapubkey, signprivate, flags);
238 case OPT_MODE_UNPACK: 247 case OPT_MODE_UNPACK:
239 return Unpack(filename, datapubkey, signpubkey); 248 return Unpack(filename, datapubkey, signpubkey);
240 default: 249 default:
241 printf("Must specify a mode.\n"); 250 printf("Must specify a mode.\n");
242 return PrintHelp(progname); 251 return PrintHelp(progname);
243 } 252 }
244 } 253 }
OLDNEW
« no previous file with comments | « cgpt/cmd_show.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698