OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | |
5 * Utility that outputs the message digest of the contents of a file in a | |
6 * format that can be used as input to OpenSSL for an RSA signature. | |
7 * Needed until the stable OpenSSL release supports SHA-256/512 digests for | |
8 * RSA signatures. | |
9 * Outputs DigestInfo || Digest where DigestInfo is the OID depending on the | |
10 * choice of the hash algorithm (see padding.c). | |
11 * | |
12 */ | 4 */ |
13 | 5 |
14 #include "signature_digest.h" | 6 #include "signature_digest.h" |
| 7 #define OPENSSL_NO_SHA |
| 8 #include <openssl/engine.h> |
| 9 #include <openssl/pem.h> |
| 10 #include <openssl/rsa.h> |
15 | 11 |
16 #include <stdio.h> | 12 #include <stdio.h> |
17 #include <stdlib.h> | 13 #include <stdlib.h> |
18 #include <unistd.h> | 14 #include <unistd.h> |
19 | 15 |
20 #include "padding.h" | 16 #include "padding.h" |
21 #include "sha.h" | 17 #include "sha.h" |
22 #include "sha_utility.h" | 18 #include "sha_utility.h" |
| 19 #include "utility.h" |
23 | 20 |
24 uint8_t* PrependDigestInfo(int algorithm, uint8_t* digest) { | 21 uint8_t* PrependDigestInfo(int algorithm, uint8_t* digest) { |
25 const int digest_size = hash_size_map[algorithm]; | 22 const int digest_size = hash_size_map[algorithm]; |
26 const int digestinfo_size = digestinfo_size_map[algorithm]; | 23 const int digestinfo_size = digestinfo_size_map[algorithm]; |
27 const uint8_t* digestinfo = hash_digestinfo_map[algorithm]; | 24 const uint8_t* digestinfo = hash_digestinfo_map[algorithm]; |
28 uint8_t* p = malloc(digestinfo_size + digest_size); | 25 uint8_t* p = Malloc(digestinfo_size + digest_size); |
29 memcpy(p, digestinfo, digestinfo_size); | 26 Memcpy(p, digestinfo, digestinfo_size); |
30 memcpy(p + digestinfo_size, digest, digest_size); | 27 Memcpy(p + digestinfo_size, digest, digest_size); |
31 return p; | 28 return p; |
32 } | 29 } |
33 | 30 |
34 int main(int argc, char* argv[]) { | 31 uint8_t* SignatureDigest(const uint8_t* buf, int len, int algorithm) { |
35 int i, algorithm; | 32 uint8_t* info_digest = NULL; |
36 uint8_t* digest = NULL; | 33 uint8_t* digest = NULL; |
| 34 |
| 35 if (algorithm >= kNumAlgorithms) { |
| 36 fprintf(stderr, "SignatureDigest() called with invalid algorithm!\n"); |
| 37 } else if ((digest = DigestBuf(buf, len, algorithm))) { |
| 38 info_digest = PrependDigestInfo(algorithm, digest); |
| 39 } |
| 40 Free(digest); |
| 41 return info_digest; |
| 42 } |
| 43 |
| 44 uint8_t* SignatureBuf(const uint8_t* buf, int len, const char* key_file, |
| 45 int algorithm) { |
| 46 FILE* key_fp = NULL; |
| 47 RSA* key = NULL; |
37 uint8_t* signature = NULL; | 48 uint8_t* signature = NULL; |
38 uint8_t* info_digest = NULL; | 49 uint8_t* signature_digest = SignatureDigest(buf, len, algorithm); |
39 | 50 int signature_digest_len = (hash_size_map[algorithm] + |
40 if (argc != 3) { | 51 digestinfo_size_map[algorithm]); |
41 fprintf(stderr, "Usage: %s <algorithm> <input file>\n\n", | 52 key_fp = fopen(key_file, "r"); |
42 argv[0]); | 53 if (!key_fp) { |
43 fprintf(stderr, "where <algorithm> is the signature algorithm to use:\n"); | 54 fprintf(stderr, "SignatureBuf(): Couldn't open key file: %s\n", key_file); |
44 for(i = 0; i<kNumAlgorithms; i++) | 55 return NULL; |
45 fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]); | |
46 return -1; | |
47 } | 56 } |
48 | 57 if ((key = PEM_read_RSAPrivateKey(key_fp, NULL, NULL, NULL))) |
49 algorithm = atoi(argv[1]); | 58 signature = (uint8_t*) Malloc(siglen_map[algorithm]); |
50 if (algorithm >= kNumAlgorithms) { | 59 else |
51 fprintf(stderr, "Invalid Algorithm!\n"); | 60 fprintf(stderr, "SignatureBuf(): Couldn't read private key from file: %s\n", |
52 goto failure; | 61 key_file); |
| 62 if (signature) { |
| 63 if (-1 == RSA_private_encrypt(signature_digest_len, /* Input length. */ |
| 64 signature_digest, /* Input data. */ |
| 65 signature, /* Output signature. */ |
| 66 key, /* Key to use. */ |
| 67 RSA_PKCS1_PADDING)) /* Padding to use. */ |
| 68 fprintf(stderr, "SignatureBuf(): RSA_private_encrypt() failed.\n"); |
53 } | 69 } |
54 | 70 if (key) |
55 if (!(digest = DigestFile(argv[2], algorithm))) | 71 RSA_free(key); |
56 goto failure; | 72 Free(signature_digest); |
57 | 73 return signature; |
58 info_digest = PrependDigestInfo(algorithm, digest); | |
59 write(1, info_digest, hash_size_map[algorithm] + | |
60 digestinfo_size_map[algorithm]); | |
61 | |
62 failure: | |
63 free(digest); | |
64 free(info_digest); | |
65 free(signature); | |
66 | |
67 return 0; | |
68 } | 74 } |
OLD | NEW |