This is part 2 of the wrapper API refactor. It adds stub
implementations for the host, and changes the host-side utilities to
use them. Firmware implementation is unchanged in this CL (other than
a few updates to macros).
BUG=chromium_os:16997
TEST=make && make runtests
Change-Id: I63989bd11de1f2239ddae256beaccd31bfb5acef
Reviewed-on: http://gerrit.chromium.org/gerrit/3256
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
This makes it much simpler to keep track of what we're doing.
vbutil_key can now wrap both .keyb and .pem keys. It figures out which is
which by trying both and just using the one that works.
vbutil_keyblock and vbutil_kernel now use .vbprivk files for signing.
replace debug() with VBDEBUG(()) in host-side sources, too.
rename PrivateKeyRead to PrivateKeyReadPem
Add real PrivateKeyRead and PrivateKeyWrite for .vbprivk files.
Review URL: http://codereview.chromium.org/2871033
This should make it easier to switch off debug messages if needed.
TESTS=builds fine, autotest builds fine (using both arm/x86-generic)
Review URL: http://codereview.chromium.org/1607006
Removing multiple top level includes - now padding.h, rsa.h and sha.h are used internally and cryptolib.h must be used instead for all modules that wish to use crypto functions.
I am trying to separate refactors involving code movement from one file to another, and the movement of files themselves into separate CLs so that it's clear what changed.
Review URL: http://codereview.chromium.org/1574005
Fix memory leaks found using Valgrind, adds sanity checking to RSAPublicKey parsing code to prevent crazy behavior.
Review URL: http://codereview.chromium.org/858008
This CL does the following:
1) It adds a SignatureBuf function which uses the OpenSSL library to generate RSA signature. This is more robust than the previous way of invoking the command line "openssl" utility and capturing its output. No more unnecessary temporary files for signature operations.
2) It adds functions that allow direct manipulation of binary verified Firmware and Kernel Image blobs in memory.
3) It changes the structure field members for FirmwareImage to make it consistent with KernelImage. Now it's clearer which key is used when.
4) Minor bug fixes and slightly improved API for dealing verified boot firmware and kernel images.
5) Renames the RSA_verify function to prevent conflicts with OpenSSL since it's linked into the firmware utility binary.
Review URL: http://codereview.chromium.org/661353
This is a first cut at what I envision as a utility we can use to manage our firmware/kernel signing needs. Currently, it implements firmware signing (given a binary image, create a verified boot header) and verification (given a verified boot image, verify it using the given public root key).
This CL also fixes the ReadFirmwareImage function from firmware_image to make it more consistent and fixes some bugs.
Review URL: http://codereview.chromium.org/652216
In addtion, add test cases and a script to generate them for benchmarking. Also fixes a path problem with the run_rsa_tests.sh script.
Review URL: http://codereview.chromium.org/626011
