mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-11 18:35:28 +00:00
08df9b88a3
The old VerifyFirmware function (now called VerifyFirmwareImage) works on the FirmwareImage structure. This CL adds a verification function which can be used directly on packed binary verified boot firmware blobs. This function can be used as the reference implementation for verified boot in firmware. In addition, all functions that work on FirmwareImage structure have been renames to distinguish them from those which work on binary firmware blobs. In addition, this adds some new crypto utility functions and refactors old ones. BUG=670 TEST=Added tests for the new function and they pass. Review URL: http://codereview.chromium.org/650105
101 lines
2.5 KiB
C
101 lines
2.5 KiB
C
/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
/* Routines for verifying a file's signature. Useful in testing the core
|
|
* RSA verification implementation.
|
|
*/
|
|
|
|
#include <fcntl.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
|
|
#include "file_keys.h"
|
|
#include "sha_utility.h"
|
|
#include "padding.h"
|
|
#include "rsa.h"
|
|
#include "rsa_utility.h"
|
|
#include "verify_data.h"
|
|
|
|
/* ANSI Color coding sequences. */
|
|
#define COL_GREEN "\e[1;32m"
|
|
#define COL_RED "\e[0;31m]"
|
|
#define COL_STOP "\e[m"
|
|
|
|
uint8_t* read_signature(char* input_file, int len) {
|
|
int i, sigfd;
|
|
uint8_t* signature = NULL;
|
|
if ((sigfd = open(input_file, O_RDONLY)) == -1) {
|
|
fprintf(stderr, "Couldn't open signature file\n");
|
|
return NULL;
|
|
}
|
|
|
|
/* Read the signature into a buffer*/
|
|
signature = (uint8_t*) malloc(len);
|
|
if (!signature)
|
|
return NULL;
|
|
|
|
if( (i = read(sigfd, signature, len)) != len ) {
|
|
fprintf(stderr, "Wrong signature length - Expected = %d, Received = %d\n",
|
|
len, i);
|
|
close(sigfd);
|
|
return NULL;
|
|
}
|
|
|
|
close(sigfd);
|
|
return signature;
|
|
}
|
|
|
|
int main(int argc, char* argv[]) {
|
|
int i, algorithm, sig_len;
|
|
int return_code = 1; /* Default to error. */
|
|
uint8_t* digest = NULL;
|
|
uint8_t* signature = NULL;
|
|
RSAPublicKey* key = NULL;
|
|
|
|
if (argc!=5) {
|
|
fprintf(stderr, "Usage: %s <algorithm> <key file> <signature file>"
|
|
" <input file>\n\n", argv[0]);
|
|
fprintf(stderr, "where <algorithm> depends on the signature algorithm"
|
|
" used:\n");
|
|
for(i = 0; i<kNumAlgorithms; i++)
|
|
fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]);
|
|
return -1;
|
|
}
|
|
|
|
algorithm = atoi(argv[1]);
|
|
if (algorithm >= kNumAlgorithms) {
|
|
fprintf(stderr, "Invalid Algorithm!\n");
|
|
return 0;
|
|
}
|
|
/* Length of the RSA Signature/RSA Key */
|
|
sig_len = siglen_map[algorithm] * sizeof(uint32_t);
|
|
|
|
if (!(key = RSAPublicKeyFromFile(argv[2])))
|
|
goto failure;
|
|
if (!(signature = read_signature(argv[3], sig_len)))
|
|
goto failure;
|
|
if (!(digest = DigestFile(argv[4], algorithm)))
|
|
goto failure;
|
|
if(RSA_verify(key, signature, sig_len, algorithm, digest)) {
|
|
return_code = 0;
|
|
fprintf(stderr, "Signature Verification "
|
|
COL_GREEN "SUCCEEDED" COL_STOP "\n");
|
|
} else {
|
|
fprintf(stderr, "Signature Verification "
|
|
COL_RED "FAILED" COL_STOP "\n");
|
|
}
|
|
|
|
failure:
|
|
free(key);
|
|
free(signature);
|
|
free(digest);
|
|
|
|
return return_code;
|
|
}
|