mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-24 10:14:55 +00:00
f5564fa98c
This CL does the following: 1) It adds a SignatureBuf function which uses the OpenSSL library to generate RSA signature. This is more robust than the previous way of invoking the command line "openssl" utility and capturing its output. No more unnecessary temporary files for signature operations. 2) It adds functions that allow direct manipulation of binary verified Firmware and Kernel Image blobs in memory. 3) It changes the structure field members for FirmwareImage to make it consistent with KernelImage. Now it's clearer which key is used when. 4) Minor bug fixes and slightly improved API for dealing verified boot firmware and kernel images. 5) Renames the RSA_verify function to prevent conflicts with OpenSSL since it's linked into the firmware utility binary. Review URL: http://codereview.chromium.org/661353
101 lines
2.5 KiB
C
101 lines
2.5 KiB
C
/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Utility functions for file and key handling.
|
|
*/
|
|
|
|
#include "file_keys.h"
|
|
|
|
#include <fcntl.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
|
|
#include "padding.h"
|
|
#include "rsa_utility.h"
|
|
#include "signature_digest.h"
|
|
#include "utility.h"
|
|
|
|
uint8_t* BufferFromFile(const char* input_file, uint32_t* len) {
|
|
int fd;
|
|
struct stat stat_fd;
|
|
uint8_t* buf = NULL;
|
|
|
|
if ((fd = open(input_file, O_RDONLY)) == -1) {
|
|
fprintf(stderr, "Couldn't open file.\n");
|
|
return NULL;
|
|
}
|
|
|
|
if (-1 == fstat(fd, &stat_fd)) {
|
|
fprintf(stderr, "Couldn't stat key file\n");
|
|
return NULL;
|
|
}
|
|
*len = stat_fd.st_size;
|
|
|
|
/* Read entire key binary blob into a buffer. */
|
|
buf = (uint8_t*) Malloc(*len);
|
|
if (!buf)
|
|
return NULL;
|
|
|
|
if (*len != read(fd, buf, *len)) {
|
|
fprintf(stderr, "Couldn't read key into a buffer.\n");
|
|
return NULL;
|
|
}
|
|
|
|
close(fd);
|
|
return buf;
|
|
}
|
|
|
|
RSAPublicKey* RSAPublicKeyFromFile(const char* input_file) {
|
|
uint32_t len;
|
|
RSAPublicKey* key = NULL;
|
|
uint8_t* buf = BufferFromFile(input_file, &len);
|
|
if (buf)
|
|
key = RSAPublicKeyFromBuf(buf, len);
|
|
Free(buf);
|
|
return key;
|
|
}
|
|
|
|
uint8_t* SignatureFile(const char* input_file, const char* key_file,
|
|
int algorithm) {
|
|
char* sign_utility = "./sign_data.sh";
|
|
char* cmd; /* Command line to invoke. */
|
|
int cmd_len;
|
|
FILE* cmd_out; /* File descriptor to command output. */
|
|
uint8_t* signature = NULL;
|
|
int signature_size = siglen_map[algorithm];
|
|
|
|
/* Build command line:
|
|
* sign_data.sh <algorithm> <key file> <input file>
|
|
*/
|
|
cmd_len = (strlen(sign_utility) + 1 + /* +1 for space. */
|
|
2 + 1 + /* For [algorithm]. */
|
|
strlen(key_file) + 1 + /* +1 for space. */
|
|
strlen(input_file) +
|
|
1); /* For the trailing '\0'. */
|
|
cmd = (char*) Malloc(cmd_len);
|
|
snprintf(cmd, cmd_len, "%s %d %s %s", sign_utility, algorithm, key_file,
|
|
input_file);
|
|
cmd_out = popen(cmd, "r");
|
|
Free(cmd);
|
|
if (!cmd_out) {
|
|
fprintf(stderr, "Couldn't execute: %s\n", cmd);
|
|
return NULL;
|
|
}
|
|
|
|
signature = (uint8_t*) Malloc(signature_size);
|
|
if (fread(signature, signature_size, 1, cmd_out) != 1) {
|
|
fprintf(stderr, "Couldn't read signature.\n");
|
|
pclose(cmd_out);
|
|
Free(signature);
|
|
return NULL;
|
|
}
|
|
|
|
pclose(cmd_out);
|
|
return signature;
|
|
}
|