Refactor code from test/ to utils/ since they are not just used by tests.
Also, adds a simple analog of verify_data.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/578025
diff --git a/utils/Makefile b/utils/Makefile
index 8573583..d72aaf4 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -3,10 +3,18 @@
# found in the LICENSE file.
LIBS=-lcrypto
+FIRMWARELIBS=$(TOP)/crypto/libcrypto.a $(TOP)/common/libcommon.a
-all: dumpRSAPublicKey
+all: dumpRSAPublicKey verify_data signature_digest
dumpRSAPublicKey: dumpRSAPublicKey.c
$(CC) $(CFLAGS) $(LIBS) $< -o $@
+
+verify_data: verify_data.c
+ $(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ $(FIRMWARELIBS)
+
+signature_digest: signature_digest.c
+ $(CC) $(CFLAGS) -DNDEBUG $(INCLUDES) $< -o $@ $(FIRMWARELIBS)
+
clean:
- rm -f dumpRSAPublicKey
+ rm -f dumpRSAPublicKey verify_data signature_digest
diff --git a/utils/sign_data.sh b/utils/sign_data.sh
new file mode 100755
index 0000000..bd9e1be
--- /dev/null
+++ b/utils/sign_data.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+if [ $# -ne 3 ]
+then
+ echo "Usage: `basename $0` <algorithm> <key file> <input file>"
+ exit -1
+fi
+
+./signature_digest $1 $3 | openssl rsautl -sign -pkcs -inkey $2
diff --git a/utils/signature_digest.c b/utils/signature_digest.c
new file mode 100644
index 0000000..8dcd8c9
--- /dev/null
+++ b/utils/signature_digest.c
@@ -0,0 +1,68 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Utility that outputs the message digest of the contents of a file in a
+ * format that can be used as input to OpenSSL for an RSA signature.
+ * Needed until the stable OpenSSL release supports SHA-256/512 digests for
+ * RSA signatures.
+ * Outputs DigestInfo || Digest where DigestInfo is the OID depending on the
+ * choice of the hash algorithm (see padding.c).
+ *
+ */
+
+#include "signature_digest.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "padding.h"
+#include "sha.h"
+#include "sha_utility.h"
+
+uint8_t* prepend_digestinfo(int algorithm, uint8_t* digest) {
+ const int digest_size = hash_size_map[algorithm];
+ const int digestinfo_size = digestinfo_size_map[algorithm];
+ const uint8_t* digestinfo = hash_digestinfo_map[algorithm];
+ uint8_t* p = malloc(digestinfo_size + digest_size);
+ memcpy(p, digestinfo, digestinfo_size);
+ memcpy(p + digestinfo_size, digest, digest_size);
+ return p;
+}
+
+int main(int argc, char* argv[]) {
+ int i, algorithm;
+ uint8_t* digest = NULL;
+ uint8_t* signature = NULL;
+ uint8_t* info_digest = NULL;
+
+ if (argc != 3) {
+ fprintf(stderr, "Usage: %s <algorithm> <input file>\n\n",
+ argv[0]);
+ fprintf(stderr, "where <algorithm> is the signature algorithm to use:\n");
+ for(i = 0; i<kNumAlgorithms; i++)
+ fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]);
+ return -1;
+ }
+
+ algorithm = atoi(argv[1]);
+ if (algorithm >= kNumAlgorithms) {
+ fprintf(stderr, "Invalid Algorithm!\n");
+ goto failure;
+ }
+
+ if (!(digest = DigestFile(argv[2], algorithm)))
+ goto failure;
+
+ info_digest = prepend_digestinfo(algorithm, digest);
+ write(1, info_digest, hash_size_map[algorithm] +
+ digestinfo_size_map[algorithm]);
+
+failure:
+ free(digest);
+ free(info_digest);
+ free(signature);
+
+ return 0;
+}
diff --git a/utils/verify_data.c b/utils/verify_data.c
new file mode 100644
index 0000000..05399b1
--- /dev/null
+++ b/utils/verify_data.c
@@ -0,0 +1,121 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Routines for verifying a file's signature. Useful in testing the core
+ * RSA verification implementation.
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "sha_utility.h"
+#include "padding.h"
+#include "rsa.h"
+#include "rsa_utility.h"
+#include "verify_data.h"
+
+RSAPublicKey* read_RSAkey(char* input_file) {
+ int key_fd;
+ int buf_len;
+ struct stat stat_fd;
+ uint8_t* buf = NULL;
+
+ if ((key_fd = open(input_file, O_RDONLY)) == -1) {
+ fprintf(stderr, "Couldn't open pre-processed key file\n");
+ return NULL;
+ }
+
+ if (-1 == fstat(key_fd, &stat_fd)) {
+ fprintf(stderr, "Couldn't stat key file\n");
+ return NULL;
+ }
+ buf_len = stat_fd.st_size;
+
+ /* Read entire key binary blob into a buffer. */
+ buf = (uint8_t*) malloc(buf_len);
+ if (!buf)
+ return NULL;
+
+ if (buf_len != read(key_fd, buf, buf_len)) {
+ fprintf(stderr, "Couldn't read key into a buffer.\n");
+ return NULL;
+ }
+
+ close(key_fd);
+ return RSAPublicKeyFromBuf(buf, buf_len);
+}
+
+uint8_t* read_signature(char* input_file, int len) {
+ int i, sigfd;
+ uint8_t* signature = NULL;
+ if ((sigfd = open(input_file, O_RDONLY)) == -1) {
+ fprintf(stderr, "Couldn't open signature file\n");
+ return NULL;
+ }
+
+ /* Read the signature into a buffer*/
+ signature = (uint8_t*) malloc(len);
+ if (!signature)
+ return NULL;
+
+ if( (i = read(sigfd, signature, len)) != len ) {
+ fprintf(stderr, "Wrong signature length - Expected = %d, Received = %d\n",
+ len, i);
+ close(sigfd);
+ return NULL;
+ }
+
+ close(sigfd);
+ return signature;
+}
+
+
+int main(int argc, char* argv[]) {
+ int i, algorithm, sig_len;
+ uint8_t* digest = NULL;
+ uint8_t* signature = NULL;
+ RSAPublicKey* key = NULL;
+
+ if (argc!=5) {
+ fprintf(stderr, "Usage: %s <algorithm> <key file> <signature file>"
+ " <input file>\n\n", argv[0]);
+ fprintf(stderr, "where <algorithm> depends on the signature algorithm"
+ " used:\n");
+ for(i = 0; i<kNumAlgorithms; i++)
+ fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]);
+ return -1;
+ }
+
+ algorithm = atoi(argv[1]);
+ if (algorithm >= kNumAlgorithms) {
+ fprintf(stderr, "Invalid Algorithm!\n");
+ return 0;
+ }
+ /* Length of the RSA Signature/RSA Key */
+ sig_len = siglen_map[algorithm] * sizeof(uint32_t);
+
+ if (!(key = read_RSAkey(argv[2])))
+ goto failure;
+ if (!(signature = read_signature(argv[3], sig_len)))
+ goto failure;
+ if (!(digest = DigestFile(argv[4], algorithm)))
+ goto failure;
+ if(RSA_verify(key, signature, sig_len, algorithm, digest))
+ fprintf(stderr, "Signature Verification SUCCEEDED.\n");
+ else
+ fprintf(stderr, "Signature Verification FAILED!\n");
+
+failure:
+ free(key);
+ free(signature);
+ free(digest);
+
+ return 0;
+}