Fix RSA verification test.
I previously refactored some of the signature generation code to directly use the OpenSSL library instead of invoking the "openssl" command line utility. The signature_digest command line utility got lost in the process. This restores the utility which in turn fixes the RSA verification test.
Review URL: http://codereview.chromium.org/669040
diff --git a/tests/Makefile b/tests/Makefile
index 6bdbae0..fb355c2 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -3,7 +3,7 @@
# found in the LICENSE file.
CC ?= gcc
-CFLAGS = -Wall -DNDEBUG
+CFLAGS = -Wall -DNDEBUG -O3
INCLUDES ?= -I../include/
TOP ?= ../
diff --git a/tests/run_rsa_tests.sh b/tests/run_rsa_tests.sh
index a54e5b5..2439c32 100755
--- a/tests/run_rsa_tests.sh
+++ b/tests/run_rsa_tests.sh
@@ -26,8 +26,8 @@
do
for hashalgo in ${hash_algos[@]}
do
- ${UTIL_DIR}/signature_digest $algorithmcounter $1 | openssl rsautl -sign \
- -pkcs -inkey ${KEY_DIR}/key_rsa${keylen}.pem \
+ ${UTIL_DIR}/signature_digest_utility $algorithmcounter $1 | openssl \
+ rsautl -sign -pkcs -inkey ${KEY_DIR}/key_rsa${keylen}.pem \
> $1.rsa${keylen}\_${hashalgo}.sig
let algorithmcounter=algorithmcounter+1
done
diff --git a/utils/Makefile b/utils/Makefile
index 5776956..f2f7e10 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -4,15 +4,16 @@
CC ?= gcc
CXX ?= g++
-CFLAGS = -Wall -DNDEBUG
+CFLAGS = -Wall -DNDEBUG -O3
INCLUDES ?= -I../include/
TOP ?= ../
LIBS = firmware_image.o kernel_image.o signature_digest.o file_keys.o
FIRMWARELIBS = $(TOP)/crypto/libcrypto.a $(TOP)/common/libcommon.a
-all: dumpRSAPublicKey verify_data file_keys.o signature_digest.o firmware_image.o \
- kernel_image.o signature_digest.o firmware_utility kernel_utility
+all: dumpRSAPublicKey verify_data file_keys.o signature_digest.o \
+ firmware_image.o kernel_image.o signature_digest.o \
+ signature_digest_utility firmware_utility kernel_utility
dumpRSAPublicKey: dumpRSAPublicKey.c
$(CC) $(CFLAGS) $< -o $@ -lcrypto
@@ -20,6 +21,9 @@
verify_data: verify_data.c $(LIBS) $(FIRMWARELIBS)
$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto
+signature_digest_utility: signature_digest_utility.c $(LIBS) $(FIRMWARELIBS)
+ $(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto
+
firmware_utility: firmware_utility.cc $(LIBS) $(FIRMWARELIBS)
$(CXX) $(CFLAGS) $(INCLUDES) -ggdb -D__STDC_LIMIT_MACROS $< \
-o $@ $(FIRMWARELIBS) $(LIBS) -lcrypto
@@ -41,4 +45,4 @@
$(CC) $(CFLAGS) -ansi $(INCLUDES) -c $< -o $@
clean:
rm -f dumpRSAPublicKey verify_data signature_digest firmware_utility \
- kernel_utility $(LIBS)
+ kernel_utility signature_digest_utility $(LIBS)
diff --git a/utils/signature_digest_utility.c b/utils/signature_digest_utility.c
new file mode 100644
index 0000000..b1f6dde
--- /dev/null
+++ b/utils/signature_digest_utility.c
@@ -0,0 +1,54 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Utility that outputs the cryptographic digest of a contents of a
+ * file in a format that can be directly used to generate PKCS#1 v1.5
+ * signatures via the "openssl" command line utility.
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "file_keys.h"
+#include "padding.h"
+#include "signature_digest.h"
+#include "utility.h"
+
+int main(int argc, char* argv[]) {
+ int algorithm = -1;
+ int error_code = 0;
+ uint8_t* buf = NULL;
+ uint8_t* signature_digest = NULL;
+ uint32_t len;
+ uint32_t signature_digest_len;
+
+ if (argc != 3) {
+ fprintf(stderr, "Usage: %s <algoid> <file>", argv[0]);
+ return -1;
+ }
+ algorithm = atoi(argv[1]);
+ if (algorithm < 0 || algorithm >= kNumAlgorithms) {
+ fprintf(stderr, "Invalid Algorithm!\n");
+ return -1;
+ }
+
+ buf = BufferFromFile(argv[2], &len);
+ if (!buf) {
+ fprintf(stderr, "Could read file: %s\n", argv[2]);
+ return -1;
+ }
+
+ signature_digest = SignatureDigest(buf, len, algorithm);
+ signature_digest_len = (hash_size_map[algorithm] +
+ digestinfo_size_map[algorithm]);
+ if (!signature_digest)
+ error_code = -1;
+ if(signature_digest &&
+ 1 != fwrite(signature_digest, signature_digest_len, 1, stdout))
+ error_code = -1;
+ Free(signature_digest);
+ Free(buf);
+ return error_code;
+}