/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ /* Routines for verifying a file's signature. Useful in testing the core * RSA verification implementation. */ #include #include #include #include #include #include #include #include "2common.h" #include "2rsa.h" #include "2sha.h" #include "2sysincludes.h" #include "file_keys.h" #include "host_common.h" #include "vb2_common.h" /* ANSI Color coding sequences. */ #define COL_GREEN "\e[1;32m" #define COL_RED "\e[0;31m" #define COL_STOP "\e[m" int main(int argc, char* argv[]) { uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); int return_code = 1; /* Default to error. */ uint8_t digest[VB2_MAX_DIGEST_SIZE]; struct vb2_packed_key *pk = NULL; uint8_t *signature = NULL; uint32_t sig_len = 0; if (argc != 5) { int i; fprintf(stderr, "Usage: %s " " \n\n", argv[0]); fprintf(stderr, "where depends on the signature algorithm" " used:\n"); for(i = 0; i < VB2_ALG_COUNT; i++) fprintf(stderr, "\t%d for %s\n", i, vb2_get_crypto_algorithm_name(i)); return -1; } int algorithm = atoi(argv[1]); if (algorithm >= VB2_ALG_COUNT) { fprintf(stderr, "Invalid algorithm %d\n", algorithm); goto error; } pk = vb2_read_packed_keyb(argv[2], algorithm, 0); if (!pk) { fprintf(stderr, "Can't read RSA public key.\n"); goto error; } struct vb2_public_key k2; if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) { fprintf(stderr, "Can't unpack RSA public key.\n"); goto error; } if (VB2_SUCCESS != vb2_read_file(argv[3], &signature, &sig_len)) { fprintf(stderr, "Can't read signature.\n"); goto error; } uint32_t expect_sig_size = vb2_rsa_sig_size(vb2_crypto_to_signature(algorithm)); if (sig_len != expect_sig_size) { fprintf(stderr, "Expected signature size %u, got %u\n", expect_sig_size, sig_len); goto error; } if (VB2_SUCCESS != DigestFile(argv[4], vb2_crypto_to_hash(algorithm), digest, sizeof(digest))) { fprintf(stderr, "Error calculating digest.\n"); goto error; } if (VB2_SUCCESS == vb2_rsa_verify_digest(&k2, signature, digest, &wb)) { return_code = 0; fprintf(stderr, "Signature Verification " COL_GREEN "SUCCEEDED" COL_STOP "\n"); } else { fprintf(stderr, "Signature Verification " COL_RED "FAILED" COL_STOP "\n"); } error: if (pk) free(pk); if (signature) free(signature); return return_code; }