blob: ac3f40020e9b04d815d6731b9fb3b72a21d93edf [file] [log] [blame] [edit]
/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Developer file-signing utility
*/
#include <errno.h>
#include <getopt.h>
#include <inttypes.h> /* For PRIu64 */
#include <stdarg.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "cryptolib.h"
#include "host_common.h"
#include "kernel_blob.h"
#include "vboot_common.h"
/* Global opt */
static int opt_debug = 0;
/* Command line options */
enum {
OPT_MODE_SIGN = 1000,
OPT_MODE_VERIFY,
OPT_KEYBLOCK,
OPT_SIGNPRIVATE,
OPT_VBLOCK,
};
static struct option long_opts[] = {
{"sign", 1, 0, OPT_MODE_SIGN },
{"verify", 1, 0, OPT_MODE_VERIFY },
{"keyblock", 1, 0, OPT_KEYBLOCK },
{"signprivate", 1, 0, OPT_SIGNPRIVATE },
{"vblock", 1, 0, OPT_VBLOCK },
{"debug", 0, &opt_debug, 1 },
{NULL, 0, 0, 0}
};
/* Print help and return error */
static int PrintHelp(const char *progname) {
fprintf(stderr,
"This program is used to sign and verify developer-mode files\n");
fprintf(stderr,
"\n"
"Usage: %s --sign <file> [PARAMETERS]\n"
"\n"
" Required parameters:\n"
" --keyblock <file> Key block in .keyblock format\n"
" --signprivate <file>"
" Private key to sign file data, in .vbprivk format\n"
" --vblock <file> Output signature in .vblock format\n"
"\n",
progname);
fprintf(stderr,
"OR\n\n"
"Usage: %s --verify <file> [PARAMETERS]\n"
"\n"
" Required parameters:\n"
" --vblock <file> Signature file in .vblock format\n"
"\n"
" Optional parameters:\n"
" --keyblock <file>"
" Extract .keyblock to file if verification succeeds\n"
"\n",
progname);
return 1;
}
static void Debug(const char *format, ...) {
if (!opt_debug)
return;
va_list ap;
va_start(ap, format);
fprintf(stderr, "DEBUG: ");
vfprintf(stderr, format, ap);
va_end(ap);
}
/* Sign a file. We'll reuse the same structs used to sign kernels, to avoid
having to declare yet another one for just this purpose. */
static int Sign(const char* filename, const char* keyblock_file,
const char* signprivate_file, const char* outfile) {
uint8_t* file_data;
uint64_t file_size;
VbKeyBlockHeader* key_block;
uint64_t key_block_size;
VbPrivateKey* signing_key;
VbSignature* body_sig;
VbKernelPreambleHeader* preamble;
FILE* output_fp;
/* Read the file that we're going to sign. */
file_data = ReadFile(filename, &file_size);
if (!file_data) {
error("Error reading file to sign.\n");
return 1;
}
/* Get the key block and read the private key corresponding to it. */
key_block = (VbKeyBlockHeader*)ReadFile(keyblock_file, &key_block_size);
if (!key_block) {
error("Error reading key block.\n");
return 1;
}
signing_key = PrivateKeyRead(signprivate_file);
if (!signing_key) {
error("Error reading signing key.\n");
return 1;
}
/* Sign the file data */
body_sig = CalculateSignature(file_data, file_size, signing_key);
if (!body_sig) {
error("Error calculating body signature\n");
return 1;
}
/* Create preamble */
preamble = CreateKernelPreamble((uint64_t)0,
(uint64_t)0,
(uint64_t)0,
(uint64_t)0,
body_sig,
(uint64_t)0,
signing_key);
if (!preamble) {
error("Error creating preamble.\n");
return 1;
}
/* Write the output file */
Debug("writing %s...\n", outfile);
output_fp = fopen(outfile, "wb");
if (!output_fp) {
error("Can't open output file %s\n", outfile);
return 1;
}
Debug("0x%" PRIx64 " bytes of key_block\n", key_block_size);
Debug("0x%" PRIx64 " bytes of preamble\n", preamble->preamble_size);
if ((1 != fwrite(key_block, key_block_size, 1, output_fp)) ||
(1 != fwrite(preamble, preamble->preamble_size, 1, output_fp))) {
error("Can't write output file %s\n", outfile);
fclose(output_fp);
unlink(outfile);
return 1;
}
fclose(output_fp);
/* Done */
Free(preamble);
Free(body_sig);
Free(signing_key);
Free(key_block);
Free(file_data);
/* Success */
return 0;
}
static int Verify(const char* filename, const char* vblock_file,
const char* keyblock_file) {
uint8_t* file_data;
uint64_t file_size;
uint8_t* buf;
uint64_t buf_size;
VbKeyBlockHeader* key_block;
VbKernelPreambleHeader* preamble;
VbPublicKey* data_key;
RSAPublicKey* rsa;
uint64_t current_buf_offset = 0;
/* Read the file that we're going to verify. */
file_data = ReadFile(filename, &file_size);
if (!file_data) {
error("Error reading file to sign.\n");
return 1;
}
/* Read the vblock that we're going to use on it */
buf = ReadFile(vblock_file, &buf_size);
if (!buf) {
error("Error reading vblock_file.\n");
return 1;
}
/* Find the key block */
key_block = (VbKeyBlockHeader*)buf;
Debug("Keyblock is 0x%" PRIx64 " bytes\n", key_block->key_block_size);
current_buf_offset += key_block->key_block_size;
if (current_buf_offset > buf_size) {
error("key_block_size advances past the end of the buffer\n");
return 1;
}
/* Find the preamble */
preamble = (VbKernelPreambleHeader*)(buf + current_buf_offset);
Debug("Preamble is 0x%" PRIx64 " bytes\n", preamble->preamble_size);
current_buf_offset += preamble->preamble_size;
if (current_buf_offset > buf_size ) {
error("preamble_size advances past the end of the buffer\n");
return 1;
}
Debug("Current buf offset is at 0x%" PRIx64 " bytes\n", current_buf_offset);
/* Check the key block (hash only) */
if (0 != KeyBlockVerify(key_block, key_block->key_block_size, NULL, 1)) {
error("Error verifying key block.\n");
return 1;
}
printf("Key block:\n");
data_key = &key_block->data_key;
printf(" Size: 0x%" PRIx64 "\n", key_block->key_block_size);
printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm,
(data_key->algorithm < kNumAlgorithms ?
algo_strings[data_key->algorithm] : "(invalid)"));
printf(" Data key version: %" PRIu64 "\n", data_key->key_version);
printf(" Flags: %" PRIu64 "\n", key_block->key_block_flags);
/* Verify preamble */
rsa = PublicKeyToRSA(&key_block->data_key);
if (!rsa) {
error("Error parsing data key.\n");
return 1;
}
if (0 != VerifyKernelPreamble(preamble, preamble->preamble_size, rsa)) {
error("Error verifying preamble.\n");
return 1;
}
printf("Preamble:\n");
printf(" Size: 0x%" PRIx64 "\n", preamble->preamble_size);
printf(" Header version: %" PRIu32 ".%" PRIu32"\n",
preamble->header_version_major, preamble->header_version_minor);
printf(" Kernel version: %" PRIu64 "\n", preamble->kernel_version);
printf(" Body load address: 0x%" PRIx64 "\n", preamble->body_load_address);
printf(" Body size: 0x%" PRIx64 "\n",
preamble->body_signature.data_size);
printf(" Bootloader address: 0x%" PRIx64 "\n",
preamble->bootloader_address);
printf(" Bootloader size: 0x%" PRIx64 "\n", preamble->bootloader_size);
/* Verify body */
if (0 != VerifyData(file_data, file_size, &preamble->body_signature, rsa)) {
error("Error verifying kernel body.\n");
return 1;
}
printf("Body verification succeeded.\n");
if (keyblock_file) {
if (0 != WriteFile(keyblock_file, key_block, key_block->key_block_size)) {
error("Unable to export keyblock file\n");
return 1;
}
printf("Key block exported to %s\n", keyblock_file);
}
return 0;
}
int main(int argc, char* argv[]) {
char* filename = NULL;
char* keyblock_file = NULL;
char* signprivate_file = NULL;
char* vblock_file = NULL;
int mode = 0;
int parse_error = 0;
int option_index;
char *progname = strrchr(argv[0], '/');
if (progname)
progname++;
else
progname = argv[0];
while ((option_index = getopt_long(argc, argv, ":", long_opts, NULL)) != -1 &&
!parse_error) {
switch (option_index) {
default:
case '?':
/* Unhandled option */
parse_error = 1;
break;
case 0:
/* silently handled option */
break;
case OPT_MODE_SIGN:
case OPT_MODE_VERIFY:
if (mode && (mode != option_index)) {
fprintf(stderr, "Only a single mode can be specified\n");
parse_error = 1;
break;
}
mode = option_index;
filename = optarg;
break;
case OPT_KEYBLOCK:
keyblock_file = optarg;
break;
case OPT_SIGNPRIVATE:
signprivate_file = optarg;
break;
case OPT_VBLOCK:
vblock_file = optarg;
break;
}
}
if (parse_error)
return PrintHelp(progname);
switch(mode) {
case OPT_MODE_SIGN:
if (!keyblock_file || !signprivate_file || !vblock_file) {
fprintf(stderr, "Some required options are missing\n");
return PrintHelp(progname);
}
return Sign(filename, keyblock_file, signprivate_file, vblock_file);
case OPT_MODE_VERIFY:
if (!vblock_file) {
fprintf(stderr, "Some required options are missing\n");
return PrintHelp(progname);
}
return Verify(filename, vblock_file, keyblock_file);
default:
fprintf(stderr,
"You must specify either --sign or --verify\n");
return PrintHelp(progname);
}
/* NOTREACHED */
return 1;
}