aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDoug Zongker2012-11-02 17:04:05 -0500
committerDoug Zongker2012-11-02 17:09:57 -0500
commit6c249f7ae890694f061bfde7a3ab52bf367be110 (patch)
tree15652db30bd69d6ee35210f48e65943767958003 /verifier.cpp
parentbf80f49edcec6b22ad7b1219e6ed6eda1e930c8c (diff)
downloadplatform-bootable-recovery-6c249f7ae890694f061bfde7a3ab52bf367be110.tar.gz
platform-bootable-recovery-6c249f7ae890694f061bfde7a3ab52bf367be110.tar.xz
platform-bootable-recovery-6c249f7ae890694f061bfde7a3ab52bf367be110.zip
move key loading to verifier code
Add an option to verifier_test to load keys from a file, the way the recovery does. Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
Diffstat (limited to 'verifier.cpp')
-rw-r--r--verifier.cpp102
1 files changed, 102 insertions, 0 deletions
diff --git a/verifier.cpp b/verifier.cpp
index 1c5a41d1..5f4c981e 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -179,9 +179,111 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
179 LOGI("whole-file signature verified against key %d\n", i); 179 LOGI("whole-file signature verified against key %d\n", i);
180 free(eocd); 180 free(eocd);
181 return VERIFY_SUCCESS; 181 return VERIFY_SUCCESS;
182 } else {
183 LOGI("failed to verify against key %d\n", i);
182 } 184 }
183 } 185 }
184 free(eocd); 186 free(eocd);
185 LOGE("failed to verify whole-file signature\n"); 187 LOGE("failed to verify whole-file signature\n");
186 return VERIFY_FAILURE; 188 return VERIFY_FAILURE;
187} 189}
190
191// Reads a file containing one or more public keys as produced by
192// DumpPublicKey: this is an RSAPublicKey struct as it would appear
193// as a C source literal, eg:
194//
195// "{64,0xc926ad21,{1795090719,...,-695002876},{-857949815,...,1175080310}}"
196//
197// For key versions newer than the original 2048-bit e=3 keys
198// supported by Android, the string is preceded by a version
199// identifier, eg:
200//
201// "v2 {64,0xc926ad21,{1795090719,...,-695002876},{-857949815,...,1175080310}}"
202//
203// (Note that the braces and commas in this example are actual
204// characters the parser expects to find in the file; the ellipses
205// indicate more numbers omitted from this example.)
206//
207// The file may contain multiple keys in this format, separated by
208// commas. The last key must not be followed by a comma.
209//
210// Returns NULL if the file failed to parse, or if it contain zero keys.
211RSAPublicKey*
212load_keys(const char* filename, int* numKeys) {
213 RSAPublicKey* out = NULL;
214 *numKeys = 0;
215
216 FILE* f = fopen(filename, "r");
217 if (f == NULL) {
218 LOGE("opening %s: %s\n", filename, strerror(errno));
219 goto exit;
220 }
221
222 {
223 int i;
224 bool done = false;
225 while (!done) {
226 ++*numKeys;
227 out = (RSAPublicKey*)realloc(out, *numKeys * sizeof(RSAPublicKey));
228 RSAPublicKey* key = out + (*numKeys - 1);
229
230 char start_char;
231 if (fscanf(f, " %c", &start_char) != 1) goto exit;
232 if (start_char == '{') {
233 // a version 1 key has no version specifier.
234 key->exponent = 3;
235 } else if (start_char == 'v') {
236 int version;
237 if (fscanf(f, "%d {", &version) != 1) goto exit;
238 if (version == 2) {
239 key->exponent = 65537;
240 } else {
241 goto exit;
242 }
243 }
244
245 if (fscanf(f, " %i , 0x%x , { %u",
246 &(key->len), &(key->n0inv), &(key->n[0])) != 3) {
247 goto exit;
248 }
249 if (key->len != RSANUMWORDS) {
250 LOGE("key length (%d) does not match expected size\n", key->len);
251 goto exit;
252 }
253 for (i = 1; i < key->len; ++i) {
254 if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit;
255 }
256 if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit;
257 for (i = 1; i < key->len; ++i) {
258 if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit;
259 }
260 fscanf(f, " } } ");
261
262 // if the line ends in a comma, this file has more keys.
263 switch (fgetc(f)) {
264 case ',':
265 // more keys to come.
266 break;
267
268 case EOF:
269 done = true;
270 break;
271
272 default:
273 LOGE("unexpected character between keys\n");
274 goto exit;
275 }
276
277 LOGI("read key e=%d\n", key->exponent);
278 }
279 }
280
281 fclose(f);
282 return out;
283
284exit:
285 if (f) fclose(f);
286 free(out);
287 *numKeys = 0;
288 return NULL;
289}