Add support for ECDSA signatures
This adds support for key version 5 which is an EC key using the NIST P-256 curve parameters. OTAs may be signed with these keys using the ECDSA signature algorithm with SHA-256. Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
This commit is contained in:
+84
-20
@@ -100,6 +100,18 @@ RSAPublicKey test_f4_key =
|
||||
65537
|
||||
};
|
||||
|
||||
ECPublicKey test_ec_key =
|
||||
{
|
||||
{
|
||||
{0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu,
|
||||
0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u}
|
||||
},
|
||||
{
|
||||
{0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au,
|
||||
0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u}
|
||||
}
|
||||
};
|
||||
|
||||
RecoveryUI* ui = NULL;
|
||||
|
||||
// verifier expects to find a UI object; we provide one that does
|
||||
@@ -136,34 +148,86 @@ ui_print(const char* format, ...) {
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
static Certificate* add_certificate(Certificate** certsp, int* num_keys,
|
||||
Certificate::KeyType key_type) {
|
||||
int i = *num_keys;
|
||||
*num_keys = *num_keys + 1;
|
||||
*certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate));
|
||||
Certificate* certs = *certsp;
|
||||
certs[i].rsa = NULL;
|
||||
certs[i].ec = NULL;
|
||||
certs[i].key_type = key_type;
|
||||
certs[i].hash_len = SHA_DIGEST_SIZE;
|
||||
return &certs[i];
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
if (argc < 2 || argc > 4) {
|
||||
fprintf(stderr, "Usage: %s [-sha256] [-f4 | -file <keys>] <package>\n", argv[0]);
|
||||
if (argc < 2) {
|
||||
fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
|
||||
return 2;
|
||||
}
|
||||
Certificate* certs = NULL;
|
||||
int num_keys = 0;
|
||||
|
||||
int argn = 1;
|
||||
while (argn < argc) {
|
||||
if (strcmp(argv[argn], "-sha256") == 0) {
|
||||
if (num_keys == 0) {
|
||||
fprintf(stderr, "May only specify -sha256 after key type\n");
|
||||
return 2;
|
||||
}
|
||||
++argn;
|
||||
Certificate* cert = &certs[num_keys - 1];
|
||||
cert->hash_len = SHA256_DIGEST_SIZE;
|
||||
} else if (strcmp(argv[argn], "-ec") == 0) {
|
||||
++argn;
|
||||
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC);
|
||||
cert->ec = &test_ec_key;
|
||||
} else if (strcmp(argv[argn], "-e3") == 0) {
|
||||
++argn;
|
||||
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
|
||||
cert->rsa = &test_key;
|
||||
} else if (strcmp(argv[argn], "-f4") == 0) {
|
||||
++argn;
|
||||
Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
|
||||
cert->rsa = &test_f4_key;
|
||||
} else if (strcmp(argv[argn], "-file") == 0) {
|
||||
if (certs != NULL) {
|
||||
fprintf(stderr, "Cannot specify -file with other certs specified\n");
|
||||
return 2;
|
||||
}
|
||||
++argn;
|
||||
certs = load_keys(argv[argn], &num_keys);
|
||||
++argn;
|
||||
} else if (argv[argn][0] == '-') {
|
||||
fprintf(stderr, "Unknown argument %s\n", argv[argn]);
|
||||
return 2;
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (argn == argc) {
|
||||
fprintf(stderr, "Must specify package to verify\n");
|
||||
return 2;
|
||||
}
|
||||
|
||||
Certificate default_cert;
|
||||
Certificate* cert = &default_cert;
|
||||
cert->public_key = &test_key;
|
||||
cert->hash_len = SHA_DIGEST_SIZE;
|
||||
int num_keys = 1;
|
||||
++argv;
|
||||
if (strcmp(argv[0], "-sha256") == 0) {
|
||||
++argv;
|
||||
cert->hash_len = SHA256_DIGEST_SIZE;
|
||||
}
|
||||
if (strcmp(argv[0], "-f4") == 0) {
|
||||
++argv;
|
||||
cert->public_key = &test_f4_key;
|
||||
} else if (strcmp(argv[0], "-file") == 0) {
|
||||
++argv;
|
||||
cert = load_keys(argv[0], &num_keys);
|
||||
++argv;
|
||||
if (num_keys == 0) {
|
||||
certs = (Certificate*) calloc(1, sizeof(Certificate));
|
||||
if (certs == NULL) {
|
||||
fprintf(stderr, "Failure allocating memory for default certificate\n");
|
||||
return 1;
|
||||
}
|
||||
certs->key_type = Certificate::RSA;
|
||||
certs->rsa = &test_key;
|
||||
certs->ec = NULL;
|
||||
certs->hash_len = SHA_DIGEST_SIZE;
|
||||
num_keys = 1;
|
||||
}
|
||||
|
||||
ui = new FakeUI();
|
||||
|
||||
int result = verify_file(*argv, cert, num_keys);
|
||||
int result = verify_file(argv[argn], certs, num_keys);
|
||||
if (result == VERIFY_SUCCESS) {
|
||||
printf("VERIFIED\n");
|
||||
return 0;
|
||||
|
||||
Reference in New Issue
Block a user