| /*############################################################################ |
| # Copyright 2016-2017 Intel Corporation |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| ############################################################################*/ |
| |
| /*! |
| * \file |
| * |
| * \brief Extract member private keys from key output file |
| * |
| * Not validating SHA hashes in key file |
| */ |
| |
| #include <stdio.h> |
| #include <stdlib.h> |
| |
| #include <argtable3.h> |
| #include "epid/common/types.h" |
| #include "util/buffutil.h" |
| #include "util/envutil.h" |
| #include "util/stdtypes.h" |
| #include "util/strutil.h" |
| |
| #define PROGRAM_NAME "extractkeys" |
| #define ARGPARSE_ERROR_MAX 20 |
| #define ARGTABLE_SIZE 6 |
| |
| #pragma pack(1) |
| /// Intel(R) EPID Key Output File Entry |
| typedef struct EpidKeyOutputFileKey { |
| unsigned char product_id[2]; ///< 2-byte Product ID (Big Endian) |
| unsigned char key_id[8]; ///< 8-byte Key Unique Id(Big Endian) |
| unsigned char svn[4]; ///< 4-byte Security Version Number (SVN) (Big Endian) |
| PrivKey privkey; ///< Intel(R) EPID 2.0 Private Key |
| unsigned char hash[20]; ///< 20-byte SHA-1 of above |
| } EpidKeyOutputFileKey; |
| |
| /// Intel(R) EPID Compressed Key Output File Entry |
| typedef struct EpidCompressedKeyOutputFileKey { |
| unsigned char product_id[2]; ///< 2-byte Product ID (Big Endian) |
| unsigned char key_id[8]; ///< 8-byte Key Unique Id(Big Endian) |
| unsigned char svn[4]; ///< 4-byte Security Version Number (SVN) (Big Endian) |
| CompressedPrivKey privkey; ///< Intel(R) EPID 2.0 Compressed Private Key |
| unsigned char hash[20]; ///< 20-byte SHA-1 of above |
| } EpidCompressedKeyOutputFileKey; |
| #pragma pack() |
| |
| /// Main entrypoint |
| int main(int argc, char* argv[]) { |
| // intermediate return value for C style functions |
| int ret_value = EXIT_SUCCESS; |
| // Buffer to store read key |
| uint8_t temp[sizeof(EpidKeyOutputFileKey)] = {0}; |
| |
| // Private key to extract |
| void* privkey = 0; |
| size_t privkey_size = 0; |
| |
| size_t keyfile_size = 0; |
| size_t keyfile_entry_size = 0; |
| size_t num_keys_extracted = 0; |
| size_t num_keys_in_file = 0; |
| |
| FILE* file = NULL; |
| |
| // Verbose flag parameter |
| static bool verbose_flag = false; |
| |
| int i = 0; |
| size_t bytes_read = 0; |
| |
| struct arg_file* keyfile = |
| arg_file1(NULL, NULL, "FILE", "FILE containing keys to extract"); |
| struct arg_int* num_keys_to_extract = |
| arg_int1(NULL, NULL, "NUM", "number of keys to extract"); |
| struct arg_lit* compressed = |
| arg_lit0("c", "compressed", "extract compressed keys"); |
| struct arg_lit* help = arg_lit0(NULL, "help", "display this help and exit"); |
| struct arg_lit* verbose = |
| arg_lit0("v", "verbose", "print status messages to stdout"); |
| struct arg_end* end = arg_end(ARGPARSE_ERROR_MAX); |
| void* argtable[ARGTABLE_SIZE]; |
| int nerrors; |
| |
| /* initialize the argtable array with ptrs to the arg_xxx structures |
| * constructed above */ |
| argtable[0] = keyfile; |
| argtable[1] = num_keys_to_extract; |
| argtable[2] = compressed; |
| argtable[3] = help; |
| argtable[4] = verbose; |
| argtable[5] = end; |
| |
| // set program name for logging |
| set_prog_name(PROGRAM_NAME); |
| do { |
| /* verify the argtable[] entries were allocated sucessfully */ |
| if (arg_nullcheck(argtable) != 0) { |
| /* NULL entries were detected, some allocations must have failed */ |
| printf("%s: insufficient memory\n", PROGRAM_NAME); |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| |
| /* Parse the command line as defined by argtable[] */ |
| nerrors = arg_parse(argc, argv, argtable); |
| |
| if (help->count > 0) { |
| log_fmt( |
| "Usage: %s [OPTION]... [FILE] [NUM]\n" |
| "Extract the first NUM private keys from FILE to current " |
| "directory.\n" |
| "\n" |
| "Options:\n", |
| PROGRAM_NAME); |
| arg_print_glossary(stdout, argtable, " %-25s %s\n"); |
| ret_value = EXIT_SUCCESS; |
| break; |
| } |
| if (verbose->count > 0) { |
| verbose_flag = ToggleVerbosity(); |
| } |
| /* If the parser returned any errors then display them and exit */ |
| if (nerrors > 0) { |
| /* Display the error details contained in the arg_end struct.*/ |
| arg_print_errors(stderr, end, PROGRAM_NAME); |
| fprintf(stderr, "Try '%s --help' for more information.\n", PROGRAM_NAME); |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| |
| if (num_keys_to_extract->ival[0] < 0) { |
| log_error("unable extract negative number of keys"); |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| |
| // check file existence |
| if (!FileExists(keyfile->filename[0])) { |
| log_error("cannot access '%s'", keyfile->filename[0]); |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| |
| keyfile_size = GetFileSize(keyfile->filename[0]); |
| if (compressed->count > 0) { |
| privkey_size = sizeof(CompressedPrivKey); |
| privkey = &(((EpidCompressedKeyOutputFileKey*)&temp[0])->privkey); |
| keyfile_entry_size = sizeof(EpidCompressedKeyOutputFileKey); |
| } else { |
| privkey_size = sizeof(PrivKey); |
| privkey = &(((EpidKeyOutputFileKey*)&temp[0])->privkey); |
| keyfile_entry_size = sizeof(EpidKeyOutputFileKey); |
| } |
| |
| if (0 != keyfile_size % keyfile_entry_size) { |
| log_error( |
| "input file '%s' is invalid: does not contain integral number of " |
| "keys", |
| keyfile->filename[0]); |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| num_keys_in_file = keyfile_size / keyfile_entry_size; |
| |
| if ((unsigned int)num_keys_to_extract->ival[0] > num_keys_in_file) { |
| log_error("can not extract %d keys: only %d in file", |
| num_keys_to_extract->ival[0], num_keys_in_file); |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| |
| file = fopen(keyfile->filename[0], "rb"); |
| if (!file) { |
| log_error("failed read from '%s'", keyfile->filename[0]); |
| |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| |
| // start extraction |
| for (i = 0; i < num_keys_to_extract->ival[0]; ++i) { |
| int seek_failed = 0; |
| seek_failed = fseek(file, (int)(i * keyfile_entry_size), SEEK_SET); |
| bytes_read = fread(&temp, 1, keyfile_entry_size, file); |
| if (seek_failed || bytes_read != keyfile_entry_size) { |
| log_error("failed to extract key #%lu from '%s'", i, |
| keyfile->filename[0]); |
| } else { |
| char outkeyname[256] = {0}; |
| snprintf(outkeyname, sizeof(outkeyname), "mprivkey%010u.dat", i); |
| |
| if (FileExists(outkeyname)) { |
| log_error("file '%s' already exists", outkeyname); |
| ret_value = EXIT_FAILURE; |
| break; |
| } |
| if (0 != WriteLoud(privkey, privkey_size, outkeyname)) { |
| log_error("failed to write key #%lu from '%s'", i, |
| keyfile->filename[0]); |
| } else { |
| num_keys_extracted++; |
| } |
| } |
| } |
| if (EXIT_FAILURE == ret_value) { |
| break; |
| } |
| |
| log_msg("extracted %lu of %lu keys", num_keys_extracted, num_keys_in_file); |
| } while (0); |
| |
| if (file) { |
| fclose(file); |
| file = NULL; |
| } |
| |
| arg_freetable(argtable, sizeof(argtable) / sizeof(argtable[0])); |
| |
| return ret_value; |
| } |
