/*############################################################################ # Copyright 2016-2017 Intel Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################*/ /*! * \file * * \brief Extract group keys from group key output file */ #include #include #include #include #include "epid/common/file_parser.h" #include "epid/common/types.h" #include "util/buffutil.h" #include "util/envutil.h" #include "util/stdtypes.h" #include "util/strutil.h" #define PROGRAM_NAME "extractgrps" #define ARGPARSE_ERROR_MAX 20 #define ARGTABLE_SIZE 5 #pragma pack(1) /// Intel(R) EPID Key Output File Entry typedef struct EpidBinaryGroupCertificate { EpidFileHeader header; ///< Intel(R) EPID binary file header GroupPubKey pubkey; ///< Intel(R) EPID 2.0 group public key EcdsaSignature signature; ///< ECDSA Signature on SHA-256 of above values } EpidBinaryGroupCertificate; #pragma pack() /// Main entrypoint int main(int argc, char* argv[]) { // intermediate return value for C style functions int ret_value = EXIT_SUCCESS; size_t keyfile_size = 0; size_t num_keys_extracted = 0; size_t num_keys_in_file = 0; FILE* file = NULL; int i = 0; size_t bytes_read = 0; // Verbose flag parameter static bool verbose_flag = false; struct arg_file* keyfile = arg_file1(NULL, NULL, "FILE", "FILE containing keys to extract"); struct arg_int* num_keys_to_extract = arg_int1(NULL, NULL, "NUM", "number of keys to extract"); struct arg_lit* help = arg_lit0(NULL, "help", "display this help and exit"); struct arg_lit* verbose = arg_lit0("v", "verbose", "print status messages to stdout"); struct arg_end* end = arg_end(ARGPARSE_ERROR_MAX); void* argtable[ARGTABLE_SIZE]; int nerrors; /* initialize the argtable array with ptrs to the arg_xxx structures * constructed above */ argtable[0] = keyfile; argtable[1] = num_keys_to_extract; argtable[2] = help; argtable[3] = verbose; argtable[4] = end; // set program name for logging set_prog_name(PROGRAM_NAME); do { /* verify the argtable[] entries were allocated sucessfully */ if (arg_nullcheck(argtable) != 0) { /* NULL entries were detected, some allocations must have failed */ printf("%s: insufficient memory\n", PROGRAM_NAME); ret_value = EXIT_FAILURE; break; } /* Parse the command line as defined by argtable[] */ nerrors = arg_parse(argc, argv, argtable); if (help->count > 0) { log_fmt( "Usage: %s [OPTION]... [FILE] [NUM]\n" "Extract the first NUM group certs from FILE to current " "directory\n" "\n" "Options:\n", PROGRAM_NAME); arg_print_glossary(stdout, argtable, " %-25s %s\n"); ret_value = EXIT_SUCCESS; break; } if (verbose->count > 0) { verbose_flag = ToggleVerbosity(); } /* If the parser returned any errors then display them and exit */ if (nerrors > 0) { /* Display the error details contained in the arg_end struct.*/ arg_print_errors(stderr, end, PROGRAM_NAME); fprintf(stderr, "Try '%s --help' for more information.\n", PROGRAM_NAME); ret_value = EXIT_FAILURE; break; } if (num_keys_to_extract->ival[0] < 0) { log_error("unable extract negative number of keys"); ret_value = EXIT_FAILURE; break; } // check file existence if (!FileExists(keyfile->filename[0])) { log_error("cannot access '%s'", keyfile->filename[0]); ret_value = EXIT_FAILURE; break; } keyfile_size = GetFileSize(keyfile->filename[0]); if (0 != keyfile_size % sizeof(EpidBinaryGroupCertificate)) { log_error( "input file '%s' is invalid: does not contain integral number of " "group keys", keyfile->filename[0]); ret_value = EXIT_FAILURE; break; } num_keys_in_file = keyfile_size / sizeof(EpidBinaryGroupCertificate); if ((unsigned int)num_keys_to_extract->ival[0] > num_keys_in_file) { log_error("can not extract %d keys: only %d in file", num_keys_to_extract->ival[0], num_keys_in_file); ret_value = EXIT_FAILURE; break; } file = fopen(keyfile->filename[0], "rb"); if (!file) { log_error("failed read from '%s'", keyfile->filename[0]); ret_value = EXIT_FAILURE; break; } // start extraction for (i = 0; i < num_keys_to_extract->ival[0]; i++) { EpidBinaryGroupCertificate temp; int seek_failed = 0; seek_failed = fseek(file, i * sizeof(temp), SEEK_SET); bytes_read = fread(&temp, 1, sizeof(temp), file); if (seek_failed || bytes_read != sizeof(temp)) { log_error("failed to extract key #%lu from '%s'", i, keyfile->filename[0]); } else { // ulong max = 4294967295 char outkeyname[256] = {0}; if (memcmp(&kEpidVersionCode[kEpid2x], &temp.header.epid_version, sizeof(temp.header.epid_version)) || memcmp(&kEpidFileTypeCode[kGroupPubKeyFile], &temp.header.file_type, sizeof(temp.header.file_type))) { log_error("failed to extract key #%lu from '%s': file is invalid", i, keyfile->filename[0]); ret_value = EXIT_FAILURE; break; } snprintf(outkeyname, sizeof(outkeyname), "pubkey%010u.bin", i); if (FileExists(outkeyname)) { log_error("file '%s' already exists", outkeyname); ret_value = EXIT_FAILURE; break; } if (0 != WriteLoud(&temp, sizeof(temp), outkeyname)) { log_error("failed to write key #%lu from '%s'", i, keyfile->filename[0]); } else { num_keys_extracted++; } } } if (EXIT_FAILURE == ret_value) { break; } log_msg("extracted %lu of %lu keys", num_keys_extracted, num_keys_in_file); } while (0); if (file) { fclose(file); file = NULL; } arg_freetable(argtable, sizeof(argtable) / sizeof(argtable[0])); return ret_value; }