commit a290471be8063ef1a1173d891e70ee6607d129ac
author Mike Frysinger <vapier@chromium.org> Fri May 05 21:30:39 2017
committer chrome-bot <chrome-bot@chromium.org> Sun May 07 02:52:32 2017
tree 9406827a98e1a04395755481dccd2c690445a2a2
parent d80e3eca9bbd0b0e9dbd26f39a018f02f224d45a

load container key from DER file

Since we're inserting the key into the rootfs in the DER format,
we can read it directly and avoid doing any parsing on it.

BUG=chromium:718184
TEST=mount_extension_image still works

Change-Id: If3b6ce915cfda58e5cddba113445324ec90bde5c
Reviewed-on: https://chromium-review.googlesource.com/497948
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>

imageloader_main.cc

diff --git a/imageloader_main.cc b/imageloader_main.cc
index 4b1b336..4791a1e 100644
--- a/imageloader_main.cc
+++ b/imageloader_main.cc
@@ -4,12 +4,11 @@
 
 #include <signal.h>
 
+#include <base/files/file_path.h>
+#include <base/files/file_util.h>
 #include <base/memory/ptr_util.h>
 #include <brillo/flag_helper.h>
 #include <brillo/syslog_logging.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
 
 #include "helper_process.h"
 #include "imageloader.h"
@@ -34,42 +33,23 @@
 constexpr char kMountPath[] = "/run/imageloader";
 // The location of the container public key.
 constexpr char kContainerPublicKeyPath[] =
-    "/usr/share/misc/oci-container-key-pub.pem";
-
-struct ScopedPubkeyCloser {
-  inline void operator()(EVP_PKEY* pubkey) {
-    if (pubkey)
-      EVP_PKEY_free(pubkey);
-  }
-};
-using ScopedPubkey = std::unique_ptr<EVP_PKEY, ScopedPubkeyCloser>;
+    "/usr/share/misc/oci-container-key-pub.der";
 
 bool LoadKeyFromFile(const std::string& file, std::vector<uint8_t>* key_out) {
   CHECK(key_out);
 
-  base::ScopedFILE key_file(fopen(file.c_str(), "r"));
-  if (!key_file) {
-    LOG(WARNING) << "Could not find key file " << file;
-    return false;
-  }
+  base::FilePath key_file(file);
+  std::string key_data;
 
-  ScopedPubkey pubkey(
-      PEM_read_PUBKEY(key_file.get(), nullptr, nullptr, nullptr));
-  if (!pubkey) {
-    LOG(WARNING) << "Key file " << file << " was not a public key";
-    return false;
-  }
-
-  uint8_t *der_key = nullptr;
-  int der_len = i2d_PUBKEY(pubkey.get(), &der_key);
-  if (der_len < 0) {
-    LOG(WARNING) << "Failed to export public key in DER format";
+  // The key should be pretty small.
+  if (!ReadFileToString(key_file, &key_data)) {
+    LOG(WARNING) << "Could not read key file " << key_file.value();
     return false;
   }
 
   key_out->clear();
-  key_out->insert(key_out->begin(), der_key, der_key + der_len);
-  OPENSSL_free(der_key);
+  key_out->insert(key_out->begin(), key_data.begin(), key_data.end());
+
   return true;
 }