common/vboot/vb21_lib.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

/* Copyright 2017 The Chromium OS Authors. All rights reserved.
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 */

/*
 * Common utility APIs for vboot 2.1
 */

#include "common.h"
#include "rsa.h"
#include "rwsig.h"
#include "vb21_struct.h"
#include "vboot.h"

int vb21_is_packed_key_valid(const struct vb21_packed_key *key)
{
	if (key->c.magic != VB21_MAGIC_PACKED_KEY)
		return EC_ERROR_VBOOT_KEY_MAGIC;
	if (key->key_size != sizeof(struct rsa_public_key))
		return EC_ERROR_VBOOT_KEY_SIZE;
	return EC_SUCCESS;
}

int vb21_is_signature_valid(const struct vb21_signature *sig,
			    const struct vb21_packed_key *key)
{
	if (sig->c.magic != VB21_MAGIC_SIGNATURE)
		return EC_ERROR_VBOOT_SIG_MAGIC;
	if (sig->sig_size != RSANUMBYTES)
		return EC_ERROR_VBOOT_SIG_SIZE;
	if (key->sig_alg != sig->sig_alg)
		return EC_ERROR_VBOOT_SIG_ALGORITHM;
	if (key->hash_alg != sig->hash_alg)
		return EC_ERROR_VBOOT_HASH_ALGORITHM;
	/* Sanity check signature offset and data size. */
	if (sig->sig_offset < sizeof(*sig))
		return EC_ERROR_VBOOT_SIG_OFFSET;
	if (sig->sig_offset + RSANUMBYTES > CONFIG_RW_SIG_SIZE)
		return EC_ERROR_VBOOT_SIG_OFFSET;
	if (sig->data_size > CONFIG_RW_SIZE - CONFIG_RW_SIG_SIZE)
		return EC_ERROR_VBOOT_DATA_SIZE;
	return EC_SUCCESS;
}