vboot_reference: Add support for 3072-bit exponent 3 keys

This also adds the required tests (keys, testcases), and some
additional tests in vb2_rsa_utility_tests.c that were not
added when 2048-bit exponent 3 support was added.

BRANCH=none
BUG=chromium:684354
TEST=make runtests

Change-Id: I56d22302c2254ef500b9d2d290a79d8c8bc39942
Reviewed-on: https://chromium-review.googlesource.com/449060
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>

21 files changed, 102 insertions, 3 deletions

diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index 48e1ec33..c349d4e2 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -197,6 +197,9 @@ static const uint8_t crypto_to_sig[] = {
 	VB2_SIG_RSA2048_EXP3,
 	VB2_SIG_RSA2048_EXP3,
 	VB2_SIG_RSA2048_EXP3,
+	VB2_SIG_RSA3072_EXP3,
+	VB2_SIG_RSA3072_EXP3,
+	VB2_SIG_RSA3072_EXP3,
 };
 
 /**
@@ -224,6 +227,8 @@ uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg)
 	case VB2_SIG_RSA2048:
 	case VB2_SIG_RSA2048_EXP3:
 		return 2048 / 8;
+	case VB2_SIG_RSA3072_EXP3:
+		return 3072 / 8;
 	case VB2_SIG_RSA4096:
 		return 4096 / 8;
 	case VB2_SIG_RSA8192:
@@ -248,6 +253,7 @@ static uint32_t vb2_rsa_exponent(enum vb2_signature_algorithm sig_alg)
 	case VB2_SIG_RSA8192:
 		return 65537;
 	case VB2_SIG_RSA2048_EXP3:
+	case VB2_SIG_RSA3072_EXP3:
 		return 3;
 	default:
 		return 0;
diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c
index 7193091b..c45606bb 100644
--- a/firmware/2lib/2sha_utility.c
+++ b/firmware/2lib/2sha_utility.c
@@ -43,6 +43,9 @@ static const uint8_t crypto_to_hash[] = {
 	CTH_SHA1,
 	CTH_SHA256,
 	CTH_SHA512,
+	CTH_SHA1,
+	CTH_SHA256,
+	CTH_SHA512,
 };
 
 enum vb2_hash_algorithm vb2_crypto_to_hash(uint32_t algorithm)
diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h
index a33b5360..e786614c 100644
--- a/firmware/2lib/include/2crypto.h
+++ b/firmware/2lib/include/2crypto.h
@@ -26,6 +26,9 @@ enum vb2_crypto_algorithm {
 	VB2_ALG_RSA2048_EXP3_SHA1   = 12,
 	VB2_ALG_RSA2048_EXP3_SHA256 = 13,
 	VB2_ALG_RSA2048_EXP3_SHA512 = 14,
+	VB2_ALG_RSA3072_EXP3_SHA1   = 15,
+	VB2_ALG_RSA3072_EXP3_SHA256 = 16,
+	VB2_ALG_RSA3072_EXP3_SHA512 = 17,
 	/* Number of algorithms */
 	VB2_ALG_COUNT
 };
@@ -47,6 +50,7 @@ enum vb2_signature_algorithm {
 	VB2_SIG_RSA4096 = 4,
 	VB2_SIG_RSA8192 = 5,
 	VB2_SIG_RSA2048_EXP3 = 6,
+	VB2_SIG_RSA3072_EXP3 = 7,
 
 	/* Last index. Don't add anything below. */
 	VB2_SIG_ALG_COUNT,
diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c
index be36df71..4f82d10c 100644
--- a/host/lib21/host_key.c
+++ b/host/lib21/host_key.c
@@ -24,6 +24,7 @@ const struct vb2_text_vs_enum vb2_text_vs_sig[] = {
 	{"RSA4096", VB2_SIG_RSA4096},
 	{"RSA8192", VB2_SIG_RSA8192},
 	{"RSA2048EXP3", VB2_SIG_RSA2048_EXP3},
+	{"RSA3072EXP3", VB2_SIG_RSA3072_EXP3},
 	{0, 0}
 };
 
@@ -572,6 +573,8 @@ enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa)
 		switch (bits) {
 		case 2048:
 			return VB2_SIG_RSA2048_EXP3;
+		case 3072:
+			return VB2_SIG_RSA3072_EXP3;
 		}
 		break;
 	case RSA_F4:
diff --git a/tests/common.sh b/tests/common.sh
index 78a47fa8..8cc1498d 100644
--- a/tests/common.sh
+++ b/tests/common.sh
@@ -28,7 +28,7 @@ COL_BLUE='\E[34;1m'
 COL_STOP='\E[0;m'
 
 hash_algos=( sha1 sha256 sha512 )
-key_lengths=( 1024 2048 4096 8192 2048_exp3 )
+key_lengths=( 1024 2048 4096 8192 2048_exp3 3072_exp3 )
 
 function happy {
   echo -e "${COL_GREEN}$*${COL_STOP}" 1>&2
diff --git a/tests/futility/test_rwsig.sh b/tests/futility/test_rwsig.sh
index efdb6dbb..846074d9 100755
--- a/tests/futility/test_rwsig.sh
+++ b/tests/futility/test_rwsig.sh
@@ -12,7 +12,7 @@ cd "$OUTDIR"
 DATADIR="${SCRIPTDIR}/data"
 TESTKEYS=${SRCDIR}/tests/testkeys
 
-SIGS="1024 2048 2048_exp3 4096 8192"
+SIGS="1024 2048 2048_exp3 3072_exp3 4096 8192"
 HASHES="SHA1 SHA256 SHA512"
 
 set -o pipefail
diff --git a/tests/rsa_padding_test.h b/tests/rsa_padding_test.h
index 18bccd8c..bf039f5f 100644
--- a/tests/rsa_padding_test.h
+++ b/tests/rsa_padding_test.h
@@ -14,6 +14,7 @@
 
 #define RSA1024NUMBYTES 128  /* 1024 bit key length */
 #define RSA2048NUMBYTES 256  /* 2048 bit key length */
+#define RSA3072NUMBYTES 384  /* 3072 bit key length */
 #define RSA4096NUMBYTES 512  /* 4096 bit key length */
 #define RSA8192NUMBYTES 1024  /* 8192 bit key length */
 
diff --git a/tests/testcases/test_file.rsa3072_exp3_sha1.sig b/tests/testcases/test_file.rsa3072_exp3_sha1.sig
new file mode 100644
index 00000000..caac8e9a
--- /dev/null
+++ b/tests/testcases/test_file.rsa3072_exp3_sha1.sig
@@ -0,0 +1,3 @@
+F���bd�m=�%�ҟ>/��m޺z�J�����Q�5��Jq�%ӣO_�^Dr�IgY;I�{
{M����ԛ_�Y0�s��O���G��@ͫ��ۜ���I�ʇ��?��{Y��C���#����\����� n����.bҩv廎8
��4@d7�U4������q@F�Ϧ,���Yu���z�T �B	����ߦ����`~�Ȍu�q�����{[����^�
+pV���QW3�e
����ާ���8�2��xZISn�JV��d�%����p�Q��+<��D�+� ����.\־҉�k%�$�mS��_��H/倫�:�C
+J<%��
��ÿ�ս��"X?Y��up_�J��SX5pk+>��+mA���ˍ
@�	
\ No newline at end of file
diff --git a/tests/testcases/test_file.rsa3072_exp3_sha256.sig b/tests/testcases/test_file.rsa3072_exp3_sha256.sig
new file mode 100644
index 00000000..67bb39f4
--- /dev/null
+++ b/tests/testcases/test_file.rsa3072_exp3_sha256.sig
@@ -0,0 +1,4 @@
+��>ȴ5/�Т/�(
�O�\�4�1~��vBGK
+�k�����M
+��B��'��z���rjfQ1�9ԺQ�Ҿ�YF|�ddU�Jf�4���nQG�a]��*/j�5/�јL�AwU:�qU3�+o,��./�i�_I���A�&�5�Վ��>JZ#6`��|8W���]����k�ml��P�<����O��x�H4*��$�A(�j���ʝ9��v�>�@M�8E��/J~HE�
y�PՅ&myw#�%���K�����q�����bw�m	<JV�]	���!�e�7��-ht�N4#)\%��F��:�.Su
+ֈ._�����s@��S�+q��b�a�5���<��Yu���2%|��ۀ������"n�|� 90����2N�
\ No newline at end of file
diff --git a/tests/testcases/test_file.rsa3072_exp3_sha512.sig b/tests/testcases/test_file.rsa3072_exp3_sha512.sig
new file mode 100644
index 00000000..81567572
--- /dev/null
+++ b/tests/testcases/test_file.rsa3072_exp3_sha512.sig
diff --git a/tests/testkeys/key_rsa3072_exp3.crt b/tests/testkeys/key_rsa3072_exp3.crt
new file mode 100644
index 00000000..e0883c95
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEWzCCAsOgAwIBAgIJAPyixe4BfOZeMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTcwMzAyMTAxNDU1WhcNMTcwNDAxMTAxNDU1WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBoDANBgkqhkiG9w0BAQEFAAOCAY0AMIIB
+iAKCAYEAlQVTZVpsQ7V4qs6KR8Ae77fkbLX8kPXe5kNTHGT7Xv8gmNYkfR2iybFH
+99bOzXEhGvHhbVurIFxOcunb0qpNMxiD/lCtLs+OiL3KyV8AreyQQ0QI0kCPw0JB
+UqoR3sdv5F5AeuoPVxgW3MuesFYa9DhGh2e1v3lwBxpKjVGpNXyWNJax0+QbgmLB
+gOkA6HTPF7CYrihfAMe88rFDC4XPH/azMljWHLhQ3Ee2ACV2a3DY03NsyWIB9Te0
+hmxOgz+fwQ/m04Ihdl6PMvuUPsdb1reYZNA7cqEx1vhzI0ND4+Rqpiot+f7QRHDa
+plmE7A8bzSVaL9hGv/v7X/AQc0ZWdOMykk6ZbkbrKbCTUlZLorLdJrZkDWO0vLnD
+I6L8aKvzXwcZM5mDUU18RhhTmL7IeIeVfydyPS3YI/FyDk9tfYa9Dd/P7SHdEsyB
+Brr0eW1EJk68V1ZbVQ8LdLBc454u7wGKlXu/Oz1dTrb5QkwnzVRKtW/ARTkBbj1W
+Cl5os6e3AgEDo1AwTjAdBgNVHQ4EFgQUK2yq+G5PiQeas4aZebXSluM/NNYwHwYD
+VR0jBBgwFoAUK2yq+G5PiQeas4aZebXSluM/NNYwDAYDVR0TBAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAYEAi9vvg7/EE1KYsjrusb7i+yPb4vg/u6yYrC7rnF08VVGj
+BCHCJw1IxuQpFKP6MuQmW4dnwM1jRVdmwZj1Mc3CzMyyboJZ6hpUiU0jozL0fA2x
+rxB0/3kerOFTK+CfTqvU3whR7Ro2p9xYz67vhWr8JAyh+M71pTel2CT3WSGZyeFE
+pjdRVij0f9jqOzFdQgBgpTlghe9zk6+0Ie3ZpPrzzs2kL/W3kKrbVHuAp5OUV4WD
+nZ/UC64b2qTa1zJI4tBxE71/iD1sMe8C6CO4AmnmVvvir370bAV9I5X5MaSnwY78
+1iEkd1Ms+wropdi7Krej5N+pqe9nxOsf7hr9qSoAEfCnhBbkvkwepcaldCCs1mbt
+z7nAAJ7qEhTp0qiJsSb+WfbMFrRT6IrmCxLk52ep8r9y+mD7rb5kfW9on7mu1Cky
+qvCgtVklqw2Lc3WJKTMX7q4CgT08IUJP1cK+PD/veYD3U56XoddqegkBqb+ez8/N
+PruE8JOEBrY80grErc4X
+-----END CERTIFICATE-----
diff --git a/tests/testkeys/key_rsa3072_exp3.keyb b/tests/testkeys/key_rsa3072_exp3.keyb
new file mode 100644
index 00000000..ff23b170
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.keyb
diff --git a/tests/testkeys/key_rsa3072_exp3.pem b/tests/testkeys/key_rsa3072_exp3.pem
new file mode 100644
index 00000000..b62eebce
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAlQVTZVpsQ7V4qs6KR8Ae77fkbLX8kPXe5kNTHGT7Xv8gmNYk
+fR2iybFH99bOzXEhGvHhbVurIFxOcunb0qpNMxiD/lCtLs+OiL3KyV8AreyQQ0QI
+0kCPw0JBUqoR3sdv5F5AeuoPVxgW3MuesFYa9DhGh2e1v3lwBxpKjVGpNXyWNJax
+0+QbgmLBgOkA6HTPF7CYrihfAMe88rFDC4XPH/azMljWHLhQ3Ee2ACV2a3DY03Ns
+yWIB9Te0hmxOgz+fwQ/m04Ihdl6PMvuUPsdb1reYZNA7cqEx1vhzI0ND4+Rqpiot
++f7QRHDaplmE7A8bzSVaL9hGv/v7X/AQc0ZWdOMykk6ZbkbrKbCTUlZLorLdJrZk
+DWO0vLnDI6L8aKvzXwcZM5mDUU18RhhTmL7IeIeVfydyPS3YI/FyDk9tfYa9Dd/P
+7SHdEsyBBrr0eW1EJk68V1ZbVQ8LdLBc454u7wGKlXu/Oz1dTrb5QkwnzVRKtW/A
+RTkBbj1WCl5os6e3AgEDAoIBgGNY4kORnYJ4+xyJsYUqv0p6mEh5UwtOlJmCN2hD
+Uj9UwGXkGFNpFzEg2qU53zOgwLyhQPOSchWS3vdGkoxxiMy7AqmLHh81CbB+hzDq
+AHPzCteCsIwrCoIsK4xxYT8vn+2UKvycCjoQDz3dFHWOvKLQLwTvzn+mSq9m3F42
+cM5TDs25y+KYElbsgQCbVfBN32UgZclwP1Xaffcg110D32qkd3bl5BMliz2FJAAY
++Zz15eJM8zDsAU4lIwRINFd/vtGY+Z5HKMItE8QGhbh4ioTIVhLE9Nv3xqdy00nq
+Vzzdk6xuvvVaWyzLA85h1NMx3dyqycBsEugvqyB2+ZSZD2gxaI8ImyZxrtKjkLh2
+LHak8duMq0v/NjDgOiUXxyBMFF4mTDVwqW1o6QnlUdGCuPs1EsLHWNrEnyARhmOz
+gjepJMkJAoitfcBQ1uWlp+mFoYOhNNPq18nUbLJwNsiE2J/p7t/eOa2pCXcWpZKG
+9Lat3DNbvouFpZGyQ9F7tEpRuwKBwQDFs6hFVKDb1de2cYPKkIhb1rIUdzTYbk7M
+Ul+xcqMyPdCphDUOZ8fipYvQOCsIKPdAQ8LDsvR9neU3zM1yh/Nat5JYjVGMvJCa
+oxMexZhK07Kg2yrRYB/eJijY1NsU8Yt0dd612HRs++zsZNZDfCwpHa0065HB6tdK
+EIJnadBZm3bITnk1jCVqEZ5qd47Or2NuipMRNxqASBkUPUmar26Trj+F+f5tWWo9
+7038Vd0WU05bpPwlOFmmazDynAmNh3MCgcEAwPbIIMLDd0UZ1oBH34IDs7RlNDGX
+UD85D3nWgvEd1lo8ef/ae49/nprJII6apxtXweFoy4M15haVd3DModjL/eGDYzRf
+J9/UUxgnHt9wpee/vIg4SgTDlUNDEyp2o0hJXVfILZgQwDQxytuCmv6G1ppMJhDb
+MxwSKcamEVhZ0G2PGAPS6pF7CEGgQ8rpzHVuclJaCD79JghPVMrBHCd7a3Rkv7Rq
+SWZk3iWy6ivbpPwyDMEmTrgvbUa/XYjQtqWtAoHBAIPNGtjjFefj5SRLrTG1sD05
+zA2kzeWe3zLhlSD3F3bT4HECzgmahUHDsorQHLAbT4AtLIJ3TakT7iUzM6Gv95HP
+tuWzi7MoYGcXYhSDutyNIcCSHIuVapQZcJCN52NLsk2j6c6QTZ39SJ2YjteoHXC+
+c3idC9acj4a1rETxNZESTzA0UM5dbka2aZxPtInKQkmxt2DPZwAwELgo27x09GJ0
+KllRVEjmRtP03qg5Pg7iND0YqBjQO8RHdfcSsQkE9wKBwQCApIVrLIJPg2aPAC/q
+Vq0ieEN4IQ+K1NC0++RXS2k5kX2mqpGntP+/EdtrCbxvZ4/WlkXdAiPuubj6SzMW
+kIf+lleXeD9v6o2MusS/P6Bumn/TBXrcAy0OLNdiHE8XhYY+OoVzurXVeCEx56xn
+VFnkZt1uted3aAwb2cQLkDvgSQoQAoycYPywK8AtMfEy+PRMNuawKf4ZWt+N3IC9
+b6ec+EMqeEbbmZiUGSHxcpJt/XazK27fJXTzhH+TsIskbnMCgcBwtxfAPj2rT6/R
+Q69jnrIJgyYVro6Ev6jZaQOtO3VgmPt/CeXF6RCSzUcewm76sYxD0uxQFbNOJhq5
+XSFmIOhIxlE3XgS5SBnaBHQAT2C6Wp75H3UPvQjHzZgj9/PM4APWScr/MvGkLIAq
+fn5NvytPSGlfjnCRDQn2tD5kFDPOv7gm3dsCKeYazOaGsVkK6OYDv60+4/wYQ1Yc
+SgrIjXyB3+rMAPo5WlTkWloh/WhZft3UthluWFPrsUePrBB6nb8=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/testkeys/key_rsa3072_exp3.sha1.vbprivk b/tests/testkeys/key_rsa3072_exp3.sha1.vbprivk
new file mode 100644
index 00000000..3ea59558
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.sha1.vbprivk
diff --git a/tests/testkeys/key_rsa3072_exp3.sha1.vbpubk b/tests/testkeys/key_rsa3072_exp3.sha1.vbpubk
new file mode 100644
index 00000000..81f4db0b
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.sha1.vbpubk
diff --git a/tests/testkeys/key_rsa3072_exp3.sha256.vbprivk b/tests/testkeys/key_rsa3072_exp3.sha256.vbprivk
new file mode 100644
index 00000000..af59907c
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.sha256.vbprivk
diff --git a/tests/testkeys/key_rsa3072_exp3.sha256.vbpubk b/tests/testkeys/key_rsa3072_exp3.sha256.vbpubk
new file mode 100644
index 00000000..f8d6b420
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.sha256.vbpubk
diff --git a/tests/testkeys/key_rsa3072_exp3.sha512.vbprivk b/tests/testkeys/key_rsa3072_exp3.sha512.vbprivk
new file mode 100644
index 00000000..c9401c86
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.sha512.vbprivk
diff --git a/tests/testkeys/key_rsa3072_exp3.sha512.vbpubk b/tests/testkeys/key_rsa3072_exp3.sha512.vbpubk
new file mode 100644
index 00000000..5c182e77
--- /dev/null
+++ b/tests/testkeys/key_rsa3072_exp3.sha512.vbpubk
diff --git a/tests/vb2_rsa_utility_tests.c b/tests/vb2_rsa_utility_tests.c
index 796f09d0..63307b1a 100644
--- a/tests/vb2_rsa_utility_tests.c
+++ b/tests/vb2_rsa_utility_tests.c
@@ -61,6 +61,10 @@ static void test_utils(void)
 		"Sig size RSA4096");
 	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA8192), RSA8192NUMBYTES,
 		"Sig size RSA8192");
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA2048_EXP3), RSA2048NUMBYTES,
+		"Sig size RSA2048_EXP3");
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA3072_EXP3), RSA3072NUMBYTES,
+		"Sig size RSA3072_EXP3");
 	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_INVALID), 0,
 		"Sig size invalid algorithm");
 	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_NONE), 0,
@@ -79,6 +83,12 @@ static void test_utils(void)
 	TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA8192),
 		RSA8192NUMBYTES * 2 + sizeof(uint32_t) * 2,
 		"Packed key size VB2_SIG_RSA8192");
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA2048_EXP3),
+		RSA2048NUMBYTES * 2 + sizeof(uint32_t) * 2,
+		"Packed key size VB2_SIG_RSA2048_EXP3");
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA3072_EXP3),
+		RSA3072NUMBYTES * 2 + sizeof(uint32_t) * 2,
+		"Packed key size VB2_SIG_RSA3072_EXP3");
 	TEST_EQ(vb2_packed_key_size(VB2_SIG_INVALID), 0,
 		"Packed key size invalid algorithm");
 	TEST_EQ(vb2_packed_key_size(VB2_SIG_NONE), 0,
diff --git a/utility/dumpRSAPublicKey.c b/utility/dumpRSAPublicKey.c
index fc238d7f..26724d6e 100644
--- a/utility/dumpRSAPublicKey.c
+++ b/utility/dumpRSAPublicKey.c
@@ -29,7 +29,7 @@ int check(RSA* key) {
             public_exponent);
   }
 
-  if (modulus != 1024 && modulus != 2048 && modulus != 4096
+  if (modulus != 1024 && modulus != 2048 && modulus != 3072 && modulus != 4096
       && modulus != 8192) {
     fprintf(stderr, "ERROR: Unknown modulus length = %d.\n", modulus);
     return 0;