vboot/vboot_kernel: return value from failed functions

Instead of just checking for failure/success on functions
returning vb2_error_t and mapping to a completely different
return value, pass that value directly back to the caller.

Also, create VB2_ERROR_KEYBLOCK_HASH_INVALID_IN_DEV_MODE to
replace uses of VB2_ERROR_KEYBLOCK_SIG_INVALID when keyblock
hash is invalid (dev mode, using self-signed kernels).

This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.

BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none

Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Iefc00ccee6b6d29fb94e4acd652c033321f2d8af
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2772138
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>

4 files changed, 28 insertions, 20 deletions

diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index c795a342..44d0c28f 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -398,6 +398,9 @@ enum vb2_return_code {
 	/* No signature matching key ID */
 	VB2_ERROR_KEYBLOCK_SIG_ID,
 
+	/* Invalid keyblock hash in dev mode (self-signed kernel) */
+	VB2_ERROR_KEYBLOCK_HASH_INVALID_IN_DEV_MODE,
+
 	/**********************************************************************
 	 * Preamble verification errors (all in vb2_verify_preamble())
 	 */
@@ -546,12 +549,14 @@ enum vb2_return_code {
 
 	/*
 	 * Got a self-signed kernel in vb2_verify_vblock(), but need an
-	 * officially signed one.
+	 * officially signed one; deprecated and replaced with
+	 * VB2_ERROR_KERNEL_KEYBLOCK_*.
 	 */
-	VB2_ERROR_VBLOCK_SELF_SIGNED,
+	VB2_ERROR_DEPRECATED_VBLOCK_SELF_SIGNED,
 
-	/* Invalid keyblock hash in vb2_verify_vblock() */
-	VB2_ERROR_VBLOCK_KEYBLOCK_HASH,
+	/* Invalid keyblock hash in vb2_verify_vblock();
+	 * deprecated and replaced with VB2_ERROR_KERNEL_KEYBLOCK_* */
+	VB2_ERROR_DEPRECATED_VBLOCK_KEYBLOCK_HASH,
 
 	/* Invalid keyblock in vb2_verify_vblock();
 	 * deprecated and replaced with VB2_ERROR_KERNEL_KEYBLOCK_* */
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 858c8637..a1a336a3 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -139,6 +139,8 @@ static vb2_error_t vb2_verify_kernel_vblock(
 	int need_keyblock_valid = need_valid_keyblock(ctx);
 	int keyblock_valid = 1;  /* Assume valid */
 
+	vb2_error_t rv;
+
 	/* Unpack kernel subkey */
 	struct vb2_public_key kernel_subkey2;
 	if (VB2_SUCCESS != vb2_unpack_key(&kernel_subkey2, kernel_subkey)) {
@@ -151,8 +153,8 @@ static vb2_error_t vb2_verify_kernel_vblock(
 
 	/* Verify the keyblock. */
 	struct vb2_keyblock *keyblock = get_keyblock(kbuf);
-	if (VB2_SUCCESS != vb2_verify_keyblock(keyblock, kbuf_size,
-					       &kernel_subkey2, wb)) {
+	rv = vb2_verify_keyblock(keyblock, kbuf_size, &kernel_subkey2, wb);
+	if (rv) {
 		VB2_DEBUG("Verifying keyblock signature failed.\n");
 		shpart->check_result = VBSD_LKP_CHECK_KEYBLOCK_SIG;
 		keyblock_valid = 0;
@@ -161,15 +163,15 @@ static vb2_error_t vb2_verify_kernel_vblock(
 		if (need_keyblock_valid) {
 			VB2_DEBUG("Self-signed kernels not enabled.\n");
 			shpart->check_result = VBSD_LKP_CHECK_SELF_SIGNED;
-			return VB2_ERROR_VBLOCK_SELF_SIGNED;
+			return rv;
 		}
 
 		/* Otherwise, allow the kernel if the keyblock hash is valid */
-		if (VB2_SUCCESS !=
-		    vb2_verify_keyblock_hash(keyblock, kbuf_size, wb)) {
+		rv = vb2_verify_keyblock_hash(keyblock, kbuf_size, wb);
+		if (rv) {
 			VB2_DEBUG("Verifying keyblock hash failed.\n");
 			shpart->check_result = VBSD_LKP_CHECK_KEYBLOCK_HASH;
-			return VB2_ERROR_VBLOCK_KEYBLOCK_HASH;
+			return rv;
 		}
 	}
 
@@ -258,22 +260,23 @@ static vb2_error_t vb2_verify_kernel_vblock(
 
 	/* Get key for preamble verification from the keyblock. */
 	struct vb2_public_key data_key;
-	if (VB2_SUCCESS != vb2_unpack_key(&data_key, &keyblock->data_key)) {
+	rv = vb2_unpack_key(&data_key, &keyblock->data_key);
+	if (rv) {
 		VB2_DEBUG("Unable to unpack kernel data key\n");
 		shpart->check_result = VBSD_LKP_CHECK_DATA_KEY_PARSE;
-		return VB2_ERROR_UNKNOWN;
+		return rv;
 	}
 
 	/* Verify the preamble, which follows the keyblock */
 	struct vb2_kernel_preamble *preamble = get_preamble(kbuf);
-	if (VB2_SUCCESS !=
-	    vb2_verify_kernel_preamble(preamble,
-				       kbuf_size - keyblock->keyblock_size,
-				       &data_key,
-				       wb)) {
+	rv = vb2_verify_kernel_preamble(preamble,
+					kbuf_size - keyblock->keyblock_size,
+					&data_key,
+					wb);
+	if (rv) {
 		VB2_DEBUG("Preamble verification failed.\n");
 		shpart->check_result = VBSD_LKP_CHECK_VERIFY_PREAMBLE;
-		return VB2_ERROR_UNKNOWN;
+		return rv;
 	}
 
 	/*
diff --git a/firmware/lib20/kernel.c b/firmware/lib20/kernel.c
index 298b14fa..b3a24367 100644
--- a/firmware/lib20/kernel.c
+++ b/firmware/lib20/kernel.c
@@ -71,7 +71,7 @@ vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
 	if (vb2_safe_memcmp(vb2_signature_data(sig), digest,
 			    digest_size) != 0) {
 		VB2_DEBUG("Invalid keyblock hash.\n");
-		return VB2_ERROR_KEYBLOCK_SIG_INVALID;
+		return VB2_ERROR_KEYBLOCK_HASH_INVALID_IN_DEV_MODE;
 	}
 
 	/* Success */
diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c
index 3f26549f..e71e5ce7 100644
--- a/tests/vb20_kernel_tests.c
+++ b/tests/vb20_kernel_tests.c
@@ -228,7 +228,7 @@ static void verify_keyblock_hash_tests(void)
 	reset_common_data(FOR_KEYBLOCK);
 	mock_vblock.k.data_key_data[0] ^= 0xa0;
 	TEST_EQ(vb2_verify_keyblock_hash(kb, kb->keyblock_size, &wb),
-		VB2_ERROR_KEYBLOCK_SIG_INVALID,
+		VB2_ERROR_KEYBLOCK_HASH_INVALID_IN_DEV_MODE,
 		"Keyblock check hash invalid");
 }