diff options
author | Daisuke Nojiri <dnojiri@chromium.org> | 2016-09-16 17:25:12 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-10-04 00:33:18 -0700 |
commit | 84928a0baae6ef508f3dcdd6a4057fb505554dd1 (patch) | |
tree | eb1b9af38dc2b218d3ddfe5746859398550cb3bc | |
parent | e43574cd3c3a464268724e2019fa3dd55ccec3d0 (diff) | |
download | vboot-84928a0baae6ef508f3dcdd6a4057fb505554dd1.tar.gz |
bdb: Assign different codes for data validation errors
This patch adds BDB_ERROR_DATA_CHECK_SIG and BD_ERROR_DATA_SIGNED_SIZE
to distiniguish data signature validation errors.
'futility bdb --resign' uses these to decide whether to resign is needed
or not.
BUG=chromium:649554
BRANCH=none
TEST=make runtests
Change-Id: I19137801ece2424ae575092c51d02664c8b73ba3
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/386795
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | firmware/bdb/bdb.c | 4 | ||||
-rw-r--r-- | firmware/bdb/bdb.h | 2 | ||||
-rw-r--r-- | tests/bdb_test.c | 6 |
3 files changed, 8 insertions, 4 deletions
diff --git a/firmware/bdb/bdb.c b/firmware/bdb/bdb.c index 707e3b0c..4360ab76 100644 --- a/firmware/bdb/bdb.c +++ b/firmware/bdb/bdb.c @@ -409,9 +409,9 @@ int bdb_verify(const void *buf, size_t size, const uint8_t *bdb_key_digest) /* Sanity-check data signature */ sig = bdb_get_data_sig(buf); if (bdb_check_sig(sig, end - (const uint8_t *)sig)) - return BDB_ERROR_DATA_SIG; + return BDB_ERROR_DATA_CHECK_SIG; if (sig->signed_size != data->signed_size) - return BDB_ERROR_DATA_SIG; + return BDB_ERROR_DATA_SIGNED_SIZE; /* Calculate data digest and compare with expected signature */ if (vb2_digest_buffer((uint8_t *)data, data->signed_size, diff --git a/firmware/bdb/bdb.h b/firmware/bdb/bdb.h index 5506db25..4f411c18 100644 --- a/firmware/bdb/bdb.h +++ b/firmware/bdb/bdb.h @@ -69,6 +69,8 @@ enum bdb_return_code { BDB_ERROR_HEADER_SIG, BDB_ERROR_DATA, BDB_ERROR_DATA_SIG, + BDB_ERROR_DATA_CHECK_SIG, + BDB_ERROR_DATA_SIGNED_SIZE, /* Other errors in bdb_verify() */ BDB_ERROR_DIGEST, /* Error calculating digest */ diff --git a/tests/bdb_test.c b/tests/bdb_test.c index d22572af..3c90e98c 100644 --- a/tests/bdb_test.c +++ b/tests/bdb_test.c @@ -385,11 +385,13 @@ void check_bdb_verify(const char *key_dir) memcpy(h, hgood, hsize); ((struct bdb_sig *)bdb_get_data_sig(h))->struct_magic++; - TEST_EQ_S(bdb_verify(h, hsize, bdbkey_digest), BDB_ERROR_DATA_SIG); + TEST_EQ_S(bdb_verify(h, hsize, bdbkey_digest), + BDB_ERROR_DATA_CHECK_SIG); memcpy(h, hgood, hsize); ((struct bdb_sig *)bdb_get_data_sig(h))->signed_size--; - TEST_EQ_S(bdb_verify(h, hsize, bdbkey_digest), BDB_ERROR_DATA_SIG); + TEST_EQ_S(bdb_verify(h, hsize, bdbkey_digest), + BDB_ERROR_DATA_SIGNED_SIZE); memcpy(h, hgood, hsize); ((struct bdb_sig *)bdb_get_data_sig(h))->sig_data[0] ^= 0x42; |