host_key2: Add VB2_SIG_ALG_COUNT to count the number of valid signatures

More reliable than simply assuming that VB2_SIG_RSA8192 is the last
signature.

BRANCH=none
BUG=chromium:684354
TEST=rm tests/testkeys/key_*; make genkeys -j
TEST=make runtests -j

Change-Id: I755b3afb50313fcdf292fb3cd5b0dfe09f8593e3
Reviewed-on: https://chromium-review.googlesource.com/438948
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>

2 files changed, 7 insertions, 2 deletions

diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h
index c1f225d7..da1c2ddf 100644
--- a/firmware/2lib/include/2crypto.h
+++ b/firmware/2lib/include/2crypto.h
@@ -44,6 +44,9 @@ enum vb2_signature_algorithm {
 	VB2_SIG_RSA2048 = 3,
 	VB2_SIG_RSA4096 = 4,
 	VB2_SIG_RSA8192 = 5,
+
+	/* Last index. Don't add anything below. */
+	VB2_SIG_ALG_COUNT,
 };
 
 /* Algorithm types for hash digests */
diff --git a/host/lib/host_key2.c b/host/lib/host_key2.c
index 302bffee..b33ba164 100644
--- a/host/lib/host_key2.c
+++ b/host/lib/host_key2.c
@@ -29,7 +29,7 @@ enum vb2_crypto_algorithm vb2_get_crypto_algorithm(
 		enum vb2_signature_algorithm sig_alg)
 {
 	/* Make sure algorithms are in the range supported by crypto alg */
-	if (sig_alg < VB2_SIG_RSA1024 || sig_alg > VB2_SIG_RSA8192)
+	if (sig_alg < VB2_SIG_RSA1024 || sig_alg >= VB2_SIG_ALG_COUNT)
 		return VB2_ALG_COUNT;
 	if (hash_alg < VB2_HASH_SHA1 || hash_alg > VB2_HASH_SHA512)
 		return VB2_ALG_COUNT;
@@ -129,8 +129,10 @@ int vb2_write_private_key(const char *filename,
 {
 	/* Convert back to legacy vb1 algorithm enum */
 	uint64_t alg = vb2_get_crypto_algorithm(key->hash_alg, key->sig_alg);
-	if (alg == VB2_ALG_COUNT)
+	if (alg == VB2_ALG_COUNT) {
+		fprintf(stderr, "Can't find crypto algorithm\n");
 		return VB2_ERROR_VB1_CRYPTO_ALGORITHM;
+	}
 
 	uint8_t *outbuf = NULL;
 	int buflen = i2d_RSAPrivateKey(key->rsa_private_key, &outbuf);