diff options
author | Randall Spangler <rspangler@chromium.org> | 2014-10-23 09:48:20 -0700 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-10-28 20:39:31 +0000 |
commit | c8c2f023a4914a498c11b855210ef05d4e035d41 (patch) | |
tree | ec36ec0f2c163c5503e4a36da0618d9627a373a0 /firmware/2lib/2common.c | |
parent | 4eef812d68f64cc501d795131d95f8a2f27223b1 (diff) | |
download | vboot-c8c2f023a4914a498c11b855210ef05d4e035d41.tar.gz |
vboot2: use enum signature algorithm
This changes the internals of vboot2 to use the enumerated type for
signature algorithm. The conversion from crypto algorithm is done
only when unpacking the key. This is preparation for the vboot2 data
types, which separate signature and hash algorithms into their own
fields.
There is no external change in the calling API to vboot, and no change
to the external data structures.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I2e176d186d88cc7541644e001e720b4aee456be0
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/225209
Diffstat (limited to 'firmware/2lib/2common.c')
-rw-r--r-- | firmware/2lib/2common.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index 0da3a611..f1707969 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -192,12 +192,12 @@ int vb2_unpack_key(struct vb2_public_key *key, if (rv) return rv; - /* Check key algorithm */ - if (packed_key->algorithm >= VB2_ALG_COUNT) { - VB2_DEBUG("Invalid algorithm.\n"); - return VB2_ERROR_UNPACK_KEY_ALGORITHM; + /* Unpack key algorithm */ + key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); + if (key->sig_alg == VB2_SIG_INVALID) { + VB2_DEBUG("Unsupported signature algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; } - key->algorithm = packed_key->algorithm; key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm); if (key->hash_alg == VB2_HASH_INVALID) { @@ -205,7 +205,7 @@ int vb2_unpack_key(struct vb2_public_key *key, return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; } - expected_key_size = vb2_packed_key_size(packed_key->algorithm); + expected_key_size = vb2_packed_key_size(key->sig_alg); if (!expected_key_size || expected_key_size != packed_key->key_size) { VB2_DEBUG("Wrong key size for algorithm\n"); return VB2_ERROR_UNPACK_KEY_SIZE; @@ -218,8 +218,7 @@ int vb2_unpack_key(struct vb2_public_key *key, /* Sanity check key array size */ key->arrsize = buf32[0]; - if (key->arrsize * sizeof(uint32_t) != - vb2_rsa_sig_size(packed_key->algorithm)) + if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; key->n0inv = buf32[1]; @@ -238,11 +237,11 @@ int vb2_verify_digest(const struct vb2_public_key *key, { uint8_t *sig_data = vb2_signature_data(sig); - if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) { + if (sig->sig_size != vb2_rsa_sig_size(key->sig_alg)) { VB2_DEBUG("Wrong data signature size for algorithm, " "sig_size=%d, expected %d for algorithm %d.\n", - sig->sig_size, vb2_rsa_sig_size(key->algorithm), - key->algorithm); + sig->sig_size, vb2_rsa_sig_size(key->sig_alg), + key->sig_alg); return VB2_ERROR_VDATA_SIG_SIZE; } @@ -261,9 +260,6 @@ int vb2_verify_data(const uint8_t *data, uint32_t digest_size; int rv; - if (key->algorithm >= VB2_ALG_COUNT) - return VB2_ERROR_VDATA_ALGORITHM; - if (sig->data_size > size) { VB2_DEBUG("Data buffer smaller than length of signed data.\n"); return VB2_ERROR_VDATA_NOT_ENOUGH_DATA; |