vboot2: Move old struct handling to lib20/

This is part 4 of a series of changes to rearrange the vboot2 library
so that it's possible to start using the new-style data structs.  This
change moves knowledge of the old vboot1 data structs into lib20; 2lib
now contains only code which is common to both vboot2.x libraries
(that is, code which is data structure version agnostic).

No functional changes; just rearranging code and tests.

BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
     And compile firmware for veyron_pinky
CQ-DEPEND=CL:233051

Change-Id: I8f9e67157575e5be14952ef4809c3dfafd92596d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233021
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

3 files changed, 3 insertions, 400 deletions

diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 672bd00c..06d0ee0f 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -146,172 +146,6 @@ int vb2_align(uint8_t **ptr,
  */
 ptrdiff_t vb2_offset_of(const void *base, const void *ptr);
 
-/*
- * Helper functions to get data pointed to by a public key or signature.
- */
-
-const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key);
-uint8_t *vb2_signature_data(struct vb2_signature *sig);
-
-/**
- * Verify the data pointed to by a subfield is inside the parent data.
- *
- * The subfield has a header pointed to by member, and a separate data
- * field at an offset relative to the header.  That is:
- *
- *   struct parent {
- *     (possibly other parent fields)
- *     struct member {
- *        (member header fields)
- *     };
- *     (possibly other parent fields)
- *   };
- *   (possibly some other parent data)
- *   (member data)
- *   (possibly some other parent data)
- *
- * @param parent		Parent data
- * @param parent_size		Parent size in bytes
- * @param member		Subfield header
- * @param member_size		Size of subfield header in bytes
- * @param member_data_offset	Offset of member data from start of member
- * @param member_data_size	Size of member data in bytes
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_member_inside(const void *parent, size_t parent_size,
-			     const void *member, size_t member_size,
-			     ptrdiff_t member_data_offset,
-			     size_t member_data_size);
-
-/**
- * Return the description of an object starting with a vb2_struct_common header.
- *
- * Does not sanity-check the buffer; merely returns the pointer.
- *
- * @param buf		Pointer to common object
- * @return A pointer to description or an empty string if none.
- */
-const char *vb2_common_desc(const void *buf);
-
-/**
- * Verify the common struct header is fully contained in its parent data
- *
- * Also verifies the description is either zero-length or null-terminated.
- *
- * @param parent	Parent data
- * @param parent_size	Parent size in bytes
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_common_header(const void *parent, uint32_t parent_size);
-
-/**
- * Verify a member is within the data for a parent object
- *
- * @param parent	Parent data (starts with struct vb2_struct_common)
- * @param min_offset	Pointer to minimum offset where member can be located.
- *			If this offset is 0 on input, uses the size of the
- *			fixed header (and description, if any).  This will be
- *			updated on return to the end of the passed member.  On
- *			error, the value of min_offset is undefined.
- * @param member_offset Offset of member data from start of parent, in bytes
- * @param member_size	Size of member data, in bytes
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_common_member(const void *parent,
-			     uint32_t *min_offset,
-			     uint32_t member_offset,
-			     uint32_t member_size);
-
-/**
- * Verify a member which starts with a common header is within the parent
- *
- * This does not verify the contents of the member or its header, only that the
- * member's claimed total size fits within the parent's claimed total size at
- * the specified offset.
- *
- * @param parent	Parent data (starts with struct vb2_struct_common)
- * @param min_offset	Pointer to minimum offset where member can be located.
- *			If this offset is 0 on input, uses the size of the
- *			fixed header (and description, if any).  This will be
- *			updated on return to the end of the passed member.  On
- *			error, the value of min_offset is undefined.
- * @param member_offset Offset of member data from start of parent, in bytes.
- *                      This should be the start of the common header of the
- *                      member.
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_common_subobject(const void *parent,
-				uint32_t *min_offset,
-				uint32_t member_offset);
-
-/**
- * Verify a signature is fully contained in its parent data
- *
- * @param parent	Parent data
- * @param parent_size	Parent size in bytes
- * @param sig		Signature pointer
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_signature_inside(const void *parent,
-				uint32_t parent_size,
-				const struct vb2_signature *sig);
-
-/**
- * Verify a packed key is fully contained in its parent data
- *
- * @param parent	Parent data
- * @param parent_size	Parent size in bytes
- * @param key		Packed key pointer
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_packed_key_inside(const void *parent,
-				 uint32_t parent_size,
-				 const struct vb2_packed_key *key);
-
-/**
- * Unpack a vboot1-format key for use in verification
- *
- * The elements of the unpacked key will point into the source buffer, so don't
- * free the source buffer until you're done with the key.
- *
- * @param key		Destintion for unpacked key
- * @param buf		Source buffer containing packed key
- * @param size		Size of buffer in bytes
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_unpack_key(struct vb2_public_key *key,
-		   const uint8_t *buf,
-		   uint32_t size);
-
-/**
- * Unpack a key for use in verification
- *
- * The elements of the unpacked key will point into the source buffer, so don't
- * free the source buffer until you're done with the key.
- *
- * @param key		Destintion for unpacked key
- * @param buf		Source buffer containing packed key
- * @param size		Size of buffer in bytes
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_unpack_key2(struct vb2_public_key *key,
-		    const uint8_t *buf,
-		    uint32_t size);
-
-/**
- * Unpack the RSA data fields for a public key
- *
- * This is called by vb2_unpack_key2() to extract the arrays from a packed key.
- * These elements of *key will point inside the key_data buffer.
- *
- * @param key		Destination key for RSA data fields
- * @param key_data	Packed key data (from inside a packed key buffer)
- * @param key_size	Size of packed key data in bytes
- */
-int vb2_unpack_key2_data(struct vb2_public_key *key,
-			 const uint8_t *key_data,
-			 uint32_t key_size);
-
 /**
  * Return expected signature size for a signature/hash algorithm pair
  *
@@ -337,20 +171,6 @@ const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg);
  */
 #define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
 
-/**
- * Verify a signature against an expected hash digest.
- *
- * @param key		Key to use in signature verification
- * @param sig		Signature to verify (may be destroyed in process)
- * @param digest	Digest of signed data
- * @param wb		Work buffer
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_verify_digest(const struct vb2_public_key *key,
-		      struct vb2_signature *sig,
-		      const uint8_t *digest,
-		      const struct vb2_workbuf *wb);
-
 /*
  * Size of work buffer sufficient for vb2_verify_data() or vb2_verify_data2()
  * worst case.
@@ -360,66 +180,16 @@ int vb2_verify_digest(const struct vb2_public_key *key,
 	 VB2_MAX(VB2_VERIFY_DIGEST_WORKBUF_BYTES,			\
 		 sizeof(struct vb2_digest_context)))
 
-/**
- * Verify data matches signature.
- *
- * @param data		Data to verify
- * @param size		Size of data buffer.  Note that amount of data to
- *			actually validate is contained in sig->data_size.
- * @param sig		Signature of data (destroyed in process)
- * @param key		Key to use to validate signature
- * @param wb		Work buffer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_verify_data(const uint8_t *data,
-		    uint32_t size,
-		    struct vb2_signature *sig,
-		    const struct vb2_public_key *key,
-		    const struct vb2_workbuf *wb);
-
 /*
  * Size of work buffer sufficient for vb2_verify_keyblock() or
  * vb2_verify_keyblock2() worst case.
  */
 #define VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
 
-/**
- * Check the sanity of a key block using a public key.
- *
- * Header fields are also checked for sanity.  Does not verify key index or key
- * block flags.  Signature inside block is destroyed during check.
- *
- * @param block		Key block to verify
- * @param size		Size of key block buffer
- * @param key		Key to use to verify block
- * @param wb		Work buffer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_verify_keyblock(struct vb2_keyblock *block,
-			uint32_t size,
-			const struct vb2_public_key *key,
-			const struct vb2_workbuf *wb);
-
 /*
  * Size of work buffer sufficient for vb2_verify_fw_preamble() or
  * vb2_verify_fw_preamble2() worst case.
  */
 #define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
 
-/**
- * Check the sanity of a firmware preamble using a public key.
- *
- * The signature in the preamble is destroyed during the check.
- *
- * @param preamble     	Preamble to verify
- * @param size		Size of preamble buffer
- * @param key		Key to use to verify preamble
- * @param wb		Work buffer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
-			   uint32_t size,
-			   const struct vb2_public_key *key,
-			   const struct vb2_workbuf *wb);
-
 #endif  /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */
diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h
index 24b32db7..e3d9bec0 100644
--- a/firmware/2lib/include/2misc.h
+++ b/firmware/2lib/include/2misc.h
@@ -11,6 +11,7 @@
 #include "2api.h"
 
 struct vb2_gbb_header;
+struct vb2_workbuf;
 
 /**
  * Get the shared data pointer from the vboot context
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index b2b35f24..c8ff2378 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -10,8 +10,6 @@
 #define VBOOT_REFERENCE_VBOOT_2STRUCT_H_
 #include <stdint.h>
 
-#include "2guid.h"
-
 /* Algorithm types for signatures */
 enum vb2_signature_algorithm {
 	/* Invalid or unsupported signature type */
@@ -43,65 +41,10 @@ enum vb2_hash_algorithm {
 	VB2_HASH_SHA512 = 3,
 };
 
-/****************************************************************************/
 /*
- * Vboot1-compatible data structures
+ * Key block flags.
  *
- *
- * Note: Many of the structs have pairs of 32-bit fields and reserved fields.
- * This is to be backwards-compatible with older verified boot data which used
- * 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields
- * should be too).
- */
-
-/* Packed public key data */
-struct vb2_packed_key {
-	/* Offset of key data from start of this struct */
-	uint32_t key_offset;
-	uint32_t reserved0;
-
-	/* Size of key data in bytes (NOT strength of key in bits) */
-	uint32_t key_size;
-	uint32_t reserved1;
-
-	/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
-	uint32_t algorithm;
-	uint32_t reserved2;
-
-	/* Key version */
-	uint32_t key_version;
-	uint32_t reserved3;
-
-	/* TODO: when redoing this struct, add a text description of the key */
-} __attribute__((packed));
-
-#define EXPECTED_VB2_PACKED_KEY_SIZE 32
-
-/* Signature data (a secure hash, possibly signed) */
-struct vb2_signature {
-	/* Offset of signature data from start of this struct */
-	uint32_t sig_offset;
-	uint32_t reserved0;
-
-	/* Size of signature data in bytes */
-	uint32_t sig_size;
-	uint32_t reserved1;
-
-	/* Size of the data block which was signed in bytes */
-	uint32_t data_size;
-	uint32_t reserved2;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_SIGNATURE_SIZE 24
-
-#define KEY_BLOCK_MAGIC "CHROMEOS"
-#define KEY_BLOCK_MAGIC_SIZE 8
-
-#define KEY_BLOCK_HEADER_VERSION_MAJOR 2
-#define KEY_BLOCK_HEADER_VERSION_MINOR 1
-
-/*
- * The following flags set where the key is valid.  Not used by firmware
+ *The following flags set where the key is valid.  Not used by firmware
  * verification; only kernel verification.
  */
 #define VB2_KEY_BLOCK_FLAG_DEVELOPER_0  0x01 /* Developer switch off */
@@ -109,117 +52,6 @@ struct vb2_signature {
 #define VB2_KEY_BLOCK_FLAG_RECOVERY_0   0x04 /* Not recovery mode */
 #define VB2_KEY_BLOCK_FLAG_RECOVERY_1   0x08 /* Recovery mode */
 
-/*
- * Key block, containing the public key used to sign some other chunk of data.
- *
- * This should be followed by:
- *   1) The data_key key data, pointed to by data_key.key_offset.
- *   2) The checksum data for (vb2_keyblock + data_key data), pointed to
- *      by keyblock_checksum.sig_offset.
- *   3) The signature data for (vb2_keyblock + data_key data), pointed to
- *      by keyblock_signature.sig_offset.
- */
-struct vb2_keyblock {
-	/* Magic number */
-	uint8_t magic[KEY_BLOCK_MAGIC_SIZE];
-
-	/* Version of this header format */
-	uint32_t header_version_major;
-
-	/* Version of this header format */
-	uint32_t header_version_minor;
-
-	/*
-	 * Length of this entire key block, including keys, signatures, and
-	 * padding, in bytes
-	 */
-	uint32_t keyblock_size;
-	uint32_t reserved0;
-
-	/*
-	 * Signature for this key block (header + data pointed to by data_key)
-	 * For use with signed data keys
-	 */
-	struct vb2_signature keyblock_signature;
-
-	/*
-	 * SHA-512 checksum for this key block (header + data pointed to by
-	 * data_key) For use with unsigned data keys.
-	 *
-	 * Note that the vb2 lib currently only supports signed blocks.
-	 */
-	struct vb2_signature keyblock_checksum_unused;
-
-	/* Flags for key (VB2_KEY_BLOCK_FLAG_*) */
-	uint32_t keyblock_flags;
-	uint32_t reserved1;
-
-	/* Key to verify the chunk of data */
-	struct vb2_packed_key data_key;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_KEYBLOCK_SIZE 112
-
-
-/* Firmware preamble header */
-#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
-#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
-
-/* Flags for VbFirmwarePreambleHeader.flags */
-/* Reserved; do not use */
-#define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001
-
-/* Premable block for rewritable firmware, version 2.1.
- *
- * The firmware preamble header should be followed by:
- *   1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
- *   2) The signature data for the firmware body, pointed to by
- *      body_signature.sig_offset.
- *   3) The signature data for (header + kernel_subkey data + body signature
- *      data), pointed to by preamble_signature.sig_offset.
- */
-struct vb2_fw_preamble {
-	/*
-	 * Size of this preamble, including keys, signatures, and padding, in
-	 * bytes
-	 */
-	uint32_t preamble_size;
-	uint32_t reserved0;
-
-	/*
-	 * Signature for this preamble (header + kernel subkey + body
-	 * signature)
-	 */
-	struct vb2_signature preamble_signature;
-
-	/* Version of this header format */
-	uint32_t header_version_major;
-	uint32_t header_version_minor;
-
-	/* Firmware version */
-	uint32_t firmware_version;
-	uint32_t reserved1;
-
-	/* Key to verify kernel key block */
-	struct vb2_packed_key kernel_subkey;
-
-	/* Signature for the firmware body */
-	struct vb2_signature body_signature;
-
-	/*
-	 * Fields added in header version 2.1.  You must verify the header
-	 * version before reading these fields!
-	 */
-
-	/*
-	 * Flags; see VB2_FIRMWARE_PREAMBLE_*.  Readers should return 0 for
-	 * header version < 2.1.
-	 */
-	uint32_t flags;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_FW_PREAMBLE_SIZE 108
-
 /****************************************************************************/
 
 /* Flags for vb2_shared_data.flags */