diff options
author | Randall Spangler <rspangler@chromium.org> | 2014-10-17 16:41:46 -0700 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-10-22 00:30:30 +0000 |
commit | 9504754fee346569b4cdcaae9f54fa65cf3005d9 (patch) | |
tree | 15cc3bdeb43cfa07da60898cc4d2eee9e3792514 /firmware/2lib/include | |
parent | 6df3e33912baf2633ed27fce6fe166d87e2f04a8 (diff) | |
download | vboot-9504754fee346569b4cdcaae9f54fa65cf3005d9.tar.gz |
vboot2: move verify digest to 2common
This removes code duplicated between 2common.c and 2rsa.c. This is in
preparation for adding new unsigned hash algorithms.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make -j runtests
Change-Id: Ic9c542ae14d3b7f786129c1d52f8963847a94fb8
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/224780
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'firmware/2lib/include')
-rw-r--r-- | firmware/2lib/include/2common.h | 17 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 6 | ||||
-rw-r--r-- | firmware/2lib/include/2rsa.h | 12 |
3 files changed, 29 insertions, 6 deletions
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 52c98af9..c1b98612 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -214,6 +214,23 @@ int vb2_unpack_key(struct vb2_public_key *key, const uint8_t *buf, uint32_t size); +/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */ +#define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES + +/** + * Verify a signature against an expected hash digest. + * + * @param key Key to use in signature verification + * @param sig Signature to verify (may be destroyed in process) + * @param digest Digest of signed data + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero if error. + */ +int vb2_verify_digest(const struct vb2_public_key *key, + struct vb2_signature *sig, + const uint8_t *digest, + struct vb2_workbuf *wb); + /* Size of work buffer sufficient for vb2_verify_data() worst case */ #define VB2_VERIFY_DATA_WORKBUF_BYTES \ (VB2_SHA512_DIGEST_SIZE + \ diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 77d0dd89..b530bcd9 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -155,6 +155,12 @@ enum vb2_return_code { /* Not enough work buffer for hash temp data in vb2_verify_data() */ VB2_ERROR_VDATA_WORKBUF_HASHING, + /* + * Bad digest size in vb2_verify_data() - probably because algorithm + * is bad. + */ + VB2_ERROR_VDATA_DIGEST_SIZE, + /********************************************************************** * Keyblock verification errors (all in vb2_verify_keyblock()) */ diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h index 33edd617..47225cac 100644 --- a/firmware/2lib/include/2rsa.h +++ b/firmware/2lib/include/2rsa.h @@ -44,8 +44,8 @@ uint32_t vb2_packed_key_size(uint32_t algorithm); */ int vb2_check_padding(uint8_t *sig, int algorithm); -/* Size of work buffer sufficient for vb2_verify_digest() worst case */ -#define VB2_VERIFY_DIGEST_WORKBUF_BYTES (3 * 1024) +/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */ +#define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024) /** * Verify a RSA PKCS1.5 signature against an expected hash digest. @@ -56,9 +56,9 @@ int vb2_check_padding(uint8_t *sig, int algorithm); * @param wb Work buffer * @return VB2_SUCCESS, or non-zero if error. */ -int vb2_verify_digest(const struct vb2_public_key *key, - uint8_t *sig, - const uint8_t *digest, - struct vb2_workbuf *wb); +int vb2_rsa_verify_digest(const struct vb2_public_key *key, + uint8_t *sig, + const uint8_t *digest, + struct vb2_workbuf *wb); #endif /* VBOOT_REFERENCE_2RSA_H_ */ |