vboot2: move verify digest to 2common

This removes code duplicated between 2common.c and 2rsa.c.  This is in
preparation for adding new unsigned hash algorithms.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make -j runtests

Change-Id: Ic9c542ae14d3b7f786129c1d52f8963847a94fb8
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/224780
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

3 files changed, 29 insertions, 6 deletions

diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 52c98af9..c1b98612 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -214,6 +214,23 @@ int vb2_unpack_key(struct vb2_public_key *key,
 		   const uint8_t *buf,
 		   uint32_t size);
 
+/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
+#define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
+
+/**
+ * Verify a signature against an expected hash digest.
+ *
+ * @param key		Key to use in signature verification
+ * @param sig		Signature to verify (may be destroyed in process)
+ * @param digest	Digest of signed data
+ * @param wb		Work buffer
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+int vb2_verify_digest(const struct vb2_public_key *key,
+		      struct vb2_signature *sig,
+		      const uint8_t *digest,
+		      struct vb2_workbuf *wb);
+
 /* Size of work buffer sufficient for vb2_verify_data() worst case */
 #define VB2_VERIFY_DATA_WORKBUF_BYTES					\
 	(VB2_SHA512_DIGEST_SIZE +					\
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 77d0dd89..b530bcd9 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -155,6 +155,12 @@ enum vb2_return_code {
 	/* Not enough work buffer for hash temp data in vb2_verify_data() */
 	VB2_ERROR_VDATA_WORKBUF_HASHING,
 
+	/*
+	 * Bad digest size in vb2_verify_data() - probably because algorithm
+	 * is bad.
+	 */
+	VB2_ERROR_VDATA_DIGEST_SIZE,
+
         /**********************************************************************
 	 * Keyblock verification errors (all in vb2_verify_keyblock())
 	 */
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 33edd617..47225cac 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -44,8 +44,8 @@ uint32_t vb2_packed_key_size(uint32_t algorithm);
  */
 int vb2_check_padding(uint8_t *sig, int algorithm);
 
-/* Size of work buffer sufficient for vb2_verify_digest() worst case */
-#define VB2_VERIFY_DIGEST_WORKBUF_BYTES (3 * 1024)
+/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
+#define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024)
 
 /**
  * Verify a RSA PKCS1.5 signature against an expected hash digest.
@@ -56,9 +56,9 @@ int vb2_check_padding(uint8_t *sig, int algorithm);
  * @param wb		Work buffer
  * @return VB2_SUCCESS, or non-zero if error.
  */
-int vb2_verify_digest(const struct vb2_public_key *key,
-		      uint8_t *sig,
-		      const uint8_t *digest,
-		      struct vb2_workbuf *wb);
+int vb2_rsa_verify_digest(const struct vb2_public_key *key,
+			  uint8_t *sig,
+			  const uint8_t *digest,
+			  struct vb2_workbuf *wb);
 
 #endif  /* VBOOT_REFERENCE_2RSA_H_ */