vboot2: add support for new vb2_signature2 struct

And assocated unit tests.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: I37fccafd8ccee5c0d55e3746c1611a8dff73145a
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/226939
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>

3 files changed, 85 insertions, 0 deletions

diff --git a/firmware/2lib/2common2.c b/firmware/2lib/2common2.c
index b65ea8fd..f35d575e 100644
--- a/firmware/2lib/2common2.c
+++ b/firmware/2lib/2common2.c
@@ -118,3 +118,63 @@ int vb2_verify_common_subobject(const void *parent,
 
 	return VB2_SUCCESS;
 }
+
+uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
+		      enum vb2_hash_algorithm hash_alg)
+{
+	uint32_t digest_size = vb2_digest_size(hash_alg);
+
+	/* Fail if we don't support the hash algorithm */
+	if (!digest_size)
+		return 0;
+
+	/* Handle unsigned hashes */
+	if (sig_alg == VB2_SIG_NONE)
+		return digest_size;
+
+	return vb2_rsa_sig_size(sig_alg);
+}
+
+int vb2_verify_signature2(const struct vb2_signature2 *sig,
+			  uint32_t size)
+{
+	uint32_t min_offset = 0;
+	uint32_t expect_sig_size;
+	int rv;
+
+	/* Check magic number */
+	if (sig->c.magic != VB2_MAGIC_SIGNATURE2)
+		return VB2_ERROR_SIG_MAGIC;
+
+	/* Make sure common header is good */
+	rv = vb2_verify_common_header(sig, size);
+	if (rv)
+		return rv;
+
+	/*
+	 * Check for compatible version.  No need to check minor version, since
+	 * that's compatible across readers matching the major version, and we
+	 * haven't added any new fields.
+	 */
+	if (sig->c.struct_version_major != VB2_SIGNATURE2_VERSION_MAJOR)
+		return VB2_ERROR_SIG_VERSION;
+
+	/* Make sure header is big enough for signature */
+	if (sig->c.fixed_size < sizeof(*sig))
+		return VB2_ERROR_SIG_HEADER_SIZE;
+
+	/* Make sure signature data is inside */
+	rv = vb2_verify_common_member(sig, &min_offset,
+				      sig->sig_offset, sig->sig_size);
+	if (rv)
+		return rv;
+
+	/* Make sure signature size is correct for the algorithm */
+	expect_sig_size = vb2_sig_size(sig->sig_alg, sig->hash_alg);
+	if (!expect_sig_size)
+		return VB2_ERROR_SIG_ALGORITHM;
+	if (sig->sig_size != expect_sig_size)
+		return VB2_ERROR_SIG_SIZE;
+
+	return VB2_SUCCESS;
+}
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index f92fe9e4..1c57d3fa 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -281,6 +281,25 @@ int vb2_unpack_key2(struct vb2_public_key *key,
 		    const uint8_t *buf,
 		    uint32_t size);
 
+/**
+ * Return expected signature size for a signature/hash algorithm pair
+ *
+ * @param sig_alg	Signature algorithm
+ * @param hash_alg	Hash algorithm
+ * @return The signature size, or zero if error / unsupported algorithm.
+ */
+uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
+		      enum vb2_hash_algorithm hash_alg);
+
+/**
+ * Verify the integrity of a signature struct
+ * @param sig		Signature struct
+ * @param size		Size of buffer containing signature struct
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+int vb2_verify_signature2(const struct vb2_signature2 *sig,
+			  uint32_t size);
+
 /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
 #define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
 
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index a65c334f..054655ee 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -211,6 +211,12 @@ enum vb2_return_code {
 	/* Signature header doesn't fit */
 	VB2_ERROR_SIG_HEADER_SIZE,
 
+	/* Signature unsupported algorithm */
+	VB2_ERROR_SIG_ALGORITHM,
+
+	/* Signature bad size for algorithm */
+	VB2_ERROR_SIG_SIZE,
+
 	/* Wrong amount of data signed */
 	VB2_ERROR_VDATA_SIZE,