vboot: move lib20/packed_key.c into 2lib namespace

lib20/packed_key.c functions are currently called throughout
2lib namespace, so move to 2lib/2packed_key.c.

Move function declarations from vb2_common.h to 2packed_key.h,
and include 2packed_key.h from 2common.h.

BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none

Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I151b2d41cbbfa1bfd03de301bd4ee69c49e81f3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635220
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>

7 files changed, 121 insertions, 4 deletions

diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index 2beb9edf..aa1d25da 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -15,7 +15,6 @@
 #include "2sha.h"
 #include "2sysincludes.h"
 #include "2tpm_bootmode.h"
-#include "vb2_common.h"
 
 vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
 {
diff --git a/firmware/2lib/2firmware.c b/firmware/2lib/2firmware.c
index bc8e9955..bc708dc5 100644
--- a/firmware/2lib/2firmware.c
+++ b/firmware/2lib/2firmware.c
@@ -6,13 +6,13 @@
  */
 
 #include "2api.h"
+#include "2common.h"
 #include "2misc.h"
 #include "2nvstorage.h"
 #include "2rsa.h"
 #include "2secdata.h"
 #include "2sha.h"
 #include "2sysincludes.h"
-#include "vb2_common.h"
 
 vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx)
 {
diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c
index 8c6d191a..763214dd 100644
--- a/firmware/2lib/2kernel.c
+++ b/firmware/2lib/2kernel.c
@@ -11,7 +11,6 @@
 #include "2nvstorage.h"
 #include "2rsa.h"
 #include "2secdata.h"
-#include "vb2_common.h"
 #include "vboot_kernel.h"
 
 /**
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 7c4ca262..ec460b32 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -15,7 +15,6 @@
 #include "2sha.h"
 #include "2struct.h"
 #include "2sysincludes.h"
-#include "vb2_common.h"
 #include "vboot_api.h"
 #include "vboot_struct.h"
 
diff --git a/firmware/2lib/2packed_key.c b/firmware/2lib/2packed_key.c
new file mode 100644
index 00000000..4e2c654a
--- /dev/null
+++ b/firmware/2lib/2packed_key.c
@@ -0,0 +1,80 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Key unpacking functions
+ */
+
+#include "2common.h"
+#include "2packed_key.h"
+#include "2rsa.h"
+#include "2sysincludes.h"
+
+test_mockable
+vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key,
+				  const uint8_t *buf, uint32_t size)
+{
+	const struct vb2_packed_key *packed_key =
+		(const struct vb2_packed_key *)buf;
+	const uint32_t *buf32;
+	uint32_t expected_key_size;
+
+	/* Make sure passed buffer is big enough for the packed key */
+	VB2_TRY(vb2_verify_packed_key_inside(buf, size, packed_key));
+
+	/* Unpack key algorithm */
+	key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm);
+	if (key->sig_alg == VB2_SIG_INVALID) {
+		VB2_DEBUG("Unsupported signature algorithm.\n");
+		return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM;
+	}
+
+	key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm);
+	if (key->hash_alg == VB2_HASH_INVALID) {
+		VB2_DEBUG("Unsupported hash algorithm.\n");
+		return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM;
+	}
+
+	expected_key_size = vb2_packed_key_size(key->sig_alg);
+	if (!expected_key_size || expected_key_size != packed_key->key_size) {
+		VB2_DEBUG("Wrong key size for algorithm\n");
+		return VB2_ERROR_UNPACK_KEY_SIZE;
+	}
+
+	/* Make sure source buffer is 32-bit aligned */
+	buf32 = (const uint32_t *)vb2_packed_key_data(packed_key);
+	if (!vb2_aligned(buf32, sizeof(uint32_t)))
+		return VB2_ERROR_UNPACK_KEY_ALIGN;
+
+	/* Validity check key array size */
+	key->arrsize = buf32[0];
+	if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg))
+		return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE;
+
+	key->n0inv = buf32[1];
+
+	/* Arrays point inside the key data */
+	key->n = buf32 + 2;
+	key->rr = buf32 + 2 + key->arrsize;
+
+	/* disable hwcrypto for RSA by default */
+	key->allow_hwcrypto = 0;
+
+#ifdef __COVERITY__
+	__coverity_tainted_data_sanitize__(key);
+	__coverity_tainted_data_sanitize__(buf);
+#endif
+	return VB2_SUCCESS;
+}
+
+vb2_error_t vb2_unpack_key(struct vb2_public_key *key,
+			   const struct vb2_packed_key *packed_key)
+{
+	if (!packed_key)
+		return VB2_ERROR_UNPACK_KEY_BUFFER;
+
+	return vb2_unpack_key_buffer(key,
+				     (const uint8_t *)packed_key,
+				     packed_key->key_offset +
+				     packed_key->key_size);
+}
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index e6100938..13ea40f5 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -10,6 +10,7 @@
 
 #include "2api.h"
 #include "2gbb.h"
+#include "2packed_key.h"
 #include "2return_codes.h"
 #include "2sha.h"
 #include "2struct.h"
diff --git a/firmware/2lib/include/2packed_key.h b/firmware/2lib/include/2packed_key.h
new file mode 100644
index 00000000..09c73553
--- /dev/null
+++ b/firmware/2lib/include/2packed_key.h
@@ -0,0 +1,39 @@
+/* Copyright 2021 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Functions related to unpacking keys and key buffers.
+ */
+
+#ifndef VBOOT_REFERENCE_2PACKED_KEY_H_
+#define VBOOT_REFERENCE_2PACKED_KEY_H_
+
+/**
+ * Unpack a vboot1-format key buffer for use in verification
+ *
+ * The elements of the unpacked key will point into the source buffer, so don't
+ * free the source buffer until you're done with the key.
+ *
+ * @param key		Destintion for unpacked key
+ * @param buf		Source buffer containing packed key
+ * @param size		Size of buffer in bytes
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key,
+				  const uint8_t *buf, uint32_t size);
+
+/**
+ * Unpack a vboot1-format key for use in verification
+ *
+ * The elements of the unpacked key will point into the source packed key, so
+ * don't free the source until you're done with the public key.
+ *
+ * @param key		Destintion for unpacked key
+ * @param packed_key	Source packed key
+ * @param size		Size of buffer in bytes
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_unpack_key(struct vb2_public_key *key,
+			   const struct vb2_packed_key *packed_key);
+
+#endif  /* VBOOT_REFERENCE_2PACKED_KEY_H_ */