diff options
author | Joel Kitching <kitching@google.com> | 2021-01-18 15:37:56 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-01-20 11:30:12 +0000 |
commit | a82bb0e0ed2e4e282d15781816ee3ad783d6fa34 (patch) | |
tree | a362cb5b1bb97ba9f9c8c51cb86abcbf6cd10706 /firmware/2lib | |
parent | a3abedfc06f16690c858242c037b1cf47da00288 (diff) | |
download | vboot-a82bb0e0ed2e4e282d15781816ee3ad783d6fa34.tar.gz |
vboot: move lib20/packed_key.c into 2lib namespace
lib20/packed_key.c functions are currently called throughout
2lib namespace, so move to 2lib/2packed_key.c.
Move function declarations from vb2_common.h to 2packed_key.h,
and include 2packed_key.h from 2common.h.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: I151b2d41cbbfa1bfd03de301bd4ee69c49e81f3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2635220
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'firmware/2lib')
-rw-r--r-- | firmware/2lib/2api.c | 1 | ||||
-rw-r--r-- | firmware/2lib/2firmware.c | 2 | ||||
-rw-r--r-- | firmware/2lib/2kernel.c | 1 | ||||
-rw-r--r-- | firmware/2lib/2misc.c | 1 | ||||
-rw-r--r-- | firmware/2lib/2packed_key.c | 80 | ||||
-rw-r--r-- | firmware/2lib/include/2common.h | 1 | ||||
-rw-r--r-- | firmware/2lib/include/2packed_key.h | 39 |
7 files changed, 121 insertions, 4 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 2beb9edf..aa1d25da 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -15,7 +15,6 @@ #include "2sha.h" #include "2sysincludes.h" #include "2tpm_bootmode.h" -#include "vb2_common.h" vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx) { diff --git a/firmware/2lib/2firmware.c b/firmware/2lib/2firmware.c index bc8e9955..bc708dc5 100644 --- a/firmware/2lib/2firmware.c +++ b/firmware/2lib/2firmware.c @@ -6,13 +6,13 @@ */ #include "2api.h" +#include "2common.h" #include "2misc.h" #include "2nvstorage.h" #include "2rsa.h" #include "2secdata.h" #include "2sha.h" #include "2sysincludes.h" -#include "vb2_common.h" vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx) { diff --git a/firmware/2lib/2kernel.c b/firmware/2lib/2kernel.c index 8c6d191a..763214dd 100644 --- a/firmware/2lib/2kernel.c +++ b/firmware/2lib/2kernel.c @@ -11,7 +11,6 @@ #include "2nvstorage.h" #include "2rsa.h" #include "2secdata.h" -#include "vb2_common.h" #include "vboot_kernel.h" /** diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index 7c4ca262..ec460b32 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -15,7 +15,6 @@ #include "2sha.h" #include "2struct.h" #include "2sysincludes.h" -#include "vb2_common.h" #include "vboot_api.h" #include "vboot_struct.h" diff --git a/firmware/2lib/2packed_key.c b/firmware/2lib/2packed_key.c new file mode 100644 index 00000000..4e2c654a --- /dev/null +++ b/firmware/2lib/2packed_key.c @@ -0,0 +1,80 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Key unpacking functions + */ + +#include "2common.h" +#include "2packed_key.h" +#include "2rsa.h" +#include "2sysincludes.h" + +test_mockable +vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key, + const uint8_t *buf, uint32_t size) +{ + const struct vb2_packed_key *packed_key = + (const struct vb2_packed_key *)buf; + const uint32_t *buf32; + uint32_t expected_key_size; + + /* Make sure passed buffer is big enough for the packed key */ + VB2_TRY(vb2_verify_packed_key_inside(buf, size, packed_key)); + + /* Unpack key algorithm */ + key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); + if (key->sig_alg == VB2_SIG_INVALID) { + VB2_DEBUG("Unsupported signature algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; + } + + key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm); + if (key->hash_alg == VB2_HASH_INVALID) { + VB2_DEBUG("Unsupported hash algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; + } + + expected_key_size = vb2_packed_key_size(key->sig_alg); + if (!expected_key_size || expected_key_size != packed_key->key_size) { + VB2_DEBUG("Wrong key size for algorithm\n"); + return VB2_ERROR_UNPACK_KEY_SIZE; + } + + /* Make sure source buffer is 32-bit aligned */ + buf32 = (const uint32_t *)vb2_packed_key_data(packed_key); + if (!vb2_aligned(buf32, sizeof(uint32_t))) + return VB2_ERROR_UNPACK_KEY_ALIGN; + + /* Validity check key array size */ + key->arrsize = buf32[0]; + if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) + return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; + + key->n0inv = buf32[1]; + + /* Arrays point inside the key data */ + key->n = buf32 + 2; + key->rr = buf32 + 2 + key->arrsize; + + /* disable hwcrypto for RSA by default */ + key->allow_hwcrypto = 0; + +#ifdef __COVERITY__ + __coverity_tainted_data_sanitize__(key); + __coverity_tainted_data_sanitize__(buf); +#endif + return VB2_SUCCESS; +} + +vb2_error_t vb2_unpack_key(struct vb2_public_key *key, + const struct vb2_packed_key *packed_key) +{ + if (!packed_key) + return VB2_ERROR_UNPACK_KEY_BUFFER; + + return vb2_unpack_key_buffer(key, + (const uint8_t *)packed_key, + packed_key->key_offset + + packed_key->key_size); +} diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index e6100938..13ea40f5 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -10,6 +10,7 @@ #include "2api.h" #include "2gbb.h" +#include "2packed_key.h" #include "2return_codes.h" #include "2sha.h" #include "2struct.h" diff --git a/firmware/2lib/include/2packed_key.h b/firmware/2lib/include/2packed_key.h new file mode 100644 index 00000000..09c73553 --- /dev/null +++ b/firmware/2lib/include/2packed_key.h @@ -0,0 +1,39 @@ +/* Copyright 2021 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Functions related to unpacking keys and key buffers. + */ + +#ifndef VBOOT_REFERENCE_2PACKED_KEY_H_ +#define VBOOT_REFERENCE_2PACKED_KEY_H_ + +/** + * Unpack a vboot1-format key buffer for use in verification + * + * The elements of the unpacked key will point into the source buffer, so don't + * free the source buffer until you're done with the key. + * + * @param key Destintion for unpacked key + * @param buf Source buffer containing packed key + * @param size Size of buffer in bytes + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key, + const uint8_t *buf, uint32_t size); + +/** + * Unpack a vboot1-format key for use in verification + * + * The elements of the unpacked key will point into the source packed key, so + * don't free the source until you're done with the public key. + * + * @param key Destintion for unpacked key + * @param packed_key Source packed key + * @param size Size of buffer in bytes + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_unpack_key(struct vb2_public_key *key, + const struct vb2_packed_key *packed_key); + +#endif /* VBOOT_REFERENCE_2PACKED_KEY_H_ */ |