diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-05-11 13:50:18 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-07-22 18:40:04 -0700 |
commit | 7c3ae42e045935728a63a6d592ecf6c5bdbd005a (patch) | |
tree | b03c1bde6af714d2229b2362ad1d64b99c8f581d /firmware/lib/vboot_common.c | |
parent | b3a625f8fef1768d78eab4cfaaea270cb3fbd0c3 (diff) | |
download | vboot-7c3ae42e045935728a63a6d592ecf6c5bdbd005a.tar.gz |
vboot: Convert vboot1 SHA calls to use vboot2
This change replaces all calls to the old vboot1 SHA library with their
vboot2 equivalents.
This is the first in a long series of changes to move the core vboot kernel
verification into vb2, and the control/display loop out to depthcharge.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; build samus firmware and boot it
Change-Id: I31986eb766176c0e39a192c5ce15730471c3cf94
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/344342
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'firmware/lib/vboot_common.c')
-rw-r--r-- | firmware/lib/vboot_common.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c index 226cdb7b..308bfeed 100644 --- a/firmware/lib/vboot_common.c +++ b/firmware/lib/vboot_common.c @@ -7,7 +7,10 @@ */ #include "sysincludes.h" +#include "2sysincludes.h" +#include "2common.h" +#include "2sha.h" #include "vboot_api.h" #include "vboot_common.h" #include "utility.h" @@ -219,7 +222,7 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size, */ if (hash_only) { /* Check hash */ - uint8_t *header_checksum = NULL; + uint8_t header_checksum[VB2_SHA512_DIGEST_SIZE]; int rv; sig = &block->key_block_checksum; @@ -228,7 +231,7 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size, VBDEBUG(("Key block hash off end of block\n")); return VBOOT_KEY_BLOCK_INVALID; } - if (sig->sig_size != SHA512_DIGEST_SIZE) { + if (sig->sig_size != VB2_SHA512_DIGEST_SIZE) { VBDEBUG(("Wrong hash size for key block.\n")); return VBOOT_KEY_BLOCK_INVALID; } @@ -240,12 +243,15 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size, } VBDEBUG(("Checking key block hash only...\n")); - header_checksum = DigestBuf((const uint8_t *)block, - sig->data_size, - SHA512_DIGEST_ALGORITHM); - rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), - SHA512_DIGEST_SIZE); - VbExFree(header_checksum); + rv = vb2_digest_buffer((const uint8_t *)block, + sig->data_size, + VB2_HASH_SHA512, + header_checksum, + sizeof(header_checksum)); + if (!rv) + rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), + sizeof(header_checksum)); + if (rv) { VBDEBUG(("Invalid key block hash.\n")); return VBOOT_KEY_BLOCK_HASH; |