summaryrefslogtreecommitdiff
path: root/firmware/lib/vboot_common.c
diff options
context:
space:
mode:
authorRandall Spangler <rspangler@chromium.org>2016-05-11 13:50:18 -0700
committerchrome-bot <chrome-bot@chromium.org>2016-07-22 18:40:04 -0700
commit7c3ae42e045935728a63a6d592ecf6c5bdbd005a (patch)
treeb03c1bde6af714d2229b2362ad1d64b99c8f581d /firmware/lib/vboot_common.c
parentb3a625f8fef1768d78eab4cfaaea270cb3fbd0c3 (diff)
downloadvboot-7c3ae42e045935728a63a6d592ecf6c5bdbd005a.tar.gz
vboot: Convert vboot1 SHA calls to use vboot2
This change replaces all calls to the old vboot1 SHA library with their vboot2 equivalents. This is the first in a long series of changes to move the core vboot kernel verification into vb2, and the control/display loop out to depthcharge. BUG=chromium:611535 BRANCH=none TEST=make runtests; build samus firmware and boot it Change-Id: I31986eb766176c0e39a192c5ce15730471c3cf94 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/344342 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'firmware/lib/vboot_common.c')
-rw-r--r--firmware/lib/vboot_common.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index 226cdb7b..308bfeed 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -7,7 +7,10 @@
*/
#include "sysincludes.h"
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2sha.h"
#include "vboot_api.h"
#include "vboot_common.h"
#include "utility.h"
@@ -219,7 +222,7 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
*/
if (hash_only) {
/* Check hash */
- uint8_t *header_checksum = NULL;
+ uint8_t header_checksum[VB2_SHA512_DIGEST_SIZE];
int rv;
sig = &block->key_block_checksum;
@@ -228,7 +231,7 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
VBDEBUG(("Key block hash off end of block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
- if (sig->sig_size != SHA512_DIGEST_SIZE) {
+ if (sig->sig_size != VB2_SHA512_DIGEST_SIZE) {
VBDEBUG(("Wrong hash size for key block.\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
@@ -240,12 +243,15 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
}
VBDEBUG(("Checking key block hash only...\n"));
- header_checksum = DigestBuf((const uint8_t *)block,
- sig->data_size,
- SHA512_DIGEST_ALGORITHM);
- rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig),
- SHA512_DIGEST_SIZE);
- VbExFree(header_checksum);
+ rv = vb2_digest_buffer((const uint8_t *)block,
+ sig->data_size,
+ VB2_HASH_SHA512,
+ header_checksum,
+ sizeof(header_checksum));
+ if (!rv)
+ rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig),
+ sizeof(header_checksum));
+
if (rv) {
VBDEBUG(("Invalid key block hash.\n"));
return VBOOT_KEY_BLOCK_HASH;