diff options
author | Joel Kitching <kitching@google.com> | 2019-08-30 16:02:24 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-10-23 16:28:17 +0000 |
commit | 1ff5597e282df81fb2cddcf4b7b47a01553a86fc (patch) | |
tree | 74bd0832b75af2f6bb9511b6b7521a9a41755118 /firmware/lib20 | |
parent | d3b2117f9abe2f7413f6315867ae3c3dbfaf5db1 (diff) | |
download | vboot-1ff5597e282df81fb2cddcf4b7b47a01553a86fc.tar.gz |
vboot: relocate vb2_signature and vb2_keybock structs
Move from vboot20 to vboot2.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib1fe0e2cfb0865fffe33ad35e7bd67d416da4589
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776291
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'firmware/lib20')
-rw-r--r-- | firmware/lib20/common.c | 18 | ||||
-rw-r--r-- | firmware/lib20/include/vb2_common.h | 18 | ||||
-rw-r--r-- | firmware/lib20/include/vb2_struct.h | 75 |
3 files changed, 2 insertions, 109 deletions
diff --git a/firmware/lib20/common.c b/firmware/lib20/common.c index 2c6886c5..f1364c7a 100644 --- a/firmware/lib20/common.c +++ b/firmware/lib20/common.c @@ -11,20 +11,6 @@ #include "2sysincludes.h" #include "vb2_common.h" -uint8_t *vb2_signature_data(struct vb2_signature *sig) -{ - return (uint8_t *)sig + sig->sig_offset; -} - -vb2_error_t vb2_verify_signature_inside(const void *parent, - uint32_t parent_size, - const struct vb2_signature *sig) -{ - return vb2_verify_member_inside(parent, parent_size, - sig, sizeof(*sig), - sig->sig_offset, sig->sig_size); -} - vb2_error_t vb2_verify_digest(const struct vb2_public_key *key, struct vb2_signature *sig, const uint8_t *digest, const struct vb2_workbuf *wb) @@ -98,12 +84,12 @@ vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER; } - if (memcmp(block->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE)) { + if (memcmp(block->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE)) { VB2_DEBUG("Not a valid verified boot keyblock.\n"); return VB2_ERROR_KEYBLOCK_MAGIC; } - if (block->header_version_major != KEYBLOCK_HEADER_VERSION_MAJOR) { + if (block->header_version_major != VB2_KEYBLOCK_VERSION_MAJOR) { VB2_DEBUG("Incompatible keyblock header version.\n"); return VB2_ERROR_KEYBLOCK_HEADER_VERSION; } diff --git a/firmware/lib20/include/vb2_common.h b/firmware/lib20/include/vb2_common.h index 911dc0a3..5bac7a89 100644 --- a/firmware/lib20/include/vb2_common.h +++ b/firmware/lib20/include/vb2_common.h @@ -18,24 +18,6 @@ struct vb2_public_key; -/* - * Helper functions to get data pointed to by a public key or signature. - */ - -uint8_t *vb2_signature_data(struct vb2_signature *sig); - -/** - * Verify a signature is fully contained in its parent data - * - * @param parent Parent data - * @param parent_size Parent size in bytes - * @param sig Signature pointer - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb2_verify_signature_inside(const void *parent, - uint32_t parent_size, - const struct vb2_signature *sig); - /** * Unpack a vboot1-format key buffer for use in verification * diff --git a/firmware/lib20/include/vb2_struct.h b/firmware/lib20/include/vb2_struct.h index d6279e19..75330c18 100644 --- a/firmware/lib20/include/vb2_struct.h +++ b/firmware/lib20/include/vb2_struct.h @@ -27,81 +27,6 @@ #define VB2_MAX_KEY_VERSION 0xffff #define VB2_MAX_PREAMBLE_VERSION 0xffff - -/* Signature data (a secure hash, possibly signed) */ -struct vb2_signature { - /* Offset of signature data from start of this struct */ - uint32_t sig_offset; - uint32_t reserved0; - - /* Size of signature data in bytes */ - uint32_t sig_size; - uint32_t reserved1; - - /* Size of the data block which was signed in bytes */ - uint32_t data_size; - uint32_t reserved2; -} __attribute__((packed)); - -#define EXPECTED_VB2_SIGNATURE_SIZE 24 - - -#define KEYBLOCK_MAGIC "CHROMEOS" -#define KEYBLOCK_MAGIC_SIZE 8 - -#define KEYBLOCK_HEADER_VERSION_MAJOR 2 -#define KEYBLOCK_HEADER_VERSION_MINOR 1 - -/* - * Keyblock, containing the public key used to sign some other chunk of data. - * - * This should be followed by: - * 1) The data_key key data, pointed to by data_key.key_offset. - * 2) The checksum data for (vb2_keyblock + data_key data), pointed to - * by keyblock_checksum.sig_offset. - * 3) The signature data for (vb2_keyblock + data_key data), pointed to - * by keyblock_signature.sig_offset. - */ -struct vb2_keyblock { - /* Magic number */ - uint8_t magic[KEYBLOCK_MAGIC_SIZE]; - - /* Version of this header format */ - uint32_t header_version_major; - uint32_t header_version_minor; - - /* - * Length of this entire keyblock, including keys, signatures, and - * padding, in bytes - */ - uint32_t keyblock_size; - uint32_t reserved0; - - /* - * Signature for this keyblock (header + data pointed to by data_key) - * For use with signed data keys - */ - struct vb2_signature keyblock_signature; - - /* - * SHA-512 hash for this keyblock (header + data pointed to by - * data_key) For use with unsigned data keys. - * - * Only supported for kernel keyblocks, not firmware keyblocks. - */ - struct vb2_signature keyblock_hash; - - /* Flags for key (VB2_KEYBLOCK_FLAG_*) */ - uint32_t keyblock_flags; - uint32_t reserved1; - - /* Key to verify the chunk of data */ - struct vb2_packed_key data_key; -} __attribute__((packed)); - -#define EXPECTED_VB2_KEYBLOCK_SIZE 112 - - /* Firmware preamble header */ #define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1 |