vboot2: move verify digest to 2common

This removes code duplicated between 2common.c and 2rsa.c.  This is in
preparation for adding new unsigned hash algorithms.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make -j runtests

Change-Id: Ic9c542ae14d3b7f786129c1d52f8963847a94fb8
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/224780
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

6 files changed, 61 insertions, 37 deletions

diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index e1a06230..8948093b 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -273,24 +273,11 @@ int vb2api_check_hash(struct vb2_context *ctx)
 	if (rv)
 		return rv;
 
-	/* Make sure body signature is the right size */
-	if (pre->body_signature.sig_size != vb2_rsa_sig_size(key.algorithm)) {
-		VB2_DEBUG("Wrong data signature size for algorithm, "
-			  "sig_size=%d, expected %d for algorithm %d.\n",
-			 (int)pre->body_signature.sig_size,
-			  vb2_rsa_sig_size(key.algorithm),
-			  key.algorithm);
-		return VB2_ERROR_API_CHECK_HASH_SIG_SIZE;
-	}
-
 	/*
 	 * Check digest vs. signature.  Note that this destroys the signature.
 	 * That's ok, because we only check each signature once per boot.
 	 */
-	rv = vb2_verify_digest(&key,
-			       vb2_signature_data(&pre->body_signature),
-			       digest,
-			       &wb);
+	rv = vb2_verify_digest(&key, &pre->body_signature, digest, &wb);
 	if (rv)
 		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
 
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c
index 686aa002..3f172f12 100644
--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -225,6 +225,24 @@ int vb2_unpack_key(struct vb2_public_key *key,
 	return VB2_SUCCESS;
 }
 
+int vb2_verify_digest(const struct vb2_public_key *key,
+		      struct vb2_signature *sig,
+		      const uint8_t *digest,
+		      struct vb2_workbuf *wb)
+{
+	uint8_t *sig_data = vb2_signature_data(sig);
+
+	if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) {
+		VB2_DEBUG("Wrong data signature size for algorithm, "
+			  "sig_size=%d, expected %d for algorithm %d.\n",
+			  sig->sig_size, vb2_rsa_sig_size(key->algorithm),
+			  key->algorithm);
+		return VB2_ERROR_VDATA_SIG_SIZE;
+	}
+
+	return vb2_rsa_verify_digest(key, sig_data, digest, wb);
+}
+
 int vb2_verify_data(const uint8_t *data,
 		    uint32_t size,
 		    struct vb2_signature *sig,
@@ -240,14 +258,6 @@ int vb2_verify_data(const uint8_t *data,
 	if (key->algorithm >= VB2_ALG_COUNT)
 		return VB2_ERROR_VDATA_ALGORITHM;
 
-	if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) {
-		VB2_DEBUG("Wrong data signature size for algorithm, "
-			 "sig_size=%d, expected %d for algorithm %d.\n",
-			 (int)sig->sig_size, vb2_rsa_sig_size(key->algorithm),
-			 key->algorithm);
-		return VB2_ERROR_VDATA_SIG_SIZE;
-	}
-
 	if (sig->data_size > size) {
 		VB2_DEBUG("Data buffer smaller than length of signed data.\n");
 		return VB2_ERROR_VDATA_NOT_ENOUGH_DATA;
@@ -255,6 +265,9 @@ int vb2_verify_data(const uint8_t *data,
 
 	/* Digest goes at start of work buffer */
 	digest_size = vb2_digest_size(key->algorithm);
+	if (!digest_size)
+		return VB2_ERROR_VDATA_DIGEST_SIZE;
+
 	digest = vb2_workbuf_alloc(&wblocal, digest_size);
 	if (!digest)
 		return VB2_ERROR_VDATA_WORKBUF_DIGEST;
@@ -278,8 +291,7 @@ int vb2_verify_data(const uint8_t *data,
 
 	vb2_workbuf_free(&wblocal, sizeof(*dc));
 
-	return vb2_verify_digest(key, vb2_signature_data(sig), digest,
-				 &wblocal);
+	return vb2_verify_digest(key, sig, digest, &wblocal);
 }
 
 int vb2_verify_keyblock(struct vb2_keyblock *block,
diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index c4c9420a..1df91157 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -165,7 +165,9 @@ uint32_t vb2_rsa_sig_size(uint32_t algorithm)
 
 uint32_t vb2_packed_key_size(uint32_t algorithm)
 {
-	if (algorithm >= VB2_ALG_COUNT)
+	uint32_t sig_size = vb2_rsa_sig_size(algorithm);
+
+	if (!sig_size)
 		return 0;
 
 	/*
@@ -173,7 +175,7 @@ uint32_t vb2_packed_key_size(uint32_t algorithm)
 	 *  2 * key_len bytes for the n and rr arrays
 	 *  + sizeof len + sizeof n0inv.
 	 */
-	return 2 * vb2_rsa_sig_size(algorithm) + 2 * sizeof(uint32_t);
+	return 2 * sig_size + 2 * sizeof(uint32_t);
 }
 
 /*
@@ -274,10 +276,10 @@ int vb2_check_padding(uint8_t *sig, int algorithm)
 	return result ? VB2_ERROR_RSA_PADDING : VB2_SUCCESS;
 }
 
-int vb2_verify_digest(const struct vb2_public_key *key,
-		      uint8_t *sig,
-		      const uint8_t *digest,
-		      struct vb2_workbuf *wb)
+int vb2_rsa_verify_digest(const struct vb2_public_key *key,
+			  uint8_t *sig,
+			  const uint8_t *digest,
+			  struct vb2_workbuf *wb)
 {
 	struct vb2_workbuf wblocal = *wb;
 	uint32_t *workbuf32;
@@ -288,7 +290,7 @@ int vb2_verify_digest(const struct vb2_public_key *key,
 	if (!key || !sig || !digest)
 		return VB2_ERROR_RSA_VERIFY_PARAM;
 
-	if (key->algorithm >= VB2_ALG_COUNT) {
+	if (key->algorithm > VB2_ALG_RSA8192_SHA512) {
 		VB2_DEBUG("Invalid signature type!\n");
 		return VB2_ERROR_RSA_VERIFY_ALGORITHM;
 	}
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 52c98af9..c1b98612 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -214,6 +214,23 @@ int vb2_unpack_key(struct vb2_public_key *key,
 		   const uint8_t *buf,
 		   uint32_t size);
 
+/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
+#define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
+
+/**
+ * Verify a signature against an expected hash digest.
+ *
+ * @param key		Key to use in signature verification
+ * @param sig		Signature to verify (may be destroyed in process)
+ * @param digest	Digest of signed data
+ * @param wb		Work buffer
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+int vb2_verify_digest(const struct vb2_public_key *key,
+		      struct vb2_signature *sig,
+		      const uint8_t *digest,
+		      struct vb2_workbuf *wb);
+
 /* Size of work buffer sufficient for vb2_verify_data() worst case */
 #define VB2_VERIFY_DATA_WORKBUF_BYTES					\
 	(VB2_SHA512_DIGEST_SIZE +					\
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 77d0dd89..b530bcd9 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -155,6 +155,12 @@ enum vb2_return_code {
 	/* Not enough work buffer for hash temp data in vb2_verify_data() */
 	VB2_ERROR_VDATA_WORKBUF_HASHING,
 
+	/*
+	 * Bad digest size in vb2_verify_data() - probably because algorithm
+	 * is bad.
+	 */
+	VB2_ERROR_VDATA_DIGEST_SIZE,
+
         /**********************************************************************
 	 * Keyblock verification errors (all in vb2_verify_keyblock())
 	 */
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 33edd617..47225cac 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -44,8 +44,8 @@ uint32_t vb2_packed_key_size(uint32_t algorithm);
  */
 int vb2_check_padding(uint8_t *sig, int algorithm);
 
-/* Size of work buffer sufficient for vb2_verify_digest() worst case */
-#define VB2_VERIFY_DIGEST_WORKBUF_BYTES (3 * 1024)
+/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
+#define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024)
 
 /**
  * Verify a RSA PKCS1.5 signature against an expected hash digest.
@@ -56,9 +56,9 @@ int vb2_check_padding(uint8_t *sig, int algorithm);
  * @param wb		Work buffer
  * @return VB2_SUCCESS, or non-zero if error.
  */
-int vb2_verify_digest(const struct vb2_public_key *key,
-		      uint8_t *sig,
-		      const uint8_t *digest,
-		      struct vb2_workbuf *wb);
+int vb2_rsa_verify_digest(const struct vb2_public_key *key,
+			  uint8_t *sig,
+			  const uint8_t *digest,
+			  struct vb2_workbuf *wb);
 
 #endif  /* VBOOT_REFERENCE_2RSA_H_ */