diff options
author | Randall Spangler <rspangler@chromium.org> | 2014-10-23 15:55:21 -0700 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-10-28 22:30:04 +0000 |
commit | f18038b750c43c2185e64db38d0d244c6810083b (patch) | |
tree | 76a572d4cbc053398591ab10f0bc76ef011ee50d /firmware | |
parent | c8c2f023a4914a498c11b855210ef05d4e035d41 (diff) | |
download | vboot-f18038b750c43c2185e64db38d0d244c6810083b.tar.gz |
vboot2: Move and rename functions
Move packed key functions to their own file, in preparation for
introducing support for vb2_packed_key2.
Rename the awfully-named vb2_verify_fw_preamble2() function to
vb2_load_fw_premable(), since the new structs actually have a
vb2_fw_preamble2 struct and that would be very confusing.
Rename vb2_verify_fw_keyblock() to vb2_load_fw_keyblock(), so it
matches.
No functional changes, just renaming.
BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: Ia914e48e6c5814ab3205b999ceda1aa2452206ff
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/225458
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2api.c | 4 | ||||
-rw-r--r-- | firmware/2lib/2common.c | 67 | ||||
-rw-r--r-- | firmware/2lib/2misc.c | 8 | ||||
-rw-r--r-- | firmware/2lib/2packed_key.c | 77 | ||||
-rw-r--r-- | firmware/2lib/include/2misc.h | 4 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 20 |
6 files changed, 94 insertions, 86 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c index 1f128a49..5070d21f 100644 --- a/firmware/2lib/2api.c +++ b/firmware/2lib/2api.c @@ -110,14 +110,14 @@ int vb2api_fw_phase3(struct vb2_context *ctx) int rv; /* Verify firmware keyblock */ - rv = vb2_verify_fw_keyblock(ctx); + rv = vb2_load_fw_keyblock(ctx); if (rv) { vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); return rv; } /* Verify firmware preamble */ - rv = vb2_verify_fw_preamble2(ctx); + rv = vb2_load_fw_preamble(ctx); if (rv) { vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv); return rv; diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index f1707969..872b6233 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -110,11 +110,6 @@ void vb2_workbuf_free(struct vb2_workbuf *wb, uint32_t size) wb->size += size; } -const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key) -{ - return (const uint8_t *)key + key->key_offset; -} - uint8_t *vb2_signature_data(struct vb2_signature *sig) { return (uint8_t *)sig + sig->sig_offset; @@ -168,68 +163,6 @@ int vb2_verify_signature_inside(const void *parent, sig->sig_offset, sig->sig_size); } -int vb2_verify_packed_key_inside(const void *parent, - uint32_t parent_size, - const struct vb2_packed_key *key) -{ - return vb2_verify_member_inside(parent, parent_size, - key, sizeof(*key), - key->key_offset, key->key_size); -} - -int vb2_unpack_key(struct vb2_public_key *key, - const uint8_t *buf, - uint32_t size) -{ - const struct vb2_packed_key *packed_key = - (const struct vb2_packed_key *)buf; - const uint32_t *buf32; - uint32_t expected_key_size; - int rv; - - /* Make sure passed buffer is big enough for the packed key */ - rv = vb2_verify_packed_key_inside(buf, size, packed_key); - if (rv) - return rv; - - /* Unpack key algorithm */ - key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); - if (key->sig_alg == VB2_SIG_INVALID) { - VB2_DEBUG("Unsupported signature algorithm.\n"); - return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; - } - - key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm); - if (key->hash_alg == VB2_HASH_INVALID) { - VB2_DEBUG("Unsupported hash algorithm.\n"); - return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; - } - - expected_key_size = vb2_packed_key_size(key->sig_alg); - if (!expected_key_size || expected_key_size != packed_key->key_size) { - VB2_DEBUG("Wrong key size for algorithm\n"); - return VB2_ERROR_UNPACK_KEY_SIZE; - } - - /* Make sure source buffer is 32-bit aligned */ - buf32 = (const uint32_t *)vb2_packed_key_data(packed_key); - if (!vb_aligned(buf32, sizeof(uint32_t))) - return VB2_ERROR_UNPACK_KEY_ALIGN; - - /* Sanity check key array size */ - key->arrsize = buf32[0]; - if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) - return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; - - key->n0inv = buf32[1]; - - /* Arrays point inside the key data */ - key->n = buf32 + 2; - key->rr = buf32 + 2 + key->arrsize; - - return VB2_SUCCESS; -} - int vb2_verify_digest(const struct vb2_public_key *key, struct vb2_signature *sig, const uint8_t *digest, diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index ba5cd279..3986e1ff 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -365,7 +365,7 @@ int vb2_select_fw_slot(struct vb2_context *ctx) return VB2_SUCCESS; } -int vb2_verify_fw_keyblock(struct vb2_context *ctx) +int vb2_load_fw_keyblock(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); struct vb2_workbuf wb; @@ -478,9 +478,7 @@ int vb2_verify_fw_keyblock(struct vb2_context *ctx) return VB2_SUCCESS; } -// TODO: Terrible that this and the low-level verification want to have the -// same function name. Pick a better name... -int vb2_verify_fw_preamble2(struct vb2_context *ctx) +int vb2_load_fw_preamble(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); struct vb2_workbuf wb; @@ -549,7 +547,7 @@ int vb2_verify_fw_preamble2(struct vb2_context *ctx) if (pre->firmware_version > 0xffff) return VB2_ERROR_FW_PREAMBLE2_VERSION_RANGE; - /* Combine with the key version from vb2_verify_fw_keyblock() */ + /* Combine with the key version from vb2_load_fw_keyblock() */ sd->fw_version |= pre->firmware_version; if (sd->fw_version < sec_version) return VB2_ERROR_FW_PREAMBLE2_VERSION_ROLLBACK; diff --git a/firmware/2lib/2packed_key.c b/firmware/2lib/2packed_key.c new file mode 100644 index 00000000..fe6bab53 --- /dev/null +++ b/firmware/2lib/2packed_key.c @@ -0,0 +1,77 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Key unpacking functions + */ + +#include "2sysincludes.h" +#include "2common.h" +#include "2rsa.h" + +const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key) +{ + return (const uint8_t *)key + key->key_offset; +} + +int vb2_verify_packed_key_inside(const void *parent, + uint32_t parent_size, + const struct vb2_packed_key *key) +{ + return vb2_verify_member_inside(parent, parent_size, + key, sizeof(*key), + key->key_offset, key->key_size); +} + +int vb2_unpack_key(struct vb2_public_key *key, + const uint8_t *buf, + uint32_t size) +{ + const struct vb2_packed_key *packed_key = + (const struct vb2_packed_key *)buf; + const uint32_t *buf32; + uint32_t expected_key_size; + int rv; + + /* Make sure passed buffer is big enough for the packed key */ + rv = vb2_verify_packed_key_inside(buf, size, packed_key); + if (rv) + return rv; + + /* Unpack key algorithm */ + key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); + if (key->sig_alg == VB2_SIG_INVALID) { + VB2_DEBUG("Unsupported signature algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; + } + + key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm); + if (key->hash_alg == VB2_HASH_INVALID) { + VB2_DEBUG("Unsupported hash algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; + } + + expected_key_size = vb2_packed_key_size(key->sig_alg); + if (!expected_key_size || expected_key_size != packed_key->key_size) { + VB2_DEBUG("Wrong key size for algorithm\n"); + return VB2_ERROR_UNPACK_KEY_SIZE; + } + + /* Make sure source buffer is 32-bit aligned */ + buf32 = (const uint32_t *)vb2_packed_key_data(packed_key); + if (!vb_aligned(buf32, sizeof(uint32_t))) + return VB2_ERROR_UNPACK_KEY_ALIGN; + + /* Sanity check key array size */ + key->arrsize = buf32[0]; + if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) + return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; + + key->n0inv = buf32[1]; + + /* Arrays point inside the key data */ + key->n = buf32 + 2; + key->rr = buf32 + 2 + key->arrsize; + + return VB2_SUCCESS; +} diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index d6f48e86..d50ed319 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -128,7 +128,7 @@ int vb2_select_fw_slot(struct vb2_context *ctx); * @param ctx Vboot context * @return VB2_SUCCESS, or error code on error. */ -int vb2_verify_fw_keyblock(struct vb2_context *ctx); +int vb2_load_fw_keyblock(struct vb2_context *ctx); /** * Verify the firmware preamble using the data subkey from the keyblock. @@ -138,6 +138,6 @@ int vb2_verify_fw_keyblock(struct vb2_context *ctx); * @param ctx Vboot context * @return VB2_SUCCESS, or error code on error. */ -int vb2_verify_fw_preamble2(struct vb2_context *ctx); +int vb2_load_fw_preamble(struct vb2_context *ctx); #endif /* VBOOT_REFERENCE_VBOOT_2MISC_H_ */ diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 9f41b8b8..ee6c91fe 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -263,34 +263,34 @@ enum vb2_return_code { /* Header size too small in vb2_read_gbb_header() */ VB2_ERROR_GBB_HEADER_SIZE, - /* Work buffer too small for root key in vb2_verify_fw_keyblock() */ + /* Work buffer too small for root key in vb2_load_fw_keyblock() */ VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY, - /* Work buffer too small for header in vb2_verify_fw_keyblock() */ + /* Work buffer too small for header in vb2_load_fw_keyblock() */ VB2_ERROR_FW_KEYBLOCK_WORKBUF_HEADER, - /* Work buffer too small for keyblock in vb2_verify_fw_keyblock() */ + /* Work buffer too small for keyblock in vb2_load_fw_keyblock() */ VB2_ERROR_FW_KEYBLOCK_WORKBUF, - /* Keyblock version out of range in vb2_verify_fw_keyblock() */ + /* Keyblock version out of range in vb2_load_fw_keyblock() */ VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE, - /* Keyblock version rollback in vb2_verify_fw_keyblock() */ + /* Keyblock version rollback in vb2_load_fw_keyblock() */ VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK, - /* Missing firmware data key in vb2_verify_fw_preamble2() */ + /* Missing firmware data key in vb2_load_fw_preamble() */ VB2_ERROR_FW_PREAMBLE2_DATA_KEY, - /* Work buffer too small for header in vb2_verify_fw_preamble2() */ + /* Work buffer too small for header in vb2_load_fw_preamble() */ VB2_ERROR_FW_PREAMBLE2_WORKBUF_HEADER, - /* Work buffer too small for preamble in vb2_verify_fw_preamble2() */ + /* Work buffer too small for preamble in vb2_load_fw_preamble() */ VB2_ERROR_FW_PREAMBLE2_WORKBUF, - /* Firmware version out of range in vb2_verify_fw_preamble2() */ + /* Firmware version out of range in vb2_load_fw_preamble() */ VB2_ERROR_FW_PREAMBLE2_VERSION_RANGE, - /* Firmware version rollback in vb2_verify_fw_preamble2() */ + /* Firmware version rollback in vb2_load_fw_preamble() */ VB2_ERROR_FW_PREAMBLE2_VERSION_ROLLBACK, /********************************************************************** |