diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-06-23 13:45:59 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-09-02 01:28:37 -0700 |
commit | f7559e4b4652134b1e15de3ce31ee50a3de00f69 (patch) | |
tree | 63c14345dbe8323ad25a428c936a1c51f6ae7fcc /futility/vb1_helper.c | |
parent | df2bd9b1e74687dfc82a7bacc0b9a3c6162c0504 (diff) | |
download | vboot-f7559e4b4652134b1e15de3ce31ee50a3de00f69.tar.gz |
futility: Use vboot 2.0 APIs for public keys
This replaces calls to the old vboot 1 APIs with their vboot 2.0
equivalents.
BUG=chromium:611535
BRANCH=none
TEST=make runtests
Change-Id: Ieb1a127577c6428c47ac088c3aaa0d0dad6275a8
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/356541
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'futility/vb1_helper.c')
-rw-r--r-- | futility/vb1_helper.c | 55 |
1 files changed, 32 insertions, 23 deletions
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c index 2ec77501..314fd02e 100644 --- a/futility/vb1_helper.c +++ b/futility/vb1_helper.c @@ -502,17 +502,16 @@ int WriteSomeParts(const char *outfile, /* Returns 0 on success */ int VerifyKernelBlob(uint8_t *kernel_blob, uint64_t kernel_size, - VbPublicKey *signpub_key, + struct vb2_packed_key *signpub_key, const char *keyblock_outfile, uint64_t min_version) { - RSAPublicKey *rsa; int rv = -1; uint64_t vmlinuz_header_size = 0; uint64_t vmlinuz_header_address = 0; - static uint8_t workbuf[VB2_WORKBUF_RECOMMENDED_SIZE]; - static struct vb2_workbuf wb; + uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]; + struct vb2_workbuf wb; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); if (signpub_key) { @@ -585,15 +584,18 @@ int VerifyKernelBlob(uint8_t *kernel_blob, goto done; } - rsa = PublicKeyToRSA((VbPublicKey *)data_key); - if (!rsa) { + struct vb2_public_key pubkey; + if (VB2_SUCCESS != + vb2_unpack_key(&pubkey, (uint8_t *)data_key, + data_key->key_offset + data_key->key_size)) { fprintf(stderr, "Error parsing data key.\n"); goto done; } /* Verify preamble */ - if (0 != VerifyKernelPreamble(g_preamble, - g_preamble->preamble_size, rsa)) { + if (VB2_SUCCESS != vb2_verify_kernel_preamble( + (struct vb2_kernel_preamble *)g_preamble, + g_preamble->preamble_size, &pubkey, &wb)) { fprintf(stderr, "Error verifying preamble.\n"); goto done; } @@ -642,8 +644,10 @@ int VerifyKernelBlob(uint8_t *kernel_blob, } /* Verify body */ - if (0 != VerifyData(kernel_blob, kernel_size, - &g_preamble->body_signature, rsa)) { + if (VB2_SUCCESS != + vb2_verify_data(kernel_blob, kernel_size, + (struct vb2_signature *)&g_preamble->body_signature, + &pubkey, &wb)) { fprintf(stderr, "Error verifying kernel body.\n"); goto done; } @@ -749,17 +753,14 @@ uint8_t *CreateKernelBlob(uint8_t *vmlinuz_buf, uint64_t vmlinuz_size, enum futil_file_type ft_recognize_vblock1(uint8_t *buf, uint32_t len) { - int rv; - - uint8_t workbuf[VB2_WORKBUF_RECOMMENDED_SIZE]; + uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]; struct vb2_workbuf wb; vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); /* Vboot 2.0 signature checks destroy the buffer, so make a copy */ uint8_t *buf2 = malloc(len); memcpy(buf2, buf, len); - - struct vb2_keyblock *keyblock = (struct vb2_keyblock *)buf; + struct vb2_keyblock *keyblock = (struct vb2_keyblock *)buf2; if (VB2_SUCCESS != vb2_verify_keyblock_hash(keyblock, len, &wb)) { free(buf2); return FILE_TYPE_UNKNOWN; @@ -780,18 +781,26 @@ enum futil_file_type ft_recognize_vblock1(uint8_t *buf, uint32_t len) /* Followed by firmware preamble too? */ struct vb2_fw_preamble *pre2 = (struct vb2_fw_preamble *)(buf2 + more); - rv = vb2_verify_fw_preamble(pre2, len - more, &data_key, &wb); - free(buf2); - if (VB2_SUCCESS == rv) + if (VB2_SUCCESS == + vb2_verify_fw_preamble(pre2, len - more, &data_key, &wb)) { + free(buf2); return FILE_TYPE_FW_PREAMBLE; + } + + /* Recopy since firmware preamble check destroyed the buffer */ + memcpy(buf2, buf, len); /* Or maybe kernel preamble? */ - RSAPublicKey *rsa = PublicKeyToRSA((VbPublicKey *)&keyblock->data_key); - VbKernelPreambleHeader *kern_preamble = - (VbKernelPreambleHeader *)(buf + more); - if (VBOOT_SUCCESS == - VerifyKernelPreamble(kern_preamble, len - more, rsa)) + struct vb2_kernel_preamble *kern_preamble = + (struct vb2_kernel_preamble *)(buf2 + more); + if (VB2_SUCCESS == + vb2_verify_kernel_preamble(kern_preamble, len - more, + &data_key, &wb)) { + free(buf2); return FILE_TYPE_KERN_PREAMBLE; + } + + free(buf2); /* No, just keyblock */ return FILE_TYPE_KEYBLOCK; |