futility: Use vboot 2.0 APIs for public keys

This replaces calls to the old vboot 1 APIs with their vboot 2.0 equivalents. BUG=chromium:611535 BRANCH=none TEST=make runtests Change-Id: Ieb1a127577c6428c47ac088c3aaa0d0dad6275a8 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/356541 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
author: Randall Spangler <rspangler@chromium.org> 2016-06-23 13:45:59 -0700
committer: chrome-bot <chrome-bot@chromium.org> 2016-09-02 01:28:37 -0700
commit: f7559e4b4652134b1e15de3ce31ee50a3de00f69 (patch)
tree: 63c14345dbe8323ad25a428c936a1c51f6ae7fcc /futility/vb1_helper.c
parent: df2bd9b1e74687dfc82a7bacc0b9a3c6162c0504 (diff)
download: vboot-f7559e4b4652134b1e15de3ce31ee50a3de00f69.tar.gz
1 files changed, 32 insertions, 23 deletions
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index 2ec77501..314fd02e 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -502,17 +502,16 @@ int WriteSomeParts(const char *outfile,
 /* Returns 0 on success */
 int VerifyKernelBlob(uint8_t *kernel_blob,
 		     uint64_t kernel_size,
-		     VbPublicKey *signpub_key,
+		     struct vb2_packed_key *signpub_key,
 		     const char *keyblock_outfile,
 		     uint64_t min_version)
 {
-	RSAPublicKey *rsa;
 	int rv = -1;
 	uint64_t vmlinuz_header_size = 0;
 	uint64_t vmlinuz_header_address = 0;
 
-	static uint8_t workbuf[VB2_WORKBUF_RECOMMENDED_SIZE];
-	static struct vb2_workbuf wb;
+	uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE];
+	struct vb2_workbuf wb;
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
 
 	if (signpub_key) {
@@ -585,15 +584,18 @@ int VerifyKernelBlob(uint8_t *kernel_blob,
 		goto done;
 	}
 
-	rsa = PublicKeyToRSA((VbPublicKey *)data_key);
-	if (!rsa) {
+	struct vb2_public_key pubkey;
+	if (VB2_SUCCESS !=
+	    vb2_unpack_key(&pubkey, (uint8_t *)data_key,
+			   data_key->key_offset + data_key->key_size)) {
 		fprintf(stderr, "Error parsing data key.\n");
 		goto done;
 	}
 
 	/* Verify preamble */
-	if (0 != VerifyKernelPreamble(g_preamble,
-				      g_preamble->preamble_size, rsa)) {
+	if (VB2_SUCCESS != vb2_verify_kernel_preamble(
+			(struct vb2_kernel_preamble *)g_preamble,
+			g_preamble->preamble_size, &pubkey, &wb)) {
 		fprintf(stderr, "Error verifying preamble.\n");
 		goto done;
 	}
@@ -642,8 +644,10 @@ int VerifyKernelBlob(uint8_t *kernel_blob,
 	}
 
 	/* Verify body */
-	if (0 != VerifyData(kernel_blob, kernel_size,
-			    &g_preamble->body_signature, rsa)) {
+	if (VB2_SUCCESS !=
+	    vb2_verify_data(kernel_blob, kernel_size,
+			    (struct vb2_signature *)&g_preamble->body_signature,
+			    &pubkey, &wb)) {
 		fprintf(stderr, "Error verifying kernel body.\n");
 		goto done;
 	}
@@ -749,17 +753,14 @@ uint8_t *CreateKernelBlob(uint8_t *vmlinuz_buf, uint64_t vmlinuz_size,
 
 enum futil_file_type ft_recognize_vblock1(uint8_t *buf, uint32_t len)
 {
-	int rv;
-
-	uint8_t workbuf[VB2_WORKBUF_RECOMMENDED_SIZE];
+	uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE];
 	struct vb2_workbuf wb;
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
 
 	/* Vboot 2.0 signature checks destroy the buffer, so make a copy */
 	uint8_t *buf2 = malloc(len);
 	memcpy(buf2, buf, len);
-
-	struct vb2_keyblock *keyblock = (struct vb2_keyblock *)buf;
+	struct vb2_keyblock *keyblock = (struct vb2_keyblock *)buf2;
 	if (VB2_SUCCESS != vb2_verify_keyblock_hash(keyblock, len, &wb)) {
 		free(buf2);
 		return FILE_TYPE_UNKNOWN;
@@ -780,18 +781,26 @@ enum futil_file_type ft_recognize_vblock1(uint8_t *buf, uint32_t len)
 
 	/* Followed by firmware preamble too? */
 	struct vb2_fw_preamble *pre2 = (struct vb2_fw_preamble *)(buf2 + more);
-	rv = vb2_verify_fw_preamble(pre2, len - more, &data_key, &wb);
-	free(buf2);
-	if (VB2_SUCCESS == rv)
+	if (VB2_SUCCESS ==
+	    vb2_verify_fw_preamble(pre2, len - more, &data_key, &wb)) {
+		free(buf2);
 		return FILE_TYPE_FW_PREAMBLE;
+	}
+
+	/* Recopy since firmware preamble check destroyed the buffer */
+	memcpy(buf2, buf, len);
 
 	/* Or maybe kernel preamble? */
-	RSAPublicKey *rsa = PublicKeyToRSA((VbPublicKey *)&keyblock->data_key);
-	VbKernelPreambleHeader *kern_preamble =
-		(VbKernelPreambleHeader *)(buf + more);
-	if (VBOOT_SUCCESS ==
-	    VerifyKernelPreamble(kern_preamble, len - more, rsa))
+	struct vb2_kernel_preamble *kern_preamble =
+		(struct vb2_kernel_preamble *)(buf2 + more);
+	if (VB2_SUCCESS ==
+	    vb2_verify_kernel_preamble(kern_preamble, len - more,
+				       &data_key, &wb)) {
+		free(buf2);
 		return FILE_TYPE_KERN_PREAMBLE;
+	}
+
+	free(buf2);
 
 	/* No, just keyblock */
 	return FILE_TYPE_KEYBLOCK;
author	Randall Spangler <rspangler@chromium.org>	2016-06-23 13:45:59 -0700
committer	chrome-bot <chrome-bot@chromium.org>	2016-09-02 01:28:37 -0700
commit	f7559e4b4652134b1e15de3ce31ee50a3de00f69 (patch)
tree	63c14345dbe8323ad25a428c936a1c51f6ae7fcc /futility/vb1_helper.c
parent	df2bd9b1e74687dfc82a7bacc0b9a3c6162c0504 (diff)
download	vboot-f7559e4b4652134b1e15de3ce31ee50a3de00f69.tar.gz