diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-06-23 13:45:59 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-09-02 01:28:37 -0700 |
commit | f7559e4b4652134b1e15de3ce31ee50a3de00f69 (patch) | |
tree | 63c14345dbe8323ad25a428c936a1c51f6ae7fcc /host | |
parent | df2bd9b1e74687dfc82a7bacc0b9a3c6162c0504 (diff) | |
download | vboot-f7559e4b4652134b1e15de3ce31ee50a3de00f69.tar.gz |
futility: Use vboot 2.0 APIs for public keys
This replaces calls to the old vboot 1 APIs with their vboot 2.0
equivalents.
BUG=chromium:611535
BRANCH=none
TEST=make runtests
Change-Id: Ieb1a127577c6428c47ac088c3aaa0d0dad6275a8
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/356541
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'host')
-rw-r--r-- | host/lib/host_common2.c | 17 | ||||
-rw-r--r-- | host/lib/host_key.c | 122 | ||||
-rw-r--r-- | host/lib/host_key2.c | 77 | ||||
-rw-r--r-- | host/lib/include/host_key.h | 67 | ||||
-rw-r--r-- | host/lib/include/util_misc.h | 4 | ||||
-rw-r--r-- | host/linktest/main.c | 6 |
6 files changed, 160 insertions, 133 deletions
diff --git a/host/lib/host_common2.c b/host/lib/host_common2.c index ae02b8ba..fed2097a 100644 --- a/host/lib/host_common2.c +++ b/host/lib/host_common2.c @@ -49,15 +49,22 @@ struct vb2_fw_preamble *vb2_create_fw_preamble( h->flags = flags; /* Copy data key */ - PublicKeyInit((VbPublicKey *)&h->kernel_subkey, kernel_subkey_dest, - kernel_subkey->key_size); - PublicKeyCopy((VbPublicKey *)&h->kernel_subkey, - (VbPublicKey *)kernel_subkey); + vb2_init_packed_key(&h->kernel_subkey, kernel_subkey_dest, + kernel_subkey->key_size); + if (VB2_SUCCESS != + vb2_copy_packed_key(&h->kernel_subkey, kernel_subkey)) { + free(h); + return NULL; + } /* Copy body signature */ vb2_init_signature(&h->body_signature, body_sig_dest, body_signature->sig_size, 0); - vb2_copy_signature(&h->body_signature, body_signature); + if (VB2_SUCCESS != + vb2_copy_signature(&h->body_signature, body_signature)) { + free(h); + return NULL; + } /* Set up signature struct so we can calculate the signature */ vb2_init_signature(&h->preamble_signature, block_sig_dest, diff --git a/host/lib/host_key.c b/host/lib/host_key.c index a8b05b53..02744477 100644 --- a/host/lib/host_key.c +++ b/host/lib/host_key.c @@ -13,6 +13,10 @@ #include <stdlib.h> #include <unistd.h> +#include "2sysincludes.h" +#include "2common.h" +#include "2rsa.h" +#include "2sha.h" #include "cryptolib.h" #include "host_common.h" #include "host_key.h" @@ -20,82 +24,15 @@ #include "vb2_common.h" #include "vboot_common.h" -/* Allocate a new public key with space for a [key_size] byte key. */ -VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, - uint64_t version) { - VbPublicKey* key = (VbPublicKey*)malloc(sizeof(VbPublicKey) + key_size); - if (!key) - return NULL; - - key->algorithm = algorithm; - key->key_version = version; - key->key_size = key_size; - key->key_offset = sizeof(VbPublicKey); - return key; -} - -VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm, - uint64_t version) { - VbPublicKey* key; - uint8_t* key_data; - uint64_t key_size; - uint64_t expected_key_size; - - if (algorithm >= kNumAlgorithms) { - VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n")); - return NULL; - } - if (version > 0xFFFF) { - /* Currently, TPM only supports 16-bit version */ - VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n")); - return NULL; - } - - key_data = ReadFile(filename, &key_size); - if (!key_data) - return NULL; - - if (!RSAProcessedKeySize(algorithm, &expected_key_size) || - expected_key_size != key_size) { - VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n")); - free(key_data); - return NULL; - } - - key = PublicKeyAlloc(key_size, algorithm, version); - if (!key) { - free(key_data); - return NULL; - } - Memcpy(GetPublicKeyData(key), key_data, key_size); - - free(key_data); - return key; -} - int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size) { - uint64_t key_size; - - if (size < sizeof(*key)) + struct vb2_public_key pubkey; + if (VB2_SUCCESS != vb2_unpack_key(&pubkey, (const uint8_t *)key, size)) return 0; - /* Sanity-check key data */ - if (0 != VerifyPublicKeyInside(key, size, (VbPublicKey *)key)) { - VBDEBUG(("PublicKeyRead() not a VbPublicKey\n")); - return 0; - } - if (key->algorithm >= kNumAlgorithms) { - VBDEBUG(("PublicKeyRead() invalid algorithm\n")); - return 0; - } - if (key->key_version > 0xFFFF) { - VBDEBUG(("PublicKeyRead() invalid version\n")); - return 0; /* Currently, TPM only supports 16-bit version */ - } - if (!RSAProcessedKeySize(key->algorithm, &key_size) || - key_size != key->key_size) { - VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n")); + if (key->key_version > VB2_MAX_KEY_VERSION) { + /* Currently, TPM only supports 16-bit version */ + VB2_DEBUG("%s() - packed key invalid version\n", __func__); return 0; } @@ -103,37 +40,20 @@ int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size) return 1; } -VbPublicKey* PublicKeyRead(const char* filename) { - struct vb2_packed_key *key; - uint64_t file_size; +/* TODO: the host code just uses this to check the embedded key length in + * uint32_t's. It should get folded into packed_key_looks_ok. */ - key = (struct vb2_packed_key *)ReadFile(filename, &file_size); - if (!key) - return NULL; - - if (packed_key_looks_ok(key, file_size)) - return (VbPublicKey *)key; - - /* Error */ - free(key); - return NULL; -} +RSAPublicKey *vb2_packed_key_to_rsa(const struct vb2_packed_key *key) +{ + RSAPublicKey *rsa; -int PublicKeyWrite(const char* filename, const VbPublicKey* key) { - VbPublicKey* kcopy; - int rv; + if (!packed_key_looks_ok(key, key->key_size)) + return NULL; - /* Copy the key, so its data is contiguous with the header */ - kcopy = PublicKeyAlloc(key->key_size, 0, 0); - if (!kcopy) - return 1; - if (0 != PublicKeyCopy(kcopy, key)) { - free(kcopy); - return 1; - } + rsa = RSAPublicKeyFromBuf(vb2_packed_key_data(key), key->key_size); + if (!rsa) + return NULL; - /* Write the copy, then free it */ - rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size); - free(kcopy); - return rv; + rsa->algorithm = (unsigned int)key->algorithm; + return rsa; } diff --git a/host/lib/host_key2.c b/host/lib/host_key2.c index 783ea5d9..ff6c1c35 100644 --- a/host/lib/host_key2.c +++ b/host/lib/host_key2.c @@ -170,6 +170,22 @@ void vb2_init_packed_key(struct vb2_packed_key *key, uint8_t *key_data, key->algorithm = VB2_ALG_COUNT; /* Key not present yet */ } +struct vb2_packed_key *vb2_alloc_packed_key(uint32_t key_size, + uint32_t algorithm, + uint32_t version) +{ + struct vb2_packed_key *key = + (struct vb2_packed_key *)calloc(sizeof(*key) + key_size, 1); + if (!key) + return NULL; + + key->algorithm = algorithm; + key->key_version = version; + key->key_size = key_size; + key->key_offset = sizeof(*key); + return key; +} + int vb2_copy_packed_key(struct vb2_packed_key *dest, const struct vb2_packed_key *src) { @@ -201,3 +217,64 @@ struct vb2_packed_key *vb2_read_packed_key(const char *filename) free(key); return NULL; } + +struct vb2_packed_key *vb2_read_packed_keyb(const char *filename, + uint32_t algorithm, + uint32_t version) +{ + if (algorithm >= VB2_ALG_COUNT) { + fprintf(stderr, "%s() - invalid algorithm\n", __func__); + return NULL; + } + if (version > VB2_MAX_KEY_VERSION) { + /* Currently, TPM only supports 16-bit version */ + fprintf(stderr, "%s() - invalid version 0x%x\n", __func__, + version); + return NULL; + } + + uint8_t *key_data = NULL; + uint32_t key_size = 0; + if (VB2_SUCCESS != vb2_read_file(filename, &key_data, &key_size)) + return NULL; + + uint64_t expected_key_size; + if (!RSAProcessedKeySize(algorithm, &expected_key_size) || + expected_key_size != key_size) { + fprintf(stderr, "%s() - wrong key size %u for algorithm %u\n", + __func__, key_size, algorithm); + free(key_data); + return NULL; + } + + struct vb2_packed_key *key = + vb2_alloc_packed_key(key_size, algorithm, version); + if (!key) { + free(key_data); + return NULL; + } + memcpy((uint8_t *)vb2_packed_key_data(key), key_data, key_size); + + free(key_data); + return key; +} + +int vb2_write_packed_key(const char *filename, + const struct vb2_packed_key *key) +{ + /* Copy the key, so its data is contiguous with the header */ + struct vb2_packed_key *kcopy = + vb2_alloc_packed_key(key->key_size, 0, 0); + if (!kcopy) + return VB2_ERROR_PACKED_KEY_ALLOC; + if (VB2_SUCCESS != vb2_copy_packed_key(kcopy, key)) { + free(kcopy); + return VB2_ERROR_PACKED_KEY_COPY; + } + + /* Write the copy, then free it */ + int rv = vb2_write_file(filename, kcopy, + kcopy->key_offset + kcopy->key_size); + free(kcopy); + return rv; +} diff --git a/host/lib/include/host_key.h b/host/lib/include/host_key.h index 0d4641b2..0040b8a2 100644 --- a/host/lib/include/host_key.h +++ b/host/lib/include/host_key.h @@ -9,8 +9,6 @@ #define VBOOT_REFERENCE_HOST_KEY_H_ #include "2crypto.h" -#include "cryptolib.h" -#include "vboot_struct.h" struct vb2_packed_key; struct vb2_private_key; @@ -68,9 +66,17 @@ int vb2_write_private_key(const char *filename, */ struct vb2_private_key *vb2_read_private_key(const char *filename); -/* Allocate a new public key with space for a [key_size] byte key. */ -VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm, - uint64_t version); +/** + * Allocate a new public key. + * @param key_size Size of key data the key can hold + * @param algorithm Algorithm to store in key header + * @param version Version to store in key header + * + * @return The public key or NULL if error. Caller must free() it. + */ +struct vb2_packed_key *vb2_alloc_packed_key(uint32_t key_size, + uint32_t algorithm, + uint32_t version); /** * Initialize a packed key structure. @@ -93,26 +99,49 @@ void vb2_init_packed_key(struct vb2_packed_key *key, uint8_t *key_data, int vb2_copy_packed_key(struct vb2_packed_key *dest, const struct vb2_packed_key *src); -/* Read a public key from a .vbpubk file. Caller owns the returned - * pointer, and must free it with Free(). +/** + * Read a packed key from a .vbpubk file. + * + * @param filename Name of file to read + * @param algorithm Crypto algorithm to associate with key + * @param version Version to store in key * - * Returns NULL if error. */ -VbPublicKey* PublicKeyRead(const char* filename); + * @return The packed key, or NULL if error. Caller must free() it. + */ struct vb2_packed_key *vb2_read_packed_key(const char *filename); -/* Return true if the packed (public) key struct appears correct. */ +/** + * Sanity-check a packed key structure. + * + * @param key Key to check + * @param size Size of key buffer in bytes + * + * @return True if the key struct appears valid. + */ int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size); -/* Read a public key from a .keyb file. Caller owns the returned - * pointer, and must free it with Free(). +/** + * Read a packed key from a .keyb file. * - * Returns NULL if error. */ -VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm, - uint64_t version); - - -/* Write a public key to a file in .vbpubk format. */ -int PublicKeyWrite(const char* filename, const VbPublicKey* key); + * @param filename Name of file to read + * @param algorithm Crypto algorithm to associate with key + * @param version Version to store in key + * + * @return The packed key, or NULL if error. Caller must free() it. + */ +struct vb2_packed_key *vb2_read_packed_keyb(const char *filename, + uint32_t algorithm, + uint32_t version); +/** + * Write a packed key in .vbpubk format. + * + * @param filename Name of file to write + * @param key Key to write + * + * @return VB2_SUCCESS, or non-zero if error. + */ +int vb2_write_packed_key(const char *filename, + const struct vb2_packed_key *key); #endif /* VBOOT_REFERENCE_HOST_KEY_H_ */ diff --git a/host/lib/include/util_misc.h b/host/lib/include/util_misc.h index b6372db1..cd26b30a 100644 --- a/host/lib/include/util_misc.h +++ b/host/lib/include/util_misc.h @@ -42,8 +42,8 @@ const char *private_key_sha1_string(const struct vb2_private_key *key); /* * Our packed RSBPublicKey buffer (historically in files ending with ".keyb", - * but also the part of VbPublicKey and struct vb21_packed_key that is - * referenced by .key_offset) has this binary format: + * but also the part of struct vb2_packed_key and struct vb21_packed_key that + * is referenced by .key_offset) has this binary format: * * struct { * uint32_t nwords; // size of RSA key in 32-bit words diff --git a/host/linktest/main.c b/host/linktest/main.c index b98e8755..af125151 100644 --- a/host/linktest/main.c +++ b/host/linktest/main.c @@ -15,12 +15,6 @@ int main(void) { - /* host_key.h */ - PublicKeyAlloc(0, 0, 0); - PublicKeyRead(0); - PublicKeyReadKeyb(0, 0, 0); - PublicKeyWrite(0, 0); - /* host_misc.h */ ReadFile(0, 0); WriteFile(0, 0, 0); |