vboot: Upgrade VerifyFirmwarePreamble() to vboot2.0

This replaces all calls to vboot1 VerifyFirmwarePreamble() with
equivalent vb2.0 functions.  No effect on ToT firmware, which already
uses the vboot2.0 functions.

BUG=chromium:611535
BRANCH=none
TEST=make runtests

Change-Id: I5c84e9ed0e0c75e2ea8dbd9bfcde0597bc457f24
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/349322
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>

4 files changed, 62 insertions, 44 deletions

diff --git a/host/lib/host_key.c b/host/lib/host_key.c
index fed579a2..e594b2cd 100644
--- a/host/lib/host_key.c
+++ b/host/lib/host_key.c
@@ -17,6 +17,7 @@
 #include "host_common.h"
 #include "host_key.h"
 #include "host_misc.h"
+#include "vb2_common.h"
 #include "vboot_common.h"
 
 
@@ -196,50 +197,50 @@ VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,
   return key;
 }
 
-
-int PublicKeyLooksOkay(VbPublicKey *key, uint64_t file_size)
+int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size)
 {
-  uint64_t key_size;
-
-  /* Sanity-check key data */
-  if (0 != VerifyPublicKeyInside(key, file_size, key)) {
-    VBDEBUG(("PublicKeyRead() not a VbPublicKey\n"));
-    return 0;
-  }
-  if (key->algorithm >= kNumAlgorithms) {
-    VBDEBUG(("PublicKeyRead() invalid algorithm\n"));
-    return 0;
-  }
-  if (key->key_version > 0xFFFF) {
-    VBDEBUG(("PublicKeyRead() invalid version\n"));
-    return 0;  /* Currently, TPM only supports 16-bit version */
-  }
-  if (!RSAProcessedKeySize(key->algorithm, &key_size) ||
-      key_size != key->key_size) {
-    VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n"));
-    return 0;
-  }
-
-  /* Success */
-  return 1;
+	uint64_t key_size;
+
+	if (size < sizeof(*key))
+		return 0;
+
+	/* Sanity-check key data */
+	if (0 != VerifyPublicKeyInside(key, size, (VbPublicKey *)key)) {
+		VBDEBUG(("PublicKeyRead() not a VbPublicKey\n"));
+		return 0;
+	}
+	if (key->algorithm >= kNumAlgorithms) {
+		VBDEBUG(("PublicKeyRead() invalid algorithm\n"));
+		return 0;
+	}
+	if (key->key_version > 0xFFFF) {
+		VBDEBUG(("PublicKeyRead() invalid version\n"));
+		return 0;  /* Currently, TPM only supports 16-bit version */
+	}
+	if (!RSAProcessedKeySize(key->algorithm, &key_size) ||
+	    key_size != key->key_size) {
+		VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n"));
+		return 0;
+	}
+
+	/* Success */
+	return 1;
 }
 
-
-
 VbPublicKey* PublicKeyRead(const char* filename) {
-  VbPublicKey* key;
-  uint64_t file_size;
+	struct vb2_packed_key *key;
+	uint64_t file_size;
 
-  key = (VbPublicKey*)ReadFile(filename, &file_size);
-  if (!key)
-    return NULL;
+	key = (struct vb2_packed_key *)ReadFile(filename, &file_size);
+	if (!key)
+		return NULL;
 
-  if (PublicKeyLooksOkay(key, file_size))
-      return key;
+	if (packed_key_looks_ok(key, file_size))
+		return (VbPublicKey *)key;
 
-  /* Error */
-  free(key);
-  return NULL;
+	/* Error */
+	free(key);
+	return NULL;
 }
 
 int PublicKeyWrite(const char* filename, const VbPublicKey* key) {
diff --git a/host/lib/include/host_key.h b/host/lib/include/host_key.h
index 9f98ccc3..cdfc81bd 100644
--- a/host/lib/include/host_key.h
+++ b/host/lib/include/host_key.h
@@ -11,6 +11,7 @@
 #include "cryptolib.h"
 #include "vboot_struct.h"
 
+struct vb2_packed_key;
 
 typedef struct rsa_st RSA;
 
@@ -51,8 +52,8 @@ VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm,
  * Returns NULL if error. */
 VbPublicKey* PublicKeyRead(const char* filename);
 
-/* Return true if the public key struct appears correct. */
-int PublicKeyLooksOkay(VbPublicKey *key, uint64_t file_size);
+/* Return true if the packed (public) key struct appears correct. */
+int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size);
 
 /* Read a public key from a .keyb file.  Caller owns the returned
  * pointer, and must free it with Free().
diff --git a/host/lib/include/util_misc.h b/host/lib/include/util_misc.h
index f5db22b9..648f2da8 100644
--- a/host/lib/include/util_misc.h
+++ b/host/lib/include/util_misc.h
@@ -11,9 +11,20 @@
 #include "host_key.h"
 #include "vboot_struct.h"
 struct rsa_st;
+struct vb2_packed_key;
 
-/* Prints the sha1sum of a VbPublicKey to stdout. */
-void PrintPubKeySha1Sum(VbPublicKey *key);
+/**
+ * Returns the SHA1 digest of the packed key data as a string.
+ *
+ * The returned string is a global static buffer, so each call to this
+ * overwrites the previous digest string.  So don't call this more than once
+ * per printf().
+ *
+ * @param key		Key to print digest for
+ *
+ * @return A string containing the SHA1 digest.
+ */
+const char *packed_key_sha1_string(const struct vb2_packed_key *key);
 
 /* Prints the sha1sum of a VbPrivateKey to stdout. */
 void PrintPrivKeySha1Sum(VbPrivateKey *key);
diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c
index dbcdc6e1..2b0f91c8 100644
--- a/host/lib/util_misc.c
+++ b/host/lib/util_misc.c
@@ -20,19 +20,24 @@
 #include "cryptolib.h"
 #include "host_common.h"
 #include "util_misc.h"
+#include "vb2_common.h"
 #include "vboot_common.h"
 
-void PrintPubKeySha1Sum(VbPublicKey *key)
+const char *packed_key_sha1_string(const struct vb2_packed_key *key)
 {
 	uint8_t *buf = ((uint8_t *)key) + key->key_offset;
-	uint64_t buflen = key->key_size;
+	uint32_t buflen = key->key_size;
 	uint8_t digest[VB2_SHA1_DIGEST_SIZE];
+	static char dest[VB2_SHA1_DIGEST_SIZE * 2 + 1];
+	char *dnext = dest;
 
 	vb2_digest_buffer(buf, buflen, VB2_HASH_SHA1, digest, sizeof(digest));
 
 	int i;
 	for (i = 0; i < sizeof(digest); i++)
-		printf("%02x", digest[i]);
+		dnext += sprintf(dnext, "%02x", digest[i]);
+
+	return dest;
 }
 
 void PrintPrivKeySha1Sum(VbPrivateKey *key)