diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-10-18 12:00:07 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2016-11-06 02:33:02 +0000 |
commit | 46a382d6136f2fd206fd8c95180dbb816c9ad5ce (patch) | |
tree | d97739fd8373f7b3a0844fc5dc854caa9919aae3 /host | |
parent | a03a164a76a97f3f6a60ddf18c466b38f8a77400 (diff) | |
download | vboot-46a382d6136f2fd206fd8c95180dbb816c9ad5ce.tar.gz |
vboot: Remove vboot1 cryptolib padding source
The old vboot1 cryptolib hard-coded many of its padding arrays in a
padding.c file. Use the equivalent vboot2 apis instead.
This change is almost exclusively on the host and test side; the only
firmware impact is on a single line of debug output.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge
Change-Id: If689ffd92f0255847bea2424950da4547b2c0df3
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400902
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'host')
-rw-r--r-- | host/lib/include/host_common.h | 1 | ||||
-rw-r--r-- | host/lib/include/signature_digest.h | 2 | ||||
-rw-r--r-- | host/lib/signature_digest.c | 41 | ||||
-rw-r--r-- | host/lib21/host_key.c | 24 | ||||
-rw-r--r-- | host/lib21/include/host_key2.h | 8 |
5 files changed, 67 insertions, 9 deletions
diff --git a/host/lib/include/host_common.h b/host/lib/include/host_common.h index 84536634..8c14942e 100644 --- a/host/lib/include/host_common.h +++ b/host/lib/include/host_common.h @@ -16,6 +16,7 @@ #include "cryptolib.h" #include "host_key.h" +#include "host_key2.h" #include "host_keyblock.h" #include "host_misc.h" #include "host_signature.h" diff --git a/host/lib/include/signature_digest.h b/host/lib/include/signature_digest.h index 40c27036..936591a8 100644 --- a/host/lib/include/signature_digest.h +++ b/host/lib/include/signature_digest.h @@ -11,7 +11,7 @@ /* Returns a buffer with DigestInfo (which depends on [algorithm]) * prepended to [digest]. */ -uint8_t* PrependDigestInfo(unsigned int algorithm, uint8_t* digest); +uint8_t* PrependDigestInfo(enum vb2_hash_algorithm hash_alg, uint8_t* digest); /* Function that outputs the message digest of the contents of a buffer in a * format that can be used as input to OpenSSL for an RSA signature. diff --git a/host/lib/signature_digest.c b/host/lib/signature_digest.c index e90a56ed..2050d4a4 100644 --- a/host/lib/signature_digest.c +++ b/host/lib/signature_digest.c @@ -12,16 +12,23 @@ #include "2sysincludes.h" #include "2common.h" +#include "2rsa.h" #include "2sha.h" #include "cryptolib.h" #include "host_common.h" +#include "host_signature2.h" #include "signature_digest.h" -uint8_t* PrependDigestInfo(unsigned int algorithm, uint8_t* digest) +uint8_t* PrependDigestInfo(enum vb2_hash_algorithm hash_alg, uint8_t* digest) { - const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm)); - const int digestinfo_size = digestinfo_size_map[algorithm]; - const uint8_t* digestinfo = hash_digestinfo_map[algorithm]; + const int digest_size = vb2_digest_size(hash_alg); + uint32_t digestinfo_size = 0; + const uint8_t* digestinfo = NULL; + + if (VB2_SUCCESS != vb2_digest_info(hash_alg, &digestinfo, + &digestinfo_size)) + return NULL; + uint8_t* p = malloc(digestinfo_size + digest_size); memcpy(p, digestinfo, digestinfo_size); memcpy(p + digestinfo_size, digest, digest_size); @@ -35,7 +42,7 @@ uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len, uint8_t digest[VB2_SHA512_DIGEST_SIZE]; /* Longest digest */ - if (algorithm >= kNumAlgorithms) { + if (algorithm >= VB2_ALG_COUNT) { VBDEBUG(("SignatureDigest() called with invalid algorithm!\n")); } else if (VB2_SUCCESS == vb2_digest_buffer(buf, len, vb2_crypto_to_hash(algorithm), @@ -48,12 +55,29 @@ uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len, uint8_t* SignatureBuf(const uint8_t* buf, uint64_t len, const char* key_file, unsigned int algorithm) { + const enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(algorithm); FILE* key_fp = NULL; RSA* key = NULL; uint8_t* signature = NULL; uint8_t* signature_digest = SignatureDigest(buf, len, algorithm); - const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm)); - int signature_digest_len = digest_size + digestinfo_size_map[algorithm]; + if (!signature_digest) { + VBDEBUG(("SignatureBuf(): Couldn't get signature digest\n")); + return NULL; + } + + const int digest_size = vb2_digest_size(hash_alg); + + uint32_t digestinfo_size = 0; + const uint8_t* digestinfo = NULL; + if (VB2_SUCCESS != vb2_digest_info(hash_alg, &digestinfo, + &digestinfo_size)) { + VBDEBUG(("SignatureBuf(): Couldn't get digest info\n")); + free(signature_digest); + return NULL; + } + + int signature_digest_len = digest_size + digestinfo_size; + key_fp = fopen(key_file, "r"); if (!key_fp) { VBDEBUG(("SignatureBuf(): Couldn't open key file: %s\n", @@ -62,7 +86,8 @@ uint8_t* SignatureBuf(const uint8_t* buf, uint64_t len, const char* key_file, return NULL; } if ((key = PEM_read_RSAPrivateKey(key_fp, NULL, NULL, NULL))) - signature = (uint8_t*) malloc(siglen_map[algorithm]); + signature = (uint8_t *)malloc( + vb2_rsa_sig_size(vb2_crypto_to_signature(algorithm))); else VBDEBUG(("SignatureBuf(): Couldn't read private key from: %s\n", key_file)); diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c index 2ebd08a1..ecb7328b 100644 --- a/host/lib21/host_key.c +++ b/host/lib21/host_key.c @@ -33,6 +33,22 @@ const struct vb2_text_vs_enum vb2_text_vs_hash[] = { {0, 0} }; +const struct vb2_text_vs_enum vb2_text_vs_crypto[] = { + {"RSA1024 SHA1", VB2_ALG_RSA1024_SHA1}, + {"RSA1024 SHA256", VB2_ALG_RSA1024_SHA256}, + {"RSA1024 SHA512", VB2_ALG_RSA1024_SHA512}, + {"RSA2048 SHA1", VB2_ALG_RSA2048_SHA1}, + {"RSA2048 SHA256", VB2_ALG_RSA2048_SHA256}, + {"RSA2048 SHA512", VB2_ALG_RSA2048_SHA512}, + {"RSA4096 SHA1", VB2_ALG_RSA4096_SHA1}, + {"RSA4096 SHA256", VB2_ALG_RSA4096_SHA256}, + {"RSA4096 SHA512", VB2_ALG_RSA4096_SHA512}, + {"RSA8192 SHA1", VB2_ALG_RSA8192_SHA1}, + {"RSA8192 SHA256", VB2_ALG_RSA8192_SHA256}, + {"RSA8192 SHA512", VB2_ALG_RSA8192_SHA512}, + {0, 0} +}; + const struct vb2_text_vs_enum *vb2_lookup_by_num( const struct vb2_text_vs_enum *table, const unsigned int num) @@ -61,6 +77,14 @@ const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg) return entry ? entry->name : VB2_INVALID_ALG_NAME; } +const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg) +{ + const struct vb2_text_vs_enum *entry = + vb2_lookup_by_num(vb2_text_vs_crypto, alg); + + return entry ? entry->name : VB2_INVALID_ALG_NAME; +} + void vb2_private_key_free(struct vb2_private_key *key) { if (!key) diff --git a/host/lib21/include/host_key2.h b/host/lib21/include/host_key2.h index 5a2ec0ad..f786ec9f 100644 --- a/host/lib21/include/host_key2.h +++ b/host/lib21/include/host_key2.h @@ -67,6 +67,14 @@ extern const struct vb2_text_vs_enum vb2_text_vs_hash[]; const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg); /** + * Return the name of a crypto algorithm. + * + * @param alg Crypto algorithm to look up + * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. + */ +const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg); + +/** * Free a private key. * * @param key Key containing internal data to free. |