diff options
author | Nicolas Boichat <drinkcat@google.com> | 2017-02-07 11:40:59 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-02-18 00:39:28 -0800 |
commit | 83bd850f3fd45648bb811f6080efac396c8a2062 (patch) | |
tree | 3e22a3c7755002b5dbe55eb0ce951afc4ab24899 /host | |
parent | 94bd5c5069e6ca0c99754f39152bd4e059968904 (diff) | |
download | vboot-83bd850f3fd45648bb811f6080efac396c8a2062.tar.gz |
vboot_reference: Add support for 2048-bit exponent 3 keysstabilize-9313.Bfirmware-cr50-release-9308.25.Bfirmware-cr50-mp-release-9308.87.Bfirmware-cr50-mp-r86-9311.70.Bfirmware-cr50-mp-9311.Bfirmware-cr50-guc-factory-9308.26.Bfirmware-cr50-9308.Bfirmware-cr50-9308.24.B
This also adds the required tests (keys, testcases).
BRANCH=none
BUG=chromium:684354
TEST=make runtests
Change-Id: I5e148f8792ea325f813d76089271f3c4bcc2935d
Reviewed-on: https://chromium-review.googlesource.com/438951
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'host')
-rw-r--r-- | host/lib21/host_key.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c index ecb7328b..be36df71 100644 --- a/host/lib21/host_key.c +++ b/host/lib21/host_key.c @@ -23,6 +23,7 @@ const struct vb2_text_vs_enum vb2_text_vs_sig[] = { {"RSA2048", VB2_SIG_RSA2048}, {"RSA4096", VB2_SIG_RSA4096}, {"RSA8192", VB2_SIG_RSA8192}, + {"RSA2048EXP3", VB2_SIG_RSA2048_EXP3}, {0, 0} }; @@ -403,7 +404,10 @@ int vb2_public_key_read_keyb(struct vb2_public_key **key_ptr, if (vb2_read_file(filename, &key_data, &key_size)) return VB2_ERROR_READ_KEYB_DATA; - /* Guess the signature algorithm from the key size */ + /* Guess the signature algorithm from the key size + * Note: This only considers exponent F4 keys, as there is no way to + * distinguish between exp 3 and F4 based on size. Vboot API 2.1 is + * required to make proper use of exp 3 keys. */ for (sig_alg = VB2_SIG_RSA1024; sig_alg <= VB2_SIG_RSA8192; sig_alg++) { if (key_size == vb2_packed_key_size(sig_alg)) break; @@ -560,17 +564,27 @@ int vb2_public_key_hash(struct vb2_public_key *key, enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa) { + int exp = BN_get_word(rsa->e); int bits = BN_num_bits(rsa->n); - switch (bits) { - case 1024: - return VB2_SIG_RSA1024; - case 2048: - return VB2_SIG_RSA2048; - case 4096: - return VB2_SIG_RSA4096; - case 8192: - return VB2_SIG_RSA8192; + switch (exp) { + case RSA_3: + switch (bits) { + case 2048: + return VB2_SIG_RSA2048_EXP3; + } + break; + case RSA_F4: + switch (bits) { + case 1024: + return VB2_SIG_RSA1024; + case 2048: + return VB2_SIG_RSA2048; + case 4096: + return VB2_SIG_RSA4096; + case 8192: + return VB2_SIG_RSA8192; + } } /* no clue */ |