Create vbutil_ec tool for signing EC firmware.

This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).

BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual

  make
  make runtests

Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

4 files changed, 93 insertions, 0 deletions

diff --git a/host/include/host_common.h b/host/include/host_common.h
index 5d206301..6fa8b3e3 100644
--- a/host/include/host_common.h
+++ b/host/include/host_common.h
@@ -22,6 +22,18 @@
 #include "vboot_struct.h"
 
 
+/* Creates an EC preamble, signed with [signing_key].
+ * Caller owns the returned pointer, and must free it with Free().
+ *
+ * Returns NULL if error. */
+VbECPreambleHeader* CreateECPreamble(
+    uint64_t firmware_version,
+    const VbSignature* body_signature,
+    const VbPrivateKey* signing_key,
+    uint32_t flags,
+    const char* name);
+
+
 /* Creates a firmware preamble, signed with [signing_key].
  * Caller owns the returned pointer, and must free it with Free().
  *
diff --git a/host/include/host_signature.h b/host/include/host_signature.h
index f08547c8..fb03c6c5 100644
--- a/host/include/host_signature.h
+++ b/host/include/host_signature.h
@@ -36,6 +36,13 @@ int SignatureCopy(VbSignature* dest, const VbSignature* src);
 VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size);
 
 
+/* Calculates a hash of the data using the algorithm from the specified key.
+ * Caller owns the returned pointer, and must free it with Free().
+ *
+ * Returns NULL on error. */
+VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
+                           const VbPrivateKey* key);
+
 /* Calculates a signature for the data using the specified key.
  * Caller owns the returned pointer, and must free it with Free().
  *
diff --git a/host/lib/host_common.c b/host/lib/host_common.c
index cb513922..3aceddd6 100644
--- a/host/lib/host_common.c
+++ b/host/lib/host_common.c
@@ -6,6 +6,7 @@
  */
 
 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */
+#include <string.h>
 
 #include "host_common.h"
 
@@ -13,6 +14,53 @@
 #include "utility.h"
 #include "vboot_common.h"
 
+VbECPreambleHeader* CreateECPreamble(
+    uint64_t firmware_version,
+    const VbSignature* body_digest,
+    const VbPrivateKey* signing_key,
+    uint32_t flags,
+    const char* name) {
+
+  VbECPreambleHeader* h;
+  uint64_t signed_size = (sizeof(VbECPreambleHeader) + body_digest->sig_size);
+  uint64_t block_size = signed_size + siglen_map[signing_key->algorithm];
+  uint8_t* body_digest_dest;
+  uint8_t* block_sig_dest;
+  VbSignature *sigtmp;
+
+  /* Allocate key block */
+  h = (VbECPreambleHeader*)malloc(block_size);
+  if (!h)
+    return NULL;
+  Memset(h, 0, block_size);
+  body_digest_dest = (uint8_t*)(h + 1);
+  block_sig_dest = body_digest_dest + body_digest->sig_size;
+
+  h->header_version_major = EC_PREAMBLE_HEADER_VERSION_MAJOR;
+  h->header_version_minor = EC_PREAMBLE_HEADER_VERSION_MINOR;
+  h->preamble_size = block_size;
+  h->firmware_version = firmware_version;
+  h->flags = flags;
+  if (name)
+    strncpy(h->name, name, sizeof(h->name));
+
+  /* Copy body hash */
+  SignatureInit(&h->body_digest, body_digest_dest,
+                body_digest->sig_size, 0);
+  SignatureCopy(&h->body_digest, body_digest);
+
+  /* Set up signature struct so we can calculate the signature */
+  SignatureInit(&h->preamble_signature, block_sig_dest,
+                siglen_map[signing_key->algorithm], signed_size);
+
+  /* Calculate signature */
+  sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key);
+  SignatureCopy(&h->preamble_signature, sigtmp);
+  free(sigtmp);
+
+  /* Return the header */
+  return h;
+}
 
 VbFirmwarePreambleHeader* CreateFirmwarePreamble(
     uint64_t firmware_version,
diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c
index 4dbac49a..0ebbca68 100644
--- a/host/lib/host_signature.c
+++ b/host/lib/host_signature.c
@@ -78,6 +78,32 @@ VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size) {
   return sig;
 }
 
+VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
+                           const VbPrivateKey* key) {
+  uint8_t* digest = NULL;
+  int digest_size = hash_size_map[key->algorithm];
+  VbSignature* sig = NULL;
+
+  /* Calculate the digest */
+  digest = DigestBuf(data, size, key->algorithm);
+  if (!digest)
+    return NULL;
+
+  /* Allocate output signature */
+  sig = SignatureAlloc(digest_size, size);
+  if (!sig) {
+    free(digest);
+    return NULL;
+  }
+
+  /* The digest itself is the signature data */
+  Memcpy(GetSignatureData(sig), digest, digest_size);
+  free(digest);
+
+  /* Return the signature */
+  return sig;
+}
+
 VbSignature* CalculateSignature(const uint8_t* data, uint64_t size,
                                 const VbPrivateKey* key) {