vboot2: Add host lib function to create a vb2-style keyblock

Also add vb2_common_desc() helper function to return the description
for an object starting with a common struct header.

And use the new host lib function to create the keyblock for verifying
the firmware lib.

Add tests for everything new.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: I1fadb3e249e771a692cc69b23620c6ddd46a48ac
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/231721
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

2 files changed, 112 insertions, 0 deletions

diff --git a/host/lib/host_keyblock2.c b/host/lib/host_keyblock2.c
new file mode 100644
index 00000000..9394cf6a
--- /dev/null
+++ b/host/lib/host_keyblock2.c
@@ -0,0 +1,76 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Host functions for keyblocks
+ */
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "host_common.h"
+#include "host_key2.h"
+#include "host_keyblock2.h"
+#include "host_misc.h"
+#include "host_signature2.h"
+
+int vb2_keyblock_create(struct vb2_keyblock2 **kb_ptr,
+			const struct vb2_public_key *data_key,
+			const struct vb2_private_key **signing_keys,
+			uint32_t signing_key_count,
+			uint32_t flags,
+			const char *desc)
+{
+	struct vb2_keyblock2 kb = {
+		.c.magic = VB2_MAGIC_KEYBLOCK2,
+		.c.struct_version_major = VB2_KEYBLOCK2_VERSION_MAJOR,
+		.c.struct_version_minor = VB2_KEYBLOCK2_VERSION_MAJOR,
+		.c.fixed_size = sizeof(kb),
+		.flags = flags,
+		.sig_count = signing_key_count,
+	};
+
+	struct vb2_packed_key2 *key = NULL;
+	uint32_t sig_size;
+	uint8_t *buf;
+
+	*kb_ptr = NULL;
+
+	/* Determine component sizes */
+	if (!desc)
+		desc = data_key->desc;
+	kb.c.desc_size = vb2_desc_size(desc);
+	kb.key_offset = kb.c.fixed_size + kb.c.desc_size;
+
+	if (vb2_sig_size_for_keys(&sig_size, signing_keys, signing_key_count))
+		return VB2_KEYBLOCK_CREATE_SIG_SIZE;
+
+	if (vb2_public_key_pack(&key, data_key))
+		return VB2_KEYBLOCK_CREATE_DATA_KEY;
+
+	kb.sig_offset = kb.key_offset + key->c.total_size;
+	kb.c.total_size = kb.sig_offset + sig_size;
+
+	/* Allocate buffer and copy header and data key */
+	buf = malloc(kb.c.total_size);
+	if (!buf) {
+		free(key);
+		return VB2_KEYBLOCK_CREATE_ALLOC;
+	}
+
+	memcpy(buf, &kb, sizeof(kb));
+	if (kb.c.desc_size)
+		strcpy((char *)buf + kb.c.fixed_size, desc);
+	memcpy(buf + kb.key_offset, key, key->c.total_size);
+	free(key);
+
+	/* Sign the keyblock */
+	if (vb2_sign_object_multiple(buf, kb.sig_offset, signing_keys,
+				     signing_key_count)) {
+		free(buf);
+		return VB2_KEYBLOCK_CREATE_SIGN;
+	}
+
+	*kb_ptr = (struct vb2_keyblock2 *)buf;
+	return VB2_SUCCESS;
+}
diff --git a/host/lib/include/host_keyblock2.h b/host/lib/include/host_keyblock2.h
new file mode 100644
index 00000000..5b05ab1f
--- /dev/null
+++ b/host/lib/include/host_keyblock2.h
@@ -0,0 +1,36 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Host-side functions for verified boot key structures
+ */
+
+#ifndef VBOOT_REFERENCE_HOST_KEYBLOCK2_H_
+#define VBOOT_REFERENCE_HOST_KEYBLOCK2_H_
+
+#include "2struct.h"
+
+struct vb2_private_key;
+struct vb2_public_key;
+
+/**
+ * Create and sign a keyblock.
+ *
+ * @param kb_ptr	On success, points to a newly allocated keyblock buffer.
+ *			Caller is responsible for calling free() on this.
+ * @param data_key	Data key to contain inside keyblock.
+ * @param signing_keys	List of keys to sign the keyblock with.
+ * @param signing_key_count	Number of keys in signing_keys.
+ * @param flags		Flags for keyblock.
+ * @param desc		Description for keyblock.  If NULL, description will be
+ *			taken from the data key.
+ * @return VB2_SUCCESS, or non-zero error code if failure.
+ */
+int vb2_keyblock_create(struct vb2_keyblock2 **kb_ptr,
+			const struct vb2_public_key *data_key,
+			const struct vb2_private_key **signing_keys,
+			uint32_t signing_key_count,
+			uint32_t flags,
+			const char *desc);
+
+#endif  /* VBOOT_REFERENCE_HOST_KEYBLOCK2_H_ */