vboot2: use hwcrypto for RSA when allowed

Add vb2ex_hwcrypto_rsa_verify support for RSA verification.
If firmware implements the function it will used instead of SW
implementation in vboot.

Also separate hwcrypto stubs to 2stub_hwcrypto.c for depthcharge and coreboot.
Depthcharge needs stubs but fails to compile 2stub.c

BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests
TEST=check hwcrypto is allowed/disallowed depending on nvmem flag

Change-Id: I85573e7cff31f32043db4b0a6b24b642856024e3
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2353775
Reviewed-by: Julius Werner <jwerner@chromium.org>

3 files changed, 127 insertions, 0 deletions

diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c
index 73fae538..fdab37e3 100644
--- a/tests/vb20_misc_tests.c
+++ b/tests/vb20_misc_tests.c
@@ -76,6 +76,9 @@ static void reset_common_data(enum reset_type t)
 	vb2api_secdata_firmware_create(ctx);
 	vb2_secdata_firmware_init(ctx);
 
+	vb2api_secdata_kernel_create(ctx);
+	vb2_secdata_kernel_init(ctx);
+
 	mock_read_res_fail_on_call = 0;
 	mock_unpack_key_retval = VB2_SUCCESS;
 	mock_verify_keyblock_retval = VB2_SUCCESS;
@@ -156,10 +159,13 @@ vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key,
 	return mock_unpack_key_retval;
 }
 
+static struct vb2_public_key last_used_key;
+
 vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size,
 				const struct vb2_public_key *key,
 				const struct vb2_workbuf *wb)
 {
+	memcpy(&last_used_key, key, sizeof(struct vb2_public_key));
 	return mock_verify_keyblock_retval;
 }
 
@@ -168,6 +174,7 @@ vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
 				   const struct vb2_public_key *key,
 				   const struct vb2_workbuf *wb)
 {
+	memcpy(&last_used_key, key, sizeof(struct vb2_public_key));
 	return mock_verify_preamble_retval;
 }
 
@@ -208,6 +215,29 @@ static void verify_keyblock_tests(void)
 				sd->data_key_size),
 		"workbuf used after");
 
+	/* Test hwcrypto conditions */
+	reset_common_data(FOR_KEYBLOCK);
+
+	TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden by TPM flag");
+
+	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+	TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden by TPM flag on recovery mode");
+
+	vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
+			VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
+
+	TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden on recovery mode");
+
+	ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE;
+	TEST_SUCC(vb2_load_fw_keyblock(ctx), "keyblock verify");
+	TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
+
 	/* Test failures */
 	reset_common_data(FOR_KEYBLOCK);
 	sd->workbuf_used = sd->workbuf_size + VB2_WORKBUF_ALIGN -
@@ -298,6 +328,31 @@ static void verify_preamble_tests(void)
 				sd->preamble_size),
 		"workbuf used");
 
+	/* Test hwcrypto conditions */
+	reset_common_data(FOR_PREAMBLE);
+
+	TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden by TPM flag");
+
+	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+	TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden by TPM flag on recovery mode");
+
+	vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
+			VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
+
+	TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden on recovery mode");
+
+	ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE;
+	TEST_SUCC(vb2_load_fw_preamble(ctx), "preamble good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 1,
+		"hwcrypto is allowed");
+
+
 	/* Expected failures */
 	reset_common_data(FOR_PREAMBLE);
 	sd->data_key_size = 0;
diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c
index 3a32d4b7..c5e45097 100644
--- a/tests/vb2_api_tests.c
+++ b/tests/vb2_api_tests.c
@@ -81,6 +81,7 @@ static void reset_common_data(enum reset_type t)
 	vb2api_secdata_firmware_create(ctx);
 
 	vb2api_secdata_kernel_create(ctx);
+	vb2_secdata_kernel_init(ctx);
 
 	force_dev_mode = 0;
 	retval_vb2_fw_init_gbb = VB2_SUCCESS;
@@ -260,10 +261,13 @@ uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg)
 	return mock_sig_size;
 }
 
+static struct vb2_public_key last_used_key;
+
 vb2_error_t vb2_rsa_verify_digest(const struct vb2_public_key *key,
 				  uint8_t *sig, const uint8_t *digest,
 				  const struct vb2_workbuf *wb)
 {
+	memcpy(&last_used_key, key, sizeof(struct vb2_public_key));
 	return retval_vb2_verify_digest;
 }
 
@@ -736,6 +740,28 @@ static void check_hash_tests(void)
 	TEST_SUCC(memcmp(digest_result, &digest_value, sizeof(digest_value)),
 		"check digest value");
 
+	/* Test hwcrypto conditions */
+	reset_common_data(FOR_CHECK_HASH);
+	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden by TPM flag");
+
+	ctx->flags |= VB2_CONTEXT_RECOVERY_MODE;
+	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden by TPM flag on recovery mode");
+
+	vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_FLAGS,
+			VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED);
+
+	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 0,
+		"hwcrypto is forbidden on recovery mode");
+
+	ctx->flags &= ~VB2_CONTEXT_RECOVERY_MODE;
+	TEST_SUCC(vb2api_check_hash(ctx), "check hash good");
+	TEST_EQ(last_used_key.allow_hwcrypto, 1, "hwcrypto is allowed");
+
 	reset_common_data(FOR_CHECK_HASH);
 	TEST_EQ(vb2api_check_hash_get_digest(ctx, digest_result,
 			digest_result_size - 1),
diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c
index e8c96f78..89a560c4 100644
--- a/tests/vb2_common2_tests.c
+++ b/tests/vb2_common2_tests.c
@@ -20,6 +20,26 @@
 static const uint8_t test_data[] = "This is some test data to sign.";
 static const uint32_t test_size = sizeof(test_data);
 
+static enum {
+	HWCRYPTO_OK,
+	HWCRYPTO_NOTSUPPORTED,
+	HWCRYPTO_ERROR,
+} hwcrypto_state;
+
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig, const uint8_t *digest)
+{
+	switch (hwcrypto_state) {
+		case HWCRYPTO_OK:
+			return VB2_SUCCESS;
+		case HWCRYPTO_NOTSUPPORTED:
+			return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+		case HWCRYPTO_ERROR:
+			return VB2_ERROR_RSA_VERIFY_DIGEST;
+	}
+}
+
+
 static void test_unpack_key(const struct vb2_packed_key *key1)
 {
 	struct vb2_public_key pubk;
@@ -133,6 +153,32 @@ static void test_verify_data(const struct vb2_packed_key *key1,
 	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
 		 0, "vb2_verify_data() wrong sig");
 
+	pubk.allow_hwcrypto = 1;
+
+	hwcrypto_state = HWCRYPTO_OK;
+	memcpy(sig2, sig, sig_total_size);
+	vb2_signature_data_mutable(sig2)[0] ^= 0x5A;
+	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto ok");
+
+	hwcrypto_state = HWCRYPTO_ERROR;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto error");
+
+	hwcrypto_state = HWCRYPTO_NOTSUPPORTED;
+	memcpy(sig2, sig, sig_total_size);
+	TEST_EQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback ok");
+
+	memcpy(sig2, sig, sig_total_size);
+	sig2->sig_size -= 16;
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &pubk, &wb),
+		0, "vb2_verify_data() hwcrypto fallback error");
+
+	pubk.allow_hwcrypto = 0;
+
+
 	free(sig2);
 }