host,test: Remove unneeded vb1 rsa functions

Another in a continued stream of refactoring. This change removes more of the vb1 rsa library code and associated tests, in favor of their vb2 equivalents. This change touches only host-side code and its tests, not firmware. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: I1973bc2f03c60da62232e30bab0fa5fe791b6b34 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/400901
author: Randall Spangler <rspangler@chromium.org> 2016-10-14 15:37:25 -0700
committer: chrome-bot <chrome-bot@chromium.org> 2016-10-29 19:41:09 -0700
commit: 5a9f498182586f64865b51c874619d674f5d842c (patch)
tree: 79f69ff6aa363b6f53e010773f20f5f22771e06c /utility
parent: 13b109762a3bfec025a9bfcb3ead927d0291280e (diff)
download: vboot-5a9f498182586f64865b51c874619d674f5d842c.tar.gz
4 files changed, 119 insertions, 96 deletions
diff --git a/utility/include/verify_data.h b/utility/include/verify_data.h
deleted file mode 100644
index 51b9fd6d..00000000
--- a/utility/include/verify_data.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#ifndef VBOOT_REFERENCE_VERIFY_DATA_H_
-#define VBOOT_REFERENCE_VERIFY_DATA_H_
-
-/* Reads a pre-processed key from [input_file] and
- * returns it in a RSAPublicKey structure.
- * Caller owns the returned key and must free it.
- */
-RSAPublicKey* read_RSAkey(char *input_file);
-
-/* Return a signature of [len] bytes read from [input_file].
- * Caller owns the returned signature and must free it.
- */
-uint8_t* read_signature(char *input_file, int len);
-
-#endif  /* VBOOT_REFERENCE_VERIFY_DATA_H_ */
diff --git a/utility/pad_digest_utility.c b/utility/pad_digest_utility.c
index 86d6694b..440cca3a 100644
--- a/utility/pad_digest_utility.c
+++ b/utility/pad_digest_utility.c
@@ -31,7 +31,7 @@ int main(int argc, char* argv[]) {
   int error_code = 0;
   uint8_t* digest = NULL;
   uint8_t* padded_digest = NULL;
-  uint64_t len;
+  uint32_t len;
   uint32_t padded_digest_len;
 
   if (argc != 3) {
@@ -44,8 +44,7 @@ int main(int argc, char* argv[]) {
     return -1;
   }
 
-  digest = BufferFromFile(argv[2], &len);
-  if (!digest) {
+  if (VB2_SUCCESS != vb2_read_file(argv[2], &digest, &len)) {
     fprintf(stderr, "Could not read file: %s\n", argv[2]);
     return -1;
   }
diff --git a/utility/signature_digest_utility.c b/utility/signature_digest_utility.c
index 781f9ff6..0ed1a99d 100644
--- a/utility/signature_digest_utility.c
+++ b/utility/signature_digest_utility.c
@@ -11,6 +11,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+#include "2sysincludes.h"
+#include "2common.h"
+
 #include "file_keys.h"
 #include "host_common.h"
 #include "padding.h"
@@ -22,7 +25,7 @@ int main(int argc, char* argv[]) {
   int error_code = 0;
   uint8_t* buf = NULL;
   uint8_t* signature_digest = NULL;
-  uint64_t len;
+  uint32_t len;
   uint32_t signature_digest_len;
 
   if (argc != 3) {
@@ -35,8 +38,7 @@ int main(int argc, char* argv[]) {
     return -1;
   }
 
-  buf = BufferFromFile(argv[2], &len);
-  if (!buf) {
+  if (VB2_SUCCESS != vb2_read_file(argv[2], &buf, &len)) {
     fprintf(stderr, "Could not read file: %s\n", argv[2]);
     return -1;
   }
diff --git a/utility/verify_data.c b/utility/verify_data.c
index ed4bcc16..d68f8909 100644
--- a/utility/verify_data.c
+++ b/utility/verify_data.c
@@ -15,88 +15,130 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#define _STUB_IMPLEMENTATION_  /* For malloc()/free() */
+
 #include "2sysincludes.h"
 
 #include "2common.h"
 #include "2sha.h"
+#include "2rsa.h"
 #include "cryptolib.h"
 #include "file_keys.h"
-#include "verify_data.h"
+#include "host_key.h"
+#include "host_misc.h"
+#include "vb2_common.h"
 
 /* ANSI Color coding sequences. */
 #define COL_GREEN "\e[1;32m"
 #define COL_RED "\e[0;31m"
 #define COL_STOP "\e[m"
 
-uint8_t* read_signature(char* input_file, int len) {
-  int i, sigfd;
-  uint8_t* signature = NULL;
-  if ((sigfd = open(input_file, O_RDONLY)) == -1) {
-    fprintf(stderr, "Couldn't open signature file\n");
-    return NULL;
-  }
-
-  /* Read the signature into a buffer*/
-  signature = (uint8_t*) malloc(len);
-  if (!signature) {
-    close(sigfd);
-    return NULL;
-  }
-
-  if( (i = read(sigfd, signature, len)) != len ) {
-    fprintf(stderr, "Wrong signature length - Expected = %d, Received = %d\n",
-            len, i);
-    close(sigfd);
-    free(signature);
-    return NULL;
-  }
-
-  close(sigfd);
-  return signature;
+uint8_t* read_signature(char* input_file, int len)
+{
+	int i, sigfd;
+	uint8_t* signature = NULL;
+	if ((sigfd = open(input_file, O_RDONLY)) == -1) {
+		fprintf(stderr, "Couldn't open signature file\n");
+		return NULL;
+	}
+
+	/* Read the signature into a buffer*/
+	signature = (uint8_t*) malloc(len);
+	if (!signature) {
+		close(sigfd);
+		return NULL;
+	}
+
+	if( (i = read(sigfd, signature, len)) != len ) {
+		fprintf(stderr, "Expected signature length %d, Received %d\n",
+			len, i);
+		close(sigfd);
+		free(signature);
+		return NULL;
+	}
+
+	close(sigfd);
+	return signature;
 }
 
-int main(int argc, char* argv[]) {
-  int i, algorithm, sig_len;
-  int return_code = 1;  /* Default to error. */
-  uint8_t digest[VB2_MAX_DIGEST_SIZE];
-  uint8_t* signature = NULL;
-  RSAPublicKey* key = NULL;
-
-  if (argc!=5) {
-    fprintf(stderr, "Usage: %s <algorithm> <key file> <signature file>"
-            " <input file>\n\n", argv[0]);
-    fprintf(stderr, "where <algorithm> depends on the signature algorithm"
-            " used:\n");
-    for(i = 0; i<kNumAlgorithms; i++)
-      fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]);
-    return -1;
-  }
-
-  algorithm = atoi(argv[1]);
-  if (algorithm >= kNumAlgorithms) {
-    fprintf(stderr, "Invalid Algorithm!\n");
-    return 0;
-  }
-  /* Length of the RSA Signature/RSA Key */
-  sig_len = siglen_map[algorithm];
-  if ((key = RSAPublicKeyFromFile(argv[2])) &&
-      (signature = read_signature(argv[3], sig_len)) &&
-      (VB2_SUCCESS == DigestFile(argv[4], vb2_crypto_to_hash(algorithm),
-				 digest, sizeof(digest)))) {
-    if (RSAVerify(key, signature, sig_len, algorithm, digest)) {
-      return_code = 0;
-      fprintf(stderr, "Signature Verification "
-              COL_GREEN "SUCCEEDED" COL_STOP "\n");
-    } else {
-      fprintf(stderr, "Signature Verification "
-              COL_RED "FAILED" COL_STOP "\n");
-    }
-  }
-  else
-    return_code = -1;
-
-  free(key);
-  free(signature);
-
-  return return_code;
+int main(int argc, char* argv[])
+{
+	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
+		 __attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
+	struct vb2_workbuf wb;
+	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
+
+	int return_code = 1;  /* Default to error. */
+	uint8_t digest[VB2_MAX_DIGEST_SIZE];
+	struct vb2_packed_key *pk = NULL;
+	uint8_t *signature = NULL;
+	uint32_t sig_len = 0;
+
+	if (argc != 5) {
+		int i;
+		fprintf(stderr,
+			"Usage: %s <algorithm> <key file> <signature file>"
+			" <input file>\n\n", argv[0]);
+		fprintf(stderr,
+			"where <algorithm> depends on the signature algorithm"
+			" used:\n");
+		for(i = 0; i < VB2_ALG_COUNT; i++)
+			fprintf(stderr, "\t%d for %s\n", i, algo_strings[i]);
+		return -1;
+	}
+
+	int algorithm = atoi(argv[1]);
+	if (algorithm >= kNumAlgorithms) {
+		fprintf(stderr, "Invalid algorithm %d\n", algorithm);
+		goto error;
+	}
+
+	pk = vb2_read_packed_keyb(argv[2], algorithm, 0);
+	if (!pk) {
+		fprintf(stderr, "Can't read RSA public key.\n");
+		goto error;
+	}
+
+	struct vb2_public_key k2;
+	if (VB2_SUCCESS != vb2_unpack_key(&k2, (const uint8_t *)pk,
+					  pk->key_offset + pk->key_size)) {
+		fprintf(stderr, "Can't unpack RSA public key.\n");
+		goto error;
+	}
+
+	if (VB2_SUCCESS != vb2_read_file(argv[3], &signature, &sig_len)) {
+		fprintf(stderr, "Can't read signature.\n");
+		goto error;
+	}
+
+	uint32_t expect_sig_size =
+			vb2_rsa_sig_size(vb2_crypto_to_signature(algorithm));
+	if (sig_len != expect_sig_size) {
+		fprintf(stderr, "Expected signature size %u, got %u\n",
+			expect_sig_size, sig_len);
+		goto error;
+	}
+
+	if (VB2_SUCCESS != DigestFile(argv[4], vb2_crypto_to_hash(algorithm),
+				       digest, sizeof(digest))) {
+		fprintf(stderr, "Error calculating digest.\n");
+		goto error;
+	}
+
+	if (VB2_SUCCESS == vb2_rsa_verify_digest(&k2, signature, digest, &wb)) {
+		return_code = 0;
+		fprintf(stderr, "Signature Verification "
+			COL_GREEN "SUCCEEDED" COL_STOP "\n");
+	} else {
+		fprintf(stderr, "Signature Verification "
+			COL_RED "FAILED" COL_STOP "\n");
+	}
+
+error:
+	if (pk)
+		free(pk);
+	if (signature)
+		free(signature);
+
+	return return_code;
 }
author	Randall Spangler <rspangler@chromium.org>	2016-10-14 15:37:25 -0700
committer	chrome-bot <chrome-bot@chromium.org>	2016-10-29 19:41:09 -0700
commit	5a9f498182586f64865b51c874619d674f5d842c (patch)
tree	79f69ff6aa363b6f53e010773f20f5f22771e06c /utility
parent	13b109762a3bfec025a9bfcb3ead927d0291280e (diff)
download	vboot-5a9f498182586f64865b51c874619d674f5d842c.tar.gz