9 files changed, 166 insertions, 107 deletions

diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c
index 0da3a611..f1707969 100644
--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -192,12 +192,12 @@ int vb2_unpack_key(struct vb2_public_key *key,
 	if (rv)
 		return rv;
 
-	/* Check key algorithm */
-	if (packed_key->algorithm >= VB2_ALG_COUNT) {
-		VB2_DEBUG("Invalid algorithm.\n");
-		return VB2_ERROR_UNPACK_KEY_ALGORITHM;
+	/* Unpack key algorithm */
+	key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm);
+	if (key->sig_alg == VB2_SIG_INVALID) {
+		VB2_DEBUG("Unsupported signature algorithm.\n");
+		return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM;
 	}
-	key->algorithm = packed_key->algorithm;
 
 	key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm);
 	if (key->hash_alg == VB2_HASH_INVALID) {
@@ -205,7 +205,7 @@ int vb2_unpack_key(struct vb2_public_key *key,
 		return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM;
 	}
 
-	expected_key_size = vb2_packed_key_size(packed_key->algorithm);
+	expected_key_size = vb2_packed_key_size(key->sig_alg);
 	if (!expected_key_size || expected_key_size != packed_key->key_size) {
 		VB2_DEBUG("Wrong key size for algorithm\n");
 		return VB2_ERROR_UNPACK_KEY_SIZE;
@@ -218,8 +218,7 @@ int vb2_unpack_key(struct vb2_public_key *key,
 
 	/* Sanity check key array size */
 	key->arrsize = buf32[0];
-	if (key->arrsize * sizeof(uint32_t) !=
-	    vb2_rsa_sig_size(packed_key->algorithm))
+	if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg))
 		return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE;
 
 	key->n0inv = buf32[1];
@@ -238,11 +237,11 @@ int vb2_verify_digest(const struct vb2_public_key *key,
 {
 	uint8_t *sig_data = vb2_signature_data(sig);
 
-	if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) {
+	if (sig->sig_size != vb2_rsa_sig_size(key->sig_alg)) {
 		VB2_DEBUG("Wrong data signature size for algorithm, "
 			  "sig_size=%d, expected %d for algorithm %d.\n",
-			  sig->sig_size, vb2_rsa_sig_size(key->algorithm),
-			  key->algorithm);
+			  sig->sig_size, vb2_rsa_sig_size(key->sig_alg),
+			  key->sig_alg);
 		return VB2_ERROR_VDATA_SIG_SIZE;
 	}
 
@@ -261,9 +260,6 @@ int vb2_verify_data(const uint8_t *data,
 	uint32_t digest_size;
 	int rv;
 
-	if (key->algorithm >= VB2_ALG_COUNT)
-		return VB2_ERROR_VDATA_ALGORITHM;
-
 	if (sig->data_size > size) {
 		VB2_DEBUG("Data buffer smaller than length of signed data.\n");
 		return VB2_ERROR_VDATA_NOT_ENOUGH_DATA;
diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index 15951c5d..37c5cf51 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -139,33 +139,58 @@ static void modpowF4(const struct vb2_public_key *key, uint8_t *inout,
 	}
 }
 
-uint32_t vb2_rsa_sig_size(uint32_t algorithm)
+
+static const uint8_t crypto_to_sig[] = {
+	VB2_SIG_RSA1024,
+	VB2_SIG_RSA1024,
+	VB2_SIG_RSA1024,
+	VB2_SIG_RSA2048,
+	VB2_SIG_RSA2048,
+	VB2_SIG_RSA2048,
+	VB2_SIG_RSA4096,
+	VB2_SIG_RSA4096,
+	VB2_SIG_RSA4096,
+	VB2_SIG_RSA8192,
+	VB2_SIG_RSA8192,
+	VB2_SIG_RSA8192,
+};
+
+/**
+ * Convert vb2_crypto_algorithm to vb2_signature_algorithm.
+ *
+ * @param algorithm	Crypto algorithm (vb2_crypto_algorithm)
+ *
+ * @return The signature algorithm for that crypto algorithm, or
+ * VB2_SIG_INVALID if the crypto algorithm or its corresponding signature
+ * algorithm is invalid or not supported.
+ */
+enum vb2_signature_algorithm vb2_crypto_to_signature(uint32_t algorithm)
+{
+	if (algorithm < ARRAY_SIZE(crypto_to_sig))
+		return crypto_to_sig[algorithm];
+	else
+		return VB2_SIG_INVALID;
+}
+
+uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg)
 {
-	switch (algorithm) {
-	case VB2_ALG_RSA1024_SHA1:
-	case VB2_ALG_RSA1024_SHA256:
-	case VB2_ALG_RSA1024_SHA512:
+	switch (sig_alg) {
+	case VB2_SIG_RSA1024:
 		return 1024 / 8;
-	case VB2_ALG_RSA2048_SHA1:
-	case VB2_ALG_RSA2048_SHA256:
-	case VB2_ALG_RSA2048_SHA512:
+	case VB2_SIG_RSA2048:
 		return 2048 / 8;
-	case VB2_ALG_RSA4096_SHA1:
-	case VB2_ALG_RSA4096_SHA256:
-	case VB2_ALG_RSA4096_SHA512:
+	case VB2_SIG_RSA4096:
 		return 4096 / 8;
-	case VB2_ALG_RSA8192_SHA1:
-	case VB2_ALG_RSA8192_SHA256:
-	case VB2_ALG_RSA8192_SHA512:
+	case VB2_SIG_RSA8192:
 		return 8192 / 8;
 	default:
 		return 0;
 	}
 }
 
-uint32_t vb2_packed_key_size(uint32_t algorithm)
+uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg)
 {
-	uint32_t sig_size = vb2_rsa_sig_size(algorithm);
+	uint32_t sig_size = vb2_rsa_sig_size(sig_alg);
 
 	if (!sig_size)
 		return 0;
@@ -215,26 +240,21 @@ static const uint8_t sha512_tail[] = {
 	0x05,0x00,0x04,0x40
 };
 
-/**
- * Check pkcs 1.5 padding bytes
- *
- * @param sig		Signature to verify
- * @param algorithm	Key algorithm
- * @return VB2_SUCCESS, or non-zero if error.
- */
-int vb2_check_padding(uint8_t *sig, int algorithm)
+int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key)
 {
 	/* Determine padding to use depending on the signature type */
-	uint32_t hash_alg = vb2_crypto_to_hash(algorithm);
-	uint32_t pad_size = vb2_rsa_sig_size(algorithm) -
-		vb2_digest_size(hash_alg);
+	uint32_t sig_size = vb2_rsa_sig_size(key->sig_alg);
+	uint32_t hash_size = vb2_digest_size(key->hash_alg);
+	uint32_t pad_size = sig_size - hash_size;
 	const uint8_t *tail;
 	uint32_t tail_size;
 	int result = 0;
-
 	int i;
 
-	switch (hash_alg) {
+	if (!sig_size || !hash_size || hash_size > sig_size)
+		return VB2_ERROR_RSA_PADDING_SIZE;
+
+	switch (key->hash_alg) {
 	case VB2_HASH_SHA1:
 		tail = sha1_tail;
 		tail_size = sizeof(sha1_tail);
@@ -276,20 +296,22 @@ int vb2_rsa_verify_digest(const struct vb2_public_key *key,
 	struct vb2_workbuf wblocal = *wb;
 	uint32_t *workbuf32;
 	uint32_t key_bytes;
+	int sig_size;
 	int pad_size;
 	int rv;
 
 	if (!key || !sig || !digest)
 		return VB2_ERROR_RSA_VERIFY_PARAM;
 
-	if (key->algorithm > VB2_ALG_RSA8192_SHA512) {
+	sig_size = vb2_rsa_sig_size(key->sig_alg);
+	if (!sig_size) {
 		VB2_DEBUG("Invalid signature type!\n");
 		return VB2_ERROR_RSA_VERIFY_ALGORITHM;
 	}
 
 	/* Signature length should be same as key length */
 	key_bytes = key->arrsize * sizeof(uint32_t);
-	if (key_bytes != vb2_rsa_sig_size(key->algorithm)) {
+	if (key_bytes != sig_size) {
 		VB2_DEBUG("Signature is of incorrect length!\n");
 		return VB2_ERROR_RSA_VERIFY_SIG_LEN;
 	}
@@ -302,9 +324,13 @@ int vb2_rsa_verify_digest(const struct vb2_public_key *key,
 
 	vb2_workbuf_free(&wblocal, 3 * key_bytes);
 
-	/* Check padding */
-	rv = vb2_check_padding(sig, key->algorithm);
-	if (rv)
+	/*
+	 * Check padding.  Only fail immediately if the padding size is bad.
+	 * Otherwise, continue on to check the digest to reduce the risk of
+	 * timing based attacks.
+	 */
+	rv = vb2_check_padding(sig, key);
+	if (rv == VB2_ERROR_RSA_PADDING_SIZE)
 		return rv;
 
 	/*
@@ -312,12 +338,11 @@ int vb2_rsa_verify_digest(const struct vb2_public_key *key,
 	 * use vb2_safe_memcmp() just to be on the safe side.  (That's also why
 	 * we don't return before this check if the padding check failed.)
 	 */
-	pad_size = vb2_rsa_sig_size(key->algorithm) -
-		vb2_digest_size(key->hash_alg);
-
+	pad_size = sig_size - vb2_digest_size(key->hash_alg);
 	if (vb2_safe_memcmp(sig + pad_size, digest, key_bytes - pad_size)) {
 		VB2_DEBUG("Digest check failed!\n");
-		rv = VB2_ERROR_RSA_VERIFY_DIGEST;
+		if (!rv)
+			rv = VB2_ERROR_RSA_VERIFY_DIGEST;
 	}
 
 	return rv;
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 4070f007..9f41b8b8 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -71,6 +71,9 @@ enum vb2_return_code {
 	/* Digest mismatch in vb2_verify_digest() */
 	VB2_ERROR_RSA_VERIFY_DIGEST,
 
+	/* Bad size calculation in vb2_check_padding() */
+	VB2_ERROR_RSA_PADDING_SIZE,
+
         /**********************************************************************
 	 * NV storage errors
 	 */
@@ -128,8 +131,8 @@ enum vb2_return_code {
 	/* Member data outside parent in vb2_verify_member_inside() */
 	VB2_ERROR_INSIDE_DATA_OUTSIDE,
 
-	/* Bad algorithm in vb2_unpack_key() */
-	VB2_ERROR_UNPACK_KEY_ALGORITHM,
+	/* Unsupported signature algorithm in vb2_unpack_key() */
+	VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
 
 	/* Bad key size in vb2_unpack_key() */
 	VB2_ERROR_UNPACK_KEY_SIZE,
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 5409ce31..8e21cd4d 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -17,34 +17,45 @@ struct vb2_public_key {
 	uint32_t n0inv;      /* -1 / n[0] mod 2^32 */
 	const uint32_t *n;   /* Modulus as little endian array */
 	const uint32_t *rr;  /* R^2 as little endian array */
-	uint32_t algorithm;  /* Algorithm to use when verifying with the key */
-	enum vb2_hash_algorithm hash_alg;  /* Hash algorithm */
+	enum vb2_signature_algorithm sig_alg;  /* Signature algorithm */
+	enum vb2_hash_algorithm hash_alg;      /* Hash algorithm */
 };
 
 /**
+ * Convert vb2_crypto_algorithm to vb2_signature_algorithm.
+ *
+ * @param algorithm	Crypto algorithm (vb2_crypto_algorithm)
+ *
+ * @return The signature algorithm for that crypto algorithm, or
+ * VB2_SIG_INVALID if the crypto algorithm or its corresponding signature
+ * algorithm is invalid or not supported.
+ */
+enum vb2_signature_algorithm vb2_crypto_to_signature(uint32_t algorithm);
+
+/**
  * Return the size of a RSA signature
  *
- * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
- * @return The size of the signature, or 0 if error.
+ * @param sig_alg	Signature algorithm
+ * @return The size of the signature in bytes, or 0 if error.
  */
-uint32_t vb2_rsa_sig_size(uint32_t algorithm);
+uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg);
 
 /**
  * Return the size of a pre-processed RSA public key.
  *
- * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
- * @return The size of the preprocessed key, or 0 if error.
+ * @param sig_alg	Signature algorithm
+ * @return The size of the preprocessed key in bytes, or 0 if error.
  */
-uint32_t vb2_packed_key_size(uint32_t algorithm);
+uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg);
 
 /**
  * Check pkcs 1.5 padding bytes
  *
  * @param sig		Signature to verify
- * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
+ * @param key		Key to take signature and hash algorithms from
  * @return VB2_SUCCESS, or non-zero if error.
  */
-int vb2_check_padding(uint8_t *sig, int algorithm);
+int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key);
 
 /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
 #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024)
diff --git a/tests/vb2_api_tests.c b/tests/vb2_api_tests.c
index 49b59b25..23e2d5e6 100644
--- a/tests/vb2_api_tests.c
+++ b/tests/vb2_api_tests.c
@@ -140,7 +140,7 @@ int vb2_unpack_key(struct vb2_public_key *key,
 	if (size != sizeof(*k) + 8)
 		return VB2_ERROR_UNPACK_KEY_SIZE;
 
-	key->algorithm = k->algorithm;
+	key->sig_alg = vb2_crypto_to_signature(k->algorithm);
 	key->hash_alg = vb2_crypto_to_hash(k->algorithm);
 
 	return VB2_SUCCESS;
@@ -174,7 +174,7 @@ int vb2_digest_finalize(struct vb2_digest_context *dc,
 	return retval_vb2_digest_finalize;
 }
 
-uint32_t vb2_rsa_sig_size(uint32_t algorithm)
+uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg)
 {
 	return mock_sig_size;
 }
diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c
index 2afa9f9e..4b3a34e6 100644
--- a/tests/vb2_common2_tests.c
+++ b/tests/vb2_common2_tests.c
@@ -35,7 +35,8 @@ static void test_unpack_key(const VbPublicKey *orig_key)
 	PublicKeyCopy(key, orig_key);
 	TEST_SUCC(vb2_unpack_key(&rsa, buf, size), "vb2_unpack_key() ok");
 
-	TEST_EQ(rsa.algorithm, key2->algorithm, "vb2_unpack_key() algorithm");
+	TEST_EQ(rsa.sig_alg, vb2_crypto_to_signature(key2->algorithm),
+		"vb2_unpack_key() sig_alg");
 	TEST_EQ(rsa.hash_alg, vb2_crypto_to_hash(key2->algorithm),
 		"vb2_unpack_key() hash_alg");
 
@@ -43,7 +44,7 @@ static void test_unpack_key(const VbPublicKey *orig_key)
 	PublicKeyCopy(key, orig_key);
 	key2->algorithm = VB2_ALG_COUNT;
 	TEST_EQ(vb2_unpack_key(&rsa, buf, size),
-		VB2_ERROR_UNPACK_KEY_ALGORITHM,
+		VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
 		"vb2_unpack_key() invalid algorithm");
 
 	PublicKeyCopy(key, orig_key);
@@ -83,9 +84,8 @@ static void test_verify_data(const VbPublicKey *public_key,
 	struct vb2_workbuf wb;
 	VbSignature *sig;
 
-	struct vb2_public_key rsa;
+	struct vb2_public_key rsa, rsa_orig;
 	struct vb2_signature *sig2;
-
 	struct vb2_packed_key *public_key2;
 
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
@@ -106,13 +106,19 @@ static void test_verify_data(const VbPublicKey *public_key,
 
 	TEST_EQ(vb2_unpack_key(&rsa, (uint8_t *)public_key2, pubkey_size),
 		0, "vb2_verify_data() unpack key");
+	rsa_orig = rsa;
+
+	memcpy(sig2, sig, sizeof(VbSignature) + sig->sig_size);
+	rsa.sig_alg = VB2_SIG_INVALID;
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &rsa, &wb),
+		 0, "vb2_verify_data() bad sig alg");
+	rsa.sig_alg = rsa_orig.sig_alg;
 
 	memcpy(sig2, sig, sizeof(VbSignature) + sig->sig_size);
-	rsa.algorithm += VB2_ALG_COUNT;
-	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &rsa,
-				 &wb),
-		 0, "vb2_verify_data() bad key");
-	rsa.algorithm -= VB2_ALG_COUNT;
+	rsa.hash_alg = VB2_HASH_INVALID;
+	TEST_NEQ(vb2_verify_data(test_data, test_size, sig2, &rsa, &wb),
+		 0, "vb2_verify_data() bad hash alg");
+	rsa.hash_alg = rsa_orig.hash_alg;
 
 	vb2_workbuf_init(&wb, workbuf, 4);
 	memcpy(sig2, sig, sizeof(VbSignature) + sig->sig_size);
diff --git a/tests/vb2_misc2_tests.c b/tests/vb2_misc2_tests.c
index 14526f70..05a379ee 100644
--- a/tests/vb2_misc2_tests.c
+++ b/tests/vb2_misc2_tests.c
@@ -218,9 +218,9 @@ static void verify_keyblock_tests(void)
 		"keyblock read root key");
 
 	reset_common_data(FOR_KEYBLOCK);
-	mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_ALGORITHM;
+	mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM;
 	TEST_EQ(vb2_verify_fw_keyblock(&cc),
-		VB2_ERROR_UNPACK_KEY_ALGORITHM,
+		VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
 		"keyblock unpack root key");
 
 	reset_common_data(FOR_KEYBLOCK);
@@ -295,9 +295,9 @@ static void verify_preamble_tests(void)
 		"preamble no data key");
 
 	reset_common_data(FOR_PREAMBLE);
-	mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_ALGORITHM;
+	mock_unpack_key_retval = VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM;
 	TEST_EQ(vb2_verify_fw_preamble2(&cc),
-		VB2_ERROR_UNPACK_KEY_ALGORITHM,
+		VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM,
 		"preamble unpack data key");
 
 	reset_common_data(FOR_PREAMBLE);
diff --git a/tests/vb2_rsa_padding_tests.c b/tests/vb2_rsa_padding_tests.c
index 3dd33162..8c9e80b6 100644
--- a/tests/vb2_rsa_padding_tests.c
+++ b/tests/vb2_rsa_padding_tests.c
@@ -33,7 +33,7 @@ void vb2_public_key_to_vb2(struct vb2_public_key *k2,
 	k2->n0inv = key->n0inv;
 	k2->n = key->n;
 	k2->rr = key->rr;
-	k2->algorithm = key->algorithm;
+	k2->sig_alg = vb2_crypto_to_signature(key->algorithm);
 	k2->hash_alg = vb2_crypto_to_hash(key->algorithm);
 }
 
@@ -77,6 +77,7 @@ static void test_verify_digest(struct vb2_public_key *key) {
 	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES];
 	uint8_t sig[RSA1024NUMBYTES];
 	struct vb2_workbuf wb;
+	enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
 
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
 
@@ -91,12 +92,12 @@ static void test_verify_digest(struct vb2_public_key *key) {
 		"vb2_rsa_verify_digest() small workbuf");
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
 
-	key->algorithm += VB2_ALG_COUNT;
+	key->sig_alg = VB2_SIG_INVALID;
 	Memcpy(sig, signatures[0], sizeof(sig));
 	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_VERIFY_ALGORITHM,
 		"vb2_rsa_verify_digest() bad key alg");
-	key->algorithm -= VB2_ALG_COUNT;
+	key->sig_alg = orig_key_alg;
 
 	key->arrsize *= 2;
 	Memcpy(sig, signatures[0], sizeof(sig));
diff --git a/tests/vb2_rsa_utility_tests.c b/tests/vb2_rsa_utility_tests.c
index 2a74f35e..1293d50f 100644
--- a/tests/vb2_rsa_utility_tests.c
+++ b/tests/vb2_rsa_utility_tests.c
@@ -28,52 +28,69 @@
  * APIs.
  */
 int vb2_mont_ge(const struct vb2_public_key *key, uint32_t *a);
-int vb2_check_padding(uint8_t *sig, int algorithm);
-int vb2_safe_memcmp(const void *s1, const void *s2, size_t size);
+int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key);
 
 /**
  * Test RSA utility funcs
  */
 static void test_utils(void)
 {
+	uint8_t sig[RSA1024NUMBYTES];
+	struct vb2_public_key kbad = {.sig_alg = VB2_SIG_INVALID,
+				      .hash_alg = VB2_HASH_INVALID};
+
 	/* Verify old and new algorithm count constants match */
 	TEST_EQ(kNumAlgorithms, VB2_ALG_COUNT, "Algorithm counts");
 
+	/* Crypto algorithm to sig algorithm mapping */
+	TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA1024_SHA1),
+		VB2_SIG_RSA1024, "Crypto map to RSA1024");
+	TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA2048_SHA256),
+		VB2_SIG_RSA2048, "Crypto map to RSA2048");
+	TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA4096_SHA256),
+		VB2_SIG_RSA4096, "Crypto map to RSA4096");
+	TEST_EQ(vb2_crypto_to_signature(VB2_ALG_RSA8192_SHA512),
+		VB2_SIG_RSA8192, "Crypto map to RSA8192");
+	TEST_EQ(vb2_crypto_to_signature(VB2_ALG_COUNT),
+		VB2_SIG_INVALID, "Crypto map to invalid");
+
 	/* Sig size */
-	TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA1024_SHA1), RSA1024NUMBYTES,
-		"Sig size VB2_ALG_RSA1024_SHA1");
-	TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA2048_SHA1), RSA2048NUMBYTES,
-		"Sig size VB2_ALG_RSA2048_SHA1");
-	TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA4096_SHA256), RSA4096NUMBYTES,
-		"Sig size VB2_ALG_RSA4096_SHA256");
-	TEST_EQ(vb2_rsa_sig_size(VB2_ALG_RSA8192_SHA512), RSA8192NUMBYTES,
-		"Sig size VB2_ALG_RSA8192_SHA512");
-	TEST_EQ(vb2_rsa_sig_size(VB2_ALG_COUNT), 0,
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA1024), RSA1024NUMBYTES,
+		"Sig size RSA1024");
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA2048), RSA2048NUMBYTES,
+		"Sig size RSA2048");
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA4096), RSA4096NUMBYTES,
+		"Sig size RSA4096");
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_RSA8192), RSA8192NUMBYTES,
+		"Sig size RSA8192");
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_INVALID), 0,
 		"Sig size invalid algorithm");
+	TEST_EQ(vb2_rsa_sig_size(VB2_SIG_NONE), 0,
+		"Sig size no signing algorithm");
 
 	/* Packed key size */
-	TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA1024_SHA1),
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA1024),
 		RSA1024NUMBYTES * 2 + sizeof(uint32_t) * 2,
-		"Packed key size VB2_ALG_RSA1024_SHA1");
-	TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA2048_SHA1),
+		"Packed key size VB2_SIG_RSA1024");
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA2048),
 		RSA2048NUMBYTES * 2 + sizeof(uint32_t) * 2,
-		"Packed key size VB2_ALG_RSA2048_SHA1");
-	TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA4096_SHA256),
+		"Packed key size VB2_SIG_RSA2048");
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA4096),
 		RSA4096NUMBYTES * 2 + sizeof(uint32_t) * 2,
-		"Packed key size VB2_ALG_RSA4096_SHA256");
-	TEST_EQ(vb2_packed_key_size(VB2_ALG_RSA8192_SHA512),
+		"Packed key size VB2_SIG_RSA4096");
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_RSA8192),
 		RSA8192NUMBYTES * 2 + sizeof(uint32_t) * 2,
-		"Packed key size VB2_ALG_RSA8192_SHA512");
-	TEST_EQ(vb2_packed_key_size(VB2_ALG_COUNT), 0,
+		"Packed key size VB2_SIG_RSA8192");
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_INVALID), 0,
 		"Packed key size invalid algorithm");
-
-	uint8_t sig[RSA1024NUMBYTES];
+	TEST_EQ(vb2_packed_key_size(VB2_SIG_NONE), 0,
+		"Packed key size no signing algorithm");
 
 	/* Test padding check with bad algorithm */
 	Memcpy(sig, signatures[0], sizeof(sig));
-	TEST_EQ(vb2_check_padding(sig, VB2_ALG_COUNT),
-		VB2_ERROR_RSA_PADDING_ALGORITHM,
-		"vb2_check_padding() bad alg");
+	TEST_EQ(vb2_check_padding(sig, &kbad),
+		VB2_ERROR_RSA_PADDING_SIZE,
+		"vb2_check_padding() bad padding algorithm/size");
 
 	/* Test safe memcmp */
 	TEST_EQ(vb2_safe_memcmp("foo", "foo", 3), 0, "vb2_safe_memcmp() good");