diff options
Diffstat (limited to 'firmware/2lib/2packed_key.c')
-rw-r--r-- | firmware/2lib/2packed_key.c | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/firmware/2lib/2packed_key.c b/firmware/2lib/2packed_key.c new file mode 100644 index 00000000..4e2c654a --- /dev/null +++ b/firmware/2lib/2packed_key.c @@ -0,0 +1,80 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Key unpacking functions + */ + +#include "2common.h" +#include "2packed_key.h" +#include "2rsa.h" +#include "2sysincludes.h" + +test_mockable +vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key, + const uint8_t *buf, uint32_t size) +{ + const struct vb2_packed_key *packed_key = + (const struct vb2_packed_key *)buf; + const uint32_t *buf32; + uint32_t expected_key_size; + + /* Make sure passed buffer is big enough for the packed key */ + VB2_TRY(vb2_verify_packed_key_inside(buf, size, packed_key)); + + /* Unpack key algorithm */ + key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); + if (key->sig_alg == VB2_SIG_INVALID) { + VB2_DEBUG("Unsupported signature algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; + } + + key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm); + if (key->hash_alg == VB2_HASH_INVALID) { + VB2_DEBUG("Unsupported hash algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; + } + + expected_key_size = vb2_packed_key_size(key->sig_alg); + if (!expected_key_size || expected_key_size != packed_key->key_size) { + VB2_DEBUG("Wrong key size for algorithm\n"); + return VB2_ERROR_UNPACK_KEY_SIZE; + } + + /* Make sure source buffer is 32-bit aligned */ + buf32 = (const uint32_t *)vb2_packed_key_data(packed_key); + if (!vb2_aligned(buf32, sizeof(uint32_t))) + return VB2_ERROR_UNPACK_KEY_ALIGN; + + /* Validity check key array size */ + key->arrsize = buf32[0]; + if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) + return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; + + key->n0inv = buf32[1]; + + /* Arrays point inside the key data */ + key->n = buf32 + 2; + key->rr = buf32 + 2 + key->arrsize; + + /* disable hwcrypto for RSA by default */ + key->allow_hwcrypto = 0; + +#ifdef __COVERITY__ + __coverity_tainted_data_sanitize__(key); + __coverity_tainted_data_sanitize__(buf); +#endif + return VB2_SUCCESS; +} + +vb2_error_t vb2_unpack_key(struct vb2_public_key *key, + const struct vb2_packed_key *packed_key) +{ + if (!packed_key) + return VB2_ERROR_UNPACK_KEY_BUFFER; + + return vb2_unpack_key_buffer(key, + (const uint8_t *)packed_key, + packed_key->key_offset + + packed_key->key_size); +} |