diff options
Diffstat (limited to 'firmware/lib21/common.c')
-rw-r--r-- | firmware/lib21/common.c | 138 |
1 files changed, 0 insertions, 138 deletions
diff --git a/firmware/lib21/common.c b/firmware/lib21/common.c index 89367ba3..19f07bce 100644 --- a/firmware/lib21/common.c +++ b/firmware/lib21/common.c @@ -301,141 +301,3 @@ vb2_error_t vb21_verify_data(const void *data, uint32_t size, return vb21_verify_digest(key, sig, digest, &wblocal); } - -vb2_error_t vb21_verify_keyblock(struct vb21_keyblock *block, uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - uint32_t min_offset = 0, sig_offset; - vb2_error_t rv, i; - - /* Check magic number */ - if (block->c.magic != VB21_MAGIC_KEYBLOCK) - return VB2_ERROR_KEYBLOCK_MAGIC; - - /* Make sure common header is good */ - rv = vb21_verify_common_header(block, size); - if (rv) - return rv; - - /* - * Check for compatible version. No need to check minor version, since - * that's compatible across readers matching the major version, and we - * haven't added any new fields. - */ - if (block->c.struct_version_major != VB21_KEYBLOCK_VERSION_MAJOR) - return VB2_ERROR_KEYBLOCK_HEADER_VERSION; - - /* Make sure header is big enough */ - if (block->c.fixed_size < sizeof(*block)) - return VB2_ERROR_KEYBLOCK_SIZE; - - /* Make sure data key is inside */ - rv = vb21_verify_common_subobject(block, &min_offset, - block->key_offset); - if (rv) - return rv; - - /* Loop over signatures */ - sig_offset = block->sig_offset; - for (i = 0; i < block->sig_count; i++, sig_offset = min_offset) { - struct vb21_signature *sig; - - /* Make sure signature is inside keyblock */ - rv = vb21_verify_common_subobject(block, &min_offset, - sig_offset); - if (rv) - return rv; - - sig = (struct vb21_signature *)((uint8_t *)block + sig_offset); - - /* Verify the signature integrity */ - rv = vb21_verify_signature(sig, - block->c.total_size - sig_offset); - if (rv) - return rv; - - /* Skip signature if it doesn't match the key ID */ - if (memcmp(&sig->id, key->id, VB2_ID_NUM_BYTES)) - continue; - - /* Make sure we signed the right amount of data */ - if (sig->data_size != block->sig_offset) - return VB2_ERROR_KEYBLOCK_SIGNED_SIZE; - - return vb21_verify_data(block, block->sig_offset, sig, key, wb); - } - - /* If we're still here, no signature matched the key ID */ - return VB2_ERROR_KEYBLOCK_SIG_ID; -} - -vb2_error_t vb21_verify_fw_preamble(struct vb21_fw_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - struct vb21_signature *sig; - uint32_t min_offset = 0, hash_offset; - vb2_error_t rv, i; - - /* Check magic number */ - if (preamble->c.magic != VB21_MAGIC_FW_PREAMBLE) - return VB2_ERROR_PREAMBLE_MAGIC; - - /* Make sure common header is good */ - rv = vb21_verify_common_header(preamble, size); - if (rv) - return rv; - - /* - * Check for compatible version. No need to check minor version, since - * that's compatible across readers matching the major version, and we - * haven't added any new fields. - */ - if (preamble->c.struct_version_major != VB21_FW_PREAMBLE_VERSION_MAJOR) - return VB2_ERROR_PREAMBLE_HEADER_VERSION; - - /* Make sure header is big enough */ - if (preamble->c.fixed_size < sizeof(*preamble)) - return VB2_ERROR_PREAMBLE_SIZE; - - /* Make sure all hash signatures are inside */ - hash_offset = preamble->hash_offset; - for (i = 0; i < preamble->hash_count; i++, hash_offset = min_offset) { - /* Make sure signature is inside preamble */ - rv = vb21_verify_common_subobject(preamble, &min_offset, - hash_offset); - if (rv) - return rv; - - sig = (struct vb21_signature *) - ((uint8_t *)preamble + hash_offset); - - /* Verify the signature integrity */ - rv = vb21_verify_signature( - sig, preamble->c.total_size - hash_offset); - if (rv) - return rv; - - /* Hashes must all be unsigned */ - if (sig->sig_alg != VB2_SIG_NONE) - return VB2_ERROR_PREAMBLE_HASH_SIGNED; - } - - /* Make sure signature is inside preamble */ - rv = vb21_verify_common_subobject(preamble, &min_offset, - preamble->sig_offset); - if (rv) - return rv; - - /* Verify preamble signature */ - sig = (struct vb21_signature *)((uint8_t *)preamble + - preamble->sig_offset); - - rv = vb21_verify_data(preamble, preamble->sig_offset, sig, key, wb); - if (rv) - return rv; - - return VB2_SUCCESS; -} |