summaryrefslogtreecommitdiff
path: root/host/lib/host_key.c
diff options
context:
space:
mode:
Diffstat (limited to 'host/lib/host_key.c')
-rw-r--r--host/lib/host_key.c122
1 files changed, 21 insertions, 101 deletions
diff --git a/host/lib/host_key.c b/host/lib/host_key.c
index a8b05b53..02744477 100644
--- a/host/lib/host_key.c
+++ b/host/lib/host_key.c
@@ -13,6 +13,10 @@
#include <stdlib.h>
#include <unistd.h>
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+#include "2sha.h"
#include "cryptolib.h"
#include "host_common.h"
#include "host_key.h"
@@ -20,82 +24,15 @@
#include "vb2_common.h"
#include "vboot_common.h"
-/* Allocate a new public key with space for a [key_size] byte key. */
-VbPublicKey* PublicKeyAlloc(uint64_t key_size, uint64_t algorithm,
- uint64_t version) {
- VbPublicKey* key = (VbPublicKey*)malloc(sizeof(VbPublicKey) + key_size);
- if (!key)
- return NULL;
-
- key->algorithm = algorithm;
- key->key_version = version;
- key->key_size = key_size;
- key->key_offset = sizeof(VbPublicKey);
- return key;
-}
-
-VbPublicKey* PublicKeyReadKeyb(const char* filename, uint64_t algorithm,
- uint64_t version) {
- VbPublicKey* key;
- uint8_t* key_data;
- uint64_t key_size;
- uint64_t expected_key_size;
-
- if (algorithm >= kNumAlgorithms) {
- VBDEBUG(("PublicKeyReadKeyb() called with invalid algorithm!\n"));
- return NULL;
- }
- if (version > 0xFFFF) {
- /* Currently, TPM only supports 16-bit version */
- VBDEBUG(("PublicKeyReadKeyb() called with invalid version!\n"));
- return NULL;
- }
-
- key_data = ReadFile(filename, &key_size);
- if (!key_data)
- return NULL;
-
- if (!RSAProcessedKeySize(algorithm, &expected_key_size) ||
- expected_key_size != key_size) {
- VBDEBUG(("PublicKeyReadKeyb() wrong key size for algorithm\n"));
- free(key_data);
- return NULL;
- }
-
- key = PublicKeyAlloc(key_size, algorithm, version);
- if (!key) {
- free(key_data);
- return NULL;
- }
- Memcpy(GetPublicKeyData(key), key_data, key_size);
-
- free(key_data);
- return key;
-}
-
int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size)
{
- uint64_t key_size;
-
- if (size < sizeof(*key))
+ struct vb2_public_key pubkey;
+ if (VB2_SUCCESS != vb2_unpack_key(&pubkey, (const uint8_t *)key, size))
return 0;
- /* Sanity-check key data */
- if (0 != VerifyPublicKeyInside(key, size, (VbPublicKey *)key)) {
- VBDEBUG(("PublicKeyRead() not a VbPublicKey\n"));
- return 0;
- }
- if (key->algorithm >= kNumAlgorithms) {
- VBDEBUG(("PublicKeyRead() invalid algorithm\n"));
- return 0;
- }
- if (key->key_version > 0xFFFF) {
- VBDEBUG(("PublicKeyRead() invalid version\n"));
- return 0; /* Currently, TPM only supports 16-bit version */
- }
- if (!RSAProcessedKeySize(key->algorithm, &key_size) ||
- key_size != key->key_size) {
- VBDEBUG(("PublicKeyRead() wrong key size for algorithm\n"));
+ if (key->key_version > VB2_MAX_KEY_VERSION) {
+ /* Currently, TPM only supports 16-bit version */
+ VB2_DEBUG("%s() - packed key invalid version\n", __func__);
return 0;
}
@@ -103,37 +40,20 @@ int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size)
return 1;
}
-VbPublicKey* PublicKeyRead(const char* filename) {
- struct vb2_packed_key *key;
- uint64_t file_size;
+/* TODO: the host code just uses this to check the embedded key length in
+ * uint32_t's. It should get folded into packed_key_looks_ok. */
- key = (struct vb2_packed_key *)ReadFile(filename, &file_size);
- if (!key)
- return NULL;
-
- if (packed_key_looks_ok(key, file_size))
- return (VbPublicKey *)key;
-
- /* Error */
- free(key);
- return NULL;
-}
+RSAPublicKey *vb2_packed_key_to_rsa(const struct vb2_packed_key *key)
+{
+ RSAPublicKey *rsa;
-int PublicKeyWrite(const char* filename, const VbPublicKey* key) {
- VbPublicKey* kcopy;
- int rv;
+ if (!packed_key_looks_ok(key, key->key_size))
+ return NULL;
- /* Copy the key, so its data is contiguous with the header */
- kcopy = PublicKeyAlloc(key->key_size, 0, 0);
- if (!kcopy)
- return 1;
- if (0 != PublicKeyCopy(kcopy, key)) {
- free(kcopy);
- return 1;
- }
+ rsa = RSAPublicKeyFromBuf(vb2_packed_key_data(key), key->key_size);
+ if (!rsa)
+ return NULL;
- /* Write the copy, then free it */
- rv = WriteFile(filename, kcopy, kcopy->key_offset + kcopy->key_size);
- free(kcopy);
- return rv;
+ rsa->algorithm = (unsigned int)key->algorithm;
+ return rsa;
}
View Lorry Controller Status