diff options
Diffstat (limited to 'host')
-rw-r--r-- | host/lib21/host_key.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c index ecb7328b..be36df71 100644 --- a/host/lib21/host_key.c +++ b/host/lib21/host_key.c @@ -23,6 +23,7 @@ const struct vb2_text_vs_enum vb2_text_vs_sig[] = { {"RSA2048", VB2_SIG_RSA2048}, {"RSA4096", VB2_SIG_RSA4096}, {"RSA8192", VB2_SIG_RSA8192}, + {"RSA2048EXP3", VB2_SIG_RSA2048_EXP3}, {0, 0} }; @@ -403,7 +404,10 @@ int vb2_public_key_read_keyb(struct vb2_public_key **key_ptr, if (vb2_read_file(filename, &key_data, &key_size)) return VB2_ERROR_READ_KEYB_DATA; - /* Guess the signature algorithm from the key size */ + /* Guess the signature algorithm from the key size + * Note: This only considers exponent F4 keys, as there is no way to + * distinguish between exp 3 and F4 based on size. Vboot API 2.1 is + * required to make proper use of exp 3 keys. */ for (sig_alg = VB2_SIG_RSA1024; sig_alg <= VB2_SIG_RSA8192; sig_alg++) { if (key_size == vb2_packed_key_size(sig_alg)) break; @@ -560,17 +564,27 @@ int vb2_public_key_hash(struct vb2_public_key *key, enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa) { + int exp = BN_get_word(rsa->e); int bits = BN_num_bits(rsa->n); - switch (bits) { - case 1024: - return VB2_SIG_RSA1024; - case 2048: - return VB2_SIG_RSA2048; - case 4096: - return VB2_SIG_RSA4096; - case 8192: - return VB2_SIG_RSA8192; + switch (exp) { + case RSA_3: + switch (bits) { + case 2048: + return VB2_SIG_RSA2048_EXP3; + } + break; + case RSA_F4: + switch (bits) { + case 1024: + return VB2_SIG_RSA1024; + case 2048: + return VB2_SIG_RSA2048; + case 4096: + return VB2_SIG_RSA4096; + case 8192: + return VB2_SIG_RSA8192; + } } /* no clue */ |