summaryrefslogtreecommitdiff
path: root/host
diff options
context:
space:
mode:
Diffstat (limited to 'host')
-rw-r--r--host/lib/include/host_common.h1
-rw-r--r--host/lib/include/signature_digest.h2
-rw-r--r--host/lib/signature_digest.c41
-rw-r--r--host/lib21/host_key.c24
-rw-r--r--host/lib21/include/host_key2.h8
5 files changed, 67 insertions, 9 deletions
diff --git a/host/lib/include/host_common.h b/host/lib/include/host_common.h
index 84536634..8c14942e 100644
--- a/host/lib/include/host_common.h
+++ b/host/lib/include/host_common.h
@@ -16,6 +16,7 @@
#include "cryptolib.h"
#include "host_key.h"
+#include "host_key2.h"
#include "host_keyblock.h"
#include "host_misc.h"
#include "host_signature.h"
diff --git a/host/lib/include/signature_digest.h b/host/lib/include/signature_digest.h
index 40c27036..936591a8 100644
--- a/host/lib/include/signature_digest.h
+++ b/host/lib/include/signature_digest.h
@@ -11,7 +11,7 @@
/* Returns a buffer with DigestInfo (which depends on [algorithm])
* prepended to [digest].
*/
-uint8_t* PrependDigestInfo(unsigned int algorithm, uint8_t* digest);
+uint8_t* PrependDigestInfo(enum vb2_hash_algorithm hash_alg, uint8_t* digest);
/* Function that outputs the message digest of the contents of a buffer in a
* format that can be used as input to OpenSSL for an RSA signature.
diff --git a/host/lib/signature_digest.c b/host/lib/signature_digest.c
index e90a56ed..2050d4a4 100644
--- a/host/lib/signature_digest.c
+++ b/host/lib/signature_digest.c
@@ -12,16 +12,23 @@
#include "2sysincludes.h"
#include "2common.h"
+#include "2rsa.h"
#include "2sha.h"
#include "cryptolib.h"
#include "host_common.h"
+#include "host_signature2.h"
#include "signature_digest.h"
-uint8_t* PrependDigestInfo(unsigned int algorithm, uint8_t* digest)
+uint8_t* PrependDigestInfo(enum vb2_hash_algorithm hash_alg, uint8_t* digest)
{
- const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm));
- const int digestinfo_size = digestinfo_size_map[algorithm];
- const uint8_t* digestinfo = hash_digestinfo_map[algorithm];
+ const int digest_size = vb2_digest_size(hash_alg);
+ uint32_t digestinfo_size = 0;
+ const uint8_t* digestinfo = NULL;
+
+ if (VB2_SUCCESS != vb2_digest_info(hash_alg, &digestinfo,
+ &digestinfo_size))
+ return NULL;
+
uint8_t* p = malloc(digestinfo_size + digest_size);
memcpy(p, digestinfo, digestinfo_size);
memcpy(p + digestinfo_size, digest, digest_size);
@@ -35,7 +42,7 @@ uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len,
uint8_t digest[VB2_SHA512_DIGEST_SIZE]; /* Longest digest */
- if (algorithm >= kNumAlgorithms) {
+ if (algorithm >= VB2_ALG_COUNT) {
VBDEBUG(("SignatureDigest() called with invalid algorithm!\n"));
} else if (VB2_SUCCESS ==
vb2_digest_buffer(buf, len, vb2_crypto_to_hash(algorithm),
@@ -48,12 +55,29 @@ uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len,
uint8_t* SignatureBuf(const uint8_t* buf, uint64_t len, const char* key_file,
unsigned int algorithm)
{
+ const enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(algorithm);
FILE* key_fp = NULL;
RSA* key = NULL;
uint8_t* signature = NULL;
uint8_t* signature_digest = SignatureDigest(buf, len, algorithm);
- const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm));
- int signature_digest_len = digest_size + digestinfo_size_map[algorithm];
+ if (!signature_digest) {
+ VBDEBUG(("SignatureBuf(): Couldn't get signature digest\n"));
+ return NULL;
+ }
+
+ const int digest_size = vb2_digest_size(hash_alg);
+
+ uint32_t digestinfo_size = 0;
+ const uint8_t* digestinfo = NULL;
+ if (VB2_SUCCESS != vb2_digest_info(hash_alg, &digestinfo,
+ &digestinfo_size)) {
+ VBDEBUG(("SignatureBuf(): Couldn't get digest info\n"));
+ free(signature_digest);
+ return NULL;
+ }
+
+ int signature_digest_len = digest_size + digestinfo_size;
+
key_fp = fopen(key_file, "r");
if (!key_fp) {
VBDEBUG(("SignatureBuf(): Couldn't open key file: %s\n",
@@ -62,7 +86,8 @@ uint8_t* SignatureBuf(const uint8_t* buf, uint64_t len, const char* key_file,
return NULL;
}
if ((key = PEM_read_RSAPrivateKey(key_fp, NULL, NULL, NULL)))
- signature = (uint8_t*) malloc(siglen_map[algorithm]);
+ signature = (uint8_t *)malloc(
+ vb2_rsa_sig_size(vb2_crypto_to_signature(algorithm)));
else
VBDEBUG(("SignatureBuf(): Couldn't read private key from: %s\n",
key_file));
diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c
index 2ebd08a1..ecb7328b 100644
--- a/host/lib21/host_key.c
+++ b/host/lib21/host_key.c
@@ -33,6 +33,22 @@ const struct vb2_text_vs_enum vb2_text_vs_hash[] = {
{0, 0}
};
+const struct vb2_text_vs_enum vb2_text_vs_crypto[] = {
+ {"RSA1024 SHA1", VB2_ALG_RSA1024_SHA1},
+ {"RSA1024 SHA256", VB2_ALG_RSA1024_SHA256},
+ {"RSA1024 SHA512", VB2_ALG_RSA1024_SHA512},
+ {"RSA2048 SHA1", VB2_ALG_RSA2048_SHA1},
+ {"RSA2048 SHA256", VB2_ALG_RSA2048_SHA256},
+ {"RSA2048 SHA512", VB2_ALG_RSA2048_SHA512},
+ {"RSA4096 SHA1", VB2_ALG_RSA4096_SHA1},
+ {"RSA4096 SHA256", VB2_ALG_RSA4096_SHA256},
+ {"RSA4096 SHA512", VB2_ALG_RSA4096_SHA512},
+ {"RSA8192 SHA1", VB2_ALG_RSA8192_SHA1},
+ {"RSA8192 SHA256", VB2_ALG_RSA8192_SHA256},
+ {"RSA8192 SHA512", VB2_ALG_RSA8192_SHA512},
+ {0, 0}
+};
+
const struct vb2_text_vs_enum *vb2_lookup_by_num(
const struct vb2_text_vs_enum *table,
const unsigned int num)
@@ -61,6 +77,14 @@ const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg)
return entry ? entry->name : VB2_INVALID_ALG_NAME;
}
+const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg)
+{
+ const struct vb2_text_vs_enum *entry =
+ vb2_lookup_by_num(vb2_text_vs_crypto, alg);
+
+ return entry ? entry->name : VB2_INVALID_ALG_NAME;
+}
+
void vb2_private_key_free(struct vb2_private_key *key)
{
if (!key)
diff --git a/host/lib21/include/host_key2.h b/host/lib21/include/host_key2.h
index 5a2ec0ad..f786ec9f 100644
--- a/host/lib21/include/host_key2.h
+++ b/host/lib21/include/host_key2.h
@@ -67,6 +67,14 @@ extern const struct vb2_text_vs_enum vb2_text_vs_hash[];
const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg);
/**
+ * Return the name of a crypto algorithm.
+ *
+ * @param alg Crypto algorithm to look up
+ * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match.
+ */
+const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg);
+
+/**
* Free a private key.
*
* @param key Key containing internal data to free.