From c8c2f023a4914a498c11b855210ef05d4e035d41 Mon Sep 17 00:00:00 2001 From: Randall Spangler Date: Thu, 23 Oct 2014 09:48:20 -0700 Subject: vboot2: use enum signature algorithm This changes the internals of vboot2 to use the enumerated type for signature algorithm. The conversion from crypto algorithm is done only when unpacking the key. This is preparation for the vboot2 data types, which separate signature and hash algorithms into their own fields. There is no external change in the calling API to vboot, and no change to the external data structures. BUG=chromium:423882 BRANCH=none TEST=VBOOT2=1 make runtests Change-Id: I2e176d186d88cc7541644e001e720b4aee456be0 Signed-off-by: Randall Spangler Reviewed-on: https://chromium-review.googlesource.com/225209 --- firmware/2lib/2common.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) (limited to 'firmware/2lib/2common.c') diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index 0da3a611..f1707969 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -192,12 +192,12 @@ int vb2_unpack_key(struct vb2_public_key *key, if (rv) return rv; - /* Check key algorithm */ - if (packed_key->algorithm >= VB2_ALG_COUNT) { - VB2_DEBUG("Invalid algorithm.\n"); - return VB2_ERROR_UNPACK_KEY_ALGORITHM; + /* Unpack key algorithm */ + key->sig_alg = vb2_crypto_to_signature(packed_key->algorithm); + if (key->sig_alg == VB2_SIG_INVALID) { + VB2_DEBUG("Unsupported signature algorithm.\n"); + return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; } - key->algorithm = packed_key->algorithm; key->hash_alg = vb2_crypto_to_hash(packed_key->algorithm); if (key->hash_alg == VB2_HASH_INVALID) { @@ -205,7 +205,7 @@ int vb2_unpack_key(struct vb2_public_key *key, return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; } - expected_key_size = vb2_packed_key_size(packed_key->algorithm); + expected_key_size = vb2_packed_key_size(key->sig_alg); if (!expected_key_size || expected_key_size != packed_key->key_size) { VB2_DEBUG("Wrong key size for algorithm\n"); return VB2_ERROR_UNPACK_KEY_SIZE; @@ -218,8 +218,7 @@ int vb2_unpack_key(struct vb2_public_key *key, /* Sanity check key array size */ key->arrsize = buf32[0]; - if (key->arrsize * sizeof(uint32_t) != - vb2_rsa_sig_size(packed_key->algorithm)) + if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; key->n0inv = buf32[1]; @@ -238,11 +237,11 @@ int vb2_verify_digest(const struct vb2_public_key *key, { uint8_t *sig_data = vb2_signature_data(sig); - if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) { + if (sig->sig_size != vb2_rsa_sig_size(key->sig_alg)) { VB2_DEBUG("Wrong data signature size for algorithm, " "sig_size=%d, expected %d for algorithm %d.\n", - sig->sig_size, vb2_rsa_sig_size(key->algorithm), - key->algorithm); + sig->sig_size, vb2_rsa_sig_size(key->sig_alg), + key->sig_alg); return VB2_ERROR_VDATA_SIG_SIZE; } @@ -261,9 +260,6 @@ int vb2_verify_data(const uint8_t *data, uint32_t digest_size; int rv; - if (key->algorithm >= VB2_ALG_COUNT) - return VB2_ERROR_VDATA_ALGORITHM; - if (sig->data_size > size) { VB2_DEBUG("Data buffer smaller than length of signed data.\n"); return VB2_ERROR_VDATA_NOT_ENOUGH_DATA; -- cgit v1.2.1