1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Key unpacking functions
*/
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
const uint8_t *vb2_packed_key2_data(const struct vb2_packed_key2 *key)
{
return (const uint8_t *)key + key->key_offset;
}
int vb2_verify_packed_key2_inside(const void *parent,
uint32_t parent_size,
const struct vb2_packed_key2 *key)
{
int rv;
rv = vb2_verify_member_inside(parent, parent_size,
key, sizeof(*key),
key->key_offset, key->key_size);
if (rv)
return rv;
return vb2_verify_common_header(parent, parent_size, &key->c);
}
int vb2_unpack_key2(struct vb2_public_key *key,
const uint8_t *buf,
uint32_t size)
{
const struct vb2_packed_key2 *pkey =
(const struct vb2_packed_key2 *)buf;
const uint32_t *buf32;
uint32_t expected_key_size;
uint32_t sig_size;
int rv;
/*
* Check magic number.
*
* If it doesn't match, pass through to the old packed key format.
*
* TODO: remove passthru when signing scripts have switched over to
* use the new format.
*/
if (pkey->c.magic != VB2_MAGIC_PACKED_KEY2)
return vb2_unpack_key(key, buf, size);
/* Make sure passed buffer is big enough for the packed key */
rv = vb2_verify_packed_key2_inside(buf, size, pkey);
if (rv)
return rv;
/*
* Check for compatible version. No need to check minor version, since
* that's compatible across readers matching the major version, and we
* haven't added any new fields.
*/
if (pkey->c.struct_version_major != VB2_PACKED_KEY2_VERSION_MAJOR)
return VB2_ERROR_UNPACK_KEY_STRUCT_VERSION;
/* Copy key algorithms */
key->sig_alg = pkey->sig_algorithm;
sig_size = vb2_rsa_sig_size(key->sig_alg);
if (!sig_size)
return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM;
key->hash_alg = pkey->hash_algorithm;
if (!vb2_digest_size(key->hash_alg))
return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM;
expected_key_size = vb2_packed_key_size(key->sig_alg);
if (!expected_key_size || expected_key_size != pkey->key_size) {
VB2_DEBUG("Wrong key size for algorithm\n");
return VB2_ERROR_UNPACK_KEY_SIZE;
}
/* Make sure source buffer is 32-bit aligned */
buf32 = (const uint32_t *)vb2_packed_key2_data(pkey);
if (!vb2_aligned(buf32, sizeof(uint32_t)))
return VB2_ERROR_UNPACK_KEY_ALIGN;
/* Sanity check key array size */
key->arrsize = buf32[0];
if (key->arrsize * sizeof(uint32_t) != sig_size)
return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE;
key->n0inv = buf32[1];
/* Arrays point inside the key data */
key->n = buf32 + 2;
key->rr = buf32 + 2 + key->arrsize;
/* Key description */
if (pkey->c.desc_size)
key->desc = (const char *)&(pkey->c) + pkey->c.desc_offset;
else
key->desc = "";
key->version = pkey->key_version;
key->guid = &pkey->key_guid;
return VB2_SUCCESS;
}
|
