vboot: move vboot 2.1 functions and structs into host code
These structs and functions need to stick around for futility to use, but they are no longer supported in firmware code. Rename host/lib21/include/* files to end in 21 instead of 2. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Change-Id: I01e181e2f03553d60724fbdc826f5ada63777303 Cq-Depend: chromium:1969172 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1963621 Reviewed-by: Julius Werner <jwerner@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
This commit is contained in:
parent
9e39b74523
commit
166840277a
27
Makefile
27
Makefile
|
@ -337,7 +337,7 @@ INCLUDES += \
|
|||
# TPM commands and various external functions that are provided by the BIOS.
|
||||
ifeq (${FIRMWARE_ARCH},)
|
||||
INCLUDES += -Ihost/include -Ihost/lib/include
|
||||
INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include
|
||||
INCLUDES += -Ihost/lib21/include
|
||||
endif
|
||||
|
||||
# Firmware library, used by the other firmware components (depthcharge,
|
||||
|
@ -348,7 +348,6 @@ FWLIB = ${BUILD}/vboot_fw.a
|
|||
# Separate TPM lightweight command library (TLCL)
|
||||
TLCL = ${BUILD}/tlcl.a
|
||||
|
||||
# Additional firmware library sources needed by VbSelectAndLoadKernel() call
|
||||
FWLIB_SRCS = \
|
||||
firmware/lib/cgptlib/cgptlib.c \
|
||||
firmware/lib/cgptlib/cgptlib_internal.c \
|
||||
|
@ -364,7 +363,6 @@ FWLIB_SRCS = \
|
|||
firmware/lib/vboot_ui_menu.c \
|
||||
firmware/lib/vboot_ui_wilco.c
|
||||
|
||||
# Code common to both vboot 2.0 (old structs) and 2.1 (new structs)
|
||||
FWLIB2X_SRCS = \
|
||||
firmware/2lib/2api.c \
|
||||
firmware/2lib/2auxfw_sync.c \
|
||||
|
@ -392,10 +390,6 @@ FWLIB20_SRCS = \
|
|||
firmware/lib20/misc.c \
|
||||
firmware/lib20/packed_key.c
|
||||
|
||||
FWLIB21_SRCS = \
|
||||
firmware/lib21/common.c \
|
||||
firmware/lib21/packed_key.c
|
||||
|
||||
# TPM lightweight command library
|
||||
ifeq (${TPM2_MODE},)
|
||||
TLCL_SRCS = \
|
||||
|
@ -438,10 +432,8 @@ endif
|
|||
FWLIB_OBJS = ${FWLIB_SRCS:%.c=${BUILD}/%.o}
|
||||
FWLIB2X_OBJS = ${FWLIB2X_SRCS:%.c=${BUILD}/%.o}
|
||||
FWLIB20_OBJS = ${FWLIB20_SRCS:%.c=${BUILD}/%.o}
|
||||
FWLIB21_OBJS = ${FWLIB21_SRCS:%.c=${BUILD}/%.o}
|
||||
TLCL_OBJS = ${TLCL_SRCS:%.c=${BUILD}/%.o}
|
||||
ALL_OBJS += ${FWLIB_OBJS} ${FWLIB2X_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS} \
|
||||
${TLCL_OBJS}
|
||||
ALL_OBJS += ${FWLIB_OBJS} ${FWLIB2X_OBJS} ${FWLIB20_OBJS} ${TLCL_OBJS}
|
||||
|
||||
# Intermediate library for the vboot_reference utilities to link against.
|
||||
UTILLIB = ${BUILD}/libvboot_util.a
|
||||
|
@ -469,6 +461,7 @@ UTILLIB_SRCS = \
|
|||
host/lib/signature_digest.c \
|
||||
host/lib/subprocess.c \
|
||||
host/lib/util_misc.c \
|
||||
host/lib21/host_common.c \
|
||||
host/lib21/host_key.c \
|
||||
host/lib21/host_misc.c \
|
||||
host/lib21/host_signature.c
|
||||
|
@ -655,7 +648,7 @@ FUTIL_CMD_LIST = ${BUILD}/gen/futility_cmds.c
|
|||
|
||||
FUTIL_OBJS = ${FUTIL_SRCS:%.c=${BUILD}/%.o} ${FUTIL_CMD_LIST:%.c=%.o}
|
||||
|
||||
${FUTIL_OBJS}: INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include
|
||||
${FUTIL_OBJS}: INCLUDES += -Ihost/lib21/include
|
||||
|
||||
ALL_OBJS += ${FUTIL_OBJS}
|
||||
|
||||
|
@ -729,8 +722,8 @@ TEST20_NAMES = \
|
|||
tests/vb20_verify_fw
|
||||
|
||||
TEST21_NAMES = \
|
||||
tests/vb21_common_tests \
|
||||
tests/vb21_common2_tests \
|
||||
tests/vb21_host_common2_tests \
|
||||
tests/vb21_host_common_tests \
|
||||
tests/vb21_host_key_tests \
|
||||
tests/vb21_host_misc_tests \
|
||||
tests/vb21_host_sig_tests
|
||||
|
@ -866,7 +859,7 @@ utillib: ${UTILLIB}
|
|||
|
||||
# TODO: better way to make .a than duplicating this recipe each time?
|
||||
${UTILLIB}: ${UTILLIB_OBJS} ${FWLIB_OBJS} ${FWLIB2X_OBJS} ${FWLIB20_OBJS} \
|
||||
${FWLIB21_OBJS} ${TLCL_OBJS}
|
||||
${TLCL_OBJS}
|
||||
@${PRINTF} " RM $(subst ${BUILD}/,,$@)\n"
|
||||
${Q}rm -f $@
|
||||
@${PRINTF} " AR $(subst ${BUILD}/,,$@)\n"
|
||||
|
@ -1231,8 +1224,8 @@ run2tests: install_for_test
|
|||
${RUNTEST} ${BUILD_RUN}/tests/vb20_api_kernel_tests
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb20_kernel_tests
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb20_misc_tests
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_common_tests
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS}
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_host_common_tests
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_host_common2_tests ${TEST_KEYS}
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_host_key_tests ${TEST_KEYS} ${BUILD}
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_host_misc_tests ${BUILD}
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_host_sig_tests ${TEST_KEYS}
|
||||
|
@ -1250,7 +1243,7 @@ runfutiltests: install_for_test
|
|||
runlongtests: install_for_test genkeys genfuzztestcases
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} --all
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} --all
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} --all
|
||||
${RUNTEST} ${BUILD_RUN}/tests/vb21_host_common2_tests ${TEST_KEYS} --all
|
||||
tests/run_preamble_tests.sh --all
|
||||
tests/run_vbutil_tests.sh --all
|
||||
|
||||
|
|
|
@ -34,10 +34,3 @@ lib20/
|
|||
This was deployed slightly before it was ready. That's not a problem,
|
||||
thanks to the binary compatibility, but this directory will be abandoned
|
||||
Real Soon Now, except for the product support branches.
|
||||
|
||||
lib21/
|
||||
|
||||
This is where the current development of the second-generation vboot API
|
||||
is taking place. It uses the public (2lib/) API, but will NOT be binary
|
||||
compatible with vboot1 structs. Because of the early release of the lib20
|
||||
stuff, we're actually calling this lib21.
|
||||
|
|
|
@ -1,99 +0,0 @@
|
|||
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
|
||||
* Use of this source code is governed by a BSD-style license that can be
|
||||
* found in the LICENSE file.
|
||||
*
|
||||
* Key unpacking functions
|
||||
*/
|
||||
|
||||
#include "2common.h"
|
||||
#include "2rsa.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key,
|
||||
const uint8_t *key_data, uint32_t key_size)
|
||||
{
|
||||
const uint32_t *buf32 = (const uint32_t *)key_data;
|
||||
uint32_t expected_key_size = vb2_packed_key_size(key->sig_alg);
|
||||
|
||||
/* Make sure buffer is the correct length */
|
||||
if (!expected_key_size || expected_key_size != key_size) {
|
||||
VB2_DEBUG("Wrong key size for algorithm\n");
|
||||
return VB2_ERROR_UNPACK_KEY_SIZE;
|
||||
}
|
||||
|
||||
/* Check for alignment */
|
||||
if (!vb2_aligned(buf32, sizeof(uint32_t)))
|
||||
return VB2_ERROR_UNPACK_KEY_ALIGN;
|
||||
|
||||
key->arrsize = buf32[0];
|
||||
|
||||
/* Sanity check key array size */
|
||||
if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg))
|
||||
return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE;
|
||||
|
||||
key->n0inv = buf32[1];
|
||||
|
||||
/* Arrays point inside the key data */
|
||||
key->n = buf32 + 2;
|
||||
key->rr = buf32 + 2 + key->arrsize;
|
||||
|
||||
return VB2_SUCCESS;
|
||||
}
|
||||
|
||||
vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf,
|
||||
uint32_t size)
|
||||
{
|
||||
const struct vb21_packed_key *pkey =
|
||||
(const struct vb21_packed_key *)buf;
|
||||
uint32_t sig_size;
|
||||
uint32_t min_offset = 0;
|
||||
vb2_error_t rv;
|
||||
|
||||
/* Check magic number */
|
||||
if (pkey->c.magic != VB21_MAGIC_PACKED_KEY)
|
||||
return VB2_ERROR_UNPACK_KEY_MAGIC;
|
||||
|
||||
rv = vb21_verify_common_header(buf, size);
|
||||
if (rv)
|
||||
return rv;
|
||||
|
||||
/* Make sure key data is inside */
|
||||
rv = vb21_verify_common_member(pkey, &min_offset,
|
||||
pkey->key_offset, pkey->key_size);
|
||||
if (rv)
|
||||
return rv;
|
||||
|
||||
/*
|
||||
* Check for compatible version. No need to check minor version, since
|
||||
* that's compatible across readers matching the major version, and we
|
||||
* haven't added any new fields.
|
||||
*/
|
||||
if (pkey->c.struct_version_major != VB21_PACKED_KEY_VERSION_MAJOR)
|
||||
return VB2_ERROR_UNPACK_KEY_STRUCT_VERSION;
|
||||
|
||||
/* Copy key algorithms */
|
||||
key->hash_alg = pkey->hash_alg;
|
||||
if (!vb2_digest_size(key->hash_alg))
|
||||
return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM;
|
||||
|
||||
key->sig_alg = pkey->sig_alg;
|
||||
if (key->sig_alg != VB2_SIG_NONE) {
|
||||
sig_size = vb2_rsa_sig_size(key->sig_alg);
|
||||
if (!sig_size)
|
||||
return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM;
|
||||
rv = vb2_unpack_key_data(
|
||||
key,
|
||||
(const uint8_t *)pkey + pkey->key_offset,
|
||||
pkey->key_size);
|
||||
if (rv)
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* Key description */
|
||||
key->desc = vb21_common_desc(pkey);
|
||||
key->version = pkey->key_version;
|
||||
key->id = &pkey->id;
|
||||
|
||||
return VB2_SUCCESS;
|
||||
}
|
|
@ -16,12 +16,12 @@
|
|||
#include "2sysincludes.h"
|
||||
#include "futility.h"
|
||||
#include "futility_options.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key.h"
|
||||
#include "host_misc2.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_misc21.h"
|
||||
#include "openssl_compat.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb21_common.h"
|
||||
#include "vb2_common.h"
|
||||
|
||||
/* Command line options */
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
#include "futility.h"
|
||||
#include "futility_options.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb1_helper.h"
|
||||
#include "vb2_common.h"
|
||||
|
|
|
@ -18,17 +18,17 @@
|
|||
#include <unistd.h>
|
||||
|
||||
#include "2common.h"
|
||||
#include "file_type_bios.h"
|
||||
#include "file_type.h"
|
||||
#include "file_type_bios.h"
|
||||
#include "fmap.h"
|
||||
#include "futility.h"
|
||||
#include "futility_options.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "kernel_blob.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb1_helper.h"
|
||||
#include "vb21_common.h"
|
||||
#include "vb2_common.h"
|
||||
|
||||
/* Options */
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
#include "2sysincludes.h"
|
||||
#include "futility.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "kernel_blob.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb1_helper.h"
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
#include "futility.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb1_helper.h"
|
||||
#include "vb2_common.h"
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
#include "2sysincludes.h"
|
||||
#include "futility.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb1_helper.h"
|
||||
#include "vb2_common.h"
|
||||
|
|
|
@ -23,11 +23,11 @@
|
|||
#include "futility.h"
|
||||
#include "futility_options.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_misc.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_signature21.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
#define SIGNATURE_RSVD_SIZE 1024
|
||||
#define EC_RW_FILENAME "EC_RW.bin"
|
||||
|
|
|
@ -24,10 +24,10 @@
|
|||
#include "futility.h"
|
||||
#include "futility_options.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_signature21.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
/* Return 1 if okay, 0 if not */
|
||||
static int parse_size_opts(uint32_t len,
|
||||
|
|
|
@ -14,11 +14,11 @@
|
|||
#include "futility.h"
|
||||
#include "futility_options.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_misc2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_misc21.h"
|
||||
#include "openssl_compat.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
int vb2_lookup_hash_alg(const char *str, enum vb2_hash_algorithm *alg)
|
||||
{
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
#include "2rsa.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "utility.h"
|
||||
#include "vb2_common.h"
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_key.h"
|
||||
#include "host_misc.h"
|
||||
#include "vb2_common.h"
|
||||
|
@ -296,3 +296,34 @@ vb2_error_t vb2_packed_key_looks_ok(const struct vb2_packed_key *key,
|
|||
|
||||
return VB2_SUCCESS;
|
||||
}
|
||||
|
||||
vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key,
|
||||
const uint8_t *key_data, uint32_t key_size)
|
||||
{
|
||||
const uint32_t *buf32 = (const uint32_t *)key_data;
|
||||
uint32_t expected_key_size = vb2_packed_key_size(key->sig_alg);
|
||||
|
||||
/* Make sure buffer is the correct length */
|
||||
if (!expected_key_size || expected_key_size != key_size) {
|
||||
VB2_DEBUG("Wrong key size for algorithm\n");
|
||||
return VB2_ERROR_UNPACK_KEY_SIZE;
|
||||
}
|
||||
|
||||
/* Check for alignment */
|
||||
if (!vb2_aligned(buf32, sizeof(uint32_t)))
|
||||
return VB2_ERROR_UNPACK_KEY_ALIGN;
|
||||
|
||||
key->arrsize = buf32[0];
|
||||
|
||||
/* Sanity check key array size */
|
||||
if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg))
|
||||
return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE;
|
||||
|
||||
key->n0inv = buf32[1];
|
||||
|
||||
/* Arrays point inside the key data */
|
||||
key->n = buf32 + 2;
|
||||
key->rr = buf32 + 2 + key->arrsize;
|
||||
|
||||
return VB2_SUCCESS;
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
#include "2rsa.h"
|
||||
#include "2sha.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_keyblock.h"
|
||||
#include "host_key.h"
|
||||
#include "vb2_common.h"
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_signature21.h"
|
||||
#include "vb2_common.h"
|
||||
|
||||
/* Invoke [external_signer] command with [pem_file] as an argument, contents of
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
#include "2sha.h"
|
||||
#include "file_keys.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_signature21.h"
|
||||
#include "vb2_common.h"
|
||||
|
||||
struct vb2_signature *vb2_alloc_signature(uint32_t sig_size,
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
#define VBOOT_REFERENCE_HOST_COMMON_H_
|
||||
|
||||
#include "host_key.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_keyblock.h"
|
||||
#include "host_misc.h"
|
||||
#include "host_signature.h"
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
#include "2crypto.h"
|
||||
#include "2return_codes.h"
|
||||
|
||||
struct vb2_public_key;
|
||||
struct vb2_packed_key;
|
||||
struct vb2_private_key;
|
||||
|
||||
|
@ -146,4 +147,17 @@ struct vb2_packed_key *vb2_read_packed_keyb(const char *filename,
|
|||
vb2_error_t vb2_write_packed_key(const char *filename,
|
||||
const struct vb2_packed_key *key);
|
||||
|
||||
/**
|
||||
* Unpack the RSA data fields for a public key
|
||||
*
|
||||
* This is called by vb21_unpack_key() to extract the arrays from a packed key.
|
||||
* These elements of *key will point inside the key_data buffer.
|
||||
*
|
||||
* @param key Destination key for RSA data fields
|
||||
* @param key_data Packed key data (from inside a packed key buffer)
|
||||
* @param key_size Size of packed key data in bytes
|
||||
*/
|
||||
vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key,
|
||||
const uint8_t *key_data, uint32_t key_size);
|
||||
|
||||
#endif /* VBOOT_REFERENCE_HOST_KEY_H_ */
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_signature21.h"
|
||||
#include "signature_digest.h"
|
||||
|
||||
uint8_t* PrependDigestInfo(enum vb2_hash_algorithm hash_alg, uint8_t* digest)
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "openssl_compat.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb2_common.h"
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
#include "2rsa.h"
|
||||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "vb21_common.h"
|
||||
#include "host_common21.h"
|
||||
|
||||
const char *vb21_common_desc(const void *buf)
|
||||
{
|
|
@ -14,10 +14,10 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_misc.h"
|
||||
#include "openssl_compat.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
const struct vb2_text_vs_enum vb2_text_vs_sig[] = {
|
||||
{"RSA1024", VB2_SIG_RSA1024},
|
||||
|
@ -651,3 +651,60 @@ vb2_error_t vb21_public_key_write(const struct vb2_public_key *key,
|
|||
free(pkey);
|
||||
return ret;
|
||||
}
|
||||
|
||||
vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf,
|
||||
uint32_t size)
|
||||
{
|
||||
const struct vb21_packed_key *pkey =
|
||||
(const struct vb21_packed_key *)buf;
|
||||
uint32_t sig_size;
|
||||
uint32_t min_offset = 0;
|
||||
vb2_error_t rv;
|
||||
|
||||
/* Check magic number */
|
||||
if (pkey->c.magic != VB21_MAGIC_PACKED_KEY)
|
||||
return VB2_ERROR_UNPACK_KEY_MAGIC;
|
||||
|
||||
rv = vb21_verify_common_header(buf, size);
|
||||
if (rv)
|
||||
return rv;
|
||||
|
||||
/* Make sure key data is inside */
|
||||
rv = vb21_verify_common_member(pkey, &min_offset,
|
||||
pkey->key_offset, pkey->key_size);
|
||||
if (rv)
|
||||
return rv;
|
||||
|
||||
/*
|
||||
* Check for compatible version. No need to check minor version, since
|
||||
* that's compatible across readers matching the major version, and we
|
||||
* haven't added any new fields.
|
||||
*/
|
||||
if (pkey->c.struct_version_major != VB21_PACKED_KEY_VERSION_MAJOR)
|
||||
return VB2_ERROR_UNPACK_KEY_STRUCT_VERSION;
|
||||
|
||||
/* Copy key algorithms */
|
||||
key->hash_alg = pkey->hash_alg;
|
||||
if (!vb2_digest_size(key->hash_alg))
|
||||
return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM;
|
||||
|
||||
key->sig_alg = pkey->sig_alg;
|
||||
if (key->sig_alg != VB2_SIG_NONE) {
|
||||
sig_size = vb2_rsa_sig_size(key->sig_alg);
|
||||
if (!sig_size)
|
||||
return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM;
|
||||
rv = vb2_unpack_key_data(
|
||||
key,
|
||||
(const uint8_t *)pkey + pkey->key_offset,
|
||||
pkey->key_size);
|
||||
if (rv)
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* Key description */
|
||||
key->desc = vb21_common_desc(pkey);
|
||||
key->version = pkey->key_version;
|
||||
key->id = &pkey->id;
|
||||
|
||||
return VB2_SUCCESS;
|
||||
}
|
||||
|
|
|
@ -14,8 +14,8 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_misc2.h"
|
||||
#include "vb21_common.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_misc21.h"
|
||||
|
||||
vb2_error_t vb2_read_file(const char *filename, uint8_t **data_ptr,
|
||||
uint32_t *size_ptr)
|
||||
|
|
|
@ -12,10 +12,10 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_misc.h"
|
||||
#include "host_signature2.h"
|
||||
#include "vb21_common.h"
|
||||
#include "host_signature21.h"
|
||||
|
||||
vb2_error_t vb2_digest_info(enum vb2_hash_algorithm hash_alg,
|
||||
const uint8_t **buf_ptr, uint32_t *size_ptr)
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
#include "2common.h"
|
||||
#include "2return_codes.h"
|
||||
#include "2struct.h"
|
||||
#include "vb21_struct.h"
|
||||
#include "host_struct21.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -78,33 +78,6 @@ vb2_error_t vb21_verify_common_subobject(const void *parent,
|
|||
uint32_t *min_offset,
|
||||
uint32_t member_offset);
|
||||
|
||||
/**
|
||||
* Unpack a key for use in verification
|
||||
*
|
||||
* The elements of the unpacked key will point into the source buffer, so don't
|
||||
* free the source buffer until you're done with the key.
|
||||
*
|
||||
* @param key Destintion for unpacked key
|
||||
* @param buf Source buffer containing packed key
|
||||
* @param size Size of buffer in bytes
|
||||
* @return VB2_SUCCESS, or non-zero error code if error.
|
||||
*/
|
||||
vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf,
|
||||
uint32_t size);
|
||||
|
||||
/**
|
||||
* Unpack the RSA data fields for a public key
|
||||
*
|
||||
* This is called by vb21_unpack_key() to extract the arrays from a packed key.
|
||||
* These elements of *key will point inside the key_data buffer.
|
||||
*
|
||||
* @param key Destination key for RSA data fields
|
||||
* @param key_data Packed key data (from inside a packed key buffer)
|
||||
* @param key_size Size of packed key data in bytes
|
||||
*/
|
||||
vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key,
|
||||
const uint8_t *key_data, uint32_t key_size);
|
||||
|
||||
/**
|
||||
* Verify the integrity of a signature struct
|
||||
* @param sig Signature struct
|
|
@ -267,4 +267,18 @@ enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa);
|
|||
vb2_error_t vb21_public_key_write(const struct vb2_public_key *key,
|
||||
const char *filename);
|
||||
|
||||
/**
|
||||
* Unpack a key for use in verification
|
||||
*
|
||||
* The elements of the unpacked key will point into the source buffer, so don't
|
||||
* free the source buffer until you're done with the key.
|
||||
*
|
||||
* @param key Destintion for unpacked key
|
||||
* @param buf Source buffer containing packed key
|
||||
* @param size Size of buffer in bytes
|
||||
* @return VB2_SUCCESS, or non-zero error code if error.
|
||||
*/
|
||||
vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf,
|
||||
uint32_t size);
|
||||
|
||||
#endif /* VBOOT_REFERENCE_HOST_KEY2_H_ */
|
|
@ -13,11 +13,11 @@
|
|||
#include "2rsa.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_signature21.h"
|
||||
#include "test_common.h"
|
||||
#include "util_misc.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
static const uint8_t test_data[] = "This is some test data to sign.";
|
||||
static const uint32_t test_size = sizeof(test_data);
|
|
@ -8,10 +8,10 @@
|
|||
#include "2common.h"
|
||||
#include "2rsa.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_signature21.h"
|
||||
#include "test_common.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
static const uint8_t test_data[] = "This is some test data to sign.";
|
||||
|
|
@ -12,9 +12,9 @@
|
|||
#include "2rsa.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "test_common.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
/* Test only the algorithms we use */
|
||||
struct alg_combo {
|
||||
|
|
|
@ -11,9 +11,9 @@
|
|||
#include "2common.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_misc.h"
|
||||
#include "test_common.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
static void misc_tests(void)
|
||||
{
|
||||
|
|
|
@ -12,10 +12,10 @@
|
|||
#include "2rsa.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_common21.h"
|
||||
#include "host_key21.h"
|
||||
#include "host_signature21.h"
|
||||
#include "test_common.h"
|
||||
#include "vb21_common.h"
|
||||
|
||||
/* Test only the algorithms we use */
|
||||
struct alg_combo {
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
#include "2sysincludes.h"
|
||||
#include "file_keys.h"
|
||||
#include "host_common.h"
|
||||
#include "host_key2.h"
|
||||
#include "host_key21.h"
|
||||
#include "test_common.h"
|
||||
#include "vb2_common.h"
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
#include "2sha.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_signature21.h"
|
||||
#include "signature_digest.h"
|
||||
|
||||
static void usage(char* argv[]) {
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
#include "2common.h"
|
||||
#include "2sysincludes.h"
|
||||
#include "host_common.h"
|
||||
#include "host_signature2.h"
|
||||
#include "host_signature21.h"
|
||||
#include "signature_digest.h"
|
||||
|
||||
int main(int argc, char* argv[])
|
||||
|
|
Loading…
Reference in New Issue