mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-24 10:14:55 +00:00
vboot: Add vb2_unpack_key_buffer
Previously, vb2_unpack_key() actually unpacked a key buffer. Callers
that had a vb2_packed_key had to typecast it back to a uint8_t buffer to
unpack it. Rename vb2_unpack_key() to vb2_unpack_key_buffer(), and make
vb2_unpack_key() unpack a vb2_packed_key.
BUG=chromium:611535
BRANCH=none
TEST=make runtests; emerge-kevin coreboot depthcharge;
emerge-samus and boot it
Change-Id: I9ee38a819c59cc58a72ead78cf5ddf3d0f301ae7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/400906
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
This commit is contained in:
Randall Spangler
@@ -161,16 +161,16 @@ enum vb2_return_code {
|
|||||||
/* Member data outside parent in vb2_verify_member_inside() */
|
/* Member data outside parent in vb2_verify_member_inside() */
|
||||||
VB2_ERROR_INSIDE_DATA_OUTSIDE,
|
VB2_ERROR_INSIDE_DATA_OUTSIDE,
|
||||||
|
|
||||||
/* Unsupported signature algorithm in vb2_unpack_key() */
|
/* Unsupported signature algorithm in vb2_unpack_key_buffer() */
|
||||||
VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, /* 0x150008 */
|
VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, /* 0x150008 */
|
||||||
|
|
||||||
/* Bad key size in vb2_unpack_key() */
|
/* Bad key size in vb2_unpack_key_buffer() */
|
||||||
VB2_ERROR_UNPACK_KEY_SIZE,
|
VB2_ERROR_UNPACK_KEY_SIZE,
|
||||||
|
|
||||||
/* Bad key alignment in vb2_unpack_key() */
|
/* Bad key alignment in vb2_unpack_key_buffer() */
|
||||||
VB2_ERROR_UNPACK_KEY_ALIGN,
|
VB2_ERROR_UNPACK_KEY_ALIGN,
|
||||||
|
|
||||||
/* Bad key array size in vb2_unpack_key() */
|
/* Bad key array size in vb2_unpack_key_buffer() */
|
||||||
VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
|
VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
|
||||||
|
|
||||||
/* Bad algorithm in vb2_verify_data() */
|
/* Bad algorithm in vb2_verify_data() */
|
||||||
@@ -194,7 +194,7 @@ enum vb2_return_code {
|
|||||||
*/
|
*/
|
||||||
VB2_ERROR_VDATA_DIGEST_SIZE,
|
VB2_ERROR_VDATA_DIGEST_SIZE,
|
||||||
|
|
||||||
/* Unsupported hash algorithm in vb2_unpack_key() */
|
/* Unsupported hash algorithm in vb2_unpack_key_buffer() */
|
||||||
VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM,
|
VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM,
|
||||||
|
|
||||||
/* Member data overlaps member header */
|
/* Member data overlaps member header */
|
||||||
@@ -256,9 +256,12 @@ enum vb2_return_code {
|
|||||||
/* Key algorithm doesn't match signature algorithm */
|
/* Key algorithm doesn't match signature algorithm */
|
||||||
VB2_ERROR_VDATA_ALGORITHM_MISMATCH,
|
VB2_ERROR_VDATA_ALGORITHM_MISMATCH,
|
||||||
|
|
||||||
/* Bad magic number in vb2_unpack_key() */
|
/* Bad magic number in vb2_unpack_key_buffer() */
|
||||||
VB2_ERROR_UNPACK_KEY_MAGIC,
|
VB2_ERROR_UNPACK_KEY_MAGIC,
|
||||||
|
|
||||||
|
/* Null public key buffer passed to vb2_unpack_key_buffer() */
|
||||||
|
VB2_ERROR_UNPACK_KEY_BUFFER,
|
||||||
|
|
||||||
/**********************************************************************
|
/**********************************************************************
|
||||||
* Keyblock verification errors (all in vb2_verify_keyblock())
|
* Keyblock verification errors (all in vb2_verify_keyblock())
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -1417,10 +1417,9 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
|
|||||||
} else {
|
} else {
|
||||||
/* Unpack kernel subkey */
|
/* Unpack kernel subkey */
|
||||||
struct vb2_public_key kernel_subkey2;
|
struct vb2_public_key kernel_subkey2;
|
||||||
if (VB2_SUCCESS != vb2_unpack_key(&kernel_subkey2,
|
if (VB2_SUCCESS !=
|
||||||
(const uint8_t *)kernel_subkey,
|
vb2_unpack_key(&kernel_subkey2,
|
||||||
kernel_subkey->key_offset +
|
(struct vb2_packed_key *)kernel_subkey)) {
|
||||||
kernel_subkey->key_size)) {
|
|
||||||
VBDEBUG(("Unable to unpack kernel subkey\n"));
|
VBDEBUG(("Unable to unpack kernel subkey\n"));
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
@@ -1450,11 +1449,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
|
|||||||
|
|
||||||
/* Get key for preamble/data verification from the key block. */
|
/* Get key for preamble/data verification from the key block. */
|
||||||
struct vb2_public_key data_key2;
|
struct vb2_public_key data_key2;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS != vb2_unpack_key(&data_key2, &keyblock2->data_key)) {
|
||||||
vb2_unpack_key(&data_key2,
|
|
||||||
(const uint8_t *)&keyblock2->data_key,
|
|
||||||
keyblock2->data_key.key_offset +
|
|
||||||
keyblock2->data_key.key_size)) {
|
|
||||||
VBDEBUG(("Unable to unpack kernel data key\n"));
|
VBDEBUG(("Unable to unpack kernel data key\n"));
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -159,10 +159,9 @@ VbError_t LoadKernel(LoadKernelParams *params, VbCommonParams *cparams)
|
|||||||
|
|
||||||
/* Unpack kernel subkey */
|
/* Unpack kernel subkey */
|
||||||
struct vb2_public_key kernel_subkey2;
|
struct vb2_public_key kernel_subkey2;
|
||||||
if (VB2_SUCCESS != vb2_unpack_key(&kernel_subkey2,
|
if (VB2_SUCCESS !=
|
||||||
(const uint8_t *)kernel_subkey,
|
vb2_unpack_key(&kernel_subkey2,
|
||||||
kernel_subkey->key_offset +
|
(struct vb2_packed_key *)kernel_subkey)) {
|
||||||
kernel_subkey->key_size)) {
|
|
||||||
VBDEBUG(("Unable to unpack kernel subkey\n"));
|
VBDEBUG(("Unable to unpack kernel subkey\n"));
|
||||||
goto bad_gpt;
|
goto bad_gpt;
|
||||||
}
|
}
|
||||||
@@ -334,10 +333,7 @@ VbError_t LoadKernel(LoadKernelParams *params, VbCommonParams *cparams)
|
|||||||
/* Get key for preamble/data verification from the key block. */
|
/* Get key for preamble/data verification from the key block. */
|
||||||
struct vb2_public_key data_key2;
|
struct vb2_public_key data_key2;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS !=
|
||||||
vb2_unpack_key(&data_key2,
|
vb2_unpack_key(&data_key2, &keyblock2->data_key)) {
|
||||||
(const uint8_t *)&keyblock2->data_key,
|
|
||||||
keyblock2->data_key.key_offset +
|
|
||||||
keyblock2->data_key.key_size)) {
|
|
||||||
VBDEBUG(("Unable to unpack kernel data key\n"));
|
VBDEBUG(("Unable to unpack kernel data key\n"));
|
||||||
shpart->check_result = VBSD_LKP_CHECK_DATA_KEY_PARSE;
|
shpart->check_result = VBSD_LKP_CHECK_DATA_KEY_PARSE;
|
||||||
goto bad_kernel;
|
goto bad_kernel;
|
||||||
|
|||||||
@@ -96,7 +96,7 @@ int vb2api_init_hash(struct vb2_context *ctx, uint32_t tag, uint32_t *size)
|
|||||||
if (!sd->workbuf_data_key_size)
|
if (!sd->workbuf_data_key_size)
|
||||||
return VB2_ERROR_API_INIT_HASH_DATA_KEY;
|
return VB2_ERROR_API_INIT_HASH_DATA_KEY;
|
||||||
|
|
||||||
rv = vb2_unpack_key(&key,
|
rv = vb2_unpack_key_buffer(&key,
|
||||||
ctx->workbuf + sd->workbuf_data_key_offset,
|
ctx->workbuf + sd->workbuf_data_key_offset,
|
||||||
sd->workbuf_data_key_size);
|
sd->workbuf_data_key_size);
|
||||||
if (rv)
|
if (rv)
|
||||||
@@ -186,7 +186,7 @@ int vb2api_check_hash_get_digest(struct vb2_context *ctx, void *digest_out,
|
|||||||
if (!sd->workbuf_data_key_size)
|
if (!sd->workbuf_data_key_size)
|
||||||
return VB2_ERROR_API_CHECK_HASH_DATA_KEY;
|
return VB2_ERROR_API_CHECK_HASH_DATA_KEY;
|
||||||
|
|
||||||
rv = vb2_unpack_key(&key,
|
rv = vb2_unpack_key_buffer(&key,
|
||||||
ctx->workbuf + sd->workbuf_data_key_offset,
|
ctx->workbuf + sd->workbuf_data_key_offset,
|
||||||
sd->workbuf_data_key_size);
|
sd->workbuf_data_key_size);
|
||||||
if (rv)
|
if (rv)
|
||||||
|
|||||||
@@ -213,7 +213,7 @@ int vb2api_verify_kernel_data(struct vb2_context *ctx,
|
|||||||
if (!sd->workbuf_data_key_size)
|
if (!sd->workbuf_data_key_size)
|
||||||
return VB2_ERROR_API_VERIFY_KDATA_KEY;
|
return VB2_ERROR_API_VERIFY_KDATA_KEY;
|
||||||
|
|
||||||
rv = vb2_unpack_key(&key,
|
rv = vb2_unpack_key_buffer(&key,
|
||||||
ctx->workbuf + sd->workbuf_data_key_offset,
|
ctx->workbuf + sd->workbuf_data_key_offset,
|
||||||
sd->workbuf_data_key_size);
|
sd->workbuf_data_key_size);
|
||||||
if (rv)
|
if (rv)
|
||||||
|
|||||||
@@ -78,7 +78,7 @@ int vb2_verify_packed_key_inside(const void *parent,
|
|||||||
const struct vb2_packed_key *key);
|
const struct vb2_packed_key *key);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unpack a vboot1-format key for use in verification
|
* Unpack a vboot1-format key buffer for use in verification
|
||||||
*
|
*
|
||||||
* The elements of the unpacked key will point into the source buffer, so don't
|
* The elements of the unpacked key will point into the source buffer, so don't
|
||||||
* free the source buffer until you're done with the key.
|
* free the source buffer until you're done with the key.
|
||||||
@@ -88,9 +88,23 @@ int vb2_verify_packed_key_inside(const void *parent,
|
|||||||
* @param size Size of buffer in bytes
|
* @param size Size of buffer in bytes
|
||||||
* @return VB2_SUCCESS, or non-zero error code if error.
|
* @return VB2_SUCCESS, or non-zero error code if error.
|
||||||
*/
|
*/
|
||||||
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
|
const uint8_t *buf,
|
||||||
|
uint32_t size);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unpack a vboot1-format key for use in verification
|
||||||
|
*
|
||||||
|
* The elements of the unpacked key will point into the source packed key, so
|
||||||
|
* don't free the source until you're done with the public key.
|
||||||
|
*
|
||||||
|
* @param key Destintion for unpacked key
|
||||||
|
* @param packed_key Source packed key
|
||||||
|
* @param size Size of buffer in bytes
|
||||||
|
* @return VB2_SUCCESS, or non-zero error code if error.
|
||||||
|
*/
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const struct vb2_packed_key *packed_key);
|
||||||
uint32_t size);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify a signature against an expected hash digest.
|
* Verify a signature against an expected hash digest.
|
||||||
|
|||||||
@@ -122,7 +122,7 @@ int vb2_load_kernel_keyblock(struct vb2_context *ctx)
|
|||||||
/* Unpack the kernel key */
|
/* Unpack the kernel key */
|
||||||
key_data = ctx->workbuf + sd->workbuf_kernel_key_offset;
|
key_data = ctx->workbuf + sd->workbuf_kernel_key_offset;
|
||||||
key_size = sd->workbuf_kernel_key_size;
|
key_size = sd->workbuf_kernel_key_size;
|
||||||
rv = vb2_unpack_key(&kernel_key, key_data, key_size);
|
rv = vb2_unpack_key_buffer(&kernel_key, key_data, key_size);
|
||||||
if (rv)
|
if (rv)
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
@@ -374,7 +374,7 @@ int vb2_load_kernel_preamble(struct vb2_context *ctx)
|
|||||||
if (!sd->workbuf_data_key_size)
|
if (!sd->workbuf_data_key_size)
|
||||||
return VB2_ERROR_KERNEL_PREAMBLE2_DATA_KEY;
|
return VB2_ERROR_KERNEL_PREAMBLE2_DATA_KEY;
|
||||||
|
|
||||||
rv = vb2_unpack_key(&data_key, key_data, key_size);
|
rv = vb2_unpack_key_buffer(&data_key, key_data, key_size);
|
||||||
if (rv)
|
if (rv)
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
|
|||||||
@@ -94,7 +94,7 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx)
|
|||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
/* Unpack the root key */
|
/* Unpack the root key */
|
||||||
rv = vb2_unpack_key(&root_key, key_data, key_size);
|
rv = vb2_unpack_key_buffer(&root_key, key_data, key_size);
|
||||||
if (rv)
|
if (rv)
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
@@ -212,7 +212,7 @@ int vb2_load_fw_preamble(struct vb2_context *ctx)
|
|||||||
if (!sd->workbuf_data_key_size)
|
if (!sd->workbuf_data_key_size)
|
||||||
return VB2_ERROR_FW_PREAMBLE2_DATA_KEY;
|
return VB2_ERROR_FW_PREAMBLE2_DATA_KEY;
|
||||||
|
|
||||||
rv = vb2_unpack_key(&data_key, key_data, key_size);
|
rv = vb2_unpack_key_buffer(&data_key, key_data, key_size);
|
||||||
if (rv)
|
if (rv)
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
|
|||||||
@@ -23,9 +23,9 @@ int vb2_verify_packed_key_inside(const void *parent,
|
|||||||
key->key_offset, key->key_size);
|
key->key_offset, key->key_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const uint8_t *buf,
|
||||||
uint32_t size)
|
uint32_t size)
|
||||||
{
|
{
|
||||||
const struct vb2_packed_key *packed_key =
|
const struct vb2_packed_key *packed_key =
|
||||||
(const struct vb2_packed_key *)buf;
|
(const struct vb2_packed_key *)buf;
|
||||||
@@ -75,3 +75,15 @@ int vb2_unpack_key(struct vb2_public_key *key,
|
|||||||
|
|
||||||
return VB2_SUCCESS;
|
return VB2_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int vb2_unpack_key(struct vb2_public_key *key,
|
||||||
|
const struct vb2_packed_key *packed_key)
|
||||||
|
{
|
||||||
|
if (!packed_key)
|
||||||
|
return VB2_ERROR_UNPACK_KEY_BUFFER;
|
||||||
|
|
||||||
|
return vb2_unpack_key_buffer(key,
|
||||||
|
(const uint8_t *)packed_key,
|
||||||
|
packed_key->key_offset +
|
||||||
|
packed_key->key_size);
|
||||||
|
}
|
||||||
|
|||||||
@@ -177,8 +177,9 @@ int ft_show_fw_preamble(const char *name, uint8_t *buf, uint32_t len,
|
|||||||
if (state) {
|
if (state) {
|
||||||
if (!sign_key &&
|
if (!sign_key &&
|
||||||
state->rootkey.is_valid &&
|
state->rootkey.is_valid &&
|
||||||
VB2_SUCCESS == vb2_unpack_key(&root_key, state->rootkey.buf,
|
VB2_SUCCESS == vb2_unpack_key_buffer(&root_key,
|
||||||
state->rootkey.len)) {
|
state->rootkey.buf,
|
||||||
|
state->rootkey.len)) {
|
||||||
/* BIOS should have a rootkey in the GBB */
|
/* BIOS should have a rootkey in the GBB */
|
||||||
sign_key = &root_key;
|
sign_key = &root_key;
|
||||||
}
|
}
|
||||||
@@ -201,10 +202,7 @@ int ft_show_fw_preamble(const char *name, uint8_t *buf, uint32_t len,
|
|||||||
retval = 1;
|
retval = 1;
|
||||||
|
|
||||||
struct vb2_public_key data_key;
|
struct vb2_public_key data_key;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS != vb2_unpack_key(&data_key, &keyblock->data_key)) {
|
||||||
vb2_unpack_key(&data_key, (const uint8_t *)&keyblock->data_key,
|
|
||||||
keyblock->data_key.key_offset +
|
|
||||||
keyblock->data_key.key_size)) {
|
|
||||||
fprintf(stderr, "Error parsing data key in %s\n", name);
|
fprintf(stderr, "Error parsing data key in %s\n", name);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -308,10 +306,7 @@ int ft_show_kernel_preamble(const char *name, uint8_t *buf, uint32_t len,
|
|||||||
retval = 1;
|
retval = 1;
|
||||||
|
|
||||||
struct vb2_public_key data_key;
|
struct vb2_public_key data_key;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS != vb2_unpack_key(&data_key, &keyblock->data_key)) {
|
||||||
vb2_unpack_key(&data_key, (const uint8_t *)&keyblock->data_key,
|
|
||||||
keyblock->data_key.key_offset +
|
|
||||||
keyblock->data_key.key_size)) {
|
|
||||||
fprintf(stderr, "Error parsing data key in %s\n", name);
|
fprintf(stderr, "Error parsing data key in %s\n", name);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -510,7 +505,7 @@ static int do_show(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS !=
|
||||||
vb2_unpack_key(&pubk2, pubkbuf, len)) {
|
vb2_unpack_key_buffer(&pubk2, pubkbuf, len)) {
|
||||||
fprintf(stderr, "Error unpacking %s\n", optarg);
|
fprintf(stderr, "Error unpacking %s\n", optarg);
|
||||||
errorcnt++;
|
errorcnt++;
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -211,7 +211,7 @@ static int do_verify(const char *infile, const char *signpubkey,
|
|||||||
fprintf(stderr, "Error reading signpubkey.\n");
|
fprintf(stderr, "Error reading signpubkey.\n");
|
||||||
goto verify_cleanup;
|
goto verify_cleanup;
|
||||||
}
|
}
|
||||||
if (VB2_SUCCESS != vb2_unpack_key(&sign_key, pubkbuf, pubklen)) {
|
if (VB2_SUCCESS != vb2_unpack_key_buffer(&sign_key, pubkbuf, pubklen)) {
|
||||||
fprintf(stderr, "Error unpacking signpubkey.\n");
|
fprintf(stderr, "Error unpacking signpubkey.\n");
|
||||||
goto verify_cleanup;
|
goto verify_cleanup;
|
||||||
}
|
}
|
||||||
@@ -254,9 +254,7 @@ static int do_verify(const char *infile, const char *signpubkey,
|
|||||||
|
|
||||||
struct vb2_public_key data_key;
|
struct vb2_public_key data_key;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS !=
|
||||||
vb2_unpack_key(&data_key, (const uint8_t *)&keyblock->data_key,
|
vb2_unpack_key(&data_key, &keyblock->data_key)) {
|
||||||
keyblock->data_key.key_offset +
|
|
||||||
keyblock->data_key.key_size)) {
|
|
||||||
fprintf(stderr, "Error parsing data key.\n");
|
fprintf(stderr, "Error parsing data key.\n");
|
||||||
goto verify_cleanup;
|
goto verify_cleanup;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -189,9 +189,7 @@ static int Unpack(const char *infile, const char *datapubkey,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
struct vb2_public_key key;
|
struct vb2_public_key key;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS != vb2_unpack_key(&key, sign_key)) {
|
||||||
vb2_unpack_key(&key, (uint8_t *)sign_key,
|
|
||||||
sign_key->key_offset + sign_key->key_size)) {
|
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"vbutil_keyblock: Error reading signpubkey.\n");
|
"vbutil_keyblock: Error reading signpubkey.\n");
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
@@ -501,11 +501,7 @@ int VerifyKernelBlob(uint8_t *kernel_blob,
|
|||||||
|
|
||||||
if (signpub_key) {
|
if (signpub_key) {
|
||||||
struct vb2_public_key pubkey;
|
struct vb2_public_key pubkey;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS != vb2_unpack_key(&pubkey, signpub_key)) {
|
||||||
vb2_unpack_key(&pubkey,
|
|
||||||
(uint8_t *)signpub_key,
|
|
||||||
signpub_key->key_offset +
|
|
||||||
signpub_key->key_size)) {
|
|
||||||
fprintf(stderr, "Error unpacking signing key.\n");
|
fprintf(stderr, "Error unpacking signing key.\n");
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@@ -568,9 +564,7 @@ int VerifyKernelBlob(uint8_t *kernel_blob,
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct vb2_public_key pubkey;
|
struct vb2_public_key pubkey;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS != vb2_unpack_key(&pubkey, data_key)) {
|
||||||
vb2_unpack_key(&pubkey, (uint8_t *)data_key,
|
|
||||||
data_key->key_offset + data_key->key_size)) {
|
|
||||||
fprintf(stderr, "Error parsing data key.\n");
|
fprintf(stderr, "Error parsing data key.\n");
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@@ -743,9 +737,7 @@ enum futil_file_type ft_recognize_vblock1(uint8_t *buf, uint32_t len)
|
|||||||
/* Try unpacking the data key from the keyblock */
|
/* Try unpacking the data key from the keyblock */
|
||||||
struct vb2_public_key data_key;
|
struct vb2_public_key data_key;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS !=
|
||||||
vb2_unpack_key(&data_key, (const uint8_t *)&keyblock->data_key,
|
vb2_unpack_key(&data_key, &keyblock->data_key)) {
|
||||||
keyblock->data_key.key_offset +
|
|
||||||
keyblock->data_key.key_size)) {
|
|
||||||
/* It looks like a bad keyblock, but still a keyblock */
|
/* It looks like a bad keyblock, but still a keyblock */
|
||||||
free(buf2);
|
free(buf2);
|
||||||
return FILE_TYPE_KEYBLOCK;
|
return FILE_TYPE_KEYBLOCK;
|
||||||
|
|||||||
@@ -25,7 +25,9 @@
|
|||||||
int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size)
|
int packed_key_looks_ok(const struct vb2_packed_key *key, uint32_t size)
|
||||||
{
|
{
|
||||||
struct vb2_public_key pubkey;
|
struct vb2_public_key pubkey;
|
||||||
if (VB2_SUCCESS != vb2_unpack_key(&pubkey, (const uint8_t *)key, size))
|
if (VB2_SUCCESS != vb2_unpack_key_buffer(&pubkey,
|
||||||
|
(const uint8_t *)key,
|
||||||
|
size))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (key->key_version > VB2_MAX_KEY_VERSION) {
|
if (key->key_version > VB2_MAX_KEY_VERSION) {
|
||||||
|
|||||||
@@ -194,7 +194,7 @@ int vb2_load_kernel_preamble(struct vb2_context *ctx)
|
|||||||
return mock_load_kernel_preamble_retval;
|
return mock_load_kernel_preamble_retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const uint8_t *buf,
|
||||||
uint32_t size)
|
uint32_t size)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -117,7 +117,7 @@ int vb2_load_fw_preamble(struct vb2_context *ctx)
|
|||||||
return retval_vb2_load_fw_preamble;
|
return retval_vb2_load_fw_preamble;
|
||||||
}
|
}
|
||||||
|
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const uint8_t *buf,
|
||||||
uint32_t size)
|
uint32_t size)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -35,44 +35,49 @@ static void test_unpack_key(const struct vb2_packed_key *key1)
|
|||||||
struct vb2_packed_key *key = (struct vb2_packed_key *)buf;
|
struct vb2_packed_key *key = (struct vb2_packed_key *)buf;
|
||||||
|
|
||||||
memcpy(key, key1, size);
|
memcpy(key, key1, size);
|
||||||
TEST_SUCC(vb2_unpack_key(&pubk, buf, size), "vb2_unpack_key() ok");
|
TEST_SUCC(vb2_unpack_key_buffer(&pubk, buf, size),
|
||||||
|
"vb2_unpack_key_buffer() ok");
|
||||||
|
|
||||||
TEST_EQ(pubk.sig_alg, vb2_crypto_to_signature(key->algorithm),
|
TEST_EQ(pubk.sig_alg, vb2_crypto_to_signature(key->algorithm),
|
||||||
"vb2_unpack_key() sig_alg");
|
"vb2_unpack_key_buffer() sig_alg");
|
||||||
TEST_EQ(pubk.hash_alg, vb2_crypto_to_hash(key->algorithm),
|
TEST_EQ(pubk.hash_alg, vb2_crypto_to_hash(key->algorithm),
|
||||||
"vb2_unpack_key() hash_alg");
|
"vb2_unpack_key_buffer() hash_alg");
|
||||||
|
|
||||||
|
|
||||||
memcpy(key, key1, size);
|
memcpy(key, key1, size);
|
||||||
key->algorithm = VB2_ALG_COUNT;
|
key->algorithm = VB2_ALG_COUNT;
|
||||||
TEST_EQ(vb2_unpack_key(&pubk, buf, size),
|
TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size),
|
||||||
VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
|
VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM,
|
||||||
"vb2_unpack_key() invalid algorithm");
|
"vb2_unpack_key_buffer() invalid algorithm");
|
||||||
|
|
||||||
memcpy(key, key1, size);
|
memcpy(key, key1, size);
|
||||||
key->key_size--;
|
key->key_size--;
|
||||||
TEST_EQ(vb2_unpack_key(&pubk, buf, size),
|
TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size),
|
||||||
VB2_ERROR_UNPACK_KEY_SIZE,
|
VB2_ERROR_UNPACK_KEY_SIZE,
|
||||||
"vb2_unpack_key() invalid size");
|
"vb2_unpack_key_buffer() invalid size");
|
||||||
|
|
||||||
memcpy(key, key1, size);
|
memcpy(key, key1, size);
|
||||||
key->key_offset++;
|
key->key_offset++;
|
||||||
TEST_EQ(vb2_unpack_key(&pubk, buf, size + 1),
|
TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size + 1),
|
||||||
VB2_ERROR_UNPACK_KEY_ALIGN,
|
VB2_ERROR_UNPACK_KEY_ALIGN,
|
||||||
"vb2_unpack_key() unaligned data");
|
"vb2_unpack_key_buffer() unaligned data");
|
||||||
|
|
||||||
memcpy(key, key1, size);
|
memcpy(key, key1, size);
|
||||||
*(uint32_t *)(buf + key->key_offset) /= 2;
|
*(uint32_t *)(buf + key->key_offset) /= 2;
|
||||||
TEST_EQ(vb2_unpack_key(&pubk, buf, size),
|
TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size),
|
||||||
VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
|
VB2_ERROR_UNPACK_KEY_ARRAY_SIZE,
|
||||||
"vb2_unpack_key() invalid key array size");
|
"vb2_unpack_key_buffer() invalid key array size");
|
||||||
|
|
||||||
memcpy(key, key1, size);
|
memcpy(key, key1, size);
|
||||||
TEST_EQ(vb2_unpack_key(&pubk, buf, size - 1),
|
TEST_EQ(vb2_unpack_key_buffer(&pubk, buf, size - 1),
|
||||||
VB2_ERROR_INSIDE_DATA_OUTSIDE,
|
VB2_ERROR_INSIDE_DATA_OUTSIDE,
|
||||||
"vb2_unpack_key() buffer too small");
|
"vb2_unpack_key_buffer() buffer too small");
|
||||||
|
|
||||||
free(key);
|
free(key);
|
||||||
|
|
||||||
|
TEST_EQ(vb2_unpack_key(&pubk, NULL),
|
||||||
|
VB2_ERROR_UNPACK_KEY_BUFFER,
|
||||||
|
"vb2_unpack_key_() buffer NULL");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void test_verify_data(const struct vb2_packed_key *key1,
|
static void test_verify_data(const struct vb2_packed_key *key1,
|
||||||
@@ -82,7 +87,6 @@ static void test_verify_data(const struct vb2_packed_key *key1,
|
|||||||
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
|
__attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
|
||||||
struct vb2_workbuf wb;
|
struct vb2_workbuf wb;
|
||||||
|
|
||||||
uint32_t pubkey_size = key1->key_offset + key1->key_size;
|
|
||||||
struct vb2_public_key pubk, pubk_orig;
|
struct vb2_public_key pubk, pubk_orig;
|
||||||
uint32_t sig_total_size = sig->sig_offset + sig->sig_size;
|
uint32_t sig_total_size = sig->sig_offset + sig->sig_size;
|
||||||
struct vb2_signature *sig2;
|
struct vb2_signature *sig2;
|
||||||
@@ -92,8 +96,7 @@ static void test_verify_data(const struct vb2_packed_key *key1,
|
|||||||
/* Allocate signature copy for tests */
|
/* Allocate signature copy for tests */
|
||||||
sig2 = (struct vb2_signature *)malloc(sig_total_size);
|
sig2 = (struct vb2_signature *)malloc(sig_total_size);
|
||||||
|
|
||||||
TEST_EQ(vb2_unpack_key(&pubk, (uint8_t *)key1, pubkey_size),
|
TEST_SUCC(vb2_unpack_key(&pubk, key1), "vb2_verify_data() unpack key");
|
||||||
0, "vb2_verify_data() unpack key");
|
|
||||||
pubk_orig = pubk;
|
pubk_orig = pubk;
|
||||||
|
|
||||||
memcpy(sig2, sig, sig_total_size);
|
memcpy(sig2, sig, sig_total_size);
|
||||||
|
|||||||
@@ -216,8 +216,7 @@ static void test_verify_fw_preamble(struct vb2_packed_key *public_key,
|
|||||||
/* Create a dummy signature */
|
/* Create a dummy signature */
|
||||||
struct vb2_signature *body_sig = vb2_alloc_signature(56, 78);
|
struct vb2_signature *body_sig = vb2_alloc_signature(56, 78);
|
||||||
|
|
||||||
TEST_SUCC(vb2_unpack_key(&rsa, (uint8_t *)public_key,
|
TEST_SUCC(vb2_unpack_key(&rsa, public_key),
|
||||||
public_key->key_offset + public_key->key_size),
|
|
||||||
"vb2_verify_fw_preamble() prereq key");
|
"vb2_verify_fw_preamble() prereq key");
|
||||||
|
|
||||||
hdr = vb2_create_fw_preamble(0x1234, kernel_subkey, body_sig,
|
hdr = vb2_create_fw_preamble(0x1234, kernel_subkey, body_sig,
|
||||||
@@ -359,8 +358,7 @@ static void test_verify_kernel_preamble(
|
|||||||
/* Create a dummy signature */
|
/* Create a dummy signature */
|
||||||
struct vb2_signature *body_sig = vb2_alloc_signature(56, 0x214000);
|
struct vb2_signature *body_sig = vb2_alloc_signature(56, 0x214000);
|
||||||
|
|
||||||
TEST_SUCC(vb2_unpack_key(&rsa, (uint8_t *)public_key,
|
TEST_SUCC(vb2_unpack_key(&rsa, public_key),
|
||||||
public_key->key_offset + public_key->key_size),
|
|
||||||
"vb2_verify_kernel_preamble() prereq key");
|
"vb2_verify_kernel_preamble() prereq key");
|
||||||
|
|
||||||
struct vb2_kernel_preamble *hdr =
|
struct vb2_kernel_preamble *hdr =
|
||||||
@@ -563,7 +561,7 @@ int test_permutation(int signing_key_algorithm, int data_key_algorithm,
|
|||||||
/* Unpack public key */
|
/* Unpack public key */
|
||||||
struct vb2_public_key signing_public_key2;
|
struct vb2_public_key signing_public_key2;
|
||||||
if (VB2_SUCCESS !=
|
if (VB2_SUCCESS !=
|
||||||
vb2_unpack_key(&signing_public_key2,
|
vb2_unpack_key_buffer(&signing_public_key2,
|
||||||
(uint8_t *)signing_public_key,
|
(uint8_t *)signing_public_key,
|
||||||
signing_public_key->key_offset +
|
signing_public_key->key_offset +
|
||||||
signing_public_key->key_size)) {
|
signing_public_key->key_size)) {
|
||||||
|
|||||||
@@ -167,7 +167,7 @@ int vb2ex_read_resource(struct vb2_context *ctx,
|
|||||||
return VB2_SUCCESS;
|
return VB2_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const uint8_t *buf,
|
||||||
uint32_t size)
|
uint32_t size)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -146,7 +146,7 @@ int vb2ex_read_resource(struct vb2_context *ctx,
|
|||||||
return VB2_SUCCESS;
|
return VB2_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const uint8_t *buf,
|
||||||
uint32_t size)
|
uint32_t size)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -114,9 +114,7 @@ int main(int argc, char *argv[])
|
|||||||
fprintf(stderr, "Couldn't read RSA public key for the test.\n");
|
fprintf(stderr, "Couldn't read RSA public key for the test.\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) {
|
||||||
if (VB2_SUCCESS != vb2_unpack_key(&k2, (const uint8_t *)pk,
|
|
||||||
pk->key_offset + pk->key_size)) {
|
|
||||||
fprintf(stderr, "Couldn't unpack RSA public key.\n");
|
fprintf(stderr, "Couldn't unpack RSA public key.\n");
|
||||||
free(pk);
|
free(pk);
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
@@ -96,7 +96,7 @@ static void copy_kbh(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Mocks */
|
/* Mocks */
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const uint8_t *buf,
|
||||||
uint32_t size)
|
uint32_t size)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -243,7 +243,7 @@ void GetCurrentKernelUniqueGuid(GptData *gpt, void *dest)
|
|||||||
memcpy(dest, fake_guid, sizeof(fake_guid));
|
memcpy(dest, fake_guid, sizeof(fake_guid));
|
||||||
}
|
}
|
||||||
|
|
||||||
int vb2_unpack_key(struct vb2_public_key *key,
|
int vb2_unpack_key_buffer(struct vb2_public_key *key,
|
||||||
const uint8_t *buf,
|
const uint8_t *buf,
|
||||||
uint32_t size)
|
uint32_t size)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -97,8 +97,7 @@ int main(int argc, char* argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct vb2_public_key k2;
|
struct vb2_public_key k2;
|
||||||
if (VB2_SUCCESS != vb2_unpack_key(&k2, (const uint8_t *)pk,
|
if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) {
|
||||||
pk->key_offset + pk->key_size)) {
|
|
||||||
fprintf(stderr, "Can't unpack RSA public key.\n");
|
fprintf(stderr, "Can't unpack RSA public key.\n");
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user