host_key2: Add VB2_SIG_ALG_COUNT to count the number of valid signatures

More reliable than simply assuming that VB2_SIG_RSA8192 is the last signature. BRANCH=none BUG=chromium:684354 TEST=rm tests/testkeys/key_*; make genkeys -j TEST=make runtests -j Change-Id: I755b3afb50313fcdf292fb3cd5b0dfe09f8593e3 Reviewed-on: https://chromium-review.googlesource.com/438948 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-11-25 02:35:22 +00:00 · 2017-02-07 14:55:33 +08:00
parent c7282f6bdc
commit 8c53e881f8
2 changed files with 7 additions and 2 deletions
--- a/firmware/2lib/include/2crypto.h
+++ b/firmware/2lib/include/2crypto.h
@@ -44,6 +44,9 @@ enum vb2_signature_algorithm {
 	VB2_SIG_RSA2048 = 3,
 	VB2_SIG_RSA4096 = 4,
 	VB2_SIG_RSA8192 = 5,
+
+	/* Last index. Don't add anything below. */
+	VB2_SIG_ALG_COUNT,
 };

 /* Algorithm types for hash digests */
--- a/host/lib/host_key2.c
+++ b/host/lib/host_key2.c
@@ -29,7 +29,7 @@ enum vb2_crypto_algorithm vb2_get_crypto_algorithm(
 		enum vb2_signature_algorithm sig_alg)
 {
 	/* Make sure algorithms are in the range supported by crypto alg */
-	if (sig_alg < VB2_SIG_RSA1024 || sig_alg > VB2_SIG_RSA8192)
+	if (sig_alg < VB2_SIG_RSA1024 || sig_alg >= VB2_SIG_ALG_COUNT)
 		return VB2_ALG_COUNT;
 	if (hash_alg < VB2_HASH_SHA1 || hash_alg > VB2_HASH_SHA512)
 		return VB2_ALG_COUNT;
@@ -129,8 +129,10 @@ int vb2_write_private_key(const char *filename,
 {
 	/* Convert back to legacy vb1 algorithm enum */
 	uint64_t alg = vb2_get_crypto_algorithm(key->hash_alg, key->sig_alg);
-	if (alg == VB2_ALG_COUNT)
+	if (alg == VB2_ALG_COUNT) {
+		fprintf(stderr, "Can't find crypto algorithm\n");
 		return VB2_ERROR_VB1_CRYPTO_ALGORITHM;
+	}

 	uint8_t *outbuf = NULL;
 	int buflen = i2d_RSAPrivateKey(key->rsa_private_key, &outbuf);