vboot2: move verify digest to 2common

This removes code duplicated between 2common.c and 2rsa.c. This is in preparation for adding new unsigned hash algorithms. BUG=chromium:423882 BRANCH=none TEST=VBOOT2=1 make -j runtests Change-Id: Ic9c542ae14d3b7f786129c1d52f8963847a94fb8 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/224780 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
2025-11-27 11:44:02 +00:00 · 2014-10-17 16:41:46 -07:00
parent 6df3e33912
commit 9504754fee
8 changed files with 82 additions and 57 deletions
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -273,24 +273,11 @@ int vb2api_check_hash(struct vb2_context *ctx)
 	if (rv)
 		return rv;

-	/* Make sure body signature is the right size */
-	if (pre->body_signature.sig_size != vb2_rsa_sig_size(key.algorithm)) {
-		VB2_DEBUG("Wrong data signature size for algorithm, "
-			  "sig_size=%d, expected %d for algorithm %d.\n",
-			 (int)pre->body_signature.sig_size,
-			  vb2_rsa_sig_size(key.algorithm),
-			  key.algorithm);
-		return VB2_ERROR_API_CHECK_HASH_SIG_SIZE;
-	}
-
 	/*
 	 * Check digest vs. signature.  Note that this destroys the signature.
 	 * That's ok, because we only check each signature once per boot.
 	 */
-	rv = vb2_verify_digest(&key,
-			       vb2_signature_data(&pre->body_signature),
-			       digest,
-			       &wb);
+	rv = vb2_verify_digest(&key, &pre->body_signature, digest, &wb);
 	if (rv)
 		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);

--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -225,6 +225,24 @@ int vb2_unpack_key(struct vb2_public_key *key,
 	return VB2_SUCCESS;
 }

+int vb2_verify_digest(const struct vb2_public_key *key,
+		      struct vb2_signature *sig,
+		      const uint8_t *digest,
+		      struct vb2_workbuf *wb)
+{
+	uint8_t *sig_data = vb2_signature_data(sig);
+
+	if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) {
+		VB2_DEBUG("Wrong data signature size for algorithm, "
+			  "sig_size=%d, expected %d for algorithm %d.\n",
+			  sig->sig_size, vb2_rsa_sig_size(key->algorithm),
+			  key->algorithm);
+		return VB2_ERROR_VDATA_SIG_SIZE;
+	}
+
+	return vb2_rsa_verify_digest(key, sig_data, digest, wb);
+}
+
 int vb2_verify_data(const uint8_t *data,
 		    uint32_t size,
 		    struct vb2_signature *sig,
@@ -240,14 +258,6 @@ int vb2_verify_data(const uint8_t *data,
 	if (key->algorithm >= VB2_ALG_COUNT)
 		return VB2_ERROR_VDATA_ALGORITHM;

-	if (sig->sig_size != vb2_rsa_sig_size(key->algorithm)) {
-		VB2_DEBUG("Wrong data signature size for algorithm, "
-			 "sig_size=%d, expected %d for algorithm %d.\n",
-			 (int)sig->sig_size, vb2_rsa_sig_size(key->algorithm),
-			 key->algorithm);
-		return VB2_ERROR_VDATA_SIG_SIZE;
-	}
-
 	if (sig->data_size > size) {
 		VB2_DEBUG("Data buffer smaller than length of signed data.\n");
 		return VB2_ERROR_VDATA_NOT_ENOUGH_DATA;
@@ -255,6 +265,9 @@ int vb2_verify_data(const uint8_t *data,

 	/* Digest goes at start of work buffer */
 	digest_size = vb2_digest_size(key->algorithm);
+	if (!digest_size)
+		return VB2_ERROR_VDATA_DIGEST_SIZE;
+
 	digest = vb2_workbuf_alloc(&wblocal, digest_size);
 	if (!digest)
 		return VB2_ERROR_VDATA_WORKBUF_DIGEST;
@@ -278,8 +291,7 @@ int vb2_verify_data(const uint8_t *data,

 	vb2_workbuf_free(&wblocal, sizeof(*dc));

-	return vb2_verify_digest(key, vb2_signature_data(sig), digest,
-				 &wblocal);
+	return vb2_verify_digest(key, sig, digest, &wblocal);
 }

 int vb2_verify_keyblock(struct vb2_keyblock *block,
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -165,7 +165,9 @@ uint32_t vb2_rsa_sig_size(uint32_t algorithm)

 uint32_t vb2_packed_key_size(uint32_t algorithm)
 {
-	if (algorithm >= VB2_ALG_COUNT)
+	uint32_t sig_size = vb2_rsa_sig_size(algorithm);
+
+	if (!sig_size)
 		return 0;

 	/*
@@ -173,7 +175,7 @@ uint32_t vb2_packed_key_size(uint32_t algorithm)
 	 *  2 * key_len bytes for the n and rr arrays
 	 *  + sizeof len + sizeof n0inv.
 	 */
-	return 2 * vb2_rsa_sig_size(algorithm) + 2 * sizeof(uint32_t);
+	return 2 * sig_size + 2 * sizeof(uint32_t);
 }

 /*
@@ -274,10 +276,10 @@ int vb2_check_padding(uint8_t *sig, int algorithm)
 	return result ? VB2_ERROR_RSA_PADDING : VB2_SUCCESS;
 }

-int vb2_verify_digest(const struct vb2_public_key *key,
-		      uint8_t *sig,
-		      const uint8_t *digest,
-		      struct vb2_workbuf *wb)
+int vb2_rsa_verify_digest(const struct vb2_public_key *key,
+			  uint8_t *sig,
+			  const uint8_t *digest,
+			  struct vb2_workbuf *wb)
 {
 	struct vb2_workbuf wblocal = *wb;
 	uint32_t *workbuf32;
@@ -288,7 +290,7 @@ int vb2_verify_digest(const struct vb2_public_key *key,
 	if (!key || !sig || !digest)
 		return VB2_ERROR_RSA_VERIFY_PARAM;

-	if (key->algorithm >= VB2_ALG_COUNT) {
+	if (key->algorithm > VB2_ALG_RSA8192_SHA512) {
 		VB2_DEBUG("Invalid signature type!\n");
 		return VB2_ERROR_RSA_VERIFY_ALGORITHM;
 	}
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -214,6 +214,23 @@ int vb2_unpack_key(struct vb2_public_key *key,
 		   const uint8_t *buf,
 		   uint32_t size);

+/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
+#define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
+
+/**
+ * Verify a signature against an expected hash digest.
+ *
+ * @param key		Key to use in signature verification
+ * @param sig		Signature to verify (may be destroyed in process)
+ * @param digest	Digest of signed data
+ * @param wb		Work buffer
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+int vb2_verify_digest(const struct vb2_public_key *key,
+		      struct vb2_signature *sig,
+		      const uint8_t *digest,
+		      struct vb2_workbuf *wb);
+
 /* Size of work buffer sufficient for vb2_verify_data() worst case */
 #define VB2_VERIFY_DATA_WORKBUF_BYTES					\
 	(VB2_SHA512_DIGEST_SIZE +					\
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -155,6 +155,12 @@ enum vb2_return_code {
 	/* Not enough work buffer for hash temp data in vb2_verify_data() */
 	VB2_ERROR_VDATA_WORKBUF_HASHING,

+	/*
+	 * Bad digest size in vb2_verify_data() - probably because algorithm
+	 * is bad.
+	 */
+	VB2_ERROR_VDATA_DIGEST_SIZE,
+
        /**********************************************************************
 	 * Keyblock verification errors (all in vb2_verify_keyblock())
 	 */
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -44,8 +44,8 @@ uint32_t vb2_packed_key_size(uint32_t algorithm);
 */
 int vb2_check_padding(uint8_t *sig, int algorithm);

-/* Size of work buffer sufficient for vb2_verify_digest() worst case */
-#define VB2_VERIFY_DIGEST_WORKBUF_BYTES (3 * 1024)
+/* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
+#define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024)

 /**
 * Verify a RSA PKCS1.5 signature against an expected hash digest.
@@ -56,9 +56,9 @@ int vb2_check_padding(uint8_t *sig, int algorithm);
 * @param wb		Work buffer
 * @return VB2_SUCCESS, or non-zero if error.
 */
-int vb2_verify_digest(const struct vb2_public_key *key,
-		      uint8_t *sig,
-		      const uint8_t *digest,
-		      struct vb2_workbuf *wb);
+int vb2_rsa_verify_digest(const struct vb2_public_key *key,
+			  uint8_t *sig,
+			  const uint8_t *digest,
+			  struct vb2_workbuf *wb);

 #endif  /* VBOOT_REFERENCE_2RSA_H_ */
--- a/tests/vb2_api_tests.c
+++ b/tests/vb2_api_tests.c
@@ -176,10 +176,10 @@ uint32_t vb2_rsa_sig_size(uint32_t algorithm)
 	return mock_sig_size;
 }

-int vb2_verify_digest(const struct vb2_public_key *key,
-		      uint8_t *sig,
-		      const uint8_t *digest,
-		      struct vb2_workbuf *wb)
+int vb2_rsa_verify_digest(const struct vb2_public_key *key,
+			  uint8_t *sig,
+			  const uint8_t *digest,
+			  struct vb2_workbuf *wb)
 {
 	return retval_vb2_verify_digest;
 }
@@ -426,7 +426,7 @@ static void check_hash_tests(void)
 		(cc.workbuf + sd->workbuf_preamble_offset);
 	pre->body_signature.sig_size++;
 	TEST_EQ(vb2api_check_hash(&cc),
-		VB2_ERROR_API_CHECK_HASH_SIG_SIZE, "check hash sig size");
+		VB2_ERROR_VDATA_SIG_SIZE, "check hash sig size");

 	reset_common_data(FOR_CHECK_HASH);
 	retval_vb2_digest_finalize = VB2_ERROR_RSA_VERIFY_DIGEST;
--- a/tests/vb2_rsa_padding_tests.c
+++ b/tests/vb2_rsa_padding_tests.c
@@ -51,14 +51,15 @@ static void test_signatures(const struct vb2_public_key *key)

 	/* The first test signature is valid. */
 	Memcpy(sig, signatures[0], sizeof(sig));
-	TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+	TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		  "RSA Padding Test valid sig");

 	/* All other signatures should fail verification. */
 	unexpected_success = 0;
 	for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
 		Memcpy(sig, signatures[i], sizeof(sig));
-		if (!vb2_verify_digest(key, sig, test_message_sha1_hash, &wb)) {
+		if (!vb2_rsa_verify_digest(key, sig,
+					   test_message_sha1_hash, &wb)) {
 			fprintf(stderr,
 				"RSA Padding Test vector %d FAILED!\n", i);
 			unexpected_success++;
@@ -69,7 +70,7 @@ static void test_signatures(const struct vb2_public_key *key)


 /**
- * Test other error conditions in vb2_verify_digest().
+ * Test other error conditions in vb2_rsa_verify_digest().
 */
 static void test_verify_digest(struct vb2_public_key *key) {
 	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES];
@@ -79,40 +80,40 @@ static void test_verify_digest(struct vb2_public_key *key) {
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

 	Memcpy(sig, signatures[0], sizeof(sig));
-	TEST_SUCC(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
-		  "vb2_verify_digest() good");
+	TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
+		  "vb2_rsa_verify_digest() good");

 	Memcpy(sig, signatures[0], sizeof(sig));
 	vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
-	TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_VERIFY_WORKBUF,
-		"vb2_verify_digest() small workbuf");
+		"vb2_rsa_verify_digest() small workbuf");
 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));

 	key->algorithm += VB2_ALG_COUNT;
 	Memcpy(sig, signatures[0], sizeof(sig));
-	TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_VERIFY_ALGORITHM,
-		"vb2_verify_digest() bad key alg");
+		"vb2_rsa_verify_digest() bad key alg");
 	key->algorithm -= VB2_ALG_COUNT;

 	key->arrsize *= 2;
 	Memcpy(sig, signatures[0], sizeof(sig));
-	TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
+	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
 		VB2_ERROR_RSA_VERIFY_SIG_LEN,
-		"vb2_verify_digest() bad sig len");
+		"vb2_rsa_verify_digest() bad sig len");
 	key->arrsize /= 2;

 	/* Corrupt the signature near start and end */
 	Memcpy(sig, signatures[0], sizeof(sig));
 	sig[3] ^= 0x42;
-	TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
-		VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig");
+	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
+		VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");

 	Memcpy(sig, signatures[0], sizeof(sig));
 	sig[RSA1024NUMBYTES - 3] ^= 0x56;
-	TEST_EQ(vb2_verify_digest(key, sig, test_message_sha1_hash, &wb),
-		VB2_ERROR_RSA_PADDING, "vb2_verify_digest() bad sig end");
+	TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
+		VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
 }

 int main(int argc, char *argv[])