vboot2: Split keyblock checking and signature validation

This is necessary for the next change, which adds keyblock hash checking. Also clean up some other assorted comments, and move the diagnostic check of root key to see if it's the checked-in one earlier in firmware preamble validation so it's closer to where the root key is loaded. No functional or higher-level API changes; just shuffling around code under the covers. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: Ibc3960a4d882dc2ad8684e235db4b9d066eac080 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/272223 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
2025-11-26 19:25:02 +00:00 · 2015-05-19 12:45:20 -07:00
parent 2d25e837cc
commit b87d1ec118
7 changed files with 204 additions and 99 deletions
--- a/firmware/lib20/common.c
+++ b/firmware/lib20/common.c
@@ -130,35 +130,30 @@ int vb2_verify_data(const uint8_t *data,
 	return vb2_verify_digest(key, sig, digest, &wblocal);
 }

-int vb2_verify_keyblock(struct vb2_keyblock *block,
-			uint32_t size,
-			const struct vb2_public_key *key,
-			const struct vb2_workbuf *wb)
+int vb2_check_keyblock(const struct vb2_keyblock *block,
+		       uint32_t size,
+		       const struct vb2_signature *sig)
 {
-	struct vb2_signature *sig;
-	int rv;
-
-	/* Sanity checks before attempting signature of data */
 	if(size < sizeof(*block)) {
 		VB2_DEBUG("Not enough space for key block header.\n");
 		return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER;
 	}
+
 	if (memcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) {
 		VB2_DEBUG("Not a valid verified boot key block.\n");
 		return VB2_ERROR_KEYBLOCK_MAGIC;
 	}
+
 	if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) {
 		VB2_DEBUG("Incompatible key block header version.\n");
 		return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
 	}
+
 	if (size < block->keyblock_size) {
 		VB2_DEBUG("Not enough data for key block.\n");
 		return VB2_ERROR_KEYBLOCK_SIZE;
 	}

-	/* Check signature */
-	sig = &block->keyblock_signature;
-
 	if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) {
 		VB2_DEBUG("Key block signature off end of block\n");
 		return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE;
@@ -170,13 +165,6 @@ int vb2_verify_keyblock(struct vb2_keyblock *block,
 		return VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH;
 	}

-	VB2_DEBUG("Checking key block signature...\n");
-	rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb);
-	if (rv) {
-		VB2_DEBUG("Invalid key block signature.\n");
-		return VB2_ERROR_KEYBLOCK_SIG_INVALID;
-	}
-
 	/* Verify we signed enough data */
 	if (sig->data_size < sizeof(struct vb2_keyblock)) {
 		VB2_DEBUG("Didn't sign enough data\n");
@@ -195,6 +183,29 @@ int vb2_verify_keyblock(struct vb2_keyblock *block,
 		return VB2_ERROR_KEYBLOCK_DATA_KEY_UNSIGNED;
 	}

+	return VB2_SUCCESS;
+}
+
+int vb2_verify_keyblock(struct vb2_keyblock *block,
+			uint32_t size,
+			const struct vb2_public_key *key,
+			const struct vb2_workbuf *wb)
+{
+	struct vb2_signature *sig = &block->keyblock_signature;
+	int rv;
+
+	/* Sanity check keyblock before attempting signature check of data */
+	rv = vb2_check_keyblock(block, size, sig);
+	if (rv)
+		return rv;
+
+	VB2_DEBUG("Checking key block signature...\n");
+	rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb);
+	if (rv) {
+		VB2_DEBUG("Invalid key block signature.\n");
+		return VB2_ERROR_KEYBLOCK_SIG_INVALID;
+	}
+
 	/* Success */
 	return VB2_SUCCESS;
 }