From e0a3f85a46b50bfc0197a75e800eec0ae893e466 Mon Sep 17 00:00:00 2001
From: Nicolas Boichat <drinkcat@google.com>
Date: Thu, 2 Mar 2017 22:35:32 +0800
Subject: [PATCH] host_keyblock: Fix vb2_create_keyblock_external

939cc3a "futility: Use only vboot 2.0 APIs for keyblocks" introduced
2 subtle bugs, and we could still pass unit tests. Until we start
adding more signing algorithms and sig_data_size != 0.

BUG=chromium:611535
BRANCH=none
TEST=make runtests

Change-Id: Ief95e5ab773185b59276cf06d1efaa29f1212466
Reviewed-on: https://chromium-review.googlesource.com/448399
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
---
 host/lib/host_keyblock.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c
index fad17df45d..c315aad318 100644
--- a/host/lib/host_keyblock.c
+++ b/host/lib/host_keyblock.c
@@ -95,7 +95,7 @@ struct vb2_keyblock *vb2_create_keyblock_external(
 		return NULL;
 
 	uint32_t signed_size = sizeof(struct vb2_keyblock) + data_key->key_size;
-	uint32_t sig_data_size = vb2_rsa_sig_size(algorithm);
+	uint32_t sig_data_size = vb2_rsa_sig_size(vb2_crypto_to_signature(algorithm));
 	uint32_t block_size =
 		signed_size + VB2_SHA512_DIGEST_SIZE + sig_data_size;
 
@@ -135,6 +135,7 @@ struct vb2_keyblock *vb2_create_keyblock_external(
 		vb2_external_signature((uint8_t*)h, signed_size,
 				       signing_key_pem_file, algorithm,
 				       external_signer);
+	vb2_copy_signature(&h->keyblock_signature, sigtmp);
 	free(sigtmp);
 
 	/* Return the header */