Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / vboot_reference / 08df9b88a36b7a351305a06b2849c5fcdac54135^! / . / crypto / rsa_utility.c
commit08df9b88a36b7a351305a06b2849c5fcdac54135[log] [tgz]
authorGaurav Shah <gauravsh@google.com>Tue Feb 23 16:16:23 2010 -0800
committerGaurav Shah <gauravsh@google.com>Tue Feb 23 16:16:23 2010 -0800
treee2be8046e7de81b377586caac1256eb58dd21386
parent4a3189fb264c6a77ca23a077490e83152fc42c0d [diff] [blame]
Vboot Reference: Add the "real" reference firmware verification function (VerifyFirmware).

The old VerifyFirmware function (now called VerifyFirmwareImage) works on the FirmwareImage structure. This CL adds a verification function which can be used directly on packed binary verified boot firmware blobs. This function can be used as the reference implementation for verified boot in firmware. In addition, all functions that work on FirmwareImage structure have been renames to distinguish them from those which work on binary firmware blobs.

In addition, this adds some new crypto utility functions and refactors old ones.
BUG=670
TEST=Added tests for the new function and they pass.

Review URL: http://codereview.chromium.org/650105

diff --git a/crypto/rsa_utility.c b/crypto/rsa_utility.c
index 2215b7c..a64b062 100644
--- a/crypto/rsa_utility.c
+++ b/crypto/rsa_utility.c

@@ -7,6 +7,7 @@
 
 #include "padding.h"
 #include "rsa_utility.h"
+#include "sha_utility.h"
 #include "utility.h"
 
 int RSAProcessedKeySize(int algorithm) {
@@ -19,12 +20,20 @@
   return (2 * key_len + sizeof(int) + sizeof(uint32_t));
 }
 
-RSAPublicKey* RSAPublicKeyFromBuf(uint8_t* buf, int len) {
+void RSAPublicKeyFree(RSAPublicKey* key) {
+  if (key) {
+    Free(key->n);
+    Free(key->rr);
+    Free(key);
+  }
+}
+
+RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, int len) {
   RSAPublicKey* key = (RSAPublicKey*) Malloc(sizeof(RSAPublicKey));
   MemcpyState st;
   int key_len;
 
-  st.remaining_buf = buf;
+  st.remaining_buf = (uint8_t*) buf;
   st.remaining_len = len;
 
   StatefulMemcpy(&st, &key->len, sizeof(key->len));
@@ -44,3 +53,36 @@
 
   return key;
 }
+
+int RSAVerifyBinary_f(const uint8_t* key_blob,
+                      const RSAPublicKey* key,
+                      const uint8_t* buf,
+                      int len,
+                      const uint8_t* sig,
+                      int algorithm) {
+  RSAPublicKey* verification_key = NULL;
+  uint8_t* digest = NULL;
+  int key_size;
+  int sig_size;
+  int success;
+
+  if (algorithm >= kNumAlgorithms)
+    return 0;  /* Invalid algorithm. */
+  key_size = RSAProcessedKeySize(algorithm);
+  sig_size = siglen_map[algorithm] * sizeof(uint32_t);
+
+  if (key_blob && !key)
+    verification_key = RSAPublicKeyFromBuf(key_blob, key_size);
+  else if (!key_blob && key)
+    verification_key = (RSAPublicKey*) key;  /* Supress const warning. */
+  else
+    return 0; /* Both can't be NULL or non-NULL. */
+
+  digest = DigestBuf(buf, len, algorithm);
+  success = RSA_verify(verification_key, sig, sig_size, algorithm, digest);
+
+  Free(digest);
+  if (!key)
+    RSAPublicKeyFree(verification_key);  /* Only free if we allocated it. */
+  return success;
+}