1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
/* Copyright 2017 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
/*
* Common utility APIs for vboot 2.1
*/
#include "common.h"
#include "host_command.h"
#include "rsa.h"
#include "rwsig.h"
#include "system.h"
#include "vb21_struct.h"
#include "vboot.h"
int vb21_is_packed_key_valid(const struct vb21_packed_key *key)
{
if (key->c.magic != VB21_MAGIC_PACKED_KEY)
return EC_ERROR_VBOOT_KEY_MAGIC;
if (key->key_size != sizeof(struct rsa_public_key))
return EC_ERROR_VBOOT_KEY_SIZE;
return EC_SUCCESS;
}
int vb21_is_signature_valid(const struct vb21_signature *sig,
const struct vb21_packed_key *key)
{
if (sig->c.magic != VB21_MAGIC_SIGNATURE)
return EC_ERROR_VBOOT_SIG_MAGIC;
if (sig->sig_size != RSANUMBYTES)
return EC_ERROR_VBOOT_SIG_SIZE;
if (key->sig_alg != sig->sig_alg)
return EC_ERROR_VBOOT_SIG_ALGORITHM;
if (key->hash_alg != sig->hash_alg)
return EC_ERROR_VBOOT_HASH_ALGORITHM;
/* Validity check signature offset and data size. */
if (sig->sig_offset < sizeof(*sig))
return EC_ERROR_VBOOT_SIG_OFFSET;
if (sig->sig_offset + RSANUMBYTES > CONFIG_RW_SIG_SIZE)
return EC_ERROR_VBOOT_SIG_OFFSET;
if (sig->data_size > CONFIG_RW_SIZE - CONFIG_RW_SIG_SIZE)
return EC_ERROR_VBOOT_DATA_SIZE;
return EC_SUCCESS;
}
const struct vb21_packed_key *vb21_get_packed_key(void)
{
return (const struct vb21_packed_key *)(CONFIG_RO_PUBKEY_ADDR);
}
static void read_rwsig_info(struct ec_response_rwsig_info *r)
{
const struct vb21_packed_key *vb21_key;
int rv;
vb21_key = vb21_get_packed_key();
r->sig_alg = vb21_key->sig_alg;
r->hash_alg = vb21_key->hash_alg;
r->key_version = vb21_key->key_version;
{ BUILD_ASSERT(sizeof(r->key_id) == sizeof(vb21_key->id),
"key ID sizes must match"); }
{ BUILD_ASSERT(sizeof(vb21_key->id) == sizeof(vb21_key->id.raw),
"key ID sizes must match"); }
memcpy(r->key_id, vb21_key->id.raw, sizeof(r->key_id));
rv = vb21_is_packed_key_valid(vb21_key);
r->key_is_valid = (rv == EC_SUCCESS);
}
static int command_rwsig_info(int argc, char **argv)
{
int i;
struct ec_response_rwsig_info r;
read_rwsig_info(&r);
ccprintf("sig_alg: %d\n", r.sig_alg);
ccprintf("key_version: %d\n", r.key_version);
ccprintf("hash_alg: %d\n", r.hash_alg);
ccprintf("key_is_valid: %d\n", r.key_is_valid);
ccprintf("key_id: ");
for (i = 0; i < sizeof(r.key_id); i++)
ccprintf("%x", r.key_id[i]);
ccprintf("\n");
return EC_SUCCESS;
}
DECLARE_CONSOLE_COMMAND(rwsiginfo, command_rwsig_info, NULL,
"Display rwsig info on console.");
static enum ec_status
host_command_rwsig_info(struct host_cmd_handler_args *args)
{
struct ec_response_rwsig_info *r = args->response;
read_rwsig_info(r);
args->response_size = sizeof(*r);
return EC_RES_SUCCESS;
}
DECLARE_HOST_COMMAND(EC_CMD_RWSIG_INFO, host_command_rwsig_info,
EC_VER_MASK(EC_VER_RWSIG_INFO));
|