vboot: relocate vb2_signature and vb2_keybock structs
Move from vboot20 to vboot2.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib1fe0e2cfb0865fffe33ad35e7bd67d416da4589
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776291
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index e0232a5..535623f 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -300,4 +300,30 @@
uint32_t parent_size,
const struct vb2_packed_key *key);
+/*
+ * Helper functions to get data pointed to by a public key or signature.
+ */
+static __inline uint8_t *vb2_signature_data(struct vb2_signature *sig)
+{
+ return (uint8_t *)sig + sig->sig_offset;
+}
+
+/**
+ * Verify a signature is fully contained in its parent data
+ *
+ * @param parent Parent data
+ * @param parent_size Parent size in bytes
+ * @param sig Signature pointer
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+static __inline vb2_error_t vb2_verify_signature_inside(
+ const void *parent,
+ uint32_t parent_size,
+ const struct vb2_signature *sig)
+{
+ return vb2_verify_member_inside(parent, parent_size,
+ sig, sizeof(*sig),
+ sig->sig_offset, sig->sig_size);
+}
+
#endif /* VBOOT_REFERENCE_2COMMON_H_ */
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index fafc72b..8fa0254 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -20,19 +20,12 @@
#include "2crypto.h"
#include "2sysincludes.h"
-/*
- * Keyblock flags.
- *
- *The following flags set where the key is valid. Not used by firmware
- * verification; only kernel verification.
- */
-#define VB2_KEYBLOCK_FLAG_DEVELOPER_0 0x01 /* Developer switch off */
-#define VB2_KEYBLOCK_FLAG_DEVELOPER_1 0x02 /* Developer switch on */
-#define VB2_KEYBLOCK_FLAG_RECOVERY_0 0x04 /* Not recovery mode */
-#define VB2_KEYBLOCK_FLAG_RECOVERY_1 0x08 /* Recovery mode */
-#define VB2_GBB_HWID_DIGEST_SIZE 32
+/* "V2CT" = vb2_context.magic */
+#define VB2_CONTEXT_MAGIC 0x54433256
-/****************************************************************************/
+/* Current version of vb2_context struct */
+#define VB2_CONTEXT_VERSION_MAJOR 1
+#define VB2_CONTEXT_VERSION_MINOR 0
/* Flags for vb2_shared_data.flags */
enum vb2_shared_data_flags {
@@ -240,9 +233,11 @@
/* TODO: can we write a macro to produce this at compile time? */
#define VB2_GBB_XOR_SIGNATURE { 0x0e, 0x6d, 0x68, 0x68 }
+#define VB2_GBB_HWID_DIGEST_SIZE 32
+
/* VB2 GBB struct version */
-#define VB2_GBB_MAJOR_VER 1
-#define VB2_GBB_MINOR_VER 2
+#define VB2_GBB_MAJOR_VER 1
+#define VB2_GBB_MINOR_VER 2
/* v1.2 - added fields for sha256 digest of the HWID */
struct vb2_gbb_header {
@@ -278,12 +273,13 @@
_Static_assert(VB2_GBB_FLAGS_OFFSET == offsetof(struct vb2_gbb_header, flags),
"VB2_GBB_FLAGS_OFFSET set incorrectly");
+/****************************************************************************/
+
/*
* Root key hash for Ryu devices only. Contains the hash of the root key.
* This will be embedded somewhere inside the RO part of the firmware, so that
* it can verify the GBB contains only the official root key.
*/
-
#define RYU_ROOT_KEY_HASH_MAGIC "RtKyHash"
#define RYU_ROOT_KEY_HASH_MAGIC_INVCASE "rTkYhASH"
#define RYU_ROOT_KEY_HASH_MAGIC_SIZE 8
@@ -314,6 +310,8 @@
#define EXPECTED_VB2_RYU_ROOT_KEY_HASH_SIZE 48
+/****************************************************************************/
+
/* Packed public key data */
struct vb2_packed_key {
/* Offset of key data from start of this struct */
@@ -337,4 +335,91 @@
#define EXPECTED_VB2_PACKED_KEY_SIZE 32
+/****************************************************************************/
+
+/* Signature data (a secure hash, possibly signed) */
+struct vb2_signature {
+ /* Offset of signature data from start of this struct */
+ uint32_t sig_offset;
+ uint32_t reserved0;
+
+ /* Size of signature data in bytes */
+ uint32_t sig_size;
+ uint32_t reserved1;
+
+ /* Size of the data block which was signed in bytes */
+ uint32_t data_size;
+ uint32_t reserved2;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_SIGNATURE_SIZE 24
+
+/****************************************************************************/
+
+#define VB2_KEYBLOCK_MAGIC "CHROMEOS"
+#define VB2_KEYBLOCK_MAGIC_SIZE 8
+
+#define VB2_KEYBLOCK_VERSION_MAJOR 2
+#define VB2_KEYBLOCK_VERSION_MINOR 1
+
+/*
+ * Keyblock flags.
+ *
+ * The following flags set where the key is valid. Not used by firmware
+ * verification; only kernel verification.
+ */
+#define VB2_KEYBLOCK_FLAG_DEVELOPER_0 0x1 /* Developer switch off */
+#define VB2_KEYBLOCK_FLAG_DEVELOPER_1 0x2 /* Developer switch on */
+#define VB2_KEYBLOCK_FLAG_RECOVERY_0 0x4 /* Not recovery mode */
+#define VB2_KEYBLOCK_FLAG_RECOVERY_1 0x8 /* Recovery mode */
+
+/*
+ * Keyblock, containing the public key used to sign some other chunk of data.
+ *
+ * This should be followed by:
+ * 1) The data_key key data, pointed to by data_key.key_offset.
+ * 2) The checksum data for (vb2_keyblock + data_key data), pointed to
+ * by keyblock_checksum.sig_offset.
+ * 3) The signature data for (vb2_keyblock + data_key data), pointed to
+ * by keyblock_signature.sig_offset.
+ */
+struct vb2_keyblock {
+ /* Magic number */
+ uint8_t magic[VB2_KEYBLOCK_MAGIC_SIZE];
+
+ /* Version of this header format */
+ uint32_t header_version_major;
+ uint32_t header_version_minor;
+
+ /*
+ * Length of this entire keyblock, including keys, signatures, and
+ * padding, in bytes
+ */
+ uint32_t keyblock_size;
+ uint32_t reserved0;
+
+ /*
+ * Signature for this keyblock (header + data pointed to by data_key)
+ * For use with signed data keys
+ */
+ struct vb2_signature keyblock_signature;
+
+ /*
+ * SHA-512 hash for this keyblock (header + data pointed to by
+ * data_key) For use with unsigned data keys.
+ *
+ * Only supported for kernel keyblocks, not firmware keyblocks.
+ */
+ struct vb2_signature keyblock_hash;
+
+ /* Flags for key (VB2_KEYBLOCK_FLAG_*) */
+ uint32_t keyblock_flags;
+ uint32_t reserved1;
+
+ /* Key to verify the chunk of data */
+ struct vb2_packed_key data_key;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_KEYBLOCK_SIZE 112
+
#endif /* VBOOT_REFERENCE_2STRUCT_H_ */
diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
index 688de60..f92a37d 100644
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -23,73 +23,6 @@
extern "C" {
#endif /* __cplusplus */
-/* Signature data (a secure hash, possibly signed) */
-typedef struct VbSignature {
- /* Offset of signature data from start of this struct */
- uint64_t sig_offset;
- /* Size of signature data in bytes */
- uint64_t sig_size;
- /* Size of the data block which was signed in bytes */
- uint64_t data_size;
-} __attribute__((packed)) VbSignature;
-
-#define EXPECTED_VBSIGNATURE_SIZE 24
-
-#define KEYBLOCK_MAGIC "CHROMEOS"
-#define KEYBLOCK_MAGIC_SIZE 8
-
-#define KEYBLOCK_HEADER_VERSION_MAJOR 2
-#define KEYBLOCK_HEADER_VERSION_MINOR 1
-
-/* Flags for keyblock_flags */
-/* The following flags set where the key is valid */
-#define KEYBLOCK_FLAG_DEVELOPER_0 (0x01ULL) /* Developer switch off */
-#define KEYBLOCK_FLAG_DEVELOPER_1 (0x02ULL) /* Developer switch on */
-#define KEYBLOCK_FLAG_RECOVERY_0 (0x04ULL) /* Not recovery mode */
-#define KEYBLOCK_FLAG_RECOVERY_1 (0x08ULL) /* Recovery mode */
-
-/*
- * Keyblock, containing the public key used to sign some other chunk of data.
- *
- * This should be followed by:
- * 1) The data_key key data, pointed to by data_key.key_offset.
- * 2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to
- * by keyblock_checksum.sig_offset.
- * 3) The signature data for (VBKeyBlockHeader + data_key data), pointed to
- * by keyblock_signature.sig_offset.
- */
-typedef struct VbKeyBlockHeader {
- /* Magic number */
- uint8_t magic[KEYBLOCK_MAGIC_SIZE];
- /* Version of this header format */
- uint32_t header_version_major;
- /* Version of this header format */
- uint32_t header_version_minor;
- /*
- * Length of this entire keyblock, including keys, signatures, and
- * padding, in bytes
- */
- uint64_t keyblock_size;
- /*
- * Signature for this keyblock (header + data pointed to by data_key)
- * For use with signed data keys
- */
- VbSignature keyblock_signature;
- /*
- * SHA-512 checksum for this keyblock (header + data pointed to by
- * data_key) For use with unsigned data keys
- */
- VbSignature keyblock_checksum;
- /* Flags for key (KEYBLOCK_FLAG_*) */
- uint64_t keyblock_flags;
- /* Key to verify the chunk of data */
- struct vb2_packed_key data_key;
-} __attribute__((packed)) VbKeyBlockHeader;
-
-#define EXPECTED_VBKEYBLOCKHEADER_SIZE 112
-
-/****************************************************************************/
-
#define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2
#define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 2
@@ -108,7 +41,7 @@
*/
uint64_t preamble_size;
/* Signature for this preamble (header + body signature) */
- VbSignature preamble_signature;
+ struct vb2_signature preamble_signature;
/* Version of this header format */
uint32_t header_version_major;
/* Version of this header format */
@@ -123,7 +56,7 @@
/* Size of bootloader in bytes */
uint64_t bootloader_size;
/* Signature for the kernel body */
- VbSignature body_signature;
+ struct vb2_signature body_signature;
} __attribute__((packed)) VbKernelPreambleHeader2_0;
#define EXPECTED_VBKERNELPREAMBLEHEADER2_0_SIZE 96
@@ -145,7 +78,7 @@
*/
uint64_t preamble_size;
/* Signature for this preamble (header + body signature) */
- VbSignature preamble_signature;
+ struct vb2_signature preamble_signature;
/* Version of this header format */
uint32_t header_version_major;
/* Version of this header format */
@@ -160,7 +93,7 @@
/* Size of bootloader in bytes */
uint64_t bootloader_size;
/* Signature for the kernel body */
- VbSignature body_signature;
+ struct vb2_signature body_signature;
/*
* Fields added in header version 2.1. You must verify the header
* version before reading these fields!
diff --git a/firmware/lib/include/vboot_common.h b/firmware/lib/include/vboot_common.h
index 46c135c..9067812 100644
--- a/firmware/lib/include/vboot_common.h
+++ b/firmware/lib/include/vboot_common.h
@@ -50,8 +50,8 @@
uint8_t *GetPublicKeyData(struct vb2_packed_key *key);
const uint8_t *GetPublicKeyDataC(const struct vb2_packed_key *key);
-uint8_t *GetSignatureData(VbSignature *sig);
-const uint8_t *GetSignatureDataC(const VbSignature *sig);
+uint8_t *GetSignatureData(struct vb2_signature *sig);
+const uint8_t *GetSignatureDataC(const struct vb2_signature *sig);
/*
* Helper functions to verify the data pointed to by a subfield is inside the
@@ -62,7 +62,7 @@
const struct vb2_packed_key *key);
vb2_error_t VerifySignatureInside(const void *parent, uint64_t parent_size,
- const VbSignature *sig);
+ const struct vb2_signature *sig);
/**
* Initialize a public key to refer to [key_data].
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index f68b387..f8b0a95 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -38,12 +38,12 @@
return (const uint8_t *)key + key->key_offset;
}
-uint8_t *GetSignatureData(VbSignature *sig)
+uint8_t *GetSignatureData(struct vb2_signature *sig)
{
return (uint8_t *)sig + sig->sig_offset;
}
-const uint8_t *GetSignatureDataC(const VbSignature *sig)
+const uint8_t *GetSignatureDataC(const struct vb2_signature *sig)
{
return (const uint8_t *)sig + sig->sig_offset;
}
@@ -62,10 +62,10 @@
}
vb2_error_t VerifySignatureInside(const void *parent, uint64_t parent_size,
- const VbSignature *sig)
+ const struct vb2_signature *sig)
{
return vb2_verify_member_inside(parent, parent_size,
- sig, sizeof(VbSignature),
+ sig, sizeof(struct vb2_signature),
sig->sig_offset, sig->sig_size);
}
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 1c90f47..351044b 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -166,14 +166,16 @@
/* Check the keyblock flags against boot flags. */
if (!(keyblock->keyblock_flags &
((ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) ?
- KEYBLOCK_FLAG_DEVELOPER_1 : KEYBLOCK_FLAG_DEVELOPER_0))) {
+ VB2_KEYBLOCK_FLAG_DEVELOPER_1 :
+ VB2_KEYBLOCK_FLAG_DEVELOPER_0))) {
VB2_DEBUG("Keyblock developer flag mismatch.\n");
shpart->check_result = VBSD_LKP_CHECK_DEV_MISMATCH;
keyblock_valid = 0;
}
if (!(keyblock->keyblock_flags &
((ctx->flags & VB2_CONTEXT_RECOVERY_MODE) ?
- KEYBLOCK_FLAG_RECOVERY_1 : KEYBLOCK_FLAG_RECOVERY_0))) {
+ VB2_KEYBLOCK_FLAG_RECOVERY_1 :
+ VB2_KEYBLOCK_FLAG_RECOVERY_0))) {
VB2_DEBUG("Keyblock recovery flag mismatch.\n");
shpart->check_result = VBSD_LKP_CHECK_REC_MISMATCH;
keyblock_valid = 0;
diff --git a/firmware/lib20/common.c b/firmware/lib20/common.c
index 2c6886c..f1364c7 100644
--- a/firmware/lib20/common.c
+++ b/firmware/lib20/common.c
@@ -11,20 +11,6 @@
#include "2sysincludes.h"
#include "vb2_common.h"
-uint8_t *vb2_signature_data(struct vb2_signature *sig)
-{
- return (uint8_t *)sig + sig->sig_offset;
-}
-
-vb2_error_t vb2_verify_signature_inside(const void *parent,
- uint32_t parent_size,
- const struct vb2_signature *sig)
-{
- return vb2_verify_member_inside(parent, parent_size,
- sig, sizeof(*sig),
- sig->sig_offset, sig->sig_size);
-}
-
vb2_error_t vb2_verify_digest(const struct vb2_public_key *key,
struct vb2_signature *sig, const uint8_t *digest,
const struct vb2_workbuf *wb)
@@ -98,12 +84,12 @@
return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER;
}
- if (memcmp(block->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE)) {
+ if (memcmp(block->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE)) {
VB2_DEBUG("Not a valid verified boot keyblock.\n");
return VB2_ERROR_KEYBLOCK_MAGIC;
}
- if (block->header_version_major != KEYBLOCK_HEADER_VERSION_MAJOR) {
+ if (block->header_version_major != VB2_KEYBLOCK_VERSION_MAJOR) {
VB2_DEBUG("Incompatible keyblock header version.\n");
return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
}
diff --git a/firmware/lib20/include/vb2_common.h b/firmware/lib20/include/vb2_common.h
index 911dc0a..5bac7a8 100644
--- a/firmware/lib20/include/vb2_common.h
+++ b/firmware/lib20/include/vb2_common.h
@@ -18,24 +18,6 @@
struct vb2_public_key;
-/*
- * Helper functions to get data pointed to by a public key or signature.
- */
-
-uint8_t *vb2_signature_data(struct vb2_signature *sig);
-
-/**
- * Verify a signature is fully contained in its parent data
- *
- * @param parent Parent data
- * @param parent_size Parent size in bytes
- * @param sig Signature pointer
- * @return VB2_SUCCESS, or non-zero if error.
- */
-vb2_error_t vb2_verify_signature_inside(const void *parent,
- uint32_t parent_size,
- const struct vb2_signature *sig);
-
/**
* Unpack a vboot1-format key buffer for use in verification
*
diff --git a/firmware/lib20/include/vb2_struct.h b/firmware/lib20/include/vb2_struct.h
index d6279e1..75330c1 100644
--- a/firmware/lib20/include/vb2_struct.h
+++ b/firmware/lib20/include/vb2_struct.h
@@ -27,81 +27,6 @@
#define VB2_MAX_KEY_VERSION 0xffff
#define VB2_MAX_PREAMBLE_VERSION 0xffff
-
-/* Signature data (a secure hash, possibly signed) */
-struct vb2_signature {
- /* Offset of signature data from start of this struct */
- uint32_t sig_offset;
- uint32_t reserved0;
-
- /* Size of signature data in bytes */
- uint32_t sig_size;
- uint32_t reserved1;
-
- /* Size of the data block which was signed in bytes */
- uint32_t data_size;
- uint32_t reserved2;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_SIGNATURE_SIZE 24
-
-
-#define KEYBLOCK_MAGIC "CHROMEOS"
-#define KEYBLOCK_MAGIC_SIZE 8
-
-#define KEYBLOCK_HEADER_VERSION_MAJOR 2
-#define KEYBLOCK_HEADER_VERSION_MINOR 1
-
-/*
- * Keyblock, containing the public key used to sign some other chunk of data.
- *
- * This should be followed by:
- * 1) The data_key key data, pointed to by data_key.key_offset.
- * 2) The checksum data for (vb2_keyblock + data_key data), pointed to
- * by keyblock_checksum.sig_offset.
- * 3) The signature data for (vb2_keyblock + data_key data), pointed to
- * by keyblock_signature.sig_offset.
- */
-struct vb2_keyblock {
- /* Magic number */
- uint8_t magic[KEYBLOCK_MAGIC_SIZE];
-
- /* Version of this header format */
- uint32_t header_version_major;
- uint32_t header_version_minor;
-
- /*
- * Length of this entire keyblock, including keys, signatures, and
- * padding, in bytes
- */
- uint32_t keyblock_size;
- uint32_t reserved0;
-
- /*
- * Signature for this keyblock (header + data pointed to by data_key)
- * For use with signed data keys
- */
- struct vb2_signature keyblock_signature;
-
- /*
- * SHA-512 hash for this keyblock (header + data pointed to by
- * data_key) For use with unsigned data keys.
- *
- * Only supported for kernel keyblocks, not firmware keyblocks.
- */
- struct vb2_signature keyblock_hash;
-
- /* Flags for key (VB2_KEYBLOCK_FLAG_*) */
- uint32_t keyblock_flags;
- uint32_t reserved1;
-
- /* Key to verify the chunk of data */
- struct vb2_packed_key data_key;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_KEYBLOCK_SIZE 112
-
-
/* Firmware preamble header */
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
diff --git a/futility/cmd_vbutil_keyblock.c b/futility/cmd_vbutil_keyblock.c
index b81da87..8e4b22d 100644
--- a/futility/cmd_vbutil_keyblock.c
+++ b/futility/cmd_vbutil_keyblock.c
@@ -215,13 +215,13 @@
printf("Keyblock file: %s\n", infile);
printf("Signature %s\n", sign_key ? "valid" : "ignored");
printf("Flags: %u ", block->keyblock_flags);
- if (block->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_0)
+ if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_0)
printf(" !DEV");
- if (block->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_1)
+ if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_1)
printf(" DEV");
- if (block->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_0)
+ if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_0)
printf(" !REC");
- if (block->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_1)
+ if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_1)
printf(" REC");
printf("\n");
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index a106b5b..01c63eb 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -538,13 +538,13 @@
signpub_key ? "valid" : "ignored");
printf(" Size: %#x\n", g_keyblock->keyblock_size);
printf(" Flags: %u ", g_keyblock->keyblock_flags);
- if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_0)
+ if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_0)
printf(" !DEV");
- if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_1)
+ if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_1)
printf(" DEV");
- if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_0)
+ if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_0)
printf(" !REC");
- if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_1)
+ if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_1)
printf(" REC");
printf("\n");
printf(" Data key algorithm: %u %s\n", data_key->algorithm,
diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c
index 53a382e..42b3a71 100644
--- a/host/lib/host_keyblock.c
+++ b/host/lib/host_keyblock.c
@@ -40,9 +40,9 @@
uint8_t *block_chk_dest = data_key_dest + data_key->key_size;
uint8_t *block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE;
- memcpy(h->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE);
- h->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR;
- h->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR;
+ memcpy(h->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE);
+ h->header_version_major = VB2_KEYBLOCK_VERSION_MAJOR;
+ h->header_version_minor = VB2_KEYBLOCK_VERSION_MINOR;
h->keyblock_size = block_size;
h->keyblock_flags = flags;
@@ -108,9 +108,9 @@
uint8_t *block_chk_dest = data_key_dest + data_key->key_size;
uint8_t *block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE;
- memcpy(h->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE);
- h->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR;
- h->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR;
+ memcpy(h->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE);
+ h->header_version_major = VB2_KEYBLOCK_VERSION_MAJOR;
+ h->header_version_minor = VB2_KEYBLOCK_VERSION_MINOR;
h->keyblock_size = block_size;
h->keyblock_flags = flags;
diff --git a/tests/vb20_common_tests.c b/tests/vb20_common_tests.c
index 7d9ffe8..17ffe67 100644
--- a/tests/vb20_common_tests.c
+++ b/tests/vb20_common_tests.c
@@ -8,7 +8,6 @@
#include "2sysincludes.h"
#include "test_common.h"
#include "vb2_common.h"
-#include "vboot_struct.h" /* For old struct sizes */
/*
* Test struct packing for vboot_struct.h structs which are passed between
@@ -17,68 +16,14 @@
static void test_struct_packing(void)
{
/* Test vboot2 versions of vboot1 structs */
- TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
- sizeof(struct vb2_signature),
- "sizeof(vb2_signature)");
- TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
- sizeof(struct vb2_keyblock),
- "sizeof(vb2_keyblock)");
TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE,
sizeof(struct vb2_fw_preamble),
"sizeof(vb2_fw_preamble)");
-
- /* And make sure they're the same as their vboot1 equivalents */
- TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
- EXPECTED_VBSIGNATURE_SIZE,
- "vboot1->2 signature sizes same");
- TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
- EXPECTED_VBKEYBLOCKHEADER_SIZE,
- "vboot1->2 keyblock sizes same");
-}
-
-/**
- * Helper functions not dependent on specific key sizes
- */
-static void test_helper_functions(void)
-{
- {
- struct vb2_signature s = {.sig_offset = sizeof(s)};
- TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)),
- sizeof(s), "vb2_signature_data() adjacent");
- }
-
- {
- struct vb2_signature s = {.sig_offset = 123};
- TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)), 123,
- "vb2_signature_data() spaced");
- }
-
- {
- struct vb2_signature s = {.sig_offset = sizeof(s),
- .sig_size = 128};
- TEST_SUCC(vb2_verify_signature_inside(&s, sizeof(s)+128, &s),
- "SignatureInside ok 1");
- TEST_SUCC(vb2_verify_signature_inside(&s - 1,
- 2*sizeof(s)+128, &s),
- "SignatureInside ok 2");
- TEST_EQ(vb2_verify_signature_inside(&s, 128, &s),
- VB2_ERROR_INSIDE_DATA_OUTSIDE,
- "SignatureInside sig too big");
- }
-
- {
- struct vb2_signature s = {.sig_offset = 100,
- .sig_size = 4};
- TEST_EQ(vb2_verify_signature_inside(&s, 99, &s),
- VB2_ERROR_INSIDE_DATA_OUTSIDE,
- "SignatureInside offset too big");
- }
}
int main(int argc, char* argv[])
{
test_struct_packing();
- test_helper_functions();
return gTestSuccess ? 0 : 255;
}
diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c
index 90f7e5f..3a80552 100644
--- a/tests/vb20_kernel_tests.c
+++ b/tests/vb20_kernel_tests.c
@@ -109,13 +109,13 @@
mock_gbb.recovery_key.key_size = sizeof(mock_gbb.recovery_key_data);
kb->keyblock_size = sizeof(mock_vblock.k);
- memcpy(kb->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE);
+ memcpy(kb->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE);
kb->keyblock_flags = VB2_KEYBLOCK_FLAG_DEVELOPER_1 |
VB2_KEYBLOCK_FLAG_DEVELOPER_0 |
VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_RECOVERY_0;
- kb->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR;
- kb->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR;
+ kb->header_version_major = VB2_KEYBLOCK_VERSION_MAJOR;
+ kb->header_version_minor = VB2_KEYBLOCK_VERSION_MINOR;
kb->data_key.algorithm = 7;
kb->data_key.key_version = 2;
kb->data_key.key_offset =
diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c
index 2661cce..61ce133 100644
--- a/tests/vb2_common_tests.c
+++ b/tests/vb2_common_tests.c
@@ -86,6 +86,12 @@
TEST_EQ(EXPECTED_VB2_GBB_HEADER_SIZE,
sizeof(struct vb2_gbb_header),
"sizeof(vb2_gbb_header)");
+ TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
+ sizeof(struct vb2_signature),
+ "sizeof(vb2_signature)");
+ TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
+ sizeof(struct vb2_keyblock),
+ "sizeof(vb2_keyblock)");
}
/**
@@ -204,6 +210,17 @@
TEST_EQ((int)vb2_offset_of(&k, vb2_packed_key_data(&k)), 123,
"vb2_packed_key_data() spaced");
}
+ {
+ struct vb2_signature s = {.sig_offset = sizeof(s)};
+ TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)),
+ sizeof(s), "vb2_signature_data() adjacent");
+ }
+
+ {
+ struct vb2_signature s = {.sig_offset = 123};
+ TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)), 123,
+ "vb2_signature_data() spaced");
+ }
{
uint8_t *p = (uint8_t *)test_helper_functions;
@@ -272,6 +289,27 @@
VB2_ERROR_INSIDE_DATA_OUTSIDE,
"vb2_packed_key_inside() offset too big");
}
+
+ {
+ struct vb2_signature s = {.sig_offset = sizeof(s),
+ .sig_size = 128};
+ TEST_SUCC(vb2_verify_signature_inside(&s, sizeof(s)+128, &s),
+ "vb2_verify_signature_inside() ok 1");
+ TEST_SUCC(vb2_verify_signature_inside(&s - 1,
+ 2*sizeof(s)+128, &s),
+ "vb2_verify_signature_inside() ok 2");
+ TEST_EQ(vb2_verify_signature_inside(&s, 128, &s),
+ VB2_ERROR_INSIDE_DATA_OUTSIDE,
+ "vb2_verify_signature_inside() sig too big");
+ }
+
+ {
+ struct vb2_signature s = {.sig_offset = 100,
+ .sig_size = 4};
+ TEST_EQ(vb2_verify_signature_inside(&s, 99, &s),
+ VB2_ERROR_INSIDE_DATA_OUTSIDE,
+ "vb2_verify_signature_inside() offset too big");
+ }
}
/* Helper for test_assert_die() below */
diff --git a/tests/vboot_common_tests.c b/tests/vboot_common_tests.c
index 6a09d92..1869556 100644
--- a/tests/vboot_common_tests.c
+++ b/tests/vboot_common_tests.c
@@ -21,10 +21,6 @@
*/
static void StructPackingTest(void)
{
- TEST_EQ(EXPECTED_VBSIGNATURE_SIZE, sizeof(VbSignature),
- "sizeof(VbSignature)");
- TEST_EQ(EXPECTED_VBKEYBLOCKHEADER_SIZE, sizeof(VbKeyBlockHeader),
- "sizeof(VbKeyBlockHeader)");
TEST_EQ(EXPECTED_VBKERNELPREAMBLEHEADER2_2_SIZE,
sizeof(VbKernelPreambleHeader),
"sizeof(VbKernelPreambleHeader)");
@@ -38,26 +34,6 @@
"sizeof(VbSharedDataHeader) V2");
}
-/* Helper functions not dependent on specific key sizes */
-static void VerifyHelperFunctions(void)
-{
- {
- VbSignature s = {sizeof(s), 128, 2000};
- TEST_EQ(VerifySignatureInside(&s, sizeof(s)+128, &s), 0,
- "SignatureInside ok 1");
- TEST_EQ(VerifySignatureInside(&s - 1, 2*sizeof(s)+128, &s), 0,
- "SignatureInside ok 2");
- TEST_NEQ(VerifySignatureInside(&s, 128, &s), 0,
- "SignatureInside sig too big");
- }
-
- {
- VbSignature s = {100, 4, 0};
- TEST_NEQ(VerifySignatureInside(&s, 99, &s), 0,
- "SignatureInside offset too big");
- }
-}
-
/* Public key utility functions */
static void PublicKeyTest(void)
{
@@ -152,7 +128,6 @@
int main(int argc, char* argv[])
{
StructPackingTest();
- VerifyHelperFunctions();
PublicKeyTest();
VbSharedDataTest();
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index 33705f2..531a118 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -61,7 +61,7 @@
static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE];
static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data;
static LoadKernelParams lkp;
-static VbKeyBlockHeader kbh;
+static struct vb2_keyblock kbh;
static VbKernelPreambleHeader kph;
static struct RollbackSpaceFwmp fwmp;
static uint8_t mock_disk[MOCK_SECTOR_SIZE * MOCK_SECTOR_COUNT];
@@ -683,27 +683,27 @@
/* Check keyblock flag mismatches */
ResetMocks();
kbh.keyblock_flags =
- KEYBLOCK_FLAG_RECOVERY_0 | KEYBLOCK_FLAG_DEVELOPER_1;
+ VB2_KEYBLOCK_FLAG_RECOVERY_0 | VB2_KEYBLOCK_FLAG_DEVELOPER_1;
TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
"Keyblock dev flag mismatch");
ResetMocks();
kbh.keyblock_flags =
- KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_0;
+ VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
"Keyblock rec flag mismatch");
ResetMocks();
ctx.flags |= VB2_CONTEXT_RECOVERY_MODE;
kbh.keyblock_flags =
- KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_1;
+ VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_1;
TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
"Keyblock recdev flag mismatch");
ResetMocks();
ctx.flags |= VB2_CONTEXT_RECOVERY_MODE | VB2_CONTEXT_DEVELOPER_MODE;
kbh.keyblock_flags =
- KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_0;
+ VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
"Keyblock rec!dev flag mismatch");