vboot: Remove vboot1 host signature functions
These have been superseded by their vboot2 equivalents. No firmware
changes; host-only.
BUG=chromium:611535
BRANCH=none
TEST=make runtests
Change-Id: I36b5d3357767f32489efb7e480049620dcc0fce4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/363970
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c
index e449772..21fa099 100644
--- a/host/lib/host_keyblock.c
+++ b/host/lib/host_keyblock.c
@@ -131,10 +131,10 @@
free(chk);
/* Calculate signature */
-struct vb2_signature *sigtmp = (struct vb2_signature *)
- CalculateSignature_external((uint8_t*)h, signed_size,
- signing_key_pem_file, algorithm,
- external_signer);
+ struct vb2_signature *sigtmp =
+ vb2_external_signature((uint8_t*)h, signed_size,
+ signing_key_pem_file, algorithm,
+ external_signer);
free(sigtmp);
/* Return the header */
diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c
index db810f3..22e52c9 100644
--- a/host/lib/host_signature.c
+++ b/host/lib/host_signature.c
@@ -18,179 +18,160 @@
#include "2sysincludes.h"
#include "2common.h"
+#include "2rsa.h"
#include "2sha.h"
-#include "cryptolib.h"
-#include "file_keys.h"
#include "host_common.h"
-#include "vboot_common.h"
+#include "host_signature2.h"
+#include "vb2_common.h"
-
-VbSignature* SignatureAlloc(uint64_t sig_size, uint64_t data_size) {
- VbSignature* sig = (VbSignature*)malloc(sizeof(VbSignature) + sig_size);
- if (!sig)
- return NULL;
-
- sig->sig_offset = sizeof(VbSignature);
- sig->sig_size = sig_size;
- sig->data_size = data_size;
- return sig;
-}
-
-
-void SignatureInit(VbSignature* sig, uint8_t* sig_data,
- uint64_t sig_size, uint64_t data_size) {
- sig->sig_offset = OffsetOf(sig, sig_data);
- sig->sig_size = sig_size;
- sig->data_size = data_size;
-}
-
-
-int SignatureCopy(VbSignature* dest, const VbSignature* src) {
- if (dest->sig_size < src->sig_size)
- return 1;
- dest->sig_size = src->sig_size;
- dest->data_size = src->data_size;
- Memcpy(GetSignatureData(dest), GetSignatureDataC(src), src->sig_size);
- return 0;
-}
-
-/* Invoke [external_signer] command with [pem_file] as
- * an argument, contents of [inbuf] passed redirected to stdin,
- * and the stdout of the command is put back into [outbuf].
- * Returns -1 on error, 0 on success.
+/* Invoke [external_signer] command with [pem_file] as an argument, contents of
+ * [inbuf] passed redirected to stdin, and the stdout of the command is put
+ * back into [outbuf]. Returns -1 on error, 0 on success.
*/
-int InvokeExternalSigner(uint64_t size,
- const uint8_t* inbuf,
- uint8_t* outbuf,
- uint64_t outbufsize,
- const char* pem_file,
- const char* external_signer) {
+static int sign_external(uint32_t size,
+ const uint8_t *inbuf,
+ uint8_t *outbuf,
+ uint32_t outbufsize,
+ const char *pem_file,
+ const char *external_signer)
+{
+ int rv = 0, n;
+ int p_to_c[2], c_to_p[2]; /* pipe descriptors */
+ pid_t pid;
- int rv = 0, n;
- int p_to_c[2], c_to_p[2]; /* pipe descriptors */
- pid_t pid;
+ VB2_DEBUG("Will invoke \"%s %s\" to perform signing.\n"
+ "Input to the signer will be provided on standard in.\n"
+ "Output of the signer will be read from standard out.\n",
+ external_signer, pem_file);
- VBDEBUG(("Will invoke \"%s %s\" to perform signing.\n"
- "Input to the signer will be provided on standard in.\n"
- "Output of the signer will be read from standard out.\n",
- external_signer, pem_file));
+ /* Need two pipes since we want to invoke the external_signer as
+ * a co-process writing to its stdin and reading from its stdout. */
+ if (pipe(p_to_c) < 0 || pipe(c_to_p) < 0) {
+ VB2_DEBUG("pipe() error\n");
+ return -1;
+ }
+ if ((pid = fork()) < 0) {
+ VB2_DEBUG("fork() error\n");
+ return -1;
+ } else if (pid > 0) { /* Parent. */
+ close(p_to_c[STDIN_FILENO]);
+ close(c_to_p[STDOUT_FILENO]);
- /* Need two pipes since we want to invoke the external_signer as
- * a co-process writing to its stdin and reading from its stdout. */
- if (pipe(p_to_c) < 0 || pipe(c_to_p) < 0) {
- VBDEBUG(("pipe() error\n"));
- return -1;
- }
- if ((pid = fork()) < 0) {
- VBDEBUG(("fork() error"));
- return -1;
- }
- else if (pid > 0) { /* Parent. */
- close(p_to_c[STDIN_FILENO]);
- close(c_to_p[STDOUT_FILENO]);
+ /* We provide input to the child process (external signer). */
+ if (write(p_to_c[STDOUT_FILENO], inbuf, size) != size) {
+ VB2_DEBUG("write() error\n");
+ rv = -1;
+ } else {
+ /* Send EOF to child (signer process). */
+ close(p_to_c[STDOUT_FILENO]);
- /* We provide input to the child process (external signer). */
- if (write(p_to_c[STDOUT_FILENO], inbuf, size) != size) {
- VBDEBUG(("write() error while providing input to external signer\n"));
- rv = -1;
- } else {
- close(p_to_c[STDOUT_FILENO]); /* Send EOF to child (signer process). */
- do {
- n = read(c_to_p[STDIN_FILENO], outbuf, outbufsize);
- outbuf += n;
- outbufsize -= n;
- } while (n > 0 && outbufsize);
+ do {
+ n = read(c_to_p[STDIN_FILENO], outbuf,
+ outbufsize);
+ outbuf += n;
+ outbufsize -= n;
+ } while (n > 0 && outbufsize);
- if (n < 0) {
- VBDEBUG(("read() error while reading output from external signer\n"));
- rv = -1;
- }
- }
- if (waitpid(pid, NULL, 0) < 0) {
- VBDEBUG(("waitpid() error\n"));
- rv = -1;
- }
- } else { /* Child. */
- close (p_to_c[STDOUT_FILENO]);
- close (c_to_p[STDIN_FILENO]);
- /* Map the stdin to the first pipe (this pipe gets input
- * from the parent) */
- if (STDIN_FILENO != p_to_c[STDIN_FILENO]) {
- if (dup2(p_to_c[STDIN_FILENO], STDIN_FILENO) != STDIN_FILENO) {
- VBDEBUG(("stdin dup2() failed (external signer)\n"));
- close(p_to_c[0]);
- return -1;
- }
- }
- /* Map the stdout to the second pipe (this pipe sends back
- * signer output to the parent) */
- if (STDOUT_FILENO != c_to_p[STDOUT_FILENO]) {
- if (dup2(c_to_p[STDOUT_FILENO], STDOUT_FILENO) != STDOUT_FILENO) {
- VBDEBUG(("stdout dup2() failed (external signer)\n"));
- close(c_to_p[STDOUT_FILENO]);
- return -1;
- }
- }
- /* External signer is invoked here. */
- if (execl(external_signer, external_signer, pem_file, (char *) 0) < 0) {
- VBDEBUG(("execl() of external signer failed\n"));
- }
- }
- return rv;
+ if (n < 0) {
+ VB2_DEBUG("read() error\n");
+ rv = -1;
+ }
+ }
+ if (waitpid(pid, NULL, 0) < 0) {
+ VB2_DEBUG("waitpid() error\n");
+ rv = -1;
+ }
+ } else { /* Child. */
+ close (p_to_c[STDOUT_FILENO]);
+ close (c_to_p[STDIN_FILENO]);
+ /* Map the stdin to the first pipe (this pipe gets input
+ * from the parent) */
+ if (STDIN_FILENO != p_to_c[STDIN_FILENO]) {
+ if (dup2(p_to_c[STDIN_FILENO], STDIN_FILENO) !=
+ STDIN_FILENO) {
+ VB2_DEBUG("stdin dup2() failed\n");
+ close(p_to_c[0]);
+ return -1;
+ }
+ }
+ /* Map the stdout to the second pipe (this pipe sends back
+ * signer output to the parent) */
+ if (STDOUT_FILENO != c_to_p[STDOUT_FILENO]) {
+ if (dup2(c_to_p[STDOUT_FILENO], STDOUT_FILENO) !=
+ STDOUT_FILENO) {
+ VB2_DEBUG("stdout dup2() failed\n");
+ close(c_to_p[STDOUT_FILENO]);
+ return -1;
+ }
+ }
+ /* External signer is invoked here. */
+ if (execl(external_signer, external_signer, pem_file,
+ (char *) 0) < 0) {
+ VB2_DEBUG("execl() of external signer failed\n");
+ }
+ }
+ return rv;
}
-VbSignature* CalculateSignature_external(const uint8_t* data, uint64_t size,
- const char* key_file,
- uint64_t key_algorithm,
- const char* external_signer) {
- int vb2_alg = vb2_crypto_to_hash(key_algorithm);
- uint8_t digest[VB2_MAX_DIGEST_SIZE];
- int digest_size = vb2_digest_size(vb2_alg);
+struct vb2_signature *vb2_external_signature(const uint8_t *data,
+ uint32_t size,
+ const char *key_file,
+ uint32_t key_algorithm,
+ const char *external_signer)
+{
+ int vb2_alg = vb2_crypto_to_hash(key_algorithm);
+ uint8_t digest[VB2_MAX_DIGEST_SIZE];
+ int digest_size = vb2_digest_size(vb2_alg);
- const uint8_t* digestinfo = hash_digestinfo_map[key_algorithm];
- uint64_t digestinfo_size = digestinfo_size_map[key_algorithm];
+ uint32_t digest_info_size = 0;
+ const uint8_t *digest_info = NULL;
+ if (VB2_SUCCESS != vb2_digest_info(vb2_alg,
+ &digest_info, &digest_info_size))
+ return NULL;
- uint8_t* signature_digest;
- uint64_t signature_digest_len = digest_size + digestinfo_size;
- VbSignature* sig;
- int rv;
+ uint8_t *signature_digest;
+ uint64_t signature_digest_len = digest_size + digest_info_size;
- /* Calculate the digest */
- if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg,
- digest, sizeof(digest)))
- return NULL;
+ int rv;
- /* Prepend the digest info to the digest */
- signature_digest = malloc(signature_digest_len);
- if (!signature_digest)
- return NULL;
+ /* Calculate the digest */
+ if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg,
+ digest, sizeof(digest)))
+ return NULL;
- Memcpy(signature_digest, digestinfo, digestinfo_size);
- Memcpy(signature_digest + digestinfo_size, digest, digest_size);
+ /* Prepend the digest info to the digest */
+ signature_digest = calloc(signature_digest_len, 1);
+ if (!signature_digest)
+ return NULL;
- /* Allocate output signature */
- sig = SignatureAlloc(siglen_map[key_algorithm], size);
- if (!sig) {
- free(signature_digest);
- return NULL;
- }
+ memcpy(signature_digest, digest_info, digest_info_size);
+ memcpy(signature_digest + digest_info_size, digest, digest_size);
- /* Sign the signature_digest into our output buffer */
- rv = InvokeExternalSigner(signature_digest_len, /* Input length */
- signature_digest, /* Input data */
- GetSignatureData(sig), /* Output sig */
- siglen_map[key_algorithm], /* Max Output sig size */
- key_file, /* Key file to use */
- external_signer); /* External cmd to invoke */
- free(signature_digest);
+ /* Allocate output signature */
+ uint32_t sig_size =
+ vb2_rsa_sig_size(vb2_crypto_to_signature(key_algorithm));
+ struct vb2_signature *sig = vb2_alloc_signature(sig_size, size);
+ if (!sig) {
+ free(signature_digest);
+ return NULL;
+ }
- if (-1 == rv) {
- VBDEBUG(("SignatureBuf(): RSA_private_encrypt() failed.\n"));
- free(sig);
- return NULL;
- }
+ /* Sign the signature_digest into our output buffer */
+ rv = sign_external(signature_digest_len, /* Input length */
+ signature_digest, /* Input data */
+ vb2_signature_data(sig), /* Output sig */
+ sig_size, /* Max Output sig size */
+ key_file, /* Key file to use */
+ external_signer); /* External cmd to invoke */
+ free(signature_digest);
- /* Return the signature */
- return sig;
+ if (-1 == rv) {
+ VB2_DEBUG("RSA_private_encrypt() failed.\n");
+ free(sig);
+ return NULL;
+ }
+
+ /* Return the signature */
+ return sig;
}
diff --git a/host/lib/include/host_signature.h b/host/lib/include/host_signature.h
index df907d2..4fb94d6 100644
--- a/host/lib/include/host_signature.h
+++ b/host/lib/include/host_signature.h
@@ -24,8 +24,6 @@
* @param sig_size Size of signature data buffer in bytes
* @param data_size Amount of data signed in bytes
*/
-void SignatureInit(VbSignature* sig, uint8_t* sig_data,
- uint64_t sig_size, uint64_t data_size);
void vb2_init_signature(struct vb2_signature *sig, uint8_t *sig_data,
uint32_t sig_size, uint32_t data_size);
@@ -38,7 +36,6 @@
*
* @return The signature or NULL if error. Caller must free() it.
*/
-VbSignature* SignatureAlloc(uint64_t sig_size, uint64_t data_size);
struct vb2_signature *vb2_alloc_signature(uint32_t sig_size,
uint32_t data_size);
@@ -49,7 +46,6 @@
* @param src Source signature
*
* @return VB2_SUCCESS, or non-zero if error. */
-int SignatureCopy(VbSignature* dest, const VbSignature* src);
int vb2_copy_signature(struct vb2_signature *dest,
const struct vb2_signature *src);
@@ -76,14 +72,21 @@
const uint8_t *data, uint32_t size,
const struct vb2_private_key *key);
-/* Calculates a signature for the data using the specified key and
- * an external program.
- * Caller owns the returned pointer, and must free it with Free().
+/**
+ * Calculate a signature for the data using an external signer.
*
- * Returns NULL on error. */
-VbSignature* CalculateSignature_external(const uint8_t* data, uint64_t size,
- const char* key_file,
- uint64_t key_algorithm,
- const char* external_signer);
+ * @param data Pointer to data to sign
+ * @param size Length of data in bytes
+ * @param key_file Name of file containing private key
+ * @param key_algorithm Key algorithm
+ * @param external_signer Path to external signer program
+ *
+ * @return The signature, or NULL if error. Caller must free() it.
+ */
+struct vb2_signature *vb2_external_signature(const uint8_t *data,
+ uint32_t size,
+ const char *key_file,
+ uint32_t key_algorithm,
+ const char *external_signer);
#endif /* VBOOT_REFERENCE_HOST_SIGNATURE_H_ */
diff --git a/host/linktest/main.c b/host/linktest/main.c
index b5dc173..8db150b 100644
--- a/host/linktest/main.c
+++ b/host/linktest/main.c
@@ -19,11 +19,6 @@
ReadFile(0, 0);
WriteFile(0, 0, 0);
- /* host_signature.h */
- SignatureInit(0, 0, 0, 0);
- SignatureAlloc(0, 0);
- SignatureCopy(0, 0);
-
/* file_keys.h */
BufferFromFile(0, 0);
RSAPublicKeyFromFile(0);
diff --git a/tests/vboot_common2_tests.c b/tests/vboot_common2_tests.c
index a867f72..981b428 100644
--- a/tests/vboot_common2_tests.c
+++ b/tests/vboot_common2_tests.c
@@ -120,7 +120,7 @@
struct vb2_signature *sig = vb2_calculate_signature(
(const uint8_t *)h, h->preamble_signature.data_size, key);
- SignatureCopy(&h->preamble_signature, (VbSignature *)sig);
+ vb2_copy_signature((struct vb2_signature *)&h->preamble_signature, sig);
free(sig);
}