vboot2: Add vb2_unpack_key2() and unit tests

This unpacks new-style packed keys.

For now, it can also handle old-style packed keys by passing them to
the old unpacking function.  Once we've switched over to new-style
keys in the signing scripts, we'll remove the old format to save code
size.

Also added is a test library which converts from old to new struct
formats.  That should eventually get absorbed into futility, and the
test keys directory should have both old and new format packed keys in
it.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: I0fe31f124781d1ea1efedab65dcd6130bfca18dd
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/225490
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

6 files changed, 133 insertions, 3 deletions

diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 3986e1ff..c36372bf 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -127,7 +127,7 @@ int vb2_init_context(struct vb2_context *ctx)
 	 */
 	if (ctx->workbuf_size < sizeof(*sd))
 		return VB2_ERROR_INITCTX_WORKBUF_SMALL;
-	if (!vb_aligned(ctx->workbuf, VB2_WORKBUF_ALIGN))
+	if (!vb2_aligned(ctx->workbuf, VB2_WORKBUF_ALIGN))
 		return VB2_ERROR_INITCTX_WORKBUF_ALIGN;
 
 	/* Initialize the shared data at the start of the work buffer */
diff --git a/firmware/2lib/2packed_key.c b/firmware/2lib/2packed_key.c
index fe6bab53..098296e4 100644
--- a/firmware/2lib/2packed_key.c
+++ b/firmware/2lib/2packed_key.c
@@ -59,7 +59,7 @@ int vb2_unpack_key(struct vb2_public_key *key,
 
 	/* Make sure source buffer is 32-bit aligned */
 	buf32 = (const uint32_t *)vb2_packed_key_data(packed_key);
-	if (!vb_aligned(buf32, sizeof(uint32_t)))
+	if (!vb2_aligned(buf32, sizeof(uint32_t)))
 		return VB2_ERROR_UNPACK_KEY_ALIGN;
 
 	/* Sanity check key array size */
diff --git a/firmware/2lib/2packed_key2.c b/firmware/2lib/2packed_key2.c
new file mode 100644
index 00000000..306206ee
--- /dev/null
+++ b/firmware/2lib/2packed_key2.c
@@ -0,0 +1,109 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Key unpacking functions
+ */
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2rsa.h"
+
+const uint8_t *vb2_packed_key2_data(const struct vb2_packed_key2 *key)
+{
+	return (const uint8_t *)key + key->key_offset;
+}
+
+int vb2_verify_packed_key2_inside(const void *parent,
+				  uint32_t parent_size,
+				  const struct vb2_packed_key2 *key)
+{
+	int rv;
+
+	rv = vb2_verify_member_inside(parent, parent_size,
+				      key, sizeof(*key),
+				      key->key_offset, key->key_size);
+	if (rv)
+		return rv;
+
+	return vb2_verify_common_header(parent, parent_size, &key->c);
+}
+
+int vb2_unpack_key2(struct vb2_public_key *key,
+		    const uint8_t *buf,
+		    uint32_t size)
+{
+	const struct vb2_packed_key2 *pkey =
+		(const struct vb2_packed_key2 *)buf;
+	const uint32_t *buf32;
+	uint32_t expected_key_size;
+	uint32_t sig_size;
+	int rv;
+
+	/*
+	 * Check magic number.
+	 *
+	 * If it doesn't match, pass through to the old packed key format.
+	 *
+	 * TODO: remove passthru when signing scripts have switched over to
+	 * use the new format.
+	 */
+	if (pkey->c.magic != VB2_MAGIC_PACKED_KEY2)
+		return vb2_unpack_key(key, buf, size);
+
+	/* Make sure passed buffer is big enough for the packed key */
+	rv = vb2_verify_packed_key2_inside(buf, size, pkey);
+	if (rv)
+		return rv;
+
+	/*
+	 * Check for compatible version.  No need to check minor version, since
+	 * that's compatible across readers matching the major version, and we
+	 * haven't added any new fields.
+	 */
+	if (pkey->c.struct_version_major != VB2_PACKED_KEY2_VERSION_MAJOR)
+		return VB2_ERROR_UNPACK_KEY_STRUCT_VERSION;
+
+	/* Copy key algorithms */
+	key->sig_alg = pkey->sig_algorithm;
+	sig_size = vb2_rsa_sig_size(key->sig_alg);
+	if (!sig_size)
+		return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM;
+
+	key->hash_alg = pkey->hash_algorithm;
+	if (!vb2_digest_size(key->hash_alg))
+		return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM;
+
+	expected_key_size = vb2_packed_key_size(key->sig_alg);
+	if (!expected_key_size || expected_key_size != pkey->key_size) {
+		VB2_DEBUG("Wrong key size for algorithm\n");
+		return VB2_ERROR_UNPACK_KEY_SIZE;
+	}
+
+	/* Make sure source buffer is 32-bit aligned */
+	buf32 = (const uint32_t *)vb2_packed_key2_data(pkey);
+	if (!vb2_aligned(buf32, sizeof(uint32_t)))
+		return VB2_ERROR_UNPACK_KEY_ALIGN;
+
+	/* Sanity check key array size */
+	key->arrsize = buf32[0];
+	if (key->arrsize * sizeof(uint32_t) != sig_size)
+		return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE;
+
+	key->n0inv = buf32[1];
+
+	/* Arrays point inside the key data */
+	key->n = buf32 + 2;
+	key->rr = buf32 + 2 + key->arrsize;
+
+	/* Key description */
+	if (pkey->c.desc_size)
+		key->desc = (const char *)&(pkey->c) + pkey->c.desc_offset;
+	else
+		key->desc = "";
+
+	key->version = pkey->key_version;
+	key->guid = &pkey->key_guid;
+
+	return VB2_SUCCESS;
+}
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 8a00dd71..5ab145cf 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -103,7 +103,7 @@ void *vb2_workbuf_realloc(struct vb2_workbuf *wb,
 void vb2_workbuf_free(struct vb2_workbuf *wb, uint32_t size);
 
 /* Check if a pointer is aligned on an align-byte boundary */
-#define vb_aligned(ptr, align) (!(((uintptr_t)(ptr)) & ((align) - 1)))
+#define vb2_aligned(ptr, align) (!(((uintptr_t)(ptr)) & ((align) - 1)))
 
 /**
  * Safer memcmp() for use in crypto.
@@ -233,6 +233,21 @@ int vb2_unpack_key(struct vb2_public_key *key,
 		   const uint8_t *buf,
 		   uint32_t size);
 
+/**
+ * Unpack a key for use in verification
+ *
+ * The elements of the unpacked key will point into the source buffer, so don't
+ * free the source buffer until you're done with the key.
+ *
+ * @param key		Destintion for unpacked key
+ * @param buf		Source buffer containing packed key
+ * @param size		Size of buffer in bytes
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+int vb2_unpack_key2(struct vb2_public_key *key,
+		    const uint8_t *buf,
+		    uint32_t size);
+
 /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
 #define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
 
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 333c29c1..e75f4222 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -176,6 +176,9 @@ enum vb2_return_code {
 	/* Member data overlaps member header */
 	VB2_ERROR_INSIDE_DATA_OVERLAP,
 
+	/* Unsupported packed key struct version */
+	VB2_ERROR_UNPACK_KEY_STRUCT_VERSION,
+
         /**********************************************************************
 	 * Keyblock verification errors (all in vb2_verify_keyblock())
 	 */
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 8e21cd4d..3d591a5a 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -19,6 +19,9 @@ struct vb2_public_key {
 	const uint32_t *rr;  /* R^2 as little endian array */
 	enum vb2_signature_algorithm sig_alg;  /* Signature algorithm */
 	enum vb2_hash_algorithm hash_alg;      /* Hash algorithm */
+	const char *desc;            /* Description */
+	uint32_t version;            /* Key version */
+	const struct vb2_guid *guid; /* Key GUID */
 };
 
 /**