Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(773)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: firmware/lib/cryptolib/rsa_utility.c

Issue 3136017: Add additional sanity checks to RSA verification code. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « firmware/lib/cryptolib/rsa.c ('k') | firmware/lib/vboot_common.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * Implementation of RSA utility functions. 5 * Implementation of RSA utility functions.
6 */ 6 */
7 7
8 #include "cryptolib.h" 8 #include "cryptolib.h"
9 #include "stateful_util.h" 9 #include "stateful_util.h"
10 #include "utility.h" 10 #include "utility.h"
11 11
12 int RSAProcessedKeySize(int algorithm) { 12 int RSAProcessedKeySize(unsigned int algorithm, int* out_size) {
13 int key_len = siglen_map[algorithm]; /* Key length in 13 int key_len; /* Key length in bytes. */
14 * bytes. */ 14 if (algorithm < kNumAlgorithms) {
15 /* Total size needed by a RSAPublicKey structure is = 15 key_len = siglen_map[algorithm];
16 * 2 * key_len bytes for the n and rr arrays 16 /* Total size needed by a RSAPublicKey structure is =
17 * + sizeof len + sizeof n0inv. 17 * 2 * key_len bytes for the n and rr arrays
18 */ 18 * + sizeof len + sizeof n0inv.
19 return (2 * key_len + sizeof(uint32_t) + sizeof(uint32_t)); 19 */
20 *out_size = (2 * key_len + sizeof(uint32_t) + sizeof(uint32_t));
21 return 1;
22 }
23 return 0;
20 } 24 }
21 25
22 RSAPublicKey* RSAPublicKeyNew(void) { 26 RSAPublicKey* RSAPublicKeyNew(void) {
23 RSAPublicKey* key = (RSAPublicKey*) Malloc(sizeof(RSAPublicKey)); 27 RSAPublicKey* key = (RSAPublicKey*) Malloc(sizeof(RSAPublicKey));
24 key->n = NULL; 28 key->n = NULL;
25 key->rr = NULL; 29 key->rr = NULL;
26 return key; 30 return key;
27 } 31 }
28 32
29 void RSAPublicKeyFree(RSAPublicKey* key) { 33 void RSAPublicKeyFree(RSAPublicKey* key) {
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 } 71 }
68 72
69 return key; 73 return key;
70 } 74 }
71 75
72 int RSAVerifyBinary_f(const uint8_t* key_blob, 76 int RSAVerifyBinary_f(const uint8_t* key_blob,
73 const RSAPublicKey* key, 77 const RSAPublicKey* key,
74 const uint8_t* buf, 78 const uint8_t* buf,
75 uint64_t len, 79 uint64_t len,
76 const uint8_t* sig, 80 const uint8_t* sig,
77 int algorithm) { 81 unsigned int algorithm) {
78 RSAPublicKey* verification_key = NULL; 82 RSAPublicKey* verification_key = NULL;
79 uint8_t* digest = NULL; 83 uint8_t* digest = NULL;
80 int key_size; 84 int key_size;
81 int sig_size; 85 int sig_size;
82 int success; 86 int success;
83 87
84 if (algorithm >= kNumAlgorithms) 88 if (algorithm >= kNumAlgorithms)
85 return 0; /* Invalid algorithm. */ 89 return 0; /* Invalid algorithm. */
86 key_size = RSAProcessedKeySize(algorithm); 90 if (!RSAProcessedKeySize(algorithm, &key_size))
91 return 0;
87 sig_size = siglen_map[algorithm]; 92 sig_size = siglen_map[algorithm];
88 93
89 if (key_blob && !key) 94 if (key_blob && !key)
90 verification_key = RSAPublicKeyFromBuf(key_blob, key_size); 95 verification_key = RSAPublicKeyFromBuf(key_blob, key_size);
91 else if (!key_blob && key) 96 else if (!key_blob && key)
92 verification_key = (RSAPublicKey*) key; /* Supress const warning. */ 97 verification_key = (RSAPublicKey*) key; /* Supress const warning. */
93 else 98 else
94 return 0; /* Both can't be NULL or non-NULL. */ 99 return 0; /* Both can't be NULL or non-NULL. */
95 100
101 /* Ensure we have a valid key. */
102 if (!verification_key)
103 return 0;
104
96 digest = DigestBuf(buf, len, algorithm); 105 digest = DigestBuf(buf, len, algorithm);
97 success = RSAVerify(verification_key, sig, (uint32_t)sig_size, 106 success = RSAVerify(verification_key, sig, (uint32_t)sig_size,
98 (uint8_t)algorithm, digest); 107 (uint8_t)algorithm, digest);
99 108
100 Free(digest); 109 Free(digest);
101 if (!key) 110 if (!key)
102 RSAPublicKeyFree(verification_key); /* Only free if we allocated it. */ 111 RSAPublicKeyFree(verification_key); /* Only free if we allocated it. */
103 return success; 112 return success;
104 } 113 }
105 114
106 /* Version of RSAVerifyBinary_f() where instead of the raw binary blob 115 /* Version of RSAVerifyBinary_f() where instead of the raw binary blob
107 * of data, its digest is passed as the argument. */ 116 * of data, its digest is passed as the argument. */
108 int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob, 117 int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob,
109 const RSAPublicKey* key, 118 const RSAPublicKey* key,
110 const uint8_t* digest, 119 const uint8_t* digest,
111 const uint8_t* sig, 120 const uint8_t* sig,
112 int algorithm) { 121 unsigned int algorithm) {
113 RSAPublicKey* verification_key = NULL; 122 RSAPublicKey* verification_key = NULL;
114 int key_size; 123 int key_size;
115 int sig_size; 124 int sig_size;
116 int success; 125 int success;
117 126
118 if (algorithm >= kNumAlgorithms) 127 if (algorithm >= kNumAlgorithms)
119 return 0; /* Invalid algorithm. */ 128 return 0; /* Invalid algorithm. */
120 key_size = RSAProcessedKeySize(algorithm); 129 if (!RSAProcessedKeySize(algorithm, &key_size))
130 return 0;
121 sig_size = siglen_map[algorithm]; 131 sig_size = siglen_map[algorithm];
122 132
123 if (key_blob && !key) 133 if (key_blob && !key)
124 verification_key = RSAPublicKeyFromBuf(key_blob, key_size); 134 verification_key = RSAPublicKeyFromBuf(key_blob, key_size);
125 else if (!key_blob && key) 135 else if (!key_blob && key)
126 verification_key = (RSAPublicKey*) key; /* Supress const warning. */ 136 verification_key = (RSAPublicKey*) key; /* Supress const warning. */
127 else 137 else
128 return 0; /* Both can't be NULL or non-NULL. */ 138 return 0; /* Both can't be NULL or non-NULL. */
129 139
140 /* Ensure we have a valid key. */
141 if (!verification_key)
142 return 0;
143
130 success = RSAVerify(verification_key, sig, (uint32_t)sig_size, 144 success = RSAVerify(verification_key, sig, (uint32_t)sig_size,
131 (uint8_t)algorithm, digest); 145 (uint8_t)algorithm, digest);
132 146
133 if (!key) 147 if (!key)
134 RSAPublicKeyFree(verification_key); /* Only free if we allocated it. */ 148 RSAPublicKeyFree(verification_key); /* Only free if we allocated it. */
135 return success; 149 return success;
136 } 150 }
OLDNEW
« no previous file with comments | « firmware/lib/cryptolib/rsa.c ('k') | firmware/lib/vboot_common.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698