[sw/silicon_creator] Move sigverify_rsa_key_get() call to mask_rom_boot()
Signed-off-by: Alphan Ulusoy <alphan@google.com>
diff --git a/sw/device/silicon_creator/mask_rom/mask_rom.c b/sw/device/silicon_creator/mask_rom/mask_rom.c
index 2a63124..6439128 100644
--- a/sw/device/silicon_creator/mask_rom/mask_rom.c
+++ b/sw/device/silicon_creator/mask_rom/mask_rom.c
@@ -18,6 +18,7 @@
#include "sw/device/silicon_creator/lib/drivers/uart.h"
#include "sw/device/silicon_creator/mask_rom/romextimage.h"
#include "sw/device/silicon_creator/mask_rom/sigverify.h"
+#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
#include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
@@ -91,15 +92,20 @@
const manifest_t *manifest;
manifest_signed_region_t signed_region;
+ const sigverify_rsa_key_t *key;
if (romextimage_manifest_get(kFlashSlotA, &manifest) != kErrorOk) {
break;
}
if (manifest_signed_region_get(manifest, &signed_region) != kErrorOk) {
break;
}
+ if (sigverify_rsa_key_get(sigverify_rsa_key_id_get(&manifest->modulus),
+ &key) != kErrorOk) {
+ break;
+ }
if (sigverify_rom_ext_signature_verify(
signed_region.start, signed_region.length, &manifest->signature,
- manifest->modulus.data[0]) != kErrorOk) {
+ key) != kErrorOk) {
break;
}
diff --git a/sw/device/silicon_creator/mask_rom/sigverify.c b/sw/device/silicon_creator/mask_rom/sigverify.c
index d09a23c..1a46555 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify.c
+++ b/sw/device/silicon_creator/mask_rom/sigverify.c
@@ -7,7 +7,6 @@
#include "sw/device/lib/base/memory.h"
#include "sw/device/lib/base/mmio.h"
#include "sw/device/silicon_creator/lib/drivers/hmac.h"
-#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
#include "sw/device/silicon_creator/mask_rom/sigverify_mod_exp.h"
#include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
@@ -72,18 +71,14 @@
rom_error_t sigverify_rom_ext_signature_verify(
const void *signed_region, size_t signed_region_len,
- const sigverify_rsa_buffer_t *signature, uint32_t key_id) {
+ const sigverify_rsa_buffer_t *signature, const sigverify_rsa_key_t *key) {
hmac_digest_t act_digest;
hmac_sha256_init();
RETURN_IF_ERROR(hmac_sha256_update(signed_region, signed_region_len));
RETURN_IF_ERROR(hmac_sha256_final(&act_digest));
- // TODO(#21): Key validity check using OTP.
- const sigverify_rsa_key_t *key;
- RETURN_IF_ERROR(sigverify_rsa_key_get(key_id, &key));
-
- // TODO(#21): Choose between Ibex and OTBN using OTP.
- // TODO(#18): OTBN modular exponentiation.
+ // FIXME: Choose between Ibex and OTBN using OTP.
+ // FIXME: OTBN modular exponentiation.
sigverify_rsa_buffer_t enc_msg;
if (!sigverify_mod_exp_ibex(key, signature, &enc_msg)) {
return kErrorSigverifyInvalidArgument;
diff --git a/sw/device/silicon_creator/mask_rom/sigverify.h b/sw/device/silicon_creator/mask_rom/sigverify.h
index 5ae76b5..b91e9a7 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify.h
+++ b/sw/device/silicon_creator/mask_rom/sigverify.h
@@ -35,12 +35,12 @@
* @param signed_region Pointer to the start of the signed region.
* @param signed_region_len Length of the signed region in bytes.
* @param signature An RSA signature.
- * @param key_id ID of the key to use for verifying the signature.
+ * @param key RSA public key to use for verifying the signature.
* @return Result of the operation.
*/
rom_error_t sigverify_rom_ext_signature_verify(
const void *signed_region, size_t signed_region_len,
- const sigverify_rsa_buffer_t *signature, uint32_t key_id);
+ const sigverify_rsa_buffer_t *signature, const sigverify_rsa_key_t *key);
#ifdef __cplusplus
} // extern "C"
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_keys.c b/sw/device/silicon_creator/mask_rom/sigverify_keys.c
index 5b06609..cbac7a0 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_keys.c
+++ b/sw/device/silicon_creator/mask_rom/sigverify_keys.c
@@ -81,6 +81,7 @@
rom_error_t sigverify_rsa_key_get(uint32_t key_id,
const sigverify_rsa_key_t **key) {
+ // FIXME: Key validity check using OTP.
for (size_t i = 0; i < kSigVerifyNumRsaKeys; ++i) {
const sigverify_rsa_key_t *cand_key = &kSigVerifyRsaKeys[i];
if (sigverify_rsa_key_id_get(&cand_key->n) == key_id) {
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc b/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc
index d87c5db..0b0f37b 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc
+++ b/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc
@@ -81,8 +81,6 @@
// The contents of `kSignedRegion` and `kSignature` are not significant since we
// use mocks. `kSignedRegion` is initialized this way only for consistency with
// `kTestDigest`.
-// TODO(opentitan/#5955): Remove when the manifest struct is ready and
-// `sigverify_rom_ext_signature_check` is updated.
constexpr std::array<uint8_t, 4> kSignedRegion{'t', 'e', 's', 't'};
constexpr sigverify_rsa_buffer_t kSignature{};
@@ -93,9 +91,6 @@
};
TEST_F(SigVerifyTest, GoodSignature) {
- // FIXME: Parameterize with key ids.
- const auto key_id = sigverify_rsa_key_id_get(&kSigVerifyRsaKeys[0].n);
-
EXPECT_CALL(hmac_, sha256_init());
EXPECT_CALL(hmac_, sha256_update(kSignedRegion.data(), sizeof(kSignedRegion)))
.WillOnce(Return(kErrorOk));
@@ -105,16 +100,14 @@
ibex(&kSigVerifyRsaKeys[0], &kSignature, NotNull()))
.WillOnce(DoAll(SetArgPointee<2>(kEncMsg), Return(kErrorOk)));
- EXPECT_EQ(
- sigverify_rom_ext_signature_verify(
- kSignedRegion.data(), sizeof(kSignedRegion), &kSignature, key_id),
- kErrorOk);
+ // FIXME: Parameterize with key ids.
+ EXPECT_EQ(sigverify_rom_ext_signature_verify(
+ kSignedRegion.data(), sizeof(kSignedRegion), &kSignature,
+ &kSigVerifyRsaKeys[0]),
+ kErrorOk);
}
TEST_F(SigVerifyTest, BadSignature) {
- // FIXME: Parameterize with key ids.
- const auto key_id = sigverify_rsa_key_id_get(&kSigVerifyRsaKeys[0].n);
-
// Corrupt the words of the encoded message by flipping their bits and check
// that signature verification fails.
// FIXME: Make this a parameterized test.
@@ -132,10 +125,11 @@
ibex(&kSigVerifyRsaKeys[0], &kSignature, NotNull()))
.WillOnce(DoAll(SetArgPointee<2>(bad_enc_msg), Return(true)));
- EXPECT_EQ(
- sigverify_rom_ext_signature_verify(
- kSignedRegion.data(), sizeof(kSignedRegion), &kSignature, key_id),
- kErrorSigverifyInvalidArgument);
+ // FIXME: Parameterize with key ids.
+ EXPECT_EQ(sigverify_rom_ext_signature_verify(
+ kSignedRegion.data(), sizeof(kSignedRegion), &kSignature,
+ &kSigVerifyRsaKeys[0]),
+ kErrorSigverifyInvalidArgument);
}
}
