github.com/linuxboot/fiano@v1.2.0/pkg/intel/metadata/bg/key_signature.go

github.com/linuxboot/fiano@v1.2.0/pkg/intel/metadata/bg/key_signature.go (about)

     1  // Copyright 2017-2023 the LinuxBoot Authors. All rights reserved
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:generate manifestcodegen
     6  
     7  package bg
     8  
     9  import (
    10  	"crypto"
    11  	"fmt"
    12  )
    13  
    14  // KeySignature
    15  type KeySignature struct {
    16  	Version   uint8     `require:"0x10" json:"ksVersion,omitempty"`
    17  	Key       Key       `json:"ksKey"`
    18  	Signature Signature `json:"ksSignature"`
    19  }
    20  
    21  // Verify verifies the builtin signature with the builtin public key.
    22  func (m *KeySignature) Verify(signedData []byte) error {
    23  	sig, err := m.Signature.SignatureData()
    24  	if err != nil {
    25  		return fmt.Errorf("invalid signature: %w", err)
    26  	}
    27  	pk, err := m.Key.PubKey()
    28  	if err != nil {
    29  		return fmt.Errorf("invalid public key: %w", err)
    30  	}
    31  	err = sig.Verify(pk, signedData)
    32  	if err != nil {
    33  		return fmt.Errorf("verification failed: %w", err)
    34  	}
    35  	return nil
    36  }
    37  
    38  // SetSignature generates a signature and sets all the values of KeyManifest,
    39  // accordingly to arguments signAlgo, privKey and signedData.
    40  //
    41  // if signAlgo is zero then it is detected automatically, based on the type
    42  // of the provided private key.
    43  func (ks *KeySignature) SetSignature(signAlgo Algorithm, privKey crypto.Signer, signedData []byte) error {
    44  	ks.Version = 0x10
    45  	err := ks.Key.SetPubKey(privKey.Public())
    46  	if err != nil {
    47  		return fmt.Errorf("unable to set public key: %w", err)
    48  	}
    49  
    50  	return ks.Signature.SetSignature(signAlgo, privKey, signedData)
    51  }
    52  
    53  // SetSignatureAuto generates a signature and sets all the values of KeyManifest,
    54  // accordingly to arguments privKey and signedData.
    55  //
    56  // Signing algorithm will be detected automatically based on the type of the
    57  // provided private key.
    58  func (ks *KeySignature) SetSignatureAuto(privKey crypto.Signer, signedData []byte) error {
    59  	ks.Version = 0x10
    60  	err := ks.Key.SetPubKey(privKey.Public())
    61  	if err != nil {
    62  		return fmt.Errorf("unable to set public key: %w", err)
    63  	}
    64  
    65  	return ks.SetSignature(0, privKey, signedData)
    66  }
    67  
    68  // FillSignature sets a signature and all the values of KeyManifest,
    69  // accordingly to arguments signAlgo, pubKey and signedData.
    70  //
    71  // if signAlgo is zero then it is detected automatically, based on the type
    72  // of the provided private key.
    73  func (ks *KeySignature) FillSignature(signAlgo Algorithm, pubKey crypto.PublicKey, signedData []byte, hashAlgo Algorithm) error {
    74  	ks.Version = 0x10
    75  	err := ks.Key.SetPubKey(pubKey)
    76  	if err != nil {
    77  		return fmt.Errorf("unable to set public key: %w", err)
    78  	}
    79  
    80  	return ks.Signature.FillSignature(signAlgo, pubKey, signedData, hashAlgo)
    81  }