scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 10:14:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create vbutil_ec tool for signing EC firmware.

Browse Source 
This just adds the vbutil_ec tool (and a simple test of the library
functions related to it).

BUG=chrome-os-partner:7459, chromium-os:27142
TEST=manual

  make
  make runtests

Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5
Reviewed-on: https://gerrit.chromium.org/gerrit/21868
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This commit is contained in:
Bill Richardson
2012-05-03 08:40:44 -07:00
committed by Gerrit
parent f47291926a
commit 2448d3b3bc
20 changed files with 748 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
firmware/include/vboot_struct.h
View File

@@ -76,6 +76,42 @@ typedef struct VbKeyBlockHeader {
#define EXPECTED_VBKEYBLOCKHEADER_SIZE 112 #define EXPECTED_VBKEYBLOCKHEADER_SIZE 112
/****************************************************************************/
#define EC_PREAMBLE_HEADER_VERSION_MAJOR 1
#define EC_PREAMBLE_HEADER_VERSION_MINOR 0
/* Flags for VbECPreambleHeader.flags */
/* Use the normal boot path from the read-only firmware, instead
* of verifying the body signature. */
#define VB_EC_PREAMBLE_USE_RO_NORMAL 0x00000001
/* Premable block for EC rewritable firmware, version 1.0 */
typedef struct VbECPreambleHeader {
uint64_t preamble_size; /* Size of this preamble, including keys,
* signatures, and padding, in bytes */
VbSignature preamble_signature; /* Signature for this preamble
* (header + * body signature) */
uint32_t header_version_major; /* Version of this header format */
uint32_t header_version_minor; /* Version of this header format */
uint64_t firmware_version; /* Firmware version */
VbSignature body_digest; /* Digest for the firmware body */
uint32_t flags; /* Flags; see VB_EC_PREAMBLE_* */
char name[128]; /* Human-readable ASCII, null-padded */
} __attribute__((packed)) VbECPreambleHeader;
#define EXPECTED_VB_EC_PREAMBLE_HEADER1_0_SIZE 76
/* The firmware preamble header should be followed by:
* 2) The signature data for the firmware body, pointed to by
* body_signature.sig_offset.
* 3) The signature data for (header + body signature data), pointed
* to by preamble_signature.sig_offset. */
/****************************************************************************/
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
@@ -134,6 +170,7 @@ typedef struct VbFirmwarePreambleHeader {
* 3) The signature data for (header + kernel_subkey data + body signature * 3) The signature data for (header + kernel_subkey data + body signature
* data), pointed to by preamble_signature.sig_offset. */ * data), pointed to by preamble_signature.sig_offset. */
/****************************************************************************/
#define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2 #define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2
#define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 0 #define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 0
@@ -162,6 +199,8 @@ typedef struct VbKernelPreambleHeader {
#define EXPECTED_VBKERNELPREAMBLEHEADER_SIZE 96 #define EXPECTED_VBKERNELPREAMBLEHEADER_SIZE 96
/****************************************************************************/
/* Constants and sub-structures for VbSharedDataHeader */ /* Constants and sub-structures for VbSharedDataHeader */
/* Magic number for recognizing VbSharedDataHeader ("VbSD") */ /* Magic number for recognizing VbSharedDataHeader ("VbSD") */

14
firmware/lib/include/vboot_common.h
View File

@@ -81,10 +81,14 @@ int VerifyData(const uint8_t* data, uint64_t size, const VbSignature* sig,
/* Verifies a secure hash digest from DigestBuf() or DigestFinal(), /* Verifies a secure hash digest from DigestBuf() or DigestFinal(),
* using [key]. */ * using [key]. Returns 0 on success. */
int VerifyDigest(const uint8_t* digest, const VbSignature *sig, int VerifyDigest(const uint8_t* digest, const VbSignature *sig,
const RSAPublicKey* key); const RSAPublicKey* key);
/* Uses [key] algorithm to hash [data], then compares that to the expected
* [hash]. Returns 0 if they're equal, non-zero if error. */
int EqualData(const uint8_t* data, uint64_t size, const VbSignature *hash,
const RSAPublicKey* key);
/* Checks the sanity of a key block of size [size] bytes, using public /* Checks the sanity of a key block of size [size] bytes, using public
* key [key]. If hash_only is non-zero, uses only the block checksum * key [key]. If hash_only is non-zero, uses only the block checksum
@@ -94,6 +98,14 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
const VbPublicKey *key, int hash_only); const VbPublicKey *key, int hash_only);
/* Checks the sanity of an EC preamble of size [size] bytes,
* using public key [key].
*
* Returns VBOOT_SUCCESS if successful. */
int VerifyECPreamble(const VbECPreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key);
/* Checks the sanity of a firmware preamble of size [size] bytes, /* Checks the sanity of a firmware preamble of size [size] bytes,
* using public key [key]. * using public key [key].
* *

78
firmware/lib/vboot_common.c
View File

@@ -173,6 +173,28 @@ int VerifyDigest(const uint8_t* digest, const VbSignature *sig,
} }
int EqualData(const uint8_t* data, uint64_t size, const VbSignature *hash,
const RSAPublicKey* key) {
uint8_t* digest = NULL;
int rv;
if (hash->sig_size != hash_size_map[key->algorithm]) {
VBDEBUG(("Wrong hash size for algorithm.\n"));
return 1;
}
if (hash->data_size > size) {
VBDEBUG(("Data buffer smaller than length of signed data.\n"));
return 1;
}
digest = DigestBuf(data, hash->data_size, key->algorithm);
rv = SafeMemcmp(digest, GetSignatureDataC(hash), hash->sig_size);
VbExFree(digest);
return rv;
}
int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
const VbPublicKey *key, int hash_only) { const VbPublicKey *key, int hash_only) {
@@ -291,6 +313,62 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
} }
int VerifyECPreamble(const VbECPreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key) {
const VbSignature* sig = &preamble->preamble_signature;
/* Sanity checks before attempting signature of data */
if(size < EXPECTED_VB_EC_PREAMBLE_HEADER1_0_SIZE) {
VBDEBUG(("Not enough data for EC preamble header.\n"));
return VBOOT_PREAMBLE_INVALID;
}
if (preamble->header_version_major !=
EC_PREAMBLE_HEADER_VERSION_MAJOR) {
VBDEBUG(("Incompatible EC preamble header version (%d, not %d).\n",
preamble->header_version_major,
EC_PREAMBLE_HEADER_VERSION_MAJOR));
return VBOOT_PREAMBLE_INVALID;
}
if (size < preamble->preamble_size) {
VBDEBUG(("Not enough data for EC preamble.\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Check signature */
if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) {
VBDEBUG(("EC preamble signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Make sure advertised signature data sizes are sane. */
if (preamble->preamble_size < sig->data_size) {
VBDEBUG(("EC signature calculated past end of the block\n"));
return VBOOT_PREAMBLE_INVALID;
}
if (VerifyData((const uint8_t*)preamble, size, sig, key)) {
VBDEBUG(("EC preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
}
/* Verify we signed enough data */
if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) {
VBDEBUG(("Didn't sign enough data\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Verify body digest is inside the signed data */
if (VerifySignatureInside(preamble, sig->data_size,
&preamble->body_digest)) {
VBDEBUG(("EC body digest off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Success */
return VBOOT_SUCCESS;
}
int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader* preamble, int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key) { uint64_t size, const RSAPublicKey* key) {

12
host/include/host_common.h
View File

@@ -22,6 +22,18 @@
#include "vboot_struct.h" #include "vboot_struct.h"
/* Creates an EC preamble, signed with [signing_key].
* Caller owns the returned pointer, and must free it with Free().
*
* Returns NULL if error. */
VbECPreambleHeader* CreateECPreamble(
uint64_t firmware_version,
const VbSignature* body_signature,
const VbPrivateKey* signing_key,
uint32_t flags,
const char* name);
/* Creates a firmware preamble, signed with [signing_key]. /* Creates a firmware preamble, signed with [signing_key].
* Caller owns the returned pointer, and must free it with Free(). * Caller owns the returned pointer, and must free it with Free().
* *

7
host/include/host_signature.h
View File

@@ -36,6 +36,13 @@ int SignatureCopy(VbSignature* dest, const VbSignature* src);
VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size); VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size);
/* Calculates a hash of the data using the algorithm from the specified key.
* Caller owns the returned pointer, and must free it with Free().
*
* Returns NULL on error. */
VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
const VbPrivateKey* key);
/* Calculates a signature for the data using the specified key. /* Calculates a signature for the data using the specified key.
* Caller owns the returned pointer, and must free it with Free(). * Caller owns the returned pointer, and must free it with Free().
* *

48
host/lib/host_common.c
View File

@@ -6,6 +6,7 @@
*/ */
/* TODO: change all 'return 0', 'return 1' into meaningful return codes */ /* TODO: change all 'return 0', 'return 1' into meaningful return codes */
#include <string.h>
#include "host_common.h" #include "host_common.h"
@@ -13,6 +14,53 @@
#include "utility.h" #include "utility.h"
#include "vboot_common.h" #include "vboot_common.h"
VbECPreambleHeader* CreateECPreamble(
uint64_t firmware_version,
const VbSignature* body_digest,
const VbPrivateKey* signing_key,
uint32_t flags,
const char* name) {
VbECPreambleHeader* h;
uint64_t signed_size = (sizeof(VbECPreambleHeader) + body_digest->sig_size);
uint64_t block_size = signed_size + siglen_map[signing_key->algorithm];
uint8_t* body_digest_dest;
uint8_t* block_sig_dest;
VbSignature *sigtmp;
/* Allocate key block */
h = (VbECPreambleHeader*)malloc(block_size);
if (!h)
return NULL;
Memset(h, 0, block_size);
body_digest_dest = (uint8_t*)(h + 1);
block_sig_dest = body_digest_dest + body_digest->sig_size;
h->header_version_major = EC_PREAMBLE_HEADER_VERSION_MAJOR;
h->header_version_minor = EC_PREAMBLE_HEADER_VERSION_MINOR;
h->preamble_size = block_size;
h->firmware_version = firmware_version;
h->flags = flags;
if (name)
strncpy(h->name, name, sizeof(h->name));
/* Copy body hash */
SignatureInit(&h->body_digest, body_digest_dest,
body_digest->sig_size, 0);
SignatureCopy(&h->body_digest, body_digest);
/* Set up signature struct so we can calculate the signature */
SignatureInit(&h->preamble_signature, block_sig_dest,
siglen_map[signing_key->algorithm], signed_size);
/* Calculate signature */
sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key);
SignatureCopy(&h->preamble_signature, sigtmp);
free(sigtmp);
/* Return the header */
return h;
}
VbFirmwarePreambleHeader* CreateFirmwarePreamble( VbFirmwarePreambleHeader* CreateFirmwarePreamble(
uint64_t firmware_version, uint64_t firmware_version,

26
host/lib/host_signature.c
View File

@@ -78,6 +78,32 @@ VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size) {
return sig; return sig;
} }
VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
const VbPrivateKey* key) {
uint8_t* digest = NULL;
int digest_size = hash_size_map[key->algorithm];
VbSignature* sig = NULL;
/* Calculate the digest */
digest = DigestBuf(data, size, key->algorithm);
if (!digest)
return NULL;
/* Allocate output signature */
sig = SignatureAlloc(digest_size, size);
if (!sig) {
free(digest);
return NULL;
}
/* The digest itself is the signature data */
Memcpy(GetSignatureData(sig), digest, digest_size);
free(digest);
/* Return the signature */
return sig;
}
VbSignature* CalculateSignature(const uint8_t* data, uint64_t size, VbSignature* CalculateSignature(const uint8_t* data, uint64_t size,
const VbPrivateKey* key) { const VbPrivateKey* key) {

11
scripts/keygeneration/common.sh
View File

@@ -23,7 +23,10 @@ function alg_to_keylen {
echo $(( 1 << (10 + ($1 / 3)) )) echo $(( 1 << (10 + ($1 / 3)) ))
} }
# Default alrogithms. # Default algorithms.
EC_ROOT_KEY_ALGOID=7
EC_DATAKEY_ALGOID=7
ROOT_KEY_ALGOID=11 ROOT_KEY_ALGOID=11
RECOVERY_KEY_ALGOID=11 RECOVERY_KEY_ALGOID=11
@@ -37,13 +40,13 @@ KERNEL_DATAKEY_ALGOID=4
# Keyblock modes determine which boot modes a signing key is valid for use # Keyblock modes determine which boot modes a signing key is valid for use
# in verification. # in verification.
FIRMWARE_KEYBLOCK_MODE=7 EC_KEYBLOCK_MODE=7 # Only allow RW EC firmware in non-recovery.
FIRMWARE_KEYBLOCK_MODE=7 # Only allow RW firmware in non-recovery.
DEV_FIRMWARE_KEYBLOCK_MODE=6 # Only allow in dev mode. DEV_FIRMWARE_KEYBLOCK_MODE=6 # Only allow in dev mode.
RECOVERY_KERNEL_KEYBLOCK_MODE=11 RECOVERY_KERNEL_KEYBLOCK_MODE=11 # Only in recovery mode.
KERNEL_KEYBLOCK_MODE=7 # Only allow in non-recovery. KERNEL_KEYBLOCK_MODE=7 # Only allow in non-recovery.
INSTALLER_KERNEL_KEYBLOCK_MODE=10 # Only allow in Dev + Recovery. INSTALLER_KERNEL_KEYBLOCK_MODE=10 # Only allow in Dev + Recovery.
# Emit .vbpubk and .vbprivk using given basename and algorithm # Emit .vbpubk and .vbprivk using given basename and algorithm
# NOTE: This function also appears in ../../utility/dev_make_keypair. Making # NOTE: This function also appears in ../../utility/dev_make_keypair. Making
# the two implementations the same would require some common.sh, which is more # the two implementations the same would require some common.sh, which is more

7
scripts/keygeneration/create_new_keys.sh
View File

@@ -32,6 +32,7 @@ if [ ! -e "${VERSION_FILE}" ]; then
fi fi
# Get the key versions for normal keypairs # Get the key versions for normal keypairs
ECKEY_VERSION=$(get_version "ec_key_version")
FKEY_VERSION=$(get_version "firmware_key_version") FKEY_VERSION=$(get_version "firmware_key_version")
# Firmware version is the kernel subkey version. # Firmware version is the kernel subkey version.
KSUBKEY_VERSION=$(get_version "firmware_version") KSUBKEY_VERSION=$(get_version "firmware_version")
@@ -39,6 +40,8 @@ KSUBKEY_VERSION=$(get_version "firmware_version")
KDATAKEY_VERSION=$(get_version "kernel_key_version") KDATAKEY_VERSION=$(get_version "kernel_key_version")
# Create the normal keypairs # Create the normal keypairs
make_pair ec_root_key $EC_ROOT_KEY_ALGOID
make_pair ec_data_key $EC_DATAKEY_ALGOID $ECKEY_VERSION
make_pair root_key $ROOT_KEY_ALGOID make_pair root_key $ROOT_KEY_ALGOID
make_pair firmware_data_key $FIRMWARE_DATAKEY_ALGOID $FKEY_VERSION make_pair firmware_data_key $FIRMWARE_DATAKEY_ALGOID $FKEY_VERSION
if [ -n "$DEV_KEYBLOCK_FLAG" ]; then if [ -n "$DEV_KEYBLOCK_FLAG" ]; then
@@ -55,14 +58,14 @@ make_pair installer_kernel_data_key $INSTALLER_KERNEL_ALGOID
# Create the firmware keyblock for use only in Normal mode. This is redundant, # Create the firmware keyblock for use only in Normal mode. This is redundant,
# since it's never even checked during Recovery mode. # since it's never even checked during Recovery mode.
make_keyblock firmware $FIRMWARE_KEYBLOCK_MODE firmware_data_key root_key make_keyblock firmware $FIRMWARE_KEYBLOCK_MODE firmware_data_key root_key
# Ditto EC keyblock
make_keyblock ec $EC_KEYBLOCK_MODE ec_data_key ec_root_key
if [ -n "$DEV_KEYBLOCK_FLAG" ]; then if [ -n "$DEV_KEYBLOCK_FLAG" ]; then
# Create the dev firmware keyblock for use only in Developer mode. # Create the dev firmware keyblock for use only in Developer mode.
make_keyblock dev_firmware $DEV_FIRMWARE_KEYBLOCK_MODE dev_firmware_data_key root_key make_keyblock dev_firmware $DEV_FIRMWARE_KEYBLOCK_MODE dev_firmware_data_key root_key
fi fi
# Create the recovery kernel keyblock for use only in Recovery mode. # Create the recovery kernel keyblock for use only in Recovery mode.
make_keyblock recovery_kernel $RECOVERY_KERNEL_KEYBLOCK_MODE recovery_kernel_data_key recovery_key make_keyblock recovery_kernel $RECOVERY_KERNEL_KEYBLOCK_MODE recovery_kernel_data_key recovery_key

2
tests/Makefile
View File

@@ -40,6 +40,7 @@ TEST_NAMES = cgptlib_test \
vboot_common_tests \ vboot_common_tests \
vboot_common2_tests \ vboot_common2_tests \
vboot_common3_tests \ vboot_common3_tests \
vboot_ec_tests \
vboot_firmware_tests \ vboot_firmware_tests \
vboot_nvstorage_test \ vboot_nvstorage_test \
vboot_api_devmode_tests \ vboot_api_devmode_tests \
@@ -150,6 +151,7 @@ runcryptotests:
${BUILD_ROOT}/rsa_utility_tests ${BUILD_ROOT}/rsa_utility_tests
${BUILD_ROOT}/sha_tests ${BUILD_ROOT}/sha_tests
./run_vboot_common_tests.sh ./run_vboot_common_tests.sh
./run_vboot_ec_tests.sh
# Run other misc tests # Run other misc tests
runmisctests: runmisctests:

BIN
tests/devkeys/ec.keyblock Normal file
View File

Binary file not shown.

BIN
tests/devkeys/ec_data_key.vbprivk Normal file
View File

Binary file not shown.

BIN
tests/devkeys/ec_data_key.vbpubk Normal file
View File

Binary file not shown.

BIN
tests/devkeys/ec_root_key.vbprivk Normal file
View File

Binary file not shown.

BIN
tests/devkeys/ec_root_key.vbpubk Normal file
View File

Binary file not shown.

2
tests/run_vboot_common_tests.sh
View File

@@ -4,7 +4,7 @@
# Use of this source code is governed by a BSD-style license that can be # Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file. # found in the LICENSE file.
# Run verified boot firmware and kernel verification tests. # Run verified boot firmware and kernel verification tests.
# Load common constants and variables. # Load common constants and variables.
. "$(dirname "$0")/common.sh" . "$(dirname "$0")/common.sh"

19
tests/run_vboot_ec_tests.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash -eu
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Run verified boot firmware and kernel verification tests.
# Load common constants and variables.
. "$(dirname "$0")/common.sh"
check_test_keys
for priv in ${TESTKEY_DIR}/*.vbprivk; do
root=$(basename ${i%.vbprivk})
pub="${priv%.vbprivk}.vbpubk"
echo "Trying $root ..."
${TEST_DIR}/vboot_ec_tests "$priv" "$pub"
done

160
tests/vboot_ec_tests.c Normal file
View File

@@ -0,0 +1,160 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Tests for EC firmware vboot stuff.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "cryptolib.h"
#include "file_keys.h"
#include "host_common.h"
#include "test_common.h"
#include "vboot_common.h"
static void ReSignECPreamble(VbECPreambleHeader* h,
const VbPrivateKey* key) {
VbSignature *sig = CalculateSignature((const uint8_t*)h,
h->preamble_signature.data_size, key);
SignatureCopy(&h->preamble_signature, sig);
free(sig);
}
static void VerifyECPreambleTest(const VbPublicKey* public_key,
const VbPrivateKey* private_key) {
VbECPreambleHeader* hdr;
VbECPreambleHeader* h;
RSAPublicKey* rsa;
unsigned hsize;
/* Create a dummy signature */
VbSignature* body_sig = SignatureAlloc(56, 78);
rsa = PublicKeyToRSA(public_key);
hdr = CreateECPreamble(0x1234, body_sig, private_key,
0x5678, "Foo bar");
TEST_NEQ(hdr && rsa, 0, "VerifyECPreamble() prerequisites");
if (!hdr)
return;
hsize = (unsigned) hdr->preamble_size;
h = (VbECPreambleHeader*)malloc(hsize + 16384);
TEST_EQ(VerifyECPreamble(hdr, hsize, rsa), 0,
"VerifyECPreamble() ok using key");
TEST_NEQ(VerifyECPreamble(hdr, hsize - 1, rsa), 0,
"VerifyECPreamble() size--");
TEST_EQ(VerifyECPreamble(hdr, hsize + 1, rsa), 0,
"VerifyECPreamble() size++");
TEST_EQ(hdr->firmware_version, 0x1234,
"VerifyECPreamble() firmware version");
TEST_EQ(hdr->flags, 0x5678,
"VerifyECPreamble() flags");
TEST_EQ(strncmp(hdr->name, "Foo bar", sizeof(hdr->name)), 0,
"VerifyECPreamble() name");
/* Care about major version but not minor */
Memcpy(h, hdr, hsize);
h->header_version_major++;
ReSignECPreamble(h, private_key);
TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() major++");
Memcpy(h, hdr, hsize);
h->header_version_major--;
ReSignECPreamble(h, private_key);
TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() major--");
Memcpy(h, hdr, hsize);
h->header_version_minor++;
ReSignECPreamble(h, private_key);
TEST_EQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() minor++");
Memcpy(h, hdr, hsize);
h->header_version_minor--;
ReSignECPreamble(h, private_key);
TEST_EQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() minor--");
/* Check signature */
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_offset = hsize;
ReSignECPreamble(h, private_key);
TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() sig off end");
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_size--;
ReSignECPreamble(h, private_key);
TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() sig too small");
Memcpy(h, hdr, hsize);
GetSignatureData(&h->body_digest)[0] ^= 0x34;
TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() sig mismatch");
/* Check that we signed header and body sig */
Memcpy(h, hdr, hsize);
h->preamble_signature.data_size = 4;
h->body_digest.sig_offset = 0;
h->body_digest.sig_size = 0;
ReSignECPreamble(h, private_key);
TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() didn't sign header");
Memcpy(h, hdr, hsize);
h->body_digest.sig_offset = hsize;
ReSignECPreamble(h, private_key);
TEST_NEQ(VerifyECPreamble(h, hsize, rsa), 0,
"VerifyECPreamble() body sig off end");
/* TODO: verify with extra padding at end of header. */
free(h);
RSAPublicKeyFree(rsa);
free(hdr);
}
int main(int argc, char* argv[]) {
VbPrivateKey* signing_private_key = NULL;
VbPublicKey* signing_public_key = NULL;
int error_code = 0;
if(argc != 3) {
fprintf(stderr, "Usage: %s <signing privkey> <signing pubkey>", argv[0]);
return -1;
}
signing_private_key = PrivateKeyRead(argv[1]);
if (!signing_private_key) {
fprintf(stderr, "Error reading signing_private_key\n");
return 1;
}
signing_public_key = PublicKeyRead(argv[2]);
if (!signing_public_key) {
fprintf(stderr, "Error reading signing_public_key\n");
return 1;
}
VerifyECPreambleTest(signing_public_key, signing_private_key);
if (signing_public_key)
free(signing_public_key);
if (signing_private_key)
free(signing_private_key);
return error_code;
}

4
utility/Makefile
View File

@@ -27,6 +27,7 @@ TARGET_NAMES = crossystem \
tlcl_generator \ tlcl_generator \
tpm_init_temp_fix \ tpm_init_temp_fix \
tpmc \ tpmc \
vbutil_ec \
vbutil_firmware \ vbutil_firmware \
vbutil_kernel \ vbutil_kernel \
vbutil_key \ vbutil_key \
@@ -120,6 +121,9 @@ ${BUILD_ROOT}/signature_digest_utility: signature_digest_utility.c $(LIBS)
${BUILD_ROOT}/tlcl_generator: tlcl_generator.c ${BUILD_ROOT}/tlcl_generator: tlcl_generator.c
$(HOSTCC) $(CFLAGS) -fpack-struct $< -o $@ $(HOSTCC) $(CFLAGS) -fpack-struct $< -o $@
${BUILD_ROOT}/vbutil_ec: vbutil_ec.c $(LIBS)
$(CC) $(CFLAGS) $< -o $@ $(LIBS) -lcrypto
${BUILD_ROOT}/vbutil_firmware: vbutil_firmware.c $(LIBS) ${BUILD_ROOT}/vbutil_firmware: vbutil_firmware.c $(LIBS)
$(CC) $(CFLAGS) $< -o $@ $(LIBS) -lcrypto $(CC) $(CFLAGS) $< -o $@ $(LIBS) -lcrypto

327
utility/vbutil_ec.c Normal file
View File

@@ -0,0 +1,327 @@
/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Verified boot utility for EC firmware
*/
#include <getopt.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "cryptolib.h"
#include "host_common.h"
#include "vboot_common.h"
/* Command line options */
enum {
OPT_MODE_VBLOCK = 1000,
OPT_MODE_VERIFY,
OPT_KEYBLOCK,
OPT_SIGNPUBKEY,
OPT_SIGNPRIVATE,
OPT_VERSION,
OPT_FV,
OPT_KERNELKEY,
OPT_FLAGS,
OPT_NAME,
};
static struct option long_opts[] = {
{"vblock", 1, 0, OPT_MODE_VBLOCK },
{"verify", 1, 0, OPT_MODE_VERIFY },
{"keyblock", 1, 0, OPT_KEYBLOCK },
{"signpubkey", 1, 0, OPT_SIGNPUBKEY },
{"signprivate", 1, 0, OPT_SIGNPRIVATE },
{"version", 1, 0, OPT_VERSION },
{"fv", 1, 0, OPT_FV },
{"flags", 1, 0, OPT_FLAGS },
{"name", 1, 0, OPT_NAME },
{NULL, 0, 0, 0}
};
/* Print help and return error */
static int PrintHelp(void) {
puts("vbutil_ec - Verified boot signing utility for EC firmware\n"
"\n"
"Usage: vbutil_ec <--vblock|--verify> <file> [OPTIONS]\n"
"\n"
"For '--vblock <file>', required OPTIONS are:\n"
" --keyblock <file> Key block in .keyblock format\n"
" --signprivate <file> Signing private key in .vbprivk format\n"
" --version <number> Firmware version\n"
" --fv <file> Firmware volume to sign\n"
"optional OPTIONS are:\n"
" --flags <number> Preamble flags (defaults to 0)\n"
" --name <string> Human-readable description\n"
"\n"
"For '--verify <file>', required OPTIONS are:\n"
" --fv <file> Firmware volume to verify\n"
"optional OPTIONS are:\n"
" --signpubkey <file> Signing public key in .vbpubk format\n"
"\n");
return 1;
}
/* Create an EC firmware .vblock */
static int Vblock(const char* outfile, const char* keyblock_file,
const char* signprivate, uint64_t version,
const char* fv_file, uint32_t preamble_flags,
const char* name) {
VbPrivateKey* signing_key;
VbSignature* body_digest;
VbECPreambleHeader* preamble;
VbKeyBlockHeader* key_block;
uint64_t key_block_size;
uint8_t* fv_data;
uint64_t fv_size;
FILE* f;
uint64_t i;
if (!outfile)
VbExError("Must specify output filename\n");
if (!keyblock_file || !signprivate)
VbExError("Must specify all keys\n");
if (!fv_file)
VbExError("Must specify firmware volume\n");
/* Read the key block and keys */
key_block = (VbKeyBlockHeader*)ReadFile(keyblock_file, &key_block_size);
if (!key_block)
VbExError("Error reading key block.\n");
signing_key = PrivateKeyRead(signprivate);
if (!signing_key)
VbExError("Error reading signing key.\n");
/* Read and sign the firmware volume */
fv_data = ReadFile(fv_file, &fv_size);
if (!fv_data)
return 1;
if (!fv_size)
VbExError("Empty firmware volume file\n");
if (name && strlen(name)+1 > sizeof(preamble->name))
VbExError("Name string is too long\n");
body_digest = CalculateHash(fv_data, fv_size, signing_key);
if (!body_digest)
VbExError("Error calculating body digest\n");
free(fv_data);
/* Create preamble */
preamble = CreateECPreamble(version, body_digest, signing_key,
preamble_flags, name);
if (!preamble)
VbExError("Error creating preamble.\n");
/* Write the output file */
f = fopen(outfile, "wb");
if (!f)
VbExError("Can't open output file %s\n", outfile);
i = ((1 != fwrite(key_block, key_block_size, 1, f)) ||
(1 != fwrite(preamble, preamble->preamble_size, 1, f)));
fclose(f);
if (i) {
unlink(outfile);
VbExError("Can't write output file %s\n", outfile);
}
/* Success */
return 0;
}
static int Verify(const char* infile,
const char* signpubkey,
const char* fv_file) {
VbKeyBlockHeader* key_block;
VbECPreambleHeader* preamble;
VbPublicKey* data_key;
VbPublicKey* sign_key = 0;
RSAPublicKey* rsa;
uint8_t* blob;
uint64_t blob_size;
uint8_t* fv_data;
uint64_t fv_size;
uint64_t now = 0;
if (!infile || !fv_file) {
VbExError("Must specify filename and fv\n");
return 1;
}
/* Read public signing key */
if (signpubkey) {
sign_key = PublicKeyRead(signpubkey);
if (!sign_key)
VbExError("Error reading signpubkey.\n");
} else {
printf("WARNING: No public key given - signature is not checked\n");
}
/* Read blob */
blob = ReadFile(infile, &blob_size);
if (!blob)
VbExError("Error reading input file\n");
/* Read firmware volume */
fv_data = ReadFile(fv_file, &fv_size);
if (!fv_data)
VbExError("Error reading firmware volume\n");
/* Verify key block */
key_block = (VbKeyBlockHeader*)blob;
if (0 != KeyBlockVerify(key_block, blob_size, sign_key, !signpubkey))
VbExError("Error verifying key block.\n");
if (sign_key)
free(sign_key);
now += key_block->key_block_size;
printf("Key block:\n");
data_key = &key_block->data_key;
printf(" Size: %" PRIu64 "\n", key_block->key_block_size);
printf(" Flags: %" PRIu64 " (ignored)\n",
key_block->key_block_flags);
printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm,
(data_key->algorithm < kNumAlgorithms ?
algo_strings[data_key->algorithm] : "(invalid)"));
printf(" Data key version: %" PRIu64 "\n", data_key->key_version);
printf(" Data key sha1sum: ");
PrintPubKeySha1Sum(data_key);
printf("\n");
rsa = PublicKeyToRSA(&key_block->data_key);
if (!rsa)
VbExError("Error parsing data key.\n");
/* Verify preamble */
preamble = (VbECPreambleHeader*)(blob + now);
if (0 != VerifyECPreamble(preamble, blob_size - now, rsa))
VbExError("Error verifying preamble.\n");
now += preamble->preamble_size;
printf("Preamble:\n");
printf(" Size: %" PRIu64 "\n", preamble->preamble_size);
printf(" Header version: %" PRIu32 ".%" PRIu32"\n",
preamble->header_version_major, preamble->header_version_minor);
printf(" Firmware version: %" PRIu64 "\n", preamble->firmware_version);
printf(" Firmware body size: %" PRIu64 "\n",
preamble->body_digest.data_size);
printf(" Preamble flags: %" PRIu32 "\n", preamble->flags);
printf(" Preamble name: %s\n", preamble->name);
/* TODO: verify body size same as signature size */
/* Verify body */
if (preamble->flags & VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL) {
printf("Preamble requests USE_RO_NORMAL; skipping body verification.\n");
} else {
if (0 != EqualData(fv_data, fv_size, &preamble->body_digest, rsa))
VbExError("Error verifying firmware body.\n");
printf("Body verification succeeded.\n");
}
return 0;
}
int main(int argc, char* argv[]) {
char* filename = NULL;
char* key_block_file = NULL;
char* signpubkey = NULL;
char* signprivate = NULL;
uint64_t version = 0;
int got_version = 0;
char* fv_file = NULL;
uint32_t preamble_flags = 0;
char *name = NULL;
int mode = 0;
int parse_error = 0;
char* e;
int i;
while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) {
switch (i) {
case '?':
/* Unhandled option */
printf("Unknown option\n");
parse_error = 1;
break;
case OPT_MODE_VBLOCK:
case OPT_MODE_VERIFY:
mode = i;
filename = optarg;
break;
case OPT_KEYBLOCK:
key_block_file = optarg;
break;
case OPT_SIGNPUBKEY:
signpubkey = optarg;
break;
case OPT_SIGNPRIVATE:
signprivate = optarg;
break;
case OPT_FV:
fv_file = optarg;
break;
case OPT_VERSION:
version = strtoul(optarg, &e, 0);
if (!*optarg || (e && *e)) {
printf("Invalid --version\n");
parse_error = 1;
}
got_version = 1;
break;
case OPT_FLAGS:
preamble_flags = strtoul(optarg, &e, 0);
if (!*optarg || (e && *e)) {
printf("Invalid --flags\n");
parse_error = 1;
}
break;
case OPT_NAME:
name = optarg;
break;
}
}
if (parse_error)
return PrintHelp();
switch(mode) {
case OPT_MODE_VBLOCK:
if (!got_version) {
printf("Must specify a version\n");
return PrintHelp();
}
return Vblock(filename, key_block_file, signprivate, version,
fv_file, preamble_flags, name);
case OPT_MODE_VERIFY:
return Verify(filename, signpubkey, fv_file);
default:
printf("Must specify a mode.\n");
return PrintHelp();
}
}