scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-26 19:25:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot: Convert vboot1 SHA calls to use vboot2

Browse Source 
This change replaces all calls to the old vboot1 SHA library with their
vboot2 equivalents.

This is the first in a long series of changes to move the core vboot kernel
verification into vb2, and the control/display loop out to depthcharge.

BUG=chromium:611535
BRANCH=none
TEST=make runtests; build samus firmware and boot it

Change-Id: I31986eb766176c0e39a192c5ce15730471c3cf94
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/344342
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
This commit is contained in:
Randall Spangler
2016-05-11 13:50:18 -07:00
committed by chrome-bot
parent b3a625f8fe
commit 7c3ae42e04
39 changed files with 374 additions and 1604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Makefile
View File

@@ -327,10 +327,6 @@ VBSF_SRCS = \
firmware/lib/cryptolib/padding.c \
firmware/lib/cryptolib/rsa.c \
firmware/lib/cryptolib/rsa_utility.c \
firmware/lib/cryptolib/sha1.c \
firmware/lib/cryptolib/sha256.c \
firmware/lib/cryptolib/sha512.c \
firmware/lib/cryptolib/sha_utility.c \
firmware/lib/stateful_util.c \
firmware/lib/vboot_api_firmware.c \
firmware/lib/vboot_common.c \
@@ -737,7 +733,6 @@ TEST_NAMES = \
tests/rsa_utility_tests \
tests/rsa_verify_benchmark \
tests/sha_benchmark \
tests/sha_tests \
tests/stateful_util_tests \
tests/tpm_bootmode_tests \
tests/utility_string_tests \
@@ -949,8 +944,8 @@ ${BDBLIB_OBJS}: INCLUDES += -Ifirmware/bdb
${BUILD}/firmware/linktest/main_vbinit: ${VBINIT_OBJS}
${BUILD}/firmware/linktest/main_vbinit: OBJS = ${VBINIT_OBJS}
TEST_OBJS += ${BUILD}/firmware/linktest/main_vbinit.o
${BUILD}/firmware/linktest/main_vbsf: ${VBSF_OBJS}
${BUILD}/firmware/linktest/main_vbsf: OBJS = ${VBSF_OBJS}
${BUILD}/firmware/linktest/main_vbsf: ${FWLIB}
${BUILD}/firmware/linktest/main_vbsf: LIBS = ${FWLIB}
TEST_OBJS += ${BUILD}/firmware/linktest/main_vbsf.o
${BUILD}/firmware/linktest/main: ${FWLIB}
${BUILD}/firmware/linktest/main: LIBS = ${FWLIB}
@@ -965,7 +960,7 @@ fwlinktest: \
.PHONY: fwlib
fwlib: $(if ${FIRMWARE_ARCH},${FWLIB},fwlinktest)
${FWLIB}: ${FWLIB_OBJS}
${FWLIB}: ${FWLIB_OBJS} ${FWLIB2X_OBJS}
@${PRINTF} " RM $(subst ${BUILD}/,,$@)\n"
${Q}rm -f $@
@${PRINTF} " AR $(subst ${BUILD}/,,$@)\n"
@@ -1020,7 +1015,7 @@ utillib: ${UTILLIB} \
${BUILD}/host/linktest/main
# TODO: better way to make .a than duplicating this recipe each time?
${UTILLIB}: ${UTILLIB_OBJS} ${FWLIB_OBJS}
${UTILLIB}: ${UTILLIB_OBJS} ${FWLIB_OBJS} ${FWLIB2X_OBJS}
@${PRINTF} " RM $(subst ${BUILD}/,,$@)\n"
${Q}rm -f $@
@${PRINTF} " AR $(subst ${BUILD}/,,$@)\n"
@@ -1459,7 +1454,6 @@ runmisctests: test_setup
${RUNTEST} ${BUILD_RUN}/tests/rollback_index2_tests
${RUNTEST} ${BUILD_RUN}/tests/rollback_index3_tests
${RUNTEST} ${BUILD_RUN}/tests/rsa_utility_tests
${RUNTEST} ${BUILD_RUN}/tests/sha_tests
${RUNTEST} ${BUILD_RUN}/tests/stateful_util_tests
${RUNTEST} ${BUILD_RUN}/tests/tlcl_tests
${RUNTEST} ${BUILD_RUN}/tests/tpm_bootmode_tests

23
cgpt/cgpt_wrapper.c
View File

@@ -22,9 +22,14 @@
#include <sys/types.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cgpt.h"
#include "cgpt_nor.h"
#include "cryptolib.h"
#include "file_keys.h"
// Check if cmdline |argv| has "-D". "-D" signifies that GPT structs are stored
// off device, and hence we should not wrap around cgpt.
@@ -67,8 +72,8 @@ static const char *find_mtd_device(int argc, const char *const argv[]) {
static int wrap_cgpt(int argc,
const char *const argv[],
const char *mtd_device) {
uint8_t *original_hash = NULL;
uint8_t *modified_hash = NULL;
uint8_t original_hash[VB2_SHA1_DIGEST_SIZE];
uint8_t modified_hash[VB2_SHA1_DIGEST_SIZE];
int ret = 0;
// Create a temp dir to work in.
@@ -81,7 +86,11 @@ static int wrap_cgpt(int argc,
if (snprintf(rw_gpt_path, sizeof(rw_gpt_path), "%s/rw_gpt", temp_dir) < 0) {
goto cleanup;
}
original_hash = DigestFile(rw_gpt_path, SHA1_DIGEST_ALGORITHM);
if (VB2_SUCCESS != DigestFile(rw_gpt_path, VB2_HASH_SHA1,
original_hash, sizeof(original_hash))) {
Error("Cannot compute original GPT digest.\n");
goto cleanup;
}
// Obtain the MTD size.
ret++;
@@ -126,9 +135,9 @@ static int wrap_cgpt(int argc,
// Write back "rw_gpt" to NOR flash in two chunks.
ret++;
modified_hash = DigestFile(rw_gpt_path, SHA1_DIGEST_ALGORITHM);
if (original_hash != NULL && modified_hash != NULL) {
if (memcmp(original_hash, modified_hash, SHA1_DIGEST_SIZE) != 0) {
if (VB2_SUCCESS == DigestFile(rw_gpt_path, VB2_HASH_SHA1,
modified_hash, sizeof(modified_hash))) {
if (memcmp(original_hash, modified_hash, VB2_SHA1_DIGEST_SIZE) != 0) {
ret = WriteNorFlash(temp_dir);
} else {
ret = 0;
@@ -136,8 +145,6 @@ static int wrap_cgpt(int argc,
}
cleanup:
free(original_hash);
free(modified_hash);
RemoveDir(temp_dir);
return ret;
}

1
firmware/lib/cryptolib/include/cryptolib.h
View File

@@ -10,6 +10,5 @@
#include "padding.h"
#include "rsa.h"
#include "sha.h"
#endif /* VBOOT_REFERENCE_CRYPTOLIB_H_ */

3
firmware/lib/cryptolib/include/padding.h
View File

@@ -31,9 +31,6 @@ extern const int digestinfo_size_map[];
extern const int siglen_map[];
extern const uint8_t* const padding_map[];
extern const int padding_size_map[];
extern const int hash_type_map[];
extern const int hash_size_map[];
extern const int hash_blocksize_map[];
extern const uint8_t* const hash_digestinfo_map[];
extern const char* const algo_strings[];

128
firmware/lib/cryptolib/include/sha.h
View File

@@ -1,128 +0,0 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
/* SHA-1, 256 and 512 functions. */
#ifndef VBOOT_REFERENCE_SHA_H_
#define VBOOT_REFERENCE_SHA_H_
#ifndef VBOOT_REFERENCE_CRYPTOLIB_H_
#error "Do not include this file directly. Use cryptolib.h instead."
#endif
#include "sysincludes.h"
#define SHA1_DIGEST_SIZE 20
#define SHA1_BLOCK_SIZE 64
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
typedef struct SHA1_CTX {
uint64_t count;
uint32_t state[5];
#if defined(HAVE_ENDIAN_H) && defined(HAVE_LITTLE_ENDIAN)
union {
uint8_t b[64];
uint32_t w[16];
} buf;
#else
uint8_t buf[64];
#endif
} SHA1_CTX;
typedef struct {
uint32_t h[8];
uint32_t tot_len;
uint32_t len;
uint8_t block[2 * SHA256_BLOCK_SIZE];
uint8_t buf[SHA256_DIGEST_SIZE]; /* Used for storing the final digest. */
} VB_SHA256_CTX;
typedef struct {
uint64_t h[8];
uint32_t tot_len;
uint32_t len;
uint8_t block[2 * SHA512_BLOCK_SIZE];
uint8_t buf[SHA512_DIGEST_SIZE]; /* Used for storing the final digest. */
} VB_SHA512_CTX;
void SHA1_init(SHA1_CTX* ctx);
void SHA1_update(SHA1_CTX* ctx, const uint8_t* data, uint64_t len);
uint8_t* SHA1_final(SHA1_CTX* ctx);
void SHA256_init(VB_SHA256_CTX* ctx);
void SHA256_update(VB_SHA256_CTX* ctx, const uint8_t* data, uint32_t len);
uint8_t* SHA256_final(VB_SHA256_CTX* ctx);
void SHA512_init(VB_SHA512_CTX* ctx);
void SHA512_update(VB_SHA512_CTX* ctx, const uint8_t* data, uint32_t len);
uint8_t* SHA512_final(VB_SHA512_CTX* ctx);
/* Convenience function for SHA-1. Computes hash on [data] of length [len].
* and stores it into [digest]. [digest] should be pre-allocated to
* SHA1_DIGEST_SIZE bytes.
*/
uint8_t* internal_SHA1(const uint8_t* data, uint64_t len, uint8_t* digest);
/* Convenience function for SHA-256. Computes hash on [data] of length [len].
* and stores it into [digest]. [digest] should be pre-allocated to
* SHA256_DIGEST_SIZE bytes.
*/
uint8_t* internal_SHA256(const uint8_t* data, uint64_t len, uint8_t* digest);
/* Convenience function for SHA-512. Computes hash on [data] of length [len].
* and stores it into [digest]. [digest] should be pre-allocated to
* SHA512_DIGEST_SIZE bytes.
*/
uint8_t* internal_SHA512(const uint8_t* data, uint64_t len, uint8_t* digest);
/*---- Utility functions/wrappers for message digests. */
#define SHA1_DIGEST_ALGORITHM 0
#define SHA256_DIGEST_ALGORITHM 1
#define SHA512_DIGEST_ALGORITHM 2
/* A generic digest context structure which can be used to represent
* the SHA*_CTX for multiple digest algorithms.
*/
typedef struct DigestContext {
SHA1_CTX* sha1_ctx;
VB_SHA256_CTX* sha256_ctx;
VB_SHA512_CTX* sha512_ctx;
int algorithm; /* Hashing algorithm to use. */
} DigestContext;
/* Wrappers for message digest algorithms. These are useful when the hashing
* operation is being done in parallel with something else. DigestContext tracks
* and stores the state of any digest algorithm (one at any given time).
*/
/* Initialize a digest context for use with signature algorithm [algorithm]. */
void DigestInit(DigestContext* ctx, int sig_algorithm);
void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint32_t len);
/* Caller owns the returned digest and must free it. */
uint8_t* DigestFinal(DigestContext* ctx);
/* Returns the appropriate digest for the data in [input_file]
* based on the signature [algorithm].
* Caller owns the returned digest and must free it.
*/
uint8_t* DigestFile(char* input_file, int sig_algorithm);
/* Returns the appropriate digest of [buf] of length
* [len] based on the signature [algorithm].
* Caller owns the returned digest and must free it.
*/
uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm);
#endif /* VBOOT_REFERENCE_SHA_H_ */

107
firmware/lib/cryptolib/padding.c
View File

File diff suppressed because one or more lines are too long

17
firmware/lib/cryptolib/rsa_utility.c
View File

@@ -6,7 +6,10 @@
*/
#include "sysincludes.h"
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "stateful_util.h"
#include "utility.h"
@@ -87,10 +90,10 @@ int RSAVerifyBinary_f(const uint8_t* key_blob,
const uint8_t* sig,
unsigned int algorithm) {
RSAPublicKey* verification_key = NULL;
uint8_t* digest = NULL;
uint8_t digest[VB2_MAX_DIGEST_SIZE];
uint64_t key_size;
int sig_size;
int success;
int success = 0;
if (algorithm >= (unsigned int)kNumAlgorithms)
return 0; /* Invalid algorithm. */
@@ -109,13 +112,15 @@ int RSAVerifyBinary_f(const uint8_t* key_blob,
if (!verification_key)
return 0;
digest = DigestBuf(buf, len, algorithm);
success = RSAVerify(verification_key, sig, (uint32_t)sig_size,
(uint8_t)algorithm, digest);
if (VB2_SUCCESS == vb2_digest_buffer(buf, len, vb2_crypto_to_hash(algorithm),
digest, sizeof(digest))) {
success = RSAVerify(verification_key, sig, (uint32_t)sig_size,
(uint8_t)algorithm, digest);
}
VbExFree(digest);
if (!key)
RSAPublicKeyFree(verification_key); /* Only free if we allocated it. */
return success;
}

289
firmware/lib/cryptolib/sha1.c
View File

@@ -1,289 +0,0 @@
/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* SHA-1 implementation largely based on libmincrypt in the the Android
* Open Source Project (platorm/system/core.git/libmincrypt/sha.c
*/
#include "sysincludes.h"
#include "cryptolib.h"
#include "utility.h"
/* Some machines lack byteswap.h and endian.h. These have to use the
* slower code, even if they're little-endian.
*/
#if defined(HAVE_ENDIAN_H) && defined(HAVE_LITTLE_ENDIAN)
/* This version is about 28% faster than the generic version below,
* but assumes little-endianness.
*/
static uint32_t ror27(uint32_t val) {
return (val >> 27) | (val << 5);
}
static uint32_t ror2(uint32_t val) {
return (val >> 2) | (val << 30);
}
static uint32_t ror31(uint32_t val) {
return (val >> 31) | (val << 1);
}
static void SHA1_Transform(SHA1_CTX* ctx) {
uint32_t W[80];
register uint32_t A, B, C, D, E;
int t;
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
E = ctx->state[4];
#define SHA_F1(A,B,C,D,E,t) \
E += ror27(A) + \
(W[t] = bswap_32(ctx->buf.w[t])) + \
(D^(B&(C^D))) + 0x5A827999; \
B = ror2(B);
for (t = 0; t < 15; t += 5) {
SHA_F1(A,B,C,D,E,t + 0);
SHA_F1(E,A,B,C,D,t + 1);
SHA_F1(D,E,A,B,C,t + 2);
SHA_F1(C,D,E,A,B,t + 3);
SHA_F1(B,C,D,E,A,t + 4);
}
SHA_F1(A,B,C,D,E,t + 0); /* 16th one, t == 15 */
#undef SHA_F1
#define SHA_F1(A,B,C,D,E,t) \
E += ror27(A) + \
(W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
(D^(B&(C^D))) + 0x5A827999; \
B = ror2(B);
SHA_F1(E,A,B,C,D,t + 1);
SHA_F1(D,E,A,B,C,t + 2);
SHA_F1(C,D,E,A,B,t + 3);
SHA_F1(B,C,D,E,A,t + 4);
#undef SHA_F1
#define SHA_F2(A,B,C,D,E,t) \
E += ror27(A) + \
(W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
(B^C^D) + 0x6ED9EBA1; \
B = ror2(B);
for (t = 20; t < 40; t += 5) {
SHA_F2(A,B,C,D,E,t + 0);
SHA_F2(E,A,B,C,D,t + 1);
SHA_F2(D,E,A,B,C,t + 2);
SHA_F2(C,D,E,A,B,t + 3);
SHA_F2(B,C,D,E,A,t + 4);
}
#undef SHA_F2
#define SHA_F3(A,B,C,D,E,t) \
E += ror27(A) + \
(W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
((B&C)|(D&(B|C))) + 0x8F1BBCDC; \
B = ror2(B);
for (; t < 60; t += 5) {
SHA_F3(A,B,C,D,E,t + 0);
SHA_F3(E,A,B,C,D,t + 1);
SHA_F3(D,E,A,B,C,t + 2);
SHA_F3(C,D,E,A,B,t + 3);
SHA_F3(B,C,D,E,A,t + 4);
}
#undef SHA_F3
#define SHA_F4(A,B,C,D,E,t) \
E += ror27(A) + \
(W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \
(B^C^D) + 0xCA62C1D6; \
B = ror2(B);
for (; t < 80; t += 5) {
SHA_F4(A,B,C,D,E,t + 0);
SHA_F4(E,A,B,C,D,t + 1);
SHA_F4(D,E,A,B,C,t + 2);
SHA_F4(C,D,E,A,B,t + 3);
SHA_F4(B,C,D,E,A,t + 4);
}
#undef SHA_F4
ctx->state[0] += A;
ctx->state[1] += B;
ctx->state[2] += C;
ctx->state[3] += D;
ctx->state[4] += E;
}
void SHA1_update(SHA1_CTX* ctx, const uint8_t* data, uint64_t len) {
int i = ctx->count % sizeof(ctx->buf);
const uint8_t* p = (const uint8_t*)data;
ctx->count += len;
while (len > sizeof(ctx->buf) - i) {
Memcpy(&ctx->buf.b[i], p, sizeof(ctx->buf) - i);
len -= sizeof(ctx->buf) - i;
p += sizeof(ctx->buf) - i;
SHA1_Transform(ctx);
i = 0;
}
while (len--) {
ctx->buf.b[i++] = *p++;
if (i == sizeof(ctx->buf)) {
SHA1_Transform(ctx);
i = 0;
}
}
}
uint8_t* SHA1_final(SHA1_CTX* ctx) {
uint64_t cnt = ctx->count * 8;
int i;
SHA1_update(ctx, (uint8_t*)"\x80", 1);
while ((ctx->count % sizeof(ctx->buf)) != (sizeof(ctx->buf) - 8)) {
SHA1_update(ctx, (uint8_t*)"\0", 1);
}
for (i = 0; i < 8; ++i) {
uint8_t tmp = cnt >> ((7 - i) * 8);
SHA1_update(ctx, &tmp, 1);
}
for (i = 0; i < 5; i++) {
ctx->buf.w[i] = bswap_32(ctx->state[i]);
}
return ctx->buf.b;
}
#else /* #if defined(HAVE_ENDIAN_H) && defined(HAVE_LITTLE_ENDIAN) */
#define rol(bits, value) (((value) << (bits)) | ((value) >> (32 - (bits))))
static void SHA1_transform(SHA1_CTX *ctx) {
uint32_t W[80];
uint32_t A, B, C, D, E;
uint8_t *p = ctx->buf;
int t;
for(t = 0; t < 16; ++t) {
uint32_t tmp = *p++ << 24;
tmp |= *p++ << 16;
tmp |= *p++ << 8;
tmp |= *p++;
W[t] = tmp;
}
for(; t < 80; t++) {
W[t] = rol(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
}
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
E = ctx->state[4];
for(t = 0; t < 80; t++) {
uint32_t tmp = rol(5,A) + E + W[t];
if (t < 20)
tmp += (D^(B&(C^D))) + 0x5A827999;
else if ( t < 40)
tmp += (B^C^D) + 0x6ED9EBA1;
else if ( t < 60)
tmp += ((B&C)|(D&(B|C))) + 0x8F1BBCDC;
else
tmp += (B^C^D) + 0xCA62C1D6;
E = D;
D = C;
C = rol(30,B);
B = A;
A = tmp;
}
ctx->state[0] += A;
ctx->state[1] += B;
ctx->state[2] += C;
ctx->state[3] += D;
ctx->state[4] += E;
}
void SHA1_update(SHA1_CTX *ctx, const uint8_t *data, uint64_t len) {
int i = (int)(ctx->count % sizeof(ctx->buf));
const uint8_t* p = (const uint8_t*) data;
ctx->count += len;
while (len--) {
ctx->buf[i++] = *p++;
if (i == sizeof(ctx->buf)) {
SHA1_transform(ctx);
i = 0;
}
}
}
uint8_t* SHA1_final(SHA1_CTX *ctx) {
uint8_t *p = ctx->buf;
uint64_t cnt = ctx->count << 3;
int i;
SHA1_update(ctx, (uint8_t*)"\x80", 1);
while ((ctx->count % sizeof(ctx->buf)) != (sizeof(ctx->buf) - 8)) {
SHA1_update(ctx, (uint8_t*)"\0", 1);
}
for (i = 0; i < 8; ++i) {
uint8_t tmp = (uint8_t)((uint64_t)cnt >> ((7 - i) * 8));
SHA1_update(ctx, &tmp, 1);
}
for (i = 0; i < 5; i++) {
uint32_t tmp = ctx->state[i];
*p++ = (uint8_t)(tmp >> 24);
*p++ = (uint8_t)(tmp >> 16);
*p++ = (uint8_t)(tmp >> 8);
*p++ = (uint8_t)(tmp >> 0);
}
return ctx->buf;
}
#endif /* endianness */
void SHA1_init(SHA1_CTX* ctx) {
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xEFCDAB89;
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xC3D2E1F0;
ctx->count = 0;
}
uint8_t* internal_SHA1(const uint8_t *data, uint64_t len, uint8_t *digest) {
const uint8_t *p;
int i;
SHA1_CTX ctx;
SHA1_init(&ctx);
SHA1_update(&ctx, data, len);
p = SHA1_final(&ctx);
for (i = 0; i < SHA1_DIGEST_SIZE; ++i) {
digest[i] = *p++;
}
return digest;
}

342
firmware/lib/cryptolib/sha256.c
View File

@@ -1,342 +0,0 @@
/* SHA-256 and SHA-512 implementation based on code by Oliver Gay
* <olivier.gay@a3.epfl.ch> under a BSD-style license. See below.
*/
/*
* FIPS 180-2 SHA-224/256/384/512 implementation
* Last update: 02/02/2007
* Issue date: 04/30/2005
*
* Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "sysincludes.h"
#include "cryptolib.h"
#include "utility.h"
#define SHFR(x, n) (x >> n)
#define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
#define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
#define CH(x, y, z) ((x & y) ^ (~x & z))
#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
#define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
#define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
#define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3))
#define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10))
#define UNPACK32(x, str) \
{ \
*((str) + 3) = (uint8_t) ((x) ); \
*((str) + 2) = (uint8_t) ((x) >> 8); \
*((str) + 1) = (uint8_t) ((x) >> 16); \
*((str) + 0) = (uint8_t) ((x) >> 24); \
}
#define PACK32(str, x) \
{ \
*(x) = ((uint32_t) *((str) + 3) ) \
| ((uint32_t) *((str) + 2) << 8) \
| ((uint32_t) *((str) + 1) << 16) \
| ((uint32_t) *((str) + 0) << 24); \
}
/* Macros used for loops unrolling */
#define SHA256_SCR(i) \
{ \
w[i] = SHA256_F4(w[i - 2]) + w[i - 7] \
+ SHA256_F3(w[i - 15]) + w[i - 16]; \
}
#define SHA256_EXP(a, b, c, d, e, f, g, h, j) \
{ \
t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \
+ sha256_k[j] + w[j]; \
t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \
wv[d] += t1; \
wv[h] = t1 + t2; \
}
static const uint32_t sha256_h0[8] = {
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
static const uint32_t sha256_k[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
/* SHA-256 implementation */
void SHA256_init(VB_SHA256_CTX *ctx) {
#ifndef UNROLL_LOOPS
int i;
for (i = 0; i < 8; i++) {
ctx->h[i] = sha256_h0[i];
}
#else
ctx->h[0] = sha256_h0[0]; ctx->h[1] = sha256_h0[1];
ctx->h[2] = sha256_h0[2]; ctx->h[3] = sha256_h0[3];
ctx->h[4] = sha256_h0[4]; ctx->h[5] = sha256_h0[5];
ctx->h[6] = sha256_h0[6]; ctx->h[7] = sha256_h0[7];
#endif /* !UNROLL_LOOPS */
ctx->len = 0;
ctx->tot_len = 0;
}
static void SHA256_transform(VB_SHA256_CTX* ctx, const uint8_t* message,
unsigned int block_nb) {
uint32_t w[64];
uint32_t wv[8];
uint32_t t1, t2;
const unsigned char *sub_block;
int i;
#ifndef UNROLL_LOOPS
int j;
#endif
for (i = 0; i < (int) block_nb; i++) {
sub_block = message + (i << 6);
#ifndef UNROLL_LOOPS
for (j = 0; j < 16; j++) {
PACK32(&sub_block[j << 2], &w[j]);
}
for (j = 16; j < 64; j++) {
SHA256_SCR(j);
}
for (j = 0; j < 8; j++) {
wv[j] = ctx->h[j];
}
for (j = 0; j < 64; j++) {
t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
+ sha256_k[j] + w[j];
t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
wv[7] = wv[6];
wv[6] = wv[5];
wv[5] = wv[4];
wv[4] = wv[3] + t1;
wv[3] = wv[2];
wv[2] = wv[1];
wv[1] = wv[0];
wv[0] = t1 + t2;
}
for (j = 0; j < 8; j++) {
ctx->h[j] += wv[j];
}
#else
PACK32(&sub_block[ 0], &w[ 0]); PACK32(&sub_block[ 4], &w[ 1]);
PACK32(&sub_block[ 8], &w[ 2]); PACK32(&sub_block[12], &w[ 3]);
PACK32(&sub_block[16], &w[ 4]); PACK32(&sub_block[20], &w[ 5]);
PACK32(&sub_block[24], &w[ 6]); PACK32(&sub_block[28], &w[ 7]);
PACK32(&sub_block[32], &w[ 8]); PACK32(&sub_block[36], &w[ 9]);
PACK32(&sub_block[40], &w[10]); PACK32(&sub_block[44], &w[11]);
PACK32(&sub_block[48], &w[12]); PACK32(&sub_block[52], &w[13]);
PACK32(&sub_block[56], &w[14]); PACK32(&sub_block[60], &w[15]);
SHA256_SCR(16); SHA256_SCR(17); SHA256_SCR(18); SHA256_SCR(19);
SHA256_SCR(20); SHA256_SCR(21); SHA256_SCR(22); SHA256_SCR(23);
SHA256_SCR(24); SHA256_SCR(25); SHA256_SCR(26); SHA256_SCR(27);
SHA256_SCR(28); SHA256_SCR(29); SHA256_SCR(30); SHA256_SCR(31);
SHA256_SCR(32); SHA256_SCR(33); SHA256_SCR(34); SHA256_SCR(35);
SHA256_SCR(36); SHA256_SCR(37); SHA256_SCR(38); SHA256_SCR(39);
SHA256_SCR(40); SHA256_SCR(41); SHA256_SCR(42); SHA256_SCR(43);
SHA256_SCR(44); SHA256_SCR(45); SHA256_SCR(46); SHA256_SCR(47);
SHA256_SCR(48); SHA256_SCR(49); SHA256_SCR(50); SHA256_SCR(51);
SHA256_SCR(52); SHA256_SCR(53); SHA256_SCR(54); SHA256_SCR(55);
SHA256_SCR(56); SHA256_SCR(57); SHA256_SCR(58); SHA256_SCR(59);
SHA256_SCR(60); SHA256_SCR(61); SHA256_SCR(62); SHA256_SCR(63);
wv[0] = ctx->h[0]; wv[1] = ctx->h[1];
wv[2] = ctx->h[2]; wv[3] = ctx->h[3];
wv[4] = ctx->h[4]; wv[5] = ctx->h[5];
wv[6] = ctx->h[6]; wv[7] = ctx->h[7];
SHA256_EXP(0,1,2,3,4,5,6,7, 0); SHA256_EXP(7,0,1,2,3,4,5,6, 1);
SHA256_EXP(6,7,0,1,2,3,4,5, 2); SHA256_EXP(5,6,7,0,1,2,3,4, 3);
SHA256_EXP(4,5,6,7,0,1,2,3, 4); SHA256_EXP(3,4,5,6,7,0,1,2, 5);
SHA256_EXP(2,3,4,5,6,7,0,1, 6); SHA256_EXP(1,2,3,4,5,6,7,0, 7);
SHA256_EXP(0,1,2,3,4,5,6,7, 8); SHA256_EXP(7,0,1,2,3,4,5,6, 9);
SHA256_EXP(6,7,0,1,2,3,4,5,10); SHA256_EXP(5,6,7,0,1,2,3,4,11);
SHA256_EXP(4,5,6,7,0,1,2,3,12); SHA256_EXP(3,4,5,6,7,0,1,2,13);
SHA256_EXP(2,3,4,5,6,7,0,1,14); SHA256_EXP(1,2,3,4,5,6,7,0,15);
SHA256_EXP(0,1,2,3,4,5,6,7,16); SHA256_EXP(7,0,1,2,3,4,5,6,17);
SHA256_EXP(6,7,0,1,2,3,4,5,18); SHA256_EXP(5,6,7,0,1,2,3,4,19);
SHA256_EXP(4,5,6,7,0,1,2,3,20); SHA256_EXP(3,4,5,6,7,0,1,2,21);
SHA256_EXP(2,3,4,5,6,7,0,1,22); SHA256_EXP(1,2,3,4,5,6,7,0,23);
SHA256_EXP(0,1,2,3,4,5,6,7,24); SHA256_EXP(7,0,1,2,3,4,5,6,25);
SHA256_EXP(6,7,0,1,2,3,4,5,26); SHA256_EXP(5,6,7,0,1,2,3,4,27);
SHA256_EXP(4,5,6,7,0,1,2,3,28); SHA256_EXP(3,4,5,6,7,0,1,2,29);
SHA256_EXP(2,3,4,5,6,7,0,1,30); SHA256_EXP(1,2,3,4,5,6,7,0,31);
SHA256_EXP(0,1,2,3,4,5,6,7,32); SHA256_EXP(7,0,1,2,3,4,5,6,33);
SHA256_EXP(6,7,0,1,2,3,4,5,34); SHA256_EXP(5,6,7,0,1,2,3,4,35);
SHA256_EXP(4,5,6,7,0,1,2,3,36); SHA256_EXP(3,4,5,6,7,0,1,2,37);
SHA256_EXP(2,3,4,5,6,7,0,1,38); SHA256_EXP(1,2,3,4,5,6,7,0,39);
SHA256_EXP(0,1,2,3,4,5,6,7,40); SHA256_EXP(7,0,1,2,3,4,5,6,41);
SHA256_EXP(6,7,0,1,2,3,4,5,42); SHA256_EXP(5,6,7,0,1,2,3,4,43);
SHA256_EXP(4,5,6,7,0,1,2,3,44); SHA256_EXP(3,4,5,6,7,0,1,2,45);
SHA256_EXP(2,3,4,5,6,7,0,1,46); SHA256_EXP(1,2,3,4,5,6,7,0,47);
SHA256_EXP(0,1,2,3,4,5,6,7,48); SHA256_EXP(7,0,1,2,3,4,5,6,49);
SHA256_EXP(6,7,0,1,2,3,4,5,50); SHA256_EXP(5,6,7,0,1,2,3,4,51);
SHA256_EXP(4,5,6,7,0,1,2,3,52); SHA256_EXP(3,4,5,6,7,0,1,2,53);
SHA256_EXP(2,3,4,5,6,7,0,1,54); SHA256_EXP(1,2,3,4,5,6,7,0,55);
SHA256_EXP(0,1,2,3,4,5,6,7,56); SHA256_EXP(7,0,1,2,3,4,5,6,57);
SHA256_EXP(6,7,0,1,2,3,4,5,58); SHA256_EXP(5,6,7,0,1,2,3,4,59);
SHA256_EXP(4,5,6,7,0,1,2,3,60); SHA256_EXP(3,4,5,6,7,0,1,2,61);
SHA256_EXP(2,3,4,5,6,7,0,1,62); SHA256_EXP(1,2,3,4,5,6,7,0,63);
ctx->h[0] += wv[0]; ctx->h[1] += wv[1];
ctx->h[2] += wv[2]; ctx->h[3] += wv[3];
ctx->h[4] += wv[4]; ctx->h[5] += wv[5];
ctx->h[6] += wv[6]; ctx->h[7] += wv[7];
#endif /* !UNROLL_LOOPS */
}
}
void SHA256_update(VB_SHA256_CTX* ctx, const uint8_t* data, uint32_t len) {
unsigned int block_nb;
unsigned int new_len, rem_len, tmp_len;
const uint8_t *shifted_data;
tmp_len = SHA256_BLOCK_SIZE - ctx->len;
rem_len = len < tmp_len ? len : tmp_len;
Memcpy(&ctx->block[ctx->len], data, rem_len);
if (ctx->len + len < SHA256_BLOCK_SIZE) {
ctx->len += len;
return;
}
new_len = len - rem_len;
block_nb = new_len / SHA256_BLOCK_SIZE;
shifted_data = data + rem_len;
SHA256_transform(ctx, ctx->block, 1);
SHA256_transform(ctx, shifted_data, block_nb);
rem_len = new_len % SHA256_BLOCK_SIZE;
Memcpy(ctx->block, &shifted_data[block_nb << 6],
rem_len);
ctx->len = rem_len;
ctx->tot_len += (block_nb + 1) << 6;
}
uint8_t* SHA256_final(VB_SHA256_CTX* ctx) {
unsigned int block_nb;
unsigned int pm_len;
unsigned int len_b;
#ifndef UNROLL_LOOPS
int i;
#endif
block_nb = (1 + ((SHA256_BLOCK_SIZE - 9)
< (ctx->len % SHA256_BLOCK_SIZE)));
len_b = (ctx->tot_len + ctx->len) << 3;
pm_len = block_nb << 6;
Memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
ctx->block[ctx->len] = 0x80;
UNPACK32(len_b, ctx->block + pm_len - 4);
SHA256_transform(ctx, ctx->block, block_nb);
#ifndef UNROLL_LOOPS
for (i = 0 ; i < 8; i++) {
UNPACK32(ctx->h[i], &ctx->buf[i << 2]);
}
#else
UNPACK32(ctx->h[0], &ctx->buf[ 0]);
UNPACK32(ctx->h[1], &ctx->buf[ 4]);
UNPACK32(ctx->h[2], &ctx->buf[ 8]);
UNPACK32(ctx->h[3], &ctx->buf[12]);
UNPACK32(ctx->h[4], &ctx->buf[16]);
UNPACK32(ctx->h[5], &ctx->buf[20]);
UNPACK32(ctx->h[6], &ctx->buf[24]);
UNPACK32(ctx->h[7], &ctx->buf[28]);
#endif /* !UNROLL_LOOPS */
return ctx->buf;
}
uint8_t* internal_SHA256(const uint8_t* data, uint64_t len, uint8_t* digest) {
const uint8_t* input_ptr;
const uint8_t* result;
uint64_t remaining_len;
int i;
VB_SHA256_CTX ctx;
SHA256_init(&ctx);
input_ptr = data;
remaining_len = len;
/* Process data in at most UINT32_MAX byte chunks at a time. */
while (remaining_len) {
uint32_t block_size;
block_size = (uint32_t) ((remaining_len >= UINT32_MAX) ?
UINT32_MAX : remaining_len);
SHA256_update(&ctx, input_ptr, block_size);
remaining_len -= block_size;
input_ptr += block_size;
}
result = SHA256_final(&ctx);
for (i = 0; i < SHA256_DIGEST_SIZE; ++i) {
digest[i] = *result++;
}
return digest;
}

365
firmware/lib/cryptolib/sha512.c
View File

@@ -1,365 +0,0 @@
/* SHA-256 and SHA-512 implementation based on code by Oliver Gay
* <olivier.gay@a3.epfl.ch> under a BSD-style license. See below.
*/
/*
* FIPS 180-2 SHA-224/256/384/512 implementation
* Last update: 02/02/2007
* Issue date: 04/30/2005
*
* Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "sysincludes.h"
#include "cryptolib.h"
#include "utility.h"
#define SHFR(x, n) (x >> n)
#define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
#define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
#define CH(x, y, z) ((x & y) ^ (~x & z))
#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
#define SHA512_F1(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
#define SHA512_F2(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
#define SHA512_F3(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHFR(x, 7))
#define SHA512_F4(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHFR(x, 6))
#define UNPACK32(x, str) \
{ \
*((str) + 3) = (uint8_t) ((x) ); \
*((str) + 2) = (uint8_t) ((x) >> 8); \
*((str) + 1) = (uint8_t) ((x) >> 16); \
*((str) + 0) = (uint8_t) ((x) >> 24); \
}
#define UNPACK64(x, str) \
{ \
*((str) + 7) = (uint8_t) x; \
*((str) + 6) = (uint8_t) ((uint64_t)x >> 8); \
*((str) + 5) = (uint8_t) ((uint64_t)x >> 16); \
*((str) + 4) = (uint8_t) ((uint64_t)x >> 24); \
*((str) + 3) = (uint8_t) ((uint64_t)x >> 32); \
*((str) + 2) = (uint8_t) ((uint64_t)x >> 40); \
*((str) + 1) = (uint8_t) ((uint64_t)x >> 48); \
*((str) + 0) = (uint8_t) ((uint64_t)x >> 56); \
}
#define PACK64(str, x) \
{ \
*(x) = ((uint64_t) *((str) + 7) ) \
| ((uint64_t) *((str) + 6) << 8) \
| ((uint64_t) *((str) + 5) << 16) \
| ((uint64_t) *((str) + 4) << 24) \
| ((uint64_t) *((str) + 3) << 32) \
| ((uint64_t) *((str) + 2) << 40) \
| ((uint64_t) *((str) + 1) << 48) \
| ((uint64_t) *((str) + 0) << 56); \
}
/* Macros used for loops unrolling */
#define SHA512_SCR(i) \
{ \
w[i] = SHA512_F4(w[i - 2]) + w[i - 7] \
+ SHA512_F3(w[i - 15]) + w[i - 16]; \
}
#define SHA512_EXP(a, b, c, d, e, f, g ,h, j) \
{ \
t1 = wv[h] + SHA512_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \
+ sha512_k[j] + w[j]; \
t2 = SHA512_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \
wv[d] += t1; \
wv[h] = t1 + t2; \
}
static const uint64_t sha512_h0[8] = {
0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL};
static const uint64_t sha512_k[80] = {
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL};
/* SHA-512 implementation */
void SHA512_init(VB_SHA512_CTX *ctx) {
#ifdef UNROLL_LOOPS_SHA512
ctx->h[0] = sha512_h0[0]; ctx->h[1] = sha512_h0[1];
ctx->h[2] = sha512_h0[2]; ctx->h[3] = sha512_h0[3];
ctx->h[4] = sha512_h0[4]; ctx->h[5] = sha512_h0[5];
ctx->h[6] = sha512_h0[6]; ctx->h[7] = sha512_h0[7];
#else
int i;
for (i = 0; i < 8; i++)
ctx->h[i] = sha512_h0[i];
#endif /* UNROLL_LOOPS_SHA512 */
ctx->len = 0;
ctx->tot_len = 0;
}
static void SHA512_transform(VB_SHA512_CTX* ctx, const uint8_t* message,
unsigned int block_nb) {
uint64_t w[80];
uint64_t wv[8];
uint64_t t1, t2;
const uint8_t *sub_block;
int i, j;
for (i = 0; i < (int) block_nb; i++) {
sub_block = message + (i << 7);
#ifdef UNROLL_LOOPS_SHA512
PACK64(&sub_block[ 0], &w[ 0]); PACK64(&sub_block[ 8], &w[ 1]);
PACK64(&sub_block[ 16], &w[ 2]); PACK64(&sub_block[ 24], &w[ 3]);
PACK64(&sub_block[ 32], &w[ 4]); PACK64(&sub_block[ 40], &w[ 5]);
PACK64(&sub_block[ 48], &w[ 6]); PACK64(&sub_block[ 56], &w[ 7]);
PACK64(&sub_block[ 64], &w[ 8]); PACK64(&sub_block[ 72], &w[ 9]);
PACK64(&sub_block[ 80], &w[10]); PACK64(&sub_block[ 88], &w[11]);
PACK64(&sub_block[ 96], &w[12]); PACK64(&sub_block[104], &w[13]);
PACK64(&sub_block[112], &w[14]); PACK64(&sub_block[120], &w[15]);
SHA512_SCR(16); SHA512_SCR(17); SHA512_SCR(18); SHA512_SCR(19);
SHA512_SCR(20); SHA512_SCR(21); SHA512_SCR(22); SHA512_SCR(23);
SHA512_SCR(24); SHA512_SCR(25); SHA512_SCR(26); SHA512_SCR(27);
SHA512_SCR(28); SHA512_SCR(29); SHA512_SCR(30); SHA512_SCR(31);
SHA512_SCR(32); SHA512_SCR(33); SHA512_SCR(34); SHA512_SCR(35);
SHA512_SCR(36); SHA512_SCR(37); SHA512_SCR(38); SHA512_SCR(39);
SHA512_SCR(40); SHA512_SCR(41); SHA512_SCR(42); SHA512_SCR(43);
SHA512_SCR(44); SHA512_SCR(45); SHA512_SCR(46); SHA512_SCR(47);
SHA512_SCR(48); SHA512_SCR(49); SHA512_SCR(50); SHA512_SCR(51);
SHA512_SCR(52); SHA512_SCR(53); SHA512_SCR(54); SHA512_SCR(55);
SHA512_SCR(56); SHA512_SCR(57); SHA512_SCR(58); SHA512_SCR(59);
SHA512_SCR(60); SHA512_SCR(61); SHA512_SCR(62); SHA512_SCR(63);
SHA512_SCR(64); SHA512_SCR(65); SHA512_SCR(66); SHA512_SCR(67);
SHA512_SCR(68); SHA512_SCR(69); SHA512_SCR(70); SHA512_SCR(71);
SHA512_SCR(72); SHA512_SCR(73); SHA512_SCR(74); SHA512_SCR(75);
SHA512_SCR(76); SHA512_SCR(77); SHA512_SCR(78); SHA512_SCR(79);
wv[0] = ctx->h[0]; wv[1] = ctx->h[1];
wv[2] = ctx->h[2]; wv[3] = ctx->h[3];
wv[4] = ctx->h[4]; wv[5] = ctx->h[5];
wv[6] = ctx->h[6]; wv[7] = ctx->h[7];
j = 0;
do {
SHA512_EXP(0,1,2,3,4,5,6,7,j); j++;
SHA512_EXP(7,0,1,2,3,4,5,6,j); j++;
SHA512_EXP(6,7,0,1,2,3,4,5,j); j++;
SHA512_EXP(5,6,7,0,1,2,3,4,j); j++;
SHA512_EXP(4,5,6,7,0,1,2,3,j); j++;
SHA512_EXP(3,4,5,6,7,0,1,2,j); j++;
SHA512_EXP(2,3,4,5,6,7,0,1,j); j++;
SHA512_EXP(1,2,3,4,5,6,7,0,j); j++;
} while (j < 80);
ctx->h[0] += wv[0]; ctx->h[1] += wv[1];
ctx->h[2] += wv[2]; ctx->h[3] += wv[3];
ctx->h[4] += wv[4]; ctx->h[5] += wv[5];
ctx->h[6] += wv[6]; ctx->h[7] += wv[7];
#else
for (j = 0; j < 16; j++) {
PACK64(&sub_block[j << 3], &w[j]);
}
for (j = 16; j < 80; j++) {
SHA512_SCR(j);
}
for (j = 0; j < 8; j++) {
wv[j] = ctx->h[j];
}
for (j = 0; j < 80; j++) {
t1 = wv[7] + SHA512_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
+ sha512_k[j] + w[j];
t2 = SHA512_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
wv[7] = wv[6];
wv[6] = wv[5];
wv[5] = wv[4];
wv[4] = wv[3] + t1;
wv[3] = wv[2];
wv[2] = wv[1];
wv[1] = wv[0];
wv[0] = t1 + t2;
}
for (j = 0; j < 8; j++)
ctx->h[j] += wv[j];
#endif /* UNROLL_LOOPS_SHA512 */
}
}
void SHA512_update(VB_SHA512_CTX* ctx, const uint8_t* data,
uint32_t len) {
unsigned int block_nb;
unsigned int new_len, rem_len, tmp_len;
const uint8_t* shifted_data;
tmp_len = SHA512_BLOCK_SIZE - ctx->len;
rem_len = len < tmp_len ? len : tmp_len;
Memcpy(&ctx->block[ctx->len], data, rem_len);
if (ctx->len + len < SHA512_BLOCK_SIZE) {
ctx->len += len;
return;
}
new_len = len - rem_len;
block_nb = new_len / SHA512_BLOCK_SIZE;
shifted_data = data + rem_len;
SHA512_transform(ctx, ctx->block, 1);
SHA512_transform(ctx, shifted_data, block_nb);
rem_len = new_len % SHA512_BLOCK_SIZE;
Memcpy(ctx->block, &shifted_data[block_nb << 7],
rem_len);
ctx->len = rem_len;
ctx->tot_len += (block_nb + 1) << 7;
}
uint8_t* SHA512_final(VB_SHA512_CTX* ctx)
{
unsigned int block_nb;
unsigned int pm_len;
unsigned int len_b;
#ifndef UNROLL_LOOPS_SHA512
int i;
#endif
block_nb = 1 + ((SHA512_BLOCK_SIZE - 17)
< (ctx->len % SHA512_BLOCK_SIZE));
len_b = (ctx->tot_len + ctx->len) << 3;
pm_len = block_nb << 7;
Memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
ctx->block[ctx->len] = 0x80;
UNPACK32(len_b, ctx->block + pm_len - 4);
SHA512_transform(ctx, ctx->block, block_nb);
#ifdef UNROLL_LOOPS_SHA512
UNPACK64(ctx->h[0], &ctx->buf[ 0]);
UNPACK64(ctx->h[1], &ctx->buf[ 8]);
UNPACK64(ctx->h[2], &ctx->buf[16]);
UNPACK64(ctx->h[3], &ctx->buf[24]);
UNPACK64(ctx->h[4], &ctx->buf[32]);
UNPACK64(ctx->h[5], &ctx->buf[40]);
UNPACK64(ctx->h[6], &ctx->buf[48]);
UNPACK64(ctx->h[7], &ctx->buf[56]);
#else
for (i = 0 ; i < 8; i++)
UNPACK64(ctx->h[i], &ctx->buf[i << 3]);
#endif /* UNROLL_LOOPS_SHA512 */
return ctx->buf;
}
uint8_t* internal_SHA512(const uint8_t* data, uint64_t len, uint8_t* digest) {
const uint8_t* input_ptr;
const uint8_t* result;
uint64_t remaining_len;
int i;
VB_SHA512_CTX ctx;
SHA512_init(&ctx);
input_ptr = data;
remaining_len = len;
/* Process data in at most UINT32_MAX byte chunks at a time. */
while (remaining_len) {
uint32_t block_size;
block_size = (uint32_t) ((remaining_len >= UINT32_MAX) ?
UINT32_MAX : remaining_len);
SHA512_update(&ctx, input_ptr, block_size);
remaining_len -= block_size;
input_ptr += block_size;
}
result = SHA512_final(&ctx);
for (i = 0; i < SHA512_DIGEST_SIZE; ++i) {
digest[i] = *result++;
}
return digest;
}

118
firmware/lib/cryptolib/sha_utility.c
View File

@@ -1,118 +0,0 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Utility functions for message digest functions.
*/
#include "sysincludes.h"
#include "cryptolib.h"
#include "utility.h"
#include "vboot_api.h"
void DigestInit(DigestContext* ctx, int sig_algorithm) {
ctx->algorithm = hash_type_map[sig_algorithm];
switch(ctx->algorithm) {
#ifndef CHROMEOS_EC
case SHA1_DIGEST_ALGORITHM:
ctx->sha1_ctx = (SHA1_CTX*) VbExMalloc(sizeof(SHA1_CTX));
SHA1_init(ctx->sha1_ctx);
break;
#endif
case SHA256_DIGEST_ALGORITHM:
ctx->sha256_ctx = (VB_SHA256_CTX*) VbExMalloc(sizeof(VB_SHA256_CTX));
SHA256_init(ctx->sha256_ctx);
break;
#ifndef CHROMEOS_EC
case SHA512_DIGEST_ALGORITHM:
ctx->sha512_ctx = (VB_SHA512_CTX*) VbExMalloc(sizeof(VB_SHA512_CTX));
SHA512_init(ctx->sha512_ctx);
break;
#endif
};
}
void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint32_t len) {
switch(ctx->algorithm) {
#ifndef CHROMEOS_EC
case SHA1_DIGEST_ALGORITHM:
SHA1_update(ctx->sha1_ctx, data, len);
break;
#endif
case SHA256_DIGEST_ALGORITHM:
SHA256_update(ctx->sha256_ctx, data, len);
break;
#ifndef CHROMEOS_EC
case SHA512_DIGEST_ALGORITHM:
SHA512_update(ctx->sha512_ctx, data, len);
break;
#endif
};
}
uint8_t* DigestFinal(DigestContext* ctx) {
uint8_t* digest = NULL;
switch(ctx->algorithm) {
#ifndef CHROMEOS_EC
case SHA1_DIGEST_ALGORITHM:
digest = (uint8_t*) VbExMalloc(SHA1_DIGEST_SIZE);
Memcpy(digest, SHA1_final(ctx->sha1_ctx), SHA1_DIGEST_SIZE);
VbExFree(ctx->sha1_ctx);
break;
#endif
case SHA256_DIGEST_ALGORITHM:
digest = (uint8_t*) VbExMalloc(SHA256_DIGEST_SIZE);
Memcpy(digest, SHA256_final(ctx->sha256_ctx), SHA256_DIGEST_SIZE);
VbExFree(ctx->sha256_ctx);
break;
#ifndef CHROMEOS_EC
case SHA512_DIGEST_ALGORITHM:
digest = (uint8_t*) VbExMalloc(SHA512_DIGEST_SIZE);
Memcpy(digest, SHA512_final(ctx->sha512_ctx), SHA512_DIGEST_SIZE);
VbExFree(ctx->sha512_ctx);
break;
#endif
};
return digest;
}
uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm) {
/* Allocate enough space for the largest digest */
uint8_t* digest = (uint8_t*) VbExMalloc(SHA512_DIGEST_SIZE);
/* Define an array mapping [sig_algorithm] to function pointers to the
* SHA{1|256|512} functions.
*/
typedef uint8_t* (*Hash_ptr) (const uint8_t*, uint64_t, uint8_t*);
Hash_ptr hash[] = {
#ifdef CHROMEOS_EC
0, /* RSA 1024 */
0,
0,
0, /* RSA 2048 */
0,
0,
0, /* RSA 4096 */
internal_SHA256,
0,
0, /* RSA 8192 */
0,
0,
#else
internal_SHA1, /* RSA 1024 */
internal_SHA256,
internal_SHA512,
internal_SHA1, /* RSA 2048 */
internal_SHA256,
internal_SHA512,
internal_SHA1, /* RSA 4096 */
internal_SHA256,
internal_SHA512,
internal_SHA1, /* RSA 8192 */
internal_SHA256,
internal_SHA512,
#endif
};
/* Call the appropriate hash function. */
return hash[sig_algorithm](buf, len, digest);
}

4
firmware/lib/include/vboot_common.h
View File

@@ -106,8 +106,8 @@ int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig,
const RSAPublicKey *key);
/**
* Verify a secure hash digest from DigestBuf() or DigestFinal(), using
* [key]. Returns 0 on success.
* Verify a secure hash digest from vb2_digest_buffer() or
* vb2_digest_finalize(), using [key]. Returns 0 on success.
*/
int VerifyDigest(const uint8_t *digest, const VbSignature *sig,
const RSAPublicKey *key);

22
firmware/lib/vboot_common.c
View File

@@ -7,7 +7,10 @@
*/
#include "sysincludes.h"
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "vboot_api.h"
#include "vboot_common.h"
#include "utility.h"
@@ -219,7 +222,7 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
*/
if (hash_only) {
/* Check hash */
uint8_t *header_checksum = NULL;
uint8_t header_checksum[VB2_SHA512_DIGEST_SIZE];
int rv;
sig = &block->key_block_checksum;
@@ -228,7 +231,7 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
VBDEBUG(("Key block hash off end of block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
if (sig->sig_size != SHA512_DIGEST_SIZE) {
if (sig->sig_size != VB2_SHA512_DIGEST_SIZE) {
VBDEBUG(("Wrong hash size for key block.\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
@@ -240,12 +243,15 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
}
VBDEBUG(("Checking key block hash only...\n"));
header_checksum = DigestBuf((const uint8_t *)block,
sig->data_size,
SHA512_DIGEST_ALGORITHM);
rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig),
SHA512_DIGEST_SIZE);
VbExFree(header_checksum);
rv = vb2_digest_buffer((const uint8_t *)block,
sig->data_size,
VB2_HASH_SHA512,
header_checksum,
sizeof(header_checksum));
if (!rv)
rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig),
sizeof(header_checksum));
if (rv) {
VBDEBUG(("Invalid key block hash.\n"));
return VBOOT_KEY_BLOCK_HASH;

12
firmware/lib/vboot_display.c
View File

@@ -6,7 +6,10 @@
*/
#include "sysincludes.h"
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "bmpblk_font.h"
#include "gbb_access.h"
#include "gbb_header.h"
@@ -379,14 +382,15 @@ static void FillInSha1Sum(char *outbuf, VbPublicKey *key)
{
uint8_t *buf = ((uint8_t *)key) + key->key_offset;
uint64_t buflen = key->key_size;
uint8_t *digest = DigestBuf(buf, buflen, SHA1_DIGEST_ALGORITHM);
uint8_t digest[VB2_SHA1_DIGEST_SIZE];
int i;
for (i = 0; i < SHA1_DIGEST_SIZE; i++) {
vb2_digest_buffer(buf, buflen, VB2_HASH_SHA1, digest, sizeof(digest));
for (i = 0; i < sizeof(digest); i++) {
Uint8ToString(outbuf, digest[i]);
outbuf += 2;
}
*outbuf = '\0';
VbExFree(digest);
}
const char *RecoveryReasonString(uint8_t code)
@@ -549,7 +553,7 @@ VbError_t VbDisplayDebugInfo(VbCommonParams *cparams, VbNvContext *vncptr)
(VbSharedDataHeader *)cparams->shared_data_blob;
GoogleBinaryBlockHeader *gbb = cparams->gbb;
char buf[DEBUG_INFO_SIZE] = "";
char sha1sum[SHA1_DIGEST_SIZE * 2 + 1];
char sha1sum[VB2_SHA1_DIGEST_SIZE * 2 + 1];
char hwid[256];
uint32_t used = 0;
VbPublicKey *key;

18
firmware/lib/vboot_firmware.c
View File

@@ -7,7 +7,10 @@
*/
#include "sysincludes.h"
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "region.h"
#include "gbb_access.h"
#include "gbb_header.h"
@@ -24,7 +27,7 @@
* struct back to us.
*/
typedef struct VbLoadFirmwareInternal {
DigestContext body_digest_context;
struct vb2_digest_context body_digest_context;
uint32_t body_size_accum;
} VbLoadFirmwareInternal;
@@ -34,7 +37,7 @@ void VbUpdateFirmwareBodyHash(VbCommonParams *cparams, uint8_t *data,
VbLoadFirmwareInternal *lfi =
(VbLoadFirmwareInternal*)cparams->vboot_context;
DigestUpdate(&lfi->body_digest_context, data, size);
vb2_digest_extend(&lfi->body_digest_context, data, size);
lfi->body_size_accum += size;
}
@@ -96,7 +99,6 @@ int LoadFirmware(VbCommonParams *cparams, VbSelectFirmwareParams *fparams,
RSAPublicKey *data_key;
uint64_t key_version;
uint32_t combined_version;
uint8_t *body_digest;
uint8_t *check_result;
/* If try B count is non-zero try firmware B first */
@@ -230,8 +232,8 @@ int LoadFirmware(VbCommonParams *cparams, VbSelectFirmwareParams *fparams,
VbError_t rv;
/* Read the firmware data */
DigestInit(&lfi->body_digest_context,
data_key->algorithm);
vb2_digest_init(&lfi->body_digest_context,
vb2_crypto_to_hash(data_key->algorithm));
lfi->body_size_accum = 0;
rv = VbExHashFirmwareBody(
cparams,
@@ -255,17 +257,17 @@ int LoadFirmware(VbCommonParams *cparams, VbSelectFirmwareParams *fparams,
}
/* Verify firmware data */
body_digest = DigestFinal(&lfi->body_digest_context);
uint8_t body_digest[VB2_MAX_DIGEST_SIZE];
vb2_digest_finalize(&lfi->body_digest_context,
body_digest, sizeof(body_digest));
if (0 != VerifyDigest(body_digest,
&preamble->body_signature,
data_key)) {
VBDEBUG(("FW body verification failed.\n"));
*check_result = VBSD_LF_CHECK_VERIFY_BODY;
RSAPublicKeyFree(data_key);
VbExFree(body_digest);
continue;
}
VbExFree(body_digest);
}
/* Done with the data key, so can free it now */

16
firmware/lib/vboot_kernel.c
View File

@@ -8,6 +8,8 @@
#include "sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cgptlib.h"
#include "cgptlib_internal.h"
#include "region.h"
@@ -281,29 +283,27 @@ VbError_t LoadKernel(LoadKernelParams *params, VbCommonParams *cparams)
VbPublicKey *key = &key_block->data_key;
uint8_t *buf = ((uint8_t *)key) + key->key_offset;
uint64_t buflen = key->key_size;
uint8_t *digest;
uint8_t digest[VB2_SHA256_DIGEST_SIZE];
VBDEBUG(("Checking developer key hash.\n"));
digest = DigestBuf(buf, buflen,
SHA256_DIGEST_ALGORITHM);
vb2_digest_buffer(buf, buflen, VB2_HASH_SHA256,
digest, sizeof(digest));
if (0 != SafeMemcmp(digest, params->fwmp->dev_key_hash,
SHA256_DIGEST_SIZE)) {
VB2_SHA256_DIGEST_SIZE)) {
int i;
VBDEBUG(("Wrong developer key hash.\n"));
VBDEBUG(("Want: "));
for (i = 0; i < SHA256_DIGEST_SIZE; i++)
for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++)
VBDEBUG(("%02x",
params->fwmp->dev_key_hash[i]));
VBDEBUG(("\nGot: "));
for (i = 0; i < SHA256_DIGEST_SIZE; i++)
for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++)
VBDEBUG(("%02x", digest[i]));
VBDEBUG(("\n"));
VbExFree(digest);
goto bad_kernel;
}
VbExFree(digest);
}
/* Get key for preamble/data verification from the key block. */

7
futility/cmd_create.c
View File

@@ -13,6 +13,7 @@
#include "2common.h"
#include "2id.h"
#include "2rsa.h"
#include "2sha.h"
#include "util_misc.h"
#include "vb2_common.h"
#include "vb2_struct.h"
@@ -254,10 +255,8 @@ static int vb2_make_keypair()
/* Update the IDs */
if (!force_id) {
uint8_t *digest = DigestBuf(keyb_data, keyb_size,
SHA1_DIGEST_ALGORITHM);
memcpy(&opt_id, digest, sizeof(opt_id));
free(digest);
vb2_digest_buffer(keyb_data, keyb_size, VB2_HASH_SHA1,
opt_id.raw, sizeof(opt_id.raw));
}
memcpy((struct vb2_id *)pubkey->id, &opt_id, sizeof(opt_id));

28
futility/cmd_pcr.c
View File

@@ -10,6 +10,9 @@
#include <stdio.h>
#include <string.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "futility.h"
static const char usage[] = "\n"
@@ -105,13 +108,12 @@ static const struct option long_opts[] = {
};
static int do_pcr(int argc, char *argv[])
{
uint8_t accum[SHA256_DIGEST_SIZE * 2];
uint8_t pcr[SHA256_DIGEST_SIZE];
int digest_alg = SHA1_DIGEST_ALGORITHM;
int digest_size = SHA1_DIGEST_SIZE;
uint8_t accum[VB2_MAX_DIGEST_SIZE * 2];
uint8_t pcr[VB2_MAX_DIGEST_SIZE];
int digest_alg = VB2_HASH_SHA1;
int digest_size;
int opt_init = 0;
int errorcnt = 0;
uint8_t *digest;
int i;
opterr = 0; /* quiet, you */
@@ -121,8 +123,7 @@ static int do_pcr(int argc, char *argv[])
opt_init = 1;
break;
case '2':
digest_alg = SHA256_DIGEST_ALGORITHM;
digest_size = SHA256_DIGEST_SIZE;
digest_alg = VB2_HASH_SHA256;
break;
case OPT_HELP:
print_help(argc, argv);
@@ -157,6 +158,12 @@ static int do_pcr(int argc, char *argv[])
memset(pcr, 0, sizeof(pcr));
digest_size = vb2_digest_size(digest_alg);
if (!digest_size) {
fprintf(stderr, "Error determining digest size!\n");
return 1;
}
if (opt_init) {
parse_digest_or_die(pcr, digest_size, argv[optind]);
optind++;
@@ -174,13 +181,12 @@ static int do_pcr(int argc, char *argv[])
print_digest(accum + digest_size, digest_size);
printf("\n");
digest = DigestBuf(accum, digest_size * 2, digest_alg);
if (!digest) {
if (VB2_SUCCESS != vb2_digest_buffer(accum, digest_size * 2,
digest_alg,
pcr, digest_size)) {
fprintf(stderr, "Error computing digest!\n");
return 1;
}
memcpy(pcr, digest, digest_size);
free(digest);
printf("PCR: ");
print_digest(pcr, digest_size);

10
futility/file_type_usbpd1.c
View File

@@ -21,6 +21,7 @@
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "2rsa.h"
#include "file_type.h"
#include "futility.h"
@@ -339,7 +340,7 @@ static void show_usbpd1_stuff(const char *name,
{
struct vb2_public_key key;
struct vb2_packed_key *pkey;
uint8_t *sha1sum;
uint8_t sha1sum[VB2_SHA1_DIGEST_SIZE];
int i;
vb2_pubkey_from_usbpd1(&key, sig_alg, hash_alg,
@@ -348,19 +349,18 @@ static void show_usbpd1_stuff(const char *name,
if (vb2_public_key_pack(&pkey, &key))
return;
sha1sum = DigestBuf((uint8_t *)pkey + pkey->key_offset,
pkey->key_size, SHA1_DIGEST_ALGORITHM);
vb2_digest_buffer((uint8_t *)pkey + pkey->key_offset, pkey->key_size,
VB2_HASH_SHA1, sha1sum, sizeof(sha1sum));
printf("USB-PD v1 image: %s\n", name);
printf(" Algorithm: %s %s\n",
vb2_lookup_by_num(vb2_text_vs_sig, sig_alg)->name,
vb2_lookup_by_num(vb2_text_vs_hash, hash_alg)->name);
printf(" Key sha1sum: ");
for (i = 0; i < SHA1_DIGEST_SIZE; i++)
for (i = 0; i < VB2_SHA1_DIGEST_SIZE; i++)
printf("%02x", sha1sum[i]);
printf("\n");
free(sha1sum);
free(pkey);
}

25
futility/misc.c
View File

@@ -20,6 +20,10 @@
#include <sys/wait.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cgptlib_internal.h"
#include "file_type.h"
#include "futility.h"
@@ -142,19 +146,19 @@ int print_hwid_digest(GoogleBinaryBlockHeader *gbb,
uint8_t *buf = (uint8_t *)gbb;
char *hwid_str = (char *)(buf + gbb->hwid_offset);
int is_valid = 0;
uint8_t *digest = DigestBuf(buf + gbb->hwid_offset,
strlen(hwid_str),
SHA256_DIGEST_ALGORITHM);
if (digest) {
uint8_t digest[VB2_SHA256_DIGEST_SIZE];
if (VB2_SUCCESS == vb2_digest_buffer(buf + gbb->hwid_offset,
strlen(hwid_str), VB2_HASH_SHA256,
digest, sizeof(digest))) {
int i;
is_valid = 1;
/* print it, comparing as we go */
for (i = 0; i < SHA256_DIGEST_SIZE; i++) {
for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++) {
printf("%02x", gbb->hwid_digest[i]);
if (gbb->hwid_digest[i] != digest[i])
is_valid = 0;
}
free(digest);
}
printf(" %s", is_valid ? "valid" : "<invalid>");
@@ -171,11 +175,10 @@ void update_hwid_digest(GoogleBinaryBlockHeader *gbb)
uint8_t *buf = (uint8_t *)gbb;
char *hwid_str = (char *)(buf + gbb->hwid_offset);
uint8_t *digest = DigestBuf(buf + gbb->hwid_offset,
strlen(hwid_str),
SHA256_DIGEST_ALGORITHM);
memcpy(gbb->hwid_digest, digest, SHA256_DIGEST_SIZE);
free(digest);
vb2_digest_buffer(buf + gbb->hwid_offset, strlen(hwid_str),
VB2_HASH_SHA256,
gbb->hwid_digest, sizeof(gbb->hwid_digest));
}
/*

20
futility/ryu_root_header.c
View File

@@ -15,7 +15,9 @@
#include <sys/types.h>
#include <unistd.h>
#include "2struct.h"
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "futility.h"
#include "gbb_header.h"
@@ -100,9 +102,11 @@ static void calculate_root_key_hash(uint8_t *digest, size_t digest_size,
{
const uint8_t *gbb_base = (const uint8_t *)gbb;
internal_SHA256(gbb_base + gbb->rootkey_offset,
gbb->rootkey_size,
digest);
vb2_digest_buffer(gbb_base + gbb->rootkey_offset,
gbb->rootkey_size,
VB2_HASH_SHA256,
digest,
digest_size);
}
int fill_ryu_root_header(uint8_t *ptr, size_t size,
@@ -130,7 +134,7 @@ int fill_ryu_root_header(uint8_t *ptr, size_t size,
int verify_ryu_root_header(uint8_t *ptr, size_t size,
const GoogleBinaryBlockHeader *gbb)
{
uint8_t digest[SHA256_DIGEST_SIZE] = {0};
uint8_t digest[VB2_SHA256_DIGEST_SIZE] = {0};
struct vb2_ryu_root_key_hash *hash;
@@ -145,8 +149,7 @@ int verify_ryu_root_header(uint8_t *ptr, size_t size,
}
/* Check for all 0's, which means hash hasn't been set */
if (0 == memcmp(digest, hash->root_key_hash_digest,
SHA256_DIGEST_SIZE)) {
if (0 == memcmp(digest, hash->root_key_hash_digest, sizeof(digest))) {
printf(" - ryu root hash is unset\n");
return 0;
}
@@ -154,8 +157,7 @@ int verify_ryu_root_header(uint8_t *ptr, size_t size,
/* Update the hash stored in the header based on the root key */
calculate_root_key_hash(digest, sizeof(digest), gbb);
if (0 == memcmp(digest, hash->root_key_hash_digest,
SHA256_DIGEST_SIZE)) {
if (0 == memcmp(digest, hash->root_key_hash_digest, sizeof(digest))) {
printf(" - ryu root hash verified\n");
return 0;
} else {

52
futility/vb2_helper.c
View File

@@ -11,6 +11,7 @@
#include "2common.h"
#include "2id.h"
#include "2rsa.h"
#include "2sha.h"
#include "util_misc.h"
#include "vb2_common.h"
#include "vb2_struct.h"
@@ -75,34 +76,31 @@ static inline void vb2_print_bytes(const void *ptr, uint32_t len)
printf("%02x", *buf++);
}
static uint8_t *vb2_public_key_sha1sum(struct vb2_public_key *key)
static int vb2_public_key_sha1sum(struct vb2_public_key *key, uint8_t *digest)
{
struct vb2_packed_key *pkey;
uint8_t *digest;
if (vb2_public_key_pack(&pkey, key))
return 0;
digest = DigestBuf((uint8_t *)pkey + pkey->key_offset,
pkey->key_size, SHA1_DIGEST_ALGORITHM);
free(pkey);
vb2_digest_buffer((uint8_t *)pkey + pkey->key_offset, pkey->key_size,
VB2_HASH_SHA1, digest, VB2_SHA1_DIGEST_SIZE);
return digest;
free(pkey);
return 1;
}
int ft_show_vb2_pubkey(const char *name, uint8_t *buf, uint32_t len, void *data)
{
struct vb2_public_key key;
const struct vb2_text_vs_enum *entry;
uint8_t *sha1sum;
uint8_t sha1sum[VB2_SHA1_DIGEST_SIZE];
/* The key's members will point into the state buffer after this. Don't
* free anything. */
if (VB2_SUCCESS != vb2_unpack_key(&key, buf, len))
return 1;
sha1sum = vb2_public_key_sha1sum(&key);
printf("Public Key file: %s\n", name);
printf(" Vboot API: 2.1\n");
printf(" Desc: \"%s\"\n", key.desc);
@@ -116,27 +114,28 @@ int ft_show_vb2_pubkey(const char *name, uint8_t *buf, uint32_t len, void *data)
printf(" ID: ");
vb2_print_bytes(key.id, sizeof(*key.id));
printf("\n");
if (sha1sum && memcmp(key.id, sha1sum, sizeof(*key.id))) {
if (vb2_public_key_sha1sum(&key, sha1sum) &&
memcmp(key.id, sha1sum, sizeof(*key.id))) {
printf(" Key sha1sum: ");
vb2_print_bytes(sha1sum, SHA1_DIGEST_SIZE);
vb2_print_bytes(sha1sum, sizeof(sha1sum));
printf("\n");
}
free(sha1sum);
return 0;
}
static uint8_t *vb2_private_key_sha1sum(struct vb2_private_key *key)
static int vb2_private_key_sha1sum(struct vb2_private_key *key, uint8_t *digest)
{
uint8_t *buf, *digest;
uint8_t *buf;
uint32_t buflen;
if (vb_keyb_from_rsa(key->rsa_private_key, &buf, &buflen))
return 0;
digest = DigestBuf(buf, buflen, SHA1_DIGEST_ALGORITHM);
free(buf);
vb2_digest_buffer(buf, buflen, VB2_HASH_SHA1, digest,
VB2_SHA1_DIGEST_SIZE);
return digest;
free(buf);
return 1;
}
int ft_show_vb2_privkey(const char *name, uint8_t *buf, uint32_t len,
@@ -144,13 +143,11 @@ int ft_show_vb2_privkey(const char *name, uint8_t *buf, uint32_t len,
{
struct vb2_private_key *key = 0;
const struct vb2_text_vs_enum *entry;
uint8_t *sha1sum;
uint8_t sha1sum[VB2_SHA1_DIGEST_SIZE];
if (VB2_SUCCESS != vb2_private_key_unpack(&key, buf, len))
return 1;
sha1sum = vb2_private_key_sha1sum(key);
printf("Private key file: %s\n", name);
printf(" Vboot API: 2.1\n");
printf(" Desc: \"%s\"\n", key->desc ? key->desc : "");
@@ -163,12 +160,12 @@ int ft_show_vb2_privkey(const char *name, uint8_t *buf, uint32_t len,
printf(" ID: ");
vb2_print_bytes(&key->id, sizeof(key->id));
printf("\n");
if (sha1sum && memcmp(&key->id, sha1sum, sizeof(key->id))) {
if (vb2_private_key_sha1sum(key, sha1sum) &&
memcmp(&key->id, sha1sum, sizeof(key->id))) {
printf(" Key sha1sum: ");
vb2_print_bytes(sha1sum, SHA1_DIGEST_SIZE);
vb2_print_bytes(sha1sum, sizeof(sha1sum));
printf("\n");
}
free(sha1sum);
vb2_private_key_free(key);
return 0;
}
@@ -213,7 +210,8 @@ enum futil_file_type ft_recognize_pem(uint8_t *buf, uint32_t len)
int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
{
RSA *rsa_key;
uint8_t *keyb, *digest;
uint8_t *keyb;
uint8_t digest[VB2_SHA1_DIGEST_SIZE];
uint32_t keyb_len;
int i, bits;
@@ -236,12 +234,12 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
}
printf(" Key sha1sum: ");
digest = DigestBuf(keyb, keyb_len, SHA1_DIGEST_ALGORITHM);
for (i = 0; i < SHA1_DIGEST_SIZE; i++)
vb2_digest_buffer(keyb, keyb_len, VB2_HASH_SHA1,
digest, sizeof(digest));
for (i = 0; i < sizeof(digest); i++)
printf("%02x", digest[i]);
printf("\n");
free(digest);
free(keyb);
RSA_free(rsa_key);
return 0;

39
host/lib/file_keys.c
View File

@@ -13,6 +13,10 @@
#include <sys/types.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "file_keys.h"
#include "host_common.h"
@@ -59,23 +63,22 @@ RSAPublicKey* RSAPublicKeyFromFile(const char* input_file) {
return key;
}
uint8_t* DigestFile(char* input_file, int sig_algorithm) {
int input_fd, len;
uint8_t data[SHA1_BLOCK_SIZE];
uint8_t* digest = NULL;
DigestContext ctx;
int DigestFile(char *input_file, enum vb2_hash_algorithm alg,
uint8_t *digest, uint32_t digest_size) {
int input_fd, len;
uint8_t data[VB2_SHA1_BLOCK_SIZE];
struct vb2_digest_context ctx;
if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
VBDEBUG(("Couldn't open %s\n", input_file));
return NULL;
}
DigestInit(&ctx, sig_algorithm);
while ( (len = read(input_fd, data, SHA1_BLOCK_SIZE)) ==
SHA1_BLOCK_SIZE)
DigestUpdate(&ctx, data, len);
if (len != -1)
DigestUpdate(&ctx, data, len);
digest = DigestFinal(&ctx);
close(input_fd);
return digest;
if( (input_fd = open(input_file, O_RDONLY)) == -1 ) {
VBDEBUG(("Couldn't open %s\n", input_file));
return VB2_ERROR_UNKNOWN;
}
vb2_digest_init(&ctx, alg);
while ((len = read(input_fd, data, sizeof(data))) == sizeof(data))
vb2_digest_extend(&ctx, data, len);
if (len != -1)
vb2_digest_extend(&ctx, data, len);
close(input_fd);
return vb2_digest_finalize(&ctx, digest, digest_size);
}

15
host/lib/host_keyblock.c
View File

@@ -5,7 +5,10 @@
* Host functions for verified boot.
*/
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "host_common.h"
#include "host_keyblock.h"
@@ -18,7 +21,7 @@ VbKeyBlockHeader* KeyBlockCreate(const VbPublicKey* data_key,
VbKeyBlockHeader* h;
uint64_t signed_size = sizeof(VbKeyBlockHeader) + data_key->key_size;
uint64_t block_size = (signed_size + SHA512_DIGEST_SIZE +
uint64_t block_size = (signed_size + VB2_SHA512_DIGEST_SIZE +
(signing_key ?
siglen_map[signing_key->algorithm] : 0));
uint8_t* data_key_dest;
@@ -32,7 +35,7 @@ VbKeyBlockHeader* KeyBlockCreate(const VbPublicKey* data_key,
return NULL;
data_key_dest = (uint8_t*)(h + 1);
block_chk_dest = data_key_dest + data_key->key_size;
block_sig_dest = block_chk_dest + SHA512_DIGEST_SIZE;
block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE;
Memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE);
h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR;
@@ -46,7 +49,7 @@ VbKeyBlockHeader* KeyBlockCreate(const VbPublicKey* data_key,
/* Set up signature structs so we can calculate the signatures */
SignatureInit(&h->key_block_checksum, block_chk_dest,
SHA512_DIGEST_SIZE, signed_size);
VB2_SHA512_DIGEST_SIZE, signed_size);
if (signing_key)
SignatureInit(&h->key_block_signature, block_sig_dest,
siglen_map[signing_key->algorithm], signed_size);
@@ -79,7 +82,7 @@ VbKeyBlockHeader* KeyBlockCreate_external(const VbPublicKey* data_key,
const char* external_signer) {
VbKeyBlockHeader* h;
uint64_t signed_size = sizeof(VbKeyBlockHeader) + data_key->key_size;
uint64_t block_size = (signed_size + SHA512_DIGEST_SIZE +
uint64_t block_size = (signed_size + VB2_SHA512_DIGEST_SIZE +
siglen_map[algorithm]);
uint8_t* data_key_dest;
uint8_t* block_sig_dest;
@@ -95,7 +98,7 @@ VbKeyBlockHeader* KeyBlockCreate_external(const VbPublicKey* data_key,
data_key_dest = (uint8_t*)(h + 1);
block_chk_dest = data_key_dest + data_key->key_size;
block_sig_dest = block_chk_dest + SHA512_DIGEST_SIZE;
block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE;
Memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE);
h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR;
@@ -109,7 +112,7 @@ VbKeyBlockHeader* KeyBlockCreate_external(const VbPublicKey* data_key,
/* Set up signature structs so we can calculate the signatures */
SignatureInit(&h->key_block_checksum, block_chk_dest,
SHA512_DIGEST_SIZE, signed_size);
VB2_SHA512_DIGEST_SIZE, signed_size);
SignatureInit(&h->key_block_signature, block_sig_dest,
siglen_map[algorithm], signed_size);

70
host/lib/host_signature.c
View File

@@ -15,6 +15,10 @@
#include <sys/wait.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "file_keys.h"
#include "host_common.h"
@@ -53,49 +57,46 @@ int SignatureCopy(VbSignature* dest, const VbSignature* src) {
VbSignature* CalculateChecksum(const uint8_t* data, uint64_t size) {
uint8_t* header_checksum;
uint8_t header_checksum[VB2_SHA512_DIGEST_SIZE];
VbSignature* sig;
header_checksum = DigestBuf(data, size, SHA512_DIGEST_ALGORITHM);
if (!header_checksum)
if (VB2_SUCCESS != vb2_digest_buffer(data, size, VB2_HASH_SHA512,
header_checksum,
sizeof(header_checksum)))
return NULL;
sig = SignatureAlloc(SHA512_DIGEST_SIZE, 0);
if (!sig) {
VbExFree(header_checksum);
sig = SignatureAlloc(VB2_SHA512_DIGEST_SIZE, 0);
if (!sig)
return NULL;
}
sig->sig_offset = sizeof(VbSignature);
sig->sig_size = SHA512_DIGEST_SIZE;
sig->sig_size = VB2_SHA512_DIGEST_SIZE;
sig->data_size = size;
/* Signature data immediately follows the header */
Memcpy(GetSignatureData(sig), header_checksum, SHA512_DIGEST_SIZE);
VbExFree(header_checksum);
Memcpy(GetSignatureData(sig), header_checksum, VB2_SHA512_DIGEST_SIZE);
return sig;
}
VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
const VbPrivateKey* key) {
uint8_t* digest = NULL;
int digest_size = hash_size_map[key->algorithm];
int vb2_alg = vb2_crypto_to_hash(key->algorithm);
uint8_t digest[VB2_MAX_DIGEST_SIZE];
int digest_size = vb2_digest_size(vb2_alg);
VbSignature* sig = NULL;
/* Calculate the digest */
digest = DigestBuf(data, size, key->algorithm);
if (!digest)
if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg,
digest, sizeof(digest)))
return NULL;
/* Allocate output signature */
sig = SignatureAlloc(digest_size, size);
if (!sig) {
free(digest);
if (!sig)
return NULL;
}
/* The digest itself is the signature data */
Memcpy(GetSignatureData(sig), digest, digest_size);
free(digest);
/* Return the signature */
return sig;
@@ -103,9 +104,9 @@ VbSignature* CalculateHash(const uint8_t* data, uint64_t size,
VbSignature* CalculateSignature(const uint8_t* data, uint64_t size,
const VbPrivateKey* key) {
uint8_t* digest;
int digest_size = hash_size_map[key->algorithm];
int vb2_alg = vb2_crypto_to_hash(key->algorithm);
uint8_t digest[VB2_MAX_DIGEST_SIZE];
int digest_size = vb2_digest_size(vb2_alg);
const uint8_t* digestinfo = hash_digestinfo_map[key->algorithm];
int digestinfo_size = digestinfo_size_map[key->algorithm];
@@ -117,20 +118,17 @@ VbSignature* CalculateSignature(const uint8_t* data, uint64_t size,
int rv;
/* Calculate the digest */
/* TODO: rename param 3 of DigestBuf to hash_type */
digest = DigestBuf(data, size, hash_type_map[key->algorithm]);
if (!digest)
if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg,
digest, sizeof(digest)))
return NULL;
/* Prepend the digest info to the digest */
signature_digest = malloc(signature_digest_len);
if (!signature_digest) {
VbExFree(digest);
if (!signature_digest)
return NULL;
}
Memcpy(signature_digest, digestinfo, digestinfo_size);
Memcpy(signature_digest + digestinfo_size, digest, digest_size);
VbExFree(digest);
/* Allocate output signature */
sig = SignatureAlloc(siglen_map[key->algorithm], size);
@@ -249,8 +247,9 @@ VbSignature* CalculateSignature_external(const uint8_t* data, uint64_t size,
const char* key_file,
uint64_t key_algorithm,
const char* external_signer) {
uint8_t* digest;
uint64_t digest_size = hash_size_map[key_algorithm];
int vb2_alg = vb2_crypto_to_hash(key_algorithm);
uint8_t digest[VB2_MAX_DIGEST_SIZE];
int digest_size = vb2_digest_size(vb2_alg);
const uint8_t* digestinfo = hash_digestinfo_map[key_algorithm];
uint64_t digestinfo_size = digestinfo_size_map[key_algorithm];
@@ -262,20 +261,17 @@ VbSignature* CalculateSignature_external(const uint8_t* data, uint64_t size,
int rv;
/* Calculate the digest */
/* TODO: rename param 3 of DigestBuf to hash_type */
digest = DigestBuf(data, size, hash_type_map[key_algorithm]);
if (!digest)
if (VB2_SUCCESS != vb2_digest_buffer(data, size, vb2_alg,
digest, sizeof(digest)))
return NULL;
/* Prepend the digest info to the digest */
signature_digest = malloc(signature_digest_len);
if (!signature_digest) {
free(digest);
if (!signature_digest)
return NULL;
}
Memcpy(signature_digest, digestinfo, digestinfo_size);
Memcpy(signature_digest + digestinfo_size, digest, digest_size);
free(digest);
/* Allocate output signature */
sig = SignatureAlloc(siglen_map[key_algorithm], size);

10
host/lib/include/file_keys.h
View File

@@ -9,6 +9,7 @@
#define VBOOT_REFERENCE_FILE_KEYS_H_
#include "cryptolib.h"
#include "2sha.h"
/* Read file named [input_file] into a buffer and stores the length into
* [len].
@@ -25,10 +26,11 @@ uint8_t* BufferFromFile(const char* input_file, uint64_t* len);
*/
RSAPublicKey* RSAPublicKeyFromFile(const char* input_file);
/* Returns the appropriate digest for the data in [input_file]
* based on the signature [algorithm].
* Caller owns the returned digest and must free it.
/* Calculates the appropriate digest for the data in [input_file] based on the
* hash algorithm [alg] and stores it into [digest], which is of size
* [digest_size]. Returns VB2_SUCCESS, or non-zero on error.
*/
uint8_t* DigestFile(char* input_file, int sig_algorithm);
int DigestFile(char *input_file, enum vb2_hash_algorithm alg,
uint8_t *digest, uint32_t digest_size);
#endif /* VBOOT_REFERENCE_FILE_KEYS_H_ */

18
host/lib/signature_digest.c
View File

@@ -9,13 +9,17 @@
#include <stdlib.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "host_common.h"
#include "signature_digest.h"
uint8_t* PrependDigestInfo(unsigned int algorithm, uint8_t* digest) {
const int digest_size = hash_size_map[algorithm];
const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm));
const int digestinfo_size = digestinfo_size_map[algorithm];
const uint8_t* digestinfo = hash_digestinfo_map[algorithm];
uint8_t* p = malloc(digestinfo_size + digest_size);
@@ -27,14 +31,16 @@ uint8_t* PrependDigestInfo(unsigned int algorithm, uint8_t* digest) {
uint8_t* SignatureDigest(const uint8_t* buf, uint64_t len,
unsigned int algorithm) {
uint8_t* info_digest = NULL;
uint8_t* digest = NULL;
uint8_t digest[VB2_SHA512_DIGEST_SIZE]; /* Longest digest */
if (algorithm >= kNumAlgorithms) {
VBDEBUG(("SignatureDigest() called with invalid algorithm!\n"));
} else if ((digest = DigestBuf(buf, len, algorithm))) {
} else if (VB2_SUCCESS == vb2_digest_buffer(buf, len,
vb2_crypto_to_hash(algorithm),
digest, sizeof(digest))) {
info_digest = PrependDigestInfo(algorithm, digest);
}
free(digest);
return info_digest;
}
@@ -44,8 +50,8 @@ uint8_t* SignatureBuf(const uint8_t* buf, uint64_t len, const char* key_file,
RSA* key = NULL;
uint8_t* signature = NULL;
uint8_t* signature_digest = SignatureDigest(buf, len, algorithm);
int signature_digest_len = (hash_size_map[algorithm] +
digestinfo_size_map[algorithm]);
const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm));
int signature_digest_len = (digest_size + digestinfo_size_map[algorithm]);
key_fp = fopen(key_file, "r");
if (!key_fp) {
VBDEBUG(("SignatureBuf(): Couldn't open key file: %s\n", key_file));

21
host/lib/util_misc.c
View File

@@ -13,6 +13,10 @@
#include <string.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "host_common.h"
#include "util_misc.h"
@@ -22,17 +26,20 @@ void PrintPubKeySha1Sum(VbPublicKey *key)
{
uint8_t *buf = ((uint8_t *)key) + key->key_offset;
uint64_t buflen = key->key_size;
uint8_t *digest = DigestBuf(buf, buflen, SHA1_DIGEST_ALGORITHM);
uint8_t digest[VB2_SHA1_DIGEST_SIZE];
vb2_digest_buffer(buf, buflen, VB2_HASH_SHA1, digest, sizeof(digest));
int i;
for (i = 0; i < SHA1_DIGEST_SIZE; i++)
for (i = 0; i < sizeof(digest); i++)
printf("%02x", digest[i]);
free(digest);
}
void PrintPrivKeySha1Sum(VbPrivateKey *key)
{
uint8_t *buf, *digest;
uint8_t *buf;
uint32_t buflen;
uint8_t digest[VB2_SHA1_DIGEST_SIZE];
int i;
if (vb_keyb_from_rsa(key->rsa_private_key, &buf, &buflen)) {
@@ -40,11 +47,11 @@ void PrintPrivKeySha1Sum(VbPrivateKey *key)
return;
}
digest = DigestBuf(buf, buflen, SHA1_DIGEST_ALGORITHM);
for (i = 0; i < SHA1_DIGEST_SIZE; i++)
vb2_digest_buffer(buf, buflen, VB2_HASH_SHA1, digest, sizeof(digest));
for (i = 0; i < sizeof(digest); i++)
printf("%02x", digest[i]);
free(digest);
free(buf);
}

2
host/linktest/main.c
View File

@@ -46,7 +46,7 @@ int main(void)
/* file_keys.h */
BufferFromFile(0, 0);
RSAPublicKeyFromFile(0);
DigestFile(0, 0);
DigestFile(0, 0, 0, 0);
/* signature_digest.h */
PrependDigestInfo(0, 0);

6
tests/rsa_utility_tests.c
View File

@@ -20,12 +20,6 @@
/* Data for mock functions */
static int mock_rsaverify_retval;
/* Mock functions */
uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm) {
/* Just need to return something; it's only passed to the mock RSAVerify() */
return VbExMalloc(4);
}
int RSAVerify(const RSAPublicKey *key,
const uint8_t* sig,
const uint32_t sig_len,

66
tests/sha_benchmark.c
View File

@@ -7,52 +7,42 @@
#include <stdio.h>
#include <stdlib.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "host_common.h"
#include "timer_utils.h"
#define NUM_HASH_ALGORITHMS 3
#define TEST_BUFFER_SIZE 4000000
/* Table of hash function pointers and their description. */
typedef uint8_t* (*Hashptr) (const uint8_t*, uint64_t, uint8_t*);
typedef struct HashFxTable {
Hashptr hash;
char* description;
} HashFxTable;
int main(int argc, char *argv[]) {
int i;
double speed;
uint32_t msecs;
uint8_t *buffer = malloc(TEST_BUFFER_SIZE);
uint8_t digest[VB2_MAX_DIGEST_SIZE];
ClockTimerState ct;
HashFxTable hash_functions[NUM_HASH_ALGORITHMS] = {
{internal_SHA1, "sha1"},
{internal_SHA256, "sha256"},
{internal_SHA512, "sha512"}
};
/* Iterate through all the hash functions. */
for(i = VB2_HASH_SHA1; i < VB2_HASH_ALG_COUNT; i++) {
StartTimer(&ct);
vb2_digest_buffer(buffer, TEST_BUFFER_SIZE, i,
digest, sizeof(digest));
StopTimer(&ct);
int main(int argc, char* argv[]) {
int i;
double speed;
uint32_t msecs;
uint8_t* buffer = (uint8_t*) malloc(TEST_BUFFER_SIZE);
uint8_t* digest = (uint8_t*) malloc(SHA512_DIGEST_SIZE); /* Maximum size of
* the digest. */
ClockTimerState ct;
msecs = GetDurationMsecs(&ct);
speed = ((TEST_BUFFER_SIZE / 10e6)
/ (msecs / 10e3)); /* Mbytes/sec */
/* Iterate through all the hash functions. */
for(i = 0; i < NUM_HASH_ALGORITHMS; i++) {
StartTimer(&ct);
hash_functions[i].hash(buffer, TEST_BUFFER_SIZE, digest);
StopTimer(&ct);
fprintf(stderr,
"# %s Time taken = %u ms, Speed = %f Mbytes/sec\n",
vb2_get_hash_algorithm_name(i), msecs, speed);
fprintf(stdout, "mbytes_per_sec_%s:%f\n",
vb2_get_hash_algorithm_name(i), speed);
}
msecs = GetDurationMsecs(&ct);
speed = ((TEST_BUFFER_SIZE / 10e6)
/ (msecs / 10e3)); /* Mbytes/sec */
fprintf(stderr, "# %s Time taken = %u ms, Speed = %f Mbytes/sec\n",
hash_functions[i].description, msecs, speed);
fprintf(stdout, "mbytes_per_sec_%s:%f\n",
hash_functions[i].description, speed);
}
free(digest);
free(buffer);
return 0;
free(buffer);
return 0;
}

8
tests/sha_test_vectors.h
View File

@@ -8,8 +8,6 @@
#ifndef VBOOT_REFERENCE_SHA_TEST_VECTORS_H_
#define VBOOT_REFERENCE_SHA_TEST_VECTORS_H_
#include "cryptolib.h"
char* oneblock_msg = "abc";
char* multiblock_msg1 = "abcdbcdecdefdefgefghfghighijhijkijkl"
"jklmklmnlmnomnopnopq";
@@ -18,7 +16,7 @@ char* multiblock_msg2= "abcdefghbcdefghicdefghijdefghijkefghi"
"qrsmnopqrstnopqrstu";
char* long_msg;
uint8_t sha1_results[][SHA1_DIGEST_SIZE] = {
uint8_t sha1_results[][VB2_SHA1_DIGEST_SIZE] = {
{
0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,
0xba,0x3e,0x25,0x71,0x78,0x50,0xc2,0x6c,
@@ -36,7 +34,7 @@ uint8_t sha1_results[][SHA1_DIGEST_SIZE] = {
}
};
uint8_t sha256_results[][SHA256_DIGEST_SIZE] = {
uint8_t sha256_results[][VB2_SHA256_DIGEST_SIZE] = {
{
0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
@@ -57,7 +55,7 @@ uint8_t sha256_results[][SHA256_DIGEST_SIZE] = {
}
};
uint8_t sha512_results[][SHA512_DIGEST_SIZE] = {
uint8_t sha512_results[][VB2_SHA512_DIGEST_SIZE] = {
{
0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,

17
tests/vboot_common2_tests.c
View File

@@ -10,6 +10,9 @@
#include <stdlib.h>
#include <string.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "file_keys.h"
#include "host_common.h"
@@ -82,14 +85,17 @@ static void VerifyDigestTest(const VbPublicKey *public_key,
const uint8_t test_data[] = "This is some other test data to sign.";
VbSignature *sig;
RSAPublicKey *rsa;
uint8_t *digest;
uint8_t digest[VB2_MAX_DIGEST_SIZE];
sig = CalculateSignature(test_data, sizeof(test_data), private_key);
rsa = PublicKeyToRSA(public_key);
digest = DigestBuf(test_data, sizeof(test_data),
(int)public_key->algorithm);
TEST_NEQ(sig && rsa && digest, 0, "VerifyData() prerequisites");
if (!sig || !rsa || !digest)
TEST_SUCC(vb2_digest_buffer(test_data, sizeof(test_data),
vb2_crypto_to_hash(public_key->algorithm),
digest, sizeof(digest)),
"VerifyData() digest");
TEST_NEQ(sig && rsa, 0, "VerifyData() prerequisites");
if (!sig || !rsa)
return;
TEST_EQ(VerifyDigest(digest, sig, rsa), 0, "VerifyDigest() ok");
@@ -102,7 +108,6 @@ static void VerifyDigestTest(const VbPublicKey *public_key,
RSAPublicKeyFree(rsa);
free(sig);
VbExFree(digest);
}
static void ReSignKernelPreamble(VbKernelPreambleHeader *h,

14
tests/vboot_common3_tests.c
View File

@@ -10,6 +10,9 @@
#include <stdlib.h>
#include <string.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "file_keys.h"
#include "host_common.h"
@@ -19,12 +22,11 @@
static void ReChecksumKeyBlock(VbKeyBlockHeader *h)
{
uint8_t *newchk = DigestBuf((const uint8_t *)h,
h->key_block_checksum.data_size,
SHA512_DIGEST_ALGORITHM);
Memcpy(GetSignatureData(&h->key_block_checksum), newchk,
SHA512_DIGEST_SIZE);
VbExFree(newchk);
vb2_digest_buffer((const uint8_t *)h,
h->key_block_checksum.data_size,
VB2_HASH_SHA512,
GetSignatureData(&h->key_block_checksum),
VB2_SHA512_DIGEST_SIZE);
}
static void KeyBlockVerifyTest(const VbPublicKey *public_key,

32
tests/vboot_firmware_tests.c
View File

@@ -10,6 +10,10 @@
#include <stdlib.h>
#include <string.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "gbb_header.h"
#include "host_common.h"
#include "load_firmware_fw.h"
@@ -30,7 +34,6 @@ static uint8_t gbb_data[sizeof(GoogleBinaryBlockHeader) + 2048];
static GoogleBinaryBlockHeader* gbb = (GoogleBinaryBlockHeader*)gbb_data;
static RSAPublicKey data_key;
static uint32_t digest_size;
static uint8_t* digest_returned;
static uint8_t* digest_expect_ptr;
static int hash_fw_index;
@@ -95,7 +98,6 @@ static void ResetMocks(void) {
Memset(&data_key, 0, sizeof(data_key));
digest_size = 1234;
digest_returned = NULL;
digest_expect_ptr = NULL;
hash_fw_index = -1;
}
@@ -144,18 +146,27 @@ void RSAPublicKeyFree(RSAPublicKey* key) {
data_key.len--;
}
void DigestInit(DigestContext* ctx, int sig_algorithm) {
digest_size = 0;
int vb2_digest_init(struct vb2_digest_context *dc,
enum vb2_hash_algorithm hash_alg)
{
digest_size = 0;
return VB2_SUCCESS;
}
void DigestUpdate(DigestContext* ctx, const uint8_t* data, uint32_t len) {
TEST_PTR_EQ(data, digest_expect_ptr, " Digesting expected data");
digest_size += len;
int vb2_digest_extend(struct vb2_digest_context *dc,
const uint8_t *buf,
uint32_t size)
{
TEST_PTR_EQ(buf, digest_expect_ptr, " Digesting expected data");
digest_size += size;
return VB2_SUCCESS;
}
uint8_t* DigestFinal(DigestContext* ctx) {
digest_returned = (uint8_t*)VbExMalloc(4);
return digest_returned;
int vb2_digest_finalize(struct vb2_digest_context *dc,
uint8_t *digest,
uint32_t digest_size)
{
return VB2_SUCCESS;
}
VbError_t VbExHashFirmwareBody(VbCommonParams* cparams,
@@ -185,7 +196,6 @@ VbError_t VbExHashFirmwareBody(VbCommonParams* cparams,
int VerifyDigest(const uint8_t* digest, const VbSignature *sig,
const RSAPublicKey* key) {
TEST_PTR_EQ(digest, digest_returned, "Verifying expected digest");
TEST_PTR_EQ(key, &data_key, "Verifying using data key");
TEST_PTR_EQ(sig, &mpreamble[hash_fw_index].body_signature, "Verifying sig");
/* Mocked function uses sig size as return value for verifying digest */

17
tests/vboot_kernel_tests.c
View File

@@ -10,6 +10,9 @@
#include <stdlib.h>
#include <string.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cgptlib.h"
#include "cgptlib_internal.h"
#include "crc32.h"
@@ -71,7 +74,7 @@ static GptHeader *mock_gpt_primary =
(GptHeader*)&mock_disk[MOCK_SECTOR_SIZE * 1];
static GptHeader *mock_gpt_secondary =
(GptHeader*)&mock_disk[MOCK_SECTOR_SIZE * (MOCK_SECTOR_COUNT - 1)];
static uint8_t mock_digest[SHA256_DIGEST_SIZE] = {12, 34, 56, 78};
static uint8_t mock_digest[VB2_SHA256_DIGEST_SIZE] = {12, 34, 56, 78};
/**
* Prepare a valid GPT header that will pass CheckHeader() tests
@@ -293,12 +296,14 @@ int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig,
return VBERROR_SUCCESS;
}
uint8_t* DigestBuf(const uint8_t* buf, uint64_t len, int sig_algorithm)
int vb2_digest_buffer(const uint8_t *buf,
uint32_t size,
enum vb2_hash_algorithm hash_alg,
uint8_t *digest,
uint32_t digest_size)
{
uint8_t *d = VbExMalloc(sizeof(mock_digest));
memcpy(d, mock_digest, sizeof(mock_digest));
return d;
Memcpy(digest, mock_digest, sizeof(mock_digest));
return VB2_SUCCESS;
}
/**

8
utility/pad_digest_utility.c
View File

@@ -10,6 +10,10 @@
#include <stdio.h>
#include <stdlib.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "file_keys.h"
#include "host_common.h"
#include "padding.h"
@@ -41,8 +45,8 @@ int main(int argc, char* argv[]) {
}
padded_digest = PrependDigestInfo(algorithm, digest);
padded_digest_len = (hash_size_map[algorithm] +
digestinfo_size_map[algorithm]);
const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm));
padded_digest_len = (digest_size + digestinfo_size_map[algorithm]);
if (!padded_digest)
error_code = -1;

4
utility/signature_digest_utility.c
View File

@@ -42,8 +42,8 @@ int main(int argc, char* argv[]) {
}
signature_digest = SignatureDigest(buf, len, algorithm);
signature_digest_len = (hash_size_map[algorithm] +
digestinfo_size_map[algorithm]);
const int digest_size = vb2_digest_size(vb2_crypto_to_hash(algorithm));
signature_digest_len = (digest_size + digestinfo_size_map[algorithm]);
if (!signature_digest)
error_code = -1;
if(signature_digest &&

10
utility/verify_data.c
View File

@@ -15,6 +15,10 @@
#include <sys/types.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cryptolib.h"
#include "file_keys.h"
#include "verify_data.h"
@@ -51,7 +55,7 @@ uint8_t* read_signature(char* input_file, int len) {
int main(int argc, char* argv[]) {
int i, algorithm, sig_len;
int return_code = 1; /* Default to error. */
uint8_t* digest = NULL;
uint8_t digest[VB2_MAX_DIGEST_SIZE];
uint8_t* signature = NULL;
RSAPublicKey* key = NULL;
@@ -74,7 +78,8 @@ int main(int argc, char* argv[]) {
sig_len = siglen_map[algorithm];
if ((key = RSAPublicKeyFromFile(argv[2])) &&
(signature = read_signature(argv[3], sig_len)) &&
(digest = DigestFile(argv[4], algorithm))) {
(VB2_SUCCESS == DigestFile(argv[4], vb2_crypto_to_hash(algorithm),
digest, sizeof(digest)))) {
if (RSAVerify(key, signature, sig_len, algorithm, digest)) {
return_code = 0;
fprintf(stderr, "Signature Verification "
@@ -89,7 +94,6 @@ int main(int argc, char* argv[]) {
free(key);
free(signature);
free(digest);
return return_code;
}