scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc8ec103c0d0d2a4e930153a4b19c43b51d74b5d
OpenCellular/firmware/lib21/common.c
Randall Spangler 308d254092 vboot2: Get rid of extra '2' at end of new struct names 
Now that lib20 and lib21 are distinct, they can have overlapping
struct names.  This will be cleaner in the long run, since vboot 2.0
(lib20) is just a temporary stepping stone to vboot 2.1 (lib21).  It
would be a shame to need to carry around the overhead of that extra
digit forever.

No functional changes, just a lot of renaming.

BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
     And compile firmware for veyron_pinky

Change-Id: I25f348fd31e32d08ca576836dfdd1278828765a1
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233183
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
2014-12-05 00:02:00 +00:00

445 lines
12 KiB
C
Raw Blame History

/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Signature validation functions
*/
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
#include "2sha.h"
#include "vb2_common.h"
const char *vb2_common_desc(const void *buf)
{
const struct vb2_struct_common *c = buf;
return c->desc_size ? (const char *)c + c->fixed_size : "";
}
int vb2_verify_common_header(const void *parent, uint32_t parent_size)
{
const struct vb2_struct_common *c = parent;
/* Parent buffer size must be at least the claimed total size */
if (parent_size < c->total_size)
return VB2_ERROR_COMMON_TOTAL_SIZE;
/*
* And big enough for the fixed size, which itself must be at least as
* big as the common struct header.
*/
if (c->total_size < c->fixed_size || c->fixed_size < sizeof(*c))
return VB2_ERROR_COMMON_FIXED_SIZE;
/* Make sure sizes are all multiples of 32 bits */
if (!vb2_aligned(c->total_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_TOTAL_UNALIGNED;
if (!vb2_aligned(c->fixed_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_FIXED_UNALIGNED;
if (!vb2_aligned(c->desc_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_DESC_UNALIGNED;
/* Check description */
if (c->desc_size > 0) {
/* Make sure description fits and doesn't wrap */
if (c->fixed_size + c->desc_size < c->fixed_size)
return VB2_ERROR_COMMON_DESC_WRAPS;
if (c->fixed_size + c->desc_size > c->total_size)
return VB2_ERROR_COMMON_DESC_SIZE;
/* Description must be null-terminated */
if (vb2_common_desc(c)[c->desc_size - 1] != 0)
return VB2_ERROR_COMMON_DESC_TERMINATOR;
}
return VB2_SUCCESS;
}
int vb2_verify_common_member(const void *parent,
uint32_t *min_offset,
uint32_t member_offset,
uint32_t member_size)
{
const struct vb2_struct_common *c = parent;
uint32_t member_end = member_offset + member_size;
/* Make sure member doesn't wrap */
if (member_end < member_offset)
return VB2_ERROR_COMMON_MEMBER_WRAPS;
/* Member offset and size must be 32-bit aligned */
if (!vb2_aligned(member_offset, sizeof(uint32_t)) ||
!vb2_aligned(member_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_MEMBER_UNALIGNED;
/* Initialize minimum offset if necessary */
if (!*min_offset)
*min_offset = c->fixed_size + c->desc_size;
/* Member must be after minimum offset */
if (member_offset < *min_offset)
return VB2_ERROR_COMMON_MEMBER_OVERLAP;
/* Member must end before total size */
if (member_end > c->total_size)
return VB2_ERROR_COMMON_MEMBER_SIZE;
/* Update minimum offset for subsequent checks */
*min_offset = member_end;
return VB2_SUCCESS;
}
int vb2_verify_common_subobject(const void *parent,
uint32_t *min_offset,
uint32_t member_offset)
{
const struct vb2_struct_common *p = parent;
const struct vb2_struct_common *m =
(const struct vb2_struct_common *)
((const uint8_t *)parent + member_offset);
int rv;
/*
* Verify the parent has space at the member offset for the common
* header.
*/
rv = vb2_verify_common_member(parent, min_offset, member_offset,
sizeof(*m));
if (rv)
return rv;
/*
* Now it's safe to look at the member's header, and verify any
* additional data for the object past its common header fits in the
* parent.
*/
rv = vb2_verify_common_header(m, p->total_size - member_offset);
if (rv)
return rv;
/* Advance the min offset to the end of the subobject */
*min_offset = member_offset + m->total_size;
return VB2_SUCCESS;
}
uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
enum vb2_hash_algorithm hash_alg)
{
uint32_t digest_size = vb2_digest_size(hash_alg);
/* Fail if we don't support the hash algorithm */
if (!digest_size)
return 0;
/* Handle unsigned hashes */
if (sig_alg == VB2_SIG_NONE)
return digest_size;
return vb2_rsa_sig_size(sig_alg);
}
const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg)
{
switch(hash_alg) {
#ifdef VB2_SUPPORT_SHA1
case VB2_HASH_SHA1:
{
static const struct vb2_guid guid = VB2_GUID_NONE_SHA1;
return &guid;
}
#endif
#ifdef VB2_SUPPORT_SHA256
case VB2_HASH_SHA256:
{
static const struct vb2_guid guid =
VB2_GUID_NONE_SHA256;
return &guid;
}
#endif
#ifdef VB2_SUPPORT_SHA512
case VB2_HASH_SHA512:
{
static const struct vb2_guid guid =
VB2_GUID_NONE_SHA512;
return &guid;
}
#endif
default:
return NULL;
}
}
int vb2_verify_signature(const struct vb2_signature *sig, uint32_t size)
{
uint32_t min_offset = 0;
uint32_t expect_sig_size;
int rv;
/* Check magic number */
if (sig->c.magic != VB2_MAGIC_SIGNATURE)
return VB2_ERROR_SIG_MAGIC;
/* Make sure common header is good */
rv = vb2_verify_common_header(sig, size);
if (rv)
return rv;
/*
* Check for compatible version. No need to check minor version, since
* that's compatible across readers matching the major version, and we
* haven't added any new fields.
*/
if (sig->c.struct_version_major != VB2_SIGNATURE_VERSION_MAJOR)
return VB2_ERROR_SIG_VERSION;
/* Make sure header is big enough for signature */
if (sig->c.fixed_size < sizeof(*sig))
return VB2_ERROR_SIG_HEADER_SIZE;
/* Make sure signature data is inside */
rv = vb2_verify_common_member(sig, &min_offset,
sig->sig_offset, sig->sig_size);
if (rv)
return rv;
/* Make sure signature size is correct for the algorithm */
expect_sig_size = vb2_sig_size(sig->sig_alg, sig->hash_alg);
if (!expect_sig_size)
return VB2_ERROR_SIG_ALGORITHM;
if (sig->sig_size != expect_sig_size)
return VB2_ERROR_SIG_SIZE;
return VB2_SUCCESS;
}
/**
* Return the signature data for a signature
*/
static uint8_t *vb2_signature_data(struct vb2_signature *sig)
{
return (uint8_t *)sig + sig->sig_offset;
}
int vb2_verify_digest(const struct vb2_public_key *key,
struct vb2_signature *sig,
const uint8_t *digest,
const struct vb2_workbuf *wb)
{
uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg);
/* If we can't figure out the signature size, key algorithm was bad */
if (!key_sig_size)
return VB2_ERROR_VDATA_ALGORITHM;
/* Make sure the signature and key algorithms match */
if (key->sig_alg != sig->sig_alg || key->hash_alg != sig->hash_alg)
return VB2_ERROR_VDATA_ALGORITHM_MISMATCH;
if (sig->sig_size != key_sig_size)
return VB2_ERROR_VDATA_SIG_SIZE;
if (key->sig_alg == VB2_SIG_NONE) {
/* Bare hash */
if (vb2_safe_memcmp(vb2_signature_data(sig),
digest, key_sig_size))
return VB2_ERROR_VDATA_VERIFY_DIGEST;
return VB2_SUCCESS;
} else {
/* RSA-signed digest */
return vb2_rsa_verify_digest(key,
vb2_signature_data(sig),
digest, wb);
}
}
int vb2_verify_data(const void *data,
uint32_t size,
struct vb2_signature *sig,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
struct vb2_digest_context *dc;
uint8_t *digest;
uint32_t digest_size;
int rv;
if (sig->data_size != size) {
VB2_DEBUG("Wrong amount of data signed.\n");
return VB2_ERROR_VDATA_SIZE;
}
/* Digest goes at start of work buffer */
digest_size = vb2_digest_size(key->hash_alg);
if (!digest_size)
return VB2_ERROR_VDATA_DIGEST_SIZE;
digest = vb2_workbuf_alloc(&wblocal, digest_size);
if (!digest)
return VB2_ERROR_VDATA_WORKBUF_DIGEST;
/* Hashing requires temp space for the context */
dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc));
if (!dc)
return VB2_ERROR_VDATA_WORKBUF_HASHING;
rv = vb2_digest_init(dc, key->hash_alg);
if (rv)
return rv;
rv = vb2_digest_extend(dc, data, size);
if (rv)
return rv;
rv = vb2_digest_finalize(dc, digest, digest_size);
if (rv)
return rv;
vb2_workbuf_free(&wblocal, sizeof(*dc));
return vb2_verify_digest(key, sig, digest, &wblocal);
}
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
uint32_t min_offset = 0, sig_offset;
int rv, i;
/* Check magic number */
if (block->c.magic != VB2_MAGIC_KEYBLOCK)
return VB2_ERROR_KEYBLOCK_MAGIC;
/* Make sure common header is good */
rv = vb2_verify_common_header(block, size);
if (rv)
return rv;
/*
* Check for compatible version. No need to check minor version, since
* that's compatible across readers matching the major version, and we
* haven't added any new fields.
*/
if (block->c.struct_version_major != VB2_KEYBLOCK_VERSION_MAJOR)
return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
/* Make sure header is big enough */
if (block->c.fixed_size < sizeof(*block))
return VB2_ERROR_KEYBLOCK_SIZE;
/* Make sure data key is inside */
rv = vb2_verify_common_subobject(block, &min_offset, block->key_offset);
if (rv)
return rv;
/* Loop over signatures */
sig_offset = block->sig_offset;
for (i = 0; i < block->sig_count; i++, sig_offset = min_offset) {
struct vb2_signature *sig;
/* Make sure signature is inside keyblock */
rv = vb2_verify_common_subobject(block, &min_offset,
sig_offset);
if (rv)
return rv;
sig = (struct vb2_signature *)((uint8_t *)block + sig_offset);
/* Verify the signature integrity */
rv = vb2_verify_signature(sig,
block->c.total_size - sig_offset);
if (rv)
return rv;
/* Skip signature if it doesn't match the key GUID */
if (memcmp(&sig->guid, key->guid, GUID_SIZE))
continue;
/* Make sure we signed the right amount of data */
if (sig->data_size != block->sig_offset)
return VB2_ERROR_KEYBLOCK_SIGNED_SIZE;
return vb2_verify_data(block, block->sig_offset, sig, key, wb);
}
/* If we're still here, no signature matched the key GUID */
return VB2_ERROR_KEYBLOCK_SIG_GUID;
}
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
struct vb2_signature *sig;
uint32_t min_offset = 0, hash_offset;
int rv, i;
/* Check magic number */
if (preamble->c.magic != VB2_MAGIC_FW_PREAMBLE)
return VB2_ERROR_PREAMBLE_MAGIC;
/* Make sure common header is good */
rv = vb2_verify_common_header(preamble, size);
if (rv)
return rv;
/*
* Check for compatible version. No need to check minor version, since
* that's compatible across readers matching the major version, and we
* haven't added any new fields.
*/
if (preamble->c.struct_version_major != VB2_FW_PREAMBLE_VERSION_MAJOR)
return VB2_ERROR_PREAMBLE_HEADER_VERSION;
/* Make sure header is big enough */
if (preamble->c.fixed_size < sizeof(*preamble))
return VB2_ERROR_PREAMBLE_SIZE;
/* Make sure all hash signatures are inside */
hash_offset = preamble->hash_offset;
for (i = 0; i < preamble->hash_count; i++, hash_offset = min_offset) {
/* Make sure signature is inside preamble */
rv = vb2_verify_common_subobject(preamble, &min_offset,
hash_offset);
if (rv)
return rv;
sig = (struct vb2_signature *)
((uint8_t *)preamble + hash_offset);
/* Verify the signature integrity */
rv = vb2_verify_signature(
sig, preamble->c.total_size - hash_offset);
if (rv)
return rv;
/* Hashes must all be unsigned */
if (sig->sig_alg != VB2_SIG_NONE)
return VB2_ERROR_PREAMBLE_HASH_SIGNED;
}
/* Make sure signature is inside preamble */
rv = vb2_verify_common_subobject(preamble, &min_offset,
preamble->sig_offset);
if (rv)
return rv;
/* Verify preamble signature */
sig = (struct vb2_signature *)((uint8_t *)preamble +
preamble->sig_offset);
rv = vb2_verify_data(preamble, preamble->sig_offset, sig, key, wb);
if (rv)
return rv;
return VB2_SUCCESS;
}
Reference in New Issue View Git Blame Copy Permalink