You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
203 lines
6.2 KiB
203 lines
6.2 KiB
/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Common functions between firmware and kernel verified boot.
|
|
*/
|
|
|
|
#ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_
|
|
#define VBOOT_REFERENCE_VBOOT_COMMON_H_
|
|
|
|
#include "cryptolib.h"
|
|
#include "vboot_struct.h"
|
|
|
|
#ifndef ARRAY_SIZE
|
|
#define ARRAY_SIZE(array) (sizeof(array)/sizeof(array[0]))
|
|
#endif
|
|
|
|
/* Test an important condition at compile time, not run time */
|
|
#ifndef BUILD_ASSERT
|
|
#define _BA1_(cond, line) \
|
|
extern int __build_assertion_ ## line[1 - 2*!(cond)] \
|
|
__attribute__ ((unused))
|
|
#define _BA0_(c, x) _BA1_(c, x)
|
|
#define BUILD_ASSERT(cond) _BA0_(cond, __LINE__)
|
|
#endif
|
|
|
|
/* Error Codes for all common functions. */
|
|
enum {
|
|
VBOOT_SUCCESS = 0,
|
|
/* Key block internal structure is invalid, or not a key block */
|
|
VBOOT_KEY_BLOCK_INVALID,
|
|
/* Key block signature check failed */
|
|
VBOOT_KEY_BLOCK_SIGNATURE,
|
|
/* Key block hash check failed */
|
|
VBOOT_KEY_BLOCK_HASH,
|
|
/* Invalid public key passed to a signature verficiation function. */
|
|
VBOOT_PUBLIC_KEY_INVALID,
|
|
/* Preamble internal structure is invalid */
|
|
VBOOT_PREAMBLE_INVALID,
|
|
/* Preamble signature check failed */
|
|
VBOOT_PREAMBLE_SIGNATURE,
|
|
/* Shared data is invalid. */
|
|
VBOOT_SHARED_DATA_INVALID,
|
|
/* Kernel Preamble does not contain flags */
|
|
VBOOT_KERNEL_PREAMBLE_NO_FLAGS,
|
|
VBOOT_ERROR_MAX,
|
|
};
|
|
extern const char *kVbootErrors[VBOOT_ERROR_MAX];
|
|
|
|
/**
|
|
* Return offset of ptr from base.
|
|
*/
|
|
uint64_t OffsetOf(const void *base, const void *ptr);
|
|
|
|
/*
|
|
* Helper functions to get data pointed to by a public key or signature.
|
|
*/
|
|
|
|
uint8_t *GetPublicKeyData(VbPublicKey *key);
|
|
const uint8_t *GetPublicKeyDataC(const VbPublicKey *key);
|
|
uint8_t *GetSignatureData(VbSignature *sig);
|
|
const uint8_t *GetSignatureDataC(const VbSignature *sig);
|
|
|
|
/*
|
|
* Helper functions to verify the data pointed to by a subfield is inside the
|
|
* parent data. Returns 0 if inside, 1 if error.
|
|
*/
|
|
|
|
int VerifyMemberInside(const void *parent, uint64_t parent_size,
|
|
const void *member, uint64_t member_size,
|
|
uint64_t member_data_offset,
|
|
uint64_t member_data_size);
|
|
|
|
int VerifyPublicKeyInside(const void *parent, uint64_t parent_size,
|
|
const VbPublicKey *key);
|
|
|
|
int VerifySignatureInside(const void *parent, uint64_t parent_size,
|
|
const VbSignature *sig);
|
|
|
|
/**
|
|
* Initialize a public key to refer to [key_data].
|
|
*/
|
|
void PublicKeyInit(VbPublicKey *key, uint8_t *key_data, uint64_t key_size);
|
|
|
|
/**
|
|
* Copy a public key from [src] to [dest].
|
|
*
|
|
* Returns 0 if success, non-zero if error.
|
|
*/
|
|
int PublicKeyCopy(VbPublicKey *dest, const VbPublicKey *src);
|
|
|
|
/**
|
|
* Convert a public key to RsaPublicKey format. The returned key must be freed
|
|
* using RSAPublicKeyFree().
|
|
*
|
|
* Returns NULL if error.
|
|
*/
|
|
RSAPublicKey *PublicKeyToRSA(const VbPublicKey *key);
|
|
|
|
/**
|
|
* Verify [data] matches signature [sig] using [key]. [size] is the size of
|
|
* the data buffer; the amount of data to be validated is contained in
|
|
* sig->data_size.
|
|
*/
|
|
int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig,
|
|
const RSAPublicKey *key);
|
|
|
|
/**
|
|
* Verify a secure hash digest from DigestBuf() or DigestFinal(), using
|
|
* [key]. Returns 0 on success.
|
|
*/
|
|
int VerifyDigest(const uint8_t *digest, const VbSignature *sig,
|
|
const RSAPublicKey *key);
|
|
|
|
/**
|
|
* Check the sanity of a key block of size [size] bytes, using public key
|
|
* [key]. If hash_only is non-zero, uses only the block checksum to verify the
|
|
* key block. Header fields are also checked for sanity. Does not verify key
|
|
* index or key block flags.
|
|
*/
|
|
int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
|
|
const VbPublicKey *key, int hash_only);
|
|
|
|
|
|
/**
|
|
* Check the sanity of a firmware preamble of size [size] bytes, using public
|
|
* key [key].
|
|
*
|
|
* Returns VBOOT_SUCCESS if successful.
|
|
*/
|
|
int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader *preamble,
|
|
uint64_t size, const RSAPublicKey *key);
|
|
|
|
|
|
/**
|
|
* Return the flags from a firmware preamble, or a default value for older
|
|
* preamble versions which didn't contain flags. Use this function to ensure
|
|
* compatibility with older preamble versions (2.0). Assumes the preamble has
|
|
* already been verified via VerifyFirmwarePreamble().
|
|
*/
|
|
uint32_t VbGetFirmwarePreambleFlags(const VbFirmwarePreambleHeader *preamble);
|
|
|
|
/**
|
|
* Check the sanity of a kernel preamble of size [size] bytes, using public key
|
|
* [key].
|
|
*
|
|
* Returns VBOOT_SUCCESS if successful.
|
|
*/
|
|
int VerifyKernelPreamble(const VbKernelPreambleHeader *preamble,
|
|
uint64_t size, const RSAPublicKey *key);
|
|
|
|
|
|
/**
|
|
* Retrieve the 16-bit vmlinuz header address and size from the kernel preamble
|
|
* if there is one. These are only available in Kernel Preamble Header version
|
|
* >= 2.1. If given a header 2.0 or lower, will set address and size to 0 (this
|
|
* is not considered an error).
|
|
*
|
|
* Returns VBOOT_SUCCESS if successful.
|
|
*/
|
|
int VbGetKernelVmlinuzHeader(const VbKernelPreambleHeader *preamble,
|
|
uint64_t *vmlinuz_header_address,
|
|
uint64_t *vmlinuz_header_size);
|
|
|
|
/**
|
|
* Checks if the kernel preamble has flags field. This is available only if the
|
|
* Kernel Preamble Header version >=2.2. If give a header of 2.1 or lower, it
|
|
* will return VBOOT_KERNEL_PREAMBLE_NO_FLAGS.
|
|
*
|
|
* Returns VBOOT_SUCCESS if version is >=2.2.
|
|
*/
|
|
int VbKernelHasFlags(const VbKernelPreambleHeader *preamble);
|
|
|
|
/**
|
|
* Verify that the Vmlinuz Header is contained inside of the kernel blob.
|
|
*
|
|
* Returns VBOOT_SUCCESS or VBOOT_PREAMBLE_INVALID on error
|
|
*/
|
|
int VerifyVmlinuzInsideKBlob(uint64_t kblob, uint64_t kblob_size,
|
|
uint64_t header, uint64_t header_size);
|
|
/**
|
|
* Initialize a verified boot shared data structure.
|
|
*
|
|
* Returns 0 if success, non-zero if error.
|
|
*/
|
|
int VbSharedDataInit(VbSharedDataHeader *header, uint64_t size);
|
|
|
|
/**
|
|
* Reserve [size] bytes of the shared data area. Returns the offset of the
|
|
* reserved data from the start of the shared data buffer, or 0 if error.
|
|
*/
|
|
uint64_t VbSharedDataReserve(VbSharedDataHeader *header, uint64_t size);
|
|
|
|
/**
|
|
* Copy the kernel subkey into the shared data.
|
|
*
|
|
* Returns 0 if success, non-zero if error.
|
|
*/
|
|
int VbSharedDataSetKernelKey(VbSharedDataHeader *header,
|
|
const VbPublicKey *src);
|
|
|
|
#endif /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */
|