You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
445 lines
12 KiB
445 lines
12 KiB
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Signature validation functions
|
|
*/
|
|
|
|
#include "2sysincludes.h"
|
|
#include "2common.h"
|
|
#include "2rsa.h"
|
|
#include "2sha.h"
|
|
#include "vb2_common.h"
|
|
|
|
const char *vb2_common_desc(const void *buf)
|
|
{
|
|
const struct vb2_struct_common *c = buf;
|
|
|
|
return c->desc_size ? (const char *)c + c->fixed_size : "";
|
|
}
|
|
|
|
int vb2_verify_common_header(const void *parent, uint32_t parent_size)
|
|
{
|
|
const struct vb2_struct_common *c = parent;
|
|
|
|
/* Parent buffer size must be at least the claimed total size */
|
|
if (parent_size < c->total_size)
|
|
return VB2_ERROR_COMMON_TOTAL_SIZE;
|
|
|
|
/*
|
|
* And big enough for the fixed size, which itself must be at least as
|
|
* big as the common struct header.
|
|
*/
|
|
if (c->total_size < c->fixed_size || c->fixed_size < sizeof(*c))
|
|
return VB2_ERROR_COMMON_FIXED_SIZE;
|
|
|
|
/* Make sure sizes are all multiples of 32 bits */
|
|
if (!vb2_aligned(c->total_size, sizeof(uint32_t)))
|
|
return VB2_ERROR_COMMON_TOTAL_UNALIGNED;
|
|
if (!vb2_aligned(c->fixed_size, sizeof(uint32_t)))
|
|
return VB2_ERROR_COMMON_FIXED_UNALIGNED;
|
|
if (!vb2_aligned(c->desc_size, sizeof(uint32_t)))
|
|
return VB2_ERROR_COMMON_DESC_UNALIGNED;
|
|
|
|
/* Check description */
|
|
if (c->desc_size > 0) {
|
|
/* Make sure description fits and doesn't wrap */
|
|
if (c->fixed_size + c->desc_size < c->fixed_size)
|
|
return VB2_ERROR_COMMON_DESC_WRAPS;
|
|
if (c->fixed_size + c->desc_size > c->total_size)
|
|
return VB2_ERROR_COMMON_DESC_SIZE;
|
|
|
|
/* Description must be null-terminated */
|
|
if (vb2_common_desc(c)[c->desc_size - 1] != 0)
|
|
return VB2_ERROR_COMMON_DESC_TERMINATOR;
|
|
}
|
|
|
|
return VB2_SUCCESS;
|
|
}
|
|
|
|
int vb2_verify_common_member(const void *parent,
|
|
uint32_t *min_offset,
|
|
uint32_t member_offset,
|
|
uint32_t member_size)
|
|
{
|
|
const struct vb2_struct_common *c = parent;
|
|
uint32_t member_end = member_offset + member_size;
|
|
|
|
/* Make sure member doesn't wrap */
|
|
if (member_end < member_offset)
|
|
return VB2_ERROR_COMMON_MEMBER_WRAPS;
|
|
|
|
/* Member offset and size must be 32-bit aligned */
|
|
if (!vb2_aligned(member_offset, sizeof(uint32_t)) ||
|
|
!vb2_aligned(member_size, sizeof(uint32_t)))
|
|
return VB2_ERROR_COMMON_MEMBER_UNALIGNED;
|
|
|
|
/* Initialize minimum offset if necessary */
|
|
if (!*min_offset)
|
|
*min_offset = c->fixed_size + c->desc_size;
|
|
|
|
/* Member must be after minimum offset */
|
|
if (member_offset < *min_offset)
|
|
return VB2_ERROR_COMMON_MEMBER_OVERLAP;
|
|
|
|
/* Member must end before total size */
|
|
if (member_end > c->total_size)
|
|
return VB2_ERROR_COMMON_MEMBER_SIZE;
|
|
|
|
/* Update minimum offset for subsequent checks */
|
|
*min_offset = member_end;
|
|
|
|
return VB2_SUCCESS;
|
|
}
|
|
|
|
int vb2_verify_common_subobject(const void *parent,
|
|
uint32_t *min_offset,
|
|
uint32_t member_offset)
|
|
{
|
|
const struct vb2_struct_common *p = parent;
|
|
const struct vb2_struct_common *m =
|
|
(const struct vb2_struct_common *)
|
|
((const uint8_t *)parent + member_offset);
|
|
int rv;
|
|
|
|
/*
|
|
* Verify the parent has space at the member offset for the common
|
|
* header.
|
|
*/
|
|
rv = vb2_verify_common_member(parent, min_offset, member_offset,
|
|
sizeof(*m));
|
|
if (rv)
|
|
return rv;
|
|
|
|
/*
|
|
* Now it's safe to look at the member's header, and verify any
|
|
* additional data for the object past its common header fits in the
|
|
* parent.
|
|
*/
|
|
rv = vb2_verify_common_header(m, p->total_size - member_offset);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/* Advance the min offset to the end of the subobject */
|
|
*min_offset = member_offset + m->total_size;
|
|
|
|
return VB2_SUCCESS;
|
|
}
|
|
|
|
uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
|
|
enum vb2_hash_algorithm hash_alg)
|
|
{
|
|
uint32_t digest_size = vb2_digest_size(hash_alg);
|
|
|
|
/* Fail if we don't support the hash algorithm */
|
|
if (!digest_size)
|
|
return 0;
|
|
|
|
/* Handle unsigned hashes */
|
|
if (sig_alg == VB2_SIG_NONE)
|
|
return digest_size;
|
|
|
|
return vb2_rsa_sig_size(sig_alg);
|
|
}
|
|
|
|
const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg)
|
|
{
|
|
switch(hash_alg) {
|
|
#ifdef VB2_SUPPORT_SHA1
|
|
case VB2_HASH_SHA1:
|
|
{
|
|
static const struct vb2_guid guid = VB2_GUID_NONE_SHA1;
|
|
return &guid;
|
|
}
|
|
#endif
|
|
#ifdef VB2_SUPPORT_SHA256
|
|
case VB2_HASH_SHA256:
|
|
{
|
|
static const struct vb2_guid guid =
|
|
VB2_GUID_NONE_SHA256;
|
|
return &guid;
|
|
}
|
|
#endif
|
|
#ifdef VB2_SUPPORT_SHA512
|
|
case VB2_HASH_SHA512:
|
|
{
|
|
static const struct vb2_guid guid =
|
|
VB2_GUID_NONE_SHA512;
|
|
return &guid;
|
|
}
|
|
#endif
|
|
default:
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
int vb2_verify_signature(const struct vb2_signature *sig, uint32_t size)
|
|
{
|
|
uint32_t min_offset = 0;
|
|
uint32_t expect_sig_size;
|
|
int rv;
|
|
|
|
/* Check magic number */
|
|
if (sig->c.magic != VB2_MAGIC_SIGNATURE)
|
|
return VB2_ERROR_SIG_MAGIC;
|
|
|
|
/* Make sure common header is good */
|
|
rv = vb2_verify_common_header(sig, size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/*
|
|
* Check for compatible version. No need to check minor version, since
|
|
* that's compatible across readers matching the major version, and we
|
|
* haven't added any new fields.
|
|
*/
|
|
if (sig->c.struct_version_major != VB2_SIGNATURE_VERSION_MAJOR)
|
|
return VB2_ERROR_SIG_VERSION;
|
|
|
|
/* Make sure header is big enough for signature */
|
|
if (sig->c.fixed_size < sizeof(*sig))
|
|
return VB2_ERROR_SIG_HEADER_SIZE;
|
|
|
|
/* Make sure signature data is inside */
|
|
rv = vb2_verify_common_member(sig, &min_offset,
|
|
sig->sig_offset, sig->sig_size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/* Make sure signature size is correct for the algorithm */
|
|
expect_sig_size = vb2_sig_size(sig->sig_alg, sig->hash_alg);
|
|
if (!expect_sig_size)
|
|
return VB2_ERROR_SIG_ALGORITHM;
|
|
if (sig->sig_size != expect_sig_size)
|
|
return VB2_ERROR_SIG_SIZE;
|
|
|
|
return VB2_SUCCESS;
|
|
}
|
|
|
|
/**
|
|
* Return the signature data for a signature
|
|
*/
|
|
static uint8_t *vb2_signature_data(struct vb2_signature *sig)
|
|
{
|
|
return (uint8_t *)sig + sig->sig_offset;
|
|
}
|
|
|
|
int vb2_verify_digest(const struct vb2_public_key *key,
|
|
struct vb2_signature *sig,
|
|
const uint8_t *digest,
|
|
const struct vb2_workbuf *wb)
|
|
{
|
|
uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg);
|
|
|
|
/* If we can't figure out the signature size, key algorithm was bad */
|
|
if (!key_sig_size)
|
|
return VB2_ERROR_VDATA_ALGORITHM;
|
|
|
|
/* Make sure the signature and key algorithms match */
|
|
if (key->sig_alg != sig->sig_alg || key->hash_alg != sig->hash_alg)
|
|
return VB2_ERROR_VDATA_ALGORITHM_MISMATCH;
|
|
|
|
if (sig->sig_size != key_sig_size)
|
|
return VB2_ERROR_VDATA_SIG_SIZE;
|
|
|
|
if (key->sig_alg == VB2_SIG_NONE) {
|
|
/* Bare hash */
|
|
if (vb2_safe_memcmp(vb2_signature_data(sig),
|
|
digest, key_sig_size))
|
|
return VB2_ERROR_VDATA_VERIFY_DIGEST;
|
|
|
|
return VB2_SUCCESS;
|
|
} else {
|
|
/* RSA-signed digest */
|
|
return vb2_rsa_verify_digest(key,
|
|
vb2_signature_data(sig),
|
|
digest, wb);
|
|
}
|
|
}
|
|
|
|
int vb2_verify_data(const void *data,
|
|
uint32_t size,
|
|
struct vb2_signature *sig,
|
|
const struct vb2_public_key *key,
|
|
const struct vb2_workbuf *wb)
|
|
{
|
|
struct vb2_workbuf wblocal = *wb;
|
|
struct vb2_digest_context *dc;
|
|
uint8_t *digest;
|
|
uint32_t digest_size;
|
|
int rv;
|
|
|
|
if (sig->data_size != size) {
|
|
VB2_DEBUG("Wrong amount of data signed.\n");
|
|
return VB2_ERROR_VDATA_SIZE;
|
|
}
|
|
|
|
/* Digest goes at start of work buffer */
|
|
digest_size = vb2_digest_size(key->hash_alg);
|
|
if (!digest_size)
|
|
return VB2_ERROR_VDATA_DIGEST_SIZE;
|
|
|
|
digest = vb2_workbuf_alloc(&wblocal, digest_size);
|
|
if (!digest)
|
|
return VB2_ERROR_VDATA_WORKBUF_DIGEST;
|
|
|
|
/* Hashing requires temp space for the context */
|
|
dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc));
|
|
if (!dc)
|
|
return VB2_ERROR_VDATA_WORKBUF_HASHING;
|
|
|
|
rv = vb2_digest_init(dc, key->hash_alg);
|
|
if (rv)
|
|
return rv;
|
|
|
|
rv = vb2_digest_extend(dc, data, size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
rv = vb2_digest_finalize(dc, digest, digest_size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
vb2_workbuf_free(&wblocal, sizeof(*dc));
|
|
|
|
return vb2_verify_digest(key, sig, digest, &wblocal);
|
|
}
|
|
|
|
int vb2_verify_keyblock(struct vb2_keyblock *block,
|
|
uint32_t size,
|
|
const struct vb2_public_key *key,
|
|
const struct vb2_workbuf *wb)
|
|
{
|
|
uint32_t min_offset = 0, sig_offset;
|
|
int rv, i;
|
|
|
|
/* Check magic number */
|
|
if (block->c.magic != VB2_MAGIC_KEYBLOCK)
|
|
return VB2_ERROR_KEYBLOCK_MAGIC;
|
|
|
|
/* Make sure common header is good */
|
|
rv = vb2_verify_common_header(block, size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/*
|
|
* Check for compatible version. No need to check minor version, since
|
|
* that's compatible across readers matching the major version, and we
|
|
* haven't added any new fields.
|
|
*/
|
|
if (block->c.struct_version_major != VB2_KEYBLOCK_VERSION_MAJOR)
|
|
return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
|
|
|
|
/* Make sure header is big enough */
|
|
if (block->c.fixed_size < sizeof(*block))
|
|
return VB2_ERROR_KEYBLOCK_SIZE;
|
|
|
|
/* Make sure data key is inside */
|
|
rv = vb2_verify_common_subobject(block, &min_offset, block->key_offset);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/* Loop over signatures */
|
|
sig_offset = block->sig_offset;
|
|
for (i = 0; i < block->sig_count; i++, sig_offset = min_offset) {
|
|
struct vb2_signature *sig;
|
|
|
|
/* Make sure signature is inside keyblock */
|
|
rv = vb2_verify_common_subobject(block, &min_offset,
|
|
sig_offset);
|
|
if (rv)
|
|
return rv;
|
|
|
|
sig = (struct vb2_signature *)((uint8_t *)block + sig_offset);
|
|
|
|
/* Verify the signature integrity */
|
|
rv = vb2_verify_signature(sig,
|
|
block->c.total_size - sig_offset);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/* Skip signature if it doesn't match the key GUID */
|
|
if (memcmp(&sig->guid, key->guid, GUID_SIZE))
|
|
continue;
|
|
|
|
/* Make sure we signed the right amount of data */
|
|
if (sig->data_size != block->sig_offset)
|
|
return VB2_ERROR_KEYBLOCK_SIGNED_SIZE;
|
|
|
|
return vb2_verify_data(block, block->sig_offset, sig, key, wb);
|
|
}
|
|
|
|
/* If we're still here, no signature matched the key GUID */
|
|
return VB2_ERROR_KEYBLOCK_SIG_GUID;
|
|
}
|
|
|
|
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
|
|
uint32_t size,
|
|
const struct vb2_public_key *key,
|
|
const struct vb2_workbuf *wb)
|
|
{
|
|
struct vb2_signature *sig;
|
|
uint32_t min_offset = 0, hash_offset;
|
|
int rv, i;
|
|
|
|
/* Check magic number */
|
|
if (preamble->c.magic != VB2_MAGIC_FW_PREAMBLE)
|
|
return VB2_ERROR_PREAMBLE_MAGIC;
|
|
|
|
/* Make sure common header is good */
|
|
rv = vb2_verify_common_header(preamble, size);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/*
|
|
* Check for compatible version. No need to check minor version, since
|
|
* that's compatible across readers matching the major version, and we
|
|
* haven't added any new fields.
|
|
*/
|
|
if (preamble->c.struct_version_major != VB2_FW_PREAMBLE_VERSION_MAJOR)
|
|
return VB2_ERROR_PREAMBLE_HEADER_VERSION;
|
|
|
|
/* Make sure header is big enough */
|
|
if (preamble->c.fixed_size < sizeof(*preamble))
|
|
return VB2_ERROR_PREAMBLE_SIZE;
|
|
|
|
/* Make sure all hash signatures are inside */
|
|
hash_offset = preamble->hash_offset;
|
|
for (i = 0; i < preamble->hash_count; i++, hash_offset = min_offset) {
|
|
/* Make sure signature is inside preamble */
|
|
rv = vb2_verify_common_subobject(preamble, &min_offset,
|
|
hash_offset);
|
|
if (rv)
|
|
return rv;
|
|
|
|
sig = (struct vb2_signature *)
|
|
((uint8_t *)preamble + hash_offset);
|
|
|
|
/* Verify the signature integrity */
|
|
rv = vb2_verify_signature(
|
|
sig, preamble->c.total_size - hash_offset);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/* Hashes must all be unsigned */
|
|
if (sig->sig_alg != VB2_SIG_NONE)
|
|
return VB2_ERROR_PREAMBLE_HASH_SIGNED;
|
|
}
|
|
|
|
/* Make sure signature is inside preamble */
|
|
rv = vb2_verify_common_subobject(preamble, &min_offset,
|
|
preamble->sig_offset);
|
|
if (rv)
|
|
return rv;
|
|
|
|
/* Verify preamble signature */
|
|
sig = (struct vb2_signature *)((uint8_t *)preamble +
|
|
preamble->sig_offset);
|
|
|
|
rv = vb2_verify_data(preamble, preamble->sig_offset, sig, key, wb);
|
|
if (rv)
|
|
return rv;
|
|
|
|
return VB2_SUCCESS;
|
|
}
|