Add --describe flag to {firmware|kernel}_utility.

src/platform/vboot_reference/utils/kernel_image.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Functions for generating and manipulating a verified boot kernel image.
  */
 
 #include "kernel_image.h"
 
 #include <fcntl.h>
@@ skipping 38 matching lines @@
 
 KernelImage* ReadKernelImage(const char* input_file) {
   uint64_t file_size;
   int image_len = 0;  /* Total size of the kernel image. */
   int header_len = 0;
   int firmware_sign_key_len;
   int kernel_key_signature_len;
   int kernel_sign_key_len;
   int kernel_signature_len;
   uint8_t* kernel_buf;
+  uint8_t header_checksum[FIELD_LEN(header_checksum)];
   MemcpyState st;
   KernelImage* image = KernelImageNew();
 
   if (!image)
     return NULL;
 
   kernel_buf = BufferFromFile(input_file, &file_size);
   image_len = file_size;
 
   st.remaining_len = image_len;
@@ skipping 26 matching lines @@
     return NULL;
   }
 
   /* Compute size of pre-processed RSA public keys and signatures. */
   firmware_sign_key_len = RSAProcessedKeySize(image->firmware_sign_algorithm);
   kernel_key_signature_len  = siglen_map[image->firmware_sign_algorithm];
   kernel_sign_key_len = RSAProcessedKeySize(image->kernel_sign_algorithm);
   kernel_signature_len = siglen_map[image->kernel_sign_algorithm];
 
   /* Check whether key header length is correct. */
-  header_len = (FIELD_LEN(header_version) +
-                FIELD_LEN(header_len) +
-                FIELD_LEN(firmware_sign_algorithm) +
-                FIELD_LEN(kernel_sign_algorithm) +
-                FIELD_LEN(kernel_key_version) +
-                kernel_sign_key_len +
-                FIELD_LEN(header_checksum));
-
+  header_len = GetKernelHeaderLen(image);
   if (header_len != image->header_len) {
     fprintf(stderr, "Header length mismatch. Got: %d, Expected: %d\n",
             image->header_len, header_len);
     Free(kernel_buf);
     return NULL;
   }
 
   /* Read pre-processed public half of the kernel signing key. */
   StatefulMemcpy(&st, &image->kernel_key_version,
                  FIELD_LEN(kernel_key_version));
   image->kernel_sign_key = (uint8_t*) Malloc(kernel_sign_key_len);
   StatefulMemcpy(&st, image->kernel_sign_key, kernel_sign_key_len);
   StatefulMemcpy(&st, image->header_checksum, FIELD_LEN(header_checksum));
 
+  /* Check whether the header checksum matches. */
+  CalculateKernelHeaderChecksum(image, header_checksum);
+  if (SafeMemcmp(header_checksum, image->header_checksum,
+                 FIELD_LEN(header_checksum))) {
+    fprintf(stderr, "Invalid kernel header checksum!\n");
+    Free(kernel_buf);
+    return NULL;
+  }
+
   /* Read key signature. */
   image->kernel_key_signature = (uint8_t*) Malloc(kernel_key_signature_len);
   StatefulMemcpy(&st, image->kernel_key_signature,
                  kernel_key_signature_len);
 
   /* Read the kernel config. */
   StatefulMemcpy(&st, &image->kernel_version, FIELD_LEN(kernel_version));
   StatefulMemcpy(&st, &image->options.version, FIELD_LEN(options.version));
   StatefulMemcpy(&st, &image->options.cmd_line, FIELD_LEN(options.cmd_line));
   StatefulMemcpy(&st, &image->options.kernel_len,
@@ skipping 22 matching lines @@
 }
 
 int GetKernelHeaderLen(const KernelImage* image) {
   return (FIELD_LEN(header_version) + FIELD_LEN(header_len) +
           FIELD_LEN(firmware_sign_algorithm) +
           FIELD_LEN(kernel_sign_algorithm) + FIELD_LEN(kernel_key_version) +
           RSAProcessedKeySize(image->kernel_sign_algorithm) +
           FIELD_LEN(header_checksum));
 }
 
+void CalculateKernelHeaderChecksum(const KernelImage* image,
+                                   uint8_t* header_checksum) {
+  uint8_t* checksum;
+  DigestContext ctx;
+  DigestInit(&ctx, SHA512_DIGEST_ALGORITHM);
+  DigestUpdate(&ctx, (uint8_t*) &image->header_version,
+               sizeof(image->header_version));
+  DigestUpdate(&ctx, (uint8_t*) &image->header_len,
+               sizeof(image->header_len));
+  DigestUpdate(&ctx, (uint8_t*) &image->firmware_sign_algorithm,
+               sizeof(image->firmware_sign_algorithm));
+  DigestUpdate(&ctx, (uint8_t*) &image->kernel_sign_algorithm,
+               sizeof(image->kernel_sign_algorithm));
+  DigestUpdate(&ctx, (uint8_t*) &image->kernel_key_version,
+               sizeof(image->kernel_key_version));
+  DigestUpdate(&ctx, image->kernel_sign_key,
+               RSAProcessedKeySize(image->kernel_sign_algorithm));
+  checksum = DigestFinal(&ctx);
+  Memcpy(header_checksum, checksum, FIELD_LEN(header_checksum));
+  Free(checksum);
+  return;
+}
+
 uint8_t* GetKernelHeaderBlob(const KernelImage* image) {
   uint8_t* header_blob = NULL;
   MemcpyState st;
 
   header_blob = (uint8_t*) Malloc(GetKernelHeaderLen(image));
   st.remaining_len = GetKernelHeaderLen(image);
   st.remaining_buf = header_blob;
 
   StatefulMemcpy_r(&st, &image->header_version, FIELD_LEN(header_version));
   StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len));
@@ skipping 117 matching lines @@
   Free(kernel_blob);
   close(fd);
   return 1;
 }
 
 void PrintKernelImage(const KernelImage* image) {
   if (!image)
     return;
 
   /* Print header. */
-  printf("Header Length = %d\n"
-         "Firmware Signing key algorithm id = %d\n"
-         "Kernel Signing key algorithm id = %d\n"
+  printf("Header Version = %d\n"
+         "Header Length = %d\n"
+         "Kernel Key Signature Algorithm = %s\n"
          "Kernel Signature Algorithm = %s\n"
          "Kernel Key Version = %d\n\n",
+         image->header_version,
          image->header_len,
-         image->firmware_sign_algorithm,
-         image->kernel_sign_algorithm,
+         algo_strings[image->firmware_sign_algorithm],
          algo_strings[image->kernel_sign_algorithm],
          image->kernel_key_version);
   /* TODO(gauravsh): Output hash and key signature here? */
   /* Print preamble. */
   printf("Kernel Version = %d\n"
          "Kernel Config Version = %d.%d\n"
-         "Kernel Config command line = %s\n"
+         "Kernel Config command line = \"%s\"\n"
          "kernel Length = %" PRId64 "\n"
          "Kernel Load Address = %" PRId64 "\n"
          "Kernel Entry Address = %" PRId64 "\n\n",
          image->kernel_version,
          image->options.version[0], image->options.version[1],
          image->options.cmd_line,
          image->options.kernel_len,
          image->options.kernel_load_addr,
          image->options.kernel_entry_addr);
   /* TODO(gauravsh): Output kernel signature here? */
@@ skipping 346 matching lines @@
                                         kernel_signing_key_file,
                                         image->kernel_sign_algorithm))) {
     fprintf(stderr, "Could not compute signature on the kernel.\n");
     return 0;
   }
   image->kernel_signature = (uint8_t*) Malloc(signature_len);
   Memcpy(image->kernel_signature, kernel_signature, signature_len);
   Free(kernel_signature);
   return 1;
 }