VBoot Reference: Fix splicing bugs in Firmware and Kernel verification.

src/platform/vboot_reference/utils/firmware_image.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Functions for generating and manipulating a verified boot firmware image.
  */
 
 #include "firmware_image.h"
 
 #include <fcntl.h>
@@ skipping 172 matching lines @@
                  RSAProcessedKeySize(image->firmware_sign_algorithm));
   StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum));
 
   if (st.remaining_len != 0) {  /* Underrun or Overrun. */
     Free(header_blob);
     return NULL;
   }
   return header_blob;
 }
 
-int GetFirmwarePreambleLen(const FirmwareImage* image) {
+int GetFirmwarePreambleLen(void) {
   return (FIELD_LEN(firmware_version) + FIELD_LEN(firmware_len) +
           FIELD_LEN(preamble));
 }
 
 uint8_t* GetFirmwarePreambleBlob(const FirmwareImage* image) {
   uint8_t* preamble_blob = NULL;
   MemcpyState st;
 
-  preamble_blob = (uint8_t*) Malloc(GetFirmwarePreambleLen(image));
-  st.remaining_len = GetFirmwarePreambleLen(image);
+  preamble_blob = (uint8_t*) Malloc(GetFirmwarePreambleLen());
+  st.remaining_len = GetFirmwarePreambleLen();
   st.remaining_buf = preamble_blob;
 
   StatefulMemcpy_r(&st, &image->firmware_version, FIELD_LEN(firmware_version));
   StatefulMemcpy_r(&st, &image->firmware_len, FIELD_LEN(firmware_len));
   StatefulMemcpy_r(&st, image->preamble, FIELD_LEN(preamble));
 
   if (st.remaining_len != 0 ) {  /* Underrun or Overrun. */
     Free(preamble_blob);
     return NULL;
   }
   return preamble_blob;
 }
 
 
 uint8_t* GetFirmwareBlob(const FirmwareImage* image, uint64_t* blob_len) {
   int firmware_signature_len;
   uint8_t* firmware_blob = NULL;
   uint8_t* header_blob = NULL;
   uint8_t* preamble_blob = NULL;
   MemcpyState st;
 
   if (!image)
     return NULL;
 
   firmware_signature_len = siglen_map[image->firmware_sign_algorithm];
   *blob_len = (FIELD_LEN(magic) +
                GetFirmwareHeaderLen(image) +
                FIELD_LEN(firmware_key_signature) +
-               GetFirmwarePreambleLen(image) +
+               GetFirmwarePreambleLen() +
                2 * firmware_signature_len +
                image->firmware_len);
   firmware_blob = (uint8_t*) Malloc(*blob_len);
   st.remaining_len = *blob_len;
   st.remaining_buf = firmware_blob;
 
   header_blob = GetFirmwareHeaderBlob(image);
   preamble_blob = GetFirmwarePreambleBlob(image);
 
   StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic));
   StatefulMemcpy_r(&st, header_blob, GetFirmwareHeaderLen(image));
   StatefulMemcpy_r(&st, image->firmware_key_signature,
                    FIELD_LEN(firmware_key_signature));
-  StatefulMemcpy_r(&st, preamble_blob, GetFirmwarePreambleLen(image));
+  StatefulMemcpy_r(&st, preamble_blob, GetFirmwarePreambleLen());
   StatefulMemcpy_r(&st, image->preamble_signature, firmware_signature_len);
   StatefulMemcpy_r(&st, image->firmware_signature, firmware_signature_len);
   StatefulMemcpy_r(&st, image->firmware_data, image->firmware_len);
 
   Free(preamble_blob);
   Free(header_blob);
 
   if (st.remaining_len != 0) { /* Underrun or Overrun. */
     Free(firmware_blob);
     return NULL;
@@ skipping 141 matching lines @@
                          algorithm))
     return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED;
 
   Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version),
          sizeof(len));
   *firmware_len = (int) len;
   return 0;
 }
 
 int VerifyFirmwareData(RSAPublicKey* firmware_sign_key,
+                       const uint8_t* preamble_start,
                        const uint8_t* firmware_data_start,
                        int firmware_len,
                        int algorithm) {
   int signature_len = siglen_map[algorithm];
-  if (!RSAVerifyBinary_f(NULL, firmware_sign_key,  /* Key to use. */
-                         firmware_data_start + signature_len,  /* Data to
-                                                                * verify */
-                         firmware_len,  /* Length of data. */
-                         firmware_data_start,  /* Expected Signature */
-                         algorithm))
+  uint8_t* digest;
+  DigestContext ctx;
+
+  /* Since the firmware signature is over the preamble and the firmware data,
+   * which does not form a contiguous region of memory, we calculate the
+   * message digest ourselves. */
+  DigestInit(&ctx, algorithm);
+  DigestUpdate(&ctx, preamble_start, GetFirmwarePreambleLen());
+  DigestUpdate(&ctx, firmware_data_start + signature_len, firmware_len);
+  digest = DigestFinal(&ctx);
+  if (!RSAVerifyBinaryWithDigest_f(
+          NULL, firmware_sign_key,  /* Key to use. */
+          digest,  /* Digest of the data to verify. */
+          firmware_data_start,  /* Expected Signature */
+          algorithm)) {
+    Free(digest);
     return VERIFY_FIRMWARE_SIGNATURE_FAILED;
+  }
+  Free(digest);
   return 0;
 }
 
 int VerifyFirmware(const uint8_t* root_key_blob,
                    const uint8_t* firmware_blob) {
-  int error_code;
+  int error_code = 0;
   int algorithm;  /* Signing key algorithm. */
   RSAPublicKey* firmware_sign_key = NULL;
   int firmware_sign_key_len, signature_len, header_len, firmware_len;
   const uint8_t* header_ptr = NULL;  /* Pointer to header. */
   const uint8_t* firmware_sign_key_ptr = NULL;  /* Pointer to signing key. */
   const uint8_t* preamble_ptr = NULL;  /* Pointer to preamble block. */
   const uint8_t* firmware_ptr = NULL;  /* Pointer to firmware signature/data. */
 
   /* Note: All the offset calculations are based on struct FirmwareImage which
    * is defined in include/firmware_image.h. */
@@ skipping 22 matching lines @@
   preamble_ptr = (header_ptr + header_len +
                   FIELD_LEN(firmware_key_signature));
   if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr,
                                            algorithm,
                                            &firmware_len))) {
     RSAPublicKeyFree(firmware_sign_key);
     return error_code;  /* AKA jump to recovery. */
   }
   /* Only continue if firmware data verification succeeds. */
   firmware_ptr = (preamble_ptr +
-                  GetFirmwarePreambleLen(NULL) +
+                  GetFirmwarePreambleLen() +
                   signature_len);
 
-  if ((error_code = VerifyFirmwareData(firmware_sign_key, firmware_ptr,
+  if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr,
+                                       firmware_ptr,
                                        firmware_len,
                                        algorithm))) {
     RSAPublicKeyFree(firmware_sign_key);
     return error_code;  /* AKA jump to recovery. */
   }
 
   RSAPublicKeyFree(firmware_sign_key);
   return 0;  /* Success! */
 }
 
 int VerifyFirmwareImage(const RSAPublicKey* root_key,
                         const FirmwareImage* image) {
   RSAPublicKey* firmware_sign_key = NULL;
   uint8_t* header_digest = NULL;
   uint8_t* preamble_digest = NULL;
   uint8_t* firmware_digest = NULL;
   int firmware_sign_key_size;
   int signature_size;
   int error_code = 0;
   DigestContext ctx;
+  DigestContext firmware_ctx;
 
   if (!image)
     return VERIFY_FIRMWARE_INVALID_IMAGE;
 
   /* Verify root key signature on the sign key header if we
    * are not in dev mode.
    *
    * TODO(gauravsh): Add additional sanity checks here for:
    *  1) verifying the header length is correct.
    *  2) header_checksum is correct.
@@ skipping 38 matching lines @@
   DigestUpdate(&ctx, (uint8_t*) &image->preamble,
                FIELD_LEN(preamble));
   preamble_digest = DigestFinal(&ctx);
   if (!RSAVerify(firmware_sign_key, image->preamble_signature,
                   signature_size, image->firmware_sign_algorithm,
                   preamble_digest)) {
     error_code = VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED;
     goto verify_failure;
   }
 
-  /* Verify firmware signature. */
-  firmware_digest = DigestBuf(image->firmware_data,
-                              image->firmware_len,
-                              image->firmware_sign_algorithm);
+  /* Verify firmware signature - firmware signature is on the contents
+   of firmware preamble + firmware_data. */
+  DigestInit(&firmware_ctx, image->firmware_sign_algorithm);
+  DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_version,
+               FIELD_LEN(firmware_version));
+  DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_len,
+               FIELD_LEN(firmware_len));
+  DigestUpdate(&firmware_ctx, (uint8_t*) &image->preamble,
+               FIELD_LEN(preamble));
+  DigestUpdate(&firmware_ctx, image->firmware_data, image->firmware_len);
+  firmware_digest = DigestFinal(&firmware_ctx);
   if (!RSAVerify(firmware_sign_key, image->firmware_signature,
                  signature_size, image->firmware_sign_algorithm,
                  firmware_digest)) {
     error_code = VERIFY_FIRMWARE_SIGNATURE_FAILED;
     goto verify_failure;
   }
 
 verify_failure:
   RSAPublicKeyFree(firmware_sign_key);
   Free(firmware_digest);
@@ skipping 21 matching lines @@
     Free(header_blob);
     return 0;
   }
   Memcpy(image->firmware_key_signature, signature, RSA8192NUMBYTES);
   Free(header_blob);
   Free(signature);
   return 1;
 }
 
 int AddFirmwareSignature(FirmwareImage* image, const char* signing_key_file) {
-  uint8_t* preamble_blob;
-  uint8_t* preamble_signature;
-  uint8_t* firmware_signature;
+  uint8_t* preamble_blob = NULL;
+  uint8_t* preamble_signature = NULL;
+  uint8_t* firmware_signature = NULL;
+  uint8_t* firmware_buf = NULL;
   int signature_len = siglen_map[image->firmware_sign_algorithm];
 
   preamble_blob = GetFirmwarePreambleBlob(image);
+  if (!preamble_blob)
+    return 0;
   if (!(preamble_signature = SignatureBuf(preamble_blob,
-                                          GetFirmwarePreambleLen(image),
+                                          GetFirmwarePreambleLen(),
                                           signing_key_file,
                                           image->firmware_sign_algorithm))) {
     Free(preamble_blob);
     return 0;
   }
   image->preamble_signature = (uint8_t*) Malloc(signature_len);
   Memcpy(image->preamble_signature, preamble_signature, signature_len);
   Free(preamble_signature);
-
-  if (!(firmware_signature = SignatureBuf(image->firmware_data,
+  /* Firmware signature must be calculated on preamble + firmware_data
+   * to avoid splicing attacks. */
+  firmware_buf = (uint8_t*) Malloc(GetFirmwarePreambleLen() +
+                                   image->firmware_len);
+  Memcpy(firmware_buf, preamble_blob, GetFirmwarePreambleLen());
+  Memcpy(firmware_buf + GetFirmwarePreambleLen(), image->firmware_data,
+         image->firmware_len);
+  if (!(firmware_signature = SignatureBuf(firmware_buf,
+                                          GetFirmwarePreambleLen() +
                                           image->firmware_len,
                                           signing_key_file,
-                                          image->firmware_sign_algorithm)))
+                                          image->firmware_sign_algorithm))) {
+    Free(preamble_blob);
+    Free(firmware_buf);
     return 0;
+  }
   image->firmware_signature = (uint8_t*) Malloc(signature_len);
   Memcpy(image->firmware_signature, firmware_signature, signature_len);
   Free(firmware_signature);
+  Free(firmware_buf);
+  Free(preamble_blob);
   return 1;
 }
 
 uint32_t GetLogicalFirmwareVersion(uint8_t* firmware_blob) {
   uint16_t firmware_key_version;
   uint16_t firmware_version;
   uint16_t firmware_sign_algorithm;
   int firmware_sign_key_len;
   Memcpy(&firmware_sign_algorithm,
          firmware_blob + (FIELD_LEN(magic) +  /* Offset to field. */
@@ skipping 93 matching lines @@
      * attempted.
      * If FirmwareB is not a rollback, then we attempt to do the verification.
      */
     if (stored_lversion <= firmwareB_lversion &&
         (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB)))
         return BOOT_FIRMWARE_B_CONTINUE;
   }
   /* D'oh: No bootable firmware. */
   return BOOT_FIRMWARE_RECOVERY_CONTINUE;
 }