VBoot Reference: 18 Exabytes ought to be enough for everybody

src/platform/vboot_reference/utils/kernel_image.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Functions for generating and manipulating a verified boot kernel image.
  */
 
 #include "kernel_image.h"
 
 #include <fcntl.h>
@@ skipping 51 matching lines @@
   KernelImage* image = KernelImageNew();
 
   if (!image)
     return NULL;
 
   kernel_buf = BufferFromFile(input_file, &file_size);
   image_len = file_size;
 
   st.remaining_len = image_len;
   st.remaining_buf = kernel_buf;
+  st.overrun = 0;
 
   /* Read and compare magic bytes. */
   StatefulMemcpy(&st, &image->magic, KERNEL_MAGIC_SIZE);
 
   if (SafeMemcmp(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE)) {
     fprintf(stderr, "Wrong Kernel Magic.\n");
     Free(kernel_buf);
     return NULL;
   }
   StatefulMemcpy(&st, &image->header_version, FIELD_LEN(header_version));
@@ skipping 65 matching lines @@
   /* Read kernel config signature. */
   image->config_signature = (uint8_t*) Malloc(kernel_signature_len);
   StatefulMemcpy(&st, image->config_signature, kernel_signature_len);
 
   image->kernel_signature = (uint8_t*) Malloc(kernel_signature_len);
   StatefulMemcpy(&st, image->kernel_signature, kernel_signature_len);
 
   image->kernel_data = (uint8_t*) Malloc(image->options.kernel_len);
   StatefulMemcpy(&st, image->kernel_data, image->options.kernel_len);
 
-  if(st.remaining_len != 0) {  /* Overrun or underrun. */
+  if(st.overrun || st.remaining_len != 0) {  /* Overrun or underrun. */
     Free(kernel_buf);
     return NULL;
   }
   Free(kernel_buf);
   return image;
 }
 
 int GetKernelHeaderLen(const KernelImage* image) {
   return (FIELD_LEN(header_version) + FIELD_LEN(header_len) +
           FIELD_LEN(firmware_sign_algorithm) +
@@ skipping 25 matching lines @@
   return;
 }
 
 uint8_t* GetKernelHeaderBlob(const KernelImage* image) {
   uint8_t* header_blob = NULL;
   MemcpyState st;
 
   header_blob = (uint8_t*) Malloc(GetKernelHeaderLen(image));
   st.remaining_len = GetKernelHeaderLen(image);
   st.remaining_buf = header_blob;
+  st.overrun = 0;
 
   StatefulMemcpy_r(&st, &image->header_version, FIELD_LEN(header_version));
   StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len));
   StatefulMemcpy_r(&st, &image->firmware_sign_algorithm,
                    FIELD_LEN(firmware_sign_algorithm));
   StatefulMemcpy_r(&st, &image->kernel_sign_algorithm,
                    FIELD_LEN(kernel_sign_algorithm));
   StatefulMemcpy_r(&st, &image->kernel_key_version,
                    FIELD_LEN(kernel_key_version));
   StatefulMemcpy_r(&st, image->kernel_sign_key,
                    RSAProcessedKeySize(image->kernel_sign_algorithm));
   StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum));
 
-  if (st.remaining_len != 0) {  /* Underrun or Overrun. */
+  if (st.overrun || st.remaining_len != 0) {  /* Underrun or Overrun. */
     Free(header_blob);
     return NULL;
   }
   return header_blob;
 }
 
 int GetKernelConfigLen() {
   return (FIELD_LEN(kernel_version) +
           FIELD_LEN(options.version) + FIELD_LEN(options.cmd_line) +
           FIELD_LEN(options.kernel_len) + FIELD_LEN(options.kernel_load_addr) +
           FIELD_LEN(options.kernel_entry_addr));
 }
 
 uint8_t* GetKernelConfigBlob(const KernelImage* image) {
   uint8_t* config_blob = NULL;
   MemcpyState st;
 
   config_blob = (uint8_t*) Malloc(GetKernelConfigLen());
   st.remaining_len = GetKernelConfigLen();
   st.remaining_buf = config_blob;
+  st.overrun = 0;
 
   StatefulMemcpy_r(&st, &image->kernel_version, FIELD_LEN(kernel_version));
   StatefulMemcpy_r(&st, image->options.version, FIELD_LEN(options.version));
   StatefulMemcpy_r(&st, image->options.cmd_line, FIELD_LEN(options.cmd_line));
   StatefulMemcpy_r(&st, &image->options.kernel_len,
                    FIELD_LEN(options.kernel_len));
   StatefulMemcpy_r(&st, &image->options.kernel_load_addr,
         FIELD_LEN(options.kernel_load_addr));
   StatefulMemcpy_r(&st, &image->options.kernel_entry_addr,
         FIELD_LEN(options.kernel_entry_addr));
-  if (st.remaining_len != 0) {  /* Overrun or Underrun. */
+  if (st.overrun || st.remaining_len != 0) {  /* Overrun or Underrun. */
     Free(config_blob);
     return NULL;
   }
   return config_blob;
 }
 
 uint8_t* GetKernelBlob(const KernelImage* image, uint64_t* blob_len) {
   int kernel_key_signature_len;
   int kernel_signature_len;
   uint8_t* kernel_blob = NULL;
   uint8_t* header_blob = NULL;
   uint8_t* config_blob = NULL;
   MemcpyState st;
 
   if (!image)
     return NULL;
   kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm];
   kernel_signature_len = siglen_map[image->kernel_sign_algorithm];
   *blob_len = (FIELD_LEN(magic) +
                GetKernelHeaderLen(image) +
                kernel_key_signature_len +
                GetKernelConfigLen() +
                2 * kernel_signature_len +
                image->options.kernel_len);
   kernel_blob = (uint8_t*) Malloc(*blob_len);
   st.remaining_len = *blob_len;
   st.remaining_buf = kernel_blob;
+  st.overrun = 0;
 
   header_blob = GetKernelHeaderBlob(image);
   config_blob = GetKernelConfigBlob(image);
 
   StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic));
   StatefulMemcpy_r(&st, header_blob, GetKernelHeaderLen(image));
   StatefulMemcpy_r(&st, image->kernel_key_signature, kernel_key_signature_len);
   StatefulMemcpy_r(&st, config_blob, GetKernelConfigLen());
   StatefulMemcpy_r(&st, image->config_signature, kernel_signature_len);
   StatefulMemcpy_r(&st, image->kernel_signature, kernel_signature_len);
   StatefulMemcpy_r(&st, image->kernel_data, image->options.kernel_len);
 
   Free(config_blob);
   Free(header_blob);
 
-  if (st.remaining_len != 0) {  /* Underrun or Overrun. */
+  if (st.overrun || st.remaining_len != 0) {  /* Underrun or Overrun. */
     Free(kernel_blob);
     return NULL;
   }
   return kernel_blob;
 }
 
 int WriteKernelImage(const char* input_file,
                      const KernelImage* image) {
   int fd;
   uint8_t* kernel_blob;
@@ skipping 143 matching lines @@
                            header_blob + header_len,  /* Expected Signature */
                            firmware_sign_algorithm))
       return VERIFY_KERNEL_KEY_SIGNATURE_FAILED;
   }
   return 0;
 }
 
 int VerifyKernelConfig(RSAPublicKey* kernel_sign_key,
                        const uint8_t* config_blob,
                        int algorithm,
-                       int* kernel_len) {
-  uint32_t len, config_len;
-  config_len = GetKernelConfigLen();
+                       uint64_t* kernel_len) {
+  uint64_t len;
+  int config_len;
+  config_len = GetKernelConfigLen(NULL);
   if (!RSAVerifyBinary_f(NULL, kernel_sign_key,  /* Key to use */
                          config_blob,  /* Data to verify */
                          config_len,  /* Length of data */
                          config_blob + config_len,  /* Expected Signature */
                          algorithm))
     return VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED;
 
   Memcpy(&len,
          config_blob + (FIELD_LEN(kernel_version) + FIELD_LEN(options.version) +
                               FIELD_LEN(options.cmd_line)),
          sizeof(len));
-  *kernel_len = (int) len;
+  *kernel_len = len;
   return 0;
 }
 
 int VerifyKernelData(RSAPublicKey* kernel_sign_key,
                      const uint8_t* kernel_config_start,
                      const uint8_t* kernel_data_start,
-                     int kernel_len,
+                     uint64_t kernel_len,
                      int algorithm) {
   int signature_len = siglen_map[algorithm];
   uint8_t* digest;
   DigestContext ctx;
 
   /* Since the kernel signature is computed over the kernel version, options
    * and data, which does not form a contiguous region of memory, we calculate
    * the message digest ourselves. */
   DigestInit(&ctx, algorithm);
   DigestUpdate(&ctx, kernel_config_start, GetKernelConfigLen());
@@ skipping 12 matching lines @@
 }
 
 int VerifyKernel(const uint8_t* firmware_key_blob,
                  const uint8_t* kernel_blob,
                  const int dev_mode) {
   int error_code;
   int firmware_sign_algorithm;  /* Firmware signing key algorithm. */
   int kernel_sign_algorithm;  /* Kernel Signing key algorithm. */
   RSAPublicKey* kernel_sign_key;
   int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len,
-      header_len, kernel_len;
+      header_len;
+  uint64_t kernel_len;
   const uint8_t* header_ptr;  /* Pointer to header. */
   const uint8_t* kernel_sign_key_ptr;  /* Pointer to signing key. */
   const uint8_t* config_ptr;  /* Pointer to kernel config block. */
   const uint8_t* kernel_ptr;  /* Pointer to kernel signature/data. */
 
   /* Note: All the offset calculations are based on struct FirmwareImage which
    * is defined in include/firmware_image.h. */
 
   /* Compare magic bytes. */
   if (SafeMemcmp(kernel_blob, KERNEL_MAGIC, KERNEL_MAGIC_SIZE))
@@ skipping 367 matching lines @@
   /* Lock Kernel TPM rollback indices from further writes.
    * TODO(gauravsh): Figure out if these can be combined into one
    * 32-bit location since we seem to always use them together. This can help
    * us minimize the number of NVRAM writes/locks (which are limited over flash
    * memory lifetimes.
    */
   LockStoredVersion(KERNEL_KEY_VERSION);
   LockStoredVersion(KERNEL_VERSION);
   return kernel_to_boot;
 }