src/platform/vboot_reference/utility/firmware_utility.cc - Issue 2366004: Add --subkey_in and --subkey_out options to firmware signing utility.

Unified Diff: src/platform/vboot_reference/utility/firmware_utility.cc

Issue 2366004: Add --subkey_in and --subkey_out options to firmware signing utility. (Closed) Base URL: ssh://git@gitrw.chromium.org/chromiumos

Patch Set: Created 10 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/platform/vboot_reference/utility/firmware_utility.cc

diff --git a/src/platform/vboot_reference/utility/firmware_utility.cc b/src/platform/vboot_reference/utility/firmware_utility.cc

index b152ee1cda5dc78c654f871d21c57e4b17962ef3..aaf936b2c09f4d23c75b7e22b803dec0d236cde5 100644

--- a/src/platform/vboot_reference/utility/firmware_utility.cc

+++ b/src/platform/vboot_reference/utility/firmware_utility.cc

@@ -19,23 +19,28 @@ extern "C" {

#include "cryptolib.h"

#include "file_keys.h"

#include "firmware_image.h"

-#include "utility.h"

+#include "stateful_util.h"

}

using std::cerr;

+// Macro to determine the size of a field structure in the FirmwareImage

+// structure.

+#define FIELD_LEN(field) (sizeof(((FirmwareImage*)0)->field))

namespace vboot_reference {

FirmwareUtility::FirmwareUtility():

image_(NULL),

root_key_pub_(NULL),

- firmware_version_(-1),

firmware_key_version_(-1),

firmware_sign_algorithm_(-1),

+ firmware_version_(-1),

is_generate_(false),

is_verify_(false),

is_describe_(false),

- is_only_vblock_(false) {

+ is_only_vblock_(false),

+ is_subkey_out_(false) {

}

FirmwareUtility::~FirmwareUtility() {

@@ -50,23 +55,27 @@ void FirmwareUtility::PrintUsage(void) {

"Usage: firmware_utility <--generate|--verify> [OPTIONS]\n"

"\n"

"For \"--verify\", required OPTIONS are:\n"

- "--in <infile>\t\t\tVerified boot firmware image to verify.\n"

- "--root_key_pub <pubkeyfile>\tPre-processed public root key "

+ " --in <infile>\t\t\tVerified boot firmware image to verify.\n"

+ " --root_key_pub <pubkeyfile>\tPre-processed public root key "

"to use for verification.\n"

"\n"

"For \"--generate\", required OPTIONS are:\n"

- "--root_key <privkeyfile>\tPrivate root key file\n"

- "--firmware_sign_key <privkeyfile>\tPrivate signing key file\n"

- "--firmware_sign_key_pub <pubkeyfile>\tPre-processed public signing"

+ " --root_key <privkeyfile>\t\tPrivate root key file\n"

+ " --firmware_key_pub <pubkeyfile>\tPre-processed public signing"

" key\n"

- "--firmware_sign_algorithm <algoid>\tSigning algorithm to use\n"

- "--firmware_key_version <version#>\tSigning Key Version#\n"

- "--firmware_version <version#>\tFirmware Version#\n"

- "--in <infile>\t\t\tFirmware Image to sign\n"

- "--out <outfile>\t\t\tOutput file for verified boot firmware image\n"

+ " --firmware_sign_algorithm <algoid>\tSigning algorithm to use\n"

+ " --firmware_key_version <version#>\tSigning Key Version#\n"

+ "OR\n"

+ " --subkey_in <subkeyfile>\t\tExisting key signature header\n"

+ "\n"

+ " --firmware_key <privkeyfile>\tPrivate signing key file\n"

+ " --firmware_version <version#>\tFirmware Version#\n"

+ " --in <infile>\t\t\tFirmware Image to sign\n"

+ " --out <outfile>\t\tOutput file for verified boot firmware image\n"

"\n"

"Optional:\n"

- " --vblock\t\t\tJust output the verification block\n"

+ " --subkey_out\t\t\tJust output the subkey (key verification) header\n"

+ " --vblock\t\t\tJust output the verification block\n"

"\n"

"<algoid> (for --sign-algorithm) is one of the following:\n";

for (int i = 0; i < kNumAlgorithms; i++) {

@@ -83,6 +92,7 @@ bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) {

OPT_ROOT_KEY_PUB,

OPT_FIRMWARE_KEY,

OPT_FIRMWARE_KEY_PUB,

+ OPT_SUBKEY_IN,

OPT_FIRMWARE_SIGN_ALGORITHM,

OPT_FIRMWARE_KEY_VERSION,

OPT_FIRMWARE_VERSION,

@@ -92,12 +102,14 @@ bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) {

OPT_VERIFY,

OPT_DESCRIBE,

OPT_VBLOCK,

+ OPT_SUBKEY_OUT,

};

static struct option long_options[] = {

{"root_key", 1, 0, OPT_ROOT_KEY },

{"root_key_pub", 1, 0, OPT_ROOT_KEY_PUB },

{"firmware_key", 1, 0, OPT_FIRMWARE_KEY },

{"firmware_key_pub", 1, 0, OPT_FIRMWARE_KEY_PUB },

+ {"subkey_in", 1, 0, OPT_SUBKEY_IN },

{"firmware_sign_algorithm", 1, 0, OPT_FIRMWARE_SIGN_ALGORITHM },

{"firmware_key_version", 1, 0, OPT_FIRMWARE_KEY_VERSION },

{"firmware_version", 1, 0, OPT_FIRMWARE_VERSION },

@@ -107,6 +119,7 @@ bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) {

{"verify", 0, 0, OPT_VERIFY },

{"describe", 0, 0, OPT_DESCRIBE },

{"vblock", 0, 0, OPT_VBLOCK },

+ {"subkey_out", 0, 0, OPT_SUBKEY_OUT },

{NULL, 0, 0, 0}

};

while ((i = getopt_long(argc, argv, "", long_options, &option_index)) != -1) {

@@ -126,6 +139,9 @@ bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) {

case OPT_FIRMWARE_KEY_PUB:

firmware_key_pub_file_ = optarg;

break;

+ case OPT_SUBKEY_IN:

+ subkey_in_file_ = optarg;

+ break;

case OPT_FIRMWARE_SIGN_ALGORITHM:

firmware_sign_algorithm_ = strtol(optarg, &e, 0);

if (!*optarg || (e && *e)) {

@@ -171,6 +187,9 @@ bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) {

case OPT_VBLOCK:

is_only_vblock_ = true;

break;

+ case OPT_SUBKEY_OUT:

+ is_subkey_out_ = true;

+ break;

}

return CheckOptions();

@@ -179,7 +198,9 @@ bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) {

void FirmwareUtility::OutputSignedImage(void) {

if (image_) {

- if (!WriteFirmwareImage(out_file_.c_str(), image_, is_only_vblock_)) {

+ if (!WriteFirmwareImage(out_file_.c_str(), image_,

+ is_only_vblock_,

+ is_subkey_out_)) {

cerr << "Couldn't write verified boot image to file "

<< out_file_ <<".\n";

}

@@ -196,27 +217,106 @@ void FirmwareUtility::DescribeSignedImage(void) {

bool FirmwareUtility::GenerateSignedImage(void) {

uint64_t firmware_sign_key_pub_len;

- image_ = FirmwareImageNew();

+ image_ = FirmwareImageNew();

Memcpy(image_->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE);

- // Copy pre-processed public signing key.

- image_->firmware_sign_algorithm = (uint16_t) firmware_sign_algorithm_;

- image_->firmware_sign_key = BufferFromFile(

- firmware_key_pub_file_.c_str(),

- &firmware_sign_key_pub_len);

- if (!image_->firmware_sign_key)

- return false;

- image_->firmware_key_version = firmware_key_version_;

+ if (subkey_in_file_.empty()) {

+ // We muse generate the firmware key signature header (subkey header)

+ // ourselves.

+ // Copy pre-processed public signing key.

+ image_->firmware_sign_algorithm = (uint16_t) firmware_sign_algorithm_;

+ image_->firmware_sign_key = BufferFromFile(

+ firmware_key_pub_file_.c_str(),

+ &firmware_sign_key_pub_len);

+ if (!image_->firmware_sign_key)

+ return false;

+ image_->firmware_key_version = firmware_key_version_;

+ // Update header length.

+ image_->header_len = GetFirmwareHeaderLen(image_);

- // Update header length.

- image_->header_len = GetFirmwareHeaderLen(image_);

+ // Calculate header checksum.

+ CalculateFirmwareHeaderChecksum(image_, image_->header_checksum);

- // Calculate header checksum.

- CalculateFirmwareHeaderChecksum(image_, image_->header_checksum);

+ image_->firmware_version = firmware_version_;

+ image_->firmware_len = 0;

+ // Generate and add the key signatures.

+ if (!AddFirmwareKeySignature(image_, root_key_file_.c_str())) {

+ cerr << "Couldn't write key signature to verified boot image.\n";

+ return false;

+ }

+ } else {

+ // Use existing subkey header.

+ MemcpyState st;

+ uint8_t* subkey_header_buf = NULL;

+ uint64_t subkey_len;

+ int header_len;

+ int firmware_sign_key_len;

+ uint8_t header_checksum[FIELD_LEN(header_checksum)];

+ subkey_header_buf = BufferFromFile(subkey_in_file_.c_str(), &subkey_len);

+ if (!subkey_header_buf) {

+ cerr << "Couldn't read subkey header from file %s\n"

+ << subkey_in_file_.c_str();

+ return false;

+ }

+ st.remaining_len = subkey_len;

+ st.remaining_buf = subkey_header_buf;

+ st.overrun = 0;

+ // TODO(gauravsh): This is basically the same code as the first half of

+ // of ReadFirmwareImage(). Refactor to eliminate code duplication.

+ StatefulMemcpy(&st, &image_->header_len, FIELD_LEN(header_len));

+ StatefulMemcpy(&st, &image_->firmware_sign_algorithm,

+ FIELD_LEN(firmware_sign_algorithm));

+ // Valid Algorithm?

+ if (image_->firmware_sign_algorithm >= kNumAlgorithms) {

+ Free(subkey_header_buf);

+ return NULL;

+ }

+ // Compute size of pre-processed RSA public key and signature.

+ firmware_sign_key_len = RSAProcessedKeySize(image_->firmware_sign_algorithm);

+ // Check whether the header length is correct.

+ header_len = GetFirmwareHeaderLen(image_);

+ if (header_len != image_->header_len) {

+ debug("Header length mismatch. Got: %d Expected: %d\n",

+ image_->header_len, header_len);

+ Free(subkey_header_buf);

+ return NULL;

+ }

+ // Read pre-processed public half of the sign key.

+ StatefulMemcpy(&st, &image_->firmware_key_version,

+ FIELD_LEN(firmware_key_version));

+ image_->firmware_sign_key = (uint8_t*) Malloc(firmware_sign_key_len);

+ StatefulMemcpy(&st, image_->firmware_sign_key, firmware_sign_key_len);

+ StatefulMemcpy(&st, image_->header_checksum, FIELD_LEN(header_checksum));

+ // Check whether the header checksum matches.

+ CalculateFirmwareHeaderChecksum(image_, header_checksum);

+ if (SafeMemcmp(header_checksum, image_->header_checksum,

+ FIELD_LEN(header_checksum))) {

+ debug("Invalid firmware header checksum!\n");

+ Free(subkey_header_buf);

+ return NULL;

+ }

+ // Read key signature.

+ StatefulMemcpy(&st, image_->firmware_key_signature,

+ FIELD_LEN(firmware_key_signature));

+ Free(subkey_header_buf);

+ if (st.overrun || st.remaining_len != 0) // Overrun or underrun.

+ return false;

+ return true;

+ }

- image_->firmware_version = firmware_version_;

- image_->firmware_len = 0;

// TODO(gauravsh): Populate this with the right bytes once we decide

// what goes into the preamble.

Memset(image_->preamble, 'P', FIRMWARE_PREAMBLE_SIZE);

@@ -224,11 +324,6 @@ bool FirmwareUtility::GenerateSignedImage(void) {

&image_->firmware_len);

if (!image_->firmware_data)

return false;

- // Generate and add the signatures.

- if (!AddFirmwareKeySignature(image_, root_key_file_.c_str())) {

- cerr << "Couldn't write key signature to verified boot image.\n";

- return false;

- }

if (!AddFirmwareSignature(image_, firmware_key_file_.c_str())) {

cerr << "Couldn't write firmware signature to verified boot image.\n";

@@ -279,30 +374,34 @@ bool FirmwareUtility::CheckOptions(void) {

}

// Required options for --generate.

if (is_generate_) {

- if (root_key_file_.empty()) {

- cerr << "No root key file specified." << "\n";

- return false;

- }

- if (firmware_version_ <= 0 || firmware_version_ > UINT16_MAX) {

- cerr << "Invalid or no firmware version specified." << "\n";

- return false;

+ if (subkey_in_file_.empty()) {

+ // Root key, kernel signing public key, and firmware signing

+ // algorithm are required to generate the key signature header.

+ if (root_key_file_.empty()) {

+ cerr << "No root key file specified." << "\n";

+ return false;

+ }

+ if (firmware_key_pub_file_.empty()) {

+ cerr << "No pre-processed public signing key file specified." << "\n";

+ return false;

+ }

+ if (firmware_key_version_ <= 0 || firmware_key_version_ > UINT16_MAX) {

+ cerr << "Invalid or no key version specified." << "\n";

+ return false;

+ }

+ if (firmware_sign_algorithm_ < 0 ||

+ firmware_sign_algorithm_ >= kNumAlgorithms) {

+ cerr << "Invalid or no signing key algorithm specified." << "\n";

+ return false;

+ }

}

if (firmware_key_file_.empty()) {

cerr << "No signing key file specified." << "\n";

- return false;

- }

- if (firmware_key_pub_file_.empty()) {

- cerr << "No pre-processed public signing key file specified." << "\n";

- return false;

- }

- if (firmware_key_version_ <= 0 || firmware_key_version_ > UINT16_MAX) {

- cerr << "Invalid or no key version specified." << "\n";

- return false;

- }

- if (firmware_sign_algorithm_ < 0 ||

- firmware_sign_algorithm_ >= kNumAlgorithms) {

- cerr << "Invalid or no signing key algorithm specified." << "\n";

- return false;

+ return false;

+ }

+ if (firmware_version_ <= 0 || firmware_version_ > UINT16_MAX) {

+ cerr << "Invalid or no firmware version specified." << "\n";

+ return false;

}

if (out_file_.empty()) {

cerr <<"No output file specified." << "\n";

@@ -312,7 +411,6 @@ bool FirmwareUtility::CheckOptions(void) {

return true;

}

} // namespace vboot_reference

int main(int argc, char* argv[]) {

« no previous file with comments | « no previous file | src/platform/vboot_reference/utility/include/firmware_utility.h » ('j') | no next file with comments »