OLD | NEW |
(Empty) | |
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. |
| 4 * |
| 5 * Host functions for verified boot. |
| 6 */ |
| 7 |
| 8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ |
| 9 |
| 10 #if 0 |
| 11 #define OPENSSL_NO_SHA |
| 12 #include <openssl/engine.h> |
| 13 #include <openssl/pem.h> |
| 14 #include <openssl/rsa.h> |
| 15 |
| 16 #include <stdio.h> |
| 17 #include <stdlib.h> |
| 18 #include <unistd.h> |
| 19 #include "file_keys.h" |
| 20 #endif |
| 21 |
| 22 #include "host_common.h" |
| 23 |
| 24 #include "cryptolib.h" |
| 25 #include "utility.h" |
| 26 #include "vboot_common.h" |
| 27 |
| 28 |
| 29 VbKeyBlockHeader* CreateKeyBlock(const VbPublicKey* data_key, |
| 30 const VbPrivateKey* signing_key, |
| 31 uint64_t flags) { |
| 32 |
| 33 VbKeyBlockHeader* h; |
| 34 uint64_t signed_size = sizeof(VbKeyBlockHeader) + data_key->key_size; |
| 35 uint64_t block_size = (signed_size + SHA512_DIGEST_SIZE + |
| 36 siglen_map[signing_key->algorithm]); |
| 37 uint8_t* data_key_dest; |
| 38 uint8_t* block_sig_dest; |
| 39 uint8_t* block_chk_dest; |
| 40 VbSignature *sigtmp; |
| 41 |
| 42 /* Allocate key block */ |
| 43 h = (VbKeyBlockHeader*)Malloc(block_size); |
| 44 if (!h) |
| 45 return NULL; |
| 46 data_key_dest = (uint8_t*)(h + 1); |
| 47 block_chk_dest = data_key_dest + data_key->key_size; |
| 48 block_sig_dest = block_chk_dest + SHA512_DIGEST_SIZE; |
| 49 |
| 50 Memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); |
| 51 h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; |
| 52 h->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; |
| 53 h->key_block_size = block_size; |
| 54 h->key_block_flags = flags; |
| 55 |
| 56 /* Copy data key */ |
| 57 PublicKeyInit(&h->data_key, data_key_dest, data_key->key_size); |
| 58 PublicKeyCopy(&h->data_key, data_key); |
| 59 |
| 60 /* Set up signature structs so we can calculate the signatures */ |
| 61 SignatureInit(&h->key_block_checksum, block_chk_dest, |
| 62 SHA512_DIGEST_SIZE, signed_size); |
| 63 SignatureInit(&h->key_block_signature, block_sig_dest, |
| 64 siglen_map[signing_key->algorithm], signed_size); |
| 65 |
| 66 /* Calculate checksum */ |
| 67 sigtmp = CalculateChecksum((uint8_t*)h, signed_size); |
| 68 SignatureCopy(&h->key_block_checksum, sigtmp); |
| 69 Free(sigtmp); |
| 70 |
| 71 /* Calculate signature */ |
| 72 sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key); |
| 73 SignatureCopy(&h->key_block_signature, sigtmp); |
| 74 Free(sigtmp); |
| 75 |
| 76 /* Return the header */ |
| 77 return h; |
| 78 } |
| 79 |
| 80 |
| 81 VbFirmwarePreambleHeader* CreateFirmwarePreamble( |
| 82 uint64_t firmware_version, |
| 83 const VbPublicKey* kernel_subkey, |
| 84 const VbSignature* body_signature, |
| 85 const VbPrivateKey* signing_key) { |
| 86 |
| 87 VbFirmwarePreambleHeader* h; |
| 88 uint64_t signed_size = (sizeof(VbFirmwarePreambleHeader) + |
| 89 kernel_subkey->key_size + |
| 90 body_signature->sig_size); |
| 91 uint64_t block_size = signed_size + siglen_map[signing_key->algorithm]; |
| 92 uint8_t* kernel_subkey_dest; |
| 93 uint8_t* body_sig_dest; |
| 94 uint8_t* block_sig_dest; |
| 95 VbSignature *sigtmp; |
| 96 |
| 97 /* Allocate key block */ |
| 98 h = (VbFirmwarePreambleHeader*)Malloc(block_size); |
| 99 if (!h) |
| 100 return NULL; |
| 101 kernel_subkey_dest = (uint8_t*)(h + 1); |
| 102 body_sig_dest = kernel_subkey_dest + kernel_subkey->key_size; |
| 103 block_sig_dest = body_sig_dest + body_signature->sig_size; |
| 104 |
| 105 h->header_version_major = FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR; |
| 106 h->header_version_minor = FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR; |
| 107 h->preamble_size = block_size; |
| 108 h->firmware_version = firmware_version; |
| 109 |
| 110 /* Copy data key */ |
| 111 PublicKeyInit(&h->kernel_subkey, kernel_subkey_dest, |
| 112 kernel_subkey->key_size); |
| 113 PublicKeyCopy(&h->kernel_subkey, kernel_subkey); |
| 114 |
| 115 /* Copy body signature */ |
| 116 SignatureInit(&h->body_signature, body_sig_dest, |
| 117 body_signature->sig_size, 0); |
| 118 SignatureCopy(&h->body_signature, body_signature); |
| 119 |
| 120 /* Set up signature struct so we can calculate the signature */ |
| 121 SignatureInit(&h->preamble_signature, block_sig_dest, |
| 122 siglen_map[signing_key->algorithm], signed_size); |
| 123 |
| 124 /* Calculate signature */ |
| 125 sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key); |
| 126 SignatureCopy(&h->preamble_signature, sigtmp); |
| 127 Free(sigtmp); |
| 128 |
| 129 /* Return the header */ |
| 130 return h; |
| 131 } |
| 132 |
| 133 |
| 134 /* Creates a kernel preamble, signed with [signing_key]. |
| 135 * Caller owns the returned pointer, and must free it with Free(). |
| 136 * |
| 137 * Returns NULL if error. */ |
| 138 VbKernelPreambleHeader* CreateKernelPreamble( |
| 139 uint64_t kernel_version, |
| 140 uint64_t body_load_address, |
| 141 uint64_t bootloader_address, |
| 142 uint64_t bootloader_size, |
| 143 const VbSignature* body_signature, |
| 144 const VbPrivateKey* signing_key) { |
| 145 |
| 146 VbKernelPreambleHeader* h; |
| 147 uint64_t signed_size = (sizeof(VbKernelPreambleHeader) + |
| 148 body_signature->sig_size); |
| 149 uint64_t block_size = signed_size + siglen_map[signing_key->algorithm]; |
| 150 uint8_t* body_sig_dest; |
| 151 uint8_t* block_sig_dest; |
| 152 VbSignature *sigtmp; |
| 153 |
| 154 /* Allocate key block */ |
| 155 h = (VbKernelPreambleHeader*)Malloc(block_size); |
| 156 if (!h) |
| 157 return NULL; |
| 158 body_sig_dest = (uint8_t*)(h + 1); |
| 159 block_sig_dest = body_sig_dest + body_signature->sig_size; |
| 160 |
| 161 h->header_version_major = KERNEL_PREAMBLE_HEADER_VERSION_MAJOR; |
| 162 h->header_version_minor = KERNEL_PREAMBLE_HEADER_VERSION_MINOR; |
| 163 h->preamble_size = block_size; |
| 164 h->kernel_version = kernel_version; |
| 165 h->body_load_address = body_load_address; |
| 166 h->bootloader_address = bootloader_address; |
| 167 h->bootloader_size = bootloader_size; |
| 168 |
| 169 /* Copy body signature */ |
| 170 SignatureInit(&h->body_signature, body_sig_dest, |
| 171 body_signature->sig_size, 0); |
| 172 SignatureCopy(&h->body_signature, body_signature); |
| 173 |
| 174 /* Set up signature struct so we can calculate the signature */ |
| 175 SignatureInit(&h->preamble_signature, block_sig_dest, |
| 176 siglen_map[signing_key->algorithm], signed_size); |
| 177 |
| 178 /* Calculate signature */ |
| 179 sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key); |
| 180 SignatureCopy(&h->preamble_signature, sigtmp); |
| 181 Free(sigtmp); |
| 182 |
| 183 /* Return the header */ |
| 184 return h; |
| 185 } |
OLD | NEW |