Major refactoring of structures, with unit tests.

vboot_firmware/lib/include/vboot_struct.h

Index: vboot_firmware/lib/include/vboot_struct.h
diff --git a/vboot_firmware/lib/include/vboot_struct.h b/vboot_firmware/lib/include/vboot_struct.h
new file mode 100644
index 0000000000000000000000000000000000000000..a1fab1c2798a6dbcb84db8dc3bde33f5e6b18b94
--- /dev/null
+++ b/vboot_firmware/lib/include/vboot_struct.h
@@ -0,0 +1,123 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Data structure definitions for verified boot, for on-disk / in-eeprom
+ * data.
+ */
+
+#ifndef VBOOT_REFERENCE_VBOOT_STRUCT_H_
+#define VBOOT_REFERENCE_VBOOT_STRUCT_H_
+
+#include <stdint.h>
+
+
+/* Public key data */
+typedef struct VbPublicKey {
+  uint64_t key_offset;     /* Offset of key data from start of this struct */
+  uint64_t key_size;       /* Size of key data in bytes */
+  uint64_t algorithm;      /* Signature algorithm used by the key */
+  uint64_t key_version;    /* Key version */
+} VbPublicKey;
+
+
+/* Signature data (a secure hash, possibly signed) */
+typedef struct VbSignature {
+  uint64_t sig_offset;  /* Offset of signature data from start of this
+                         * struct */
+  uint64_t sig_size;    /* Size of signature data from start of this struct */

[vb, 2010/06/10 17:37:49]

Shouldn't this be just 'size of signature data'?

Also, why do you need to use 8 byte fields? It might be required for offsets
(albeit I don't see files larger than 2^32 in size practical), but all other
fields could be 4 bytes and some of them - 2? Or is this to not worry about
packing?

Generally, structures shared between compilers, are better to be explicitly
packed and accompanied by some compile time checks verifying the layout.

+  uint64_t data_size;   /* Size of the data block which was signed in bytes */
+} VbSignature;
+
+
+#define KEY_BLOCK_MAGIC "CHROMEOS"
+#define KEY_BLOCK_MAGIC_SIZE 8

[vb, 2010/06/10 17:37:49]

would be more robust defined as (sizeof(KEY_BLOCK_MAGIC) - 1)

+
+#define KEY_BLOCK_HEADER_VERSION_MAJOR 2
+#define KEY_BLOCK_HEADER_VERSION_MINOR 1
+
+/* Flags for key_block_flags */
+/* The following flags set where the key is valid */
+#define KEY_BLOCK_FLAG_DEVELOPER_0  0x01ULL  /* Developer switch off */

[gauravsh, 2010/06/10 14:44:13]

UINT64_C(0x01) instead?

+#define KEY_BLOCK_FLAG_DEVELOPER_1  0x02ULL  /* Developer switch on */
+#define KEY_BLOCK_FLAG_RECOVERY_0   0x04ULL  /* Not recovery mode */
+#define KEY_BLOCK_FLAG_RECOVERY_1   0x08ULL  /* Recovery mode */
+
+/* Key block, containing the public key used to sign some other chunk
+ * of data. */
+typedef struct VbKeyBlockHeader {
+  uint8_t magic[KEY_BLOCK_MAGIC_SIZE];  /* Magic number */
+  uint32_t header_version_major;     /* Version of this header format */
+  uint32_t header_version_minor;     /* Version of this header format */
+  uint64_t key_block_size;           /* Length of this entire key block,
+                                      * including keys, signatures, and
+                                      * padding, in bytes */
+  VbSignature key_block_signature;   /* Signature for this key block
+                                      * (header + data pointed to by data_key)
+                                      * For use with signed data keys*/
+  VbSignature key_block_checksum;    /* SHA-512 checksum for this key block
+                                      * (header + data pointed to by data_key)
+                                      * For use with unsigned data keys */
+  uint64_t key_block_flags;          /* Flags for key (KEY_BLOCK_FLAG_*) */
+  VbPublicKey data_key;              /* Key to verify the chunk of data */
+} VbKeyBlockHeader;
+/* This should be followed by:
+ *   1) The data_key key data, pointed to by data_key.key_offset.
+ *   2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to
+ *      by key_block_checksum.sig_offset.
+ *   3) The signature data for (VBKeyBlockHeader + data_key data), pointed to
+ *      by key_block_signature.sig_offset. */
+
+
+#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
+#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 0
+
+/* Preamble block for rewritable firmware */
+typedef struct VbFirmwarePreambleHeader {
+  uint64_t preamble_size;            /* Size of this preamble, including keys,
+                                      * signatures, and padding, in bytes */
+  VbSignature preamble_signature;    /* Signature for this preamble
+                                      * (header + kernel subkey +
+                                      * body signature) */
+  uint32_t header_version_major;     /* Version of this header format */
+  uint32_t header_version_minor;     /* Version of this header format */
+
+  uint64_t firmware_version;         /* Firmware version */
+  VbPublicKey kernel_subkey;         /* Key to verify kernel key block */
+  VbSignature body_signature;        /* Signature for the firmware body */
+} VbFirmwarePreambleHeader;
+/* This should be followed by:
+ *   1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
+ *   2) The signature data for the firmware body, pointed to by
+ *      body_signature.sig_offset.
+ *   3) The signature data for (VBFirmwarePreambleHeader + kernel_subkey data
+ *      + body signature data), pointed to by
+ *      preamble_signature.sig_offset. */
+
+
+#define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2
+#define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 0
+
+/* Preamble block for kernel */
+typedef struct VbKernelPreambleHeader {
+  uint64_t preamble_size;            /* Size of this preamble, including keys,
+                                      * signatures, and padding, in bytes */
+  VbSignature preamble_signature;    /* Signature for this preamble
+                                      * (header + body signature) */
+  uint32_t header_version_major;     /* Version of this header format */
+  uint32_t header_version_minor;     /* Version of this header format */
+
+  uint64_t kernel_version;           /* Kernel version */
+  uint64_t body_load_address;        /* Load address for kernel body */
+  uint64_t bootloader_address;       /* Address of bootloader, after body is
+                                      * loaded at body_load_address */
+  uint64_t bootloader_size;          /* Size of bootloader in bytes */
+  VbSignature body_signature;        /* Signature for the kernel body */
+} VbKernelPreambleHeader;
+/* This should be followed by:
+ *   2) The signature data for the kernel body, pointed to by
+ *      body_signature.sig_offset.
+ *   3) The signature data for (VBFirmwarePreambleHeader + body signature
+ *      data), pointed to by preamble_signature.sig_offset. */
+
+#endif  /* VBOOT_REFERENCE_VBOOT_STRUCT_H_ */