| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Common functions between firmware and kernel verified boot. | 5 * Common functions between firmware and kernel verified boot. |
| 6 * (Firmware portion) | 6 * (Firmware portion) |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 | 9 |
| 10 #include "vboot_common.h" | 10 #include "vboot_common.h" |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 dest->key_version = src->key_version; | 102 dest->key_version = src->key_version; |
| 103 Memcpy(GetPublicKeyData(dest), GetPublicKeyDataC(src), src->key_size); | 103 Memcpy(GetPublicKeyData(dest), GetPublicKeyDataC(src), src->key_size); |
| 104 return 0; | 104 return 0; |
| 105 } | 105 } |
| 106 | 106 |
| 107 | 107 |
| 108 RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) { | 108 RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) { |
| 109 RSAPublicKey *rsa; | 109 RSAPublicKey *rsa; |
| 110 | 110 |
| 111 if (kNumAlgorithms <= key->algorithm) { | 111 if (kNumAlgorithms <= key->algorithm) { |
| 112 debug("Invalid algorithm.\n"); | 112 VBDEBUG(("Invalid algorithm.\n")); |
| 113 return NULL; | 113 return NULL; |
| 114 } | 114 } |
| 115 if (RSAProcessedKeySize((int)key->algorithm) != (int)key->key_size) { | 115 if (RSAProcessedKeySize((int)key->algorithm) != (int)key->key_size) { |
| 116 debug("Wrong key size for algorithm\n"); | 116 VBDEBUG(("Wrong key size for algorithm\n")); |
| 117 return NULL; | 117 return NULL; |
| 118 } | 118 } |
| 119 | 119 |
| 120 rsa = RSAPublicKeyFromBuf(GetPublicKeyDataC(key), (int)key->key_size); | 120 rsa = RSAPublicKeyFromBuf(GetPublicKeyDataC(key), (int)key->key_size); |
| 121 if (!rsa) | 121 if (!rsa) |
| 122 return NULL; | 122 return NULL; |
| 123 | 123 |
| 124 rsa->algorithm = (int)key->algorithm; | 124 rsa->algorithm = (int)key->algorithm; |
| 125 return rsa; | 125 return rsa; |
| 126 } | 126 } |
| 127 | 127 |
| 128 | 128 |
| 129 int VerifyData(const uint8_t* data, const VbSignature *sig, | 129 int VerifyData(const uint8_t* data, const VbSignature *sig, |
| 130 const RSAPublicKey* key) { | 130 const RSAPublicKey* key) { |
| 131 | 131 |
| 132 if (sig->sig_size != siglen_map[key->algorithm]) { | 132 if (sig->sig_size != siglen_map[key->algorithm]) { |
| 133 debug("Wrong signature size for algorithm.\n"); | 133 VBDEBUG(("Wrong signature size for algorithm.\n")); |
| 134 return 1; | 134 return 1; |
| 135 } | 135 } |
| 136 | 136 |
| 137 if (!RSAVerifyBinary_f(NULL, key, data, sig->data_size, | 137 if (!RSAVerifyBinary_f(NULL, key, data, sig->data_size, |
| 138 GetSignatureDataC(sig), key->algorithm)) | 138 GetSignatureDataC(sig), key->algorithm)) |
| 139 return 1; | 139 return 1; |
| 140 | 140 |
| 141 return 0; | 141 return 0; |
| 142 } | 142 } |
| 143 | 143 |
| 144 | 144 |
| 145 int VerifyDigest(const uint8_t* digest, const VbSignature *sig, | 145 int VerifyDigest(const uint8_t* digest, const VbSignature *sig, |
| 146 const RSAPublicKey* key) { | 146 const RSAPublicKey* key) { |
| 147 | 147 |
| 148 if (sig->sig_size != siglen_map[key->algorithm]) { | 148 if (sig->sig_size != siglen_map[key->algorithm]) { |
| 149 debug("Wrong signature size for algorithm.\n"); | 149 VBDEBUG(("Wrong signature size for algorithm.\n")); |
| 150 return 1; | 150 return 1; |
| 151 } | 151 } |
| 152 | 152 |
| 153 if (!RSAVerifyBinaryWithDigest_f(NULL, key, digest, | 153 if (!RSAVerifyBinaryWithDigest_f(NULL, key, digest, |
| 154 GetSignatureDataC(sig), key->algorithm)) | 154 GetSignatureDataC(sig), key->algorithm)) |
| 155 return 1; | 155 return 1; |
| 156 | 156 |
| 157 return 0; | 157 return 0; |
| 158 } | 158 } |
| 159 | 159 |
| 160 | 160 |
| 161 int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, | 161 int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, |
| 162 const VbPublicKey *key) { | 162 const VbPublicKey *key) { |
| 163 | 163 |
| 164 const VbSignature* sig; | 164 const VbSignature* sig; |
| 165 | 165 |
| 166 /* Sanity checks before attempting signature of data */ | 166 /* Sanity checks before attempting signature of data */ |
| 167 if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) { | 167 if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) { |
| 168 debug("Not a valid verified boot key block.\n"); | 168 VBDEBUG(("Not a valid verified boot key block.\n")); |
| 169 return VBOOT_KEY_BLOCK_INVALID; | 169 return VBOOT_KEY_BLOCK_INVALID; |
| 170 } | 170 } |
| 171 if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) { | 171 if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) { |
| 172 debug("Incompatible key block header version.\n"); | 172 VBDEBUG(("Incompatible key block header version.\n")); |
| 173 return VBOOT_KEY_BLOCK_INVALID; | 173 return VBOOT_KEY_BLOCK_INVALID; |
| 174 } | 174 } |
| 175 if (size < block->key_block_size) { | 175 if (size < block->key_block_size) { |
| 176 debug("Not enough data for key block.\n"); | 176 VBDEBUG(("Not enough data for key block.\n")); |
| 177 return VBOOT_KEY_BLOCK_INVALID; | 177 return VBOOT_KEY_BLOCK_INVALID; |
| 178 } | 178 } |
| 179 | 179 |
| 180 /* Check signature or hash, depending on whether we have a key. */ | 180 /* Check signature or hash, depending on whether we have a key. */ |
| 181 if (key) { | 181 if (key) { |
| 182 /* Check signature */ | 182 /* Check signature */ |
| 183 RSAPublicKey* rsa; | 183 RSAPublicKey* rsa; |
| 184 int rv; | 184 int rv; |
| 185 | 185 |
| 186 sig = &block->key_block_signature; | 186 sig = &block->key_block_signature; |
| 187 | 187 |
| 188 if (VerifySignatureInside(block, block->key_block_size, sig)) { | 188 if (VerifySignatureInside(block, block->key_block_size, sig)) { |
| 189 debug("Key block signature off end of block\n"); | 189 VBDEBUG(("Key block signature off end of block\n")); |
| 190 return VBOOT_KEY_BLOCK_INVALID; | 190 return VBOOT_KEY_BLOCK_INVALID; |
| 191 } | 191 } |
| 192 | 192 |
| 193 rsa = PublicKeyToRSA(key); | 193 rsa = PublicKeyToRSA(key); |
| 194 if (!rsa) { | 194 if (!rsa) { |
| 195 debug("Invalid public key\n"); | 195 VBDEBUG(("Invalid public key\n")); |
| 196 return VBOOT_PUBLIC_KEY_INVALID; | 196 return VBOOT_PUBLIC_KEY_INVALID; |
| 197 } | 197 } |
| 198 rv = VerifyData((const uint8_t*)block, sig, rsa); | 198 rv = VerifyData((const uint8_t*)block, sig, rsa); |
| 199 RSAPublicKeyFree(rsa); | 199 RSAPublicKeyFree(rsa); |
| 200 if (rv) | 200 if (rv) |
| 201 return VBOOT_KEY_BLOCK_SIGNATURE; | 201 return VBOOT_KEY_BLOCK_SIGNATURE; |
| 202 | 202 |
| 203 } else { | 203 } else { |
| 204 /* Check hash */ | 204 /* Check hash */ |
| 205 uint8_t* header_checksum = NULL; | 205 uint8_t* header_checksum = NULL; |
| 206 int rv; | 206 int rv; |
| 207 | 207 |
| 208 sig = &block->key_block_checksum; | 208 sig = &block->key_block_checksum; |
| 209 | 209 |
| 210 if (VerifySignatureInside(block, block->key_block_size, sig)) { | 210 if (VerifySignatureInside(block, block->key_block_size, sig)) { |
| 211 debug("Key block hash off end of block\n"); | 211 VBDEBUG(("Key block hash off end of block\n")); |
| 212 return VBOOT_KEY_BLOCK_INVALID; | 212 return VBOOT_KEY_BLOCK_INVALID; |
| 213 } | 213 } |
| 214 if (sig->sig_size != SHA512_DIGEST_SIZE) { | 214 if (sig->sig_size != SHA512_DIGEST_SIZE) { |
| 215 debug("Wrong hash size for key block.\n"); | 215 VBDEBUG(("Wrong hash size for key block.\n")); |
| 216 return VBOOT_KEY_BLOCK_INVALID; | 216 return VBOOT_KEY_BLOCK_INVALID; |
| 217 } | 217 } |
| 218 | 218 |
| 219 header_checksum = DigestBuf((const uint8_t*)block, sig->data_size, | 219 header_checksum = DigestBuf((const uint8_t*)block, sig->data_size, |
| 220 SHA512_DIGEST_ALGORITHM); | 220 SHA512_DIGEST_ALGORITHM); |
| 221 rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), | 221 rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), |
| 222 SHA512_DIGEST_SIZE); | 222 SHA512_DIGEST_SIZE); |
| 223 Free(header_checksum); | 223 Free(header_checksum); |
| 224 if (rv) { | 224 if (rv) { |
| 225 debug("Invalid key block hash.\n"); | 225 VBDEBUG(("Invalid key block hash.\n")); |
| 226 return VBOOT_KEY_BLOCK_HASH; | 226 return VBOOT_KEY_BLOCK_HASH; |
| 227 } | 227 } |
| 228 } | 228 } |
| 229 | 229 |
| 230 /* Verify we signed enough data */ | 230 /* Verify we signed enough data */ |
| 231 if (sig->data_size < sizeof(VbKeyBlockHeader)) { | 231 if (sig->data_size < sizeof(VbKeyBlockHeader)) { |
| 232 debug("Didn't sign enough data\n"); | 232 VBDEBUG(("Didn't sign enough data\n")); |
| 233 return VBOOT_KEY_BLOCK_INVALID; | 233 return VBOOT_KEY_BLOCK_INVALID; |
| 234 } | 234 } |
| 235 | 235 |
| 236 /* Verify data key is inside the block and inside signed data */ | 236 /* Verify data key is inside the block and inside signed data */ |
| 237 if (VerifyPublicKeyInside(block, block->key_block_size, &block->data_key)) { | 237 if (VerifyPublicKeyInside(block, block->key_block_size, &block->data_key)) { |
| 238 debug("Data key off end of key block\n"); | 238 VBDEBUG(("Data key off end of key block\n")); |
| 239 return VBOOT_KEY_BLOCK_INVALID; | 239 return VBOOT_KEY_BLOCK_INVALID; |
| 240 } | 240 } |
| 241 if (VerifyPublicKeyInside(block, sig->data_size, &block->data_key)) { | 241 if (VerifyPublicKeyInside(block, sig->data_size, &block->data_key)) { |
| 242 debug("Data key off end of signed data\n"); | 242 VBDEBUG(("Data key off end of signed data\n")); |
| 243 return VBOOT_KEY_BLOCK_INVALID; | 243 return VBOOT_KEY_BLOCK_INVALID; |
| 244 } | 244 } |
| 245 | 245 |
| 246 /* Success */ | 246 /* Success */ |
| 247 return VBOOT_SUCCESS; | 247 return VBOOT_SUCCESS; |
| 248 } | 248 } |
| 249 | 249 |
| 250 | 250 |
| 251 int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble, | 251 int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble, |
| 252 uint64_t size, const RSAPublicKey* key) { | 252 uint64_t size, const RSAPublicKey* key) { |
| 253 | 253 |
| 254 const VbSignature* sig = &preamble->preamble_signature; | 254 const VbSignature* sig = &preamble->preamble_signature; |
| 255 | 255 |
| 256 /* Sanity checks before attempting signature of data */ | 256 /* Sanity checks before attempting signature of data */ |
| 257 if (preamble->header_version_major != | 257 if (preamble->header_version_major != |
| 258 FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) { | 258 FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) { |
| 259 debug("Incompatible firmware preamble header version.\n"); | 259 VBDEBUG(("Incompatible firmware preamble header version.\n")); |
| 260 return VBOOT_PREAMBLE_INVALID; | 260 return VBOOT_PREAMBLE_INVALID; |
| 261 } | 261 } |
| 262 if (size < preamble->preamble_size) { | 262 if (size < preamble->preamble_size) { |
| 263 debug("Not enough data for preamble.\n"); | 263 VBDEBUG(("Not enough data for preamble.\n")); |
| 264 return VBOOT_PREAMBLE_INVALID; | 264 return VBOOT_PREAMBLE_INVALID; |
| 265 } | 265 } |
| 266 | 266 |
| 267 /* Check signature */ | 267 /* Check signature */ |
| 268 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { | 268 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { |
| 269 debug("Preamble signature off end of preamble\n"); | 269 VBDEBUG(("Preamble signature off end of preamble\n")); |
| 270 return VBOOT_PREAMBLE_INVALID; | 270 return VBOOT_PREAMBLE_INVALID; |
| 271 } | 271 } |
| 272 if (VerifyData((const uint8_t*)preamble, sig, key)) { | 272 if (VerifyData((const uint8_t*)preamble, sig, key)) { |
| 273 debug("Preamble signature validation failed\n"); | 273 VBDEBUG(("Preamble signature validation failed\n")); |
| 274 return VBOOT_PREAMBLE_SIGNATURE; | 274 return VBOOT_PREAMBLE_SIGNATURE; |
| 275 } | 275 } |
| 276 | 276 |
| 277 /* Verify we signed enough data */ | 277 /* Verify we signed enough data */ |
| 278 if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) { | 278 if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) { |
| 279 debug("Didn't sign enough data\n"); | 279 VBDEBUG(("Didn't sign enough data\n")); |
| 280 return VBOOT_PREAMBLE_INVALID; | 280 return VBOOT_PREAMBLE_INVALID; |
| 281 } | 281 } |
| 282 | 282 |
| 283 /* Verify body signature is inside the block */ | 283 /* Verify body signature is inside the block */ |
| 284 if (VerifySignatureInside(preamble, preamble->preamble_size, | 284 if (VerifySignatureInside(preamble, preamble->preamble_size, |
| 285 &preamble->body_signature)) { | 285 &preamble->body_signature)) { |
| 286 debug("Firmware body signature off end of preamble\n"); | 286 VBDEBUG(("Firmware body signature off end of preamble\n")); |
| 287 return VBOOT_PREAMBLE_INVALID; | 287 return VBOOT_PREAMBLE_INVALID; |
| 288 } | 288 } |
| 289 | 289 |
| 290 /* Verify kernel subkey is inside the block */ | 290 /* Verify kernel subkey is inside the block */ |
| 291 if (VerifyPublicKeyInside(preamble, preamble->preamble_size, | 291 if (VerifyPublicKeyInside(preamble, preamble->preamble_size, |
| 292 &preamble->kernel_subkey)) { | 292 &preamble->kernel_subkey)) { |
| 293 debug("Kernel subkey off end of preamble\n"); | 293 VBDEBUG(("Kernel subkey off end of preamble\n")); |
| 294 return VBOOT_PREAMBLE_INVALID; | 294 return VBOOT_PREAMBLE_INVALID; |
| 295 } | 295 } |
| 296 | 296 |
| 297 /* Success */ | 297 /* Success */ |
| 298 return VBOOT_SUCCESS; | 298 return VBOOT_SUCCESS; |
| 299 } | 299 } |
| 300 | 300 |
| 301 | 301 |
| 302 int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble, | 302 int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble, |
| 303 uint64_t size, const RSAPublicKey* key) { | 303 uint64_t size, const RSAPublicKey* key) { |
| 304 | 304 |
| 305 const VbSignature* sig = &preamble->preamble_signature; | 305 const VbSignature* sig = &preamble->preamble_signature; |
| 306 | 306 |
| 307 /* Sanity checks before attempting signature of data */ | 307 /* Sanity checks before attempting signature of data */ |
| 308 if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) { | 308 if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) { |
| 309 debug("Incompatible kernel preamble header version.\n"); | 309 VBDEBUG(("Incompatible kernel preamble header version.\n")); |
| 310 return VBOOT_PREAMBLE_INVALID; | 310 return VBOOT_PREAMBLE_INVALID; |
| 311 } | 311 } |
| 312 if (size < preamble->preamble_size) { | 312 if (size < preamble->preamble_size) { |
| 313 debug("Not enough data for preamble.\n"); | 313 VBDEBUG(("Not enough data for preamble.\n")); |
| 314 return VBOOT_PREAMBLE_INVALID; | 314 return VBOOT_PREAMBLE_INVALID; |
| 315 } | 315 } |
| 316 | 316 |
| 317 /* Check signature */ | 317 /* Check signature */ |
| 318 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { | 318 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { |
| 319 debug("Preamble signature off end of preamble\n"); | 319 VBDEBUG(("Preamble signature off end of preamble\n")); |
| 320 return VBOOT_PREAMBLE_INVALID; | 320 return VBOOT_PREAMBLE_INVALID; |
| 321 } | 321 } |
| 322 if (VerifyData((const uint8_t*)preamble, sig, key)) { | 322 if (VerifyData((const uint8_t*)preamble, sig, key)) { |
| 323 debug("Preamble signature validation failed\n"); | 323 VBDEBUG(("Preamble signature validation failed\n")); |
| 324 return VBOOT_PREAMBLE_SIGNATURE; | 324 return VBOOT_PREAMBLE_SIGNATURE; |
| 325 } | 325 } |
| 326 | 326 |
| 327 /* Verify we signed enough data */ | 327 /* Verify we signed enough data */ |
| 328 if (sig->data_size < sizeof(VbKernelPreambleHeader)) { | 328 if (sig->data_size < sizeof(VbKernelPreambleHeader)) { |
| 329 debug("Didn't sign enough data\n"); | 329 VBDEBUG(("Didn't sign enough data\n")); |
| 330 return VBOOT_PREAMBLE_INVALID; | 330 return VBOOT_PREAMBLE_INVALID; |
| 331 } | 331 } |
| 332 | 332 |
| 333 /* Verify body signature is inside the block */ | 333 /* Verify body signature is inside the block */ |
| 334 if (VerifySignatureInside(preamble, preamble->preamble_size, | 334 if (VerifySignatureInside(preamble, preamble->preamble_size, |
| 335 &preamble->body_signature)) { | 335 &preamble->body_signature)) { |
| 336 debug("Kernel body signature off end of preamble\n"); | 336 VBDEBUG(("Kernel body signature off end of preamble\n")); |
| 337 return VBOOT_PREAMBLE_INVALID; | 337 return VBOOT_PREAMBLE_INVALID; |
| 338 } | 338 } |
| 339 | 339 |
| 340 /* Success */ | 340 /* Success */ |
| 341 return VBOOT_SUCCESS; | 341 return VBOOT_SUCCESS; |
| 342 } | 342 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2810026:
Add VBDEBUG macro for debug output. (Closed)
Base URL: ssh://gitrw.chromium.org/vboot_reference.git