OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Common functions between firmware and kernel verified boot. | 5 * Common functions between firmware and kernel verified boot. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 | 9 |
10 #include "vboot_common.h" | 10 #include "vboot_common.h" |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
102 dest->key_version = src->key_version; | 102 dest->key_version = src->key_version; |
103 Memcpy(GetPublicKeyData(dest), GetPublicKeyDataC(src), src->key_size); | 103 Memcpy(GetPublicKeyData(dest), GetPublicKeyDataC(src), src->key_size); |
104 return 0; | 104 return 0; |
105 } | 105 } |
106 | 106 |
107 | 107 |
108 RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) { | 108 RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) { |
109 RSAPublicKey *rsa; | 109 RSAPublicKey *rsa; |
110 | 110 |
111 if (kNumAlgorithms <= key->algorithm) { | 111 if (kNumAlgorithms <= key->algorithm) { |
112 debug("Invalid algorithm.\n"); | 112 VBDEBUG(("Invalid algorithm.\n")); |
113 return NULL; | 113 return NULL; |
114 } | 114 } |
115 if (RSAProcessedKeySize((int)key->algorithm) != (int)key->key_size) { | 115 if (RSAProcessedKeySize((int)key->algorithm) != (int)key->key_size) { |
116 debug("Wrong key size for algorithm\n"); | 116 VBDEBUG(("Wrong key size for algorithm\n")); |
117 return NULL; | 117 return NULL; |
118 } | 118 } |
119 | 119 |
120 rsa = RSAPublicKeyFromBuf(GetPublicKeyDataC(key), (int)key->key_size); | 120 rsa = RSAPublicKeyFromBuf(GetPublicKeyDataC(key), (int)key->key_size); |
121 if (!rsa) | 121 if (!rsa) |
122 return NULL; | 122 return NULL; |
123 | 123 |
124 rsa->algorithm = (int)key->algorithm; | 124 rsa->algorithm = (int)key->algorithm; |
125 return rsa; | 125 return rsa; |
126 } | 126 } |
127 | 127 |
128 | 128 |
129 int VerifyData(const uint8_t* data, const VbSignature *sig, | 129 int VerifyData(const uint8_t* data, const VbSignature *sig, |
130 const RSAPublicKey* key) { | 130 const RSAPublicKey* key) { |
131 | 131 |
132 if (sig->sig_size != siglen_map[key->algorithm]) { | 132 if (sig->sig_size != siglen_map[key->algorithm]) { |
133 debug("Wrong signature size for algorithm.\n"); | 133 VBDEBUG(("Wrong signature size for algorithm.\n")); |
134 return 1; | 134 return 1; |
135 } | 135 } |
136 | 136 |
137 if (!RSAVerifyBinary_f(NULL, key, data, sig->data_size, | 137 if (!RSAVerifyBinary_f(NULL, key, data, sig->data_size, |
138 GetSignatureDataC(sig), key->algorithm)) | 138 GetSignatureDataC(sig), key->algorithm)) |
139 return 1; | 139 return 1; |
140 | 140 |
141 return 0; | 141 return 0; |
142 } | 142 } |
143 | 143 |
144 | 144 |
145 int VerifyDigest(const uint8_t* digest, const VbSignature *sig, | 145 int VerifyDigest(const uint8_t* digest, const VbSignature *sig, |
146 const RSAPublicKey* key) { | 146 const RSAPublicKey* key) { |
147 | 147 |
148 if (sig->sig_size != siglen_map[key->algorithm]) { | 148 if (sig->sig_size != siglen_map[key->algorithm]) { |
149 debug("Wrong signature size for algorithm.\n"); | 149 VBDEBUG(("Wrong signature size for algorithm.\n")); |
150 return 1; | 150 return 1; |
151 } | 151 } |
152 | 152 |
153 if (!RSAVerifyBinaryWithDigest_f(NULL, key, digest, | 153 if (!RSAVerifyBinaryWithDigest_f(NULL, key, digest, |
154 GetSignatureDataC(sig), key->algorithm)) | 154 GetSignatureDataC(sig), key->algorithm)) |
155 return 1; | 155 return 1; |
156 | 156 |
157 return 0; | 157 return 0; |
158 } | 158 } |
159 | 159 |
160 | 160 |
161 int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, | 161 int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, |
162 const VbPublicKey *key) { | 162 const VbPublicKey *key) { |
163 | 163 |
164 const VbSignature* sig; | 164 const VbSignature* sig; |
165 | 165 |
166 /* Sanity checks before attempting signature of data */ | 166 /* Sanity checks before attempting signature of data */ |
167 if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) { | 167 if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) { |
168 debug("Not a valid verified boot key block.\n"); | 168 VBDEBUG(("Not a valid verified boot key block.\n")); |
169 return VBOOT_KEY_BLOCK_INVALID; | 169 return VBOOT_KEY_BLOCK_INVALID; |
170 } | 170 } |
171 if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) { | 171 if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) { |
172 debug("Incompatible key block header version.\n"); | 172 VBDEBUG(("Incompatible key block header version.\n")); |
173 return VBOOT_KEY_BLOCK_INVALID; | 173 return VBOOT_KEY_BLOCK_INVALID; |
174 } | 174 } |
175 if (size < block->key_block_size) { | 175 if (size < block->key_block_size) { |
176 debug("Not enough data for key block.\n"); | 176 VBDEBUG(("Not enough data for key block.\n")); |
177 return VBOOT_KEY_BLOCK_INVALID; | 177 return VBOOT_KEY_BLOCK_INVALID; |
178 } | 178 } |
179 | 179 |
180 /* Check signature or hash, depending on whether we have a key. */ | 180 /* Check signature or hash, depending on whether we have a key. */ |
181 if (key) { | 181 if (key) { |
182 /* Check signature */ | 182 /* Check signature */ |
183 RSAPublicKey* rsa; | 183 RSAPublicKey* rsa; |
184 int rv; | 184 int rv; |
185 | 185 |
186 sig = &block->key_block_signature; | 186 sig = &block->key_block_signature; |
187 | 187 |
188 if (VerifySignatureInside(block, block->key_block_size, sig)) { | 188 if (VerifySignatureInside(block, block->key_block_size, sig)) { |
189 debug("Key block signature off end of block\n"); | 189 VBDEBUG(("Key block signature off end of block\n")); |
190 return VBOOT_KEY_BLOCK_INVALID; | 190 return VBOOT_KEY_BLOCK_INVALID; |
191 } | 191 } |
192 | 192 |
193 rsa = PublicKeyToRSA(key); | 193 rsa = PublicKeyToRSA(key); |
194 if (!rsa) { | 194 if (!rsa) { |
195 debug("Invalid public key\n"); | 195 VBDEBUG(("Invalid public key\n")); |
196 return VBOOT_PUBLIC_KEY_INVALID; | 196 return VBOOT_PUBLIC_KEY_INVALID; |
197 } | 197 } |
198 rv = VerifyData((const uint8_t*)block, sig, rsa); | 198 rv = VerifyData((const uint8_t*)block, sig, rsa); |
199 RSAPublicKeyFree(rsa); | 199 RSAPublicKeyFree(rsa); |
200 if (rv) | 200 if (rv) |
201 return VBOOT_KEY_BLOCK_SIGNATURE; | 201 return VBOOT_KEY_BLOCK_SIGNATURE; |
202 | 202 |
203 } else { | 203 } else { |
204 /* Check hash */ | 204 /* Check hash */ |
205 uint8_t* header_checksum = NULL; | 205 uint8_t* header_checksum = NULL; |
206 int rv; | 206 int rv; |
207 | 207 |
208 sig = &block->key_block_checksum; | 208 sig = &block->key_block_checksum; |
209 | 209 |
210 if (VerifySignatureInside(block, block->key_block_size, sig)) { | 210 if (VerifySignatureInside(block, block->key_block_size, sig)) { |
211 debug("Key block hash off end of block\n"); | 211 VBDEBUG(("Key block hash off end of block\n")); |
212 return VBOOT_KEY_BLOCK_INVALID; | 212 return VBOOT_KEY_BLOCK_INVALID; |
213 } | 213 } |
214 if (sig->sig_size != SHA512_DIGEST_SIZE) { | 214 if (sig->sig_size != SHA512_DIGEST_SIZE) { |
215 debug("Wrong hash size for key block.\n"); | 215 VBDEBUG(("Wrong hash size for key block.\n")); |
216 return VBOOT_KEY_BLOCK_INVALID; | 216 return VBOOT_KEY_BLOCK_INVALID; |
217 } | 217 } |
218 | 218 |
219 header_checksum = DigestBuf((const uint8_t*)block, sig->data_size, | 219 header_checksum = DigestBuf((const uint8_t*)block, sig->data_size, |
220 SHA512_DIGEST_ALGORITHM); | 220 SHA512_DIGEST_ALGORITHM); |
221 rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), | 221 rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), |
222 SHA512_DIGEST_SIZE); | 222 SHA512_DIGEST_SIZE); |
223 Free(header_checksum); | 223 Free(header_checksum); |
224 if (rv) { | 224 if (rv) { |
225 debug("Invalid key block hash.\n"); | 225 VBDEBUG(("Invalid key block hash.\n")); |
226 return VBOOT_KEY_BLOCK_HASH; | 226 return VBOOT_KEY_BLOCK_HASH; |
227 } | 227 } |
228 } | 228 } |
229 | 229 |
230 /* Verify we signed enough data */ | 230 /* Verify we signed enough data */ |
231 if (sig->data_size < sizeof(VbKeyBlockHeader)) { | 231 if (sig->data_size < sizeof(VbKeyBlockHeader)) { |
232 debug("Didn't sign enough data\n"); | 232 VBDEBUG(("Didn't sign enough data\n")); |
233 return VBOOT_KEY_BLOCK_INVALID; | 233 return VBOOT_KEY_BLOCK_INVALID; |
234 } | 234 } |
235 | 235 |
236 /* Verify data key is inside the block and inside signed data */ | 236 /* Verify data key is inside the block and inside signed data */ |
237 if (VerifyPublicKeyInside(block, block->key_block_size, &block->data_key)) { | 237 if (VerifyPublicKeyInside(block, block->key_block_size, &block->data_key)) { |
238 debug("Data key off end of key block\n"); | 238 VBDEBUG(("Data key off end of key block\n")); |
239 return VBOOT_KEY_BLOCK_INVALID; | 239 return VBOOT_KEY_BLOCK_INVALID; |
240 } | 240 } |
241 if (VerifyPublicKeyInside(block, sig->data_size, &block->data_key)) { | 241 if (VerifyPublicKeyInside(block, sig->data_size, &block->data_key)) { |
242 debug("Data key off end of signed data\n"); | 242 VBDEBUG(("Data key off end of signed data\n")); |
243 return VBOOT_KEY_BLOCK_INVALID; | 243 return VBOOT_KEY_BLOCK_INVALID; |
244 } | 244 } |
245 | 245 |
246 /* Success */ | 246 /* Success */ |
247 return VBOOT_SUCCESS; | 247 return VBOOT_SUCCESS; |
248 } | 248 } |
249 | 249 |
250 | 250 |
251 int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble, | 251 int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble, |
252 uint64_t size, const RSAPublicKey* key) { | 252 uint64_t size, const RSAPublicKey* key) { |
253 | 253 |
254 const VbSignature* sig = &preamble->preamble_signature; | 254 const VbSignature* sig = &preamble->preamble_signature; |
255 | 255 |
256 /* Sanity checks before attempting signature of data */ | 256 /* Sanity checks before attempting signature of data */ |
257 if (preamble->header_version_major != | 257 if (preamble->header_version_major != |
258 FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) { | 258 FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) { |
259 debug("Incompatible firmware preamble header version.\n"); | 259 VBDEBUG(("Incompatible firmware preamble header version.\n")); |
260 return VBOOT_PREAMBLE_INVALID; | 260 return VBOOT_PREAMBLE_INVALID; |
261 } | 261 } |
262 if (size < preamble->preamble_size) { | 262 if (size < preamble->preamble_size) { |
263 debug("Not enough data for preamble.\n"); | 263 VBDEBUG(("Not enough data for preamble.\n")); |
264 return VBOOT_PREAMBLE_INVALID; | 264 return VBOOT_PREAMBLE_INVALID; |
265 } | 265 } |
266 | 266 |
267 /* Check signature */ | 267 /* Check signature */ |
268 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { | 268 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { |
269 debug("Preamble signature off end of preamble\n"); | 269 VBDEBUG(("Preamble signature off end of preamble\n")); |
270 return VBOOT_PREAMBLE_INVALID; | 270 return VBOOT_PREAMBLE_INVALID; |
271 } | 271 } |
272 if (VerifyData((const uint8_t*)preamble, sig, key)) { | 272 if (VerifyData((const uint8_t*)preamble, sig, key)) { |
273 debug("Preamble signature validation failed\n"); | 273 VBDEBUG(("Preamble signature validation failed\n")); |
274 return VBOOT_PREAMBLE_SIGNATURE; | 274 return VBOOT_PREAMBLE_SIGNATURE; |
275 } | 275 } |
276 | 276 |
277 /* Verify we signed enough data */ | 277 /* Verify we signed enough data */ |
278 if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) { | 278 if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) { |
279 debug("Didn't sign enough data\n"); | 279 VBDEBUG(("Didn't sign enough data\n")); |
280 return VBOOT_PREAMBLE_INVALID; | 280 return VBOOT_PREAMBLE_INVALID; |
281 } | 281 } |
282 | 282 |
283 /* Verify body signature is inside the block */ | 283 /* Verify body signature is inside the block */ |
284 if (VerifySignatureInside(preamble, preamble->preamble_size, | 284 if (VerifySignatureInside(preamble, preamble->preamble_size, |
285 &preamble->body_signature)) { | 285 &preamble->body_signature)) { |
286 debug("Firmware body signature off end of preamble\n"); | 286 VBDEBUG(("Firmware body signature off end of preamble\n")); |
287 return VBOOT_PREAMBLE_INVALID; | 287 return VBOOT_PREAMBLE_INVALID; |
288 } | 288 } |
289 | 289 |
290 /* Verify kernel subkey is inside the block */ | 290 /* Verify kernel subkey is inside the block */ |
291 if (VerifyPublicKeyInside(preamble, preamble->preamble_size, | 291 if (VerifyPublicKeyInside(preamble, preamble->preamble_size, |
292 &preamble->kernel_subkey)) { | 292 &preamble->kernel_subkey)) { |
293 debug("Kernel subkey off end of preamble\n"); | 293 VBDEBUG(("Kernel subkey off end of preamble\n")); |
294 return VBOOT_PREAMBLE_INVALID; | 294 return VBOOT_PREAMBLE_INVALID; |
295 } | 295 } |
296 | 296 |
297 /* Success */ | 297 /* Success */ |
298 return VBOOT_SUCCESS; | 298 return VBOOT_SUCCESS; |
299 } | 299 } |
300 | 300 |
301 | 301 |
302 int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble, | 302 int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble, |
303 uint64_t size, const RSAPublicKey* key) { | 303 uint64_t size, const RSAPublicKey* key) { |
304 | 304 |
305 const VbSignature* sig = &preamble->preamble_signature; | 305 const VbSignature* sig = &preamble->preamble_signature; |
306 | 306 |
307 /* Sanity checks before attempting signature of data */ | 307 /* Sanity checks before attempting signature of data */ |
308 if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) { | 308 if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) { |
309 debug("Incompatible kernel preamble header version.\n"); | 309 VBDEBUG(("Incompatible kernel preamble header version.\n")); |
310 return VBOOT_PREAMBLE_INVALID; | 310 return VBOOT_PREAMBLE_INVALID; |
311 } | 311 } |
312 if (size < preamble->preamble_size) { | 312 if (size < preamble->preamble_size) { |
313 debug("Not enough data for preamble.\n"); | 313 VBDEBUG(("Not enough data for preamble.\n")); |
314 return VBOOT_PREAMBLE_INVALID; | 314 return VBOOT_PREAMBLE_INVALID; |
315 } | 315 } |
316 | 316 |
317 /* Check signature */ | 317 /* Check signature */ |
318 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { | 318 if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { |
319 debug("Preamble signature off end of preamble\n"); | 319 VBDEBUG(("Preamble signature off end of preamble\n")); |
320 return VBOOT_PREAMBLE_INVALID; | 320 return VBOOT_PREAMBLE_INVALID; |
321 } | 321 } |
322 if (VerifyData((const uint8_t*)preamble, sig, key)) { | 322 if (VerifyData((const uint8_t*)preamble, sig, key)) { |
323 debug("Preamble signature validation failed\n"); | 323 VBDEBUG(("Preamble signature validation failed\n")); |
324 return VBOOT_PREAMBLE_SIGNATURE; | 324 return VBOOT_PREAMBLE_SIGNATURE; |
325 } | 325 } |
326 | 326 |
327 /* Verify we signed enough data */ | 327 /* Verify we signed enough data */ |
328 if (sig->data_size < sizeof(VbKernelPreambleHeader)) { | 328 if (sig->data_size < sizeof(VbKernelPreambleHeader)) { |
329 debug("Didn't sign enough data\n"); | 329 VBDEBUG(("Didn't sign enough data\n")); |
330 return VBOOT_PREAMBLE_INVALID; | 330 return VBOOT_PREAMBLE_INVALID; |
331 } | 331 } |
332 | 332 |
333 /* Verify body signature is inside the block */ | 333 /* Verify body signature is inside the block */ |
334 if (VerifySignatureInside(preamble, preamble->preamble_size, | 334 if (VerifySignatureInside(preamble, preamble->preamble_size, |
335 &preamble->body_signature)) { | 335 &preamble->body_signature)) { |
336 debug("Kernel body signature off end of preamble\n"); | 336 VBDEBUG(("Kernel body signature off end of preamble\n")); |
337 return VBOOT_PREAMBLE_INVALID; | 337 return VBOOT_PREAMBLE_INVALID; |
338 } | 338 } |
339 | 339 |
340 /* Success */ | 340 /* Success */ |
341 return VBOOT_SUCCESS; | 341 return VBOOT_SUCCESS; |
342 } | 342 } |
OLD | NEW |