| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for generating and manipulating a verified boot kernel image. | 5 * Functions for generating and manipulating a verified boot kernel image. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "kernel_image.h" | 8 #include "kernel_image.h" |
| 9 | 9 |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 85 /* Valid Kernel Key signing algorithm. */ | 85 /* Valid Kernel Key signing algorithm. */ |
| 86 if (image->firmware_sign_algorithm >= kNumAlgorithms) | 86 if (image->firmware_sign_algorithm >= kNumAlgorithms) |
| 87 goto parse_failure; | 87 goto parse_failure; |
| 88 | 88 |
| 89 /* Valid Kernel Signing Algorithm? */ | 89 /* Valid Kernel Signing Algorithm? */ |
| 90 if (image->kernel_sign_algorithm >= kNumAlgorithms) | 90 if (image->kernel_sign_algorithm >= kNumAlgorithms) |
| 91 goto parse_failure; | 91 goto parse_failure; |
| 92 | 92 |
| 93 /* Compute size of pre-processed RSA public keys and signatures. */ | 93 /* Compute size of pre-processed RSA public keys and signatures. */ |
| 94 firmware_sign_key_len = RSAProcessedKeySize(image->firmware_sign_algorithm); | 94 firmware_sign_key_len = RSAProcessedKeySize(image->firmware_sign_algorithm); |
| 95 /* TODO(gauravsh): Make siglen_map track the signature length in number | 95 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm]; |
| 96 * of bytes rather than 32-bit words. */ | |
| 97 kernel_key_signature_len = (siglen_map[image->firmware_sign_algorithm] * | |
| 98 sizeof(uint32_t)); | |
| 99 kernel_sign_key_len = RSAProcessedKeySize(image->kernel_sign_algorithm); | 96 kernel_sign_key_len = RSAProcessedKeySize(image->kernel_sign_algorithm); |
| 100 kernel_signature_len = (siglen_map[image->kernel_sign_algorithm] * | 97 kernel_signature_len = siglen_map[image->kernel_sign_algorithm]; |
| 101 sizeof(uint32_t)); | |
| 102 | 98 |
| 103 /* Check whether key header length is correct. */ | 99 /* Check whether key header length is correct. */ |
| 104 header_len = (FIELD_LEN(header_version) + | 100 header_len = (FIELD_LEN(header_version) + |
| 105 FIELD_LEN(header_len) + | 101 FIELD_LEN(header_len) + |
| 106 FIELD_LEN(firmware_sign_algorithm) + | 102 FIELD_LEN(firmware_sign_algorithm) + |
| 107 FIELD_LEN(kernel_sign_algorithm) + | 103 FIELD_LEN(kernel_sign_algorithm) + |
| 108 FIELD_LEN(kernel_key_version) + | 104 FIELD_LEN(kernel_key_version) + |
| 109 kernel_sign_key_len + | 105 kernel_sign_key_len + |
| 110 FIELD_LEN(header_checksum)); | 106 FIELD_LEN(header_checksum)); |
| 111 | 107 |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 193 int kernel_key_signature_len; | 189 int kernel_key_signature_len; |
| 194 int kernel_signature_len; | 190 int kernel_signature_len; |
| 195 if (!image) | 191 if (!image) |
| 196 return NULL; | 192 return NULL; |
| 197 if (-1 == (fd = creat(input_file, | 193 if (-1 == (fd = creat(input_file, |
| 198 S_IRUSR | S_IWUSR))) { /* Owner has R/W permissions. */ | 194 S_IRUSR | S_IWUSR))) { /* Owner has R/W permissions. */ |
| 199 fprintf(stderr, "Couldn't open file for writing.\n"); | 195 fprintf(stderr, "Couldn't open file for writing.\n"); |
| 200 return NULL; | 196 return NULL; |
| 201 } | 197 } |
| 202 | 198 |
| 203 kernel_key_signature_len = (siglen_map[image->firmware_sign_algorithm] * | 199 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm]; |
| 204 sizeof(uint32_t)); | 200 kernel_signature_len = siglen_map[image->kernel_sign_algorithm]; |
| 205 kernel_signature_len = (siglen_map[image->kernel_sign_algorithm] * | |
| 206 sizeof(uint32_t)); | |
| 207 | 201 |
| 208 write(fd, image->magic, FIELD_LEN(magic)); | 202 write(fd, image->magic, FIELD_LEN(magic)); |
| 209 WriteKernelHeader(fd, image); | 203 WriteKernelHeader(fd, image); |
| 210 write(fd, image->kernel_key_signature, kernel_key_signature_len); | 204 write(fd, image->kernel_key_signature, kernel_key_signature_len); |
| 211 WriteKernelConfig(fd, image); | 205 WriteKernelConfig(fd, image); |
| 212 write(fd, image->config_signature, kernel_signature_len); | 206 write(fd, image->config_signature, kernel_signature_len); |
| 213 write(fd, image->kernel_signature, kernel_signature_len); | 207 write(fd, image->kernel_signature, kernel_signature_len); |
| 214 write(fd, image->kernel_data, image->options.kernel_len); | 208 write(fd, image->kernel_data, image->options.kernel_len); |
| 215 | 209 |
| 216 close(fd); | 210 close(fd); |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 358 FIELD_LEN(options.version)), | 352 FIELD_LEN(options.version)), |
| 359 sizeof(len)); | 353 sizeof(len)); |
| 360 *kernel_len = (int) len; | 354 *kernel_len = (int) len; |
| 361 return 0; | 355 return 0; |
| 362 } | 356 } |
| 363 | 357 |
| 364 int VerifyKernelData(RSAPublicKey* kernel_sign_key, | 358 int VerifyKernelData(RSAPublicKey* kernel_sign_key, |
| 365 const uint8_t* kernel_data_start, | 359 const uint8_t* kernel_data_start, |
| 366 int kernel_len, | 360 int kernel_len, |
| 367 int algorithm) { | 361 int algorithm) { |
| 368 int signature_len = siglen_map[algorithm] * sizeof(uint32_t); | 362 int signature_len = siglen_map[algorithm]; |
| 369 if (!RSAVerifyBinary_f(NULL, kernel_sign_key, /* Key to use. */ | 363 if (!RSAVerifyBinary_f(NULL, kernel_sign_key, /* Key to use. */ |
| 370 kernel_data_start + signature_len, /* Data to | 364 kernel_data_start + signature_len, /* Data to |
| 371 * verify */ | 365 * verify */ |
| 372 kernel_len, /* Length of data. */ | 366 kernel_len, /* Length of data. */ |
| 373 kernel_data_start, /* Expected Signature */ | 367 kernel_data_start, /* Expected Signature */ |
| 374 algorithm)) | 368 algorithm)) |
| 375 return VERIFY_KERNEL_SIGNATURE_FAILED; | 369 return VERIFY_KERNEL_SIGNATURE_FAILED; |
| 376 return 0; | 370 return 0; |
| 377 } | 371 } |
| 378 | 372 |
| (...skipping 29 matching lines...) Expand all Loading... |
| 408 /* Parse signing key into RSAPublicKey structure since it is required multiple | 402 /* Parse signing key into RSAPublicKey structure since it is required multiple |
| 409 * times. */ | 403 * times. */ |
| 410 kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm); | 404 kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm); |
| 411 kernel_sign_key_ptr = header_ptr + (FIELD_LEN(header_version) + | 405 kernel_sign_key_ptr = header_ptr + (FIELD_LEN(header_version) + |
| 412 FIELD_LEN(header_len) + | 406 FIELD_LEN(header_len) + |
| 413 FIELD_LEN(firmware_sign_algorithm) + | 407 FIELD_LEN(firmware_sign_algorithm) + |
| 414 FIELD_LEN(kernel_sign_algorithm) + | 408 FIELD_LEN(kernel_sign_algorithm) + |
| 415 FIELD_LEN(kernel_key_version)); | 409 FIELD_LEN(kernel_key_version)); |
| 416 kernel_sign_key = RSAPublicKeyFromBuf(kernel_sign_key_ptr, | 410 kernel_sign_key = RSAPublicKeyFromBuf(kernel_sign_key_ptr, |
| 417 kernel_sign_key_len); | 411 kernel_sign_key_len); |
| 418 kernel_signature_len = siglen_map[kernel_sign_algorithm] * sizeof(uint32_t); | 412 kernel_signature_len = siglen_map[kernel_sign_algorithm]; |
| 419 kernel_key_signature_len = siglen_map[firmware_sign_algorithm] * | 413 kernel_key_signature_len = siglen_map[firmware_sign_algorithm]; |
| 420 sizeof(uint32_t); | |
| 421 | 414 |
| 422 /* Only continue if config verification succeeds. */ | 415 /* Only continue if config verification succeeds. */ |
| 423 config_ptr = (header_ptr + header_len + kernel_key_signature_len); | 416 config_ptr = (header_ptr + header_len + kernel_key_signature_len); |
| 424 if ((error_code = VerifyKernelConfig(kernel_sign_key, config_ptr, | 417 if ((error_code = VerifyKernelConfig(kernel_sign_key, config_ptr, |
| 425 kernel_sign_algorithm, | 418 kernel_sign_algorithm, |
| 426 &kernel_len))) | 419 &kernel_len))) |
| 427 return error_code; /* AKA jump to recovery. */ | 420 return error_code; /* AKA jump to recovery. */ |
| 428 /* Only continue if kernel data verification succeeds. */ | 421 /* Only continue if kernel data verification succeeds. */ |
| 429 kernel_ptr = (config_ptr + | 422 kernel_ptr = (config_ptr + |
| 430 FIELD_LEN(kernel_version) + | 423 FIELD_LEN(kernel_version) + |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 479 DigestUpdate(&ctx, (uint8_t*) &image->kernel_sign_algorithm, | 472 DigestUpdate(&ctx, (uint8_t*) &image->kernel_sign_algorithm, |
| 480 FIELD_LEN(kernel_sign_algorithm)); | 473 FIELD_LEN(kernel_sign_algorithm)); |
| 481 DigestUpdate(&ctx, (uint8_t*) &image->kernel_key_version, | 474 DigestUpdate(&ctx, (uint8_t*) &image->kernel_key_version, |
| 482 FIELD_LEN(kernel_key_version)); | 475 FIELD_LEN(kernel_key_version)); |
| 483 DigestUpdate(&ctx, image->kernel_sign_key, | 476 DigestUpdate(&ctx, image->kernel_sign_key, |
| 484 RSAProcessedKeySize(image->kernel_sign_algorithm)); | 477 RSAProcessedKeySize(image->kernel_sign_algorithm)); |
| 485 DigestUpdate(&ctx, image->header_checksum, | 478 DigestUpdate(&ctx, image->header_checksum, |
| 486 FIELD_LEN(header_checksum)); | 479 FIELD_LEN(header_checksum)); |
| 487 header_digest = DigestFinal(&ctx); | 480 header_digest = DigestFinal(&ctx); |
| 488 if (!RSA_verify(firmware_key, image->kernel_key_signature, | 481 if (!RSA_verify(firmware_key, image->kernel_key_signature, |
| 489 siglen_map[image->firmware_sign_algorithm] * | 482 siglen_map[image->firmware_sign_algorithm], |
| 490 sizeof(uint32_t), | |
| 491 image->firmware_sign_algorithm, | 483 image->firmware_sign_algorithm, |
| 492 header_digest)) { | 484 header_digest)) { |
| 493 fprintf(stderr, "VerifyKernelImage(): Key signature check failed.\n"); | 485 fprintf(stderr, "VerifyKernelImage(): Key signature check failed.\n"); |
| 494 error_code = VERIFY_KERNEL_KEY_SIGNATURE_FAILED; | 486 error_code = VERIFY_KERNEL_KEY_SIGNATURE_FAILED; |
| 495 goto verify_failure; | 487 goto verify_failure; |
| 496 } | 488 } |
| 497 } | 489 } |
| 498 | 490 |
| 499 /* Get kernel signing key to verify the rest of the kernel. */ | 491 /* Get kernel signing key to verify the rest of the kernel. */ |
| 500 kernel_sign_key_size = RSAProcessedKeySize(image->kernel_sign_algorithm); | 492 kernel_sign_key_size = RSAProcessedKeySize(image->kernel_sign_algorithm); |
| 501 kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key, | 493 kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key, |
| 502 kernel_sign_key_size); | 494 kernel_sign_key_size); |
| 503 kernel_signature_size = siglen_map[image->kernel_sign_algorithm] * | 495 kernel_signature_size = siglen_map[image->kernel_sign_algorithm]; |
| 504 sizeof(uint32_t); | |
| 505 | 496 |
| 506 /* Verify kernel config signature. */ | 497 /* Verify kernel config signature. */ |
| 507 DigestInit(&ctx, image->kernel_sign_algorithm); | 498 DigestInit(&ctx, image->kernel_sign_algorithm); |
| 508 DigestUpdate(&ctx, (uint8_t*) &image->kernel_version, | 499 DigestUpdate(&ctx, (uint8_t*) &image->kernel_version, |
| 509 FIELD_LEN(kernel_version)); | 500 FIELD_LEN(kernel_version)); |
| 510 DigestUpdate(&ctx, (uint8_t*) &image->options.version, | 501 DigestUpdate(&ctx, (uint8_t*) &image->options.version, |
| 511 FIELD_LEN(options.version)); | 502 FIELD_LEN(options.version)); |
| 512 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_len, | 503 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_len, |
| 513 FIELD_LEN(options.kernel_len)); | 504 FIELD_LEN(options.kernel_len)); |
| 514 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_load_addr, | 505 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_load_addr, |
| (...skipping 27 matching lines...) Expand all Loading... |
| 542 } | 533 } |
| 543 | 534 |
| 544 const char* VerifyKernelErrorString(int error) { | 535 const char* VerifyKernelErrorString(int error) { |
| 545 return kVerifyKernelErrors[error]; | 536 return kVerifyKernelErrors[error]; |
| 546 } | 537 } |
| 547 | 538 |
| 548 int AddKernelKeySignature(KernelImage* image, const char* firmware_key_file) { | 539 int AddKernelKeySignature(KernelImage* image, const char* firmware_key_file) { |
| 549 int tmp_hdr_fd; | 540 int tmp_hdr_fd; |
| 550 char* tmp_hdr_file = ".tmpKernelHdrFile"; | 541 char* tmp_hdr_file = ".tmpKernelHdrFile"; |
| 551 uint8_t* signature; | 542 uint8_t* signature; |
| 552 int signature_len = siglen_map[image->firmware_sign_algorithm] * | 543 int signature_len = siglen_map[image->firmware_sign_algorithm]; |
| 553 sizeof(uint32_t); | |
| 554 | 544 |
| 555 if(-1 == (tmp_hdr_fd = creat(tmp_hdr_file, S_IRWXU))) { | 545 if(-1 == (tmp_hdr_fd = creat(tmp_hdr_file, S_IRWXU))) { |
| 556 fprintf(stderr, "Could not open temporary file for writing " | 546 fprintf(stderr, "Could not open temporary file for writing " |
| 557 "kernel header.\n"); | 547 "kernel header.\n"); |
| 558 return 0; | 548 return 0; |
| 559 } | 549 } |
| 560 WriteKernelHeader(tmp_hdr_fd, image); | 550 WriteKernelHeader(tmp_hdr_fd, image); |
| 561 close(tmp_hdr_fd); | 551 close(tmp_hdr_fd); |
| 562 if (!(signature = SignatureFile(tmp_hdr_file, firmware_key_file, | 552 if (!(signature = SignatureFile(tmp_hdr_file, firmware_key_file, |
| 563 image->firmware_sign_algorithm))) | 553 image->firmware_sign_algorithm))) |
| 564 return 0; | 554 return 0; |
| 565 image->kernel_key_signature = Malloc(signature_len); | 555 image->kernel_key_signature = Malloc(signature_len); |
| 566 Memcpy(image->kernel_key_signature, signature, signature_len); | 556 Memcpy(image->kernel_key_signature, signature, signature_len); |
| 567 return 1; | 557 return 1; |
| 568 } | 558 } |
| 569 | 559 |
| 570 int AddKernelSignature(KernelImage* image, const char* kernel_signing_key_file, | 560 int AddKernelSignature(KernelImage* image, const char* kernel_signing_key_file, |
| 571 int algorithm) { | 561 int algorithm) { |
| 572 int tmp_config_fd; | 562 int tmp_config_fd; |
| 573 char* tmp_config_file = ".tmpConfigFile"; | 563 char* tmp_config_file = ".tmpConfigFile"; |
| 574 int tmp_kernel_fd; | 564 int tmp_kernel_fd; |
| 575 char* tmp_kernel_file = ".tmpKernelFile"; | 565 char* tmp_kernel_file = ".tmpKernelFile"; |
| 576 uint8_t* config_signature; | 566 uint8_t* config_signature; |
| 577 uint8_t* kernel_signature; | 567 uint8_t* kernel_signature; |
| 578 int signature_len = siglen_map[algorithm] * sizeof(uint32_t); | 568 int signature_len = siglen_map[algorithm]; |
| 579 | 569 |
| 580 /* Write config to a file. */ | 570 /* Write config to a file. */ |
| 581 if(-1 == (tmp_config_fd = creat(tmp_config_file, S_IRWXU))) { | 571 if(-1 == (tmp_config_fd = creat(tmp_config_file, S_IRWXU))) { |
| 582 fprintf(stderr, "Could not open temporary file for writing " | 572 fprintf(stderr, "Could not open temporary file for writing " |
| 583 "kernel config.\n"); | 573 "kernel config.\n"); |
| 584 return 0; | 574 return 0; |
| 585 } | 575 } |
| 586 WriteKernelConfig(tmp_config_fd, image); | 576 WriteKernelConfig(tmp_config_fd, image); |
| 587 close(tmp_config_fd); | 577 close(tmp_config_fd); |
| 588 if (!(config_signature = SignatureFile(tmp_config_file, | 578 if (!(config_signature = SignatureFile(tmp_config_file, |
| (...skipping 16 matching lines...) Expand all Loading... |
| 605 kernel_signing_key_file, | 595 kernel_signing_key_file, |
| 606 algorithm))) { | 596 algorithm))) { |
| 607 fprintf(stderr, "Could not compute signature on the kernel.\n"); | 597 fprintf(stderr, "Could not compute signature on the kernel.\n"); |
| 608 return 0; | 598 return 0; |
| 609 } | 599 } |
| 610 image->kernel_signature = (uint8_t*) Malloc(signature_len); | 600 image->kernel_signature = (uint8_t*) Malloc(signature_len); |
| 611 Memcpy(image->kernel_signature, kernel_signature, signature_len); | 601 Memcpy(image->kernel_signature, kernel_signature, signature_len); |
| 612 Free(kernel_signature); | 602 Free(kernel_signature); |
| 613 return 1; | 603 return 1; |
| 614 } | 604 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 660261:
Refactor siglen_map[] to store key size in bytes instead of 32-bit words. (Closed)
