OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for generating and manipulating a verified boot kernel image. | 5 * Functions for generating and manipulating a verified boot kernel image. |
6 */ | 6 */ |
7 | 7 |
8 #include "kernel_image.h" | 8 #include "kernel_image.h" |
9 | 9 |
10 #include <fcntl.h> | 10 #include <fcntl.h> |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
85 /* Valid Kernel Key signing algorithm. */ | 85 /* Valid Kernel Key signing algorithm. */ |
86 if (image->firmware_sign_algorithm >= kNumAlgorithms) | 86 if (image->firmware_sign_algorithm >= kNumAlgorithms) |
87 goto parse_failure; | 87 goto parse_failure; |
88 | 88 |
89 /* Valid Kernel Signing Algorithm? */ | 89 /* Valid Kernel Signing Algorithm? */ |
90 if (image->kernel_sign_algorithm >= kNumAlgorithms) | 90 if (image->kernel_sign_algorithm >= kNumAlgorithms) |
91 goto parse_failure; | 91 goto parse_failure; |
92 | 92 |
93 /* Compute size of pre-processed RSA public keys and signatures. */ | 93 /* Compute size of pre-processed RSA public keys and signatures. */ |
94 firmware_sign_key_len = RSAProcessedKeySize(image->firmware_sign_algorithm); | 94 firmware_sign_key_len = RSAProcessedKeySize(image->firmware_sign_algorithm); |
95 /* TODO(gauravsh): Make siglen_map track the signature length in number | 95 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm]; |
96 * of bytes rather than 32-bit words. */ | |
97 kernel_key_signature_len = (siglen_map[image->firmware_sign_algorithm] * | |
98 sizeof(uint32_t)); | |
99 kernel_sign_key_len = RSAProcessedKeySize(image->kernel_sign_algorithm); | 96 kernel_sign_key_len = RSAProcessedKeySize(image->kernel_sign_algorithm); |
100 kernel_signature_len = (siglen_map[image->kernel_sign_algorithm] * | 97 kernel_signature_len = siglen_map[image->kernel_sign_algorithm]; |
101 sizeof(uint32_t)); | |
102 | 98 |
103 /* Check whether key header length is correct. */ | 99 /* Check whether key header length is correct. */ |
104 header_len = (FIELD_LEN(header_version) + | 100 header_len = (FIELD_LEN(header_version) + |
105 FIELD_LEN(header_len) + | 101 FIELD_LEN(header_len) + |
106 FIELD_LEN(firmware_sign_algorithm) + | 102 FIELD_LEN(firmware_sign_algorithm) + |
107 FIELD_LEN(kernel_sign_algorithm) + | 103 FIELD_LEN(kernel_sign_algorithm) + |
108 FIELD_LEN(kernel_key_version) + | 104 FIELD_LEN(kernel_key_version) + |
109 kernel_sign_key_len + | 105 kernel_sign_key_len + |
110 FIELD_LEN(header_checksum)); | 106 FIELD_LEN(header_checksum)); |
111 | 107 |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
193 int kernel_key_signature_len; | 189 int kernel_key_signature_len; |
194 int kernel_signature_len; | 190 int kernel_signature_len; |
195 if (!image) | 191 if (!image) |
196 return NULL; | 192 return NULL; |
197 if (-1 == (fd = creat(input_file, | 193 if (-1 == (fd = creat(input_file, |
198 S_IRUSR | S_IWUSR))) { /* Owner has R/W permissions. */ | 194 S_IRUSR | S_IWUSR))) { /* Owner has R/W permissions. */ |
199 fprintf(stderr, "Couldn't open file for writing.\n"); | 195 fprintf(stderr, "Couldn't open file for writing.\n"); |
200 return NULL; | 196 return NULL; |
201 } | 197 } |
202 | 198 |
203 kernel_key_signature_len = (siglen_map[image->firmware_sign_algorithm] * | 199 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm]; |
204 sizeof(uint32_t)); | 200 kernel_signature_len = siglen_map[image->kernel_sign_algorithm]; |
205 kernel_signature_len = (siglen_map[image->kernel_sign_algorithm] * | |
206 sizeof(uint32_t)); | |
207 | 201 |
208 write(fd, image->magic, FIELD_LEN(magic)); | 202 write(fd, image->magic, FIELD_LEN(magic)); |
209 WriteKernelHeader(fd, image); | 203 WriteKernelHeader(fd, image); |
210 write(fd, image->kernel_key_signature, kernel_key_signature_len); | 204 write(fd, image->kernel_key_signature, kernel_key_signature_len); |
211 WriteKernelConfig(fd, image); | 205 WriteKernelConfig(fd, image); |
212 write(fd, image->config_signature, kernel_signature_len); | 206 write(fd, image->config_signature, kernel_signature_len); |
213 write(fd, image->kernel_signature, kernel_signature_len); | 207 write(fd, image->kernel_signature, kernel_signature_len); |
214 write(fd, image->kernel_data, image->options.kernel_len); | 208 write(fd, image->kernel_data, image->options.kernel_len); |
215 | 209 |
216 close(fd); | 210 close(fd); |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
358 FIELD_LEN(options.version)), | 352 FIELD_LEN(options.version)), |
359 sizeof(len)); | 353 sizeof(len)); |
360 *kernel_len = (int) len; | 354 *kernel_len = (int) len; |
361 return 0; | 355 return 0; |
362 } | 356 } |
363 | 357 |
364 int VerifyKernelData(RSAPublicKey* kernel_sign_key, | 358 int VerifyKernelData(RSAPublicKey* kernel_sign_key, |
365 const uint8_t* kernel_data_start, | 359 const uint8_t* kernel_data_start, |
366 int kernel_len, | 360 int kernel_len, |
367 int algorithm) { | 361 int algorithm) { |
368 int signature_len = siglen_map[algorithm] * sizeof(uint32_t); | 362 int signature_len = siglen_map[algorithm]; |
369 if (!RSAVerifyBinary_f(NULL, kernel_sign_key, /* Key to use. */ | 363 if (!RSAVerifyBinary_f(NULL, kernel_sign_key, /* Key to use. */ |
370 kernel_data_start + signature_len, /* Data to | 364 kernel_data_start + signature_len, /* Data to |
371 * verify */ | 365 * verify */ |
372 kernel_len, /* Length of data. */ | 366 kernel_len, /* Length of data. */ |
373 kernel_data_start, /* Expected Signature */ | 367 kernel_data_start, /* Expected Signature */ |
374 algorithm)) | 368 algorithm)) |
375 return VERIFY_KERNEL_SIGNATURE_FAILED; | 369 return VERIFY_KERNEL_SIGNATURE_FAILED; |
376 return 0; | 370 return 0; |
377 } | 371 } |
378 | 372 |
(...skipping 29 matching lines...) Expand all Loading... |
408 /* Parse signing key into RSAPublicKey structure since it is required multiple | 402 /* Parse signing key into RSAPublicKey structure since it is required multiple |
409 * times. */ | 403 * times. */ |
410 kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm); | 404 kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm); |
411 kernel_sign_key_ptr = header_ptr + (FIELD_LEN(header_version) + | 405 kernel_sign_key_ptr = header_ptr + (FIELD_LEN(header_version) + |
412 FIELD_LEN(header_len) + | 406 FIELD_LEN(header_len) + |
413 FIELD_LEN(firmware_sign_algorithm) + | 407 FIELD_LEN(firmware_sign_algorithm) + |
414 FIELD_LEN(kernel_sign_algorithm) + | 408 FIELD_LEN(kernel_sign_algorithm) + |
415 FIELD_LEN(kernel_key_version)); | 409 FIELD_LEN(kernel_key_version)); |
416 kernel_sign_key = RSAPublicKeyFromBuf(kernel_sign_key_ptr, | 410 kernel_sign_key = RSAPublicKeyFromBuf(kernel_sign_key_ptr, |
417 kernel_sign_key_len); | 411 kernel_sign_key_len); |
418 kernel_signature_len = siglen_map[kernel_sign_algorithm] * sizeof(uint32_t); | 412 kernel_signature_len = siglen_map[kernel_sign_algorithm]; |
419 kernel_key_signature_len = siglen_map[firmware_sign_algorithm] * | 413 kernel_key_signature_len = siglen_map[firmware_sign_algorithm]; |
420 sizeof(uint32_t); | |
421 | 414 |
422 /* Only continue if config verification succeeds. */ | 415 /* Only continue if config verification succeeds. */ |
423 config_ptr = (header_ptr + header_len + kernel_key_signature_len); | 416 config_ptr = (header_ptr + header_len + kernel_key_signature_len); |
424 if ((error_code = VerifyKernelConfig(kernel_sign_key, config_ptr, | 417 if ((error_code = VerifyKernelConfig(kernel_sign_key, config_ptr, |
425 kernel_sign_algorithm, | 418 kernel_sign_algorithm, |
426 &kernel_len))) | 419 &kernel_len))) |
427 return error_code; /* AKA jump to recovery. */ | 420 return error_code; /* AKA jump to recovery. */ |
428 /* Only continue if kernel data verification succeeds. */ | 421 /* Only continue if kernel data verification succeeds. */ |
429 kernel_ptr = (config_ptr + | 422 kernel_ptr = (config_ptr + |
430 FIELD_LEN(kernel_version) + | 423 FIELD_LEN(kernel_version) + |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
479 DigestUpdate(&ctx, (uint8_t*) &image->kernel_sign_algorithm, | 472 DigestUpdate(&ctx, (uint8_t*) &image->kernel_sign_algorithm, |
480 FIELD_LEN(kernel_sign_algorithm)); | 473 FIELD_LEN(kernel_sign_algorithm)); |
481 DigestUpdate(&ctx, (uint8_t*) &image->kernel_key_version, | 474 DigestUpdate(&ctx, (uint8_t*) &image->kernel_key_version, |
482 FIELD_LEN(kernel_key_version)); | 475 FIELD_LEN(kernel_key_version)); |
483 DigestUpdate(&ctx, image->kernel_sign_key, | 476 DigestUpdate(&ctx, image->kernel_sign_key, |
484 RSAProcessedKeySize(image->kernel_sign_algorithm)); | 477 RSAProcessedKeySize(image->kernel_sign_algorithm)); |
485 DigestUpdate(&ctx, image->header_checksum, | 478 DigestUpdate(&ctx, image->header_checksum, |
486 FIELD_LEN(header_checksum)); | 479 FIELD_LEN(header_checksum)); |
487 header_digest = DigestFinal(&ctx); | 480 header_digest = DigestFinal(&ctx); |
488 if (!RSA_verify(firmware_key, image->kernel_key_signature, | 481 if (!RSA_verify(firmware_key, image->kernel_key_signature, |
489 siglen_map[image->firmware_sign_algorithm] * | 482 siglen_map[image->firmware_sign_algorithm], |
490 sizeof(uint32_t), | |
491 image->firmware_sign_algorithm, | 483 image->firmware_sign_algorithm, |
492 header_digest)) { | 484 header_digest)) { |
493 fprintf(stderr, "VerifyKernelImage(): Key signature check failed.\n"); | 485 fprintf(stderr, "VerifyKernelImage(): Key signature check failed.\n"); |
494 error_code = VERIFY_KERNEL_KEY_SIGNATURE_FAILED; | 486 error_code = VERIFY_KERNEL_KEY_SIGNATURE_FAILED; |
495 goto verify_failure; | 487 goto verify_failure; |
496 } | 488 } |
497 } | 489 } |
498 | 490 |
499 /* Get kernel signing key to verify the rest of the kernel. */ | 491 /* Get kernel signing key to verify the rest of the kernel. */ |
500 kernel_sign_key_size = RSAProcessedKeySize(image->kernel_sign_algorithm); | 492 kernel_sign_key_size = RSAProcessedKeySize(image->kernel_sign_algorithm); |
501 kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key, | 493 kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key, |
502 kernel_sign_key_size); | 494 kernel_sign_key_size); |
503 kernel_signature_size = siglen_map[image->kernel_sign_algorithm] * | 495 kernel_signature_size = siglen_map[image->kernel_sign_algorithm]; |
504 sizeof(uint32_t); | |
505 | 496 |
506 /* Verify kernel config signature. */ | 497 /* Verify kernel config signature. */ |
507 DigestInit(&ctx, image->kernel_sign_algorithm); | 498 DigestInit(&ctx, image->kernel_sign_algorithm); |
508 DigestUpdate(&ctx, (uint8_t*) &image->kernel_version, | 499 DigestUpdate(&ctx, (uint8_t*) &image->kernel_version, |
509 FIELD_LEN(kernel_version)); | 500 FIELD_LEN(kernel_version)); |
510 DigestUpdate(&ctx, (uint8_t*) &image->options.version, | 501 DigestUpdate(&ctx, (uint8_t*) &image->options.version, |
511 FIELD_LEN(options.version)); | 502 FIELD_LEN(options.version)); |
512 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_len, | 503 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_len, |
513 FIELD_LEN(options.kernel_len)); | 504 FIELD_LEN(options.kernel_len)); |
514 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_load_addr, | 505 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_load_addr, |
(...skipping 27 matching lines...) Expand all Loading... |
542 } | 533 } |
543 | 534 |
544 const char* VerifyKernelErrorString(int error) { | 535 const char* VerifyKernelErrorString(int error) { |
545 return kVerifyKernelErrors[error]; | 536 return kVerifyKernelErrors[error]; |
546 } | 537 } |
547 | 538 |
548 int AddKernelKeySignature(KernelImage* image, const char* firmware_key_file) { | 539 int AddKernelKeySignature(KernelImage* image, const char* firmware_key_file) { |
549 int tmp_hdr_fd; | 540 int tmp_hdr_fd; |
550 char* tmp_hdr_file = ".tmpKernelHdrFile"; | 541 char* tmp_hdr_file = ".tmpKernelHdrFile"; |
551 uint8_t* signature; | 542 uint8_t* signature; |
552 int signature_len = siglen_map[image->firmware_sign_algorithm] * | 543 int signature_len = siglen_map[image->firmware_sign_algorithm]; |
553 sizeof(uint32_t); | |
554 | 544 |
555 if(-1 == (tmp_hdr_fd = creat(tmp_hdr_file, S_IRWXU))) { | 545 if(-1 == (tmp_hdr_fd = creat(tmp_hdr_file, S_IRWXU))) { |
556 fprintf(stderr, "Could not open temporary file for writing " | 546 fprintf(stderr, "Could not open temporary file for writing " |
557 "kernel header.\n"); | 547 "kernel header.\n"); |
558 return 0; | 548 return 0; |
559 } | 549 } |
560 WriteKernelHeader(tmp_hdr_fd, image); | 550 WriteKernelHeader(tmp_hdr_fd, image); |
561 close(tmp_hdr_fd); | 551 close(tmp_hdr_fd); |
562 if (!(signature = SignatureFile(tmp_hdr_file, firmware_key_file, | 552 if (!(signature = SignatureFile(tmp_hdr_file, firmware_key_file, |
563 image->firmware_sign_algorithm))) | 553 image->firmware_sign_algorithm))) |
564 return 0; | 554 return 0; |
565 image->kernel_key_signature = Malloc(signature_len); | 555 image->kernel_key_signature = Malloc(signature_len); |
566 Memcpy(image->kernel_key_signature, signature, signature_len); | 556 Memcpy(image->kernel_key_signature, signature, signature_len); |
567 return 1; | 557 return 1; |
568 } | 558 } |
569 | 559 |
570 int AddKernelSignature(KernelImage* image, const char* kernel_signing_key_file, | 560 int AddKernelSignature(KernelImage* image, const char* kernel_signing_key_file, |
571 int algorithm) { | 561 int algorithm) { |
572 int tmp_config_fd; | 562 int tmp_config_fd; |
573 char* tmp_config_file = ".tmpConfigFile"; | 563 char* tmp_config_file = ".tmpConfigFile"; |
574 int tmp_kernel_fd; | 564 int tmp_kernel_fd; |
575 char* tmp_kernel_file = ".tmpKernelFile"; | 565 char* tmp_kernel_file = ".tmpKernelFile"; |
576 uint8_t* config_signature; | 566 uint8_t* config_signature; |
577 uint8_t* kernel_signature; | 567 uint8_t* kernel_signature; |
578 int signature_len = siglen_map[algorithm] * sizeof(uint32_t); | 568 int signature_len = siglen_map[algorithm]; |
579 | 569 |
580 /* Write config to a file. */ | 570 /* Write config to a file. */ |
581 if(-1 == (tmp_config_fd = creat(tmp_config_file, S_IRWXU))) { | 571 if(-1 == (tmp_config_fd = creat(tmp_config_file, S_IRWXU))) { |
582 fprintf(stderr, "Could not open temporary file for writing " | 572 fprintf(stderr, "Could not open temporary file for writing " |
583 "kernel config.\n"); | 573 "kernel config.\n"); |
584 return 0; | 574 return 0; |
585 } | 575 } |
586 WriteKernelConfig(tmp_config_fd, image); | 576 WriteKernelConfig(tmp_config_fd, image); |
587 close(tmp_config_fd); | 577 close(tmp_config_fd); |
588 if (!(config_signature = SignatureFile(tmp_config_file, | 578 if (!(config_signature = SignatureFile(tmp_config_file, |
(...skipping 16 matching lines...) Expand all Loading... |
605 kernel_signing_key_file, | 595 kernel_signing_key_file, |
606 algorithm))) { | 596 algorithm))) { |
607 fprintf(stderr, "Could not compute signature on the kernel.\n"); | 597 fprintf(stderr, "Could not compute signature on the kernel.\n"); |
608 return 0; | 598 return 0; |
609 } | 599 } |
610 image->kernel_signature = (uint8_t*) Malloc(signature_len); | 600 image->kernel_signature = (uint8_t*) Malloc(signature_len); |
611 Memcpy(image->kernel_signature, kernel_signature, signature_len); | 601 Memcpy(image->kernel_signature, kernel_signature, signature_len); |
612 Free(kernel_signature); | 602 Free(kernel_signature); |
613 return 1; | 603 return 1; |
614 } | 604 } |
OLD | NEW |