| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for generating and manipulating a verified boot kernel image. | 5 * Functions for generating and manipulating a verified boot kernel image. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "kernel_image.h" | 8 #include "kernel_image.h" |
| 9 | 9 |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 482 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 493 FIELD_LEN(kernel_key_version)); | 493 FIELD_LEN(kernel_key_version)); |
| 494 kernel_sign_key = RSAPublicKeyFromBuf(kernel_sign_key_ptr, | 494 kernel_sign_key = RSAPublicKeyFromBuf(kernel_sign_key_ptr, |
| 495 kernel_sign_key_len); | 495 kernel_sign_key_len); |
| 496 kernel_signature_len = siglen_map[kernel_sign_algorithm]; | 496 kernel_signature_len = siglen_map[kernel_sign_algorithm]; |
| 497 kernel_key_signature_len = siglen_map[firmware_sign_algorithm]; | 497 kernel_key_signature_len = siglen_map[firmware_sign_algorithm]; |
| 498 | 498 |
| 499 /* Only continue if config verification succeeds. */ | 499 /* Only continue if config verification succeeds. */ |
| 500 config_ptr = (header_ptr + header_len + kernel_key_signature_len); | 500 config_ptr = (header_ptr + header_len + kernel_key_signature_len); |
| 501 if ((error_code = VerifyKernelConfig(kernel_sign_key, config_ptr, | 501 if ((error_code = VerifyKernelConfig(kernel_sign_key, config_ptr, |
| 502 kernel_sign_algorithm, | 502 kernel_sign_algorithm, |
| 503 &kernel_len))) | 503 &kernel_len))) { |
| 504 RSAPublicKeyFree(kernel_sign_key); |
| 504 return error_code; /* AKA jump to recovery. */ | 505 return error_code; /* AKA jump to recovery. */ |
| 506 } |
| 505 /* Only continue if kernel data verification succeeds. */ | 507 /* Only continue if kernel data verification succeeds. */ |
| 506 kernel_ptr = (config_ptr + | 508 kernel_ptr = (config_ptr + |
| 507 FIELD_LEN(kernel_version) + | 509 FIELD_LEN(kernel_version) + |
| 508 FIELD_LEN(options.version) + | 510 FIELD_LEN(options.version) + |
| 509 FIELD_LEN(options.kernel_len) + | 511 FIELD_LEN(options.kernel_len) + |
| 510 FIELD_LEN(options.kernel_entry_addr) + | 512 FIELD_LEN(options.kernel_entry_addr) + |
| 511 FIELD_LEN(options.kernel_load_addr) + | 513 FIELD_LEN(options.kernel_load_addr) + |
| 512 kernel_signature_len); | 514 kernel_signature_len); |
| 513 | 515 |
| 514 if ((error_code = VerifyKernelData(kernel_sign_key, kernel_ptr, kernel_len, | 516 if ((error_code = VerifyKernelData(kernel_sign_key, kernel_ptr, kernel_len, |
| 515 kernel_sign_algorithm))) | 517 kernel_sign_algorithm))) { |
| 518 RSAPublicKeyFree(kernel_sign_key); |
| 516 return error_code; /* AKA jump to recovery. */ | 519 return error_code; /* AKA jump to recovery. */ |
| 520 } |
| 521 RSAPublicKeyFree(kernel_sign_key); |
| 517 return 0; /* Success! */ | 522 return 0; /* Success! */ |
| 518 } | 523 } |
| 519 | 524 |
| 520 int VerifyKernelImage(const RSAPublicKey* firmware_key, | 525 int VerifyKernelImage(const RSAPublicKey* firmware_key, |
| 521 const KernelImage* image, | 526 const KernelImage* image, |
| 522 const int dev_mode) { | 527 const int dev_mode) { |
| 523 RSAPublicKey* kernel_sign_key; | 528 RSAPublicKey* kernel_sign_key = NULL; |
| 524 uint8_t* header_digest = NULL; | 529 uint8_t* header_digest = NULL; |
| 525 uint8_t* config_digest = NULL; | 530 uint8_t* config_digest = NULL; |
| 526 uint8_t* kernel_digest = NULL; | 531 uint8_t* kernel_digest = NULL; |
| 527 int kernel_sign_key_size; | 532 int kernel_sign_key_size; |
| 528 int kernel_signature_size; | 533 int kernel_signature_size; |
| 529 int error_code = 0; | 534 int error_code = 0; |
| 530 DigestContext ctx; | 535 DigestContext ctx; |
| 531 | 536 |
| 532 if (!image) | 537 if (!image) |
| 533 return VERIFY_KERNEL_INVALID_IMAGE; | 538 return VERIFY_KERNEL_INVALID_IMAGE; |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 603 image->options.kernel_len, | 608 image->options.kernel_len, |
| 604 image->kernel_sign_algorithm); | 609 image->kernel_sign_algorithm); |
| 605 if (!RSAVerify(kernel_sign_key, image->kernel_signature, | 610 if (!RSAVerify(kernel_sign_key, image->kernel_signature, |
| 606 kernel_signature_size, image->kernel_sign_algorithm, | 611 kernel_signature_size, image->kernel_sign_algorithm, |
| 607 kernel_digest)) { | 612 kernel_digest)) { |
| 608 error_code = VERIFY_KERNEL_SIGNATURE_FAILED; | 613 error_code = VERIFY_KERNEL_SIGNATURE_FAILED; |
| 609 goto verify_failure; | 614 goto verify_failure; |
| 610 } | 615 } |
| 611 | 616 |
| 612 verify_failure: | 617 verify_failure: |
| 618 RSAPublicKeyFree(kernel_sign_key); |
| 613 Free(kernel_digest); | 619 Free(kernel_digest); |
| 614 Free(config_digest); | 620 Free(config_digest); |
| 615 Free(header_digest); | 621 Free(header_digest); |
| 616 return error_code; | 622 return error_code; |
| 617 } | 623 } |
| 618 | 624 |
| 619 const char* VerifyKernelErrorString(int error) { | 625 const char* VerifyKernelErrorString(int error) { |
| 620 return kVerifyKernelErrors[error]; | 626 return kVerifyKernelErrors[error]; |
| 621 } | 627 } |
| 622 | 628 |
| 623 int AddKernelKeySignature(KernelImage* image, const char* firmware_key_file) { | 629 int AddKernelKeySignature(KernelImage* image, const char* firmware_key_file) { |
| 624 uint8_t* header_blob = NULL; | 630 uint8_t* header_blob = NULL; |
| 625 uint8_t* signature; | 631 uint8_t* signature = NULL; |
| 626 int signature_len = siglen_map[image->firmware_sign_algorithm]; | 632 int signature_len = siglen_map[image->firmware_sign_algorithm]; |
| 627 if (!image || !firmware_key_file) | 633 if (!image || !firmware_key_file) |
| 628 return 0; | 634 return 0; |
| 629 header_blob = GetKernelHeaderBlob(image); | 635 header_blob = GetKernelHeaderBlob(image); |
| 630 if (!header_blob) | 636 if (!header_blob) |
| 631 return 0; | 637 return 0; |
| 632 if (!(signature = SignatureBuf(header_blob, | 638 if (!(signature = SignatureBuf(header_blob, |
| 633 GetKernelHeaderLen(image), | 639 GetKernelHeaderLen(image), |
| 634 firmware_key_file, | 640 firmware_key_file, |
| 635 image->firmware_sign_algorithm))) { | 641 image->firmware_sign_algorithm))) { |
| 636 Free(header_blob); | 642 Free(header_blob); |
| 637 return 0; | 643 return 0; |
| 638 } | 644 } |
| 639 image->kernel_key_signature = Malloc(signature_len); | 645 image->kernel_key_signature = Malloc(signature_len); |
| 640 Memcpy(image->kernel_key_signature, signature, signature_len); | 646 Memcpy(image->kernel_key_signature, signature, signature_len); |
| 641 Free(signature); | 647 Free(signature); |
| 642 Free(header_blob); | 648 Free(header_blob); |
| 643 return 1; | 649 return 1; |
| 644 } | 650 } |
| 645 | 651 |
| 646 int AddKernelSignature(KernelImage* image, | 652 int AddKernelSignature(KernelImage* image, |
| 647 const char* kernel_signing_key_file) { | 653 const char* kernel_signing_key_file) { |
| 648 uint8_t* config_blob; | 654 uint8_t* config_blob = NULL; |
| 649 uint8_t* config_signature; | 655 uint8_t* config_signature = NULL; |
| 650 uint8_t* kernel_signature; | 656 uint8_t* kernel_signature = NULL; |
| 651 int signature_len = siglen_map[image->kernel_sign_algorithm]; | 657 int signature_len = siglen_map[image->kernel_sign_algorithm]; |
| 652 | 658 |
| 653 config_blob = GetKernelConfigBlob(image); | 659 config_blob = GetKernelConfigBlob(image); |
| 654 if (!(config_signature = SignatureBuf(config_blob, | 660 if (!(config_signature = SignatureBuf(config_blob, |
| 655 GetKernelConfigLen(image), | 661 GetKernelConfigLen(image), |
| 656 kernel_signing_key_file, | 662 kernel_signing_key_file, |
| 657 image->kernel_sign_algorithm))) { | 663 image->kernel_sign_algorithm))) { |
| 658 fprintf(stderr, "Could not compute signature on the kernel config.\n"); | 664 fprintf(stderr, "Could not compute signature on the kernel config.\n"); |
| 659 Free(config_blob); | 665 Free(config_blob); |
| 660 return 0; | 666 return 0; |
| 661 } | 667 } |
| 668 Free(config_blob); |
| 662 | 669 |
| 663 image->config_signature = (uint8_t*) Malloc(signature_len); | 670 image->config_signature = (uint8_t*) Malloc(signature_len); |
| 664 Memcpy(image->config_signature, config_signature, signature_len); | 671 Memcpy(image->config_signature, config_signature, signature_len); |
| 665 Free(config_signature); | 672 Free(config_signature); |
| 666 | 673 |
| 667 if (!(kernel_signature = SignatureBuf(image->kernel_data, | 674 if (!(kernel_signature = SignatureBuf(image->kernel_data, |
| 668 image->options.kernel_len, | 675 image->options.kernel_len, |
| 669 kernel_signing_key_file, | 676 kernel_signing_key_file, |
| 670 image->kernel_sign_algorithm))) { | 677 image->kernel_sign_algorithm))) { |
| 671 fprintf(stderr, "Could not compute signature on the kernel.\n"); | 678 fprintf(stderr, "Could not compute signature on the kernel.\n"); |
| 672 return 0; | 679 return 0; |
| 673 } | 680 } |
| 674 image->kernel_signature = (uint8_t*) Malloc(signature_len); | 681 image->kernel_signature = (uint8_t*) Malloc(signature_len); |
| 675 Memcpy(image->kernel_signature, kernel_signature, signature_len); | 682 Memcpy(image->kernel_signature, kernel_signature, signature_len); |
| 676 Free(kernel_signature); | 683 Free(kernel_signature); |
| 677 return 1; | 684 return 1; |
| 678 } | 685 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 858008:
VBoot Reference: Fix many memory leaks. (Closed)
