| Index: vkernel/kernel_image_fw.c
|
| diff --git a/vkernel/kernel_image_fw.c b/vkernel/kernel_image_fw.c
|
| deleted file mode 100644
|
| index afa01dd55cf776a1f3232c2507e5526d16d109b3..0000000000000000000000000000000000000000
|
| --- a/vkernel/kernel_image_fw.c
|
| +++ /dev/null
|
| @@ -1,384 +0,0 @@
|
| -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
| - * Use of this source code is governed by a BSD-style license that can be
|
| - * found in the LICENSE file.
|
| - *
|
| - * Functions for verifying a verified boot kernel image.
|
| - * (Firmware portion)
|
| - */
|
| -
|
| -#include "kernel_image_fw.h"
|
| -
|
| -#include "cryptolib.h"
|
| -#include "rollback_index.h"
|
| -#include "stateful_util.h"
|
| -#include "utility.h"
|
| -
|
| -/* Macro to determine the size of a field structure in the KernelImage
|
| - * structure. */
|
| -#define FIELD_LEN(field) (sizeof(((KernelImage*)0)->field))
|
| -
|
| -char* kVerifyKernelErrors[VERIFY_KERNEL_MAX] = {
|
| - "Success.",
|
| - "Invalid Image.",
|
| - "Kernel Key Signature Failed.",
|
| - "Invalid Kernel Verification Algorithm.",
|
| - "Preamble Signature Failed.",
|
| - "Kernel Signature Failed.",
|
| - "Wrong Kernel Magic.",
|
| -};
|
| -
|
| -inline uint64_t GetKernelPreambleLen(int algorithm) {
|
| - return (FIELD_LEN(kernel_version) +
|
| - FIELD_LEN(kernel_len) +
|
| - FIELD_LEN(bootloader_offset) +
|
| - FIELD_LEN(bootloader_size) +
|
| - FIELD_LEN(padded_header_size) +
|
| - siglen_map[algorithm]);
|
| -}
|
| -
|
| -uint64_t GetVblockHeaderSize(const uint8_t* vkernel_blob) {
|
| - uint64_t len = 0;
|
| - uint16_t firmware_sign_algorithm;
|
| - uint16_t kernel_sign_algorithm;
|
| - int algorithms_offset = (FIELD_LEN(magic) +
|
| - FIELD_LEN(header_version) +
|
| - FIELD_LEN(header_len));
|
| - if (SafeMemcmp(vkernel_blob, KERNEL_MAGIC, KERNEL_MAGIC_SIZE)) {
|
| - debug("Not a valid verified boot kernel blob.\n");
|
| - return 0;
|
| - }
|
| - Memcpy(&firmware_sign_algorithm,
|
| - vkernel_blob + algorithms_offset,
|
| - sizeof(firmware_sign_algorithm));
|
| - Memcpy(&kernel_sign_algorithm,
|
| - vkernel_blob + algorithms_offset + FIELD_LEN(kernel_sign_algorithm),
|
| - sizeof(kernel_sign_algorithm));
|
| - if (firmware_sign_algorithm >= kNumAlgorithms) {
|
| - debug("Invalid firmware signing algorithm.\n");
|
| - return 0;
|
| - }
|
| - if (kernel_sign_algorithm >= kNumAlgorithms) {
|
| - debug("Invalid kernel signing algorithm.\n");
|
| - return 0;
|
| - }
|
| - len = algorithms_offset; /* magic, header length and version. */
|
| - len += (FIELD_LEN(firmware_sign_algorithm) +
|
| - FIELD_LEN(kernel_sign_algorithm) +
|
| - FIELD_LEN(kernel_key_version) +
|
| - RSAProcessedKeySize(kernel_sign_algorithm) + /* kernel_sign_key */
|
| - FIELD_LEN(header_checksum) +
|
| - siglen_map[firmware_sign_algorithm] + /* kernel_key_signature */
|
| - GetKernelPreambleLen(kernel_sign_algorithm) +
|
| - siglen_map[kernel_sign_algorithm]); /* preamble_signature */
|
| - return len;
|
| -}
|
| -
|
| -int VerifyKernelKeyHeader(const uint8_t* firmware_key_blob,
|
| - const uint8_t* header_blob,
|
| - const int dev_mode,
|
| - int* firmware_algorithm,
|
| - int* kernel_algorithm,
|
| - int* kernel_header_len) {
|
| - int kernel_sign_key_len;
|
| - int firmware_sign_key_len;
|
| - uint16_t header_version, header_len;
|
| - uint16_t firmware_sign_algorithm, kernel_sign_algorithm;
|
| - uint8_t* header_checksum = NULL;
|
| -
|
| - /* Base Offset for the header_checksum field. Actual offset is
|
| - * this + kernel_sign_key_len. */
|
| - int base_header_checksum_offset = (FIELD_LEN(header_version) +
|
| - FIELD_LEN(header_len) +
|
| - FIELD_LEN(firmware_sign_algorithm) +
|
| - FIELD_LEN(kernel_sign_algorithm) +
|
| - FIELD_LEN(kernel_key_version));
|
| -
|
| - Memcpy(&header_version, header_blob, sizeof(header_version));
|
| - Memcpy(&header_len, header_blob + FIELD_LEN(header_version),
|
| - sizeof(header_len));
|
| - Memcpy(&firmware_sign_algorithm,
|
| - header_blob + (FIELD_LEN(header_version) +
|
| - FIELD_LEN(header_len)),
|
| - sizeof(firmware_sign_algorithm));
|
| - Memcpy(&kernel_sign_algorithm,
|
| - header_blob + (FIELD_LEN(header_version) +
|
| - FIELD_LEN(header_len) +
|
| - FIELD_LEN(firmware_sign_algorithm)),
|
| - sizeof(kernel_sign_algorithm));
|
| -
|
| - /* TODO(gauravsh): Make this return two different error types depending
|
| - * on whether the firmware or kernel signing algorithm is invalid. */
|
| - if (firmware_sign_algorithm >= kNumAlgorithms)
|
| - return VERIFY_KERNEL_INVALID_ALGORITHM;
|
| - if (kernel_sign_algorithm >= kNumAlgorithms)
|
| - return VERIFY_KERNEL_INVALID_ALGORITHM;
|
| -
|
| - *firmware_algorithm = (int) firmware_sign_algorithm;
|
| - *kernel_algorithm = (int) kernel_sign_algorithm;
|
| - kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm);
|
| - firmware_sign_key_len = RSAProcessedKeySize(firmware_sign_algorithm);
|
| -
|
| -
|
| - /* Verify if header len is correct? */
|
| - if (header_len != (base_header_checksum_offset +
|
| - kernel_sign_key_len +
|
| - FIELD_LEN(header_checksum))) {
|
| - debug("VerifyKernelKeyHeader: Header length mismatch\n");
|
| - return VERIFY_KERNEL_INVALID_IMAGE;
|
| - }
|
| - *kernel_header_len = (int) header_len;
|
| -
|
| - /* Verify if the hash of the header is correct. */
|
| - header_checksum = DigestBuf(header_blob,
|
| - header_len - FIELD_LEN(header_checksum),
|
| - SHA512_DIGEST_ALGORITHM);
|
| - if (SafeMemcmp(header_checksum,
|
| - header_blob + (base_header_checksum_offset +
|
| - kernel_sign_key_len),
|
| - FIELD_LEN(header_checksum))) {
|
| - Free(header_checksum);
|
| - debug("VerifyKernelKeyHeader: Invalid header hash\n");
|
| - return VERIFY_KERNEL_INVALID_IMAGE;
|
| - }
|
| - Free(header_checksum);
|
| -
|
| - /* Verify kernel key signature unless we are in dev mode. */
|
| - if (!dev_mode) {
|
| - if (!RSAVerifyBinary_f(firmware_key_blob, NULL, /* Key to use */
|
| - header_blob, /* Data to verify */
|
| - header_len, /* Length of data */
|
| - header_blob + header_len, /* Expected Signature */
|
| - firmware_sign_algorithm))
|
| - return VERIFY_KERNEL_KEY_SIGNATURE_FAILED;
|
| - }
|
| - return 0;
|
| -}
|
| -
|
| -int VerifyKernelPreamble(RSAPublicKey* kernel_sign_key,
|
| - const uint8_t* preamble_blob,
|
| - int algorithm,
|
| - uint64_t* kernel_len) {
|
| - int preamble_len = GetKernelPreambleLen(algorithm);
|
| - if (!RSAVerifyBinary_f(NULL, kernel_sign_key, /* Key to use */
|
| - preamble_blob, /* Data to verify */
|
| - preamble_len, /* Length of data */
|
| - preamble_blob + preamble_len, /* Expected Signature */
|
| - algorithm))
|
| - return VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED;
|
| - Memcpy(kernel_len,
|
| - preamble_blob + FIELD_LEN(kernel_version),
|
| - FIELD_LEN(kernel_len));
|
| - return 0;
|
| -}
|
| -
|
| -int VerifyKernelData(RSAPublicKey* kernel_sign_key,
|
| - const uint8_t* kernel_signature,
|
| - const uint8_t* kernel_data,
|
| - uint64_t kernel_len,
|
| - int algorithm) {
|
| -
|
| - if (!RSAVerifyBinary_f(NULL, kernel_sign_key, /* Key to use */
|
| - kernel_data, /* Data to verify */
|
| - kernel_len, /* Length of data */
|
| - kernel_signature, /* Expected Signature */
|
| - algorithm))
|
| - return VERIFY_KERNEL_SIGNATURE_FAILED;
|
| - return 0;
|
| -}
|
| -
|
| -int VerifyKernelHeader(const uint8_t* firmware_key_blob,
|
| - const uint8_t* kernel_header_blob,
|
| - uint64_t kernel_header_blob_len,
|
| - const int dev_mode,
|
| - KernelImage* image,
|
| - RSAPublicKey** kernel_sign_key) {
|
| - int error_code;
|
| - int firmware_sign_algorithm; /* Firmware signing key algorithm. */
|
| - int kernel_sign_algorithm; /* Kernel signing key algorithm. */
|
| - int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len,
|
| - header_len;
|
| - uint64_t kernel_len;
|
| - const uint8_t* header_ptr = NULL; /* Pointer to key header. */
|
| - const uint8_t* preamble_ptr = NULL; /* Pointer to start of preamble. */
|
| - MemcpyState st;
|
| -
|
| - /* Note: All the offset calculations are based on struct KernelImage which
|
| - * is defined in include/kernel_image_fw.h. */
|
| - st.remaining_buf = (void *)kernel_header_blob;
|
| - st.remaining_len = kernel_header_blob_len;
|
| - st.overrun = 0;
|
| -
|
| - /* Clear destination image struct */
|
| - Memset(image, 0, sizeof(KernelImage));
|
| -
|
| - /* Read and compare magic bytes. */
|
| - StatefulMemcpy(&st, &image->magic, KERNEL_MAGIC_SIZE);
|
| - if (SafeMemcmp(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE)) {
|
| - return VERIFY_KERNEL_WRONG_MAGIC;
|
| - }
|
| - StatefulMemcpy(&st, &image->header_version, FIELD_LEN(header_version));
|
| - StatefulMemcpy(&st, &image->header_len, FIELD_LEN(header_len));
|
| - StatefulMemcpy(&st, &image->firmware_sign_algorithm,
|
| - FIELD_LEN(firmware_sign_algorithm));
|
| - StatefulMemcpy(&st, &image->kernel_sign_algorithm,
|
| - FIELD_LEN(kernel_sign_algorithm));
|
| -
|
| - header_ptr = kernel_header_blob + KERNEL_MAGIC_SIZE;
|
| -
|
| - /* Only continue if header verification succeeds. */
|
| - if ((error_code = VerifyKernelKeyHeader(firmware_key_blob, header_ptr,
|
| - dev_mode,
|
| - &firmware_sign_algorithm,
|
| - &kernel_sign_algorithm,
|
| - &header_len))) {
|
| - debug("VerifyKernelHeader: Kernel Key Header verification failed.\n");
|
| - return error_code; /* AKA jump to recovery. */
|
| - }
|
| -
|
| - /* Read pre-processed public half of the kernel signing key. */
|
| - kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm);
|
| - StatefulMemcpy(&st, &image->kernel_key_version,
|
| - FIELD_LEN(kernel_key_version));
|
| - image->kernel_sign_key = (uint8_t*)st.remaining_buf;
|
| - StatefulSkip(&st, kernel_sign_key_len);
|
| - StatefulMemcpy(&st, image->header_checksum, FIELD_LEN(header_checksum));
|
| -
|
| - /* Parse signing key into RSAPublicKey structure since it is
|
| - * required multiple times. */
|
| - *kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key,
|
| - kernel_sign_key_len);
|
| - kernel_signature_len = siglen_map[kernel_sign_algorithm];
|
| - kernel_key_signature_len = siglen_map[firmware_sign_algorithm];
|
| - image->kernel_key_signature = (uint8_t*)st.remaining_buf;
|
| - StatefulSkip(&st, kernel_key_signature_len);
|
| -
|
| - /* Only continue if preamble verification succeeds. */
|
| - /* TODO: should pass the remaining len into VerifyKernelPreamble() */
|
| - preamble_ptr = (const uint8_t*)st.remaining_buf;
|
| - if ((error_code = VerifyKernelPreamble(*kernel_sign_key, preamble_ptr,
|
| - kernel_sign_algorithm,
|
| - &kernel_len))) {
|
| - RSAPublicKeyFree(*kernel_sign_key);
|
| - *kernel_sign_key = NULL;
|
| - return error_code; /* AKA jump to recovery. */
|
| - }
|
| -
|
| - /* Copy preamble fields */
|
| - StatefulMemcpy(&st, &image->kernel_version, FIELD_LEN(kernel_version));
|
| - StatefulMemcpy(&st, &image->kernel_len, FIELD_LEN(kernel_len));
|
| - StatefulMemcpy(&st, &image->bootloader_offset, FIELD_LEN(bootloader_offset));
|
| - StatefulMemcpy(&st, &image->bootloader_size, FIELD_LEN(bootloader_size));
|
| - StatefulMemcpy(&st, &image->padded_header_size,
|
| - FIELD_LEN(padded_header_size));
|
| - image->kernel_signature = (uint8_t*)st.remaining_buf;
|
| - StatefulSkip(&st, kernel_signature_len);
|
| - image->preamble_signature = (uint8_t*)st.remaining_buf;
|
| -
|
| - return 0;
|
| -}
|
| -
|
| -int VerifyKernel(const uint8_t* firmware_key_blob,
|
| - const uint8_t* kernel_blob,
|
| - const int dev_mode) {
|
| - int error_code;
|
| - int firmware_sign_algorithm; /* Firmware signing key algorithm. */
|
| - int kernel_sign_algorithm; /* Kernel Signing key algorithm. */
|
| - RSAPublicKey* kernel_sign_key;
|
| - int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len,
|
| - header_len;
|
| - uint64_t kernel_len;
|
| - const uint8_t* header_ptr; /* Pointer to header. */
|
| - const uint8_t* kernel_sign_key_ptr; /* Pointer to signing key. */
|
| - const uint8_t* preamble_ptr; /* Pointer to kernel preamble block. */
|
| - const uint8_t* kernel_ptr; /* Pointer to kernel signature/data. */
|
| - const uint8_t* kernel_signature;
|
| -
|
| - /* Note: All the offset calculations are based on struct FirmwareImage which
|
| - * is defined in include/firmware_image.h. */
|
| -
|
| - /* Compare magic bytes. */
|
| - if (SafeMemcmp(kernel_blob, KERNEL_MAGIC, KERNEL_MAGIC_SIZE)) {
|
| - debug("VerifyKernel: Kernel magic bytes not found.\n");
|
| - return VERIFY_KERNEL_WRONG_MAGIC;
|
| - }
|
| - header_ptr = kernel_blob + KERNEL_MAGIC_SIZE;
|
| -
|
| - /* Only continue if header verification succeeds. */
|
| - if ((error_code = VerifyKernelKeyHeader(firmware_key_blob, header_ptr, dev_mode,
|
| - &firmware_sign_algorithm,
|
| - &kernel_sign_algorithm, &header_len))) {
|
| - debug("VerifyKernel: Kernel header verification failed.\n");
|
| - return error_code; /* AKA jump to recovery. */
|
| - }
|
| - /* Parse signing key into RSAPublicKey structure since it is required multiple
|
| - * times. */
|
| - kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm);
|
| - kernel_sign_key_ptr = header_ptr + (FIELD_LEN(header_version) +
|
| - FIELD_LEN(header_len) +
|
| - FIELD_LEN(firmware_sign_algorithm) +
|
| - FIELD_LEN(kernel_sign_algorithm) +
|
| - FIELD_LEN(kernel_key_version));
|
| - kernel_sign_key = RSAPublicKeyFromBuf(kernel_sign_key_ptr,
|
| - kernel_sign_key_len);
|
| - kernel_signature_len = siglen_map[kernel_sign_algorithm];
|
| - kernel_key_signature_len = siglen_map[firmware_sign_algorithm];
|
| -
|
| - /* Only continue if preamble verification succeeds. */
|
| - preamble_ptr = (header_ptr + header_len + kernel_key_signature_len);
|
| - if ((error_code = VerifyKernelPreamble(kernel_sign_key, preamble_ptr,
|
| - kernel_sign_algorithm,
|
| - &kernel_len))) {
|
| - debug("VerifyKernel: Kernel preamble verification failed.\n");
|
| - RSAPublicKeyFree(kernel_sign_key);
|
| - return error_code; /* AKA jump to recovery. */
|
| - }
|
| - /* Only continue if kernel data verification succeeds. */
|
| - kernel_ptr = (preamble_ptr +
|
| - GetKernelPreambleLen(kernel_sign_algorithm) +
|
| - kernel_signature_len); /* preamble signature. */
|
| - kernel_signature = kernel_ptr - 2 * kernel_signature_len; /* end of kernel
|
| - * preamble. */
|
| -
|
| - if ((error_code = VerifyKernelData(kernel_sign_key, /* Verification key */
|
| - kernel_signature, /* kernel signature */
|
| - kernel_ptr, /* Start of kernel data */
|
| - kernel_len, /* Length of kernel data. */
|
| - kernel_sign_algorithm))) {
|
| - RSAPublicKeyFree(kernel_sign_key);
|
| - return error_code; /* AKA jump to recovery. */
|
| - }
|
| - RSAPublicKeyFree(kernel_sign_key);
|
| - return 0; /* Success! */
|
| -}
|
| -
|
| -uint32_t GetLogicalKernelVersion(uint8_t* kernel_blob) {
|
| - uint8_t* kernel_ptr;
|
| - uint16_t kernel_key_version;
|
| - uint16_t kernel_version;
|
| - uint16_t firmware_sign_algorithm;
|
| - uint16_t kernel_sign_algorithm;
|
| - int kernel_key_signature_len;
|
| - int kernel_sign_key_len;
|
| - kernel_ptr = kernel_blob + (FIELD_LEN(magic) +
|
| - FIELD_LEN(header_version) +
|
| - FIELD_LEN(header_len));
|
| - Memcpy(&firmware_sign_algorithm, kernel_ptr, sizeof(firmware_sign_algorithm));
|
| - kernel_ptr += FIELD_LEN(firmware_sign_algorithm);
|
| - Memcpy(&kernel_sign_algorithm, kernel_ptr, sizeof(kernel_sign_algorithm));
|
| - kernel_ptr += FIELD_LEN(kernel_sign_algorithm);
|
| - Memcpy(&kernel_key_version, kernel_ptr, sizeof(kernel_key_version));
|
| -
|
| - if (firmware_sign_algorithm >= kNumAlgorithms)
|
| - return 0;
|
| - if (kernel_sign_algorithm >= kNumAlgorithms)
|
| - return 0;
|
| -
|
| - kernel_key_signature_len = siglen_map[firmware_sign_algorithm];
|
| - kernel_sign_key_len = RSAProcessedKeySize(kernel_sign_algorithm);
|
| - kernel_ptr += (FIELD_LEN(kernel_key_version) +
|
| - kernel_sign_key_len +
|
| - FIELD_LEN(header_checksum) +
|
| - kernel_key_signature_len);
|
| - Memcpy(&kernel_version, kernel_ptr, sizeof(kernel_version));
|
| - return CombineUint16Pair(kernel_key_version, kernel_version);
|
| -}
|
|
|
Chromium Code Reviews
Issue 2815011:
Remove unused files, and tidy the directory structure of the remaining ones. (Closed)
Base URL: ssh://gitrw.chromium.org/vboot_reference.git