OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Common functions between firmware and kernel verified boot. | 5 * Common functions between firmware and kernel verified boot. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 | 9 |
10 #include "vboot_common.h" | 10 #include "vboot_common.h" |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 } | 174 } |
175 if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) { | 175 if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) { |
176 VBDEBUG(("Incompatible key block header version.\n")); | 176 VBDEBUG(("Incompatible key block header version.\n")); |
177 return VBOOT_KEY_BLOCK_INVALID; | 177 return VBOOT_KEY_BLOCK_INVALID; |
178 } | 178 } |
179 if (size < block->key_block_size) { | 179 if (size < block->key_block_size) { |
180 VBDEBUG(("Not enough data for key block.\n")); | 180 VBDEBUG(("Not enough data for key block.\n")); |
181 return VBOOT_KEY_BLOCK_INVALID; | 181 return VBOOT_KEY_BLOCK_INVALID; |
182 } | 182 } |
183 | 183 |
184 /* Check signature or hash, depending on whether we have a key. */ | 184 /* Check signature or hash, depending on whether we provide a key. Note that |
| 185 * we don't require a key even if the keyblock has a signature, because the |
| 186 * caller may not care if the keyblock itself is signed (for example, booting |
| 187 * a Google-signed kernel in developer mode). |
| 188 */ |
185 if (key) { | 189 if (key) { |
186 /* Check signature */ | 190 /* Check signature */ |
187 RSAPublicKey* rsa; | 191 RSAPublicKey* rsa; |
188 int rv; | 192 int rv; |
189 | 193 |
190 sig = &block->key_block_signature; | 194 sig = &block->key_block_signature; |
191 | 195 |
192 if (VerifySignatureInside(block, block->key_block_size, sig)) { | 196 if (VerifySignatureInside(block, block->key_block_size, sig)) { |
193 VBDEBUG(("Key block signature off end of block\n")); | 197 VBDEBUG(("Key block signature off end of block\n")); |
194 return VBOOT_KEY_BLOCK_INVALID; | 198 return VBOOT_KEY_BLOCK_INVALID; |
195 } | 199 } |
196 | 200 |
197 rsa = PublicKeyToRSA(key); | 201 rsa = PublicKeyToRSA(key); |
198 if (!rsa) { | 202 if (!rsa) { |
199 VBDEBUG(("Invalid public key\n")); | 203 VBDEBUG(("Invalid public key\n")); |
200 return VBOOT_PUBLIC_KEY_INVALID; | 204 return VBOOT_PUBLIC_KEY_INVALID; |
201 } | 205 } |
202 | 206 |
203 /* Make sure advertised signature data sizes are sane. */ | 207 /* Make sure advertised signature data sizes are sane. */ |
204 if (block->key_block_size < sig->data_size) { | 208 if (block->key_block_size < sig->data_size) { |
205 VBDEBUG(("Signature calculated past end of the block\n")); | 209 VBDEBUG(("Signature calculated past end of the block\n")); |
206 return VBOOT_KEY_BLOCK_INVALID; | 210 return VBOOT_KEY_BLOCK_INVALID; |
207 } | 211 } |
| 212 VBDEBUG(("Checking key block signature...\n")); |
208 rv = VerifyData((const uint8_t*)block, size, sig, rsa); | 213 rv = VerifyData((const uint8_t*)block, size, sig, rsa); |
209 RSAPublicKeyFree(rsa); | 214 RSAPublicKeyFree(rsa); |
210 if (rv) | 215 if (rv) { |
| 216 VBDEBUG(("Invalid key block signature.\n")); |
211 return VBOOT_KEY_BLOCK_SIGNATURE; | 217 return VBOOT_KEY_BLOCK_SIGNATURE; |
| 218 } |
212 } else { | 219 } else { |
213 /* Check hash */ | 220 /* Check hash */ |
214 uint8_t* header_checksum = NULL; | 221 uint8_t* header_checksum = NULL; |
215 int rv; | 222 int rv; |
216 | 223 |
217 sig = &block->key_block_checksum; | 224 sig = &block->key_block_checksum; |
218 | 225 |
219 if (VerifySignatureInside(block, block->key_block_size, sig)) { | 226 if (VerifySignatureInside(block, block->key_block_size, sig)) { |
220 VBDEBUG(("Key block hash off end of block\n")); | 227 VBDEBUG(("Key block hash off end of block\n")); |
221 return VBOOT_KEY_BLOCK_INVALID; | 228 return VBOOT_KEY_BLOCK_INVALID; |
222 } | 229 } |
223 if (sig->sig_size != SHA512_DIGEST_SIZE) { | 230 if (sig->sig_size != SHA512_DIGEST_SIZE) { |
224 VBDEBUG(("Wrong hash size for key block.\n")); | 231 VBDEBUG(("Wrong hash size for key block.\n")); |
225 return VBOOT_KEY_BLOCK_INVALID; | 232 return VBOOT_KEY_BLOCK_INVALID; |
226 } | 233 } |
227 | 234 |
| 235 VBDEBUG(("Checking key block hash only...\n")); |
228 header_checksum = DigestBuf((const uint8_t*)block, sig->data_size, | 236 header_checksum = DigestBuf((const uint8_t*)block, sig->data_size, |
229 SHA512_DIGEST_ALGORITHM); | 237 SHA512_DIGEST_ALGORITHM); |
230 rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), | 238 rv = SafeMemcmp(header_checksum, GetSignatureDataC(sig), |
231 SHA512_DIGEST_SIZE); | 239 SHA512_DIGEST_SIZE); |
232 Free(header_checksum); | 240 Free(header_checksum); |
233 if (rv) { | 241 if (rv) { |
234 VBDEBUG(("Invalid key block hash.\n")); | 242 VBDEBUG(("Invalid key block hash.\n")); |
235 return VBOOT_KEY_BLOCK_HASH; | 243 return VBOOT_KEY_BLOCK_HASH; |
236 } | 244 } |
237 } | 245 } |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
349 /* Verify body signature is inside the block */ | 357 /* Verify body signature is inside the block */ |
350 if (VerifySignatureInside(preamble, preamble->preamble_size, | 358 if (VerifySignatureInside(preamble, preamble->preamble_size, |
351 &preamble->body_signature)) { | 359 &preamble->body_signature)) { |
352 VBDEBUG(("Kernel body signature off end of preamble\n")); | 360 VBDEBUG(("Kernel body signature off end of preamble\n")); |
353 return VBOOT_PREAMBLE_INVALID; | 361 return VBOOT_PREAMBLE_INVALID; |
354 } | 362 } |
355 | 363 |
356 /* Success */ | 364 /* Success */ |
357 return VBOOT_SUCCESS; | 365 return VBOOT_SUCCESS; |
358 } | 366 } |
OLD | NEW |