OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Host functions for verified boot. | 5 * Host functions for verified boot. |
6 */ | 6 */ |
7 | 7 |
8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ | 8 /* TODO: change all 'return 0', 'return 1' into meaningful return codes */ |
9 | 9 |
10 #include "host_keyblock.h" | 10 #include "host_keyblock.h" |
11 | 11 |
12 #include "cryptolib.h" | 12 #include "cryptolib.h" |
13 #include "host_common.h" | 13 #include "host_common.h" |
14 #include "utility.h" | 14 #include "utility.h" |
15 #include "vboot_common.h" | 15 #include "vboot_common.h" |
16 | 16 |
17 | 17 |
18 VbKeyBlockHeader* KeyBlockCreate(const VbPublicKey* data_key, | 18 VbKeyBlockHeader* KeyBlockCreate(const VbPublicKey* data_key, |
19 const VbPrivateKey* signing_key, | 19 const VbPrivateKey* signing_key, |
20 uint64_t flags) { | 20 uint64_t flags) { |
21 | 21 |
22 VbKeyBlockHeader* h; | 22 VbKeyBlockHeader* h; |
23 uint64_t signed_size = sizeof(VbKeyBlockHeader) + data_key->key_size; | 23 uint64_t signed_size = sizeof(VbKeyBlockHeader) + data_key->key_size; |
24 uint64_t block_size = (signed_size + SHA512_DIGEST_SIZE + | 24 uint64_t block_size = (signed_size + SHA512_DIGEST_SIZE + |
25 siglen_map[signing_key->algorithm]); | 25 (signing_key ? siglen_map[signing_key->algorithm] : 0))
; |
26 uint8_t* data_key_dest; | 26 uint8_t* data_key_dest; |
27 uint8_t* block_sig_dest; | 27 uint8_t* block_sig_dest; |
28 uint8_t* block_chk_dest; | 28 uint8_t* block_chk_dest; |
29 VbSignature *sigtmp; | 29 VbSignature *sigtmp; |
30 | 30 |
31 /* Allocate key block */ | 31 /* Allocate key block */ |
32 h = (VbKeyBlockHeader*)Malloc(block_size); | 32 h = (VbKeyBlockHeader*)Malloc(block_size); |
33 if (!h) | 33 if (!h) |
34 return NULL; | 34 return NULL; |
35 data_key_dest = (uint8_t*)(h + 1); | 35 data_key_dest = (uint8_t*)(h + 1); |
36 block_chk_dest = data_key_dest + data_key->key_size; | 36 block_chk_dest = data_key_dest + data_key->key_size; |
37 block_sig_dest = block_chk_dest + SHA512_DIGEST_SIZE; | 37 block_sig_dest = block_chk_dest + SHA512_DIGEST_SIZE; |
38 | 38 |
39 Memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); | 39 Memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); |
40 h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; | 40 h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; |
41 h->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; | 41 h->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; |
42 h->key_block_size = block_size; | 42 h->key_block_size = block_size; |
43 h->key_block_flags = flags; | 43 h->key_block_flags = flags; |
44 | 44 |
45 /* Copy data key */ | 45 /* Copy data key */ |
46 PublicKeyInit(&h->data_key, data_key_dest, data_key->key_size); | 46 PublicKeyInit(&h->data_key, data_key_dest, data_key->key_size); |
47 PublicKeyCopy(&h->data_key, data_key); | 47 PublicKeyCopy(&h->data_key, data_key); |
48 | 48 |
49 /* Set up signature structs so we can calculate the signatures */ | 49 /* Set up signature structs so we can calculate the signatures */ |
50 SignatureInit(&h->key_block_checksum, block_chk_dest, | 50 SignatureInit(&h->key_block_checksum, block_chk_dest, |
51 SHA512_DIGEST_SIZE, signed_size); | 51 SHA512_DIGEST_SIZE, signed_size); |
52 SignatureInit(&h->key_block_signature, block_sig_dest, | 52 if (signing_key) |
53 siglen_map[signing_key->algorithm], signed_size); | 53 SignatureInit(&h->key_block_signature, block_sig_dest, |
| 54 siglen_map[signing_key->algorithm], signed_size); |
| 55 else |
| 56 Memset(&h->key_block_signature, 0, sizeof(VbSignature)); |
54 | 57 |
55 /* Calculate checksum */ | 58 /* Calculate checksum */ |
56 sigtmp = CalculateChecksum((uint8_t*)h, signed_size); | 59 sigtmp = CalculateChecksum((uint8_t*)h, signed_size); |
57 SignatureCopy(&h->key_block_checksum, sigtmp); | 60 SignatureCopy(&h->key_block_checksum, sigtmp); |
58 Free(sigtmp); | 61 Free(sigtmp); |
59 | 62 |
60 /* Calculate signature */ | 63 /* Calculate signature */ |
61 sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key); | 64 if (signing_key) { |
62 SignatureCopy(&h->key_block_signature, sigtmp); | 65 sigtmp = CalculateSignature((uint8_t*)h, signed_size, signing_key); |
63 Free(sigtmp); | 66 SignatureCopy(&h->key_block_signature, sigtmp); |
| 67 Free(sigtmp); |
| 68 } |
64 | 69 |
65 /* Return the header */ | 70 /* Return the header */ |
66 return h; | 71 return h; |
67 } | 72 } |
68 | 73 |
69 | 74 |
70 /* Read a key block from a .keyblock file. Caller owns the returned | 75 /* Read a key block from a .keyblock file. Caller owns the returned |
71 * pointer, and must free it with Free(). | 76 * pointer, and must free it with Free(). |
72 * | 77 * |
73 * Returns NULL if error. */ | 78 * Returns NULL if error. */ |
(...skipping 23 matching lines...) Expand all Loading... |
97 /* Write a key block to a file in .keyblock format. */ | 102 /* Write a key block to a file in .keyblock format. */ |
98 int KeyBlockWrite(const char* filename, const VbKeyBlockHeader* key_block) { | 103 int KeyBlockWrite(const char* filename, const VbKeyBlockHeader* key_block) { |
99 | 104 |
100 if (0 != WriteFile(filename, key_block, key_block->key_block_size)) { | 105 if (0 != WriteFile(filename, key_block, key_block->key_block_size)) { |
101 VBDEBUG(("KeyBlockWrite() error writing key block\n")); | 106 VBDEBUG(("KeyBlockWrite() error writing key block\n")); |
102 return 1; | 107 return 1; |
103 } | 108 } |
104 | 109 |
105 return 0; | 110 return 0; |
106 } | 111 } |
OLD | NEW |