OLD | NEW |
1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Common functions between firmware and kernel verified boot. | 5 * Common functions between firmware and kernel verified boot. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 | 9 |
10 #include "vboot_common.h" | 10 #include "vboot_common.h" |
(...skipping 315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
326 VBDEBUG(("Preamble signature validation failed\n")); | 326 VBDEBUG(("Preamble signature validation failed\n")); |
327 return VBOOT_PREAMBLE_SIGNATURE; | 327 return VBOOT_PREAMBLE_SIGNATURE; |
328 } | 328 } |
329 | 329 |
330 /* Verify we signed enough data */ | 330 /* Verify we signed enough data */ |
331 if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) { | 331 if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) { |
332 VBDEBUG(("Didn't sign enough data\n")); | 332 VBDEBUG(("Didn't sign enough data\n")); |
333 return VBOOT_PREAMBLE_INVALID; | 333 return VBOOT_PREAMBLE_INVALID; |
334 } | 334 } |
335 | 335 |
336 /* Verify body signature is inside the block */ | 336 /* Verify body signature is inside the signed data */ |
337 if (VerifySignatureInside(preamble, preamble->preamble_size, | 337 if (VerifySignatureInside(preamble, sig->data_size, |
338 &preamble->body_signature)) { | 338 &preamble->body_signature)) { |
339 VBDEBUG(("Firmware body signature off end of preamble\n")); | 339 VBDEBUG(("Firmware body signature off end of preamble\n")); |
340 return VBOOT_PREAMBLE_INVALID; | 340 return VBOOT_PREAMBLE_INVALID; |
341 } | 341 } |
342 | 342 |
343 /* Verify kernel subkey is inside the block */ | 343 /* Verify kernel subkey is inside the signed data */ |
344 if (VerifyPublicKeyInside(preamble, preamble->preamble_size, | 344 if (VerifyPublicKeyInside(preamble, sig->data_size, |
345 &preamble->kernel_subkey)) { | 345 &preamble->kernel_subkey)) { |
346 VBDEBUG(("Kernel subkey off end of preamble\n")); | 346 VBDEBUG(("Kernel subkey off end of preamble\n")); |
347 return VBOOT_PREAMBLE_INVALID; | 347 return VBOOT_PREAMBLE_INVALID; |
348 } | 348 } |
349 | 349 |
350 /* Success */ | 350 /* Success */ |
351 return VBOOT_SUCCESS; | 351 return VBOOT_SUCCESS; |
352 } | 352 } |
353 | 353 |
354 | 354 |
(...skipping 25 matching lines...) Expand all Loading... |
380 VBDEBUG(("Preamble signature validation failed\n")); | 380 VBDEBUG(("Preamble signature validation failed\n")); |
381 return VBOOT_PREAMBLE_SIGNATURE; | 381 return VBOOT_PREAMBLE_SIGNATURE; |
382 } | 382 } |
383 | 383 |
384 /* Verify we signed enough data */ | 384 /* Verify we signed enough data */ |
385 if (sig->data_size < sizeof(VbKernelPreambleHeader)) { | 385 if (sig->data_size < sizeof(VbKernelPreambleHeader)) { |
386 VBDEBUG(("Didn't sign enough data\n")); | 386 VBDEBUG(("Didn't sign enough data\n")); |
387 return VBOOT_PREAMBLE_INVALID; | 387 return VBOOT_PREAMBLE_INVALID; |
388 } | 388 } |
389 | 389 |
390 /* Verify body signature is inside the block */ | 390 /* Verify body signature is inside the signed data */ |
391 if (VerifySignatureInside(preamble, preamble->preamble_size, | 391 if (VerifySignatureInside(preamble, sig->data_size, |
392 &preamble->body_signature)) { | 392 &preamble->body_signature)) { |
393 VBDEBUG(("Kernel body signature off end of preamble\n")); | 393 VBDEBUG(("Kernel body signature off end of preamble\n")); |
394 return VBOOT_PREAMBLE_INVALID; | 394 return VBOOT_PREAMBLE_INVALID; |
395 } | 395 } |
396 | 396 |
397 /* Success */ | 397 /* Success */ |
398 return VBOOT_SUCCESS; | 398 return VBOOT_SUCCESS; |
399 } | 399 } |
400 | 400 |
401 | 401 |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
462 return VBOOT_SHARED_DATA_INVALID; | 462 return VBOOT_SHARED_DATA_INVALID; |
463 header->kernel_subkey_data_size = src->key_size; | 463 header->kernel_subkey_data_size = src->key_size; |
464 } | 464 } |
465 | 465 |
466 /* Copy the kernel sign key blob into the destination buffer */ | 466 /* Copy the kernel sign key blob into the destination buffer */ |
467 PublicKeyInit(kdest, (uint8_t*)header + header->kernel_subkey_data_offset, | 467 PublicKeyInit(kdest, (uint8_t*)header + header->kernel_subkey_data_offset, |
468 header->kernel_subkey_data_size); | 468 header->kernel_subkey_data_size); |
469 | 469 |
470 return PublicKeyCopy(kdest, src); | 470 return PublicKeyCopy(kdest, src); |
471 } | 471 } |
OLD | NEW |