diff options
author | Joel Kitching <kitching@google.com> | 2019-10-07 23:14:33 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-12-24 16:28:47 +0000 |
commit | 80c1a85a87e589ed74962cad98f4892dbe6a3283 (patch) | |
tree | d61e7d365a7607c9f22a680fc2bf47375c3f96be | |
parent | d9ddac88c99d8df5b7dde618e43807f3c0dd6080 (diff) | |
download | vboot-80c1a85a87e589ed74962cad98f4892dbe6a3283.tar.gz |
vboot: fold lib20/common.c into 2lib/2common.c
Also rename tests.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ic79e7bc233ab93283d2be78ca9a08322b317d11d
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1844600
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
-rw-r--r-- | Makefile | 20 | ||||
-rw-r--r-- | firmware/2lib/2common.c | 215 | ||||
-rw-r--r-- | firmware/2lib/include/2common.h | 76 | ||||
-rw-r--r-- | firmware/lib20/common.c | 228 | ||||
-rw-r--r-- | firmware/lib20/include/vb2_common.h | 76 | ||||
-rw-r--r-- | tests/vb20_common_tests.c | 29 | ||||
-rw-r--r-- | tests/vb2_common2_tests.c (renamed from tests/vb20_common2_tests.c) | 0 | ||||
-rw-r--r-- | tests/vb2_common3_tests.c (renamed from tests/vb20_common3_tests.c) | 0 |
8 files changed, 300 insertions, 344 deletions
@@ -384,7 +384,6 @@ FWLIB2X_SRCS = \ FWLIB20_SRCS = \ firmware/lib20/api_kernel.c \ - firmware/lib20/common.c \ firmware/lib20/kernel.c \ firmware/lib20/misc.c \ firmware/lib20/packed_key.c @@ -501,6 +500,7 @@ HOSTLIB_SRCS = \ firmware/2lib/2crc8.c \ firmware/2lib/2hmac.c \ firmware/2lib/2nvstorage.c \ + firmware/2lib/2rsa.c \ firmware/2lib/2sha1.c \ firmware/2lib/2sha256.c \ firmware/2lib/2sha512.c \ @@ -725,6 +725,8 @@ TEST2X_NAMES = \ tests/vb2_api_tests \ tests/vb2_auxfw_sync_tests \ tests/vb2_common_tests \ + tests/vb2_common2_tests \ + tests/vb2_common3_tests \ tests/vb2_ec_sync_tests \ tests/vb2_gbb_tests \ tests/vb2_misc_tests \ @@ -738,10 +740,7 @@ TEST2X_NAMES = \ TEST20_NAMES = \ tests/vb20_api_kernel_tests \ - tests/vb20_common_tests \ - tests/vb20_common2_tests \ tests/vb20_verify_fw.c \ - tests/vb20_common3_tests \ tests/vb20_kernel_tests \ tests/vb20_misc_tests \ tests/vb20_rsa_padding_tests \ @@ -1150,8 +1149,8 @@ ${BUILD}/utility/pad_digest_utility: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/utility/signature_digest_utility: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/utility/verify_data: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb20_common2_tests: LDLIBS += ${CRYPTO_LIBS} -${BUILD}/tests/vb20_common3_tests: LDLIBS += ${CRYPTO_LIBS} +${BUILD}/tests/vb2_common2_tests: LDLIBS += ${CRYPTO_LIBS} +${BUILD}/tests/vb2_common3_tests: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/verify_kernel: LDLIBS += ${CRYPTO_LIBS} ${BUILD}/tests/hmac_test: LDLIBS += ${CRYPTO_LIBS} @@ -1289,6 +1288,8 @@ run2tests: test_setup ${RUNTEST} ${BUILD_RUN}/tests/vb2_api_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_auxfw_sync_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_common_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb2_ec_sync_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_gbb_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_misc_tests @@ -1299,9 +1300,6 @@ run2tests: test_setup ${RUNTEST} ${BUILD_RUN}/tests/vb2_secdata_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vb2_sha_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_api_kernel_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb20_common_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb20_common2_tests ${TEST_KEYS} - ${RUNTEST} ${BUILD_RUN}/tests/vb20_common3_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb20_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_misc_tests ${RUNTEST} ${BUILD_RUN}/tests/vb21_api_tests @@ -1326,8 +1324,8 @@ runfutiltests: test_setup # Not run by automated build. .PHONY: runlongtests runlongtests: test_setup genkeys genfuzztestcases - ${RUNTEST} ${BUILD_RUN}/tests/vb20_common2_tests ${TEST_KEYS} --all - ${RUNTEST} ${BUILD_RUN}/tests/vb20_common3_tests ${TEST_KEYS} --all + ${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} --all + ${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} --all ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} --all tests/run_preamble_tests.sh --all tests/run_vbutil_tests.sh --all diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index 6da2fc3e..b05e7245 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -148,3 +148,218 @@ vb2_error_t vb2_verify_member_inside(const void *parent, size_t parent_size, return VB2_SUCCESS; } + +vb2_error_t vb2_verify_digest(const struct vb2_public_key *key, + struct vb2_signature *sig, const uint8_t *digest, + const struct vb2_workbuf *wb) +{ + /* A signature is destroyed in the process of being verified. */ + uint8_t *sig_data = vb2_signature_data_mutable(sig); + + if (sig->sig_size != vb2_rsa_sig_size(key->sig_alg)) { + VB2_DEBUG("Wrong data signature size for algorithm, " + "sig_size=%d, expected %d for algorithm %d.\n", + sig->sig_size, vb2_rsa_sig_size(key->sig_alg), + key->sig_alg); + return VB2_ERROR_VDATA_SIG_SIZE; + } + + return vb2_rsa_verify_digest(key, sig_data, digest, wb); +} + +vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, + struct vb2_signature *sig, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb) +{ + struct vb2_workbuf wblocal = *wb; + struct vb2_digest_context *dc; + uint8_t *digest; + uint32_t digest_size; + vb2_error_t rv; + + if (sig->data_size > size) { + VB2_DEBUG("Data buffer smaller than length of signed data.\n"); + return VB2_ERROR_VDATA_NOT_ENOUGH_DATA; + } + + /* Digest goes at start of work buffer */ + digest_size = vb2_digest_size(key->hash_alg); + if (!digest_size) + return VB2_ERROR_VDATA_DIGEST_SIZE; + + digest = vb2_workbuf_alloc(&wblocal, digest_size); + if (!digest) + return VB2_ERROR_VDATA_WORKBUF_DIGEST; + + /* Hashing requires temp space for the context */ + dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc)); + if (!dc) + return VB2_ERROR_VDATA_WORKBUF_HASHING; + + rv = vb2_digest_init(dc, key->hash_alg); + if (rv) + return rv; + + rv = vb2_digest_extend(dc, data, sig->data_size); + if (rv) + return rv; + + rv = vb2_digest_finalize(dc, digest, digest_size); + if (rv) + return rv; + + vb2_workbuf_free(&wblocal, sizeof(*dc)); + + return vb2_verify_digest(key, sig, digest, &wblocal); +} + +vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, + const struct vb2_signature *sig) +{ + if(size < sizeof(*block)) { + VB2_DEBUG("Not enough space for keyblock header.\n"); + return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER; + } + + if (memcmp(block->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE)) { + VB2_DEBUG("Not a valid verified boot keyblock.\n"); + return VB2_ERROR_KEYBLOCK_MAGIC; + } + + if (block->header_version_major != VB2_KEYBLOCK_VERSION_MAJOR) { + VB2_DEBUG("Incompatible keyblock header version.\n"); + return VB2_ERROR_KEYBLOCK_HEADER_VERSION; + } + + if (size < block->keyblock_size) { + VB2_DEBUG("Not enough data for keyblock.\n"); + return VB2_ERROR_KEYBLOCK_SIZE; + } + + if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) { + VB2_DEBUG("Keyblock signature off end of block\n"); + return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE; + } + + /* Make sure advertised signature data sizes are sane. */ + if (block->keyblock_size < sig->data_size) { + VB2_DEBUG("Signature calculated past end of block\n"); + return VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH; + } + + /* Verify we signed enough data */ + if (sig->data_size < sizeof(struct vb2_keyblock)) { + VB2_DEBUG("Didn't sign enough data\n"); + return VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE; + } + + /* Verify data key is inside the block and inside signed data */ + if (vb2_verify_packed_key_inside(block, block->keyblock_size, + &block->data_key)) { + VB2_DEBUG("Data key off end of keyblock\n"); + return VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE; + } + if (vb2_verify_packed_key_inside(block, sig->data_size, + &block->data_key)) { + VB2_DEBUG("Data key off end of signed data\n"); + return VB2_ERROR_KEYBLOCK_DATA_KEY_UNSIGNED; + } + + return VB2_SUCCESS; +} + +vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb) +{ + struct vb2_signature *sig = &block->keyblock_signature; + vb2_error_t rv; + + /* Sanity check keyblock before attempting signature check of data */ + rv = vb2_check_keyblock(block, size, sig); + if (rv) + return rv; + + VB2_DEBUG("Checking keyblock signature...\n"); + rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb); + if (rv) { + VB2_DEBUG("Invalid keyblock signature.\n"); + return VB2_ERROR_KEYBLOCK_SIG_INVALID; + } + + /* Success */ + return VB2_SUCCESS; +} + +vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, + uint32_t size, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb) +{ + struct vb2_signature *sig = &preamble->preamble_signature; + + VB2_DEBUG("Verifying preamble.\n"); + + /* Sanity checks before attempting signature of data */ + if(size < sizeof(*preamble)) { + VB2_DEBUG("Not enough data for preamble header\n"); + return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER; + } + if (preamble->header_version_major != + VB2_FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) { + VB2_DEBUG("Incompatible firmware preamble header version.\n"); + return VB2_ERROR_PREAMBLE_HEADER_VERSION; + } + + if (preamble->header_version_minor < 1) { + VB2_DEBUG("Only preamble header 2.1+ supported\n"); + return VB2_ERROR_PREAMBLE_HEADER_OLD; + } + + if (size < preamble->preamble_size) { + VB2_DEBUG("Not enough data for preamble.\n"); + return VB2_ERROR_PREAMBLE_SIZE; + } + + /* Check signature */ + if (vb2_verify_signature_inside(preamble, preamble->preamble_size, + sig)) { + VB2_DEBUG("Preamble signature off end of preamble\n"); + return VB2_ERROR_PREAMBLE_SIG_OUTSIDE; + } + + /* Make sure advertised signature data sizes are sane. */ + if (preamble->preamble_size < sig->data_size) { + VB2_DEBUG("Signature calculated past end of the block\n"); + return VB2_ERROR_PREAMBLE_SIGNED_TOO_MUCH; + } + + if (vb2_verify_data((const uint8_t *)preamble, size, sig, key, wb)) { + VB2_DEBUG("Preamble signature validation failed\n"); + return VB2_ERROR_PREAMBLE_SIG_INVALID; + } + + /* Verify we signed enough data */ + if (sig->data_size < sizeof(struct vb2_fw_preamble)) { + VB2_DEBUG("Didn't sign enough data\n"); + return VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE; + } + + /* Verify body signature is inside the signed data */ + if (vb2_verify_signature_inside(preamble, sig->data_size, + &preamble->body_signature)) { + VB2_DEBUG("Firmware body signature off end of preamble\n"); + return VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE; + } + + /* Verify kernel subkey is inside the signed data */ + if (vb2_verify_packed_key_inside(preamble, sig->data_size, + &preamble->kernel_subkey)) { + VB2_DEBUG("Kernel subkey off end of preamble\n"); + return VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE; + } + + /* Success */ + return VB2_SUCCESS; +} diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 9177da71..0e49576f 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -349,4 +349,80 @@ static inline vb2_error_t vb2_verify_signature_inside( sig->sig_offset, sig->sig_size); } +/** + * Verify a signature against an expected hash digest. + * + * @param key Key to use in signature verification + * @param sig Signature to verify (may be destroyed in process) + * @param digest Digest of signed data + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb2_verify_digest(const struct vb2_public_key *key, + struct vb2_signature *sig, const uint8_t *digest, + const struct vb2_workbuf *wb); + +/** + * Verify data matches signature. + * + * @param data Data to verify + * @param size Size of data buffer. Note that amount of data to + * actually validate is contained in sig->data_size. + * @param sig Signature of data (destroyed in process) + * @param key Key to use to validate signature + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, + struct vb2_signature *sig, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + +/** + * Check the sanity of a keyblock structure. + * + * Verifies all the header fields. Does not verify key index or keyblock + * flags. Should be called before verifying the keyblock data itself using + * the key. (This function does not itself verify the signature - just that + * the right amount of data is claimed to be signed.) + * + * @param block Keyblock to verify + * @param size Size of keyblock buffer + * @param sig Which signature inside the keyblock to use + */ +vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, + const struct vb2_signature *sig); + +/** + * Verify a keyblock using a public key. + * + * Header fields are also checked for sanity. Does not verify key index or key + * block flags. Signature inside block is destroyed during check. + * + * @param block Keyblock to verify + * @param size Size of keyblock buffer + * @param key Key to use to verify block + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + +/** + * Check the sanity of a firmware preamble using a public key. + * + * The signature in the preamble is destroyed during the check. + * + * @param preamble Preamble to verify + * @param size Size of preamble buffer + * @param key Key to use to verify preamble + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, + uint32_t size, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + #endif /* VBOOT_REFERENCE_2COMMON_H_ */ diff --git a/firmware/lib20/common.c b/firmware/lib20/common.c deleted file mode 100644 index d0cc8553..00000000 --- a/firmware/lib20/common.c +++ /dev/null @@ -1,228 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Common functions between firmware and kernel verified boot. - * (Firmware portion) - */ - -#include "2rsa.h" -#include "2sha.h" -#include "2sysincludes.h" -#include "vb2_common.h" - -vb2_error_t vb2_verify_digest(const struct vb2_public_key *key, - struct vb2_signature *sig, const uint8_t *digest, - const struct vb2_workbuf *wb) -{ - /* A signature is destroyed in the process of being verified. */ - uint8_t *sig_data = vb2_signature_data_mutable(sig); - - if (sig->sig_size != vb2_rsa_sig_size(key->sig_alg)) { - VB2_DEBUG("Wrong data signature size for algorithm, " - "sig_size=%d, expected %d for algorithm %d.\n", - sig->sig_size, vb2_rsa_sig_size(key->sig_alg), - key->sig_alg); - return VB2_ERROR_VDATA_SIG_SIZE; - } - - return vb2_rsa_verify_digest(key, sig_data, digest, wb); -} - -vb2_error_t vb2_verify_data(const uint8_t *data, - uint32_t size, - struct vb2_signature *sig, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - struct vb2_workbuf wblocal = *wb; - struct vb2_digest_context *dc; - uint8_t *digest; - uint32_t digest_size; - vb2_error_t rv; - - if (sig->data_size > size) { - VB2_DEBUG("Data buffer smaller than length of signed data.\n"); - return VB2_ERROR_VDATA_NOT_ENOUGH_DATA; - } - - /* Digest goes at start of work buffer */ - digest_size = vb2_digest_size(key->hash_alg); - if (!digest_size) - return VB2_ERROR_VDATA_DIGEST_SIZE; - - digest = vb2_workbuf_alloc(&wblocal, digest_size); - if (!digest) - return VB2_ERROR_VDATA_WORKBUF_DIGEST; - - /* Hashing requires temp space for the context */ - dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc)); - if (!dc) - return VB2_ERROR_VDATA_WORKBUF_HASHING; - - rv = vb2_digest_init(dc, key->hash_alg); - if (rv) - return rv; - - rv = vb2_digest_extend(dc, data, sig->data_size); - if (rv) - return rv; - - rv = vb2_digest_finalize(dc, digest, digest_size); - if (rv) - return rv; - - vb2_workbuf_free(&wblocal, sizeof(*dc)); - - return vb2_verify_digest(key, sig, digest, &wblocal); -} - -vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, - const struct vb2_signature *sig) -{ - if(size < sizeof(*block)) { - VB2_DEBUG("Not enough space for keyblock header.\n"); - return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER; - } - - if (memcmp(block->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE)) { - VB2_DEBUG("Not a valid verified boot keyblock.\n"); - return VB2_ERROR_KEYBLOCK_MAGIC; - } - - if (block->header_version_major != VB2_KEYBLOCK_VERSION_MAJOR) { - VB2_DEBUG("Incompatible keyblock header version.\n"); - return VB2_ERROR_KEYBLOCK_HEADER_VERSION; - } - - if (size < block->keyblock_size) { - VB2_DEBUG("Not enough data for keyblock.\n"); - return VB2_ERROR_KEYBLOCK_SIZE; - } - - if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) { - VB2_DEBUG("Keyblock signature off end of block\n"); - return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE; - } - - /* Make sure advertised signature data sizes are sane. */ - if (block->keyblock_size < sig->data_size) { - VB2_DEBUG("Signature calculated past end of block\n"); - return VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH; - } - - /* Verify we signed enough data */ - if (sig->data_size < sizeof(struct vb2_keyblock)) { - VB2_DEBUG("Didn't sign enough data\n"); - return VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE; - } - - /* Verify data key is inside the block and inside signed data */ - if (vb2_verify_packed_key_inside(block, block->keyblock_size, - &block->data_key)) { - VB2_DEBUG("Data key off end of keyblock\n"); - return VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE; - } - if (vb2_verify_packed_key_inside(block, sig->data_size, - &block->data_key)) { - VB2_DEBUG("Data key off end of signed data\n"); - return VB2_ERROR_KEYBLOCK_DATA_KEY_UNSIGNED; - } - - return VB2_SUCCESS; -} - -vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - struct vb2_signature *sig = &block->keyblock_signature; - vb2_error_t rv; - - /* Sanity check keyblock before attempting signature check of data */ - rv = vb2_check_keyblock(block, size, sig); - if (rv) - return rv; - - VB2_DEBUG("Checking keyblock signature...\n"); - rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb); - if (rv) { - VB2_DEBUG("Invalid keyblock signature.\n"); - return VB2_ERROR_KEYBLOCK_SIG_INVALID; - } - - /* Success */ - return VB2_SUCCESS; -} - -vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - struct vb2_signature *sig = &preamble->preamble_signature; - - VB2_DEBUG("Verifying preamble.\n"); - - /* Sanity checks before attempting signature of data */ - if(size < sizeof(*preamble)) { - VB2_DEBUG("Not enough data for preamble header\n"); - return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER; - } - if (preamble->header_version_major != - VB2_FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) { - VB2_DEBUG("Incompatible firmware preamble header version.\n"); - return VB2_ERROR_PREAMBLE_HEADER_VERSION; - } - - if (preamble->header_version_minor < 1) { - VB2_DEBUG("Only preamble header 2.1+ supported\n"); - return VB2_ERROR_PREAMBLE_HEADER_OLD; - } - - if (size < preamble->preamble_size) { - VB2_DEBUG("Not enough data for preamble.\n"); - return VB2_ERROR_PREAMBLE_SIZE; - } - - /* Check signature */ - if (vb2_verify_signature_inside(preamble, preamble->preamble_size, - sig)) { - VB2_DEBUG("Preamble signature off end of preamble\n"); - return VB2_ERROR_PREAMBLE_SIG_OUTSIDE; - } - - /* Make sure advertised signature data sizes are sane. */ - if (preamble->preamble_size < sig->data_size) { - VB2_DEBUG("Signature calculated past end of the block\n"); - return VB2_ERROR_PREAMBLE_SIGNED_TOO_MUCH; - } - - if (vb2_verify_data((const uint8_t *)preamble, size, sig, key, wb)) { - VB2_DEBUG("Preamble signature validation failed\n"); - return VB2_ERROR_PREAMBLE_SIG_INVALID; - } - - /* Verify we signed enough data */ - if (sig->data_size < sizeof(struct vb2_fw_preamble)) { - VB2_DEBUG("Didn't sign enough data\n"); - return VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE; - } - - /* Verify body signature is inside the signed data */ - if (vb2_verify_signature_inside(preamble, sig->data_size, - &preamble->body_signature)) { - VB2_DEBUG("Firmware body signature off end of preamble\n"); - return VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE; - } - - /* Verify kernel subkey is inside the signed data */ - if (vb2_verify_packed_key_inside(preamble, sig->data_size, - &preamble->kernel_subkey)) { - VB2_DEBUG("Kernel subkey off end of preamble\n"); - return VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE; - } - - /* Success */ - return VB2_SUCCESS; -} diff --git a/firmware/lib20/include/vb2_common.h b/firmware/lib20/include/vb2_common.h index 9e2c40d9..20e0014d 100644 --- a/firmware/lib20/include/vb2_common.h +++ b/firmware/lib20/include/vb2_common.h @@ -46,66 +46,6 @@ vb2_error_t vb2_unpack_key(struct vb2_public_key *key, const struct vb2_packed_key *packed_key); /** - * Verify a signature against an expected hash digest. - * - * @param key Key to use in signature verification - * @param sig Signature to verify (may be destroyed in process) - * @param digest Digest of signed data - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb2_verify_digest(const struct vb2_public_key *key, - struct vb2_signature *sig, const uint8_t *digest, - const struct vb2_workbuf *wb); - -/** - * Verify data matches signature. - * - * @param data Data to verify - * @param size Size of data buffer. Note that amount of data to - * actually validate is contained in sig->data_size. - * @param sig Signature of data (destroyed in process) - * @param key Key to use to validate signature - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, - struct vb2_signature *sig, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - -/** - * Check the sanity of a keyblock structure. - * - * Verifies all the header fields. Does not verify key index or keyblock - * flags. Should be called before verifying the keyblock data itself using - * the key. (This function does not itself verify the signature - just that - * the right amount of data is claimed to be signed.) - * - * @param block Keyblock to verify - * @param size Size of keyblock buffer - * @param sig Which signature inside the keyblock to use - */ -vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, - const struct vb2_signature *sig); - -/** - * Verify a keyblock using a public key. - * - * Header fields are also checked for sanity. Does not verify key index or key - * block flags. Signature inside block is destroyed during check. - * - * @param block Keyblock to verify - * @param size Size of keyblock buffer - * @param key Key to use to verify block - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - -/** * Verify a keyblock using its hash. * * Header fields are also checked for sanity. Does not verify key index or key @@ -122,22 +62,6 @@ vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block, const struct vb2_workbuf *wb); /** - * Check the sanity of a firmware preamble using a public key. - * - * The signature in the preamble is destroyed during the check. - * - * @param preamble Preamble to verify - * @param size Size of preamble buffer - * @param key Key to use to verify preamble - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - -/** * Check the sanity of a kernel preamble using a public key. * * The signature in the preamble is destroyed during the check. diff --git a/tests/vb20_common_tests.c b/tests/vb20_common_tests.c deleted file mode 100644 index 17ffe670..00000000 --- a/tests/vb20_common_tests.c +++ /dev/null @@ -1,29 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for firmware 2common.c - */ - -#include "2sysincludes.h" -#include "test_common.h" -#include "vb2_common.h" - -/* - * Test struct packing for vboot_struct.h structs which are passed between - * firmware and OS, or passed between different phases of firmware. - */ -static void test_struct_packing(void) -{ - /* Test vboot2 versions of vboot1 structs */ - TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE, - sizeof(struct vb2_fw_preamble), - "sizeof(vb2_fw_preamble)"); -} - -int main(int argc, char* argv[]) -{ - test_struct_packing(); - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vb20_common2_tests.c b/tests/vb2_common2_tests.c index 4f68f9b8..4f68f9b8 100644 --- a/tests/vb20_common2_tests.c +++ b/tests/vb2_common2_tests.c diff --git a/tests/vb20_common3_tests.c b/tests/vb2_common3_tests.c index 42192225..42192225 100644 --- a/tests/vb20_common3_tests.c +++ b/tests/vb2_common3_tests.c |