diff options
author | Randall Spangler <rspangler@chromium.org> | 2014-12-03 12:29:37 -0800 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-12-04 09:46:43 +0000 |
commit | 6f1b82ac14f341d9733d6e95d518b3ee352002ef (patch) | |
tree | 0d37f86365c8324416e42f1ce5cd3969de54a178 /firmware/2lib/include | |
parent | fe2714923b986bc461b692d45c1b5eb1b469ddc4 (diff) | |
download | vboot-6f1b82ac14f341d9733d6e95d518b3ee352002ef.tar.gz |
vboot2: Move old struct handling to lib20/
This is part 4 of a series of changes to rearrange the vboot2 library
so that it's possible to start using the new-style data structs. This
change moves knowledge of the old vboot1 data structs into lib20; 2lib
now contains only code which is common to both vboot2.x libraries
(that is, code which is data structure version agnostic).
No functional changes; just rearranging code and tests.
BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag)
And compile firmware for veyron_pinky
CQ-DEPEND=CL:233051
Change-Id: I8f9e67157575e5be14952ef4809c3dfafd92596d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233021
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'firmware/2lib/include')
-rw-r--r-- | firmware/2lib/include/2common.h | 230 | ||||
-rw-r--r-- | firmware/2lib/include/2misc.h | 1 | ||||
-rw-r--r-- | firmware/2lib/include/2struct.h | 172 |
3 files changed, 3 insertions, 400 deletions
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 672bd00c..06d0ee0f 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -146,172 +146,6 @@ int vb2_align(uint8_t **ptr, */ ptrdiff_t vb2_offset_of(const void *base, const void *ptr); -/* - * Helper functions to get data pointed to by a public key or signature. - */ - -const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key); -uint8_t *vb2_signature_data(struct vb2_signature *sig); - -/** - * Verify the data pointed to by a subfield is inside the parent data. - * - * The subfield has a header pointed to by member, and a separate data - * field at an offset relative to the header. That is: - * - * struct parent { - * (possibly other parent fields) - * struct member { - * (member header fields) - * }; - * (possibly other parent fields) - * }; - * (possibly some other parent data) - * (member data) - * (possibly some other parent data) - * - * @param parent Parent data - * @param parent_size Parent size in bytes - * @param member Subfield header - * @param member_size Size of subfield header in bytes - * @param member_data_offset Offset of member data from start of member - * @param member_data_size Size of member data in bytes - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_member_inside(const void *parent, size_t parent_size, - const void *member, size_t member_size, - ptrdiff_t member_data_offset, - size_t member_data_size); - -/** - * Return the description of an object starting with a vb2_struct_common header. - * - * Does not sanity-check the buffer; merely returns the pointer. - * - * @param buf Pointer to common object - * @return A pointer to description or an empty string if none. - */ -const char *vb2_common_desc(const void *buf); - -/** - * Verify the common struct header is fully contained in its parent data - * - * Also verifies the description is either zero-length or null-terminated. - * - * @param parent Parent data - * @param parent_size Parent size in bytes - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_common_header(const void *parent, uint32_t parent_size); - -/** - * Verify a member is within the data for a parent object - * - * @param parent Parent data (starts with struct vb2_struct_common) - * @param min_offset Pointer to minimum offset where member can be located. - * If this offset is 0 on input, uses the size of the - * fixed header (and description, if any). This will be - * updated on return to the end of the passed member. On - * error, the value of min_offset is undefined. - * @param member_offset Offset of member data from start of parent, in bytes - * @param member_size Size of member data, in bytes - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_common_member(const void *parent, - uint32_t *min_offset, - uint32_t member_offset, - uint32_t member_size); - -/** - * Verify a member which starts with a common header is within the parent - * - * This does not verify the contents of the member or its header, only that the - * member's claimed total size fits within the parent's claimed total size at - * the specified offset. - * - * @param parent Parent data (starts with struct vb2_struct_common) - * @param min_offset Pointer to minimum offset where member can be located. - * If this offset is 0 on input, uses the size of the - * fixed header (and description, if any). This will be - * updated on return to the end of the passed member. On - * error, the value of min_offset is undefined. - * @param member_offset Offset of member data from start of parent, in bytes. - * This should be the start of the common header of the - * member. - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_common_subobject(const void *parent, - uint32_t *min_offset, - uint32_t member_offset); - -/** - * Verify a signature is fully contained in its parent data - * - * @param parent Parent data - * @param parent_size Parent size in bytes - * @param sig Signature pointer - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_signature_inside(const void *parent, - uint32_t parent_size, - const struct vb2_signature *sig); - -/** - * Verify a packed key is fully contained in its parent data - * - * @param parent Parent data - * @param parent_size Parent size in bytes - * @param key Packed key pointer - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_packed_key_inside(const void *parent, - uint32_t parent_size, - const struct vb2_packed_key *key); - -/** - * Unpack a vboot1-format key for use in verification - * - * The elements of the unpacked key will point into the source buffer, so don't - * free the source buffer until you're done with the key. - * - * @param key Destintion for unpacked key - * @param buf Source buffer containing packed key - * @param size Size of buffer in bytes - * @return VB2_SUCCESS, or non-zero error code if error. - */ -int vb2_unpack_key(struct vb2_public_key *key, - const uint8_t *buf, - uint32_t size); - -/** - * Unpack a key for use in verification - * - * The elements of the unpacked key will point into the source buffer, so don't - * free the source buffer until you're done with the key. - * - * @param key Destintion for unpacked key - * @param buf Source buffer containing packed key - * @param size Size of buffer in bytes - * @return VB2_SUCCESS, or non-zero error code if error. - */ -int vb2_unpack_key2(struct vb2_public_key *key, - const uint8_t *buf, - uint32_t size); - -/** - * Unpack the RSA data fields for a public key - * - * This is called by vb2_unpack_key2() to extract the arrays from a packed key. - * These elements of *key will point inside the key_data buffer. - * - * @param key Destination key for RSA data fields - * @param key_data Packed key data (from inside a packed key buffer) - * @param key_size Size of packed key data in bytes - */ -int vb2_unpack_key2_data(struct vb2_public_key *key, - const uint8_t *key_data, - uint32_t key_size); - /** * Return expected signature size for a signature/hash algorithm pair * @@ -337,20 +171,6 @@ const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg); */ #define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES -/** - * Verify a signature against an expected hash digest. - * - * @param key Key to use in signature verification - * @param sig Signature to verify (may be destroyed in process) - * @param digest Digest of signed data - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero if error. - */ -int vb2_verify_digest(const struct vb2_public_key *key, - struct vb2_signature *sig, - const uint8_t *digest, - const struct vb2_workbuf *wb); - /* * Size of work buffer sufficient for vb2_verify_data() or vb2_verify_data2() * worst case. @@ -360,66 +180,16 @@ int vb2_verify_digest(const struct vb2_public_key *key, VB2_MAX(VB2_VERIFY_DIGEST_WORKBUF_BYTES, \ sizeof(struct vb2_digest_context))) -/** - * Verify data matches signature. - * - * @param data Data to verify - * @param size Size of data buffer. Note that amount of data to - * actually validate is contained in sig->data_size. - * @param sig Signature of data (destroyed in process) - * @param key Key to use to validate signature - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -int vb2_verify_data(const uint8_t *data, - uint32_t size, - struct vb2_signature *sig, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - /* * Size of work buffer sufficient for vb2_verify_keyblock() or * vb2_verify_keyblock2() worst case. */ #define VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES -/** - * Check the sanity of a key block using a public key. - * - * Header fields are also checked for sanity. Does not verify key index or key - * block flags. Signature inside block is destroyed during check. - * - * @param block Key block to verify - * @param size Size of key block buffer - * @param key Key to use to verify block - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -int vb2_verify_keyblock(struct vb2_keyblock *block, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - /* * Size of work buffer sufficient for vb2_verify_fw_preamble() or * vb2_verify_fw_preamble2() worst case. */ #define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES -/** - * Check the sanity of a firmware preamble using a public key. - * - * The signature in the preamble is destroyed during the check. - * - * @param preamble Preamble to verify - * @param size Size of preamble buffer - * @param key Key to use to verify preamble - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - #endif /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */ diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index 24b32db7..e3d9bec0 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -11,6 +11,7 @@ #include "2api.h" struct vb2_gbb_header; +struct vb2_workbuf; /** * Get the shared data pointer from the vboot context diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index b2b35f24..c8ff2378 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -10,8 +10,6 @@ #define VBOOT_REFERENCE_VBOOT_2STRUCT_H_ #include <stdint.h> -#include "2guid.h" - /* Algorithm types for signatures */ enum vb2_signature_algorithm { /* Invalid or unsupported signature type */ @@ -43,65 +41,10 @@ enum vb2_hash_algorithm { VB2_HASH_SHA512 = 3, }; -/****************************************************************************/ /* - * Vboot1-compatible data structures + * Key block flags. * - * - * Note: Many of the structs have pairs of 32-bit fields and reserved fields. - * This is to be backwards-compatible with older verified boot data which used - * 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields - * should be too). - */ - -/* Packed public key data */ -struct vb2_packed_key { - /* Offset of key data from start of this struct */ - uint32_t key_offset; - uint32_t reserved0; - - /* Size of key data in bytes (NOT strength of key in bits) */ - uint32_t key_size; - uint32_t reserved1; - - /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */ - uint32_t algorithm; - uint32_t reserved2; - - /* Key version */ - uint32_t key_version; - uint32_t reserved3; - - /* TODO: when redoing this struct, add a text description of the key */ -} __attribute__((packed)); - -#define EXPECTED_VB2_PACKED_KEY_SIZE 32 - -/* Signature data (a secure hash, possibly signed) */ -struct vb2_signature { - /* Offset of signature data from start of this struct */ - uint32_t sig_offset; - uint32_t reserved0; - - /* Size of signature data in bytes */ - uint32_t sig_size; - uint32_t reserved1; - - /* Size of the data block which was signed in bytes */ - uint32_t data_size; - uint32_t reserved2; -} __attribute__((packed)); - -#define EXPECTED_VB2_SIGNATURE_SIZE 24 - -#define KEY_BLOCK_MAGIC "CHROMEOS" -#define KEY_BLOCK_MAGIC_SIZE 8 - -#define KEY_BLOCK_HEADER_VERSION_MAJOR 2 -#define KEY_BLOCK_HEADER_VERSION_MINOR 1 - -/* - * The following flags set where the key is valid. Not used by firmware + *The following flags set where the key is valid. Not used by firmware * verification; only kernel verification. */ #define VB2_KEY_BLOCK_FLAG_DEVELOPER_0 0x01 /* Developer switch off */ @@ -109,117 +52,6 @@ struct vb2_signature { #define VB2_KEY_BLOCK_FLAG_RECOVERY_0 0x04 /* Not recovery mode */ #define VB2_KEY_BLOCK_FLAG_RECOVERY_1 0x08 /* Recovery mode */ -/* - * Key block, containing the public key used to sign some other chunk of data. - * - * This should be followed by: - * 1) The data_key key data, pointed to by data_key.key_offset. - * 2) The checksum data for (vb2_keyblock + data_key data), pointed to - * by keyblock_checksum.sig_offset. - * 3) The signature data for (vb2_keyblock + data_key data), pointed to - * by keyblock_signature.sig_offset. - */ -struct vb2_keyblock { - /* Magic number */ - uint8_t magic[KEY_BLOCK_MAGIC_SIZE]; - - /* Version of this header format */ - uint32_t header_version_major; - - /* Version of this header format */ - uint32_t header_version_minor; - - /* - * Length of this entire key block, including keys, signatures, and - * padding, in bytes - */ - uint32_t keyblock_size; - uint32_t reserved0; - - /* - * Signature for this key block (header + data pointed to by data_key) - * For use with signed data keys - */ - struct vb2_signature keyblock_signature; - - /* - * SHA-512 checksum for this key block (header + data pointed to by - * data_key) For use with unsigned data keys. - * - * Note that the vb2 lib currently only supports signed blocks. - */ - struct vb2_signature keyblock_checksum_unused; - - /* Flags for key (VB2_KEY_BLOCK_FLAG_*) */ - uint32_t keyblock_flags; - uint32_t reserved1; - - /* Key to verify the chunk of data */ - struct vb2_packed_key data_key; -} __attribute__((packed)); - -#define EXPECTED_VB2_KEYBLOCK_SIZE 112 - - -/* Firmware preamble header */ -#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2 -#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1 - -/* Flags for VbFirmwarePreambleHeader.flags */ -/* Reserved; do not use */ -#define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001 - -/* Premable block for rewritable firmware, version 2.1. - * - * The firmware preamble header should be followed by: - * 1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset. - * 2) The signature data for the firmware body, pointed to by - * body_signature.sig_offset. - * 3) The signature data for (header + kernel_subkey data + body signature - * data), pointed to by preamble_signature.sig_offset. - */ -struct vb2_fw_preamble { - /* - * Size of this preamble, including keys, signatures, and padding, in - * bytes - */ - uint32_t preamble_size; - uint32_t reserved0; - - /* - * Signature for this preamble (header + kernel subkey + body - * signature) - */ - struct vb2_signature preamble_signature; - - /* Version of this header format */ - uint32_t header_version_major; - uint32_t header_version_minor; - - /* Firmware version */ - uint32_t firmware_version; - uint32_t reserved1; - - /* Key to verify kernel key block */ - struct vb2_packed_key kernel_subkey; - - /* Signature for the firmware body */ - struct vb2_signature body_signature; - - /* - * Fields added in header version 2.1. You must verify the header - * version before reading these fields! - */ - - /* - * Flags; see VB2_FIRMWARE_PREAMBLE_*. Readers should return 0 for - * header version < 2.1. - */ - uint32_t flags; -} __attribute__((packed)); - -#define EXPECTED_VB2_FW_PREAMBLE_SIZE 108 - /****************************************************************************/ /* Flags for vb2_shared_data.flags */ |