vboot2: api-level routines

I'm breaking the last chunk of vboot2 into smaller pieces as I add
tests.  This has the api-level routines actually called by depthcharge.

BUG=chromium:370082
BRANCH=none
TEST=make clean && VBOOT2=1 COV=1 make

Change-Id: Ic7c082fc5faa0b874b2fa5a15ebda7135dcafe0b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/200151
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

3 files changed, 491 insertions, 7 deletions

diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
new file mode 100644
index 00000000..0138669d
--- /dev/null
+++ b/firmware/2lib/2api.c
@@ -0,0 +1,295 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Externally-callable APIs
+ * (Firmware portion)
+ */
+
+#include "2sysincludes.h"
+#include "2api.h"
+#include "2common.h"
+#include "2misc.h"
+#include "2nvstorage.h"
+#include "2secdata.h"
+#include "2sha.h"
+#include "2rsa.h"
+
+int vb2api_secdata_check(const struct vb2_context *ctx)
+{
+	return vb2_secdata_check_crc(ctx);
+}
+
+int vb2api_secdata_create(struct vb2_context *ctx)
+{
+	return vb2_secdata_create(ctx);
+}
+
+void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode)
+{
+	/* Initialize the vboot context if it hasn't been yet */
+	vb2_init_context(ctx);
+
+	vb2_fail(ctx, reason, subcode);
+}
+
+int vb2api_fw_phase1(struct vb2_context *ctx)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	int rv;
+
+	/* Initialize the vboot context if it hasn't been yet */
+	vb2_init_context(ctx);
+
+	/* Initialize NV context */
+	vb2_nv_init(ctx);
+
+	/* Initialize secure data */
+	rv = vb2_secdata_init(ctx);
+	if (rv)
+		sd->recovery_reason = VB2_RECOVERY_SECDATA_INIT;
+
+	/*
+	 * Check for recovery.  Note that this function returns void, since
+	 * any errors result in requesting recovery.
+	 */
+	vb2_check_recovery(ctx);
+
+	/* Return error if recovery is needed */
+	if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
+		/* Always clear RAM when entering recovery mode */
+		ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
+
+		return VB2_ERROR_API_PHASE1_RECOVERY;
+	}
+
+	return VB2_SUCCESS;
+}
+
+int vb2api_fw_phase2(struct vb2_context *ctx)
+{
+	int rv;
+
+	/* Load and parse the GBB header */
+	rv = vb2_fw_parse_gbb(ctx);
+	if (rv) {
+		vb2_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv);
+		return rv;
+	}
+
+	/* Check for dev switch */
+	rv = vb2_check_dev_switch(ctx);
+	if (rv) {
+		vb2_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv);
+		return rv;
+	}
+
+	/* Always clear RAM when entering developer mode */
+	if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
+		ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
+
+	/* Check for explicit request to clear TPM */
+	rv = vb2_check_tpm_clear(ctx);
+	if (rv) {
+		vb2_fail(ctx, VB2_RECOVERY_TPM_CLEAR_OWNER, rv);
+		return rv;
+	}
+
+	/* Decide which firmware slot to try this boot */
+	rv = vb2_select_fw_slot(ctx);
+	if (rv) {
+		vb2_fail(ctx, VB2_RECOVERY_FW_SLOT, rv);
+		return rv;
+	}
+
+	return VB2_SUCCESS;
+}
+
+int vb2api_fw_phase3(struct vb2_context *ctx)
+{
+	int rv;
+
+	/* Verify firmware keyblock */
+	rv = vb2_verify_fw_keyblock(ctx);
+	if (rv) {
+		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
+		return rv;
+	}
+
+	/* Verify firmware preamble */
+	rv = vb2_verify_fw_preamble2(ctx);
+	if (rv) {
+		vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
+		return rv;
+	}
+
+	return VB2_SUCCESS;
+}
+
+int vb2api_init_hash(struct vb2_context *ctx, uint32_t tag, uint32_t *size)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	const struct vb2_fw_preamble *pre;
+	struct vb2_digest_context *dc;
+	struct vb2_public_key key;
+	struct vb2_workbuf wb;
+	int rv;
+
+	vb2_workbuf_from_ctx(ctx, &wb);
+
+	if (tag == VB2_HASH_TAG_INVALID)
+		return VB2_ERROR_API_INIT_HASH_TAG;
+
+	/* Get preamble pointer */
+	if (!sd->workbuf_preamble_size)
+		return VB2_ERROR_API_INIT_HASH_PREAMBLE;
+	pre = (const struct vb2_fw_preamble *)
+		(ctx->workbuf + sd->workbuf_preamble_offset);
+
+	/* For now, we only support the firmware body tag */
+	if (tag != VB2_HASH_TAG_FW_BODY)
+		return VB2_ERROR_API_INIT_HASH_TAG;
+
+	/* Allocate workbuf space for the hash */
+	if (sd->workbuf_hash_size) {
+		dc = (struct vb2_digest_context *)
+			(ctx->workbuf + sd->workbuf_hash_offset);
+	} else {
+		uint32_t dig_size = sizeof(*dc);
+
+		dc = vb2_workbuf_alloc(&wb, dig_size);
+		if (!dc)
+			return VB2_ERROR_API_INIT_HASH_WORKBUF;
+
+		sd->workbuf_hash_offset = vb2_offset_of(ctx->workbuf, dc);
+		sd->workbuf_hash_size = dig_size;
+		ctx->workbuf_used = sd->workbuf_hash_offset + dig_size;
+	}
+
+	/*
+	 * Unpack the firmware data key to see which hashing algorithm we
+	 * should use.
+	 *
+	 * TODO: really, the firmware body should be hashed, and not signed,
+	 * because the signature we're checking is already signed as part of
+	 * the firmware preamble.  But until we can change the signing scripts,
+	 * we're stuck with a signature here instead of a hash.
+	 */
+	if (!sd->workbuf_data_key_size)
+		return VB2_ERROR_API_INIT_HASH_DATA_KEY;
+
+	rv = vb2_unpack_key(&key,
+			    ctx->workbuf + sd->workbuf_data_key_offset,
+			    sd->workbuf_data_key_size);
+	if (rv)
+		return rv;
+
+	sd->hash_tag = tag;
+	sd->hash_remaining_size = pre->body_signature.data_size;
+
+	if (size)
+		*size = pre->body_signature.data_size;
+
+	return vb2_digest_init(dc, key.algorithm);
+}
+
+int vb2api_extend_hash(struct vb2_context *ctx,
+		       const void *buf,
+		       uint32_t size)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	struct vb2_digest_context *dc = (struct vb2_digest_context *)
+		(ctx->workbuf + sd->workbuf_hash_offset);
+
+	/* Must have initialized hash digest work area */
+	if (!sd->workbuf_hash_size)
+		return VB2_ERROR_API_EXTEND_HASH_WORKBUF;
+
+	/* Don't extend past the data we expect to hash */
+	if (!size || size > sd->hash_remaining_size)
+		return VB2_ERROR_API_EXTEND_HASH_SIZE;
+
+	sd->hash_remaining_size -= size;
+
+	return vb2_digest_extend(dc, buf, size);
+}
+
+int vb2api_check_hash(struct vb2_context *ctx)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	struct vb2_digest_context *dc = (struct vb2_digest_context *)
+		(ctx->workbuf + sd->workbuf_hash_offset);
+	struct vb2_workbuf wb;
+
+	uint8_t *digest;
+	uint32_t digest_size = vb2_digest_size(dc->algorithm);
+
+	struct vb2_fw_preamble *pre;
+	struct vb2_public_key key;
+	int rv;
+
+	vb2_workbuf_from_ctx(ctx, &wb);
+
+	/* Get preamble pointer */
+	if (!sd->workbuf_preamble_size)
+		return VB2_ERROR_API_CHECK_HASH_PREAMBLE;
+	pre = (struct vb2_fw_preamble *)
+		(ctx->workbuf + sd->workbuf_preamble_offset);
+
+	/* Must have initialized hash digest work area */
+	if (!sd->workbuf_hash_size)
+		return VB2_ERROR_API_CHECK_HASH_WORKBUF;
+
+	/* Should have hashed the right amount of data */
+	if (sd->hash_remaining_size)
+		return VB2_ERROR_API_CHECK_HASH_SIZE;
+
+	/* Allocate the digest */
+	digest = vb2_workbuf_alloc(&wb, digest_size);
+	if (!digest)
+		return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST;
+
+	/* Finalize the digest */
+	rv = vb2_digest_finalize(dc, digest, digest_size);
+	if (rv)
+		return rv;
+
+	/* The code below is specific to the body signature */
+	if (sd->hash_tag != VB2_HASH_TAG_FW_BODY)
+		return VB2_ERROR_API_CHECK_HASH_TAG;
+
+	/*
+	 * The body signature is currently a *signature* of the body data, not
+	 * just its hash.  So we need to verify the signature.
+	 */
+
+	/* Unpack the data key */
+	if (!sd->workbuf_data_key_size)
+		return VB2_ERROR_API_CHECK_HASH_DATA_KEY;
+
+	rv = vb2_unpack_key(&key,
+			    ctx->workbuf + sd->workbuf_data_key_offset,
+			    sd->workbuf_data_key_size);
+	if (rv)
+		return rv;
+
+	/* Make sure body signature is the right size */
+	if (pre->body_signature.sig_size != vb2_rsa_sig_size(key.algorithm)) {
+		VB2_DEBUG("Wrong data signature size for algorithm, "
+			  "sig_size=%d, expected %d for algorithm %d.\n",
+			 (int)pre->body_signature.sig_size,
+			  vb2_rsa_sig_size(key.algorithm),
+			  key.algorithm);
+		return VB2_ERROR_API_CHECK_HASH_SIG_SIZE;
+	}
+
+	/*
+	 * Check digest vs. signature.  Note that this destroys the signature.
+	 * That's ok, because we only check each signature once per boot.
+	 */
+	rv = vb2_verify_digest(&key,
+			       vb2_signature_data(&pre->body_signature),
+			       digest,
+			       &wb);
+	return rv;
+}
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 3a4772b3..7e95d24b 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -156,6 +156,195 @@ enum vb2_resource_index {
 	VB2_RES_FW_VBLOCK,
 };
 
+/******************************************************************************
+ * APIs provided by verified boot.
+ *
+ * At a high level, call functions in the order described below.  After each
+ * call, examine vb2_context.flags to determine whether nvdata or secdata
+ * needs to be written.
+ *
+ * If you need to cause the boot process to fail at any point, call
+ * vb2api_fail().  Then check vb2_context.flags to see what data needs to be
+ * written.  Then reboot.
+ *
+ *	Load nvdata from wherever you keep it.
+ *
+ *	Load secdata from wherever you keep it.
+ *
+ *      	If it wasn't there at all (for example, this is the first boot
+ *		of a new system in the factory), call vb2api_secdata_create()
+ *		to initialize the data.
+ *
+ *		If access to your storage is unreliable (reads/writes may
+ *		contain corrupt data), you may call vb2api_secdata_check() to
+ *		determine if the data was valid, and retry reading if it
+ *		wasn't.  (In that case, you should also read back and check the
+ *		data after any time you write it, to make sure it was written
+ *		correctly.)
+ *
+ *	Call vb2api_fw_phase1().  At present, this nominally decides whether
+ *	recovery mode is needed this boot.
+ *
+ *	Call vb2api_fw_phase2().  At present, this nominally decides which
+ *	firmware slot will be attempted (A or B).
+ *
+ *	Call vb2api_fw_phase3().  At present, this nominally verifies the
+ *	firmware keyblock and preamble.
+ *
+ *	Lock down wherever you keep secdata.  It should no longer be writable
+ *	this boot.
+ *
+ *	Verify the hash of each section of code/data you need to boot the RW
+ *	firmware.  For each section:
+ *
+ *		Call vb2_init_hash() to see if the hash exists.
+ *
+ *		Load the data for the section.  Call vb2_extend_hash() on the
+ *		data as you load it.  You can load it all at once and make one
+ *		call, or load and hash-extend a block at a time.
+ *
+ *		Call vb2_check_hash() to see if the hash is valid.
+ *
+ *			If it is valid, you may use the data and/or execute
+ *			code from that section.
+ *
+ *			If the hash was invalid, you must reboot.
+ *
+ * At this point, firmware verification is done, and vb2_context contains the
+ * kernel key needed to verify the kernel.  That context should be preserved
+ * and passed on to kernel selection.  For now, that requires translating it
+ * into the old VbSharedData format (via a func which does not yet exist...)
+ */
+
+/**
+ * Sanity-check the contents of the secure storage context.
+ *
+ * Use this if reading from secure storage may be flaky, and you want to retry
+ * reading it several times.
+ *
+ * This may be called before vb2api_phase1().
+ *
+ * @param ctx		Context pointer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+int vb2api_secdata_check(const struct vb2_context *ctx);
+
+/**
+ * Create fresh data in the secure storage context.
+ *
+ * Use this only when initializing the secure storage context on a new machine
+ * the first time it boots.  Do NOT simply use this if vb2api_secdata_check()
+ * (or any other API in this library) fails; that could allow the secure data
+ * to be rolled back to an insecure state.
+ *
+ * This may be called before vb2api_phase1().
+ *
+ * @param ctx		Context pointer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+int vb2api_secdata_create(struct vb2_context *ctx);
+
+/**
+ * Report firmware failure to vboot.
+ *
+ * This may be called before vb2api_phase1() to indicate errors in the boot
+ * process prior to the start of vboot.
+ *
+ * If this is called after vb2api_phase1(), on return, the calling firmware
+ * should check for updates to secdata and/or nvdata, then reboot.
+ *
+ * @param reason	Recovery reason
+ * @param subcode	Recovery subcode
+ */
+void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode);
+
+/**
+ * Firmware selection, phase 1.
+ *
+ * On error, the calling firmware should jump directly to recovery-mode
+ * firmware without rebooting.
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+int vb2api_fw_phase1(struct vb2_context *ctx);
+
+/**
+ * Firmware selection, phase 2.
+ *
+ * On error, the calling firmware should check for updates to secdata and/or
+ * nvdata, then reboot.
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+int vb2api_fw_phase2(struct vb2_context *ctx);
+
+/**
+ * Firmware selection, phase 3.
+ *
+ * On error, the calling firmware should check for updates to secdata and/or
+ * nvdata, then reboot.
+ *
+ * On success, the calling firmware should lock down secdata before continuing
+ * with the boot process.
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+int vb2api_fw_phase3(struct vb2_context *ctx);
+
+/*
+ * Tags for types of hashable data.
+ *
+ * TODO: These are the ones that vboot specifically knows about given the
+ * current data structures.  In the future, I'd really like the vboot preamble
+ * to contain an arbitrary list of tags and their hashes, so that we can hash
+ * ram init, main RW body, EC-RW for software sync, etc. all separately.
+ */
+enum vb2api_hash_tag {
+	/* Invalid hash tag; never present in table */
+	VB2_HASH_TAG_INVALID = 0,
+
+	/* Firmware body */
+	VB2_HASH_TAG_FW_BODY,
+};
+
+/**
+ * Initialize hashing data for the specified tag.
+ *
+ * @param ctx		Vboot context
+ * @param tag		Tag to start hashing
+ * @param size		If non-null, expected size of data for tag will be
+ *			stored here on output.
+ * @return VB2_SUCCESS, or error code on error.
+ */
+int vb2api_init_hash(struct vb2_context *ctx, uint32_t tag, uint32_t *size);
+
+/**
+ * Extend the hash started by vb2api_init_hash() with additional data.
+ *
+ * @param ctx		Vboot context
+ * @param buf		Data to hash
+ * @param size		Size of data in bytes
+ * @return VB2_SUCCESS, or error code on error.
+ */
+int vb2api_extend_hash(struct vb2_context *ctx,
+		       const void *buf,
+		       uint32_t size);
+
+/**
+ * Check the hash value started by vb2api_init_hash().
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+int vb2api_check_hash(struct vb2_context *ctx);
+
+int vb2api_get_kernel_subkey(struct vb2_context *ctx,
+			     uint8_t *buf,
+			     uint32_t *size);
+
 /*****************************************************************************/
 /* APIs provided by the caller to verified boot */
 
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index 7c61a49c..fb00936c 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -25,6 +25,9 @@ enum vb2_return_code {
 	/* Unknown / unspecified error */
 	VB2_ERROR_UNKNOWN = VB2_ERROR_BASE + 1,
 
+	/* Mock error for testing */
+	VB2_ERROR_MOCK,
+
         /**********************************************************************
 	 * SHA errors
 	 */
@@ -307,9 +310,12 @@ enum vb2_return_code {
 	/* Uninitialized work area in vb2api_check_hash() */
 	VB2_ERROR_API_CHECK_HASH_WORKBUF,
 
-	/* Wrong amount of data hashed in vb2api_extend_hash() */
+	/* Wrong amount of data hashed in vb2api_check_hash() */
 	VB2_ERROR_API_CHECK_HASH_SIZE,
 
+	/* Work buffer too small in vb2api_check_hash() */
+	VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST,
+
 	/* Bag tag in vb2api_check_hash() */
 	VB2_ERROR_API_CHECK_HASH_TAG,
 
@@ -319,12 +325,6 @@ enum vb2_return_code {
 	/* Siganature size mismatch in vb2api_check_hash() */
 	VB2_ERROR_API_CHECK_HASH_SIG_SIZE,
 
-	/* Preamble not present in vb2api_get_kernel_subkey() */
-	VB2_ERROR_API_KERNEL_SUBKEY_PREAMBLE,
-
-	/* Destination buffer too small in vb2api_get_kernel_subkey() */
-	VB2_ERROR_API_KERNEL_SUBKEY_DEST_SIZE,
-
 	/* Phase one needs recovery mode */
 	VB2_ERROR_API_PHASE1_RECOVERY,