summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--firmware/lib/include/vboot_common.h10
-rw-r--r--firmware/lib/vboot_common.c16
-rw-r--r--firmware/lib/vboot_firmware.c6
-rw-r--r--firmware/lib/vboot_kernel.c3
-rw-r--r--firmware/linktest/main.c6
-rw-r--r--firmware/version.c2
-rw-r--r--tests/vboot_common2_tests.c64
-rw-r--r--tests/vboot_common3_tests.c54
-rw-r--r--utility/vbutil_firmware.c4
-rw-r--r--utility/vbutil_kernel.c8
10 files changed, 94 insertions, 79 deletions
diff --git a/firmware/lib/include/vboot_common.h b/firmware/lib/include/vboot_common.h
index b7998a7a..74d85800 100644
--- a/firmware/lib/include/vboot_common.h
+++ b/firmware/lib/include/vboot_common.h
@@ -70,8 +70,10 @@ int PublicKeyCopy(VbPublicKey* dest, const VbPublicKey* src);
RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key);
-/* Verifies [data] matches signature [sig] using [key]. */
-int VerifyData(const uint8_t* data, const VbSignature* sig,
+/* Verifies [data] matches signature [sig] using [key]. [size] is the size
+ * of the data buffer; the amount of data to be validated is contained in
+ * sig->data_size. */
+int VerifyData(const uint8_t* data, uint64_t size, const VbSignature* sig,
const RSAPublicKey* key);
@@ -93,7 +95,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
* using public key [key].
*
* Returns VBOOT_SUCCESS if successful. */
-int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
+int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key);
@@ -101,7 +103,7 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
* using public key [key].
*
* Returns VBOOT_SUCCESS if successful. */
-int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
+int VerifyKernelPreamble(const VbKernelPreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key);
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index be5a34de..a2a5d9f5 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -126,13 +126,17 @@ RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) {
}
-int VerifyData(const uint8_t* data, const VbSignature *sig,
+int VerifyData(const uint8_t* data, uint64_t size, const VbSignature *sig,
const RSAPublicKey* key) {
if (sig->sig_size != siglen_map[key->algorithm]) {
VBDEBUG(("Wrong signature size for algorithm.\n"));
return 1;
}
+ if (sig->data_size > size) {
+ VBDEBUG(("Data buffer smaller than length of signed data.\n"));
+ return 1;
+ }
if (!RSAVerifyBinary_f(NULL, key, data, sig->data_size,
GetSignatureDataC(sig), key->algorithm))
@@ -201,7 +205,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
VBDEBUG(("Signature calculated past end of the block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
- rv = VerifyData((const uint8_t*)block, sig, rsa);
+ rv = VerifyData((const uint8_t*)block, size, sig, rsa);
RSAPublicKeyFree(rsa);
if (rv)
return VBOOT_KEY_BLOCK_SIGNATURE;
@@ -253,7 +257,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
}
-int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
+int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key) {
const VbSignature* sig = &preamble->preamble_signature;
@@ -281,7 +285,7 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
return VBOOT_PREAMBLE_INVALID;
}
- if (VerifyData((const uint8_t*)preamble, sig, key)) {
+ if (VerifyData((const uint8_t*)preamble, size, sig, key)) {
VBDEBUG(("Preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
}
@@ -311,7 +315,7 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
}
-int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
+int VerifyKernelPreamble(const VbKernelPreambleHeader* preamble,
uint64_t size, const RSAPublicKey* key) {
const VbSignature* sig = &preamble->preamble_signature;
@@ -331,7 +335,7 @@ int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
VBDEBUG(("Preamble signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
- if (VerifyData((const uint8_t*)preamble, sig, key)) {
+ if (VerifyData((const uint8_t*)preamble, size, sig, key)) {
VBDEBUG(("Preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
}
diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c
index e5d6f79e..307b3621 100644
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -124,9 +124,9 @@ int LoadFirmware(LoadFirmwareParams* params) {
/* Verify the preamble, which follows the key block. */
preamble = (VbFirmwarePreambleHeader*)((uint8_t*)key_block +
key_block->key_block_size);
- if ((0 != VerifyFirmwarePreamble2(preamble,
- vblock_size - key_block->key_block_size,
- data_key))) {
+ if ((0 != VerifyFirmwarePreamble(preamble,
+ vblock_size - key_block->key_block_size,
+ data_key))) {
VBDEBUG(("Preamble verfication failed.\n"));
RSAPublicKeyFree(data_key);
continue;
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 03e4da81..7996564c 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -241,7 +241,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Verify the preamble, which follows the key block */
preamble = (VbKernelPreambleHeader*)(kbuf + key_block->key_block_size);
- if ((0 != VerifyKernelPreamble2(preamble,
+ if ((0 != VerifyKernelPreamble(preamble,
KBUF_SIZE - key_block->key_block_size,
data_key))) {
VBDEBUG(("Preamble verification failed.\n"));
@@ -313,6 +313,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Verify kernel data */
if (0 != VerifyData((const uint8_t*)params->kernel_buffer,
+ params->kernel_buffer_size,
&preamble->body_signature, data_key)) {
VBDEBUG(("Kernel data verification failed.\n"));
RSAPublicKeyFree(data_key);
diff --git a/firmware/linktest/main.c b/firmware/linktest/main.c
index bff8f006..966a345e 100644
--- a/firmware/linktest/main.c
+++ b/firmware/linktest/main.c
@@ -67,11 +67,11 @@ int main(void)
PublicKeyInit(0, 0, 0);
PublicKeyCopy(0, 0);
PublicKeyToRSA(0);
- VerifyData(0, 0, 0);
+ VerifyData(0, 0, 0, 0);
VerifyDigest(0, 0, 0);
KeyBlockVerify(0, 0, 0);
- VerifyFirmwarePreamble2(0, 0, 0);
- VerifyKernelPreamble2(0, 0, 0);
+ VerifyFirmwarePreamble(0, 0, 0);
+ VerifyKernelPreamble(0, 0, 0);
return 0;
}
diff --git a/firmware/version.c b/firmware/version.c
index 978e65ec..c40f4e97 100644
--- a/firmware/version.c
+++ b/firmware/version.c
@@ -1 +1 @@
-char* VbootVersion = "VBOOv=5f9c5921";
+char* VbootVersion = "VBOOv=45bbe227";
diff --git a/tests/vboot_common2_tests.c b/tests/vboot_common2_tests.c
index f5815741..d03b60e3 100644
--- a/tests/vboot_common2_tests.c
+++ b/tests/vboot_common2_tests.c
@@ -45,23 +45,29 @@ static void VerifyDataTest(const VbPublicKey* public_key,
const VbPrivateKey* private_key) {
const uint8_t test_data[] = "This is some test data to sign.";
+ const uint64_t test_size = sizeof(test_data);
VbSignature* sig;
RSAPublicKey* rsa;
- sig = CalculateSignature(test_data, sizeof(test_data), private_key);
+ sig = CalculateSignature(test_data, test_size, private_key);
rsa = PublicKeyToRSA(public_key);
TEST_NEQ(sig && rsa, 0, "VerifyData() prerequisites");
if (!sig || !rsa)
return;
- TEST_EQ(VerifyData(test_data, sig, rsa), 0, "VerifyData() ok");
+ TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 0, "VerifyData() ok");
sig->sig_size -= 16;
- TEST_EQ(VerifyData(test_data, sig, rsa), 1, "VerifyData() wrong sig size");
+ TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 1,
+ "VerifyData() wrong sig size");
sig->sig_size += 16;
+ TEST_EQ(VerifyData(test_data, test_size - 1, sig, rsa), 1,
+ "VerifyData() input buffer too small");
+
GetSignatureData(sig)[0] ^= 0x5A;
- TEST_EQ(VerifyData(test_data, sig, rsa), 1, "VerifyData() wrong sig");
+ TEST_EQ(VerifyData(test_data, test_size, sig, rsa), 1,
+ "VerifyData() wrong sig");
RSAPublicKeyFree(rsa);
Free(sig);
@@ -118,61 +124,61 @@ static void VerifyKernelPreambleTest(const VbPublicKey* public_key,
rsa = PublicKeyToRSA(public_key);
hdr = CreateKernelPreamble(0x1234, 0x100000, 0x300000, 0x4000, body_sig,
0, private_key);
- TEST_NEQ(hdr && rsa, 0, "VerifyKernelPreamble2() prerequisites");
+ TEST_NEQ(hdr && rsa, 0, "VerifyKernelPreamble() prerequisites");
if (!hdr)
return;
hsize = (unsigned) hdr->preamble_size;
h = (VbKernelPreambleHeader*)Malloc(hsize + 16384);
- TEST_EQ(VerifyKernelPreamble2(hdr, hsize, rsa), 0,
- "VerifyKernelPreamble2() ok using key");
- TEST_NEQ(VerifyKernelPreamble2(hdr, hsize - 1, rsa), 0,
- "VerifyKernelPreamble2() size--");
- TEST_EQ(VerifyKernelPreamble2(hdr, hsize + 1, rsa), 0,
- "VerifyKernelPreamble2() size++");
+ TEST_EQ(VerifyKernelPreamble(hdr, hsize, rsa), 0,
+ "VerifyKernelPreamble() ok using key");
+ TEST_NEQ(VerifyKernelPreamble(hdr, hsize - 1, rsa), 0,
+ "VerifyKernelPreamble() size--");
+ TEST_EQ(VerifyKernelPreamble(hdr, hsize + 1, rsa), 0,
+ "VerifyKernelPreamble() size++");
/* Care about major version but not minor */
Memcpy(h, hdr, hsize);
h->header_version_major++;
ReSignKernelPreamble(h, private_key);
- TEST_NEQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() major++");
+ TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() major++");
Memcpy(h, hdr, hsize);
h->header_version_major--;
ReSignKernelPreamble(h, private_key);
- TEST_NEQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() major--");
+ TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() major--");
Memcpy(h, hdr, hsize);
h->header_version_minor++;
ReSignKernelPreamble(h, private_key);
- TEST_EQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() minor++");
+ TEST_EQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() minor++");
Memcpy(h, hdr, hsize);
h->header_version_minor--;
ReSignKernelPreamble(h, private_key);
- TEST_EQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() minor--");
+ TEST_EQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() minor--");
/* Check signature */
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_offset = hsize;
ReSignKernelPreamble(h, private_key);
- TEST_NEQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() sig off end");
+ TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() sig off end");
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_size--;
ReSignKernelPreamble(h, private_key);
- TEST_NEQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() sig too small");
+ TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() sig too small");
Memcpy(h, hdr, hsize);
GetSignatureData(&h->body_signature)[0] ^= 0x34;
- TEST_NEQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() sig mismatch");
+ TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() sig mismatch");
/* Check that we signed header and body sig */
Memcpy(h, hdr, hsize);
@@ -180,14 +186,14 @@ static void VerifyKernelPreambleTest(const VbPublicKey* public_key,
h->body_signature.sig_offset = 0;
h->body_signature.sig_size = 0;
ReSignKernelPreamble(h, private_key);
- TEST_NEQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() didn't sign header");
+ TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() didn't sign header");
Memcpy(h, hdr, hsize);
h->body_signature.sig_offset = hsize;
ReSignKernelPreamble(h, private_key);
- TEST_NEQ(VerifyKernelPreamble2(h, hsize, rsa), 0,
- "VerifyKernelPreamble2() body sig off end");
+ TEST_NEQ(VerifyKernelPreamble(h, hsize, rsa), 0,
+ "VerifyKernelPreamble() body sig off end");
/* TODO: verify parser can support a bigger header. */
diff --git a/tests/vboot_common3_tests.c b/tests/vboot_common3_tests.c
index 8b7e4702..ba0e058c 100644
--- a/tests/vboot_common3_tests.c
+++ b/tests/vboot_common3_tests.c
@@ -156,61 +156,61 @@ static void VerifyFirmwarePreambleTest(const VbPublicKey* public_key,
rsa = PublicKeyToRSA(public_key);
hdr = CreateFirmwarePreamble(0x1234, kernel_subkey, body_sig, private_key);
- TEST_NEQ(hdr && rsa, 0, "VerifyFirmwarePreamble2() prerequisites");
+ TEST_NEQ(hdr && rsa, 0, "VerifyFirmwarePreamble() prerequisites");
if (!hdr)
return;
hsize = (unsigned) hdr->preamble_size;
h = (VbFirmwarePreambleHeader*)Malloc(hsize + 16384);
- TEST_EQ(VerifyFirmwarePreamble2(hdr, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() ok using key");
- TEST_NEQ(VerifyFirmwarePreamble2(hdr, hsize - 1, rsa), 0,
- "VerifyFirmwarePreamble2() size--");
- TEST_EQ(VerifyFirmwarePreamble2(hdr, hsize + 1, rsa), 0,
- "VerifyFirmwarePreamble2() size++");
+ TEST_EQ(VerifyFirmwarePreamble(hdr, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() ok using key");
+ TEST_NEQ(VerifyFirmwarePreamble(hdr, hsize - 1, rsa), 0,
+ "VerifyFirmwarePreamble() size--");
+ TEST_EQ(VerifyFirmwarePreamble(hdr, hsize + 1, rsa), 0,
+ "VerifyFirmwarePreamble() size++");
/* Care about major version but not minor */
Memcpy(h, hdr, hsize);
h->header_version_major++;
ReSignFirmwarePreamble(h, private_key);
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() major++");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() major++");
Memcpy(h, hdr, hsize);
h->header_version_major--;
ReSignFirmwarePreamble(h, private_key);
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() major--");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() major--");
Memcpy(h, hdr, hsize);
h->header_version_minor++;
ReSignFirmwarePreamble(h, private_key);
- TEST_EQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() minor++");
+ TEST_EQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() minor++");
Memcpy(h, hdr, hsize);
h->header_version_minor--;
ReSignFirmwarePreamble(h, private_key);
- TEST_EQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() minor--");
+ TEST_EQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() minor--");
/* Check signature */
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_offset = hsize;
ReSignFirmwarePreamble(h, private_key);
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() sig off end");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() sig off end");
Memcpy(h, hdr, hsize);
h->preamble_signature.sig_size--;
ReSignFirmwarePreamble(h, private_key);
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() sig too small");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() sig too small");
Memcpy(h, hdr, hsize);
GetPublicKeyData(&h->kernel_subkey)[0] ^= 0x34;
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() sig mismatch");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() sig mismatch");
/* Check that we signed header, kernel subkey, and body sig */
Memcpy(h, hdr, hsize);
@@ -220,20 +220,20 @@ static void VerifyFirmwarePreambleTest(const VbPublicKey* public_key,
h->body_signature.sig_offset = 0;
h->body_signature.sig_size = 0;
ReSignFirmwarePreamble(h, private_key);
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() didn't sign header");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() didn't sign header");
Memcpy(h, hdr, hsize);
h->kernel_subkey.key_offset = hsize;
ReSignFirmwarePreamble(h, private_key);
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() kernel subkey off end");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() kernel subkey off end");
Memcpy(h, hdr, hsize);
h->body_signature.sig_offset = hsize;
ReSignFirmwarePreamble(h, private_key);
- TEST_NEQ(VerifyFirmwarePreamble2(h, hsize, rsa), 0,
- "VerifyFirmwarePreamble2() body sig off end");
+ TEST_NEQ(VerifyFirmwarePreamble(h, hsize, rsa), 0,
+ "VerifyFirmwarePreamble() body sig off end");
/* TODO: verify parser can support a bigger header. */
diff --git a/utility/vbutil_firmware.c b/utility/vbutil_firmware.c
index cdeed265..3992a3a8 100644
--- a/utility/vbutil_firmware.c
+++ b/utility/vbutil_firmware.c
@@ -224,7 +224,7 @@ static int Verify(const char* infile, const char* signpubkey,
/* Verify preamble */
preamble = (VbFirmwarePreambleHeader*)(blob + now);
- if (0 != VerifyFirmwarePreamble2(preamble, blob_size - now, rsa)) {
+ if (0 != VerifyFirmwarePreamble(preamble, blob_size - now, rsa)) {
error("Error verifying preamble.\n");
return 1;
}
@@ -247,7 +247,7 @@ static int Verify(const char* infile, const char* signpubkey,
/* TODO: verify body size same as signature size */
/* Verify body */
- if (0 != VerifyData(fv_data, &preamble->body_signature, rsa)) {
+ if (0 != VerifyData(fv_data, fv_size, &preamble->body_signature, rsa)) {
error("Error verifying firmware body.\n");
return 1;
}
diff --git a/utility/vbutil_kernel.c b/utility/vbutil_kernel.c
index d688e61f..893f889c 100644
--- a/utility/vbutil_kernel.c
+++ b/utility/vbutil_kernel.c
@@ -661,7 +661,7 @@ static int Verify(const char* infile, const char* signpubkey, int verbose) {
/* Verify preamble */
preamble = bp->preamble;
- if (0 != VerifyKernelPreamble2(
+ if (0 != VerifyKernelPreamble(
preamble, bp->blob_size - key_block->key_block_size, rsa)) {
error("Error verifying preamble.\n");
goto verify_exit;
@@ -676,11 +676,13 @@ static int Verify(const char* infile, const char* signpubkey, int verbose) {
printf(" Body load address: 0x%" PRIx64 "\n", preamble->body_load_address);
printf(" Body size: 0x%" PRIx64 "\n",
preamble->body_signature.data_size);
- printf(" Bootloader address: 0x%" PRIx64 "\n", preamble->bootloader_address);
+ printf(" Bootloader address: 0x%" PRIx64 "\n",
+ preamble->bootloader_address);
printf(" Bootloader size: 0x%" PRIx64 "\n", preamble->bootloader_size);
/* Verify body */
- if (0 != VerifyData(bp->blob, &preamble->body_signature, rsa)) {
+ if (0 != VerifyData(bp->blob, bp->blob_size, &preamble->body_signature,
+ rsa)) {
error("Error verifying kernel body.\n");
goto verify_exit;
}
View Lorry Controller Status