diff options
Diffstat (limited to 'firmware')
| -rw-r--r-- | firmware/2lib/2nvstorage.c | 4 | ||||
| -rw-r--r-- | firmware/2lib/2rsa.c | 14 | ||||
| -rw-r--r-- | firmware/2lib/2secdata.c | 10 | ||||
| -rw-r--r-- | firmware/2lib/2sha_utility.c | 8 | ||||
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 98 |
5 files changed, 112 insertions, 22 deletions
diff --git a/firmware/2lib/2nvstorage.c b/firmware/2lib/2nvstorage.c index 3bfe151c..be635825 100644 --- a/firmware/2lib/2nvstorage.c +++ b/firmware/2lib/2nvstorage.c @@ -82,11 +82,11 @@ int vb2_nv_check_crc(const struct vb2_context *ctx) /* Check header */ if (VB2_NV_HEADER_SIGNATURE != (p[VB2_NV_OFFS_HEADER] & VB2_NV_HEADER_MASK)) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_NV_HEADER; /* Check CRC */ if (vb2_crc8(p, VB2_NV_OFFS_CRC) != p[VB2_NV_OFFS_CRC]) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_NV_CRC; return VB2_SUCCESS; } diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c index e619e78b..cc39b1d6 100644 --- a/firmware/2lib/2rsa.c +++ b/firmware/2lib/2rsa.c @@ -286,7 +286,7 @@ int vb2_check_padding(uint8_t *sig, int algorithm) tail_size = sizeof(sha512_tail); break; default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_RSA_PADDING_ALGORITHM; } /* First 2 bytes are always 0x00 0x01 */ @@ -303,7 +303,7 @@ int vb2_check_padding(uint8_t *sig, int algorithm) */ result |= vb2_safe_memcmp(sig, tail, tail_size); - return result ? VB2_ERROR_BAD_SIGNATURE : VB2_SUCCESS; + return result ? VB2_ERROR_RSA_PADDING : VB2_SUCCESS; } int vb2_verify_digest(const struct vb2_public_key *key, @@ -318,22 +318,22 @@ int vb2_verify_digest(const struct vb2_public_key *key, int rv; if (!key || !sig || !digest) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_RSA_VERIFY_PARAM; if (key->algorithm >= VB2_ALG_COUNT) { VB2_DEBUG("Invalid signature type!\n"); - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_RSA_VERIFY_ALGORITHM; } /* Signature length should be same as key length */ if (key_bytes != vb2_rsa_sig_size(key->algorithm)) { VB2_DEBUG("Signature is of incorrect length!\n"); - return VB2_ERROR_BAD_SIGNATURE; + return VB2_ERROR_RSA_VERIFY_SIG_LEN; } workbuf32 = vb2_workbuf_alloc(&wblocal, 3 * key_bytes); if (!workbuf32) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_RSA_VERIFY_WORKBUF; modpowF4(key, sig, workbuf32); @@ -354,7 +354,7 @@ int vb2_verify_digest(const struct vb2_public_key *key, if (vb2_safe_memcmp(sig + pad_size, digest, key_bytes - pad_size)) { VB2_DEBUG("Digest check failed!\n"); - rv = VB2_ERROR_BAD_SIGNATURE; + rv = VB2_ERROR_RSA_VERIFY_DIGEST; } return rv; diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c index 668bc507..2987e037 100644 --- a/firmware/2lib/2secdata.c +++ b/firmware/2lib/2secdata.c @@ -18,7 +18,7 @@ int vb2_secdata_check_crc(const struct vb2_context *ctx) /* Verify CRC */ if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata, crc8))) - return VB2_ERROR_BAD_SECDATA; + return VB2_ERROR_SECDATA_CRC; return VB2_SUCCESS; } @@ -47,7 +47,7 @@ int vb2_secdata_init(struct vb2_context *ctx) /* Data must be new enough to have a CRC */ if (sec->struct_version < 2) - return VB2_ERROR_BAD_SECDATA; + return VB2_ERROR_SECDATA_VERSION; rv = vb2_secdata_check_crc(ctx); if (rv) @@ -76,7 +76,7 @@ int vb2_secdata_get(struct vb2_context *ctx, return VB2_SUCCESS; default: - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_GET_PARAM; } } @@ -95,7 +95,7 @@ int vb2_secdata_set(struct vb2_context *ctx, case VB2_SECDATA_FLAGS: /* Make sure flags is in valid range */ if (value > 0xff) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_SET_FLAGS; sec->flags = value; break; @@ -105,7 +105,7 @@ int vb2_secdata_set(struct vb2_context *ctx, break; default: - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_SECDATA_SET_PARAM; } /* Regenerate CRC */ diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c index 66e8b692..0f9adfa3 100644 --- a/firmware/2lib/2sha_utility.c +++ b/firmware/2lib/2sha_utility.c @@ -72,7 +72,7 @@ int vb2_digest_init(struct vb2_digest_context *dc, uint32_t algorithm) return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_INIT_ALGORITHM; } } @@ -97,7 +97,7 @@ int vb2_digest_extend(struct vb2_digest_context *dc, return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_EXTEND_ALGORITHM; } } @@ -106,7 +106,7 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, uint32_t digest_size) { if (digest_size < vb2_digest_size(dc->algorithm)) - return VB2_ERROR_BUFFER_TOO_SMALL; + return VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE; switch (vb2_hash_alg(dc->algorithm)) { #if VB2_SUPPORT_SHA1 @@ -125,6 +125,6 @@ int vb2_digest_finalize(struct vb2_digest_context *dc, return VB2_SUCCESS; #endif default: - return VB2_ERROR_BAD_ALGORITHM; + return VB2_ERROR_SHA_FINALIZE_ALGORITHM; } } diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 73a37b5e..28c0f91d 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -16,8 +16,93 @@ enum vb2_return_code { /* Success - no error */ VB2_SUCCESS = 0, + /* + * All vboot2 error codes start at a large offset from zero, to reduce + * the risk of overlap with other error codes (TPM, etc.). + */ + VB2_ERROR_BASE = 0x0100000, + /* Unknown / unspecified error */ - VB2_ERROR_UNKNOWN = 0x10000, + VB2_ERROR_UNKNOWN = VB2_ERROR_BASE + 1, + + /********************************************************************** + * SHA errors + */ + VB2_ERROR_SHA = VB2_ERROR_BASE + 0x010000, + + /* Bad algorithm in vb2_digest_init() */ + VB2_ERROR_SHA_INIT_ALGORITHM, + + /* Bad algorithm in vb2_digest_extend() */ + VB2_ERROR_SHA_EXTEND_ALGORITHM, + + /* Bad algorithm in vb2_digest_finalize() */ + VB2_ERROR_SHA_FINALIZE_ALGORITHM, + + /* Digest size buffer too small in vb2_digest_finalize() */ + VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE, + + /********************************************************************** + * RSA errors + */ + VB2_ERROR_RSA = VB2_ERROR_BASE + 0x020000, + + /* Padding mismatch in vb2_check_padding() */ + VB2_ERROR_RSA_PADDING, + + /* Bad algorithm in vb2_check_padding() */ + VB2_ERROR_RSA_PADDING_ALGORITHM, + + /* Null param passed to vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_PARAM, + + /* Bad algorithm in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_ALGORITHM, + + /* Bad signature length in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_SIG_LEN, + + /* Work buffer too small in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_WORKBUF, + + /* Digest mismatch in vb2_verify_digest() */ + VB2_ERROR_RSA_VERIFY_DIGEST, + + /********************************************************************** + * NV storage errors + */ + VB2_ERROR_NV = VB2_ERROR_BASE + 0x030000, + + /* Bad header in vb2_nv_check_crc() */ + VB2_ERROR_NV_HEADER, + + /* Bad CRC in vb2_nv_check_crc() */ + VB2_ERROR_NV_CRC, + + /********************************************************************** + * Secure data storage errors + */ + VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000, + + /* Bad CRC in vb2_secdata_check_crc() */ + VB2_ERROR_SECDATA_CRC, + + /* Bad struct version in vb2_secdata_init() */ + VB2_ERROR_SECDATA_VERSION, + + /* Invalid param in vb2_secdata_get() */ + VB2_ERROR_SECDATA_GET_PARAM, + + /* Invalid param in vb2_secdata_set() */ + VB2_ERROR_SECDATA_SET_PARAM, + + /* Invalid flags passed to vb2_secdata_set() */ + VB2_ERROR_SECDATA_SET_FLAGS, + + /********************************************************************** + * TODO: errors which must still be made specific + */ + VB2_ERROR_TODO = VB2_ERROR_BASE + 0xff0000, /* Work buffer too small */ VB2_ERROR_WORKBUF_TOO_SMALL, @@ -37,9 +122,6 @@ enum vb2_return_code { /* Signature check failed */ VB2_ERROR_BAD_SIGNATURE, - /* Bad secure data */ - VB2_ERROR_BAD_SECDATA, - /* Bad key */ VB2_ERROR_BAD_KEY, @@ -57,6 +139,14 @@ enum vb2_return_code { /* Bad hash tag */ VB2_ERROR_BAD_TAG, + + /********************************************************************** + * Highest non-zero error generated inside vboot library. Note that + * error codes passed through vboot when it calls external APIs may + * still be outside this range. + */ + VB2_ERROR_MAX = VB2_ERROR_BASE + 0xffffff, + }; #endif /* VBOOT_2_RETURN_CODES_H_ */ |