diff options
Diffstat (limited to 'host/lib21/include/host_common21.h')
-rw-r--r-- | host/lib21/include/host_common21.h | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/host/lib21/include/host_common21.h b/host/lib21/include/host_common21.h new file mode 100644 index 00000000..fa8086b8 --- /dev/null +++ b/host/lib21/include/host_common21.h @@ -0,0 +1,124 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Common functions between firmware and kernel verified boot. + */ + +#ifndef VBOOT_REFERENCE_VB21_COMMON_H_ +#define VBOOT_REFERENCE_VB21_COMMON_H_ + +#include "2common.h" +#include "2return_codes.h" +#include "2struct.h" +#include "host_struct21.h" + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/** + * Return the description of an object starting with a vb21_struct_common + * header. + * + * Does not sanity-check the buffer; merely returns the pointer. + * + * @param buf Pointer to common object + * @return A pointer to description or an empty string if none. + */ +const char *vb21_common_desc(const void *buf); + +/** + * Verify the common struct header is fully contained in its parent data + * + * Also verifies the description is either zero-length or null-terminated. + * + * @param parent Parent data + * @param parent_size Parent size in bytes + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size); + +/** + * Verify a member is within the data for a parent object + * + * @param parent Parent data (starts with struct vb21_struct_common) + * @param min_offset Pointer to minimum offset where member can be located. + * If this offset is 0 on input, uses the size of the + * fixed header (and description, if any). This will be + * updated on return to the end of the passed member. On + * error, the value of min_offset is undefined. + * @param member_offset Offset of member data from start of parent, in bytes + * @param member_size Size of member data, in bytes + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset, + uint32_t member_offset, + uint32_t member_size); + +/** + * Verify a member which starts with a common header is within the parent + * + * This does not verify the contents of the member or its header, only that the + * member's claimed total size fits within the parent's claimed total size at + * the specified offset. + * + * @param parent Parent data (starts with struct vb21_struct_common) + * @param min_offset Pointer to minimum offset where member can be located. + * If this offset is 0 on input, uses the size of the + * fixed header (and description, if any). This will be + * updated on return to the end of the passed member. On + * error, the value of min_offset is undefined. + * @param member_offset Offset of member data from start of parent, in bytes. + * This should be the start of the common header of the + * member. + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_common_subobject(const void *parent, + uint32_t *min_offset, + uint32_t member_offset); + +/** + * Verify the integrity of a signature struct + * @param sig Signature struct + * @param size Size of buffer containing signature struct + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_signature(const struct vb21_signature *sig, + uint32_t size); + +/** + * Verify a signature against an expected hash digest. + * + * @param key Key to use in signature verification + * @param sig Signature to verify (may be destroyed in process) + * @param digest Digest of signed data + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_digest(const struct vb2_public_key *key, + struct vb21_signature *sig, + const uint8_t *digest, + const struct vb2_workbuf *wb); + +/** + * Verify data matches signature. + * + * @param data Data to verify + * @param size Size of data buffer. Note that amount of data to + * actually validate is contained in sig->data_size. + * @param sig Signature of data (destroyed in process) + * @param key Key to use to validate signature + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb21_verify_data(const void *data, uint32_t size, + struct vb21_signature *sig, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* VBOOT_REFERENCE_VB21_COMMON_H_ */ |