summaryrefslogtreecommitdiff
path: root/host/lib21/include/host_common21.h
diff options
context:
space:
mode:
Diffstat (limited to 'host/lib21/include/host_common21.h')
-rw-r--r--host/lib21/include/host_common21.h124
1 files changed, 124 insertions, 0 deletions
diff --git a/host/lib21/include/host_common21.h b/host/lib21/include/host_common21.h
new file mode 100644
index 00000000..fa8086b8
--- /dev/null
+++ b/host/lib21/include/host_common21.h
@@ -0,0 +1,124 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Common functions between firmware and kernel verified boot.
+ */
+
+#ifndef VBOOT_REFERENCE_VB21_COMMON_H_
+#define VBOOT_REFERENCE_VB21_COMMON_H_
+
+#include "2common.h"
+#include "2return_codes.h"
+#include "2struct.h"
+#include "host_struct21.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/**
+ * Return the description of an object starting with a vb21_struct_common
+ * header.
+ *
+ * Does not sanity-check the buffer; merely returns the pointer.
+ *
+ * @param buf Pointer to common object
+ * @return A pointer to description or an empty string if none.
+ */
+const char *vb21_common_desc(const void *buf);
+
+/**
+ * Verify the common struct header is fully contained in its parent data
+ *
+ * Also verifies the description is either zero-length or null-terminated.
+ *
+ * @param parent Parent data
+ * @param parent_size Parent size in bytes
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size);
+
+/**
+ * Verify a member is within the data for a parent object
+ *
+ * @param parent Parent data (starts with struct vb21_struct_common)
+ * @param min_offset Pointer to minimum offset where member can be located.
+ * If this offset is 0 on input, uses the size of the
+ * fixed header (and description, if any). This will be
+ * updated on return to the end of the passed member. On
+ * error, the value of min_offset is undefined.
+ * @param member_offset Offset of member data from start of parent, in bytes
+ * @param member_size Size of member data, in bytes
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset,
+ uint32_t member_offset,
+ uint32_t member_size);
+
+/**
+ * Verify a member which starts with a common header is within the parent
+ *
+ * This does not verify the contents of the member or its header, only that the
+ * member's claimed total size fits within the parent's claimed total size at
+ * the specified offset.
+ *
+ * @param parent Parent data (starts with struct vb21_struct_common)
+ * @param min_offset Pointer to minimum offset where member can be located.
+ * If this offset is 0 on input, uses the size of the
+ * fixed header (and description, if any). This will be
+ * updated on return to the end of the passed member. On
+ * error, the value of min_offset is undefined.
+ * @param member_offset Offset of member data from start of parent, in bytes.
+ * This should be the start of the common header of the
+ * member.
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+vb2_error_t vb21_verify_common_subobject(const void *parent,
+ uint32_t *min_offset,
+ uint32_t member_offset);
+
+/**
+ * Verify the integrity of a signature struct
+ * @param sig Signature struct
+ * @param size Size of buffer containing signature struct
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+vb2_error_t vb21_verify_signature(const struct vb21_signature *sig,
+ uint32_t size);
+
+/**
+ * Verify a signature against an expected hash digest.
+ *
+ * @param key Key to use in signature verification
+ * @param sig Signature to verify (may be destroyed in process)
+ * @param digest Digest of signed data
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+vb2_error_t vb21_verify_digest(const struct vb2_public_key *key,
+ struct vb21_signature *sig,
+ const uint8_t *digest,
+ const struct vb2_workbuf *wb);
+
+/**
+ * Verify data matches signature.
+ *
+ * @param data Data to verify
+ * @param size Size of data buffer. Note that amount of data to
+ * actually validate is contained in sig->data_size.
+ * @param sig Signature of data (destroyed in process)
+ * @param key Key to use to validate signature
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb21_verify_data(const void *data, uint32_t size,
+ struct vb21_signature *sig,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* VBOOT_REFERENCE_VB21_COMMON_H_ */
View Lorry Controller Status