From 166840277a2d4806fa0d89980b3501090441d5ed Mon Sep 17 00:00:00 2001 From: Joel Kitching Date: Thu, 12 Dec 2019 14:45:29 +0800 Subject: vboot: move vboot 2.1 functions and structs into host code These structs and functions need to stick around for futility to use, but they are no longer supported in firmware code. Rename host/lib21/include/* files to end in 21 instead of 2. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Change-Id: I01e181e2f03553d60724fbdc826f5ada63777303 Cq-Depend: chromium:1969172 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1963621 Reviewed-by: Julius Werner Tested-by: Joel Kitching Commit-Queue: Joel Kitching --- Makefile | 27 +-- firmware/README | 7 - firmware/lib21/common.c | 303 ------------------------------ firmware/lib21/include/vb21_common.h | 151 --------------- firmware/lib21/include/vb21_struct.h | 233 ----------------------- firmware/lib21/packed_key.c | 99 ---------- futility/cmd_create.c | 6 +- futility/cmd_show.c | 2 +- futility/cmd_sign.c | 6 +- futility/cmd_vbutil_firmware.c | 2 +- futility/cmd_vbutil_key.c | 2 +- futility/cmd_vbutil_keyblock.c | 2 +- futility/file_type_rwsig.c | 6 +- futility/file_type_usbpd1.c | 6 +- futility/vb2_helper.c | 6 +- host/lib/host_common.c | 2 +- host/lib/host_key2.c | 33 +++- host/lib/host_keyblock.c | 2 +- host/lib/host_signature.c | 2 +- host/lib/host_signature2.c | 4 +- host/lib/include/host_common.h | 2 +- host/lib/include/host_key.h | 14 ++ host/lib/signature_digest.c | 2 +- host/lib/util_misc.c | 2 +- host/lib21/host_common.c | 303 ++++++++++++++++++++++++++++++ host/lib21/host_key.c | 61 +++++- host/lib21/host_misc.c | 4 +- host/lib21/host_signature.c | 6 +- host/lib21/include/host_common21.h | 124 +++++++++++++ host/lib21/include/host_key2.h | 270 --------------------------- host/lib21/include/host_key21.h | 284 ++++++++++++++++++++++++++++ host/lib21/include/host_misc2.h | 26 --- host/lib21/include/host_misc21.h | 26 +++ host/lib21/include/host_signature2.h | 96 ---------- host/lib21/include/host_signature21.h | 96 ++++++++++ host/lib21/include/host_struct21.h | 233 +++++++++++++++++++++++ tests/vb21_common2_tests.c | 340 ---------------------------------- tests/vb21_common_tests.c | 247 ------------------------ tests/vb21_host_common2_tests.c | 340 ++++++++++++++++++++++++++++++++++ tests/vb21_host_common_tests.c | 247 ++++++++++++++++++++++++ tests/vb21_host_key_tests.c | 4 +- tests/vb21_host_misc_tests.c | 2 +- tests/vb21_host_sig_tests.c | 6 +- tests/vb2_common2_tests.c | 2 +- utility/pad_digest_utility.c | 2 +- utility/signature_digest_utility.c | 2 +- 46 files changed, 1809 insertions(+), 1833 deletions(-) delete mode 100644 firmware/lib21/common.c delete mode 100644 firmware/lib21/include/vb21_common.h delete mode 100644 firmware/lib21/include/vb21_struct.h delete mode 100644 firmware/lib21/packed_key.c create mode 100644 host/lib21/host_common.c create mode 100644 host/lib21/include/host_common21.h delete mode 100644 host/lib21/include/host_key2.h create mode 100644 host/lib21/include/host_key21.h delete mode 100644 host/lib21/include/host_misc2.h create mode 100644 host/lib21/include/host_misc21.h delete mode 100644 host/lib21/include/host_signature2.h create mode 100644 host/lib21/include/host_signature21.h create mode 100644 host/lib21/include/host_struct21.h delete mode 100644 tests/vb21_common2_tests.c delete mode 100644 tests/vb21_common_tests.c create mode 100644 tests/vb21_host_common2_tests.c create mode 100644 tests/vb21_host_common_tests.c diff --git a/Makefile b/Makefile index 1df8e3dc..114de234 100644 --- a/Makefile +++ b/Makefile @@ -337,7 +337,7 @@ INCLUDES += \ # TPM commands and various external functions that are provided by the BIOS. ifeq (${FIRMWARE_ARCH},) INCLUDES += -Ihost/include -Ihost/lib/include -INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include +INCLUDES += -Ihost/lib21/include endif # Firmware library, used by the other firmware components (depthcharge, @@ -348,7 +348,6 @@ FWLIB = ${BUILD}/vboot_fw.a # Separate TPM lightweight command library (TLCL) TLCL = ${BUILD}/tlcl.a -# Additional firmware library sources needed by VbSelectAndLoadKernel() call FWLIB_SRCS = \ firmware/lib/cgptlib/cgptlib.c \ firmware/lib/cgptlib/cgptlib_internal.c \ @@ -364,7 +363,6 @@ FWLIB_SRCS = \ firmware/lib/vboot_ui_menu.c \ firmware/lib/vboot_ui_wilco.c -# Code common to both vboot 2.0 (old structs) and 2.1 (new structs) FWLIB2X_SRCS = \ firmware/2lib/2api.c \ firmware/2lib/2auxfw_sync.c \ @@ -392,10 +390,6 @@ FWLIB20_SRCS = \ firmware/lib20/misc.c \ firmware/lib20/packed_key.c -FWLIB21_SRCS = \ - firmware/lib21/common.c \ - firmware/lib21/packed_key.c - # TPM lightweight command library ifeq (${TPM2_MODE},) TLCL_SRCS = \ @@ -438,10 +432,8 @@ endif FWLIB_OBJS = ${FWLIB_SRCS:%.c=${BUILD}/%.o} FWLIB2X_OBJS = ${FWLIB2X_SRCS:%.c=${BUILD}/%.o} FWLIB20_OBJS = ${FWLIB20_SRCS:%.c=${BUILD}/%.o} -FWLIB21_OBJS = ${FWLIB21_SRCS:%.c=${BUILD}/%.o} TLCL_OBJS = ${TLCL_SRCS:%.c=${BUILD}/%.o} -ALL_OBJS += ${FWLIB_OBJS} ${FWLIB2X_OBJS} ${FWLIB20_OBJS} ${FWLIB21_OBJS} \ - ${TLCL_OBJS} +ALL_OBJS += ${FWLIB_OBJS} ${FWLIB2X_OBJS} ${FWLIB20_OBJS} ${TLCL_OBJS} # Intermediate library for the vboot_reference utilities to link against. UTILLIB = ${BUILD}/libvboot_util.a @@ -469,6 +461,7 @@ UTILLIB_SRCS = \ host/lib/signature_digest.c \ host/lib/subprocess.c \ host/lib/util_misc.c \ + host/lib21/host_common.c \ host/lib21/host_key.c \ host/lib21/host_misc.c \ host/lib21/host_signature.c @@ -655,7 +648,7 @@ FUTIL_CMD_LIST = ${BUILD}/gen/futility_cmds.c FUTIL_OBJS = ${FUTIL_SRCS:%.c=${BUILD}/%.o} ${FUTIL_CMD_LIST:%.c=%.o} -${FUTIL_OBJS}: INCLUDES += -Ihost/lib21/include -Ifirmware/lib21/include +${FUTIL_OBJS}: INCLUDES += -Ihost/lib21/include ALL_OBJS += ${FUTIL_OBJS} @@ -729,8 +722,8 @@ TEST20_NAMES = \ tests/vb20_verify_fw TEST21_NAMES = \ - tests/vb21_common_tests \ - tests/vb21_common2_tests \ + tests/vb21_host_common2_tests \ + tests/vb21_host_common_tests \ tests/vb21_host_key_tests \ tests/vb21_host_misc_tests \ tests/vb21_host_sig_tests @@ -866,7 +859,7 @@ utillib: ${UTILLIB} # TODO: better way to make .a than duplicating this recipe each time? ${UTILLIB}: ${UTILLIB_OBJS} ${FWLIB_OBJS} ${FWLIB2X_OBJS} ${FWLIB20_OBJS} \ - ${FWLIB21_OBJS} ${TLCL_OBJS} + ${TLCL_OBJS} @${PRINTF} " RM $(subst ${BUILD}/,,$@)\n" ${Q}rm -f $@ @${PRINTF} " AR $(subst ${BUILD}/,,$@)\n" @@ -1231,8 +1224,8 @@ run2tests: install_for_test ${RUNTEST} ${BUILD_RUN}/tests/vb20_api_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vb20_misc_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb21_common_tests - ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_common_tests + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_common2_tests ${TEST_KEYS} ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_key_tests ${TEST_KEYS} ${BUILD} ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_misc_tests ${BUILD} ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_sig_tests ${TEST_KEYS} @@ -1250,7 +1243,7 @@ runfutiltests: install_for_test runlongtests: install_for_test genkeys genfuzztestcases ${RUNTEST} ${BUILD_RUN}/tests/vb2_common2_tests ${TEST_KEYS} --all ${RUNTEST} ${BUILD_RUN}/tests/vb2_common3_tests ${TEST_KEYS} --all - ${RUNTEST} ${BUILD_RUN}/tests/vb21_common2_tests ${TEST_KEYS} --all + ${RUNTEST} ${BUILD_RUN}/tests/vb21_host_common2_tests ${TEST_KEYS} --all tests/run_preamble_tests.sh --all tests/run_vbutil_tests.sh --all diff --git a/firmware/README b/firmware/README index 754edf1b..e5d5256b 100644 --- a/firmware/README +++ b/firmware/README @@ -34,10 +34,3 @@ lib20/ This was deployed slightly before it was ready. That's not a problem, thanks to the binary compatibility, but this directory will be abandoned Real Soon Now, except for the product support branches. - -lib21/ - - This is where the current development of the second-generation vboot API - is taking place. It uses the public (2lib/) API, but will NOT be binary - compatible with vboot1 structs. Because of the early release of the lib20 - stuff, we're actually calling this lib21. diff --git a/firmware/lib21/common.c b/firmware/lib21/common.c deleted file mode 100644 index 19f07bce..00000000 --- a/firmware/lib21/common.c +++ /dev/null @@ -1,303 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Signature validation functions - */ - -#include "2common.h" -#include "2rsa.h" -#include "2sha.h" -#include "2sysincludes.h" -#include "vb21_common.h" - -const char *vb21_common_desc(const void *buf) -{ - const struct vb21_struct_common *c = buf; - - return c->desc_size ? (const char *)c + c->fixed_size : ""; -} - -vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size) -{ - const struct vb21_struct_common *c = parent; - - /* Parent buffer size must be at least the claimed total size */ - if (parent_size < c->total_size) - return VB2_ERROR_COMMON_TOTAL_SIZE; - - /* - * And big enough for the fixed size, which itself must be at least as - * big as the common struct header. - */ - if (c->total_size < c->fixed_size || c->fixed_size < sizeof(*c)) - return VB2_ERROR_COMMON_FIXED_SIZE; - - /* Make sure sizes are all multiples of 32 bits */ - if (!vb2_aligned(c->total_size, sizeof(uint32_t))) - return VB2_ERROR_COMMON_TOTAL_UNALIGNED; - if (!vb2_aligned(c->fixed_size, sizeof(uint32_t))) - return VB2_ERROR_COMMON_FIXED_UNALIGNED; - if (!vb2_aligned(c->desc_size, sizeof(uint32_t))) - return VB2_ERROR_COMMON_DESC_UNALIGNED; - - /* Check description */ - if (c->desc_size > 0) { - /* Make sure description fits and doesn't wrap */ - if (c->fixed_size + c->desc_size < c->fixed_size) - return VB2_ERROR_COMMON_DESC_WRAPS; - if (c->fixed_size + c->desc_size > c->total_size) - return VB2_ERROR_COMMON_DESC_SIZE; - - /* Description must be null-terminated */ - if (vb21_common_desc(c)[c->desc_size - 1] != 0) - return VB2_ERROR_COMMON_DESC_TERMINATOR; - } - - return VB2_SUCCESS; -} - -vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset, - uint32_t member_offset, - uint32_t member_size) -{ - const struct vb21_struct_common *c = parent; - uint32_t member_end = member_offset + member_size; - - /* Make sure member doesn't wrap */ - if (member_end < member_offset) - return VB2_ERROR_COMMON_MEMBER_WRAPS; - - /* Member offset and size must be 32-bit aligned */ - if (!vb2_aligned(member_offset, sizeof(uint32_t)) || - !vb2_aligned(member_size, sizeof(uint32_t))) - return VB2_ERROR_COMMON_MEMBER_UNALIGNED; - - /* Initialize minimum offset if necessary */ - if (!*min_offset) - *min_offset = c->fixed_size + c->desc_size; - - /* Member must be after minimum offset */ - if (member_offset < *min_offset) - return VB2_ERROR_COMMON_MEMBER_OVERLAP; - - /* Member must end before total size */ - if (member_end > c->total_size) - return VB2_ERROR_COMMON_MEMBER_SIZE; - - /* Update minimum offset for subsequent checks */ - *min_offset = member_end; - - return VB2_SUCCESS; -} - -vb2_error_t vb21_verify_common_subobject(const void *parent, - uint32_t *min_offset, - uint32_t member_offset) -{ - const struct vb21_struct_common *p = parent; - const struct vb21_struct_common *m = - (const struct vb21_struct_common *) - ((const uint8_t *)parent + member_offset); - vb2_error_t rv; - - /* - * Verify the parent has space at the member offset for the common - * header. - */ - rv = vb21_verify_common_member(parent, min_offset, member_offset, - sizeof(*m)); - if (rv) - return rv; - - /* - * Now it's safe to look at the member's header, and verify any - * additional data for the object past its common header fits in the - * parent. - */ - rv = vb21_verify_common_header(m, p->total_size - member_offset); - if (rv) - return rv; - - /* Advance the min offset to the end of the subobject */ - *min_offset = member_offset + m->total_size; - - return VB2_SUCCESS; -} - -uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg, - enum vb2_hash_algorithm hash_alg) -{ - uint32_t digest_size = vb2_digest_size(hash_alg); - - /* Fail if we don't support the hash algorithm */ - if (!digest_size) - return 0; - - /* Handle unsigned hashes */ - if (sig_alg == VB2_SIG_NONE) - return digest_size; - - return vb2_rsa_sig_size(sig_alg); -} - -const struct vb2_id *vb2_hash_id(enum vb2_hash_algorithm hash_alg) -{ - switch(hash_alg) { -#ifdef VB2_SUPPORT_SHA1 - case VB2_HASH_SHA1: - { - static const struct vb2_id id = VB2_ID_NONE_SHA1; - return &id; - } -#endif -#ifdef VB2_SUPPORT_SHA256 - case VB2_HASH_SHA256: - { - static const struct vb2_id id = VB2_ID_NONE_SHA256; - return &id; - } -#endif -#ifdef VB2_SUPPORT_SHA512 - case VB2_HASH_SHA512: - { - static const struct vb2_id id = VB2_ID_NONE_SHA512; - return &id; - } -#endif - default: - return NULL; - } -} - -vb2_error_t vb21_verify_signature(const struct vb21_signature *sig, - uint32_t size) -{ - uint32_t min_offset = 0; - uint32_t expect_sig_size; - vb2_error_t rv; - - /* Check magic number */ - if (sig->c.magic != VB21_MAGIC_SIGNATURE) - return VB2_ERROR_SIG_MAGIC; - - /* Make sure common header is good */ - rv = vb21_verify_common_header(sig, size); - if (rv) - return rv; - - /* - * Check for compatible version. No need to check minor version, since - * that's compatible across readers matching the major version, and we - * haven't added any new fields. - */ - if (sig->c.struct_version_major != VB21_SIGNATURE_VERSION_MAJOR) - return VB2_ERROR_SIG_VERSION; - - /* Make sure header is big enough for signature */ - if (sig->c.fixed_size < sizeof(*sig)) - return VB2_ERROR_SIG_HEADER_SIZE; - - /* Make sure signature data is inside */ - rv = vb21_verify_common_member(sig, &min_offset, - sig->sig_offset, sig->sig_size); - if (rv) - return rv; - - /* Make sure signature size is correct for the algorithm */ - expect_sig_size = vb2_sig_size(sig->sig_alg, sig->hash_alg); - if (!expect_sig_size) - return VB2_ERROR_SIG_ALGORITHM; - if (sig->sig_size != expect_sig_size) - return VB2_ERROR_SIG_SIZE; - - return VB2_SUCCESS; -} - -/** - * Return the signature data for a signature - */ -static uint8_t *vb21_signature_data(struct vb21_signature *sig) -{ - return (uint8_t *)sig + sig->sig_offset; -} - -vb2_error_t vb21_verify_digest(const struct vb2_public_key *key, - struct vb21_signature *sig, - const uint8_t *digest, - const struct vb2_workbuf *wb) -{ - uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg); - - /* If we can't figure out the signature size, key algorithm was bad */ - if (!key_sig_size) - return VB2_ERROR_VDATA_ALGORITHM; - - /* Make sure the signature and key algorithms match */ - if (key->sig_alg != sig->sig_alg || key->hash_alg != sig->hash_alg) - return VB2_ERROR_VDATA_ALGORITHM_MISMATCH; - - if (sig->sig_size != key_sig_size) - return VB2_ERROR_VDATA_SIG_SIZE; - - if (key->sig_alg == VB2_SIG_NONE) { - /* Bare hash */ - if (vb2_safe_memcmp(vb21_signature_data(sig), - digest, key_sig_size)) - return VB2_ERROR_VDATA_VERIFY_DIGEST; - - return VB2_SUCCESS; - } else { - /* RSA-signed digest */ - return vb2_rsa_verify_digest(key, - vb21_signature_data(sig), - digest, wb); - } -} - -vb2_error_t vb21_verify_data(const void *data, uint32_t size, - struct vb21_signature *sig, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - struct vb2_workbuf wblocal = *wb; - struct vb2_digest_context *dc; - uint8_t *digest; - uint32_t digest_size; - vb2_error_t rv; - - if (sig->data_size != size) { - VB2_DEBUG("Wrong amount of data signed.\n"); - return VB2_ERROR_VDATA_SIZE; - } - - /* Digest goes at start of work buffer */ - digest_size = vb2_digest_size(key->hash_alg); - if (!digest_size) - return VB2_ERROR_VDATA_DIGEST_SIZE; - - digest = vb2_workbuf_alloc(&wblocal, digest_size); - if (!digest) - return VB2_ERROR_VDATA_WORKBUF_DIGEST; - - /* Hashing requires temp space for the context */ - dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc)); - if (!dc) - return VB2_ERROR_VDATA_WORKBUF_HASHING; - - rv = vb2_digest_init(dc, key->hash_alg); - if (rv) - return rv; - - rv = vb2_digest_extend(dc, data, size); - if (rv) - return rv; - - rv = vb2_digest_finalize(dc, digest, digest_size); - if (rv) - return rv; - - vb2_workbuf_free(&wblocal, sizeof(*dc)); - - return vb21_verify_digest(key, sig, digest, &wblocal); -} diff --git a/firmware/lib21/include/vb21_common.h b/firmware/lib21/include/vb21_common.h deleted file mode 100644 index 442ccb07..00000000 --- a/firmware/lib21/include/vb21_common.h +++ /dev/null @@ -1,151 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Common functions between firmware and kernel verified boot. - */ - -#ifndef VBOOT_REFERENCE_VB21_COMMON_H_ -#define VBOOT_REFERENCE_VB21_COMMON_H_ - -#include "2common.h" -#include "2return_codes.h" -#include "2struct.h" -#include "vb21_struct.h" - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -/** - * Return the description of an object starting with a vb21_struct_common - * header. - * - * Does not sanity-check the buffer; merely returns the pointer. - * - * @param buf Pointer to common object - * @return A pointer to description or an empty string if none. - */ -const char *vb21_common_desc(const void *buf); - -/** - * Verify the common struct header is fully contained in its parent data - * - * Also verifies the description is either zero-length or null-terminated. - * - * @param parent Parent data - * @param parent_size Parent size in bytes - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size); - -/** - * Verify a member is within the data for a parent object - * - * @param parent Parent data (starts with struct vb21_struct_common) - * @param min_offset Pointer to minimum offset where member can be located. - * If this offset is 0 on input, uses the size of the - * fixed header (and description, if any). This will be - * updated on return to the end of the passed member. On - * error, the value of min_offset is undefined. - * @param member_offset Offset of member data from start of parent, in bytes - * @param member_size Size of member data, in bytes - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset, - uint32_t member_offset, - uint32_t member_size); - -/** - * Verify a member which starts with a common header is within the parent - * - * This does not verify the contents of the member or its header, only that the - * member's claimed total size fits within the parent's claimed total size at - * the specified offset. - * - * @param parent Parent data (starts with struct vb21_struct_common) - * @param min_offset Pointer to minimum offset where member can be located. - * If this offset is 0 on input, uses the size of the - * fixed header (and description, if any). This will be - * updated on return to the end of the passed member. On - * error, the value of min_offset is undefined. - * @param member_offset Offset of member data from start of parent, in bytes. - * This should be the start of the common header of the - * member. - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb21_verify_common_subobject(const void *parent, - uint32_t *min_offset, - uint32_t member_offset); - -/** - * Unpack a key for use in verification - * - * The elements of the unpacked key will point into the source buffer, so don't - * free the source buffer until you're done with the key. - * - * @param key Destintion for unpacked key - * @param buf Source buffer containing packed key - * @param size Size of buffer in bytes - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf, - uint32_t size); - -/** - * Unpack the RSA data fields for a public key - * - * This is called by vb21_unpack_key() to extract the arrays from a packed key. - * These elements of *key will point inside the key_data buffer. - * - * @param key Destination key for RSA data fields - * @param key_data Packed key data (from inside a packed key buffer) - * @param key_size Size of packed key data in bytes - */ -vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key, - const uint8_t *key_data, uint32_t key_size); - -/** - * Verify the integrity of a signature struct - * @param sig Signature struct - * @param size Size of buffer containing signature struct - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb21_verify_signature(const struct vb21_signature *sig, - uint32_t size); - -/** - * Verify a signature against an expected hash digest. - * - * @param key Key to use in signature verification - * @param sig Signature to verify (may be destroyed in process) - * @param digest Digest of signed data - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb21_verify_digest(const struct vb2_public_key *key, - struct vb21_signature *sig, - const uint8_t *digest, - const struct vb2_workbuf *wb); - -/** - * Verify data matches signature. - * - * @param data Data to verify - * @param size Size of data buffer. Note that amount of data to - * actually validate is contained in sig->data_size. - * @param sig Signature of data (destroyed in process) - * @param key Key to use to validate signature - * @param wb Work buffer - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_verify_data(const void *data, uint32_t size, - struct vb21_signature *sig, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* VBOOT_REFERENCE_VB21_COMMON_H_ */ diff --git a/firmware/lib21/include/vb21_struct.h b/firmware/lib21/include/vb21_struct.h deleted file mode 100644 index 6f91e36c..00000000 --- a/firmware/lib21/include/vb21_struct.h +++ /dev/null @@ -1,233 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Vboot 2.1 data structures - * - * Offsets should be padded to 32-bit boundaries, since some architectures - * have trouble with accessing unaligned integers. - */ - -#ifndef VBOOT_REFERENCE_VB21_STRUCT_H_ -#define VBOOT_REFERENCE_VB21_STRUCT_H_ - -#include "2id.h" -#include "2sysincludes.h" - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -/* - * Magic numbers used by vb21_struct_common.magic. - * - * All valid numbers should be listed here to avoid accidental overlap. - * Numbers start at a large value, so that previous parsers (which stored - * things like lengths and offsets at that field) will detect and reject new - * structs as invalid. - */ -enum vb21_struct_common_magic { - /* "Vb2I" = vb21_packed_private_key.c.magic */ - VB21_MAGIC_PACKED_PRIVATE_KEY = 0x49326256, - - /* "Vb2P" = vb21_packed_key.c.magic */ - VB21_MAGIC_PACKED_KEY = 0x50326256, - - /* "Vb2S" = vb21_signature.c.magic */ - VB21_MAGIC_SIGNATURE = 0x53326256, -}; - - -/* - * Generic struct header for all vboot2.1 structs. This makes it easy to - * automatically parse and identify vboot structs (e.g., in futility). This - * must be the first member of the parent vboot2.1 struct. - */ -struct vb21_struct_common { - /* Magic number; see vb21_struct_common_magic for expected values */ - uint32_t magic; - - /* - * Parent struct version; see each struct for the expected value. - * - * How to handle struct version mismatches, if the parser is version - * A.b and the data is version C.d: - * 1) If A.b == C.d, we're good. - * 2) If A != C, the data cannot be parsed at all. - * 3) If b < d, C.d is a newer version of data which is backwards- - * compatible to old parsers. We're good. - * 4) If b > d, C.d is an older version of data. The parser should - * use default values for fields added after version d. We're - * good. - * - * Struct versions start at 3.0, since the highest version of the old - * structures was 2.1. This way, there is no possibility of collision - * for old code which depends on the version number. - */ - uint16_t struct_version_major; - uint16_t struct_version_minor; - - /* - * Size of the parent structure and all its data, including the - * description and any necessary padding. That is, all data must lie - * in a contiguous region of bytes starting at the first - * byte of this header. - */ - uint32_t total_size; - - /* - * Size of the fixed portion of the parent structure. If a description - * is present, it must start at this offset. - */ - uint32_t fixed_size; - - /* - * The object may contain an ASCII description following the fixed - * portion of the structure. If it is present, it must be - * null-terminated, and padded with 0 (null) bytes to a multiple of 32 - * bits. - * - * Size of ASCII description in bytes, counting null terminator and - * padding (if any). Set 0 if no description is present. If non-zero, - * there must be a null terminator (0) at offset (fixed_size + - * desc_size - 1). - */ - uint32_t desc_size; -} __attribute__((packed)); - -#define EXPECTED_VB21_STRUCT_COMMON_SIZE 20 - -/* Current version of vb21_packed_key struct */ -#define VB21_PACKED_KEY_VERSION_MAJOR 3 -#define VB21_PACKED_KEY_VERSION_MINOR 0 - -/* - * Packed public key data - * - * The key data must be arranged like this: - * 1) vb21_packed_key header struct h - * 2) Key description (pointed to by h.c.fixed_size) - * 3) Key data key (pointed to by h.key_offset) - */ -struct vb21_packed_key { - /* Common header fields */ - struct vb21_struct_common c; - - /* Offset of key data from start of this struct */ - uint32_t key_offset; - - /* Size of key data in bytes (NOT strength of key in bits) */ - uint32_t key_size; - - /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ - uint16_t sig_alg; - - /* - * Hash digest algorithm used with the key (enum vb2_hash_algorithm). - * This is explicitly specified as part of the key to prevent use of a - * strong key with a weak hash. - */ - uint16_t hash_alg; - - /* Key version */ - uint32_t key_version; - - /* Key ID */ - struct vb2_id id; -} __attribute__((packed)); - -#define EXPECTED_VB21_PACKED_KEY_SIZE \ - (EXPECTED_VB21_STRUCT_COMMON_SIZE + 16 + EXPECTED_ID_SIZE) - -/* Current version of vb21_packed_private_key struct */ -#define VB21_PACKED_PRIVATE_KEY_VERSION_MAJOR 3 -#define VB21_PACKED_PRIVATE_KEY_VERSION_MINOR 0 - -/* - * Packed private key data - * - * The key data must be arranged like this: - * 1) vb21_packed_private_key header struct h - * 2) Key description (pointed to by h.c.fixed_size) - * 3) Key data key (pointed to by h.key_offset) - */ -struct vb21_packed_private_key { - /* Common header fields */ - struct vb21_struct_common c; - - /* Offset of key data from start of this struct */ - uint32_t key_offset; - - /* Size of key data in bytes (NOT strength of key in bits) */ - uint32_t key_size; - - /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ - uint16_t sig_alg; - - /* - * Hash digest algorithm used with the key (enum vb2_hash_algorithm). - * This is explicitly specified as part of the key to prevent use of a - * strong key with a weak hash. - */ - uint16_t hash_alg; - - /* Key ID */ - struct vb2_id id; -} __attribute__((packed)); - -#define EXPECTED_VB21_PACKED_PRIVATE_KEY_SIZE \ - (EXPECTED_VB21_STRUCT_COMMON_SIZE + 12 + EXPECTED_ID_SIZE) - -/* Current version of vb21_signature struct */ -#define VB21_SIGNATURE_VERSION_MAJOR 3 -#define VB21_SIGNATURE_VERSION_MINOR 0 - -/* - * Signature data - * - * The signature data must be arranged like this: - * 1) vb21_signature header struct h - * 2) Signature description (pointed to by h.c.fixed_size) - * 3) Signature data (pointed to by h.sig_offset) - */ -struct vb21_signature { - /* Common header fields */ - struct vb21_struct_common c; - - /* Offset of signature data from start of this struct */ - uint32_t sig_offset; - - /* Size of signature data in bytes */ - uint32_t sig_size; - - /* Size of the data block which was signed in bytes */ - uint32_t data_size; - - /* Signature algorithm used (enum vb2_signature_algorithm) */ - uint16_t sig_alg; - - /* Hash digest algorithm used (enum vb2_hash_algorithm) */ - uint16_t hash_alg; - - /* - * ID for the signature. - * - * If this is a keyblock signature entry, this is the ID of the key - * used to generate this signature. This allows the firmware to - * quickly determine which signature block (if any) goes with the key - * being used by the firmware. - * - * If this is a preamble hash entry, this is the ID of the data type - * being hashed. There is no key ID, because sig_alg=VB2_ALG_NONE. - */ - struct vb2_id id; -} __attribute__((packed)); - -#define EXPECTED_VB21_SIGNATURE_SIZE \ - (EXPECTED_VB21_STRUCT_COMMON_SIZE + 16 + EXPECTED_ID_SIZE) - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* VBOOT_REFERENCE_VB21_STRUCT_H_ */ diff --git a/firmware/lib21/packed_key.c b/firmware/lib21/packed_key.c deleted file mode 100644 index bb6eb042..00000000 --- a/firmware/lib21/packed_key.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Key unpacking functions - */ - -#include "2common.h" -#include "2rsa.h" -#include "2sysincludes.h" -#include "vb21_common.h" - -vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key, - const uint8_t *key_data, uint32_t key_size) -{ - const uint32_t *buf32 = (const uint32_t *)key_data; - uint32_t expected_key_size = vb2_packed_key_size(key->sig_alg); - - /* Make sure buffer is the correct length */ - if (!expected_key_size || expected_key_size != key_size) { - VB2_DEBUG("Wrong key size for algorithm\n"); - return VB2_ERROR_UNPACK_KEY_SIZE; - } - - /* Check for alignment */ - if (!vb2_aligned(buf32, sizeof(uint32_t))) - return VB2_ERROR_UNPACK_KEY_ALIGN; - - key->arrsize = buf32[0]; - - /* Sanity check key array size */ - if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) - return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; - - key->n0inv = buf32[1]; - - /* Arrays point inside the key data */ - key->n = buf32 + 2; - key->rr = buf32 + 2 + key->arrsize; - - return VB2_SUCCESS; -} - -vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf, - uint32_t size) -{ - const struct vb21_packed_key *pkey = - (const struct vb21_packed_key *)buf; - uint32_t sig_size; - uint32_t min_offset = 0; - vb2_error_t rv; - - /* Check magic number */ - if (pkey->c.magic != VB21_MAGIC_PACKED_KEY) - return VB2_ERROR_UNPACK_KEY_MAGIC; - - rv = vb21_verify_common_header(buf, size); - if (rv) - return rv; - - /* Make sure key data is inside */ - rv = vb21_verify_common_member(pkey, &min_offset, - pkey->key_offset, pkey->key_size); - if (rv) - return rv; - - /* - * Check for compatible version. No need to check minor version, since - * that's compatible across readers matching the major version, and we - * haven't added any new fields. - */ - if (pkey->c.struct_version_major != VB21_PACKED_KEY_VERSION_MAJOR) - return VB2_ERROR_UNPACK_KEY_STRUCT_VERSION; - - /* Copy key algorithms */ - key->hash_alg = pkey->hash_alg; - if (!vb2_digest_size(key->hash_alg)) - return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; - - key->sig_alg = pkey->sig_alg; - if (key->sig_alg != VB2_SIG_NONE) { - sig_size = vb2_rsa_sig_size(key->sig_alg); - if (!sig_size) - return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; - rv = vb2_unpack_key_data( - key, - (const uint8_t *)pkey + pkey->key_offset, - pkey->key_size); - if (rv) - return rv; - } - - /* Key description */ - key->desc = vb21_common_desc(pkey); - key->version = pkey->key_version; - key->id = &pkey->id; - - return VB2_SUCCESS; -} diff --git a/futility/cmd_create.c b/futility/cmd_create.c index a3cb8b58..2f7a8d5f 100644 --- a/futility/cmd_create.c +++ b/futility/cmd_create.c @@ -16,12 +16,12 @@ #include "2sysincludes.h" #include "futility.h" #include "futility_options.h" -#include "host_key2.h" +#include "host_common21.h" #include "host_key.h" -#include "host_misc2.h" +#include "host_key21.h" +#include "host_misc21.h" #include "openssl_compat.h" #include "util_misc.h" -#include "vb21_common.h" #include "vb2_common.h" /* Command line options */ diff --git a/futility/cmd_show.c b/futility/cmd_show.c index 402b1330..f3b91631 100644 --- a/futility/cmd_show.c +++ b/futility/cmd_show.c @@ -28,7 +28,7 @@ #include "futility.h" #include "futility_options.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "util_misc.h" #include "vb1_helper.h" #include "vb2_common.h" diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c index 117a6536..980e6d12 100644 --- a/futility/cmd_sign.c +++ b/futility/cmd_sign.c @@ -18,17 +18,17 @@ #include #include "2common.h" -#include "file_type_bios.h" #include "file_type.h" +#include "file_type_bios.h" #include "fmap.h" #include "futility.h" #include "futility_options.h" #include "host_common.h" -#include "host_key2.h" +#include "host_common21.h" +#include "host_key21.h" #include "kernel_blob.h" #include "util_misc.h" #include "vb1_helper.h" -#include "vb21_common.h" #include "vb2_common.h" /* Options */ diff --git a/futility/cmd_vbutil_firmware.c b/futility/cmd_vbutil_firmware.c index d5a86863..7659ed25 100644 --- a/futility/cmd_vbutil_firmware.c +++ b/futility/cmd_vbutil_firmware.c @@ -18,7 +18,7 @@ #include "2sysincludes.h" #include "futility.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "kernel_blob.h" #include "util_misc.h" #include "vb1_helper.h" diff --git a/futility/cmd_vbutil_key.c b/futility/cmd_vbutil_key.c index b0b7675e..0d812540 100644 --- a/futility/cmd_vbutil_key.c +++ b/futility/cmd_vbutil_key.c @@ -14,7 +14,7 @@ #include "futility.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "util_misc.h" #include "vb1_helper.h" #include "vb2_common.h" diff --git a/futility/cmd_vbutil_keyblock.c b/futility/cmd_vbutil_keyblock.c index 2be7a850..977b4aa4 100644 --- a/futility/cmd_vbutil_keyblock.c +++ b/futility/cmd_vbutil_keyblock.c @@ -16,7 +16,7 @@ #include "2sysincludes.h" #include "futility.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "util_misc.h" #include "vb1_helper.h" #include "vb2_common.h" diff --git a/futility/file_type_rwsig.c b/futility/file_type_rwsig.c index bcccb2dd..a09782ce 100644 --- a/futility/file_type_rwsig.c +++ b/futility/file_type_rwsig.c @@ -23,11 +23,11 @@ #include "futility.h" #include "futility_options.h" #include "host_common.h" -#include "host_key2.h" +#include "host_common21.h" +#include "host_key21.h" #include "host_misc.h" -#include "host_signature2.h" +#include "host_signature21.h" #include "util_misc.h" -#include "vb21_common.h" #define SIGNATURE_RSVD_SIZE 1024 #define EC_RW_FILENAME "EC_RW.bin" diff --git a/futility/file_type_usbpd1.c b/futility/file_type_usbpd1.c index 42cb62cc..658b48c2 100644 --- a/futility/file_type_usbpd1.c +++ b/futility/file_type_usbpd1.c @@ -24,10 +24,10 @@ #include "futility.h" #include "futility_options.h" #include "host_common.h" -#include "host_key2.h" -#include "host_signature2.h" +#include "host_common21.h" +#include "host_key21.h" +#include "host_signature21.h" #include "util_misc.h" -#include "vb21_common.h" /* Return 1 if okay, 0 if not */ static int parse_size_opts(uint32_t len, diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c index f5b7978e..fb0362ae 100644 --- a/futility/vb2_helper.c +++ b/futility/vb2_helper.c @@ -14,11 +14,11 @@ #include "futility.h" #include "futility_options.h" #include "host_common.h" -#include "host_key2.h" -#include "host_misc2.h" +#include "host_common21.h" +#include "host_key21.h" +#include "host_misc21.h" #include "openssl_compat.h" #include "util_misc.h" -#include "vb21_common.h" int vb2_lookup_hash_alg(const char *str, enum vb2_hash_algorithm *alg) { diff --git a/host/lib/host_common.c b/host/lib/host_common.c index 1833c62d..00f9100e 100644 --- a/host/lib/host_common.c +++ b/host/lib/host_common.c @@ -11,7 +11,7 @@ #include "2rsa.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "utility.h" #include "vb2_common.h" diff --git a/host/lib/host_key2.c b/host/lib/host_key2.c index 5849cf76..6984c67f 100644 --- a/host/lib/host_key2.c +++ b/host/lib/host_key2.c @@ -16,7 +16,7 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "host_key.h" #include "host_misc.h" #include "vb2_common.h" @@ -296,3 +296,34 @@ vb2_error_t vb2_packed_key_looks_ok(const struct vb2_packed_key *key, return VB2_SUCCESS; } + +vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key, + const uint8_t *key_data, uint32_t key_size) +{ + const uint32_t *buf32 = (const uint32_t *)key_data; + uint32_t expected_key_size = vb2_packed_key_size(key->sig_alg); + + /* Make sure buffer is the correct length */ + if (!expected_key_size || expected_key_size != key_size) { + VB2_DEBUG("Wrong key size for algorithm\n"); + return VB2_ERROR_UNPACK_KEY_SIZE; + } + + /* Check for alignment */ + if (!vb2_aligned(buf32, sizeof(uint32_t))) + return VB2_ERROR_UNPACK_KEY_ALIGN; + + key->arrsize = buf32[0]; + + /* Sanity check key array size */ + if (key->arrsize * sizeof(uint32_t) != vb2_rsa_sig_size(key->sig_alg)) + return VB2_ERROR_UNPACK_KEY_ARRAY_SIZE; + + key->n0inv = buf32[1]; + + /* Arrays point inside the key data */ + key->n = buf32 + 2; + key->rr = buf32 + 2 + key->arrsize; + + return VB2_SUCCESS; +} diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c index 522e87a9..a7dbedef 100644 --- a/host/lib/host_keyblock.c +++ b/host/lib/host_keyblock.c @@ -14,7 +14,7 @@ #include "2rsa.h" #include "2sha.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "host_keyblock.h" #include "host_key.h" #include "vb2_common.h" diff --git a/host/lib/host_signature.c b/host/lib/host_signature.c index 8cea9f4a..db536c6e 100644 --- a/host/lib/host_signature.c +++ b/host/lib/host_signature.c @@ -20,7 +20,7 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_signature2.h" +#include "host_signature21.h" #include "vb2_common.h" /* Invoke [external_signer] command with [pem_file] as an argument, contents of diff --git a/host/lib/host_signature2.c b/host/lib/host_signature2.c index 6bc900dd..f7caa71f 100644 --- a/host/lib/host_signature2.c +++ b/host/lib/host_signature2.c @@ -20,8 +20,8 @@ #include "2sha.h" #include "file_keys.h" #include "host_common.h" -#include "host_key2.h" -#include "host_signature2.h" +#include "host_key21.h" +#include "host_signature21.h" #include "vb2_common.h" struct vb2_signature *vb2_alloc_signature(uint32_t sig_size, diff --git a/host/lib/include/host_common.h b/host/lib/include/host_common.h index 7fde53ba..5fcc5c52 100644 --- a/host/lib/include/host_common.h +++ b/host/lib/include/host_common.h @@ -9,7 +9,7 @@ #define VBOOT_REFERENCE_HOST_COMMON_H_ #include "host_key.h" -#include "host_key2.h" +#include "host_key21.h" #include "host_keyblock.h" #include "host_misc.h" #include "host_signature.h" diff --git a/host/lib/include/host_key.h b/host/lib/include/host_key.h index 26792720..9b594c62 100644 --- a/host/lib/include/host_key.h +++ b/host/lib/include/host_key.h @@ -11,6 +11,7 @@ #include "2crypto.h" #include "2return_codes.h" +struct vb2_public_key; struct vb2_packed_key; struct vb2_private_key; @@ -146,4 +147,17 @@ struct vb2_packed_key *vb2_read_packed_keyb(const char *filename, vb2_error_t vb2_write_packed_key(const char *filename, const struct vb2_packed_key *key); +/** + * Unpack the RSA data fields for a public key + * + * This is called by vb21_unpack_key() to extract the arrays from a packed key. + * These elements of *key will point inside the key_data buffer. + * + * @param key Destination key for RSA data fields + * @param key_data Packed key data (from inside a packed key buffer) + * @param key_size Size of packed key data in bytes + */ +vb2_error_t vb2_unpack_key_data(struct vb2_public_key *key, + const uint8_t *key_data, uint32_t key_size); + #endif /* VBOOT_REFERENCE_HOST_KEY_H_ */ diff --git a/host/lib/signature_digest.c b/host/lib/signature_digest.c index b480798d..f6be00a3 100644 --- a/host/lib/signature_digest.c +++ b/host/lib/signature_digest.c @@ -14,7 +14,7 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_signature2.h" +#include "host_signature21.h" #include "signature_digest.h" uint8_t* PrependDigestInfo(enum vb2_hash_algorithm hash_alg, uint8_t* digest) diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c index 8b9388a4..c99947f0 100644 --- a/host/lib/util_misc.c +++ b/host/lib/util_misc.c @@ -17,7 +17,7 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "openssl_compat.h" #include "util_misc.h" #include "vb2_common.h" diff --git a/host/lib21/host_common.c b/host/lib21/host_common.c new file mode 100644 index 00000000..245b1885 --- /dev/null +++ b/host/lib21/host_common.c @@ -0,0 +1,303 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Signature validation functions + */ + +#include "2common.h" +#include "2rsa.h" +#include "2sha.h" +#include "2sysincludes.h" +#include "host_common21.h" + +const char *vb21_common_desc(const void *buf) +{ + const struct vb21_struct_common *c = buf; + + return c->desc_size ? (const char *)c + c->fixed_size : ""; +} + +vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size) +{ + const struct vb21_struct_common *c = parent; + + /* Parent buffer size must be at least the claimed total size */ + if (parent_size < c->total_size) + return VB2_ERROR_COMMON_TOTAL_SIZE; + + /* + * And big enough for the fixed size, which itself must be at least as + * big as the common struct header. + */ + if (c->total_size < c->fixed_size || c->fixed_size < sizeof(*c)) + return VB2_ERROR_COMMON_FIXED_SIZE; + + /* Make sure sizes are all multiples of 32 bits */ + if (!vb2_aligned(c->total_size, sizeof(uint32_t))) + return VB2_ERROR_COMMON_TOTAL_UNALIGNED; + if (!vb2_aligned(c->fixed_size, sizeof(uint32_t))) + return VB2_ERROR_COMMON_FIXED_UNALIGNED; + if (!vb2_aligned(c->desc_size, sizeof(uint32_t))) + return VB2_ERROR_COMMON_DESC_UNALIGNED; + + /* Check description */ + if (c->desc_size > 0) { + /* Make sure description fits and doesn't wrap */ + if (c->fixed_size + c->desc_size < c->fixed_size) + return VB2_ERROR_COMMON_DESC_WRAPS; + if (c->fixed_size + c->desc_size > c->total_size) + return VB2_ERROR_COMMON_DESC_SIZE; + + /* Description must be null-terminated */ + if (vb21_common_desc(c)[c->desc_size - 1] != 0) + return VB2_ERROR_COMMON_DESC_TERMINATOR; + } + + return VB2_SUCCESS; +} + +vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset, + uint32_t member_offset, + uint32_t member_size) +{ + const struct vb21_struct_common *c = parent; + uint32_t member_end = member_offset + member_size; + + /* Make sure member doesn't wrap */ + if (member_end < member_offset) + return VB2_ERROR_COMMON_MEMBER_WRAPS; + + /* Member offset and size must be 32-bit aligned */ + if (!vb2_aligned(member_offset, sizeof(uint32_t)) || + !vb2_aligned(member_size, sizeof(uint32_t))) + return VB2_ERROR_COMMON_MEMBER_UNALIGNED; + + /* Initialize minimum offset if necessary */ + if (!*min_offset) + *min_offset = c->fixed_size + c->desc_size; + + /* Member must be after minimum offset */ + if (member_offset < *min_offset) + return VB2_ERROR_COMMON_MEMBER_OVERLAP; + + /* Member must end before total size */ + if (member_end > c->total_size) + return VB2_ERROR_COMMON_MEMBER_SIZE; + + /* Update minimum offset for subsequent checks */ + *min_offset = member_end; + + return VB2_SUCCESS; +} + +vb2_error_t vb21_verify_common_subobject(const void *parent, + uint32_t *min_offset, + uint32_t member_offset) +{ + const struct vb21_struct_common *p = parent; + const struct vb21_struct_common *m = + (const struct vb21_struct_common *) + ((const uint8_t *)parent + member_offset); + vb2_error_t rv; + + /* + * Verify the parent has space at the member offset for the common + * header. + */ + rv = vb21_verify_common_member(parent, min_offset, member_offset, + sizeof(*m)); + if (rv) + return rv; + + /* + * Now it's safe to look at the member's header, and verify any + * additional data for the object past its common header fits in the + * parent. + */ + rv = vb21_verify_common_header(m, p->total_size - member_offset); + if (rv) + return rv; + + /* Advance the min offset to the end of the subobject */ + *min_offset = member_offset + m->total_size; + + return VB2_SUCCESS; +} + +uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg, + enum vb2_hash_algorithm hash_alg) +{ + uint32_t digest_size = vb2_digest_size(hash_alg); + + /* Fail if we don't support the hash algorithm */ + if (!digest_size) + return 0; + + /* Handle unsigned hashes */ + if (sig_alg == VB2_SIG_NONE) + return digest_size; + + return vb2_rsa_sig_size(sig_alg); +} + +const struct vb2_id *vb2_hash_id(enum vb2_hash_algorithm hash_alg) +{ + switch(hash_alg) { +#ifdef VB2_SUPPORT_SHA1 + case VB2_HASH_SHA1: + { + static const struct vb2_id id = VB2_ID_NONE_SHA1; + return &id; + } +#endif +#ifdef VB2_SUPPORT_SHA256 + case VB2_HASH_SHA256: + { + static const struct vb2_id id = VB2_ID_NONE_SHA256; + return &id; + } +#endif +#ifdef VB2_SUPPORT_SHA512 + case VB2_HASH_SHA512: + { + static const struct vb2_id id = VB2_ID_NONE_SHA512; + return &id; + } +#endif + default: + return NULL; + } +} + +vb2_error_t vb21_verify_signature(const struct vb21_signature *sig, + uint32_t size) +{ + uint32_t min_offset = 0; + uint32_t expect_sig_size; + vb2_error_t rv; + + /* Check magic number */ + if (sig->c.magic != VB21_MAGIC_SIGNATURE) + return VB2_ERROR_SIG_MAGIC; + + /* Make sure common header is good */ + rv = vb21_verify_common_header(sig, size); + if (rv) + return rv; + + /* + * Check for compatible version. No need to check minor version, since + * that's compatible across readers matching the major version, and we + * haven't added any new fields. + */ + if (sig->c.struct_version_major != VB21_SIGNATURE_VERSION_MAJOR) + return VB2_ERROR_SIG_VERSION; + + /* Make sure header is big enough for signature */ + if (sig->c.fixed_size < sizeof(*sig)) + return VB2_ERROR_SIG_HEADER_SIZE; + + /* Make sure signature data is inside */ + rv = vb21_verify_common_member(sig, &min_offset, + sig->sig_offset, sig->sig_size); + if (rv) + return rv; + + /* Make sure signature size is correct for the algorithm */ + expect_sig_size = vb2_sig_size(sig->sig_alg, sig->hash_alg); + if (!expect_sig_size) + return VB2_ERROR_SIG_ALGORITHM; + if (sig->sig_size != expect_sig_size) + return VB2_ERROR_SIG_SIZE; + + return VB2_SUCCESS; +} + +/** + * Return the signature data for a signature + */ +static uint8_t *vb21_signature_data(struct vb21_signature *sig) +{ + return (uint8_t *)sig + sig->sig_offset; +} + +vb2_error_t vb21_verify_digest(const struct vb2_public_key *key, + struct vb21_signature *sig, + const uint8_t *digest, + const struct vb2_workbuf *wb) +{ + uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg); + + /* If we can't figure out the signature size, key algorithm was bad */ + if (!key_sig_size) + return VB2_ERROR_VDATA_ALGORITHM; + + /* Make sure the signature and key algorithms match */ + if (key->sig_alg != sig->sig_alg || key->hash_alg != sig->hash_alg) + return VB2_ERROR_VDATA_ALGORITHM_MISMATCH; + + if (sig->sig_size != key_sig_size) + return VB2_ERROR_VDATA_SIG_SIZE; + + if (key->sig_alg == VB2_SIG_NONE) { + /* Bare hash */ + if (vb2_safe_memcmp(vb21_signature_data(sig), + digest, key_sig_size)) + return VB2_ERROR_VDATA_VERIFY_DIGEST; + + return VB2_SUCCESS; + } else { + /* RSA-signed digest */ + return vb2_rsa_verify_digest(key, + vb21_signature_data(sig), + digest, wb); + } +} + +vb2_error_t vb21_verify_data(const void *data, uint32_t size, + struct vb21_signature *sig, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb) +{ + struct vb2_workbuf wblocal = *wb; + struct vb2_digest_context *dc; + uint8_t *digest; + uint32_t digest_size; + vb2_error_t rv; + + if (sig->data_size != size) { + VB2_DEBUG("Wrong amount of data signed.\n"); + return VB2_ERROR_VDATA_SIZE; + } + + /* Digest goes at start of work buffer */ + digest_size = vb2_digest_size(key->hash_alg); + if (!digest_size) + return VB2_ERROR_VDATA_DIGEST_SIZE; + + digest = vb2_workbuf_alloc(&wblocal, digest_size); + if (!digest) + return VB2_ERROR_VDATA_WORKBUF_DIGEST; + + /* Hashing requires temp space for the context */ + dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc)); + if (!dc) + return VB2_ERROR_VDATA_WORKBUF_HASHING; + + rv = vb2_digest_init(dc, key->hash_alg); + if (rv) + return rv; + + rv = vb2_digest_extend(dc, data, size); + if (rv) + return rv; + + rv = vb2_digest_finalize(dc, digest, digest_size); + if (rv) + return rv; + + vb2_workbuf_free(&wblocal, sizeof(*dc)); + + return vb21_verify_digest(key, sig, digest, &wblocal); +} diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c index 34e5a633..6e3a2765 100644 --- a/host/lib21/host_key.c +++ b/host/lib21/host_key.c @@ -14,10 +14,10 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_key2.h" +#include "host_common21.h" +#include "host_key21.h" #include "host_misc.h" #include "openssl_compat.h" -#include "vb21_common.h" const struct vb2_text_vs_enum vb2_text_vs_sig[] = { {"RSA1024", VB2_SIG_RSA1024}, @@ -651,3 +651,60 @@ vb2_error_t vb21_public_key_write(const struct vb2_public_key *key, free(pkey); return ret; } + +vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf, + uint32_t size) +{ + const struct vb21_packed_key *pkey = + (const struct vb21_packed_key *)buf; + uint32_t sig_size; + uint32_t min_offset = 0; + vb2_error_t rv; + + /* Check magic number */ + if (pkey->c.magic != VB21_MAGIC_PACKED_KEY) + return VB2_ERROR_UNPACK_KEY_MAGIC; + + rv = vb21_verify_common_header(buf, size); + if (rv) + return rv; + + /* Make sure key data is inside */ + rv = vb21_verify_common_member(pkey, &min_offset, + pkey->key_offset, pkey->key_size); + if (rv) + return rv; + + /* + * Check for compatible version. No need to check minor version, since + * that's compatible across readers matching the major version, and we + * haven't added any new fields. + */ + if (pkey->c.struct_version_major != VB21_PACKED_KEY_VERSION_MAJOR) + return VB2_ERROR_UNPACK_KEY_STRUCT_VERSION; + + /* Copy key algorithms */ + key->hash_alg = pkey->hash_alg; + if (!vb2_digest_size(key->hash_alg)) + return VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM; + + key->sig_alg = pkey->sig_alg; + if (key->sig_alg != VB2_SIG_NONE) { + sig_size = vb2_rsa_sig_size(key->sig_alg); + if (!sig_size) + return VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM; + rv = vb2_unpack_key_data( + key, + (const uint8_t *)pkey + pkey->key_offset, + pkey->key_size); + if (rv) + return rv; + } + + /* Key description */ + key->desc = vb21_common_desc(pkey); + key->version = pkey->key_version; + key->id = &pkey->id; + + return VB2_SUCCESS; +} diff --git a/host/lib21/host_misc.c b/host/lib21/host_misc.c index 71a77c5d..ebc4eac5 100644 --- a/host/lib21/host_misc.c +++ b/host/lib21/host_misc.c @@ -14,8 +14,8 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_misc2.h" -#include "vb21_common.h" +#include "host_common21.h" +#include "host_misc21.h" vb2_error_t vb2_read_file(const char *filename, uint8_t **data_ptr, uint32_t *size_ptr) diff --git a/host/lib21/host_signature.c b/host/lib21/host_signature.c index e4dead01..77ee448a 100644 --- a/host/lib21/host_signature.c +++ b/host/lib21/host_signature.c @@ -12,10 +12,10 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_key2.h" +#include "host_common21.h" +#include "host_key21.h" #include "host_misc.h" -#include "host_signature2.h" -#include "vb21_common.h" +#include "host_signature21.h" vb2_error_t vb2_digest_info(enum vb2_hash_algorithm hash_alg, const uint8_t **buf_ptr, uint32_t *size_ptr) diff --git a/host/lib21/include/host_common21.h b/host/lib21/include/host_common21.h new file mode 100644 index 00000000..fa8086b8 --- /dev/null +++ b/host/lib21/include/host_common21.h @@ -0,0 +1,124 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Common functions between firmware and kernel verified boot. + */ + +#ifndef VBOOT_REFERENCE_VB21_COMMON_H_ +#define VBOOT_REFERENCE_VB21_COMMON_H_ + +#include "2common.h" +#include "2return_codes.h" +#include "2struct.h" +#include "host_struct21.h" + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/** + * Return the description of an object starting with a vb21_struct_common + * header. + * + * Does not sanity-check the buffer; merely returns the pointer. + * + * @param buf Pointer to common object + * @return A pointer to description or an empty string if none. + */ +const char *vb21_common_desc(const void *buf); + +/** + * Verify the common struct header is fully contained in its parent data + * + * Also verifies the description is either zero-length or null-terminated. + * + * @param parent Parent data + * @param parent_size Parent size in bytes + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size); + +/** + * Verify a member is within the data for a parent object + * + * @param parent Parent data (starts with struct vb21_struct_common) + * @param min_offset Pointer to minimum offset where member can be located. + * If this offset is 0 on input, uses the size of the + * fixed header (and description, if any). This will be + * updated on return to the end of the passed member. On + * error, the value of min_offset is undefined. + * @param member_offset Offset of member data from start of parent, in bytes + * @param member_size Size of member data, in bytes + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset, + uint32_t member_offset, + uint32_t member_size); + +/** + * Verify a member which starts with a common header is within the parent + * + * This does not verify the contents of the member or its header, only that the + * member's claimed total size fits within the parent's claimed total size at + * the specified offset. + * + * @param parent Parent data (starts with struct vb21_struct_common) + * @param min_offset Pointer to minimum offset where member can be located. + * If this offset is 0 on input, uses the size of the + * fixed header (and description, if any). This will be + * updated on return to the end of the passed member. On + * error, the value of min_offset is undefined. + * @param member_offset Offset of member data from start of parent, in bytes. + * This should be the start of the common header of the + * member. + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_common_subobject(const void *parent, + uint32_t *min_offset, + uint32_t member_offset); + +/** + * Verify the integrity of a signature struct + * @param sig Signature struct + * @param size Size of buffer containing signature struct + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_signature(const struct vb21_signature *sig, + uint32_t size); + +/** + * Verify a signature against an expected hash digest. + * + * @param key Key to use in signature verification + * @param sig Signature to verify (may be destroyed in process) + * @param digest Digest of signed data + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_verify_digest(const struct vb2_public_key *key, + struct vb21_signature *sig, + const uint8_t *digest, + const struct vb2_workbuf *wb); + +/** + * Verify data matches signature. + * + * @param data Data to verify + * @param size Size of data buffer. Note that amount of data to + * actually validate is contained in sig->data_size. + * @param sig Signature of data (destroyed in process) + * @param key Key to use to validate signature + * @param wb Work buffer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb21_verify_data(const void *data, uint32_t size, + struct vb21_signature *sig, + const struct vb2_public_key *key, + const struct vb2_workbuf *wb); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* VBOOT_REFERENCE_VB21_COMMON_H_ */ diff --git a/host/lib21/include/host_key2.h b/host/lib21/include/host_key2.h deleted file mode 100644 index d8a90f5f..00000000 --- a/host/lib21/include/host_key2.h +++ /dev/null @@ -1,270 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Host-side functions for verified boot key structures - */ - -#ifndef VBOOT_REFERENCE_HOST_KEY2_H_ -#define VBOOT_REFERENCE_HOST_KEY2_H_ - -#include "2id.h" -#include "2return_codes.h" -#include "2struct.h" - -struct vb2_public_key; -struct vb21_packed_key; - -/* Private key data, in-memory format for use in signing calls. */ -struct vb2_private_key { - struct rsa_st *rsa_private_key; /* Private key data */ - enum vb2_hash_algorithm hash_alg; /* Hash algorithm */ - enum vb2_signature_algorithm sig_alg; /* Signature algorithm */ - char *desc; /* Description */ - struct vb2_id id; /* Key ID */ -}; - -struct vb2_packed_private_key { - /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */ - uint32_t algorithm; - uint32_t reserved2; - /* Key data formatted for d2i_RSAPrivateKey() */ - uint8_t key_data[0]; -}; - -/* Convert between enums and human-readable form. Terminated with {0, 0}. */ -struct vb2_text_vs_enum { - const char *name; - unsigned int num; -}; - -/** - * @param table Table to search - * @param num Enum value to search for - * @return pointer to table entry or NULL if no match - */ -const struct vb2_text_vs_enum *vb2_lookup_by_num( - const struct vb2_text_vs_enum *table, - const unsigned int num); - -/** - * @param table Table to search - * @param name String value to search for - * @return pointer to table entry or NULL if no match - */ -const struct vb2_text_vs_enum *vb2_lookup_by_name( - const struct vb2_text_vs_enum *table, - const char *name); - -extern const struct vb2_text_vs_enum vb2_text_vs_sig[]; -extern const struct vb2_text_vs_enum vb2_text_vs_hash[]; - -/** - * Return the name of a signature algorithm. - * - * @param sig_alg Signature algorithm to look up - * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. - */ -const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg); - -/** - * Return the name of a crypto algorithm. - * - * @param alg Crypto algorithm to look up - * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. - */ -const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg); - -/** - * Return the name of a crypto algorithm. - * - * @param alg Crypto algorithm to look up - * @return The corresponding stem filename, or VB2_INVALID_ALG_NAME if no match. - */ -const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg); - -/** - * Free a private key. - * - * @param key Key containing internal data to free. - */ -void vb2_private_key_free(struct vb2_private_key *key); - -/** - * Unpack a private key from vb21_packed_private_key format. - * - * @param key_ptr Destination for newly allocated key; this must be - * freed with vb2_private_key_free(). - * @param buf Source buffer containing packed key - * @param size Size of buffer in bytes - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_private_key_unpack(struct vb2_private_key **key_ptr, - const uint8_t *buf, uint32_t size); - -/** - * Read a private key from vb21_packed_private_key format. - * - * @param key_ptr Destination for newly allocated key; this must be - * freed with vb2_private_key_free(). - * @param filename File to read key data from. - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_private_key_read(struct vb2_private_key **key_ptr, - const char *filename); - -/** - * Read a private key from a .pem file. - * - * This only reads the internal data for the key. It does not set any of the - * other fields in *key_ptr, since those are not contained in the .pem file. - * - * @param key_ptr Destination for newly allocated key; this must be - * freed with vb2_private_key_free(). - * @param filename File to read key data from. - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_private_key_read_pem(struct vb2_private_key **key_ptr, - const char *filename); - -/** - * Set the description of a private key. - * - * @param key Key to set description for - * @param desc Description string, or NULL if no description. - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_private_key_set_desc(struct vb2_private_key *key, - const char *desc); - -/** - * Write a private key to vb21_packed_private_key format. - * - * @param key Key to write - * @param filename File to write key data to. - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_private_key_write(const struct vb2_private_key *key, - const char *filename); - -/** - * Get a private key for an unsigned hash - * - * @param key_ptr Destination for pointer to key. The key is statically - * allocated and must not be freed. - * @param hash_alg Hash algorithm to use - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_private_key_hash(const struct vb2_private_key **key_ptr, - enum vb2_hash_algorithm hash_alg); - -/** - * Allocate a public key buffer of sufficient size for the signature algorithm. - * - * This only initializes the sig_alg field and the id field to an empty - * id. It does not set any of the other fields in *key_ptr. - * - * @param key_ptr Destination for newly allocated key; this must be - * freed with vb2_public_key_free(). - * @param sig_alg Signature algorithm for key. - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_public_key_alloc(struct vb2_public_key **key_ptr, - enum vb2_signature_algorithm sig_alg); - -/** - * Return the packed data for a key allocated with vb2_public_key_alloc(). - * - * The packed data is in the same buffer, following the key struct and ID. - */ -uint8_t *vb2_public_key_packed_data(struct vb2_public_key *key); - -/** - * Free a public key allocated by one of the functions below. - * - * Note that this should ONLY be called for public keys allocated via one - * of those functions; public keys created or filled in other ways (such as - * vb21_unpack_key()) do not allocate memory for sub-fields in the same way. - * - * @param key Key to free - */ -void vb2_public_key_free(struct vb2_public_key *key); - -/** - * Read a public key from a .keyb file. - * - * Guesses the signature algorithm based on the size of the .keyb file. Does - * not set the hash_alg, id, or desc fields, since those are not contained in - * the .keyb file. - * - * @param key_ptr Destination for newly allocated key; this must be - * freed with vb2_public_key_free(). - * @param filename File to read key from. - * @return VB2_SUCCESS, or non-zero error code if error. - */ - -vb2_error_t vb2_public_key_read_keyb(struct vb2_public_key **key_ptr, - const char *filename); - -/** - * Set the description of a public key. - * - * @param key Key to set description for - * @param desc Description string, or NULL if no description. - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_public_key_set_desc(struct vb2_public_key *key, - const char *desc); - -/** - * Read a public key in vb21_packed_key format. - * - * @param key_ptr On success, points to the newly allocated key buffer. - * Caller is responsible for calling free() on this. - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb21_packed_key_read(struct vb21_packed_key **key_ptr, - const char *filename); - -/** - * Pack a public key into vb21_packed_key format. - * - * @param pubk Public key to pack - * @param key_ptr On success, points to a newly allocated packed key - * buffer. Caller is responsible for calling free() on - * this. - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb21_public_key_pack(struct vb21_packed_key **key_ptr, - const struct vb2_public_key *pubk); - -/** - * Get a public key for an unsigned hash. - * - * @param key Destination for key data. - * @param hash_alg Hash algorithm to use - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb2_public_key_hash(struct vb2_public_key *key, - enum vb2_hash_algorithm hash_alg); - - -/** - * Return the signature algorithm implied by the bit length of an RSA key - * - * @param rsa RSA key - * @return vb2 signature algorithm - */ -enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa); - -/** - * Write a public key to the vb21_packed_key format. - * - * @param key Key to write - * @param filename File to write key data to. - * @return VB2_SUCCESS, or non-zero error code if error. - */ -vb2_error_t vb21_public_key_write(const struct vb2_public_key *key, - const char *filename); - -#endif /* VBOOT_REFERENCE_HOST_KEY2_H_ */ diff --git a/host/lib21/include/host_key21.h b/host/lib21/include/host_key21.h new file mode 100644 index 00000000..219e98ab --- /dev/null +++ b/host/lib21/include/host_key21.h @@ -0,0 +1,284 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Host-side functions for verified boot key structures + */ + +#ifndef VBOOT_REFERENCE_HOST_KEY2_H_ +#define VBOOT_REFERENCE_HOST_KEY2_H_ + +#include "2id.h" +#include "2return_codes.h" +#include "2struct.h" + +struct vb2_public_key; +struct vb21_packed_key; + +/* Private key data, in-memory format for use in signing calls. */ +struct vb2_private_key { + struct rsa_st *rsa_private_key; /* Private key data */ + enum vb2_hash_algorithm hash_alg; /* Hash algorithm */ + enum vb2_signature_algorithm sig_alg; /* Signature algorithm */ + char *desc; /* Description */ + struct vb2_id id; /* Key ID */ +}; + +struct vb2_packed_private_key { + /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */ + uint32_t algorithm; + uint32_t reserved2; + /* Key data formatted for d2i_RSAPrivateKey() */ + uint8_t key_data[0]; +}; + +/* Convert between enums and human-readable form. Terminated with {0, 0}. */ +struct vb2_text_vs_enum { + const char *name; + unsigned int num; +}; + +/** + * @param table Table to search + * @param num Enum value to search for + * @return pointer to table entry or NULL if no match + */ +const struct vb2_text_vs_enum *vb2_lookup_by_num( + const struct vb2_text_vs_enum *table, + const unsigned int num); + +/** + * @param table Table to search + * @param name String value to search for + * @return pointer to table entry or NULL if no match + */ +const struct vb2_text_vs_enum *vb2_lookup_by_name( + const struct vb2_text_vs_enum *table, + const char *name); + +extern const struct vb2_text_vs_enum vb2_text_vs_sig[]; +extern const struct vb2_text_vs_enum vb2_text_vs_hash[]; + +/** + * Return the name of a signature algorithm. + * + * @param sig_alg Signature algorithm to look up + * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. + */ +const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg); + +/** + * Return the name of a crypto algorithm. + * + * @param alg Crypto algorithm to look up + * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. + */ +const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg); + +/** + * Return the name of a crypto algorithm. + * + * @param alg Crypto algorithm to look up + * @return The corresponding stem filename, or VB2_INVALID_ALG_NAME if no match. + */ +const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg); + +/** + * Free a private key. + * + * @param key Key containing internal data to free. + */ +void vb2_private_key_free(struct vb2_private_key *key); + +/** + * Unpack a private key from vb21_packed_private_key format. + * + * @param key_ptr Destination for newly allocated key; this must be + * freed with vb2_private_key_free(). + * @param buf Source buffer containing packed key + * @param size Size of buffer in bytes + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb21_private_key_unpack(struct vb2_private_key **key_ptr, + const uint8_t *buf, uint32_t size); + +/** + * Read a private key from vb21_packed_private_key format. + * + * @param key_ptr Destination for newly allocated key; this must be + * freed with vb2_private_key_free(). + * @param filename File to read key data from. + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb21_private_key_read(struct vb2_private_key **key_ptr, + const char *filename); + +/** + * Read a private key from a .pem file. + * + * This only reads the internal data for the key. It does not set any of the + * other fields in *key_ptr, since those are not contained in the .pem file. + * + * @param key_ptr Destination for newly allocated key; this must be + * freed with vb2_private_key_free(). + * @param filename File to read key data from. + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_private_key_read_pem(struct vb2_private_key **key_ptr, + const char *filename); + +/** + * Set the description of a private key. + * + * @param key Key to set description for + * @param desc Description string, or NULL if no description. + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_private_key_set_desc(struct vb2_private_key *key, + const char *desc); + +/** + * Write a private key to vb21_packed_private_key format. + * + * @param key Key to write + * @param filename File to write key data to. + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb21_private_key_write(const struct vb2_private_key *key, + const char *filename); + +/** + * Get a private key for an unsigned hash + * + * @param key_ptr Destination for pointer to key. The key is statically + * allocated and must not be freed. + * @param hash_alg Hash algorithm to use + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_private_key_hash(const struct vb2_private_key **key_ptr, + enum vb2_hash_algorithm hash_alg); + +/** + * Allocate a public key buffer of sufficient size for the signature algorithm. + * + * This only initializes the sig_alg field and the id field to an empty + * id. It does not set any of the other fields in *key_ptr. + * + * @param key_ptr Destination for newly allocated key; this must be + * freed with vb2_public_key_free(). + * @param sig_alg Signature algorithm for key. + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_public_key_alloc(struct vb2_public_key **key_ptr, + enum vb2_signature_algorithm sig_alg); + +/** + * Return the packed data for a key allocated with vb2_public_key_alloc(). + * + * The packed data is in the same buffer, following the key struct and ID. + */ +uint8_t *vb2_public_key_packed_data(struct vb2_public_key *key); + +/** + * Free a public key allocated by one of the functions below. + * + * Note that this should ONLY be called for public keys allocated via one + * of those functions; public keys created or filled in other ways (such as + * vb21_unpack_key()) do not allocate memory for sub-fields in the same way. + * + * @param key Key to free + */ +void vb2_public_key_free(struct vb2_public_key *key); + +/** + * Read a public key from a .keyb file. + * + * Guesses the signature algorithm based on the size of the .keyb file. Does + * not set the hash_alg, id, or desc fields, since those are not contained in + * the .keyb file. + * + * @param key_ptr Destination for newly allocated key; this must be + * freed with vb2_public_key_free(). + * @param filename File to read key from. + * @return VB2_SUCCESS, or non-zero error code if error. + */ + +vb2_error_t vb2_public_key_read_keyb(struct vb2_public_key **key_ptr, + const char *filename); + +/** + * Set the description of a public key. + * + * @param key Key to set description for + * @param desc Description string, or NULL if no description. + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_public_key_set_desc(struct vb2_public_key *key, + const char *desc); + +/** + * Read a public key in vb21_packed_key format. + * + * @param key_ptr On success, points to the newly allocated key buffer. + * Caller is responsible for calling free() on this. + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_packed_key_read(struct vb21_packed_key **key_ptr, + const char *filename); + +/** + * Pack a public key into vb21_packed_key format. + * + * @param pubk Public key to pack + * @param key_ptr On success, points to a newly allocated packed key + * buffer. Caller is responsible for calling free() on + * this. + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb21_public_key_pack(struct vb21_packed_key **key_ptr, + const struct vb2_public_key *pubk); + +/** + * Get a public key for an unsigned hash. + * + * @param key Destination for key data. + * @param hash_alg Hash algorithm to use + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_public_key_hash(struct vb2_public_key *key, + enum vb2_hash_algorithm hash_alg); + + +/** + * Return the signature algorithm implied by the bit length of an RSA key + * + * @param rsa RSA key + * @return vb2 signature algorithm + */ +enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa); + +/** + * Write a public key to the vb21_packed_key format. + * + * @param key Key to write + * @param filename File to write key data to. + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb21_public_key_write(const struct vb2_public_key *key, + const char *filename); + +/** + * Unpack a key for use in verification + * + * The elements of the unpacked key will point into the source buffer, so don't + * free the source buffer until you're done with the key. + * + * @param key Destintion for unpacked key + * @param buf Source buffer containing packed key + * @param size Size of buffer in bytes + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf, + uint32_t size); + +#endif /* VBOOT_REFERENCE_HOST_KEY2_H_ */ diff --git a/host/lib21/include/host_misc2.h b/host/lib21/include/host_misc2.h deleted file mode 100644 index 795ebb23..00000000 --- a/host/lib21/include/host_misc2.h +++ /dev/null @@ -1,26 +0,0 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef VBOOT_REFERENCE_HOST_MISC2_H_ -#define VBOOT_REFERENCE_HOST_MISC2_H_ - -#include -#include - -#include "2id.h" - -/* Length of string representation, including trailing '\0' */ -#define VB2_ID_MIN_STRLEN (2 * VB2_ID_NUM_BYTES + 1) - -/** - * Convert hex string to struct vb2_id. - * - * @param str Example: "01ABef000042" - * @param id Destination for binary representation - * @return VB2_SUCCESS, or non-zero if error. - */ -vb2_error_t vb2_str_to_id(const char *str, struct vb2_id *id); - -#endif /* VBOOT_REFERENCE_HOST_MISC2_H_ */ diff --git a/host/lib21/include/host_misc21.h b/host/lib21/include/host_misc21.h new file mode 100644 index 00000000..795ebb23 --- /dev/null +++ b/host/lib21/include/host_misc21.h @@ -0,0 +1,26 @@ +/* Copyright 2015 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#ifndef VBOOT_REFERENCE_HOST_MISC2_H_ +#define VBOOT_REFERENCE_HOST_MISC2_H_ + +#include +#include + +#include "2id.h" + +/* Length of string representation, including trailing '\0' */ +#define VB2_ID_MIN_STRLEN (2 * VB2_ID_NUM_BYTES + 1) + +/** + * Convert hex string to struct vb2_id. + * + * @param str Example: "01ABef000042" + * @param id Destination for binary representation + * @return VB2_SUCCESS, or non-zero if error. + */ +vb2_error_t vb2_str_to_id(const char *str, struct vb2_id *id); + +#endif /* VBOOT_REFERENCE_HOST_MISC2_H_ */ diff --git a/host/lib21/include/host_signature2.h b/host/lib21/include/host_signature2.h deleted file mode 100644 index 0b1784af..00000000 --- a/host/lib21/include/host_signature2.h +++ /dev/null @@ -1,96 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Host-side functions for verified boot key structures - */ - -#ifndef VBOOT_REFERENCE_HOST_SIGNATURE2_H_ -#define VBOOT_REFERENCE_HOST_SIGNATURE2_H_ - -#include "2struct.h" - -struct vb2_private_key; -struct vb21_signature; - -/** - * Get the digest info for a hash algorithm - * - * @param hash_alg Hash algorithm - * @param buf_ptr On success, points to the digest info - * @param size_ptr On success, contains the info size in bytes - * @return VB2_SUCCESS, or non-zero error code on failure. - */ -vb2_error_t vb2_digest_info(enum vb2_hash_algorithm hash_alg, - const uint8_t **buf_ptr, uint32_t *size_ptr); - -/** - * Sign data buffer - * - * @param sig_ptr On success, points to a newly allocated signature. - * Caller is responsible for calling free() on this. - * @param data Pointer to data to sign - * @param size Size of data to sign in bytes - * @param key Private key to use to sign data - * @param desc Optional description for signature. If NULL, the - * key description will be used. - * @return VB2_SUCCESS, or non-zero error code on failure. - */ -vb2_error_t vb21_sign_data(struct vb21_signature **sig_ptr, const uint8_t *data, - uint32_t size, const struct vb2_private_key *key, - const char *desc); - -/** - * Calculate the signature size for a private key. - * - * @param size_ptr On success, contains the signature size in bytes. - * @param key Key to calculate signature length from. - * @param desc Optional description for signature. If NULL, the - * key description will be used. - * @return VB2_SUCCESS, or non-zero error code on failure. - */ -vb2_error_t vb21_sig_size_for_key(uint32_t *size_ptr, - const struct vb2_private_key *key, - const char *desc); - -/** - * Calculate the total signature size for a list of keys. - * - * @param size_ptr On success, contains the signature size in bytes. - * @param key_list List of keys to calculate signature length from. - * @param key_count Number of keys. - * @return VB2_SUCCESS, or non-zero error code on failure. - */ -vb2_error_t vb21_sig_size_for_keys(uint32_t *size_ptr, - const struct vb2_private_key **key_list, - uint32_t key_count); - -/** - * Sign object with a key. - * - * @param buf Buffer containing object to sign, starting with - * common header - * @param sig_offset Offset in buffer at which to store signature. All - * data before this in the buffer will be signed. - * @param key Key to sign object with - * @param desc If non-null, description to use for signature - */ -vb2_error_t vb21_sign_object(uint8_t *buf, uint32_t sig_offset, - const struct vb2_private_key *key, - const char *desc); - -/** - * Sign object with list of keys. - * - * @param buf Buffer containing object to sign, starting with - * common header - * @param sig_offset Offset to start signatures. All data before this - * in the buffer will be signed. - * @param key_list List of keys to sign object with - * @param key_count Number of keys in list - */ -vb2_error_t vb21_sign_object_multiple(uint8_t *buf, uint32_t sig_offset, - const struct vb2_private_key **key_list, - uint32_t key_count); - -#endif /* VBOOT_REFERENCE_HOST_SIGNATURE2_H_ */ diff --git a/host/lib21/include/host_signature21.h b/host/lib21/include/host_signature21.h new file mode 100644 index 00000000..0b1784af --- /dev/null +++ b/host/lib21/include/host_signature21.h @@ -0,0 +1,96 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Host-side functions for verified boot key structures + */ + +#ifndef VBOOT_REFERENCE_HOST_SIGNATURE2_H_ +#define VBOOT_REFERENCE_HOST_SIGNATURE2_H_ + +#include "2struct.h" + +struct vb2_private_key; +struct vb21_signature; + +/** + * Get the digest info for a hash algorithm + * + * @param hash_alg Hash algorithm + * @param buf_ptr On success, points to the digest info + * @param size_ptr On success, contains the info size in bytes + * @return VB2_SUCCESS, or non-zero error code on failure. + */ +vb2_error_t vb2_digest_info(enum vb2_hash_algorithm hash_alg, + const uint8_t **buf_ptr, uint32_t *size_ptr); + +/** + * Sign data buffer + * + * @param sig_ptr On success, points to a newly allocated signature. + * Caller is responsible for calling free() on this. + * @param data Pointer to data to sign + * @param size Size of data to sign in bytes + * @param key Private key to use to sign data + * @param desc Optional description for signature. If NULL, the + * key description will be used. + * @return VB2_SUCCESS, or non-zero error code on failure. + */ +vb2_error_t vb21_sign_data(struct vb21_signature **sig_ptr, const uint8_t *data, + uint32_t size, const struct vb2_private_key *key, + const char *desc); + +/** + * Calculate the signature size for a private key. + * + * @param size_ptr On success, contains the signature size in bytes. + * @param key Key to calculate signature length from. + * @param desc Optional description for signature. If NULL, the + * key description will be used. + * @return VB2_SUCCESS, or non-zero error code on failure. + */ +vb2_error_t vb21_sig_size_for_key(uint32_t *size_ptr, + const struct vb2_private_key *key, + const char *desc); + +/** + * Calculate the total signature size for a list of keys. + * + * @param size_ptr On success, contains the signature size in bytes. + * @param key_list List of keys to calculate signature length from. + * @param key_count Number of keys. + * @return VB2_SUCCESS, or non-zero error code on failure. + */ +vb2_error_t vb21_sig_size_for_keys(uint32_t *size_ptr, + const struct vb2_private_key **key_list, + uint32_t key_count); + +/** + * Sign object with a key. + * + * @param buf Buffer containing object to sign, starting with + * common header + * @param sig_offset Offset in buffer at which to store signature. All + * data before this in the buffer will be signed. + * @param key Key to sign object with + * @param desc If non-null, description to use for signature + */ +vb2_error_t vb21_sign_object(uint8_t *buf, uint32_t sig_offset, + const struct vb2_private_key *key, + const char *desc); + +/** + * Sign object with list of keys. + * + * @param buf Buffer containing object to sign, starting with + * common header + * @param sig_offset Offset to start signatures. All data before this + * in the buffer will be signed. + * @param key_list List of keys to sign object with + * @param key_count Number of keys in list + */ +vb2_error_t vb21_sign_object_multiple(uint8_t *buf, uint32_t sig_offset, + const struct vb2_private_key **key_list, + uint32_t key_count); + +#endif /* VBOOT_REFERENCE_HOST_SIGNATURE2_H_ */ diff --git a/host/lib21/include/host_struct21.h b/host/lib21/include/host_struct21.h new file mode 100644 index 00000000..6f91e36c --- /dev/null +++ b/host/lib21/include/host_struct21.h @@ -0,0 +1,233 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Vboot 2.1 data structures + * + * Offsets should be padded to 32-bit boundaries, since some architectures + * have trouble with accessing unaligned integers. + */ + +#ifndef VBOOT_REFERENCE_VB21_STRUCT_H_ +#define VBOOT_REFERENCE_VB21_STRUCT_H_ + +#include "2id.h" +#include "2sysincludes.h" + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/* + * Magic numbers used by vb21_struct_common.magic. + * + * All valid numbers should be listed here to avoid accidental overlap. + * Numbers start at a large value, so that previous parsers (which stored + * things like lengths and offsets at that field) will detect and reject new + * structs as invalid. + */ +enum vb21_struct_common_magic { + /* "Vb2I" = vb21_packed_private_key.c.magic */ + VB21_MAGIC_PACKED_PRIVATE_KEY = 0x49326256, + + /* "Vb2P" = vb21_packed_key.c.magic */ + VB21_MAGIC_PACKED_KEY = 0x50326256, + + /* "Vb2S" = vb21_signature.c.magic */ + VB21_MAGIC_SIGNATURE = 0x53326256, +}; + + +/* + * Generic struct header for all vboot2.1 structs. This makes it easy to + * automatically parse and identify vboot structs (e.g., in futility). This + * must be the first member of the parent vboot2.1 struct. + */ +struct vb21_struct_common { + /* Magic number; see vb21_struct_common_magic for expected values */ + uint32_t magic; + + /* + * Parent struct version; see each struct for the expected value. + * + * How to handle struct version mismatches, if the parser is version + * A.b and the data is version C.d: + * 1) If A.b == C.d, we're good. + * 2) If A != C, the data cannot be parsed at all. + * 3) If b < d, C.d is a newer version of data which is backwards- + * compatible to old parsers. We're good. + * 4) If b > d, C.d is an older version of data. The parser should + * use default values for fields added after version d. We're + * good. + * + * Struct versions start at 3.0, since the highest version of the old + * structures was 2.1. This way, there is no possibility of collision + * for old code which depends on the version number. + */ + uint16_t struct_version_major; + uint16_t struct_version_minor; + + /* + * Size of the parent structure and all its data, including the + * description and any necessary padding. That is, all data must lie + * in a contiguous region of bytes starting at the first + * byte of this header. + */ + uint32_t total_size; + + /* + * Size of the fixed portion of the parent structure. If a description + * is present, it must start at this offset. + */ + uint32_t fixed_size; + + /* + * The object may contain an ASCII description following the fixed + * portion of the structure. If it is present, it must be + * null-terminated, and padded with 0 (null) bytes to a multiple of 32 + * bits. + * + * Size of ASCII description in bytes, counting null terminator and + * padding (if any). Set 0 if no description is present. If non-zero, + * there must be a null terminator (0) at offset (fixed_size + + * desc_size - 1). + */ + uint32_t desc_size; +} __attribute__((packed)); + +#define EXPECTED_VB21_STRUCT_COMMON_SIZE 20 + +/* Current version of vb21_packed_key struct */ +#define VB21_PACKED_KEY_VERSION_MAJOR 3 +#define VB21_PACKED_KEY_VERSION_MINOR 0 + +/* + * Packed public key data + * + * The key data must be arranged like this: + * 1) vb21_packed_key header struct h + * 2) Key description (pointed to by h.c.fixed_size) + * 3) Key data key (pointed to by h.key_offset) + */ +struct vb21_packed_key { + /* Common header fields */ + struct vb21_struct_common c; + + /* Offset of key data from start of this struct */ + uint32_t key_offset; + + /* Size of key data in bytes (NOT strength of key in bits) */ + uint32_t key_size; + + /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ + uint16_t sig_alg; + + /* + * Hash digest algorithm used with the key (enum vb2_hash_algorithm). + * This is explicitly specified as part of the key to prevent use of a + * strong key with a weak hash. + */ + uint16_t hash_alg; + + /* Key version */ + uint32_t key_version; + + /* Key ID */ + struct vb2_id id; +} __attribute__((packed)); + +#define EXPECTED_VB21_PACKED_KEY_SIZE \ + (EXPECTED_VB21_STRUCT_COMMON_SIZE + 16 + EXPECTED_ID_SIZE) + +/* Current version of vb21_packed_private_key struct */ +#define VB21_PACKED_PRIVATE_KEY_VERSION_MAJOR 3 +#define VB21_PACKED_PRIVATE_KEY_VERSION_MINOR 0 + +/* + * Packed private key data + * + * The key data must be arranged like this: + * 1) vb21_packed_private_key header struct h + * 2) Key description (pointed to by h.c.fixed_size) + * 3) Key data key (pointed to by h.key_offset) + */ +struct vb21_packed_private_key { + /* Common header fields */ + struct vb21_struct_common c; + + /* Offset of key data from start of this struct */ + uint32_t key_offset; + + /* Size of key data in bytes (NOT strength of key in bits) */ + uint32_t key_size; + + /* Signature algorithm used by the key (enum vb2_signature_algorithm) */ + uint16_t sig_alg; + + /* + * Hash digest algorithm used with the key (enum vb2_hash_algorithm). + * This is explicitly specified as part of the key to prevent use of a + * strong key with a weak hash. + */ + uint16_t hash_alg; + + /* Key ID */ + struct vb2_id id; +} __attribute__((packed)); + +#define EXPECTED_VB21_PACKED_PRIVATE_KEY_SIZE \ + (EXPECTED_VB21_STRUCT_COMMON_SIZE + 12 + EXPECTED_ID_SIZE) + +/* Current version of vb21_signature struct */ +#define VB21_SIGNATURE_VERSION_MAJOR 3 +#define VB21_SIGNATURE_VERSION_MINOR 0 + +/* + * Signature data + * + * The signature data must be arranged like this: + * 1) vb21_signature header struct h + * 2) Signature description (pointed to by h.c.fixed_size) + * 3) Signature data (pointed to by h.sig_offset) + */ +struct vb21_signature { + /* Common header fields */ + struct vb21_struct_common c; + + /* Offset of signature data from start of this struct */ + uint32_t sig_offset; + + /* Size of signature data in bytes */ + uint32_t sig_size; + + /* Size of the data block which was signed in bytes */ + uint32_t data_size; + + /* Signature algorithm used (enum vb2_signature_algorithm) */ + uint16_t sig_alg; + + /* Hash digest algorithm used (enum vb2_hash_algorithm) */ + uint16_t hash_alg; + + /* + * ID for the signature. + * + * If this is a keyblock signature entry, this is the ID of the key + * used to generate this signature. This allows the firmware to + * quickly determine which signature block (if any) goes with the key + * being used by the firmware. + * + * If this is a preamble hash entry, this is the ID of the data type + * being hashed. There is no key ID, because sig_alg=VB2_ALG_NONE. + */ + struct vb2_id id; +} __attribute__((packed)); + +#define EXPECTED_VB21_SIGNATURE_SIZE \ + (EXPECTED_VB21_STRUCT_COMMON_SIZE + 16 + EXPECTED_ID_SIZE) + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* VBOOT_REFERENCE_VB21_STRUCT_H_ */ diff --git a/tests/vb21_common2_tests.c b/tests/vb21_common2_tests.c deleted file mode 100644 index b98b1ac8..00000000 --- a/tests/vb21_common2_tests.c +++ /dev/null @@ -1,340 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for firmware image library. - */ - -#include -#include -#include - -#include "2common.h" -#include "2rsa.h" -#include "2sysincludes.h" -#include "host_common.h" -#include "host_key2.h" -#include "host_signature2.h" -#include "test_common.h" -#include "util_misc.h" -#include "vb21_common.h" - -static const uint8_t test_data[] = "This is some test data to sign."; -static const uint32_t test_size = sizeof(test_data); - -static void test_unpack_key(const struct vb21_packed_key *key) -{ - struct vb2_public_key pubk; - struct vb21_packed_key *key2; - uint32_t size = key->c.total_size; - - /* Make a copy of the key for testing */ - key2 = (struct vb21_packed_key *)malloc(size); - - memcpy(key2, key, size); - TEST_SUCC(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - "vb21_unpack_key() ok"); - - memcpy(key2, key, size); - key2->key_offset += 4; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_COMMON_MEMBER_SIZE, - "vb21_unpack_key() buffer too small"); - - memcpy(key2, key, size); - key2->c.fixed_size += size; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_COMMON_FIXED_SIZE, - "vb21_unpack_key() buffer too small for desc"); - - memcpy(key2, key, size); - key2->c.desc_size = 0; - TEST_SUCC(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - "vb21_unpack_key() no desc"); - TEST_EQ(strcmp(pubk.desc, ""), 0, " empty desc string"); - - memcpy(key2, key, size); - key2->c.magic++; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_MAGIC, - "vb21_unpack_key() bad magic"); - - memcpy(key2, key, size); - key2->c.struct_version_major++; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_STRUCT_VERSION, - "vb21_unpack_key() bad major version"); - - /* - * Minor version changes are ok. Note that this test assumes that the - * source key struct version is the highest actually known to the - * reader. If the reader does know about minor version + 1 and that - * adds fields, this test will likely fail. But at that point, we - * should have already added a test for minor version compatibility to - * handle both old and new struct versions, so someone will have - * noticed this comment. - */ - memcpy(key2, key, size); - key2->c.struct_version_minor++; - TEST_SUCC(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - "vb21_unpack_key() minor version change ok"); - - memcpy(key2, key, size); - key2->sig_alg = VB2_SIG_INVALID; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, - "vb21_unpack_key() bad sig algorithm"); - - memcpy(key2, key, size); - key2->hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM, - "vb21_unpack_key() bad hash algorithm"); - - memcpy(key2, key, size); - key2->key_size -= 4; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_SIZE, - "vb21_unpack_key() invalid size"); - - memcpy(key2, key, size); - key2->key_offset--; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_COMMON_MEMBER_UNALIGNED, - "vb21_unpack_key() unaligned data"); - - memcpy(key2, key, size); - *(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2; - TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), - VB2_ERROR_UNPACK_KEY_ARRAY_SIZE, - "vb21_unpack_key() invalid key array size"); - - free(key2); -} - -static void test_verify_signature(const struct vb21_signature *sig) -{ - struct vb21_signature *sig2; - uint8_t *buf2; - uint32_t size; - - /* Make a copy of the signature */ - size = sig->c.total_size; - buf2 = malloc(size); - sig2 = (struct vb21_signature *)buf2; - - memcpy(buf2, sig, size); - TEST_SUCC(vb21_verify_signature(sig2, size), "verify_sig ok"); - sig2->c.magic = VB21_MAGIC_PACKED_KEY; - TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_MAGIC, - "verify_sig magic"); - - memcpy(buf2, sig, size); - sig2->c.total_size += 4; - TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE, - "verify_sig common header"); - - memcpy(buf2, sig, size); - sig2->c.struct_version_minor++; - TEST_SUCC(vb21_verify_signature(sig2, size), "verify_sig minor ver"); - sig2->c.struct_version_major++; - TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_VERSION, - "verify_sig major ver"); - - memcpy(buf2, sig, size); - sig2->c.fixed_size -= 4; - sig2->c.desc_size += 4; - TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_HEADER_SIZE, - "verify_sig header size"); - - memcpy(buf2, sig, size); - sig2->sig_size += 4; - TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE, - "verify_sig sig size"); - - memcpy(buf2, sig, size); - sig2->sig_alg = VB2_SIG_INVALID; - TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_ALGORITHM, - "verify_sig sig alg"); - - memcpy(buf2, sig, size); - sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ? - VB2_SIG_RSA1024 : VB2_SIG_NONE); - TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_SIZE, - "verify_sig sig size"); - - free(buf2); -} - -static void test_verify_data(const struct vb2_public_key *pubk_orig, - const struct vb21_signature *sig) -{ - uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); - struct vb2_workbuf wb; - - struct vb2_public_key pubk; - struct vb21_signature *sig2; - uint8_t *buf2; - uint32_t size; - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - pubk = *pubk_orig; - - /* Allocate signature copy for tests */ - size = sig->c.total_size; - buf2 = malloc(size); - sig2 = (struct vb21_signature *)buf2; - - memcpy(buf2, sig, size); - pubk.sig_alg = VB2_SIG_INVALID; - TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_ALGORITHM, "vb21_verify_data() bad sig alg"); - pubk = *pubk_orig; - - memcpy(buf2, sig, size); - pubk.hash_alg = VB2_HASH_INVALID; - TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_DIGEST_SIZE, - "vb21_verify_data() bad hash alg"); - pubk = *pubk_orig; - - vb2_workbuf_init(&wb, workbuf, 4); - memcpy(buf2, sig, size); - TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_WORKBUF_DIGEST, - "vb21_verify_data() workbuf too small"); - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - memcpy(buf2, sig, size); - TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), - 0, "vb21_verify_data() ok"); - - memcpy(buf2, sig, size); - sig2->sig_size -= 16; - TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_SIG_SIZE, "vb21_verify_data() wrong sig size"); - - memcpy(buf2, sig, size); - TEST_EQ(vb21_verify_data(test_data, test_size - 1, sig2, &pubk, &wb), - VB2_ERROR_VDATA_SIZE, "vb21_verify_data() wrong data size"); - - memcpy(buf2, sig, size); - sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ? - VB2_HASH_SHA256 : VB2_HASH_SHA1); - TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_VDATA_ALGORITHM_MISMATCH, - "vb21_verify_data() alg mismatch"); - - - memcpy(buf2, sig, size); - buf2[sig2->sig_offset] ^= 0x5A; - TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), - VB2_ERROR_RSA_PADDING, "vb21_verify_data() wrong sig"); - - free(buf2); -} - -static int test_algorithm(int key_algorithm, const char *keys_dir) -{ - char filename[1024]; - - enum vb2_signature_algorithm sig_alg = - vb2_crypto_to_signature(key_algorithm); - enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm); - - struct vb2_private_key *prik = NULL; - struct vb21_signature *sig2 = NULL; - struct vb2_public_key *pubk; - uint8_t *pubk_buf = 0; - uint8_t *keyb_data = 0; - uint32_t keyb_size; - struct vb21_packed_key *key2 = NULL; - - printf("***Testing algorithm: %s\n", - vb2_get_crypto_algorithm_name(key_algorithm)); - - snprintf(filename, sizeof(filename), "%s/key_%s.pem", - keys_dir, - vb2_get_crypto_algorithm_file(key_algorithm)); - TEST_SUCC(vb2_private_key_read_pem(&prik, filename), - "Read private key"); - prik->hash_alg = hash_alg; - prik->sig_alg = sig_alg; - vb2_private_key_set_desc(prik, "private key"); - - - /* Create the public key */ - TEST_SUCC(vb2_public_key_alloc(&pubk, sig_alg), "Allocate public key"); - /* Extract the keyb blob */ - TEST_SUCC(vb_keyb_from_rsa(prik->rsa_private_key, - &keyb_data, &keyb_size), - "Extract public key"); - - /* - * Copy the keyb blob to the public key's buffer, because that's - * where vb2_unpack_key_data() and vb2_public_key_pack() expect - * to find it. - */ - pubk_buf = vb2_public_key_packed_data(pubk); - memcpy(pubk_buf, keyb_data, keyb_size); - - /* Fill in the internal struct pointers */ - TEST_SUCC(vb2_unpack_key_data(pubk, pubk_buf, keyb_size), - "unpack public key blob"); - - pubk->hash_alg = hash_alg; - vb2_public_key_set_desc(pubk, "public key"); - TEST_SUCC(vb21_public_key_pack(&key2, pubk), "Pack public key"); - - /* Calculate good signatures */ - TEST_SUCC(vb21_sign_data(&sig2, test_data, test_size, prik, ""), - "Make test signature"); - - test_unpack_key(key2); - test_verify_data(pubk, sig2); - test_verify_signature(sig2); - - free(keyb_data); - free(key2); - free(sig2); - vb2_private_key_free(prik); - vb2_public_key_free(pubk); - - return 0; -} - -/* Test only the algorithms we use */ -const int key_algs[] = { - VB2_ALG_RSA2048_SHA256, - VB2_ALG_RSA4096_SHA256, - VB2_ALG_RSA8192_SHA512, -}; - -int main(int argc, char *argv[]) { - - if (argc == 2) { - int i; - - for (i = 0; i < ARRAY_SIZE(key_algs); i++) { - if (test_algorithm(key_algs[i], argv[1])) - return 1; - } - - } else if (argc == 3 && !strcasecmp(argv[2], "--all")) { - /* Test all the algorithms */ - int alg; - - for (alg = 0; alg < VB2_ALG_COUNT; alg++) { - if (test_algorithm(alg, argv[1])) - return 1; - } - - } else { - fprintf(stderr, "Usage: %s [--all]", argv[0]); - return -1; - } - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vb21_common_tests.c b/tests/vb21_common_tests.c deleted file mode 100644 index 543ebb24..00000000 --- a/tests/vb21_common_tests.c +++ /dev/null @@ -1,247 +0,0 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for firmware 2common.c - */ - -#include "2common.h" -#include "2rsa.h" -#include "2sysincludes.h" -#include "host_key2.h" -#include "host_signature2.h" -#include "test_common.h" -#include "vb21_common.h" - -static const uint8_t test_data[] = "This is some test data to sign."; - -/* - * Test struct packing for vboot_struct.h structs which are passed between - * firmware and OS, or passed between different phases of firmware. - */ -static void test_struct_packing(void) -{ - /* Test new struct sizes */ - TEST_EQ(EXPECTED_ID_SIZE, - sizeof(struct vb2_id), - "sizeof(vb2_id)"); - TEST_EQ(EXPECTED_VB21_STRUCT_COMMON_SIZE, - sizeof(struct vb21_struct_common), - "sizeof(vb21_struct_common)"); - TEST_EQ(EXPECTED_VB21_PACKED_KEY_SIZE, - sizeof(struct vb21_packed_key), - "sizeof(vb21_packed_key)"); - TEST_EQ(EXPECTED_VB21_SIGNATURE_SIZE, - sizeof(struct vb21_signature), - "sizeof(vb21_signature)"); -} - -/** - * Common header functions - */ -static void test_common_header_functions(void) -{ - uint8_t cbuf[sizeof(struct vb21_struct_common) + 128]; - uint8_t cbufgood[sizeof(cbuf)]; - struct vb21_struct_common *c = (struct vb21_struct_common *)cbuf; - struct vb21_struct_common *c2; - const char test_desc[32] = "test desc"; - uint32_t desc_end, m; - - c->total_size = sizeof(cbuf); - c->fixed_size = sizeof(*c); - c->desc_size = sizeof(test_desc); - memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc)); - desc_end = c->fixed_size + c->desc_size; - - c2 = (struct vb21_struct_common *)(cbuf + desc_end); - c2->total_size = c->total_size - desc_end; - c2->fixed_size = sizeof(*c2); - c2->desc_size = 0; - - /* Description helper */ - TEST_EQ(0, strcmp(vb21_common_desc(c), test_desc), "vb21_common_desc()"); - TEST_EQ(0, strcmp(vb21_common_desc(c2), ""), "vb21_common_desc() empty"); - - TEST_SUCC(vb21_verify_common_header(cbuf, sizeof(cbuf)), - "vb21_verify_common_header() good"); - memcpy(cbufgood, cbuf, sizeof(cbufgood)); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->total_size += 4; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb21_verify_common_header() total size"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->fixed_size = c->total_size + 4; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_FIXED_SIZE, - "vb21_verify_common_header() fixed size"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->desc_size = c->total_size - c->fixed_size + 4; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_SIZE, - "vb21_verify_common_header() desc size"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->total_size--; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_TOTAL_UNALIGNED, - "vb21_verify_common_header() total unaligned"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->fixed_size++; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_FIXED_UNALIGNED, - "vb21_verify_common_header() fixed unaligned"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->desc_size--; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_UNALIGNED, - "vb21_verify_common_header() desc unaligned"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - c->desc_size = -4; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_WRAPS, - "vb21_verify_common_header() desc wraps"); - - memcpy(cbuf, cbufgood, sizeof(cbuf)); - cbuf[desc_end - 1] = 1; - TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), - VB2_ERROR_COMMON_DESC_TERMINATOR, - "vb21_verify_common_header() desc not terminated"); - - /* Member checking function */ - memcpy(cbuf, cbufgood, sizeof(cbuf)); - m = 0; - TEST_SUCC(vb21_verify_common_member(cbuf, &m, c->total_size - 8, 4), - "vb21_verify_common_member()"); - TEST_EQ(m, c->total_size - 4, " new minimum"); - - m = desc_end; - TEST_SUCC(vb21_verify_common_member(cbuf, &m, desc_end, 4), - "vb21_verify_common_member() good offset"); - TEST_EQ(m, desc_end + 4, " new minimum"); - - m = 0; - TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 8, -4), - VB2_ERROR_COMMON_MEMBER_WRAPS, - "vb21_verify_common_member() wraps"); - - m = 0; - TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 7, 4), - VB2_ERROR_COMMON_MEMBER_UNALIGNED, - "vb21_verify_common_member() offset unaligned"); - - m = 0; - TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 8, 5), - VB2_ERROR_COMMON_MEMBER_UNALIGNED, - "vb21_verify_common_member() size unaligned"); - - m = 0; - TEST_EQ(vb21_verify_common_member(cbuf, &m, desc_end - 4, 4), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb21_verify_common_member() overlap"); - - m = desc_end + 4; - TEST_EQ(vb21_verify_common_member(cbuf, &m, desc_end, 4), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb21_verify_common_member() overlap 2"); - - m = 0; - TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 4, 8), - VB2_ERROR_COMMON_MEMBER_SIZE, - "vb21_verify_common_member() size"); - - /* Subobject checking */ - m = 0; - TEST_SUCC(vb21_verify_common_subobject(cbuf, &m, desc_end), - "vb21_verify_common_subobject() good offset"); - TEST_EQ(m, sizeof(cbuf), " new minimum"); - - m = desc_end + 4; - TEST_EQ(vb21_verify_common_subobject(cbuf, &m, desc_end), - VB2_ERROR_COMMON_MEMBER_OVERLAP, - "vb21_verify_common_subobject() overlap"); - - m = 0; - c2->total_size += 4; - TEST_EQ(vb21_verify_common_subobject(cbuf, &m, desc_end), - VB2_ERROR_COMMON_TOTAL_SIZE, - "vb21_verify_common_subobject() size"); -} - -/** - * Signature size - */ -static void test_sig_size(void) -{ - TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0, - "vb2_sig_size() sig invalid"); - - TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0, - "vb2_sig_size() hash invalid"); - - TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8, - "vb2_sig_size() RSA2048"); - TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8, - "vb2_sig_size() RSA4096"); - TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8, - "vb2_sig_size() RSA8192"); - - TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1), - VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1"); - TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256), - VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256"); - TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512), - VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512"); -} - -/** - * Verify data on bare hash - */ -static void test_verify_hash(void) -{ - struct vb21_signature *sig; - const struct vb2_private_key *prik; - struct vb2_public_key pubk; - uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES] - __attribute__((aligned(VB2_WORKBUF_ALIGN))); - struct vb2_workbuf wb; - - vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); - - TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256), - "create private hash key"); - TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), - "create hash key"); - - /* Create the signature */ - TEST_SUCC(vb21_sign_data(&sig, test_data, sizeof(test_data), - prik, NULL), - "create hash sig"); - - TEST_SUCC(vb21_verify_data(test_data, sizeof(test_data), - sig, &pubk, &wb), - "vb21_verify_data() hash ok"); - - *((uint8_t *)sig + sig->sig_offset) ^= 0xab; - TEST_EQ(vb21_verify_data(test_data, sizeof(test_data), sig, &pubk, &wb), - VB2_ERROR_VDATA_VERIFY_DIGEST, "vb21_verify_data() hash bad"); - - free(sig); -} - -int main(int argc, char* argv[]) -{ - test_struct_packing(); - test_common_header_functions(); - test_sig_size(); - test_verify_hash(); - - return gTestSuccess ? 0 : 255; -} diff --git a/tests/vb21_host_common2_tests.c b/tests/vb21_host_common2_tests.c new file mode 100644 index 00000000..b2ceb95f --- /dev/null +++ b/tests/vb21_host_common2_tests.c @@ -0,0 +1,340 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for firmware image library. + */ + +#include +#include +#include + +#include "2common.h" +#include "2rsa.h" +#include "2sysincludes.h" +#include "host_common.h" +#include "host_common21.h" +#include "host_key21.h" +#include "host_signature21.h" +#include "test_common.h" +#include "util_misc.h" + +static const uint8_t test_data[] = "This is some test data to sign."; +static const uint32_t test_size = sizeof(test_data); + +static void test_unpack_key(const struct vb21_packed_key *key) +{ + struct vb2_public_key pubk; + struct vb21_packed_key *key2; + uint32_t size = key->c.total_size; + + /* Make a copy of the key for testing */ + key2 = (struct vb21_packed_key *)malloc(size); + + memcpy(key2, key, size); + TEST_SUCC(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + "vb21_unpack_key() ok"); + + memcpy(key2, key, size); + key2->key_offset += 4; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_COMMON_MEMBER_SIZE, + "vb21_unpack_key() buffer too small"); + + memcpy(key2, key, size); + key2->c.fixed_size += size; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_COMMON_FIXED_SIZE, + "vb21_unpack_key() buffer too small for desc"); + + memcpy(key2, key, size); + key2->c.desc_size = 0; + TEST_SUCC(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + "vb21_unpack_key() no desc"); + TEST_EQ(strcmp(pubk.desc, ""), 0, " empty desc string"); + + memcpy(key2, key, size); + key2->c.magic++; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_MAGIC, + "vb21_unpack_key() bad magic"); + + memcpy(key2, key, size); + key2->c.struct_version_major++; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_STRUCT_VERSION, + "vb21_unpack_key() bad major version"); + + /* + * Minor version changes are ok. Note that this test assumes that the + * source key struct version is the highest actually known to the + * reader. If the reader does know about minor version + 1 and that + * adds fields, this test will likely fail. But at that point, we + * should have already added a test for minor version compatibility to + * handle both old and new struct versions, so someone will have + * noticed this comment. + */ + memcpy(key2, key, size); + key2->c.struct_version_minor++; + TEST_SUCC(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + "vb21_unpack_key() minor version change ok"); + + memcpy(key2, key, size); + key2->sig_alg = VB2_SIG_INVALID; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_SIG_ALGORITHM, + "vb21_unpack_key() bad sig algorithm"); + + memcpy(key2, key, size); + key2->hash_alg = VB2_HASH_INVALID; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_HASH_ALGORITHM, + "vb21_unpack_key() bad hash algorithm"); + + memcpy(key2, key, size); + key2->key_size -= 4; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_SIZE, + "vb21_unpack_key() invalid size"); + + memcpy(key2, key, size); + key2->key_offset--; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_COMMON_MEMBER_UNALIGNED, + "vb21_unpack_key() unaligned data"); + + memcpy(key2, key, size); + *(uint32_t *)((uint8_t *)key2 + key2->key_offset) /= 2; + TEST_EQ(vb21_unpack_key(&pubk, (uint8_t *)key2, size), + VB2_ERROR_UNPACK_KEY_ARRAY_SIZE, + "vb21_unpack_key() invalid key array size"); + + free(key2); +} + +static void test_verify_signature(const struct vb21_signature *sig) +{ + struct vb21_signature *sig2; + uint8_t *buf2; + uint32_t size; + + /* Make a copy of the signature */ + size = sig->c.total_size; + buf2 = malloc(size); + sig2 = (struct vb21_signature *)buf2; + + memcpy(buf2, sig, size); + TEST_SUCC(vb21_verify_signature(sig2, size), "verify_sig ok"); + sig2->c.magic = VB21_MAGIC_PACKED_KEY; + TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_MAGIC, + "verify_sig magic"); + + memcpy(buf2, sig, size); + sig2->c.total_size += 4; + TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_COMMON_TOTAL_SIZE, + "verify_sig common header"); + + memcpy(buf2, sig, size); + sig2->c.struct_version_minor++; + TEST_SUCC(vb21_verify_signature(sig2, size), "verify_sig minor ver"); + sig2->c.struct_version_major++; + TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_VERSION, + "verify_sig major ver"); + + memcpy(buf2, sig, size); + sig2->c.fixed_size -= 4; + sig2->c.desc_size += 4; + TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_HEADER_SIZE, + "verify_sig header size"); + + memcpy(buf2, sig, size); + sig2->sig_size += 4; + TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_COMMON_MEMBER_SIZE, + "verify_sig sig size"); + + memcpy(buf2, sig, size); + sig2->sig_alg = VB2_SIG_INVALID; + TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_ALGORITHM, + "verify_sig sig alg"); + + memcpy(buf2, sig, size); + sig2->sig_alg = (sig2->sig_alg == VB2_SIG_NONE ? + VB2_SIG_RSA1024 : VB2_SIG_NONE); + TEST_EQ(vb21_verify_signature(sig2, size), VB2_ERROR_SIG_SIZE, + "verify_sig sig size"); + + free(buf2); +} + +static void test_verify_data(const struct vb2_public_key *pubk_orig, + const struct vb21_signature *sig) +{ + uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES] + __attribute__((aligned(VB2_WORKBUF_ALIGN))); + struct vb2_workbuf wb; + + struct vb2_public_key pubk; + struct vb21_signature *sig2; + uint8_t *buf2; + uint32_t size; + + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + pubk = *pubk_orig; + + /* Allocate signature copy for tests */ + size = sig->c.total_size; + buf2 = malloc(size); + sig2 = (struct vb21_signature *)buf2; + + memcpy(buf2, sig, size); + pubk.sig_alg = VB2_SIG_INVALID; + TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_ALGORITHM, "vb21_verify_data() bad sig alg"); + pubk = *pubk_orig; + + memcpy(buf2, sig, size); + pubk.hash_alg = VB2_HASH_INVALID; + TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_DIGEST_SIZE, + "vb21_verify_data() bad hash alg"); + pubk = *pubk_orig; + + vb2_workbuf_init(&wb, workbuf, 4); + memcpy(buf2, sig, size); + TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_WORKBUF_DIGEST, + "vb21_verify_data() workbuf too small"); + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + memcpy(buf2, sig, size); + TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), + 0, "vb21_verify_data() ok"); + + memcpy(buf2, sig, size); + sig2->sig_size -= 16; + TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_SIG_SIZE, "vb21_verify_data() wrong sig size"); + + memcpy(buf2, sig, size); + TEST_EQ(vb21_verify_data(test_data, test_size - 1, sig2, &pubk, &wb), + VB2_ERROR_VDATA_SIZE, "vb21_verify_data() wrong data size"); + + memcpy(buf2, sig, size); + sig2->hash_alg = (sig2->hash_alg == VB2_HASH_SHA1 ? + VB2_HASH_SHA256 : VB2_HASH_SHA1); + TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_VDATA_ALGORITHM_MISMATCH, + "vb21_verify_data() alg mismatch"); + + + memcpy(buf2, sig, size); + buf2[sig2->sig_offset] ^= 0x5A; + TEST_EQ(vb21_verify_data(test_data, test_size, sig2, &pubk, &wb), + VB2_ERROR_RSA_PADDING, "vb21_verify_data() wrong sig"); + + free(buf2); +} + +static int test_algorithm(int key_algorithm, const char *keys_dir) +{ + char filename[1024]; + + enum vb2_signature_algorithm sig_alg = + vb2_crypto_to_signature(key_algorithm); + enum vb2_hash_algorithm hash_alg = vb2_crypto_to_hash(key_algorithm); + + struct vb2_private_key *prik = NULL; + struct vb21_signature *sig2 = NULL; + struct vb2_public_key *pubk; + uint8_t *pubk_buf = 0; + uint8_t *keyb_data = 0; + uint32_t keyb_size; + struct vb21_packed_key *key2 = NULL; + + printf("***Testing algorithm: %s\n", + vb2_get_crypto_algorithm_name(key_algorithm)); + + snprintf(filename, sizeof(filename), "%s/key_%s.pem", + keys_dir, + vb2_get_crypto_algorithm_file(key_algorithm)); + TEST_SUCC(vb2_private_key_read_pem(&prik, filename), + "Read private key"); + prik->hash_alg = hash_alg; + prik->sig_alg = sig_alg; + vb2_private_key_set_desc(prik, "private key"); + + + /* Create the public key */ + TEST_SUCC(vb2_public_key_alloc(&pubk, sig_alg), "Allocate public key"); + /* Extract the keyb blob */ + TEST_SUCC(vb_keyb_from_rsa(prik->rsa_private_key, + &keyb_data, &keyb_size), + "Extract public key"); + + /* + * Copy the keyb blob to the public key's buffer, because that's + * where vb2_unpack_key_data() and vb2_public_key_pack() expect + * to find it. + */ + pubk_buf = vb2_public_key_packed_data(pubk); + memcpy(pubk_buf, keyb_data, keyb_size); + + /* Fill in the internal struct pointers */ + TEST_SUCC(vb2_unpack_key_data(pubk, pubk_buf, keyb_size), + "unpack public key blob"); + + pubk->hash_alg = hash_alg; + vb2_public_key_set_desc(pubk, "public key"); + TEST_SUCC(vb21_public_key_pack(&key2, pubk), "Pack public key"); + + /* Calculate good signatures */ + TEST_SUCC(vb21_sign_data(&sig2, test_data, test_size, prik, ""), + "Make test signature"); + + test_unpack_key(key2); + test_verify_data(pubk, sig2); + test_verify_signature(sig2); + + free(keyb_data); + free(key2); + free(sig2); + vb2_private_key_free(prik); + vb2_public_key_free(pubk); + + return 0; +} + +/* Test only the algorithms we use */ +const int key_algs[] = { + VB2_ALG_RSA2048_SHA256, + VB2_ALG_RSA4096_SHA256, + VB2_ALG_RSA8192_SHA512, +}; + +int main(int argc, char *argv[]) { + + if (argc == 2) { + int i; + + for (i = 0; i < ARRAY_SIZE(key_algs); i++) { + if (test_algorithm(key_algs[i], argv[1])) + return 1; + } + + } else if (argc == 3 && !strcasecmp(argv[2], "--all")) { + /* Test all the algorithms */ + int alg; + + for (alg = 0; alg < VB2_ALG_COUNT; alg++) { + if (test_algorithm(alg, argv[1])) + return 1; + } + + } else { + fprintf(stderr, "Usage: %s [--all]", argv[0]); + return -1; + } + + return gTestSuccess ? 0 : 255; +} diff --git a/tests/vb21_host_common_tests.c b/tests/vb21_host_common_tests.c new file mode 100644 index 00000000..3ab5dbc3 --- /dev/null +++ b/tests/vb21_host_common_tests.c @@ -0,0 +1,247 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Tests for firmware 2common.c + */ + +#include "2common.h" +#include "2rsa.h" +#include "2sysincludes.h" +#include "host_common21.h" +#include "host_key21.h" +#include "host_signature21.h" +#include "test_common.h" + +static const uint8_t test_data[] = "This is some test data to sign."; + +/* + * Test struct packing for vboot_struct.h structs which are passed between + * firmware and OS, or passed between different phases of firmware. + */ +static void test_struct_packing(void) +{ + /* Test new struct sizes */ + TEST_EQ(EXPECTED_ID_SIZE, + sizeof(struct vb2_id), + "sizeof(vb2_id)"); + TEST_EQ(EXPECTED_VB21_STRUCT_COMMON_SIZE, + sizeof(struct vb21_struct_common), + "sizeof(vb21_struct_common)"); + TEST_EQ(EXPECTED_VB21_PACKED_KEY_SIZE, + sizeof(struct vb21_packed_key), + "sizeof(vb21_packed_key)"); + TEST_EQ(EXPECTED_VB21_SIGNATURE_SIZE, + sizeof(struct vb21_signature), + "sizeof(vb21_signature)"); +} + +/** + * Common header functions + */ +static void test_common_header_functions(void) +{ + uint8_t cbuf[sizeof(struct vb21_struct_common) + 128]; + uint8_t cbufgood[sizeof(cbuf)]; + struct vb21_struct_common *c = (struct vb21_struct_common *)cbuf; + struct vb21_struct_common *c2; + const char test_desc[32] = "test desc"; + uint32_t desc_end, m; + + c->total_size = sizeof(cbuf); + c->fixed_size = sizeof(*c); + c->desc_size = sizeof(test_desc); + memcpy(cbuf + c->fixed_size, test_desc, sizeof(test_desc)); + desc_end = c->fixed_size + c->desc_size; + + c2 = (struct vb21_struct_common *)(cbuf + desc_end); + c2->total_size = c->total_size - desc_end; + c2->fixed_size = sizeof(*c2); + c2->desc_size = 0; + + /* Description helper */ + TEST_EQ(0, strcmp(vb21_common_desc(c), test_desc), "vb21_common_desc()"); + TEST_EQ(0, strcmp(vb21_common_desc(c2), ""), "vb21_common_desc() empty"); + + TEST_SUCC(vb21_verify_common_header(cbuf, sizeof(cbuf)), + "vb21_verify_common_header() good"); + memcpy(cbufgood, cbuf, sizeof(cbufgood)); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->total_size += 4; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_TOTAL_SIZE, + "vb21_verify_common_header() total size"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->fixed_size = c->total_size + 4; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_FIXED_SIZE, + "vb21_verify_common_header() fixed size"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->desc_size = c->total_size - c->fixed_size + 4; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_SIZE, + "vb21_verify_common_header() desc size"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->total_size--; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_TOTAL_UNALIGNED, + "vb21_verify_common_header() total unaligned"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->fixed_size++; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_FIXED_UNALIGNED, + "vb21_verify_common_header() fixed unaligned"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->desc_size--; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_UNALIGNED, + "vb21_verify_common_header() desc unaligned"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + c->desc_size = -4; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_WRAPS, + "vb21_verify_common_header() desc wraps"); + + memcpy(cbuf, cbufgood, sizeof(cbuf)); + cbuf[desc_end - 1] = 1; + TEST_EQ(vb21_verify_common_header(cbuf, sizeof(cbuf)), + VB2_ERROR_COMMON_DESC_TERMINATOR, + "vb21_verify_common_header() desc not terminated"); + + /* Member checking function */ + memcpy(cbuf, cbufgood, sizeof(cbuf)); + m = 0; + TEST_SUCC(vb21_verify_common_member(cbuf, &m, c->total_size - 8, 4), + "vb21_verify_common_member()"); + TEST_EQ(m, c->total_size - 4, " new minimum"); + + m = desc_end; + TEST_SUCC(vb21_verify_common_member(cbuf, &m, desc_end, 4), + "vb21_verify_common_member() good offset"); + TEST_EQ(m, desc_end + 4, " new minimum"); + + m = 0; + TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 8, -4), + VB2_ERROR_COMMON_MEMBER_WRAPS, + "vb21_verify_common_member() wraps"); + + m = 0; + TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 7, 4), + VB2_ERROR_COMMON_MEMBER_UNALIGNED, + "vb21_verify_common_member() offset unaligned"); + + m = 0; + TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 8, 5), + VB2_ERROR_COMMON_MEMBER_UNALIGNED, + "vb21_verify_common_member() size unaligned"); + + m = 0; + TEST_EQ(vb21_verify_common_member(cbuf, &m, desc_end - 4, 4), + VB2_ERROR_COMMON_MEMBER_OVERLAP, + "vb21_verify_common_member() overlap"); + + m = desc_end + 4; + TEST_EQ(vb21_verify_common_member(cbuf, &m, desc_end, 4), + VB2_ERROR_COMMON_MEMBER_OVERLAP, + "vb21_verify_common_member() overlap 2"); + + m = 0; + TEST_EQ(vb21_verify_common_member(cbuf, &m, c->total_size - 4, 8), + VB2_ERROR_COMMON_MEMBER_SIZE, + "vb21_verify_common_member() size"); + + /* Subobject checking */ + m = 0; + TEST_SUCC(vb21_verify_common_subobject(cbuf, &m, desc_end), + "vb21_verify_common_subobject() good offset"); + TEST_EQ(m, sizeof(cbuf), " new minimum"); + + m = desc_end + 4; + TEST_EQ(vb21_verify_common_subobject(cbuf, &m, desc_end), + VB2_ERROR_COMMON_MEMBER_OVERLAP, + "vb21_verify_common_subobject() overlap"); + + m = 0; + c2->total_size += 4; + TEST_EQ(vb21_verify_common_subobject(cbuf, &m, desc_end), + VB2_ERROR_COMMON_TOTAL_SIZE, + "vb21_verify_common_subobject() size"); +} + +/** + * Signature size + */ +static void test_sig_size(void) +{ + TEST_EQ(vb2_sig_size(VB2_SIG_INVALID, VB2_HASH_SHA256), 0, + "vb2_sig_size() sig invalid"); + + TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_INVALID), 0, + "vb2_sig_size() hash invalid"); + + TEST_EQ(vb2_sig_size(VB2_SIG_RSA2048, VB2_HASH_SHA256), 2048 / 8, + "vb2_sig_size() RSA2048"); + TEST_EQ(vb2_sig_size(VB2_SIG_RSA4096, VB2_HASH_SHA256), 4096 / 8, + "vb2_sig_size() RSA4096"); + TEST_EQ(vb2_sig_size(VB2_SIG_RSA8192, VB2_HASH_SHA512), 8192 / 8, + "vb2_sig_size() RSA8192"); + + TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA1), + VB2_SHA1_DIGEST_SIZE, "vb2_sig_size() SHA1"); + TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA256), + VB2_SHA256_DIGEST_SIZE, "vb2_sig_size() SHA256"); + TEST_EQ(vb2_sig_size(VB2_SIG_NONE, VB2_HASH_SHA512), + VB2_SHA512_DIGEST_SIZE, "vb2_sig_size() SHA512"); +} + +/** + * Verify data on bare hash + */ +static void test_verify_hash(void) +{ + struct vb21_signature *sig; + const struct vb2_private_key *prik; + struct vb2_public_key pubk; + uint8_t workbuf[VB2_VERIFY_DATA_WORKBUF_BYTES] + __attribute__((aligned(VB2_WORKBUF_ALIGN))); + struct vb2_workbuf wb; + + vb2_workbuf_init(&wb, workbuf, sizeof(workbuf)); + + TEST_SUCC(vb2_private_key_hash(&prik, VB2_HASH_SHA256), + "create private hash key"); + TEST_SUCC(vb2_public_key_hash(&pubk, VB2_HASH_SHA256), + "create hash key"); + + /* Create the signature */ + TEST_SUCC(vb21_sign_data(&sig, test_data, sizeof(test_data), + prik, NULL), + "create hash sig"); + + TEST_SUCC(vb21_verify_data(test_data, sizeof(test_data), + sig, &pubk, &wb), + "vb21_verify_data() hash ok"); + + *((uint8_t *)sig + sig->sig_offset) ^= 0xab; + TEST_EQ(vb21_verify_data(test_data, sizeof(test_data), sig, &pubk, &wb), + VB2_ERROR_VDATA_VERIFY_DIGEST, "vb21_verify_data() hash bad"); + + free(sig); +} + +int main(int argc, char* argv[]) +{ + test_struct_packing(); + test_common_header_functions(); + test_sig_size(); + test_verify_hash(); + + return gTestSuccess ? 0 : 255; +} diff --git a/tests/vb21_host_key_tests.c b/tests/vb21_host_key_tests.c index 0be763fc..e8eef9b3 100644 --- a/tests/vb21_host_key_tests.c +++ b/tests/vb21_host_key_tests.c @@ -12,9 +12,9 @@ #include "2rsa.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_key2.h" +#include "host_common21.h" +#include "host_key21.h" #include "test_common.h" -#include "vb21_common.h" /* Test only the algorithms we use */ struct alg_combo { diff --git a/tests/vb21_host_misc_tests.c b/tests/vb21_host_misc_tests.c index 8a556e99..f437803c 100644 --- a/tests/vb21_host_misc_tests.c +++ b/tests/vb21_host_misc_tests.c @@ -11,9 +11,9 @@ #include "2common.h" #include "2sysincludes.h" #include "host_common.h" +#include "host_common21.h" #include "host_misc.h" #include "test_common.h" -#include "vb21_common.h" static void misc_tests(void) { diff --git a/tests/vb21_host_sig_tests.c b/tests/vb21_host_sig_tests.c index b116c5ce..f337eaa4 100644 --- a/tests/vb21_host_sig_tests.c +++ b/tests/vb21_host_sig_tests.c @@ -12,10 +12,10 @@ #include "2rsa.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_key2.h" -#include "host_signature2.h" +#include "host_common21.h" +#include "host_key21.h" +#include "host_signature21.h" #include "test_common.h" -#include "vb21_common.h" /* Test only the algorithms we use */ struct alg_combo { diff --git a/tests/vb2_common2_tests.c b/tests/vb2_common2_tests.c index 4f68f9b8..e8c96f78 100644 --- a/tests/vb2_common2_tests.c +++ b/tests/vb2_common2_tests.c @@ -13,7 +13,7 @@ #include "2sysincludes.h" #include "file_keys.h" #include "host_common.h" -#include "host_key2.h" +#include "host_key21.h" #include "test_common.h" #include "vb2_common.h" diff --git a/utility/pad_digest_utility.c b/utility/pad_digest_utility.c index 718f7356..6f91cf37 100644 --- a/utility/pad_digest_utility.c +++ b/utility/pad_digest_utility.c @@ -12,7 +12,7 @@ #include "2sha.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_signature2.h" +#include "host_signature21.h" #include "signature_digest.h" static void usage(char* argv[]) { diff --git a/utility/signature_digest_utility.c b/utility/signature_digest_utility.c index 9a39317a..9f5138fd 100644 --- a/utility/signature_digest_utility.c +++ b/utility/signature_digest_utility.c @@ -14,7 +14,7 @@ #include "2common.h" #include "2sysincludes.h" #include "host_common.h" -#include "host_signature2.h" +#include "host_signature21.h" #include "signature_digest.h" int main(int argc, char* argv[]) -- cgit v1.2.1