1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/* Copyright 2015 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Boot descriptor block host functions
*/
#ifndef VBOOT_REFERENCE_BDB_HOST_H_
#define VBOOT_REFERENCE_BDB_HOST_H_
#include <stdlib.h>
#include <openssl/pem.h>
#include "bdb_struct.h"
/*****************************************************************************/
/*
Expected calling sequence:
Load and check just the header
bdb_check_header(buf, size);
Load and verify the entire BDB
bdb_verify(buf, size, bdb_key_hash, dev_mode_flag);
bdb_check_header() again - paranoia against bad storage devices
bdb_check_key() on BDB key
bdb_sha256() on BDB key
Compare with appropriate root key hash
If dev_mode_flag(), mismatch is not fatal
bdb_check_sig() on BDB header sig
bdb_sha256() on OEM area 1, RW datakey
bdb_rsa_verify() on digest using BDB key
bdb_check_key() on RW datakey
bdb_check_data() on RW data
bdb_check_sig() on data sig
bdb_sha256() on data, OEM area 1, hashes
bdb_rsa_verify() on digest using RW datakey
Check RW datakey version. If normal boot from primary BDB, roll forward
Check data version. If normal boot from primary BDB, roll forward
*/
/*****************************************************************************/
/* Codes for functions returning numeric error codes */
enum bdb_host_return_code {
/* All/any of bdb_return_code, and the following... */
/* Other errors */
BDB_ERROR_HOST = 200,
};
/*****************************************************************************/
/* Functions */
/**
* Like strncpy, but guaranteeing null termination
*/
char *strzcpy(char *dest, const char *src, size_t size);
/**
* Read a file.
*
* Caller must free() the returned buffer.
*
* @param filename Path to file
* @param size_ptr Destination for size of buffer
* @return A newly allocated buffer containing the data, or NULL if error.
*/
uint8_t *read_file(const char *filename, uint32_t *size_ptr);
/**
* Write a file.
*
* @param buf Data to write
* @param size Size of data in bytes
* @return 0 if success, non-zero error code if error.
*/
int write_file(const char *filename, const void *buf, uint32_t size);
/**
* Read a PEM from a file.
*
* Caller must free the PEM with RSA_free().
*
* @param filename Path to file
* @return A newly allocated PEM object, or NULL if error.
*/
struct rsa_st *read_pem(const char *filename);
/**
* Create a BDB public key object.
*
* Caller must free() the returned key.
*
* @param filename Path to file containing public key (.keyb)
* @param key_version Version for key
* @param desc Description. Optional; may be NULL.
* @return A newly allocated public key, or NULL if error.
*/
struct bdb_key *bdb_create_key(const char *filename,
uint32_t key_version,
const char *desc);
/**
* Create a BDB signature object.
*
* Caller must free() the returned signature.
*
* @param data Data to sign
* @param size Size of data in bytes
* @param key PEM key
* @param sig_alg Signature algorithm
* @param desc Description. Optional; may be NULL.
* @return A newly allocated signature, or NULL if error.
*/
struct bdb_sig *bdb_create_sig(const void *data,
size_t size,
struct rsa_st *key,
uint32_t sig_alg,
const char *desc);
struct bdb_create_params
{
/* Load address */
uint64_t bdb_load_address;
/* OEM areas. Size may be 0, in which case the buffer is ignored */
uint8_t *oem_area_0;
uint32_t oem_area_0_size;
uint8_t *oem_area_1;
uint32_t oem_area_1_size;
/* Public BDB key and datakey */
struct bdb_key *bdbkey;
struct bdb_key *datakey;
/* Private BDB key and datakey */
struct rsa_st *private_bdbkey;
struct rsa_st *private_datakey;
/* Descriptions for header and data signatures */
char *header_sig_description;
char *data_sig_description;
/* Data description and version */
char *data_description;
uint32_t data_version;
/* Data hashes and count */
struct bdb_hash *hash;
uint32_t num_hashes;
};
/**
* Create a new BDB
*
* Caller must free() returned object.
*
* @param p Creation parameters
* @return A newly allocated BDB, or NULL if error.
*/
struct bdb_header *bdb_create(struct bdb_create_params *p);
/*****************************************************************************/
#endif /* VBOOT_REFERENCE_BDB_HOST_H_ */
|
