1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Externally-callable APIs
* (Firmware portion)
*/
#include "2sysincludes.h"
#include "2api.h"
#include "2misc.h"
#include "2nvstorage.h"
#include "2secdata.h"
#include "2sha.h"
#include "2rsa.h"
#include "vb2_common.h"
vb2_error_t vb2api_fw_phase3(struct vb2_context *ctx)
{
vb2_error_t rv;
/* Verify firmware keyblock */
rv = vb2_load_fw_keyblock(ctx);
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
return rv;
}
/* Verify firmware preamble */
rv = vb2_load_fw_preamble(ctx);
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_RO_INVALID_RW, rv);
return rv;
}
return VB2_SUCCESS;
}
vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag,
uint32_t *size)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
const struct vb2_fw_preamble *pre;
struct vb2_digest_context *dc;
struct vb2_public_key key;
struct vb2_workbuf wb;
vb2_error_t rv;
vb2_workbuf_from_ctx(ctx, &wb);
if (tag == VB2_HASH_TAG_INVALID)
return VB2_ERROR_API_INIT_HASH_TAG;
/* Get preamble pointer */
if (!sd->preamble_size)
return VB2_ERROR_API_INIT_HASH_PREAMBLE;
pre = (const struct vb2_fw_preamble *)
vb2_member_of(sd, sd->preamble_offset);
/* For now, we only support the firmware body tag */
if (tag != VB2_HASH_TAG_FW_BODY)
return VB2_ERROR_API_INIT_HASH_TAG;
/* Allocate workbuf space for the hash */
if (sd->hash_size) {
dc = (struct vb2_digest_context *)
vb2_member_of(sd, sd->hash_offset);
} else {
uint32_t dig_size = sizeof(*dc);
dc = vb2_workbuf_alloc(&wb, dig_size);
if (!dc)
return VB2_ERROR_API_INIT_HASH_WORKBUF;
sd->hash_offset = vb2_offset_of(sd, dc);
sd->hash_size = dig_size;
vb2_set_workbuf_used(ctx, sd->hash_offset + dig_size);
}
/*
* Work buffer now contains:
* - vb2_shared_data
* - packed firmware data key
* - firmware preamble
* - hash data
*/
/*
* Unpack the firmware data key to see which hashing algorithm we
* should use.
*
* TODO: really, the firmware body should be hashed, and not signed,
* because the signature we're checking is already signed as part of
* the firmware preamble. But until we can change the signing scripts,
* we're stuck with a signature here instead of a hash.
*/
if (!sd->data_key_size)
return VB2_ERROR_API_INIT_HASH_DATA_KEY;
rv = vb2_unpack_key_buffer(&key,
vb2_member_of(sd, sd->data_key_offset),
sd->data_key_size);
if (rv)
return rv;
sd->hash_tag = tag;
sd->hash_remaining_size = pre->body_signature.data_size;
if (size)
*size = pre->body_signature.data_size;
if (!(pre->flags & VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO)) {
rv = vb2ex_hwcrypto_digest_init(key.hash_alg,
pre->body_signature.data_size);
if (!rv) {
VB2_DEBUG("Using HW crypto engine for hash_alg %d\n",
key.hash_alg);
dc->hash_alg = key.hash_alg;
dc->using_hwcrypto = 1;
return VB2_SUCCESS;
}
if (rv != VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED)
return rv;
VB2_DEBUG("HW crypto for hash_alg %d not supported, using SW\n",
key.hash_alg);
} else {
VB2_DEBUG("HW crypto forbidden by preamble, using SW\n");
}
return vb2_digest_init(dc, key.hash_alg);
}
vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx,
void *digest_out,
uint32_t digest_out_size)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
struct vb2_digest_context *dc = (struct vb2_digest_context *)
vb2_member_of(sd, sd->hash_offset);
struct vb2_workbuf wb;
uint8_t *digest;
uint32_t digest_size = vb2_digest_size(dc->hash_alg);
struct vb2_fw_preamble *pre;
struct vb2_public_key key;
vb2_error_t rv;
vb2_workbuf_from_ctx(ctx, &wb);
/* Get preamble pointer */
if (!sd->preamble_size)
return VB2_ERROR_API_CHECK_HASH_PREAMBLE;
pre = vb2_member_of(sd, sd->preamble_offset);
/* Must have initialized hash digest work area */
if (!sd->hash_size)
return VB2_ERROR_API_CHECK_HASH_WORKBUF;
/* Should have hashed the right amount of data */
if (sd->hash_remaining_size)
return VB2_ERROR_API_CHECK_HASH_SIZE;
/* Allocate the digest */
digest = vb2_workbuf_alloc(&wb, digest_size);
if (!digest)
return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST;
/* Finalize the digest */
if (dc->using_hwcrypto)
rv = vb2ex_hwcrypto_digest_finalize(digest, digest_size);
else
rv = vb2_digest_finalize(dc, digest, digest_size);
if (rv)
return rv;
/* The code below is specific to the body signature */
if (sd->hash_tag != VB2_HASH_TAG_FW_BODY)
return VB2_ERROR_API_CHECK_HASH_TAG;
/*
* The body signature is currently a *signature* of the body data, not
* just its hash. So we need to verify the signature.
*/
/* Unpack the data key */
if (!sd->data_key_size)
return VB2_ERROR_API_CHECK_HASH_DATA_KEY;
rv = vb2_unpack_key_buffer(&key,
vb2_member_of(sd, sd->data_key_offset),
sd->data_key_size);
if (rv)
return rv;
/*
* Check digest vs. signature. Note that this destroys the signature.
* That's ok, because we only check each signature once per boot.
*/
rv = vb2_verify_digest(&key, &pre->body_signature, digest, &wb);
if (rv)
vb2_fail(ctx, VB2_RECOVERY_FW_BODY, rv);
if (digest_out != NULL) {
if (digest_out_size < digest_size)
return VB2_ERROR_API_CHECK_DIGEST_SIZE;
memcpy(digest_out, digest, digest_size);
}
return rv;
}
int vb2api_check_hash(struct vb2_context *ctx)
{
return vb2api_check_hash_get_digest(ctx, NULL, 0);
}
|
