1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Common functions between firmware and kernel verified boot.
*/
#ifndef VBOOT_REFERENCE_VB2_COMMON_H_
#define VBOOT_REFERENCE_VB2_COMMON_H_
#include "2api.h"
#include "2common.h"
#include "2return_codes.h"
#include "2sha.h"
#include "2struct.h"
#include "2sysincludes.h"
#include "vb2_struct.h"
struct vb2_public_key;
/*
* Helper functions to get data pointed to by a public key or signature.
*/
uint8_t *vb2_signature_data(struct vb2_signature *sig);
/**
* Verify a signature is fully contained in its parent data
*
* @param parent Parent data
* @param parent_size Parent size in bytes
* @param sig Signature pointer
* @return VB2_SUCCESS, or non-zero if error.
*/
int vb2_verify_signature_inside(const void *parent,
uint32_t parent_size,
const struct vb2_signature *sig);
/**
* Unpack a vboot1-format key buffer for use in verification
*
* The elements of the unpacked key will point into the source buffer, so don't
* free the source buffer until you're done with the key.
*
* @param key Destintion for unpacked key
* @param buf Source buffer containing packed key
* @param size Size of buffer in bytes
* @return VB2_SUCCESS, or non-zero error code if error.
*/
int vb2_unpack_key_buffer(struct vb2_public_key *key,
const uint8_t *buf,
uint32_t size);
/**
* Unpack a vboot1-format key for use in verification
*
* The elements of the unpacked key will point into the source packed key, so
* don't free the source until you're done with the public key.
*
* @param key Destintion for unpacked key
* @param packed_key Source packed key
* @param size Size of buffer in bytes
* @return VB2_SUCCESS, or non-zero error code if error.
*/
int vb2_unpack_key(struct vb2_public_key *key,
const struct vb2_packed_key *packed_key);
/**
* Verify a signature against an expected hash digest.
*
* @param key Key to use in signature verification
* @param sig Signature to verify (may be destroyed in process)
* @param digest Digest of signed data
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero if error.
*/
int vb2_verify_digest(const struct vb2_public_key *key,
struct vb2_signature *sig,
const uint8_t *digest,
const struct vb2_workbuf *wb);
/**
* Verify data matches signature.
*
* @param data Data to verify
* @param size Size of data buffer. Note that amount of data to
* actually validate is contained in sig->data_size.
* @param sig Signature of data (destroyed in process)
* @param key Key to use to validate signature
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero error code if error.
*/
int vb2_verify_data(const uint8_t *data,
uint32_t size,
struct vb2_signature *sig,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
/**
* Check the sanity of a key block structure.
*
* Verifies all the header fields. Does not verify key index or key block
* flags. Should be called before verifying the key block data itself using
* the key. (This function does not itself verify the signature - just that
* the right amount of data is claimed to be signed.)
*
* @param block Key block to verify
* @param size Size of key block buffer
* @param sig Which signature inside the keyblock to use
*/
int vb2_check_keyblock(const struct vb2_keyblock *block,
uint32_t size,
const struct vb2_signature *sig);
/**
* Verify a key block using a public key.
*
* Header fields are also checked for sanity. Does not verify key index or key
* block flags. Signature inside block is destroyed during check.
*
* @param block Key block to verify
* @param size Size of key block buffer
* @param key Key to use to verify block
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero error code if error.
*/
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
/**
* Verify a key block using its hash.
*
* Header fields are also checked for sanity. Does not verify key index or key
* block flags. Use this for self-signed keyblocks in developer mode.
*
* @param block Key block to verify
* @param size Size of key block buffer
* @param key Key to use to verify block
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero error code if error.
*/
int vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
uint32_t size,
const struct vb2_workbuf *wb);
/**
* Check the sanity of a firmware preamble using a public key.
*
* The signature in the preamble is destroyed during the check.
*
* @param preamble Preamble to verify
* @param size Size of preamble buffer
* @param key Key to use to verify preamble
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero error code if error.
*/
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
/**
* Check the sanity of a kernel preamble using a public key.
*
* The signature in the preamble is destroyed during the check.
*
* @param preamble Preamble to verify
* @param size Size of preamble buffer
* @param key Key to use to verify preamble
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero error code if error.
*/
int vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
/**
* Retrieve the 16-bit vmlinuz header address and size from the preamble.
*
* Size 0 means there is no 16-bit vmlinuz header present. Old preamble
* versions (<2.1) return 0 for both fields.
*
* @param preamble Preamble to check
* @param vmlinuz_header_address Destination for header address
* @param vmlinuz_header_size Destination for header size
*/
void vb2_kernel_get_vmlinuz_header(const struct vb2_kernel_preamble *preamble,
uint64_t *vmlinuz_header_address,
uint32_t *vmlinuz_header_size);
/**
* Get the flags for the kernel preamble.
*
* @param preamble Preamble to check
* @return Flags for the preamble. Old preamble versions (<2.2) return 0.
*/
uint32_t vb2_kernel_get_flags(const struct vb2_kernel_preamble *preamble);
#endif /* VBOOT_REFERENCE_VB2_COMMON_H_ */
|
