1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Signature validation functions
*/
#include "2sysincludes.h"
#include "2common.h"
#include "2rsa.h"
#include "2sha.h"
#include "vb21_common.h"
const char *vb21_common_desc(const void *buf)
{
const struct vb21_struct_common *c = buf;
return c->desc_size ? (const char *)c + c->fixed_size : "";
}
int vb21_verify_common_header(const void *parent, uint32_t parent_size)
{
const struct vb21_struct_common *c = parent;
/* Parent buffer size must be at least the claimed total size */
if (parent_size < c->total_size)
return VB2_ERROR_COMMON_TOTAL_SIZE;
/*
* And big enough for the fixed size, which itself must be at least as
* big as the common struct header.
*/
if (c->total_size < c->fixed_size || c->fixed_size < sizeof(*c))
return VB2_ERROR_COMMON_FIXED_SIZE;
/* Make sure sizes are all multiples of 32 bits */
if (!vb2_aligned(c->total_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_TOTAL_UNALIGNED;
if (!vb2_aligned(c->fixed_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_FIXED_UNALIGNED;
if (!vb2_aligned(c->desc_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_DESC_UNALIGNED;
/* Check description */
if (c->desc_size > 0) {
/* Make sure description fits and doesn't wrap */
if (c->fixed_size + c->desc_size < c->fixed_size)
return VB2_ERROR_COMMON_DESC_WRAPS;
if (c->fixed_size + c->desc_size > c->total_size)
return VB2_ERROR_COMMON_DESC_SIZE;
/* Description must be null-terminated */
if (vb21_common_desc(c)[c->desc_size - 1] != 0)
return VB2_ERROR_COMMON_DESC_TERMINATOR;
}
return VB2_SUCCESS;
}
int vb21_verify_common_member(const void *parent,
uint32_t *min_offset,
uint32_t member_offset,
uint32_t member_size)
{
const struct vb21_struct_common *c = parent;
uint32_t member_end = member_offset + member_size;
/* Make sure member doesn't wrap */
if (member_end < member_offset)
return VB2_ERROR_COMMON_MEMBER_WRAPS;
/* Member offset and size must be 32-bit aligned */
if (!vb2_aligned(member_offset, sizeof(uint32_t)) ||
!vb2_aligned(member_size, sizeof(uint32_t)))
return VB2_ERROR_COMMON_MEMBER_UNALIGNED;
/* Initialize minimum offset if necessary */
if (!*min_offset)
*min_offset = c->fixed_size + c->desc_size;
/* Member must be after minimum offset */
if (member_offset < *min_offset)
return VB2_ERROR_COMMON_MEMBER_OVERLAP;
/* Member must end before total size */
if (member_end > c->total_size)
return VB2_ERROR_COMMON_MEMBER_SIZE;
/* Update minimum offset for subsequent checks */
*min_offset = member_end;
return VB2_SUCCESS;
}
int vb21_verify_common_subobject(const void *parent,
uint32_t *min_offset,
uint32_t member_offset)
{
const struct vb21_struct_common *p = parent;
const struct vb21_struct_common *m =
(const struct vb21_struct_common *)
((const uint8_t *)parent + member_offset);
int rv;
/*
* Verify the parent has space at the member offset for the common
* header.
*/
rv = vb21_verify_common_member(parent, min_offset, member_offset,
sizeof(*m));
if (rv)
return rv;
/*
* Now it's safe to look at the member's header, and verify any
* additional data for the object past its common header fits in the
* parent.
*/
rv = vb21_verify_common_header(m, p->total_size - member_offset);
if (rv)
return rv;
/* Advance the min offset to the end of the subobject */
*min_offset = member_offset + m->total_size;
return VB2_SUCCESS;
}
uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
enum vb2_hash_algorithm hash_alg)
{
uint32_t digest_size = vb2_digest_size(hash_alg);
/* Fail if we don't support the hash algorithm */
if (!digest_size)
return 0;
/* Handle unsigned hashes */
if (sig_alg == VB2_SIG_NONE)
return digest_size;
return vb2_rsa_sig_size(sig_alg);
}
const struct vb2_id *vb2_hash_id(enum vb2_hash_algorithm hash_alg)
{
switch(hash_alg) {
#ifdef VB2_SUPPORT_SHA1
case VB2_HASH_SHA1:
{
static const struct vb2_id id = VB2_ID_NONE_SHA1;
return &id;
}
#endif
#ifdef VB2_SUPPORT_SHA256
case VB2_HASH_SHA256:
{
static const struct vb2_id id = VB2_ID_NONE_SHA256;
return &id;
}
#endif
#ifdef VB2_SUPPORT_SHA512
case VB2_HASH_SHA512:
{
static const struct vb2_id id = VB2_ID_NONE_SHA512;
return &id;
}
#endif
default:
return NULL;
}
}
int vb21_verify_signature(const struct vb21_signature *sig, uint32_t size)
{
uint32_t min_offset = 0;
uint32_t expect_sig_size;
int rv;
/* Check magic number */
if (sig->c.magic != VB21_MAGIC_SIGNATURE)
return VB2_ERROR_SIG_MAGIC;
/* Make sure common header is good */
rv = vb21_verify_common_header(sig, size);
if (rv)
return rv;
/*
* Check for compatible version. No need to check minor version, since
* that's compatible across readers matching the major version, and we
* haven't added any new fields.
*/
if (sig->c.struct_version_major != VB21_SIGNATURE_VERSION_MAJOR)
return VB2_ERROR_SIG_VERSION;
/* Make sure header is big enough for signature */
if (sig->c.fixed_size < sizeof(*sig))
return VB2_ERROR_SIG_HEADER_SIZE;
/* Make sure signature data is inside */
rv = vb21_verify_common_member(sig, &min_offset,
sig->sig_offset, sig->sig_size);
if (rv)
return rv;
/* Make sure signature size is correct for the algorithm */
expect_sig_size = vb2_sig_size(sig->sig_alg, sig->hash_alg);
if (!expect_sig_size)
return VB2_ERROR_SIG_ALGORITHM;
if (sig->sig_size != expect_sig_size)
return VB2_ERROR_SIG_SIZE;
return VB2_SUCCESS;
}
/**
* Return the signature data for a signature
*/
static uint8_t *vb21_signature_data(struct vb21_signature *sig)
{
return (uint8_t *)sig + sig->sig_offset;
}
int vb21_verify_digest(const struct vb2_public_key *key,
struct vb21_signature *sig,
const uint8_t *digest,
const struct vb2_workbuf *wb)
{
uint32_t key_sig_size = vb2_sig_size(key->sig_alg, key->hash_alg);
/* If we can't figure out the signature size, key algorithm was bad */
if (!key_sig_size)
return VB2_ERROR_VDATA_ALGORITHM;
/* Make sure the signature and key algorithms match */
if (key->sig_alg != sig->sig_alg || key->hash_alg != sig->hash_alg)
return VB2_ERROR_VDATA_ALGORITHM_MISMATCH;
if (sig->sig_size != key_sig_size)
return VB2_ERROR_VDATA_SIG_SIZE;
if (key->sig_alg == VB2_SIG_NONE) {
/* Bare hash */
if (vb2_safe_memcmp(vb21_signature_data(sig),
digest, key_sig_size))
return VB2_ERROR_VDATA_VERIFY_DIGEST;
return VB2_SUCCESS;
} else {
/* RSA-signed digest */
return vb2_rsa_verify_digest(key,
vb21_signature_data(sig),
digest, wb);
}
}
int vb21_verify_data(const void *data,
uint32_t size,
struct vb21_signature *sig,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
struct vb2_workbuf wblocal = *wb;
struct vb2_digest_context *dc;
uint8_t *digest;
uint32_t digest_size;
int rv;
if (sig->data_size != size) {
VB2_DEBUG("Wrong amount of data signed.\n");
return VB2_ERROR_VDATA_SIZE;
}
/* Digest goes at start of work buffer */
digest_size = vb2_digest_size(key->hash_alg);
if (!digest_size)
return VB2_ERROR_VDATA_DIGEST_SIZE;
digest = vb2_workbuf_alloc(&wblocal, digest_size);
if (!digest)
return VB2_ERROR_VDATA_WORKBUF_DIGEST;
/* Hashing requires temp space for the context */
dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc));
if (!dc)
return VB2_ERROR_VDATA_WORKBUF_HASHING;
rv = vb2_digest_init(dc, key->hash_alg);
if (rv)
return rv;
rv = vb2_digest_extend(dc, data, size);
if (rv)
return rv;
rv = vb2_digest_finalize(dc, digest, digest_size);
if (rv)
return rv;
vb2_workbuf_free(&wblocal, sizeof(*dc));
return vb21_verify_digest(key, sig, digest, &wblocal);
}
int vb21_verify_keyblock(struct vb21_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
uint32_t min_offset = 0, sig_offset;
int rv, i;
/* Check magic number */
if (block->c.magic != VB21_MAGIC_KEYBLOCK)
return VB2_ERROR_KEYBLOCK_MAGIC;
/* Make sure common header is good */
rv = vb21_verify_common_header(block, size);
if (rv)
return rv;
/*
* Check for compatible version. No need to check minor version, since
* that's compatible across readers matching the major version, and we
* haven't added any new fields.
*/
if (block->c.struct_version_major != VB21_KEYBLOCK_VERSION_MAJOR)
return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
/* Make sure header is big enough */
if (block->c.fixed_size < sizeof(*block))
return VB2_ERROR_KEYBLOCK_SIZE;
/* Make sure data key is inside */
rv = vb21_verify_common_subobject(block, &min_offset,
block->key_offset);
if (rv)
return rv;
/* Loop over signatures */
sig_offset = block->sig_offset;
for (i = 0; i < block->sig_count; i++, sig_offset = min_offset) {
struct vb21_signature *sig;
/* Make sure signature is inside keyblock */
rv = vb21_verify_common_subobject(block, &min_offset,
sig_offset);
if (rv)
return rv;
sig = (struct vb21_signature *)((uint8_t *)block + sig_offset);
/* Verify the signature integrity */
rv = vb21_verify_signature(sig,
block->c.total_size - sig_offset);
if (rv)
return rv;
/* Skip signature if it doesn't match the key ID */
if (memcmp(&sig->id, key->id, VB2_ID_NUM_BYTES))
continue;
/* Make sure we signed the right amount of data */
if (sig->data_size != block->sig_offset)
return VB2_ERROR_KEYBLOCK_SIGNED_SIZE;
return vb21_verify_data(block, block->sig_offset, sig, key, wb);
}
/* If we're still here, no signature matched the key ID */
return VB2_ERROR_KEYBLOCK_SIG_ID;
}
int vb21_verify_fw_preamble(struct vb21_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
struct vb21_signature *sig;
uint32_t min_offset = 0, hash_offset;
int rv, i;
/* Check magic number */
if (preamble->c.magic != VB21_MAGIC_FW_PREAMBLE)
return VB2_ERROR_PREAMBLE_MAGIC;
/* Make sure common header is good */
rv = vb21_verify_common_header(preamble, size);
if (rv)
return rv;
/*
* Check for compatible version. No need to check minor version, since
* that's compatible across readers matching the major version, and we
* haven't added any new fields.
*/
if (preamble->c.struct_version_major != VB21_FW_PREAMBLE_VERSION_MAJOR)
return VB2_ERROR_PREAMBLE_HEADER_VERSION;
/* Make sure header is big enough */
if (preamble->c.fixed_size < sizeof(*preamble))
return VB2_ERROR_PREAMBLE_SIZE;
/* Make sure all hash signatures are inside */
hash_offset = preamble->hash_offset;
for (i = 0; i < preamble->hash_count; i++, hash_offset = min_offset) {
/* Make sure signature is inside preamble */
rv = vb21_verify_common_subobject(preamble, &min_offset,
hash_offset);
if (rv)
return rv;
sig = (struct vb21_signature *)
((uint8_t *)preamble + hash_offset);
/* Verify the signature integrity */
rv = vb21_verify_signature(
sig, preamble->c.total_size - hash_offset);
if (rv)
return rv;
/* Hashes must all be unsigned */
if (sig->sig_alg != VB2_SIG_NONE)
return VB2_ERROR_PREAMBLE_HASH_SIGNED;
}
/* Make sure signature is inside preamble */
rv = vb21_verify_common_subobject(preamble, &min_offset,
preamble->sig_offset);
if (rv)
return rv;
/* Verify preamble signature */
sig = (struct vb21_signature *)((uint8_t *)preamble +
preamble->sig_offset);
rv = vb21_verify_data(preamble, preamble->sig_offset, sig, key, wb);
if (rv)
return rv;
return VB2_SUCCESS;
}
|
