1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Common functions between firmware and kernel verified boot.
*/
#ifndef VBOOT_REFERENCE_VB21_COMMON_H_
#define VBOOT_REFERENCE_VB21_COMMON_H_
#include "2common.h"
#include "2return_codes.h"
#include "2struct.h"
#include "host_struct21.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/**
* Return the description of an object starting with a vb21_struct_common
* header.
*
* Does not sanity-check the buffer; merely returns the pointer.
*
* @param buf Pointer to common object
* @return A pointer to description or an empty string if none.
*/
const char *vb21_common_desc(const void *buf);
/**
* Verify the common struct header is fully contained in its parent data
*
* Also verifies the description is either zero-length or null-terminated.
*
* @param parent Parent data
* @param parent_size Parent size in bytes
* @return VB2_SUCCESS, or non-zero if error.
*/
vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size);
/**
* Verify a member is within the data for a parent object
*
* @param parent Parent data (starts with struct vb21_struct_common)
* @param min_offset Pointer to minimum offset where member can be located.
* If this offset is 0 on input, uses the size of the
* fixed header (and description, if any). This will be
* updated on return to the end of the passed member. On
* error, the value of min_offset is undefined.
* @param member_offset Offset of member data from start of parent, in bytes
* @param member_size Size of member data, in bytes
* @return VB2_SUCCESS, or non-zero if error.
*/
vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset,
uint32_t member_offset,
uint32_t member_size);
/**
* Verify a member which starts with a common header is within the parent
*
* This does not verify the contents of the member or its header, only that the
* member's claimed total size fits within the parent's claimed total size at
* the specified offset.
*
* @param parent Parent data (starts with struct vb21_struct_common)
* @param min_offset Pointer to minimum offset where member can be located.
* If this offset is 0 on input, uses the size of the
* fixed header (and description, if any). This will be
* updated on return to the end of the passed member. On
* error, the value of min_offset is undefined.
* @param member_offset Offset of member data from start of parent, in bytes.
* This should be the start of the common header of the
* member.
* @return VB2_SUCCESS, or non-zero if error.
*/
vb2_error_t vb21_verify_common_subobject(const void *parent,
uint32_t *min_offset,
uint32_t member_offset);
/**
* Verify the integrity of a signature struct
* @param sig Signature struct
* @param size Size of buffer containing signature struct
* @return VB2_SUCCESS, or non-zero if error.
*/
vb2_error_t vb21_verify_signature(const struct vb21_signature *sig,
uint32_t size);
/**
* Verify a signature against an expected hash digest.
*
* @param key Key to use in signature verification
* @param sig Signature to verify (may be destroyed in process)
* @param digest Digest of signed data
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero if error.
*/
vb2_error_t vb21_verify_digest(const struct vb2_public_key *key,
struct vb21_signature *sig,
const uint8_t *digest,
const struct vb2_workbuf *wb);
/**
* Verify data matches signature.
*
* @param data Data to verify
* @param size Size of data buffer. Note that amount of data to
* actually validate is contained in sig->data_size.
* @param sig Signature of data (destroyed in process)
* @param key Key to use to validate signature
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb21_verify_data(const void *data, uint32_t size,
struct vb21_signature *sig,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* VBOOT_REFERENCE_VB21_COMMON_H_ */
|
