1 /* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Common functions between firmware and kernel verified boot. 6 */ 7 8 #ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_ 9 #define VBOOT_REFERENCE_VBOOT_COMMON_H_ 10 11 #include "cryptolib.h" 12 #include "vboot_struct.h" 13 14 #ifndef ARRAY_SIZE 15 #define ARRAY_SIZE(array) (sizeof(array)/sizeof(array[0])) 16 #endif 17 18 /* Test an important condition at compile time, not run time */ 19 #ifndef BUILD_ASSERT 20 #define _BA1_(cond, line) \ 21 extern int __build_assertion_ ## line[1 - 2*!(cond)] \ 22 __attribute__ ((unused)) 23 #define _BA0_(c, x) _BA1_(c, x) 24 #define BUILD_ASSERT(cond) _BA0_(cond, __LINE__) 25 #endif 26 27 /* Error Codes for all common functions. */ 28 enum { 29 VBOOT_SUCCESS = 0, 30 /* Key block internal structure is invalid, or not a key block */ 31 VBOOT_KEY_BLOCK_INVALID, 32 /* Key block signature check failed */ 33 VBOOT_KEY_BLOCK_SIGNATURE, 34 /* Key block hash check failed */ 35 VBOOT_KEY_BLOCK_HASH, 36 /* Invalid public key passed to a signature verficiation function. */ 37 VBOOT_PUBLIC_KEY_INVALID, 38 /* Preamble internal structure is invalid */ 39 VBOOT_PREAMBLE_INVALID, 40 /* Preamble signature check failed */ 41 VBOOT_PREAMBLE_SIGNATURE, 42 /* Shared data is invalid. */ 43 VBOOT_SHARED_DATA_INVALID, 44 /* Kernel Preamble does not contain flags */ 45 VBOOT_KERNEL_PREAMBLE_NO_FLAGS, 46 VBOOT_ERROR_MAX, 47 }; 48 extern const char *kVbootErrors[VBOOT_ERROR_MAX]; 49 50 /** 51 * Return offset of ptr from base. 52 */ 53 uint64_t OffsetOf(const void *base, const void *ptr); 54 55 /* 56 * Helper functions to get data pointed to by a public key or signature. 57 */ 58 59 uint8_t *GetPublicKeyData(VbPublicKey *key); 60 const uint8_t *GetPublicKeyDataC(const VbPublicKey *key); 61 uint8_t *GetSignatureData(VbSignature *sig); 62 const uint8_t *GetSignatureDataC(const VbSignature *sig); 63 64 /* 65 * Helper functions to verify the data pointed to by a subfield is inside the 66 * parent data. Returns 0 if inside, 1 if error. 67 */ 68 69 int VerifyMemberInside(const void *parent, uint64_t parent_size, 70 const void *member, uint64_t member_size, 71 uint64_t member_data_offset, 72 uint64_t member_data_size); 73 74 int VerifyPublicKeyInside(const void *parent, uint64_t parent_size, 75 const VbPublicKey *key); 76 77 int VerifySignatureInside(const void *parent, uint64_t parent_size, 78 const VbSignature *sig); 79 80 /** 81 * Initialize a public key to refer to [key_data]. 82 */ 83 void PublicKeyInit(VbPublicKey *key, uint8_t *key_data, uint64_t key_size); 84 85 /** 86 * Copy a public key from [src] to [dest]. 87 * 88 * Returns 0 if success, non-zero if error. 89 */ 90 int PublicKeyCopy(VbPublicKey *dest, const VbPublicKey *src); 91 92 /** 93 * Convert a public key to RsaPublicKey format. The returned key must be freed 94 * using RSAPublicKeyFree(). 95 * 96 * Returns NULL if error. 97 */ 98 RSAPublicKey *PublicKeyToRSA(const VbPublicKey *key); 99 100 /** 101 * Verify [data] matches signature [sig] using [key]. [size] is the size of 102 * the data buffer; the amount of data to be validated is contained in 103 * sig->data_size. 104 */ 105 int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig, 106 const RSAPublicKey *key); 107 108 /** 109 * Verify a secure hash digest from DigestBuf() or DigestFinal(), using 110 * [key]. Returns 0 on success. 111 */ 112 int VerifyDigest(const uint8_t *digest, const VbSignature *sig, 113 const RSAPublicKey *key); 114 115 /** 116 * Check the sanity of a key block of size [size] bytes, using public key 117 * [key]. If hash_only is non-zero, uses only the block checksum to verify the 118 * key block. Header fields are also checked for sanity. Does not verify key 119 * index or key block flags. 120 */ 121 int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size, 122 const VbPublicKey *key, int hash_only); 123 124 125 /** 126 * Check the sanity of a firmware preamble of size [size] bytes, using public 127 * key [key]. 128 * 129 * Returns VBOOT_SUCCESS if successful. 130 */ 131 int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader *preamble, 132 uint64_t size, const RSAPublicKey *key); 133 134 135 /** 136 * Return the flags from a firmware preamble, or a default value for older 137 * preamble versions which didn't contain flags. Use this function to ensure 138 * compatibility with older preamble versions (2.0). Assumes the preamble has 139 * already been verified via VerifyFirmwarePreamble(). 140 */ 141 uint32_t VbGetFirmwarePreambleFlags(const VbFirmwarePreambleHeader *preamble); 142 143 /** 144 * Check the sanity of a kernel preamble of size [size] bytes, using public key 145 * [key]. 146 * 147 * Returns VBOOT_SUCCESS if successful. 148 */ 149 int VerifyKernelPreamble(const VbKernelPreambleHeader *preamble, 150 uint64_t size, const RSAPublicKey *key); 151 152 153 /** 154 * Retrieve the 16-bit vmlinuz header address and size from the kernel preamble 155 * if there is one. These are only available in Kernel Preamble Header version 156 * >= 2.1. If given a header 2.0 or lower, will set address and size to 0 (this 157 * is not considered an error). 158 * 159 * Returns VBOOT_SUCCESS if successful. 160 */ 161 int VbGetKernelVmlinuzHeader(const VbKernelPreambleHeader *preamble, 162 uint64_t *vmlinuz_header_address, 163 uint64_t *vmlinuz_header_size); 164 165 /** 166 * Checks if the kernel preamble has flags field. This is available only if the 167 * Kernel Preamble Header version >=2.2. If give a header of 2.1 or lower, it 168 * will return VBOOT_KERNEL_PREAMBLE_NO_FLAGS. 169 * 170 * Returns VBOOT_SUCCESS if version is >=2.2. 171 */ 172 int VbKernelHasFlags(const VbKernelPreambleHeader *preamble); 173 174 /** 175 * Verify that the Vmlinuz Header is contained inside of the kernel blob. 176 * 177 * Returns VBOOT_SUCCESS or VBOOT_PREAMBLE_INVALID on error 178 */ 179 int VerifyVmlinuzInsideKBlob(uint64_t kblob, uint64_t kblob_size, 180 uint64_t header, uint64_t header_size); 181 /** 182 * Initialize a verified boot shared data structure. 183 * 184 * Returns 0 if success, non-zero if error. 185 */ 186 int VbSharedDataInit(VbSharedDataHeader *header, uint64_t size); 187 188 /** 189 * Reserve [size] bytes of the shared data area. Returns the offset of the 190 * reserved data from the start of the shared data buffer, or 0 if error. 191 */ 192 uint64_t VbSharedDataReserve(VbSharedDataHeader *header, uint64_t size); 193 194 /** 195 * Copy the kernel subkey into the shared data. 196 * 197 * Returns 0 if success, non-zero if error. 198 */ 199 int VbSharedDataSetKernelKey(VbSharedDataHeader *header, 200 const VbPublicKey *src); 201 202 #endif /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */ 203