Home | History | Annotate | Download | only in include 
      1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
      2  * Use of this source code is governed by a BSD-style license that can be
      3  * found in the LICENSE file.
      4  *
      5  * Common functions between firmware and kernel verified boot.
      6  */
      7 
      8 #ifndef VBOOT_REFERENCE_VBOOT_2COMMON_H_
      9 #define VBOOT_REFERENCE_VBOOT_2COMMON_H_
     10 
     11 #include "2api.h"
     12 #include "2return_codes.h"
     13 #include "2sha.h"
     14 #include "2struct.h"
     15 
     16 struct vb2_public_key;
     17 
     18 /*
     19  * Return the greater of A and B.  This is used in macros which calculate the
     20  * required buffer size, so can't be turned into a static inline function.
     21  */
     22 #ifndef VB2_MAX
     23 #define VB2_MAX(A, B) ((A) > (B) ? (A) : (B))
     24 #endif
     25 
     26 /* Return the number of elements in an array */
     27 #ifndef ARRAY_SIZE
     28 #define ARRAY_SIZE(array) (sizeof(array)/sizeof(array[0]))
     29 #endif
     30 
     31 /* Debug output printf() for tests.  Otherwise, it's platform-dependent. */
     32 #if defined(VBOOT_DEBUG)
     33 #  if defined(FOR_TEST)
     34 #    define VB2_DEBUG(format, args...) printf(format, ## args)
     35 #  else
     36 #    define VB2_DEBUG(format, args...) vb2ex_printf(__func__, format, ## args)
     37 #  endif
     38 #else
     39 #  define VB2_DEBUG(format, args...)
     40 #endif
     41 
     42 /*
     43  * Alignment for work buffer pointers/allocations should be useful for any
     44  * data type. When declaring workbuf buffers on the stack, the caller should
     45  * use explicit alignment to avoid run-time errors. For example:
     46  *
     47  *    int foo(void)
     48  *    {
     49  *        struct vb2_workbuf wb;
     50  *        uint8_t buf[NUM] __attribute__ ((aligned (VB2_WORKBUF_ALIGN)));
     51  *        wb.buf = buf;
     52  *        wb.size = sizeof(buf);
     53  */
     54 
     55 /* We might get away with using __alignof__(void *), but since GCC defines a
     56  * macro for us we'll be safe and use that. */
     57 #define VB2_WORKBUF_ALIGN __BIGGEST_ALIGNMENT__
     58 
     59 /* Work buffer */
     60 struct vb2_workbuf {
     61 	uint8_t *buf;
     62 	uint32_t size;
     63 };
     64 
     65 /**
     66  * Initialize a work buffer.
     67  *
     68  * @param wb		Work buffer to init
     69  * @param buf		Pointer to work buffer data
     70  * @param size		Size of work buffer data in bytes
     71  */
     72 void vb2_workbuf_init(struct vb2_workbuf *wb, uint8_t *buf, uint32_t size);
     73 
     74 /**
     75  * Allocate space in a work buffer.
     76  *
     77  * Note that the returned buffer will always be aligned to VB2_WORKBUF_ALIGN.
     78  *
     79  * The work buffer acts like a stack, and detailed tracking of allocs and frees
     80  * is not done.  The caller must track the size of each allocation and free via
     81  * vb2_workbuf_free() in the reverse order they were allocated.
     82  *
     83  * An acceptable alternate workflow inside a function is to pass in a const
     84  * work buffer, then make a local copy.  Allocations done to the local copy
     85  * then don't change the passed-in work buffer, and will effectively be freed
     86  * when the local copy goes out of scope.
     87  *
     88  * @param wb		Work buffer
     89  * @param size		Requested size in bytes
     90  * @return A pointer to the allocated space, or NULL if error.
     91  */
     92 void *vb2_workbuf_alloc(struct vb2_workbuf *wb, uint32_t size);
     93 
     94 /**
     95  * Reallocate space in a work buffer.
     96  *
     97  * Note that the returned buffer will always be aligned to VB2_WORKBUF_ALIGN.
     98  * The work buffer acts like a stack, so this must only be done to the most
     99  * recently allocated buffer.
    100  *
    101  * @param wb		Work buffer
    102  * @param oldsize	Old allocation size in bytes
    103  * @param newsize	Requested size in bytes
    104  * @return A pointer to the allocated space, or NULL if error.
    105  */
    106 void *vb2_workbuf_realloc(struct vb2_workbuf *wb,
    107 			  uint32_t oldsize,
    108 			  uint32_t newsize);
    109 
    110 /**
    111  * Free the preceding allocation.
    112  *
    113  * Note that the work buffer acts like a stack, and detailed tracking of
    114  * allocs and frees is not done.  The caller must track the size of each
    115  * allocation and free them in reverse order.
    116  *
    117  * @param wb		Work buffer
    118  * @param size		Size of data to free
    119  */
    120 void vb2_workbuf_free(struct vb2_workbuf *wb, uint32_t size);
    121 
    122 /* Check if a pointer is aligned on an align-byte boundary */
    123 #define vb2_aligned(ptr, align) (!(((uintptr_t)(ptr)) & ((align) - 1)))
    124 
    125 /**
    126  * Safer memcmp() for use in crypto.
    127  *
    128  * Compares the buffers to see if they are equal.  Time taken to perform
    129  * the comparison is dependent only on the size, not the relationship of
    130  * the match between the buffers.  Note that unlike memcmp(), this only
    131  * indicates inequality, not which buffer is lesser.
    132  *
    133  * @param s1		First buffer
    134  * @param s2		Second buffer
    135  * @param size		Number of bytes to compare
    136  * @return 0 if match or size=0, non-zero if at least one byte mismatched.
    137  */
    138 int vb2_safe_memcmp(const void *s1, const void *s2, size_t size);
    139 
    140 /**
    141  * Align a buffer and check its size.
    142  *
    143  * @param **ptr		Pointer to pointer to align
    144  * @param *size		Points to size of buffer pointed to by *ptr
    145  * @param align		Required alignment (must be power of 2)
    146  * @param want_size	Required size
    147  * @return VB2_SUCCESS, or non-zero if error.
    148  */
    149 int vb2_align(uint8_t **ptr,
    150 	      uint32_t *size,
    151 	      uint32_t align,
    152 	      uint32_t want_size);
    153 
    154 /**
    155  * Return offset of ptr from base.
    156  *
    157  * @param base		Base pointer
    158  * @param ptr		Pointer at some offset from base
    159  * @return The offset of ptr from base.
    160  */
    161 ptrdiff_t vb2_offset_of(const void *base, const void *ptr);
    162 
    163 /**
    164  * Return expected signature size for a signature/hash algorithm pair
    165  *
    166  * @param sig_alg	Signature algorithm
    167  * @param hash_alg	Hash algorithm
    168  * @return The signature size, or zero if error / unsupported algorithm.
    169  */
    170 uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
    171 		      enum vb2_hash_algorithm hash_alg);
    172 
    173 /**
    174  * Return a key guid for an unsigned hash algorithm.
    175  *
    176  * @param hash_alg	Hash algorithm to return key for
    177  * @return A pointer to the key guid for that hash algorithm and
    178  *	   sig_alg=VB2_SIG_NONE, or NULL if error.
    179  */
    180 const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg);
    181 
    182 /* Size of work buffer sufficient for vb2_verify_digest() worst case. */
    183 #define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
    184 
    185 /* Size of work buffer sufficient for vb2_verify_data() worst case. */
    186 #define VB2_VERIFY_DATA_WORKBUF_BYTES					\
    187 	(VB2_SHA512_DIGEST_SIZE +					\
    188 	 VB2_MAX(VB2_VERIFY_DIGEST_WORKBUF_BYTES,			\
    189 		 sizeof(struct vb2_digest_context)))
    190 
    191 /* Size of work buffer sufficient for vb2_verify_keyblock() worst case. */
    192 #define VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
    193 
    194 /* Size of work buffer sufficient for vb2_verify_fw_preamble() worst case. */
    195 #define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
    196 
    197 #endif  /* VBOOT_REFERENCE_VBOOT_2COMMON_H_ */
    198