Home | History | Annotate | Download | only in include 
      1 /* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
      2  * Use of this source code is governed by a BSD-style license that can be
      3  * found in the LICENSE file.
      4  *
      5  * Common functions between firmware and kernel verified boot.
      6  */
      7 
      8 #ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_
      9 #define VBOOT_REFERENCE_VBOOT_COMMON_H_
     10 
     11 #include "cryptolib.h"
     12 #include "vboot_struct.h"
     13 
     14 #ifndef ARRAY_SIZE
     15 #define ARRAY_SIZE(array) (sizeof(array)/sizeof(array[0]))
     16 #endif
     17 
     18 /* Test an important condition at compile time, not run time */
     19 #ifndef BUILD_ASSERT
     20 #define _BA1_(cond, line) \
     21 	extern int __build_assertion_ ## line[1 - 2*!(cond)] \
     22 	__attribute__ ((unused))
     23 #define _BA0_(c, x) _BA1_(c, x)
     24 #define BUILD_ASSERT(cond) _BA0_(cond, __LINE__)
     25 #endif
     26 
     27 /* Error Codes for all common functions. */
     28 enum {
     29 	VBOOT_SUCCESS = 0,
     30 	/* Key block internal structure is invalid, or not a key block */
     31 	VBOOT_KEY_BLOCK_INVALID,
     32 	/* Key block signature check failed */
     33 	VBOOT_KEY_BLOCK_SIGNATURE,
     34 	/* Key block hash check failed */
     35 	VBOOT_KEY_BLOCK_HASH,
     36 	/* Invalid public key passed to a signature verficiation function. */
     37 	VBOOT_PUBLIC_KEY_INVALID,
     38 	/* Preamble internal structure is invalid */
     39 	VBOOT_PREAMBLE_INVALID,
     40 	/* Preamble signature check failed */
     41 	VBOOT_PREAMBLE_SIGNATURE,
     42 	/* Shared data is invalid. */
     43 	VBOOT_SHARED_DATA_INVALID,
     44 	/* Kernel Preamble does not contain flags */
     45 	VBOOT_KERNEL_PREAMBLE_NO_FLAGS,
     46 	VBOOT_ERROR_MAX,
     47 };
     48 extern const char *kVbootErrors[VBOOT_ERROR_MAX];
     49 
     50 /**
     51  * Return offset of ptr from base.
     52  */
     53 uint64_t OffsetOf(const void *base, const void *ptr);
     54 
     55 /*
     56  * Helper functions to get data pointed to by a public key or signature.
     57  */
     58 
     59 uint8_t *GetPublicKeyData(VbPublicKey *key);
     60 const uint8_t *GetPublicKeyDataC(const VbPublicKey *key);
     61 uint8_t *GetSignatureData(VbSignature *sig);
     62 const uint8_t *GetSignatureDataC(const VbSignature *sig);
     63 
     64 /*
     65  * Helper functions to verify the data pointed to by a subfield is inside the
     66  * parent data.  Returns 0 if inside, 1 if error.
     67  */
     68 
     69 int VerifyMemberInside(const void *parent, uint64_t parent_size,
     70 		       const void *member, uint64_t member_size,
     71 		       uint64_t member_data_offset,
     72 		       uint64_t member_data_size);
     73 
     74 int VerifyPublicKeyInside(const void *parent, uint64_t parent_size,
     75 			  const VbPublicKey *key);
     76 
     77 int VerifySignatureInside(const void *parent, uint64_t parent_size,
     78 			  const VbSignature *sig);
     79 
     80 /**
     81  * Initialize a public key to refer to [key_data].
     82  */
     83 void PublicKeyInit(VbPublicKey *key, uint8_t *key_data, uint64_t key_size);
     84 
     85 /**
     86  * Copy a public key from [src] to [dest].
     87  *
     88  * Returns 0 if success, non-zero if error.
     89  */
     90 int PublicKeyCopy(VbPublicKey *dest, const VbPublicKey *src);
     91 
     92 /**
     93  * Convert a public key to RsaPublicKey format.  The returned key must be freed
     94  * using RSAPublicKeyFree().
     95  *
     96  * Returns NULL if error.
     97  */
     98 RSAPublicKey *PublicKeyToRSA(const VbPublicKey *key);
     99 
    100 /**
    101  * Verify [data] matches signature [sig] using [key].  [size] is the size of
    102  * the data buffer; the amount of data to be validated is contained in
    103  * sig->data_size.
    104  */
    105 int VerifyData(const uint8_t *data, uint64_t size, const VbSignature *sig,
    106 	       const RSAPublicKey *key);
    107 
    108 /**
    109  * Verify a secure hash digest from DigestBuf() or DigestFinal(), using
    110  * [key]. Returns 0 on success.
    111  */
    112 int VerifyDigest(const uint8_t *digest, const VbSignature *sig,
    113 		 const RSAPublicKey *key);
    114 
    115 /**
    116  * Check the sanity of a key block of size [size] bytes, using public key
    117  * [key].  If hash_only is non-zero, uses only the block checksum to verify the
    118  * key block.  Header fields are also checked for sanity.  Does not verify key
    119  * index or key block flags.
    120  */
    121 int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size,
    122 		   const VbPublicKey *key, int hash_only);
    123 
    124 
    125 /**
    126  * Check the sanity of a firmware preamble of size [size] bytes, using public
    127  * key [key].
    128  *
    129  * Returns VBOOT_SUCCESS if successful.
    130  */
    131 int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader *preamble,
    132 			   uint64_t size, const RSAPublicKey *key);
    133 
    134 
    135 /**
    136  * Return the flags from a firmware preamble, or a default value for older
    137  * preamble versions which didn't contain flags.  Use this function to ensure
    138  * compatibility with older preamble versions (2.0).  Assumes the preamble has
    139  * already been verified via VerifyFirmwarePreamble().
    140  */
    141 uint32_t VbGetFirmwarePreambleFlags(const VbFirmwarePreambleHeader *preamble);
    142 
    143 /**
    144  * Check the sanity of a kernel preamble of size [size] bytes, using public key
    145  * [key].
    146  *
    147  * Returns VBOOT_SUCCESS if successful.
    148  */
    149 int VerifyKernelPreamble(const VbKernelPreambleHeader *preamble,
    150 			 uint64_t size, const RSAPublicKey *key);
    151 
    152 
    153 /**
    154  * Retrieve the 16-bit vmlinuz header address and size from the kernel preamble
    155  * if there is one.  These are only available in Kernel Preamble Header version
    156  * >= 2.1.  If given a header 2.0 or lower, will set address and size to 0 (this
    157  * is not considered an error).
    158  *
    159  * Returns VBOOT_SUCCESS if successful.
    160  */
    161 int VbGetKernelVmlinuzHeader(const VbKernelPreambleHeader *preamble,
    162 			     uint64_t *vmlinuz_header_address,
    163 			     uint64_t *vmlinuz_header_size);
    164 
    165 /**
    166  * Checks if the kernel preamble has flags field. This is available only if the
    167  * Kernel Preamble Header version >=2.2. If give a header of 2.1 or lower, it
    168  * will return VBOOT_KERNEL_PREAMBLE_NO_FLAGS.
    169  *
    170  * Returns VBOOT_SUCCESS if version is >=2.2.
    171  */
    172 int VbKernelHasFlags(const VbKernelPreambleHeader *preamble);
    173 
    174 /**
    175  * Verify that the Vmlinuz Header is contained inside of the kernel blob.
    176  *
    177  * Returns VBOOT_SUCCESS or VBOOT_PREAMBLE_INVALID on error
    178  */
    179 int VerifyVmlinuzInsideKBlob(uint64_t kblob, uint64_t kblob_size,
    180 			     uint64_t header, uint64_t header_size);
    181 /**
    182  * Initialize a verified boot shared data structure.
    183  *
    184  * Returns 0 if success, non-zero if error.
    185  */
    186 int VbSharedDataInit(VbSharedDataHeader *header, uint64_t size);
    187 
    188 /**
    189  * Reserve [size] bytes of the shared data area.  Returns the offset of the
    190  * reserved data from the start of the shared data buffer, or 0 if error.
    191  */
    192 uint64_t VbSharedDataReserve(VbSharedDataHeader *header, uint64_t size);
    193 
    194 /**
    195  * Copy the kernel subkey into the shared data.
    196  *
    197  * Returns 0 if success, non-zero if error.
    198  */
    199 int VbSharedDataSetKernelKey(VbSharedDataHeader *header,
    200                              const VbPublicKey *src);
    201 
    202 #endif  /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */
    203