1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Common functions between firmware and kernel verified boot. 6 */ 7 8 #ifndef VBOOT_REFERENCE_VB2_COMMON_H_ 9 #define VBOOT_REFERENCE_VB2_COMMON_H_ 10 11 #include "2api.h" 12 #include "2common.h" 13 #include "2return_codes.h" 14 #include "2sha.h" 15 #include "2struct.h" 16 #include "vb2_struct.h" 17 18 /* 19 * Helper functions to get data pointed to by a public key or signature. 20 */ 21 22 const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key); 23 uint8_t *vb2_signature_data(struct vb2_signature *sig); 24 25 /** 26 * Verify the data pointed to by a subfield is inside the parent data. 27 * 28 * The subfield has a header pointed to by member, and a separate data 29 * field at an offset relative to the header. That is: 30 * 31 * struct parent { 32 * (possibly other parent fields) 33 * struct member { 34 * (member header fields) 35 * }; 36 * (possibly other parent fields) 37 * }; 38 * (possibly some other parent data) 39 * (member data) 40 * (possibly some other parent data) 41 * 42 * @param parent Parent data 43 * @param parent_size Parent size in bytes 44 * @param member Subfield header 45 * @param member_size Size of subfield header in bytes 46 * @param member_data_offset Offset of member data from start of member 47 * @param member_data_size Size of member data in bytes 48 * @return VB2_SUCCESS, or non-zero if error. 49 */ 50 int vb2_verify_member_inside(const void *parent, size_t parent_size, 51 const void *member, size_t member_size, 52 ptrdiff_t member_data_offset, 53 size_t member_data_size); 54 55 /** 56 * Verify a signature is fully contained in its parent data 57 * 58 * @param parent Parent data 59 * @param parent_size Parent size in bytes 60 * @param sig Signature pointer 61 * @return VB2_SUCCESS, or non-zero if error. 62 */ 63 int vb2_verify_signature_inside(const void *parent, 64 uint32_t parent_size, 65 const struct vb2_signature *sig); 66 67 68 /** 69 * Verify a packed key is fully contained in its parent data 70 * 71 * @param parent Parent data 72 * @param parent_size Parent size in bytes 73 * @param key Packed key pointer 74 * @return VB2_SUCCESS, or non-zero if error. 75 */ 76 int vb2_verify_packed_key_inside(const void *parent, 77 uint32_t parent_size, 78 const struct vb2_packed_key *key); 79 80 /** 81 * Unpack a vboot1-format key for use in verification 82 * 83 * The elements of the unpacked key will point into the source buffer, so don't 84 * free the source buffer until you're done with the key. 85 * 86 * @param key Destintion for unpacked key 87 * @param buf Source buffer containing packed key 88 * @param size Size of buffer in bytes 89 * @return VB2_SUCCESS, or non-zero error code if error. 90 */ 91 int vb2_unpack_key(struct vb2_public_key *key, 92 const uint8_t *buf, 93 uint32_t size); 94 95 /** 96 * Verify a signature against an expected hash digest. 97 * 98 * @param key Key to use in signature verification 99 * @param sig Signature to verify (may be destroyed in process) 100 * @param digest Digest of signed data 101 * @param wb Work buffer 102 * @return VB2_SUCCESS, or non-zero if error. 103 */ 104 int vb2_verify_digest(const struct vb2_public_key *key, 105 struct vb2_signature *sig, 106 const uint8_t *digest, 107 const struct vb2_workbuf *wb); 108 109 /** 110 * Verify data matches signature. 111 * 112 * @param data Data to verify 113 * @param size Size of data buffer. Note that amount of data to 114 * actually validate is contained in sig->data_size. 115 * @param sig Signature of data (destroyed in process) 116 * @param key Key to use to validate signature 117 * @param wb Work buffer 118 * @return VB2_SUCCESS, or non-zero error code if error. 119 */ 120 int vb2_verify_data(const uint8_t *data, 121 uint32_t size, 122 struct vb2_signature *sig, 123 const struct vb2_public_key *key, 124 const struct vb2_workbuf *wb); 125 126 /** 127 * Check the sanity of a key block using a public key. 128 * 129 * Header fields are also checked for sanity. Does not verify key index or key 130 * block flags. Signature inside block is destroyed during check. 131 * 132 * @param block Key block to verify 133 * @param size Size of key block buffer 134 * @param key Key to use to verify block 135 * @param wb Work buffer 136 * @return VB2_SUCCESS, or non-zero error code if error. 137 */ 138 int vb2_verify_keyblock(struct vb2_keyblock *block, 139 uint32_t size, 140 const struct vb2_public_key *key, 141 const struct vb2_workbuf *wb); 142 143 /** 144 * Check the sanity of a firmware preamble using a public key. 145 * 146 * The signature in the preamble is destroyed during the check. 147 * 148 * @param preamble Preamble to verify 149 * @param size Size of preamble buffer 150 * @param key Key to use to verify preamble 151 * @param wb Work buffer 152 * @return VB2_SUCCESS, or non-zero error code if error. 153 */ 154 int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, 155 uint32_t size, 156 const struct vb2_public_key *key, 157 const struct vb2_workbuf *wb); 158 159 #endif /* VBOOT_REFERENCE_VB2_COMMON_H_ */ 160
