1/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Common functions between firmware and kernel verified boot.
6 */
7
8#ifndef VBOOT_REFERENCE_VB2_COMMON_H_
9#define VBOOT_REFERENCE_VB2_COMMON_H_
10
11#include "2api.h"
12#include "2common.h"
13#include "2return_codes.h"
14#include "2sha.h"
15#include "2struct.h"
16#include "vb2_struct.h"
17
18/*
19 * Helper functions to get data pointed to by a public key or signature.
20 */
21
22const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key);
23uint8_t *vb2_signature_data(struct vb2_signature *sig);
24
25/**
26 * Verify the data pointed to by a subfield is inside the parent data.
27 *
28 * The subfield has a header pointed to by member, and a separate data
29 * field at an offset relative to the header.  That is:
30 *
31 *   struct parent {
32 *     (possibly other parent fields)
33 *     struct member {
34 *        (member header fields)
35 *     };
36 *     (possibly other parent fields)
37 *   };
38 *   (possibly some other parent data)
39 *   (member data)
40 *   (possibly some other parent data)
41 *
42 * @param parent		Parent data
43 * @param parent_size		Parent size in bytes
44 * @param member		Subfield header
45 * @param member_size		Size of subfield header in bytes
46 * @param member_data_offset	Offset of member data from start of member
47 * @param member_data_size	Size of member data in bytes
48 * @return VB2_SUCCESS, or non-zero if error.
49 */
50int vb2_verify_member_inside(const void *parent, size_t parent_size,
51			     const void *member, size_t member_size,
52			     ptrdiff_t member_data_offset,
53			     size_t member_data_size);
54
55/**
56 * Verify a signature is fully contained in its parent data
57 *
58 * @param parent	Parent data
59 * @param parent_size	Parent size in bytes
60 * @param sig		Signature pointer
61 * @return VB2_SUCCESS, or non-zero if error.
62 */
63int vb2_verify_signature_inside(const void *parent,
64				uint32_t parent_size,
65				const struct vb2_signature *sig);
66
67
68/**
69 * Verify a packed key is fully contained in its parent data
70 *
71 * @param parent	Parent data
72 * @param parent_size	Parent size in bytes
73 * @param key		Packed key pointer
74 * @return VB2_SUCCESS, or non-zero if error.
75 */
76int vb2_verify_packed_key_inside(const void *parent,
77				 uint32_t parent_size,
78				 const struct vb2_packed_key *key);
79
80/**
81 * Unpack a vboot1-format key for use in verification
82 *
83 * The elements of the unpacked key will point into the source buffer, so don't
84 * free the source buffer until you're done with the key.
85 *
86 * @param key		Destintion for unpacked key
87 * @param buf		Source buffer containing packed key
88 * @param size		Size of buffer in bytes
89 * @return VB2_SUCCESS, or non-zero error code if error.
90 */
91int vb2_unpack_key(struct vb2_public_key *key,
92		   const uint8_t *buf,
93		   uint32_t size);
94
95/**
96 * Verify a signature against an expected hash digest.
97 *
98 * @param key		Key to use in signature verification
99 * @param sig		Signature to verify (may be destroyed in process)
100 * @param digest	Digest of signed data
101 * @param wb		Work buffer
102 * @return VB2_SUCCESS, or non-zero if error.
103 */
104int vb2_verify_digest(const struct vb2_public_key *key,
105		      struct vb2_signature *sig,
106		      const uint8_t *digest,
107		      const struct vb2_workbuf *wb);
108
109/**
110 * Verify data matches signature.
111 *
112 * @param data		Data to verify
113 * @param size		Size of data buffer.  Note that amount of data to
114 *			actually validate is contained in sig->data_size.
115 * @param sig		Signature of data (destroyed in process)
116 * @param key		Key to use to validate signature
117 * @param wb		Work buffer
118 * @return VB2_SUCCESS, or non-zero error code if error.
119 */
120int vb2_verify_data(const uint8_t *data,
121		    uint32_t size,
122		    struct vb2_signature *sig,
123		    const struct vb2_public_key *key,
124		    const struct vb2_workbuf *wb);
125
126/**
127 * Check the sanity of a key block using a public key.
128 *
129 * Header fields are also checked for sanity.  Does not verify key index or key
130 * block flags.  Signature inside block is destroyed during check.
131 *
132 * @param block		Key block to verify
133 * @param size		Size of key block buffer
134 * @param key		Key to use to verify block
135 * @param wb		Work buffer
136 * @return VB2_SUCCESS, or non-zero error code if error.
137 */
138int vb2_verify_keyblock(struct vb2_keyblock *block,
139			uint32_t size,
140			const struct vb2_public_key *key,
141			const struct vb2_workbuf *wb);
142
143/**
144 * Check the sanity of a firmware preamble using a public key.
145 *
146 * The signature in the preamble is destroyed during the check.
147 *
148 * @param preamble     	Preamble to verify
149 * @param size		Size of preamble buffer
150 * @param key		Key to use to verify preamble
151 * @param wb		Work buffer
152 * @return VB2_SUCCESS, or non-zero error code if error.
153 */
154int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
155			   uint32_t size,
156			   const struct vb2_public_key *key,
157			   const struct vb2_workbuf *wb);
158
159#endif  /* VBOOT_REFERENCE_VB2_COMMON_H_ */
160