16f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 26f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Use of this source code is governed by a BSD-style license that can be 36f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * found in the LICENSE file. 46f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 56f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Common functions between firmware and kernel verified boot. 66f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 76f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 86f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#ifndef VBOOT_REFERENCE_VB2_COMMON_H_ 96f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define VBOOT_REFERENCE_VB2_COMMON_H_ 106f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 116f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#include "2api.h" 126f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#include "2common.h" 136f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#include "2return_codes.h" 146f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#include "2sha.h" 156f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#include "2struct.h" 166f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#include "vb2_struct.h" 176f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 186f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* 196f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Helper functions to get data pointed to by a public key or signature. 206f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 216f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 226f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerconst uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key); 236f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangleruint8_t *vb2_signature_data(struct vb2_signature *sig); 246f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 256f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 266f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Verify the data pointed to by a subfield is inside the parent data. 276f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 286f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * The subfield has a header pointed to by member, and a separate data 296f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * field at an offset relative to the header. That is: 306f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 316f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * struct parent { 326f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * (possibly other parent fields) 336f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * struct member { 346f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * (member header fields) 356f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * }; 366f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * (possibly other parent fields) 376f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * }; 386f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * (possibly some other parent data) 396f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * (member data) 406f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * (possibly some other parent data) 416f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 426f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param parent Parent data 436f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param parent_size Parent size in bytes 446f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param member Subfield header 456f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param member_size Size of subfield header in bytes 466f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param member_data_offset Offset of member data from start of member 476f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param member_data_size Size of member data in bytes 486f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero if error. 496f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 506f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_verify_member_inside(const void *parent, size_t parent_size, 516f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const void *member, size_t member_size, 526f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler ptrdiff_t member_data_offset, 536f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler size_t member_data_size); 546f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 556f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 566f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Verify a signature is fully contained in its parent data 576f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 586f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param parent Parent data 596f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param parent_size Parent size in bytes 606f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param sig Signature pointer 616f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero if error. 626f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 636f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_verify_signature_inside(const void *parent, 646f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t parent_size, 656f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_signature *sig); 666f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 676f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 686f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 696f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Verify a packed key is fully contained in its parent data 706f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 716f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param parent Parent data 726f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param parent_size Parent size in bytes 736f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param key Packed key pointer 746f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero if error. 756f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 766f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_verify_packed_key_inside(const void *parent, 776f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t parent_size, 786f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_packed_key *key); 796f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 806f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 816f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Unpack a vboot1-format key for use in verification 826f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 836f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * The elements of the unpacked key will point into the source buffer, so don't 846f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * free the source buffer until you're done with the key. 856f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 866f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param key Destintion for unpacked key 876f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param buf Source buffer containing packed key 886f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param size Size of buffer in bytes 896f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 906f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 916f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_unpack_key(struct vb2_public_key *key, 926f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const uint8_t *buf, 936f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t size); 946f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 956f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 966f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Verify a signature against an expected hash digest. 976f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 986f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param key Key to use in signature verification 996f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param sig Signature to verify (may be destroyed in process) 1006f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param digest Digest of signed data 1016f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param wb Work buffer 1026f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero if error. 1036f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1046f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_verify_digest(const struct vb2_public_key *key, 1056f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_signature *sig, 1066f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const uint8_t *digest, 1076f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_workbuf *wb); 1086f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1096f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 1106f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Verify data matches signature. 1116f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1126f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param data Data to verify 1136f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param size Size of data buffer. Note that amount of data to 1146f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * actually validate is contained in sig->data_size. 1156f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param sig Signature of data (destroyed in process) 1166f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param key Key to use to validate signature 1176f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param wb Work buffer 1186f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 1196f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1206f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_verify_data(const uint8_t *data, 1216f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t size, 1226f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_signature *sig, 1236f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_public_key *key, 1246f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_workbuf *wb); 1256f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1266f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 1276f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Check the sanity of a key block using a public key. 1286f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1296f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Header fields are also checked for sanity. Does not verify key index or key 1306f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * block flags. Signature inside block is destroyed during check. 1316f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1326f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param block Key block to verify 1336f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param size Size of key block buffer 1346f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param key Key to use to verify block 1356f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param wb Work buffer 1366f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 1376f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1386f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_verify_keyblock(struct vb2_keyblock *block, 1396f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t size, 1406f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_public_key *key, 1416f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_workbuf *wb); 1426f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1436f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/** 1446f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Check the sanity of a firmware preamble using a public key. 1456f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1466f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * The signature in the preamble is destroyed during the check. 1476f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1486f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param preamble Preamble to verify 1496f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param size Size of preamble buffer 1506f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param key Key to use to verify preamble 1516f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @param wb Work buffer 1526f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 1536f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1546f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerint vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble, 1556f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t size, 1566f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_public_key *key, 1576f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler const struct vb2_workbuf *wb); 1586f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1596f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#endif /* VBOOT_REFERENCE_VB2_COMMON_H_ */ 160