1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2014 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker *
5*8617a60dSAndroid Build Coastguard Worker * Common functions between firmware and kernel verified boot.
6*8617a60dSAndroid Build Coastguard Worker */
7*8617a60dSAndroid Build Coastguard Worker
8*8617a60dSAndroid Build Coastguard Worker #ifndef VBOOT_REFERENCE_2COMMON_H_
9*8617a60dSAndroid Build Coastguard Worker #define VBOOT_REFERENCE_2COMMON_H_
10*8617a60dSAndroid Build Coastguard Worker
11*8617a60dSAndroid Build Coastguard Worker #include "2api.h"
12*8617a60dSAndroid Build Coastguard Worker #include "2gbb.h"
13*8617a60dSAndroid Build Coastguard Worker #include "2misc.h"
14*8617a60dSAndroid Build Coastguard Worker #include "2packed_key.h"
15*8617a60dSAndroid Build Coastguard Worker #include "2return_codes.h"
16*8617a60dSAndroid Build Coastguard Worker #include "2sha.h"
17*8617a60dSAndroid Build Coastguard Worker #include "2struct.h"
18*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h"
19*8617a60dSAndroid Build Coastguard Worker
20*8617a60dSAndroid Build Coastguard Worker struct vb2_public_key;
21*8617a60dSAndroid Build Coastguard Worker
22*8617a60dSAndroid Build Coastguard Worker /* Time conversion constants. */
23*8617a60dSAndroid Build Coastguard Worker #define VB2_USEC_PER_MSEC 1000ULL
24*8617a60dSAndroid Build Coastguard Worker #define VB2_MSEC_PER_SEC 1000ULL
25*8617a60dSAndroid Build Coastguard Worker
26*8617a60dSAndroid Build Coastguard Worker /*
27*8617a60dSAndroid Build Coastguard Worker * Return the min/max of A and B. This is used in macros which calculate the
28*8617a60dSAndroid Build Coastguard Worker * required buffer size, so can't be turned into a static inline function.
29*8617a60dSAndroid Build Coastguard Worker */
30*8617a60dSAndroid Build Coastguard Worker #define VB2_MIN(a, b) ({ \
31*8617a60dSAndroid Build Coastguard Worker typeof(a) __vb2_min_a = (a); \
32*8617a60dSAndroid Build Coastguard Worker typeof(b) __vb2_min_b = (b); \
33*8617a60dSAndroid Build Coastguard Worker __vb2_min_a < __vb2_min_b ? __vb2_min_a : __vb2_min_b; \
34*8617a60dSAndroid Build Coastguard Worker })
35*8617a60dSAndroid Build Coastguard Worker #define VB2_MAX(a, b) ({ \
36*8617a60dSAndroid Build Coastguard Worker typeof(a) __vb2_max_a = (a); \
37*8617a60dSAndroid Build Coastguard Worker typeof(b) __vb2_max_b = (b); \
38*8617a60dSAndroid Build Coastguard Worker __vb2_max_a > __vb2_max_b ? __vb2_max_a : __vb2_max_b; \
39*8617a60dSAndroid Build Coastguard Worker })
40*8617a60dSAndroid Build Coastguard Worker
41*8617a60dSAndroid Build Coastguard Worker /* Return the number of elements in an array */
42*8617a60dSAndroid Build Coastguard Worker #ifndef ARRAY_SIZE
43*8617a60dSAndroid Build Coastguard Worker #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
44*8617a60dSAndroid Build Coastguard Worker #endif
45*8617a60dSAndroid Build Coastguard Worker
46*8617a60dSAndroid Build Coastguard Worker /* Platform-dependent debug/assert output macros. */
47*8617a60dSAndroid Build Coastguard Worker #define VB2_DEBUG(format, args...) \
48*8617a60dSAndroid Build Coastguard Worker vb2ex_printf(__func__, format, ## args)
49*8617a60dSAndroid Build Coastguard Worker
50*8617a60dSAndroid Build Coastguard Worker #define VB2_DEBUG_RAW(format, args...) \
51*8617a60dSAndroid Build Coastguard Worker vb2ex_printf(NULL, format, ## args)
52*8617a60dSAndroid Build Coastguard Worker
53*8617a60dSAndroid Build Coastguard Worker #define VB2_ASSERT(expr) do { \
54*8617a60dSAndroid Build Coastguard Worker if (!(expr)) { \
55*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("assertion failed: %s at %s:%d\n", \
56*8617a60dSAndroid Build Coastguard Worker #expr, __FILE__, __LINE__); \
57*8617a60dSAndroid Build Coastguard Worker vb2ex_abort(); \
58*8617a60dSAndroid Build Coastguard Worker for (;;); \
59*8617a60dSAndroid Build Coastguard Worker } \
60*8617a60dSAndroid Build Coastguard Worker } while (0)
61*8617a60dSAndroid Build Coastguard Worker
62*8617a60dSAndroid Build Coastguard Worker #define VB2_DIE(format, args...) do { \
63*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG(format, ## args); \
64*8617a60dSAndroid Build Coastguard Worker vb2ex_abort(); \
65*8617a60dSAndroid Build Coastguard Worker for (;;); \
66*8617a60dSAndroid Build Coastguard Worker } while (0)
67*8617a60dSAndroid Build Coastguard Worker
68*8617a60dSAndroid Build Coastguard Worker #define VB2_REC_OR_DIE(ctx, format, args...) do { \
69*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG(format, ## args); \
70*8617a60dSAndroid Build Coastguard Worker if ((vb2_get_sd(ctx)->status & VB2_SD_STATUS_RECOVERY_DECIDED) && \
71*8617a60dSAndroid Build Coastguard Worker !(ctx->flags & VB2_CONTEXT_RECOVERY_MODE)) { \
72*8617a60dSAndroid Build Coastguard Worker vb2ex_abort(); \
73*8617a60dSAndroid Build Coastguard Worker for (;;); \
74*8617a60dSAndroid Build Coastguard Worker } \
75*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("IGNORING ABORT IN RECOVERY MODE!!!\n"); \
76*8617a60dSAndroid Build Coastguard Worker } while (0)
77*8617a60dSAndroid Build Coastguard Worker
78*8617a60dSAndroid Build Coastguard Worker /*
79*8617a60dSAndroid Build Coastguard Worker * Define test_mockable and for mocking functions when compiled for Chrome OS
80*8617a60dSAndroid Build Coastguard Worker * environment (that is, not for firmware).
81*8617a60dSAndroid Build Coastguard Worker */
82*8617a60dSAndroid Build Coastguard Worker #ifndef test_mockable
83*8617a60dSAndroid Build Coastguard Worker #ifdef CHROMEOS_ENVIRONMENT
84*8617a60dSAndroid Build Coastguard Worker #define test_mockable __attribute__((weak))
85*8617a60dSAndroid Build Coastguard Worker #else
86*8617a60dSAndroid Build Coastguard Worker #define test_mockable
87*8617a60dSAndroid Build Coastguard Worker #endif
88*8617a60dSAndroid Build Coastguard Worker #endif
89*8617a60dSAndroid Build Coastguard Worker
90*8617a60dSAndroid Build Coastguard Worker #if (defined(__GNUC__) && __GNUC__ >= 7)
91*8617a60dSAndroid Build Coastguard Worker #define VBOOT_FALLTHROUGH __attribute__((__fallthrough__))
92*8617a60dSAndroid Build Coastguard Worker #elif defined(__clang__)
93*8617a60dSAndroid Build Coastguard Worker #if __has_attribute(__fallthrough__)
94*8617a60dSAndroid Build Coastguard Worker #define VBOOT_FALLTHROUGH __attribute__((__fallthrough__))
95*8617a60dSAndroid Build Coastguard Worker #endif
96*8617a60dSAndroid Build Coastguard Worker #else
97*8617a60dSAndroid Build Coastguard Worker #define VBOOT_FALLTHROUGH ((void)0)
98*8617a60dSAndroid Build Coastguard Worker #endif
99*8617a60dSAndroid Build Coastguard Worker
100*8617a60dSAndroid Build Coastguard Worker /**
101*8617a60dSAndroid Build Coastguard Worker * Round down a number to a multiple of VB2_WORKBUF_ALIGN
102*8617a60dSAndroid Build Coastguard Worker *
103*8617a60dSAndroid Build Coastguard Worker * @param v Number to round down
104*8617a60dSAndroid Build Coastguard Worker * @return The number, rounded down.
105*8617a60dSAndroid Build Coastguard Worker */
vb2_wb_round_down(uint32_t v)106*8617a60dSAndroid Build Coastguard Worker static inline uint32_t vb2_wb_round_down(uint32_t v)
107*8617a60dSAndroid Build Coastguard Worker {
108*8617a60dSAndroid Build Coastguard Worker return v & ~(VB2_WORKBUF_ALIGN - 1);
109*8617a60dSAndroid Build Coastguard Worker }
110*8617a60dSAndroid Build Coastguard Worker
111*8617a60dSAndroid Build Coastguard Worker /**
112*8617a60dSAndroid Build Coastguard Worker * Round up a number to a multiple of VB2_WORKBUF_ALIGN
113*8617a60dSAndroid Build Coastguard Worker *
114*8617a60dSAndroid Build Coastguard Worker * @param v Number to round up
115*8617a60dSAndroid Build Coastguard Worker * @return The number, rounded up.
116*8617a60dSAndroid Build Coastguard Worker */
vb2_wb_round_up(uint32_t v)117*8617a60dSAndroid Build Coastguard Worker static inline uint32_t vb2_wb_round_up(uint32_t v)
118*8617a60dSAndroid Build Coastguard Worker {
119*8617a60dSAndroid Build Coastguard Worker return (v + VB2_WORKBUF_ALIGN - 1) & ~(VB2_WORKBUF_ALIGN - 1);
120*8617a60dSAndroid Build Coastguard Worker }
121*8617a60dSAndroid Build Coastguard Worker
122*8617a60dSAndroid Build Coastguard Worker /* Work buffer */
123*8617a60dSAndroid Build Coastguard Worker struct vb2_workbuf {
124*8617a60dSAndroid Build Coastguard Worker uint8_t *buf;
125*8617a60dSAndroid Build Coastguard Worker uint32_t size;
126*8617a60dSAndroid Build Coastguard Worker };
127*8617a60dSAndroid Build Coastguard Worker
128*8617a60dSAndroid Build Coastguard Worker /**
129*8617a60dSAndroid Build Coastguard Worker * Initialize a work buffer.
130*8617a60dSAndroid Build Coastguard Worker *
131*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer to init
132*8617a60dSAndroid Build Coastguard Worker * @param buf Pointer to work buffer data
133*8617a60dSAndroid Build Coastguard Worker * @param size Size of work buffer data in bytes
134*8617a60dSAndroid Build Coastguard Worker */
135*8617a60dSAndroid Build Coastguard Worker void vb2_workbuf_init(struct vb2_workbuf *wb, uint8_t *buf, uint32_t size);
136*8617a60dSAndroid Build Coastguard Worker
137*8617a60dSAndroid Build Coastguard Worker /**
138*8617a60dSAndroid Build Coastguard Worker * Allocate space in a work buffer.
139*8617a60dSAndroid Build Coastguard Worker *
140*8617a60dSAndroid Build Coastguard Worker * Note that the returned buffer will always be aligned to VB2_WORKBUF_ALIGN.
141*8617a60dSAndroid Build Coastguard Worker *
142*8617a60dSAndroid Build Coastguard Worker * The work buffer acts like a stack, and detailed tracking of allocs and frees
143*8617a60dSAndroid Build Coastguard Worker * is not done. The caller must track the size of each allocation and free via
144*8617a60dSAndroid Build Coastguard Worker * vb2_workbuf_free() in the reverse order they were allocated.
145*8617a60dSAndroid Build Coastguard Worker *
146*8617a60dSAndroid Build Coastguard Worker * An acceptable alternate workflow inside a function is to pass in a const
147*8617a60dSAndroid Build Coastguard Worker * work buffer, then make a local copy. Allocations done to the local copy
148*8617a60dSAndroid Build Coastguard Worker * then don't change the passed-in work buffer, and will effectively be freed
149*8617a60dSAndroid Build Coastguard Worker * when the local copy goes out of scope.
150*8617a60dSAndroid Build Coastguard Worker *
151*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
152*8617a60dSAndroid Build Coastguard Worker * @param size Requested size in bytes
153*8617a60dSAndroid Build Coastguard Worker * @return A pointer to the allocated space, or NULL if error.
154*8617a60dSAndroid Build Coastguard Worker */
155*8617a60dSAndroid Build Coastguard Worker void *vb2_workbuf_alloc(struct vb2_workbuf *wb, uint32_t size);
156*8617a60dSAndroid Build Coastguard Worker
157*8617a60dSAndroid Build Coastguard Worker /**
158*8617a60dSAndroid Build Coastguard Worker * Reallocate space in a work buffer.
159*8617a60dSAndroid Build Coastguard Worker *
160*8617a60dSAndroid Build Coastguard Worker * Note that the returned buffer will always be aligned to VB2_WORKBUF_ALIGN.
161*8617a60dSAndroid Build Coastguard Worker * The work buffer acts like a stack, so this must only be done to the most
162*8617a60dSAndroid Build Coastguard Worker * recently allocated buffer.
163*8617a60dSAndroid Build Coastguard Worker *
164*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
165*8617a60dSAndroid Build Coastguard Worker * @param oldsize Old allocation size in bytes
166*8617a60dSAndroid Build Coastguard Worker * @param newsize Requested size in bytes
167*8617a60dSAndroid Build Coastguard Worker * @return A pointer to the allocated space, or NULL if error.
168*8617a60dSAndroid Build Coastguard Worker */
169*8617a60dSAndroid Build Coastguard Worker void *vb2_workbuf_realloc(struct vb2_workbuf *wb, uint32_t oldsize,
170*8617a60dSAndroid Build Coastguard Worker uint32_t newsize);
171*8617a60dSAndroid Build Coastguard Worker
172*8617a60dSAndroid Build Coastguard Worker /**
173*8617a60dSAndroid Build Coastguard Worker * Free the preceding allocation.
174*8617a60dSAndroid Build Coastguard Worker *
175*8617a60dSAndroid Build Coastguard Worker * Note that the work buffer acts like a stack, and detailed tracking of
176*8617a60dSAndroid Build Coastguard Worker * allocs and frees is not done. The caller must track the size of each
177*8617a60dSAndroid Build Coastguard Worker * allocation and free them in reverse order.
178*8617a60dSAndroid Build Coastguard Worker *
179*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
180*8617a60dSAndroid Build Coastguard Worker * @param size Size of data to free
181*8617a60dSAndroid Build Coastguard Worker */
182*8617a60dSAndroid Build Coastguard Worker void vb2_workbuf_free(struct vb2_workbuf *wb, uint32_t size);
183*8617a60dSAndroid Build Coastguard Worker
184*8617a60dSAndroid Build Coastguard Worker /* Check if a pointer is aligned on an align-byte boundary */
185*8617a60dSAndroid Build Coastguard Worker #define vb2_aligned(ptr, align) (!(((uintptr_t)(ptr)) & ((align) - 1)))
186*8617a60dSAndroid Build Coastguard Worker
187*8617a60dSAndroid Build Coastguard Worker /**
188*8617a60dSAndroid Build Coastguard Worker * Safer memcmp() for use in crypto.
189*8617a60dSAndroid Build Coastguard Worker *
190*8617a60dSAndroid Build Coastguard Worker * Compares the buffers to see if they are equal. Time taken to perform
191*8617a60dSAndroid Build Coastguard Worker * the comparison is dependent only on the size, not the relationship of
192*8617a60dSAndroid Build Coastguard Worker * the match between the buffers. Note that unlike memcmp(), this only
193*8617a60dSAndroid Build Coastguard Worker * indicates inequality, not which buffer is lesser.
194*8617a60dSAndroid Build Coastguard Worker *
195*8617a60dSAndroid Build Coastguard Worker * @param s1 First buffer
196*8617a60dSAndroid Build Coastguard Worker * @param s2 Second buffer
197*8617a60dSAndroid Build Coastguard Worker * @param size Number of bytes to compare
198*8617a60dSAndroid Build Coastguard Worker * @return 0 if match or size=0, non-zero if at least one byte mismatched.
199*8617a60dSAndroid Build Coastguard Worker */
200*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_safe_memcmp(const void *s1, const void *s2, size_t size);
201*8617a60dSAndroid Build Coastguard Worker
202*8617a60dSAndroid Build Coastguard Worker /**
203*8617a60dSAndroid Build Coastguard Worker * Align a buffer and check its size.
204*8617a60dSAndroid Build Coastguard Worker *
205*8617a60dSAndroid Build Coastguard Worker * @param **ptr Pointer to pointer to align
206*8617a60dSAndroid Build Coastguard Worker * @param *size Points to size of buffer pointed to by *ptr
207*8617a60dSAndroid Build Coastguard Worker * @param align Required alignment (must be power of 2)
208*8617a60dSAndroid Build Coastguard Worker * @param want_size Required size
209*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero if error.
210*8617a60dSAndroid Build Coastguard Worker */
211*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_align(uint8_t **ptr, uint32_t *size, uint32_t align,
212*8617a60dSAndroid Build Coastguard Worker uint32_t want_size);
213*8617a60dSAndroid Build Coastguard Worker
214*8617a60dSAndroid Build Coastguard Worker /**
215*8617a60dSAndroid Build Coastguard Worker * Return offset of ptr from base.
216*8617a60dSAndroid Build Coastguard Worker *
217*8617a60dSAndroid Build Coastguard Worker * @param base Base pointer
218*8617a60dSAndroid Build Coastguard Worker * @param ptr Pointer at some offset from base
219*8617a60dSAndroid Build Coastguard Worker * @return The offset of ptr from base.
220*8617a60dSAndroid Build Coastguard Worker */
221*8617a60dSAndroid Build Coastguard Worker ptrdiff_t vb2_offset_of(const void *base, const void *ptr);
222*8617a60dSAndroid Build Coastguard Worker
223*8617a60dSAndroid Build Coastguard Worker /**
224*8617a60dSAndroid Build Coastguard Worker * Return member of given object.
225*8617a60dSAndroid Build Coastguard Worker *
226*8617a60dSAndroid Build Coastguard Worker * @param parent Pointer to parent object
227*8617a60dSAndroid Build Coastguard Worker * @param offset Offset from base
228*8617a60dSAndroid Build Coastguard Worker * @return Pointer to child object.
229*8617a60dSAndroid Build Coastguard Worker */
230*8617a60dSAndroid Build Coastguard Worker void *vb2_member_of(void *parent, ptrdiff_t offset);
231*8617a60dSAndroid Build Coastguard Worker
232*8617a60dSAndroid Build Coastguard Worker /**
233*8617a60dSAndroid Build Coastguard Worker * Return expected signature size for a signature/hash algorithm pair
234*8617a60dSAndroid Build Coastguard Worker *
235*8617a60dSAndroid Build Coastguard Worker * @param sig_alg Signature algorithm
236*8617a60dSAndroid Build Coastguard Worker * @param hash_alg Hash algorithm
237*8617a60dSAndroid Build Coastguard Worker * @return The signature size, or zero if error / unsupported algorithm.
238*8617a60dSAndroid Build Coastguard Worker */
239*8617a60dSAndroid Build Coastguard Worker uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
240*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm hash_alg);
241*8617a60dSAndroid Build Coastguard Worker
242*8617a60dSAndroid Build Coastguard Worker /**
243*8617a60dSAndroid Build Coastguard Worker * Return a key ID for an unsigned hash algorithm.
244*8617a60dSAndroid Build Coastguard Worker *
245*8617a60dSAndroid Build Coastguard Worker * @param hash_alg Hash algorithm to return key for
246*8617a60dSAndroid Build Coastguard Worker * @return A pointer to the key ID for that hash algorithm with
247*8617a60dSAndroid Build Coastguard Worker * sig_alg=VB2_SIG_NONE, or NULL if error.
248*8617a60dSAndroid Build Coastguard Worker */
249*8617a60dSAndroid Build Coastguard Worker const struct vb2_id *vb2_hash_id(enum vb2_hash_algorithm hash_alg);
250*8617a60dSAndroid Build Coastguard Worker
251*8617a60dSAndroid Build Coastguard Worker /* Size of work buffer sufficient for vb2_verify_digest() worst case. */
252*8617a60dSAndroid Build Coastguard Worker #define VB2_VERIFY_DIGEST_WORKBUF_BYTES VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES
253*8617a60dSAndroid Build Coastguard Worker
254*8617a60dSAndroid Build Coastguard Worker /* Size of work buffer sufficient for vb2_verify_data() worst case. */
255*8617a60dSAndroid Build Coastguard Worker #define VB2_VERIFY_DATA_WORKBUF_BYTES \
256*8617a60dSAndroid Build Coastguard Worker (VB2_SHA512_DIGEST_SIZE + \
257*8617a60dSAndroid Build Coastguard Worker VB2_MAX(VB2_VERIFY_DIGEST_WORKBUF_BYTES, \
258*8617a60dSAndroid Build Coastguard Worker sizeof(struct vb2_digest_context)))
259*8617a60dSAndroid Build Coastguard Worker
260*8617a60dSAndroid Build Coastguard Worker /* Size of work buffer sufficient for vb2_verify_keyblock() worst case. */
261*8617a60dSAndroid Build Coastguard Worker #define VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
262*8617a60dSAndroid Build Coastguard Worker
263*8617a60dSAndroid Build Coastguard Worker /* Size of work buffer sufficient for vb2_verify_fw_preamble() worst case. */
264*8617a60dSAndroid Build Coastguard Worker #define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
265*8617a60dSAndroid Build Coastguard Worker
266*8617a60dSAndroid Build Coastguard Worker /*
267*8617a60dSAndroid Build Coastguard Worker * Size of work buffer sufficient for vb2_verify_kernel_preamble() worst
268*8617a60dSAndroid Build Coastguard Worker * case.
269*8617a60dSAndroid Build Coastguard Worker */
270*8617a60dSAndroid Build Coastguard Worker #define VB2_VERIFY_KERNEL_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES
271*8617a60dSAndroid Build Coastguard Worker
272*8617a60dSAndroid Build Coastguard Worker /**
273*8617a60dSAndroid Build Coastguard Worker * Verify the data pointed to by a subfield is inside the parent data.
274*8617a60dSAndroid Build Coastguard Worker *
275*8617a60dSAndroid Build Coastguard Worker * The subfield has a header pointed to by member, and a separate data
276*8617a60dSAndroid Build Coastguard Worker * field at an offset relative to the header. That is:
277*8617a60dSAndroid Build Coastguard Worker *
278*8617a60dSAndroid Build Coastguard Worker * struct parent {
279*8617a60dSAndroid Build Coastguard Worker * (possibly other parent fields)
280*8617a60dSAndroid Build Coastguard Worker * struct member {
281*8617a60dSAndroid Build Coastguard Worker * (member header fields)
282*8617a60dSAndroid Build Coastguard Worker * };
283*8617a60dSAndroid Build Coastguard Worker * (possibly other parent fields)
284*8617a60dSAndroid Build Coastguard Worker * };
285*8617a60dSAndroid Build Coastguard Worker * (possibly some other parent data)
286*8617a60dSAndroid Build Coastguard Worker * (member data)
287*8617a60dSAndroid Build Coastguard Worker * (possibly some other parent data)
288*8617a60dSAndroid Build Coastguard Worker *
289*8617a60dSAndroid Build Coastguard Worker * @param parent Parent data
290*8617a60dSAndroid Build Coastguard Worker * @param parent_size Parent size in bytes
291*8617a60dSAndroid Build Coastguard Worker * @param member Subfield header
292*8617a60dSAndroid Build Coastguard Worker * @param member_size Size of subfield header in bytes
293*8617a60dSAndroid Build Coastguard Worker * @param member_data_offset Offset of member data from start of member
294*8617a60dSAndroid Build Coastguard Worker * @param member_data_size Size of member data in bytes
295*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero if error.
296*8617a60dSAndroid Build Coastguard Worker */
297*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_verify_member_inside(const void *parent, size_t parent_size,
298*8617a60dSAndroid Build Coastguard Worker const void *member, size_t member_size,
299*8617a60dSAndroid Build Coastguard Worker ptrdiff_t member_data_offset,
300*8617a60dSAndroid Build Coastguard Worker size_t member_data_size);
301*8617a60dSAndroid Build Coastguard Worker
302*8617a60dSAndroid Build Coastguard Worker /*
303*8617a60dSAndroid Build Coastguard Worker * Helper function to get data pointed to by a public key.
304*8617a60dSAndroid Build Coastguard Worker */
vb2_packed_key_data_mutable(struct vb2_packed_key * key)305*8617a60dSAndroid Build Coastguard Worker static inline uint8_t *vb2_packed_key_data_mutable(
306*8617a60dSAndroid Build Coastguard Worker struct vb2_packed_key *key)
307*8617a60dSAndroid Build Coastguard Worker {
308*8617a60dSAndroid Build Coastguard Worker return (uint8_t *)key + key->key_offset;
309*8617a60dSAndroid Build Coastguard Worker }
310*8617a60dSAndroid Build Coastguard Worker
vb2_packed_key_data(const struct vb2_packed_key * key)311*8617a60dSAndroid Build Coastguard Worker static inline const uint8_t *vb2_packed_key_data(
312*8617a60dSAndroid Build Coastguard Worker const struct vb2_packed_key *key)
313*8617a60dSAndroid Build Coastguard Worker {
314*8617a60dSAndroid Build Coastguard Worker return (const uint8_t *)((uintptr_t)key + key->key_offset);
315*8617a60dSAndroid Build Coastguard Worker }
316*8617a60dSAndroid Build Coastguard Worker
317*8617a60dSAndroid Build Coastguard Worker /**
318*8617a60dSAndroid Build Coastguard Worker * Verify a packed key is fully contained in its parent data
319*8617a60dSAndroid Build Coastguard Worker *
320*8617a60dSAndroid Build Coastguard Worker * @param parent Parent data
321*8617a60dSAndroid Build Coastguard Worker * @param parent_size Parent size in bytes
322*8617a60dSAndroid Build Coastguard Worker * @param key Packed key pointer
323*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero if error.
324*8617a60dSAndroid Build Coastguard Worker */
vb2_verify_packed_key_inside(const void * parent,uint32_t parent_size,const struct vb2_packed_key * key)325*8617a60dSAndroid Build Coastguard Worker static inline vb2_error_t vb2_verify_packed_key_inside(
326*8617a60dSAndroid Build Coastguard Worker const void *parent,
327*8617a60dSAndroid Build Coastguard Worker uint32_t parent_size,
328*8617a60dSAndroid Build Coastguard Worker const struct vb2_packed_key *key)
329*8617a60dSAndroid Build Coastguard Worker {
330*8617a60dSAndroid Build Coastguard Worker return vb2_verify_member_inside(parent, parent_size,
331*8617a60dSAndroid Build Coastguard Worker key, sizeof(*key),
332*8617a60dSAndroid Build Coastguard Worker key->key_offset, key->key_size);
333*8617a60dSAndroid Build Coastguard Worker }
334*8617a60dSAndroid Build Coastguard Worker
335*8617a60dSAndroid Build Coastguard Worker /*
336*8617a60dSAndroid Build Coastguard Worker * Helper functions to get data pointed to by a public key or signature.
337*8617a60dSAndroid Build Coastguard Worker */
vb2_signature_data_mutable(struct vb2_signature * sig)338*8617a60dSAndroid Build Coastguard Worker static inline uint8_t *vb2_signature_data_mutable(
339*8617a60dSAndroid Build Coastguard Worker struct vb2_signature *sig)
340*8617a60dSAndroid Build Coastguard Worker {
341*8617a60dSAndroid Build Coastguard Worker return (uint8_t *)sig + sig->sig_offset;
342*8617a60dSAndroid Build Coastguard Worker }
343*8617a60dSAndroid Build Coastguard Worker
vb2_signature_data(const struct vb2_signature * sig)344*8617a60dSAndroid Build Coastguard Worker static inline const uint8_t *vb2_signature_data(
345*8617a60dSAndroid Build Coastguard Worker const struct vb2_signature *sig)
346*8617a60dSAndroid Build Coastguard Worker {
347*8617a60dSAndroid Build Coastguard Worker return (const uint8_t *)((uintptr_t)sig + sig->sig_offset);
348*8617a60dSAndroid Build Coastguard Worker }
349*8617a60dSAndroid Build Coastguard Worker
350*8617a60dSAndroid Build Coastguard Worker /**
351*8617a60dSAndroid Build Coastguard Worker * Verify a signature is fully contained in its parent data
352*8617a60dSAndroid Build Coastguard Worker *
353*8617a60dSAndroid Build Coastguard Worker * @param parent Parent data
354*8617a60dSAndroid Build Coastguard Worker * @param parent_size Parent size in bytes
355*8617a60dSAndroid Build Coastguard Worker * @param sig Signature pointer
356*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero if error.
357*8617a60dSAndroid Build Coastguard Worker */
vb2_verify_signature_inside(const void * parent,uint32_t parent_size,const struct vb2_signature * sig)358*8617a60dSAndroid Build Coastguard Worker static inline vb2_error_t vb2_verify_signature_inside(
359*8617a60dSAndroid Build Coastguard Worker const void *parent,
360*8617a60dSAndroid Build Coastguard Worker uint32_t parent_size,
361*8617a60dSAndroid Build Coastguard Worker const struct vb2_signature *sig)
362*8617a60dSAndroid Build Coastguard Worker {
363*8617a60dSAndroid Build Coastguard Worker return vb2_verify_member_inside(parent, parent_size,
364*8617a60dSAndroid Build Coastguard Worker sig, sizeof(*sig),
365*8617a60dSAndroid Build Coastguard Worker sig->sig_offset, sig->sig_size);
366*8617a60dSAndroid Build Coastguard Worker }
367*8617a60dSAndroid Build Coastguard Worker
368*8617a60dSAndroid Build Coastguard Worker /**
369*8617a60dSAndroid Build Coastguard Worker * Verify a signature against an expected hash digest.
370*8617a60dSAndroid Build Coastguard Worker *
371*8617a60dSAndroid Build Coastguard Worker * @param key Key to use in signature verification
372*8617a60dSAndroid Build Coastguard Worker * @param sig Signature to verify (may be destroyed in process)
373*8617a60dSAndroid Build Coastguard Worker * @param digest Digest of signed data
374*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
375*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero if error.
376*8617a60dSAndroid Build Coastguard Worker */
377*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_verify_digest(const struct vb2_public_key *key,
378*8617a60dSAndroid Build Coastguard Worker struct vb2_signature *sig, const uint8_t *digest,
379*8617a60dSAndroid Build Coastguard Worker const struct vb2_workbuf *wb);
380*8617a60dSAndroid Build Coastguard Worker
381*8617a60dSAndroid Build Coastguard Worker /**
382*8617a60dSAndroid Build Coastguard Worker * Verify data matches signature.
383*8617a60dSAndroid Build Coastguard Worker *
384*8617a60dSAndroid Build Coastguard Worker * @param data Data to verify
385*8617a60dSAndroid Build Coastguard Worker * @param size Size of data buffer. Note that amount of data to
386*8617a60dSAndroid Build Coastguard Worker * actually validate is contained in sig->data_size.
387*8617a60dSAndroid Build Coastguard Worker * @param sig Signature of data (destroyed in process)
388*8617a60dSAndroid Build Coastguard Worker * @param key Key to use to validate signature
389*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
390*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error.
391*8617a60dSAndroid Build Coastguard Worker */
392*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size,
393*8617a60dSAndroid Build Coastguard Worker struct vb2_signature *sig,
394*8617a60dSAndroid Build Coastguard Worker const struct vb2_public_key *key,
395*8617a60dSAndroid Build Coastguard Worker const struct vb2_workbuf *wb);
396*8617a60dSAndroid Build Coastguard Worker
397*8617a60dSAndroid Build Coastguard Worker /**
398*8617a60dSAndroid Build Coastguard Worker * Check the validity of a keyblock structure.
399*8617a60dSAndroid Build Coastguard Worker *
400*8617a60dSAndroid Build Coastguard Worker * Verifies all the header fields. Does not verify key index or keyblock
401*8617a60dSAndroid Build Coastguard Worker * flags. Should be called before verifying the keyblock data itself using
402*8617a60dSAndroid Build Coastguard Worker * the key. (This function does not itself verify the signature - just that
403*8617a60dSAndroid Build Coastguard Worker * the right amount of data is claimed to be signed.)
404*8617a60dSAndroid Build Coastguard Worker *
405*8617a60dSAndroid Build Coastguard Worker * @param block Keyblock to verify
406*8617a60dSAndroid Build Coastguard Worker * @param size Size of keyblock buffer
407*8617a60dSAndroid Build Coastguard Worker * @param sig Which signature inside the keyblock to use
408*8617a60dSAndroid Build Coastguard Worker */
409*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size,
410*8617a60dSAndroid Build Coastguard Worker const struct vb2_signature *sig);
411*8617a60dSAndroid Build Coastguard Worker
412*8617a60dSAndroid Build Coastguard Worker /**
413*8617a60dSAndroid Build Coastguard Worker * Verify a keyblock using a public key.
414*8617a60dSAndroid Build Coastguard Worker *
415*8617a60dSAndroid Build Coastguard Worker * Header fields are also checked for validity. Does not verify key index or key
416*8617a60dSAndroid Build Coastguard Worker * block flags. Signature inside block is destroyed during check.
417*8617a60dSAndroid Build Coastguard Worker *
418*8617a60dSAndroid Build Coastguard Worker * @param block Keyblock to verify
419*8617a60dSAndroid Build Coastguard Worker * @param size Size of keyblock buffer
420*8617a60dSAndroid Build Coastguard Worker * @param key Key to use to verify block
421*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
422*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error.
423*8617a60dSAndroid Build Coastguard Worker */
424*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size,
425*8617a60dSAndroid Build Coastguard Worker const struct vb2_public_key *key,
426*8617a60dSAndroid Build Coastguard Worker const struct vb2_workbuf *wb);
427*8617a60dSAndroid Build Coastguard Worker
428*8617a60dSAndroid Build Coastguard Worker /**
429*8617a60dSAndroid Build Coastguard Worker * Check the validity of a firmware preamble using a public key.
430*8617a60dSAndroid Build Coastguard Worker *
431*8617a60dSAndroid Build Coastguard Worker * The signature in the preamble is destroyed during the check.
432*8617a60dSAndroid Build Coastguard Worker *
433*8617a60dSAndroid Build Coastguard Worker * @param preamble Preamble to verify
434*8617a60dSAndroid Build Coastguard Worker * @param size Size of preamble buffer
435*8617a60dSAndroid Build Coastguard Worker * @param key Key to use to verify preamble
436*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
437*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error.
438*8617a60dSAndroid Build Coastguard Worker */
439*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
440*8617a60dSAndroid Build Coastguard Worker uint32_t size,
441*8617a60dSAndroid Build Coastguard Worker const struct vb2_public_key *key,
442*8617a60dSAndroid Build Coastguard Worker const struct vb2_workbuf *wb);
443*8617a60dSAndroid Build Coastguard Worker
444*8617a60dSAndroid Build Coastguard Worker /**
445*8617a60dSAndroid Build Coastguard Worker * Get the flags for the kernel preamble.
446*8617a60dSAndroid Build Coastguard Worker *
447*8617a60dSAndroid Build Coastguard Worker * @param preamble Preamble to check
448*8617a60dSAndroid Build Coastguard Worker * @return Flags for the preamble. Old preamble versions (<2.2) return 0.
449*8617a60dSAndroid Build Coastguard Worker */
450*8617a60dSAndroid Build Coastguard Worker uint32_t vb2_kernel_get_flags(const struct vb2_kernel_preamble *preamble);
451*8617a60dSAndroid Build Coastguard Worker
452*8617a60dSAndroid Build Coastguard Worker /**
453*8617a60dSAndroid Build Coastguard Worker * Verify a keyblock using its hash.
454*8617a60dSAndroid Build Coastguard Worker *
455*8617a60dSAndroid Build Coastguard Worker * Header fields are also checked for validity. Does not verify key index or key
456*8617a60dSAndroid Build Coastguard Worker * block flags. Use this for self-signed keyblocks in developer mode.
457*8617a60dSAndroid Build Coastguard Worker *
458*8617a60dSAndroid Build Coastguard Worker * @param block Keyblock to verify
459*8617a60dSAndroid Build Coastguard Worker * @param size Size of keyblock buffer
460*8617a60dSAndroid Build Coastguard Worker * @param key Key to use to verify block
461*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
462*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error.
463*8617a60dSAndroid Build Coastguard Worker */
464*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
465*8617a60dSAndroid Build Coastguard Worker uint32_t size,
466*8617a60dSAndroid Build Coastguard Worker const struct vb2_workbuf *wb);
467*8617a60dSAndroid Build Coastguard Worker
468*8617a60dSAndroid Build Coastguard Worker /**
469*8617a60dSAndroid Build Coastguard Worker * Check the validity of a kernel preamble using a public key.
470*8617a60dSAndroid Build Coastguard Worker *
471*8617a60dSAndroid Build Coastguard Worker * The signature in the preamble is destroyed during the check.
472*8617a60dSAndroid Build Coastguard Worker *
473*8617a60dSAndroid Build Coastguard Worker * @param preamble Preamble to verify
474*8617a60dSAndroid Build Coastguard Worker * @param size Size of preamble buffer
475*8617a60dSAndroid Build Coastguard Worker * @param key Key to use to verify preamble
476*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer
477*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error.
478*8617a60dSAndroid Build Coastguard Worker */
479*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble,
480*8617a60dSAndroid Build Coastguard Worker uint32_t size,
481*8617a60dSAndroid Build Coastguard Worker const struct vb2_public_key *key,
482*8617a60dSAndroid Build Coastguard Worker const struct vb2_workbuf *wb);
483*8617a60dSAndroid Build Coastguard Worker
484*8617a60dSAndroid Build Coastguard Worker #endif /* VBOOT_REFERENCE_2COMMON_H_ */
485