blob: 536fbbb0c1c925510392db57ff6285b82ef8aa20 [file] [log] [blame]
Randall Spangler6f1b82a2014-12-03 12:29:37 -08001/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Common functions between firmware and kernel verified boot.
6 */
7
8#ifndef VBOOT_REFERENCE_VB2_COMMON_H_
9#define VBOOT_REFERENCE_VB2_COMMON_H_
10
11#include "2api.h"
12#include "2common.h"
13#include "2return_codes.h"
14#include "2sha.h"
15#include "2struct.h"
16#include "vb2_struct.h"
17
18/*
19 * Helper functions to get data pointed to by a public key or signature.
20 */
21
22const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key);
23uint8_t *vb2_signature_data(struct vb2_signature *sig);
24
25/**
26 * Verify the data pointed to by a subfield is inside the parent data.
27 *
28 * The subfield has a header pointed to by member, and a separate data
29 * field at an offset relative to the header. That is:
30 *
31 * struct parent {
32 * (possibly other parent fields)
33 * struct member {
34 * (member header fields)
35 * };
36 * (possibly other parent fields)
37 * };
38 * (possibly some other parent data)
39 * (member data)
40 * (possibly some other parent data)
41 *
42 * @param parent Parent data
43 * @param parent_size Parent size in bytes
44 * @param member Subfield header
45 * @param member_size Size of subfield header in bytes
46 * @param member_data_offset Offset of member data from start of member
47 * @param member_data_size Size of member data in bytes
48 * @return VB2_SUCCESS, or non-zero if error.
49 */
50int vb2_verify_member_inside(const void *parent, size_t parent_size,
51 const void *member, size_t member_size,
52 ptrdiff_t member_data_offset,
53 size_t member_data_size);
54
55/**
56 * Verify a signature is fully contained in its parent data
57 *
58 * @param parent Parent data
59 * @param parent_size Parent size in bytes
60 * @param sig Signature pointer
61 * @return VB2_SUCCESS, or non-zero if error.
62 */
63int vb2_verify_signature_inside(const void *parent,
64 uint32_t parent_size,
65 const struct vb2_signature *sig);
66
67
68/**
69 * Verify a packed key is fully contained in its parent data
70 *
71 * @param parent Parent data
72 * @param parent_size Parent size in bytes
73 * @param key Packed key pointer
74 * @return VB2_SUCCESS, or non-zero if error.
75 */
76int vb2_verify_packed_key_inside(const void *parent,
77 uint32_t parent_size,
78 const struct vb2_packed_key *key);
79
80/**
81 * Unpack a vboot1-format key for use in verification
82 *
83 * The elements of the unpacked key will point into the source buffer, so don't
84 * free the source buffer until you're done with the key.
85 *
86 * @param key Destintion for unpacked key
87 * @param buf Source buffer containing packed key
88 * @param size Size of buffer in bytes
89 * @return VB2_SUCCESS, or non-zero error code if error.
90 */
91int vb2_unpack_key(struct vb2_public_key *key,
92 const uint8_t *buf,
93 uint32_t size);
94
95/**
96 * Verify a signature against an expected hash digest.
97 *
98 * @param key Key to use in signature verification
99 * @param sig Signature to verify (may be destroyed in process)
100 * @param digest Digest of signed data
101 * @param wb Work buffer
102 * @return VB2_SUCCESS, or non-zero if error.
103 */
104int vb2_verify_digest(const struct vb2_public_key *key,
105 struct vb2_signature *sig,
106 const uint8_t *digest,
107 const struct vb2_workbuf *wb);
108
109/**
110 * Verify data matches signature.
111 *
112 * @param data Data to verify
113 * @param size Size of data buffer. Note that amount of data to
114 * actually validate is contained in sig->data_size.
115 * @param sig Signature of data (destroyed in process)
116 * @param key Key to use to validate signature
117 * @param wb Work buffer
118 * @return VB2_SUCCESS, or non-zero error code if error.
119 */
120int vb2_verify_data(const uint8_t *data,
121 uint32_t size,
122 struct vb2_signature *sig,
123 const struct vb2_public_key *key,
124 const struct vb2_workbuf *wb);
125
126/**
Randall Spanglerb87d1ec2015-05-19 12:45:20 -0700127 * Check the sanity of a key block structure.
128 *
129 * Verifies all the header fields. Does not verify key index or key block
130 * flags. Should be called before verifying the key block data itself using
131 * the key. (This function does not itself verify the signature - just that
132 * the right amount of data is claimed to be signed.)
133 *
134 * @param block Key block to verify
135 * @param size Size of key block buffer
136 * @param sig Which signature inside the keyblock to use
137 */
138int vb2_check_keyblock(const struct vb2_keyblock *block,
139 uint32_t size,
140 const struct vb2_signature *sig);
141
142/**
143 * Verify a key block using a public key.
Randall Spangler6f1b82a2014-12-03 12:29:37 -0800144 *
145 * Header fields are also checked for sanity. Does not verify key index or key
146 * block flags. Signature inside block is destroyed during check.
147 *
148 * @param block Key block to verify
149 * @param size Size of key block buffer
150 * @param key Key to use to verify block
151 * @param wb Work buffer
152 * @return VB2_SUCCESS, or non-zero error code if error.
153 */
154int vb2_verify_keyblock(struct vb2_keyblock *block,
155 uint32_t size,
156 const struct vb2_public_key *key,
157 const struct vb2_workbuf *wb);
158
159/**
Randall Spangler3d5cd882015-05-20 17:22:17 -0700160 * Verify a key block using its hash.
161 *
162 * Header fields are also checked for sanity. Does not verify key index or key
163 * block flags. Use this for self-signed keyblocks in developer mode.
164 *
165 * @param block Key block to verify
166 * @param size Size of key block buffer
167 * @param key Key to use to verify block
168 * @param wb Work buffer
169 * @return VB2_SUCCESS, or non-zero error code if error.
170 */
171int vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
172 uint32_t size,
173 const struct vb2_workbuf *wb);
174
175/**
Randall Spangler6f1b82a2014-12-03 12:29:37 -0800176 * Check the sanity of a firmware preamble using a public key.
177 *
178 * The signature in the preamble is destroyed during the check.
179 *
180 * @param preamble Preamble to verify
181 * @param size Size of preamble buffer
182 * @param key Key to use to verify preamble
183 * @param wb Work buffer
184 * @return VB2_SUCCESS, or non-zero error code if error.
185 */
186int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
187 uint32_t size,
188 const struct vb2_public_key *key,
189 const struct vb2_workbuf *wb);
190
Randall Spangler2d25e832015-05-12 16:39:01 -0700191/**
192 * Check the sanity of a kernel preamble using a public key.
193 *
194 * The signature in the preamble is destroyed during the check.
195 *
196 * @param preamble Preamble to verify
197 * @param size Size of preamble buffer
198 * @param key Key to use to verify preamble
199 * @param wb Work buffer
200 * @return VB2_SUCCESS, or non-zero error code if error.
201 */
202int vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble,
203 uint32_t size,
204 const struct vb2_public_key *key,
205 const struct vb2_workbuf *wb);
206
Randall Spangler158b2962016-06-03 14:00:27 -0700207/**
208 * Retrieve the 16-bit vmlinuz header address and size from the preamble.
209 *
210 * Size 0 means there is no 16-bit vmlinuz header present. Old preamble
211 * versions (<2.1) return 0 for both fields.
212 *
213 * @param preamble Preamble to check
214 * @param vmlinuz_header_address Destination for header address
215 * @param vmlinuz_header_size Destination for header size
216 */
217void vb2_kernel_get_vmlinuz_header(const struct vb2_kernel_preamble *preamble,
218 uint64_t *vmlinuz_header_address,
219 uint32_t *vmlinuz_header_size);
220
221/**
222 * Get the flags for the kernel preamble.
223 *
224 * @param preamble Preamble to check
225 * @return Flags for the preamble. Old preamble versions (<2.2) return 0.
226 */
227uint32_t vb2_kernel_get_flags(const struct vb2_kernel_preamble *preamble);
228
Randall Spangler6f1b82a2014-12-03 12:29:37 -0800229#endif /* VBOOT_REFERENCE_VB2_COMMON_H_ */