1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Common functions between firmware and kernel verified boot.
6  */
7 
8 #ifndef VBOOT_REFERENCE_VB2_COMMON_H_
9 #define VBOOT_REFERENCE_VB2_COMMON_H_
10 
11 #include "2api.h"
12 #include "2common.h"
13 #include "2return_codes.h"
14 #include "2sha.h"
15 #include "2struct.h"
16 #include "vb2_struct.h"
17 
18 /*
19  * Helper functions to get data pointed to by a public key or signature.
20  */
21 
22 const uint8_t *vb2_packed_key_data(const struct vb2_packed_key *key);
23 uint8_t *vb2_signature_data(struct vb2_signature *sig);
24 
25 /**
26  * Verify the data pointed to by a subfield is inside the parent data.
27  *
28  * The subfield has a header pointed to by member, and a separate data
29  * field at an offset relative to the header.  That is:
30  *
31  *   struct parent {
32  *     (possibly other parent fields)
33  *     struct member {
34  *        (member header fields)
35  *     };
36  *     (possibly other parent fields)
37  *   };
38  *   (possibly some other parent data)
39  *   (member data)
40  *   (possibly some other parent data)
41  *
42  * @param parent		Parent data
43  * @param parent_size		Parent size in bytes
44  * @param member		Subfield header
45  * @param member_size		Size of subfield header in bytes
46  * @param member_data_offset	Offset of member data from start of member
47  * @param member_data_size	Size of member data in bytes
48  * @return VB2_SUCCESS, or non-zero if error.
49  */
50 int vb2_verify_member_inside(const void *parent, size_t parent_size,
51 			     const void *member, size_t member_size,
52 			     ptrdiff_t member_data_offset,
53 			     size_t member_data_size);
54 
55 /**
56  * Verify a signature is fully contained in its parent data
57  *
58  * @param parent	Parent data
59  * @param parent_size	Parent size in bytes
60  * @param sig		Signature pointer
61  * @return VB2_SUCCESS, or non-zero if error.
62  */
63 int vb2_verify_signature_inside(const void *parent,
64 				uint32_t parent_size,
65 				const struct vb2_signature *sig);
66 
67 
68 /**
69  * Verify a packed key is fully contained in its parent data
70  *
71  * @param parent	Parent data
72  * @param parent_size	Parent size in bytes
73  * @param key		Packed key pointer
74  * @return VB2_SUCCESS, or non-zero if error.
75  */
76 int vb2_verify_packed_key_inside(const void *parent,
77 				 uint32_t parent_size,
78 				 const struct vb2_packed_key *key);
79 
80 /**
81  * Unpack a vboot1-format key for use in verification
82  *
83  * The elements of the unpacked key will point into the source buffer, so don't
84  * free the source buffer until you're done with the key.
85  *
86  * @param key		Destintion for unpacked key
87  * @param buf		Source buffer containing packed key
88  * @param size		Size of buffer in bytes
89  * @return VB2_SUCCESS, or non-zero error code if error.
90  */
91 int vb2_unpack_key(struct vb2_public_key *key,
92 		   const uint8_t *buf,
93 		   uint32_t size);
94 
95 /**
96  * Verify a signature against an expected hash digest.
97  *
98  * @param key		Key to use in signature verification
99  * @param sig		Signature to verify (may be destroyed in process)
100  * @param digest	Digest of signed data
101  * @param wb		Work buffer
102  * @return VB2_SUCCESS, or non-zero if error.
103  */
104 int vb2_verify_digest(const struct vb2_public_key *key,
105 		      struct vb2_signature *sig,
106 		      const uint8_t *digest,
107 		      const struct vb2_workbuf *wb);
108 
109 /**
110  * Verify data matches signature.
111  *
112  * @param data		Data to verify
113  * @param size		Size of data buffer.  Note that amount of data to
114  *			actually validate is contained in sig->data_size.
115  * @param sig		Signature of data (destroyed in process)
116  * @param key		Key to use to validate signature
117  * @param wb		Work buffer
118  * @return VB2_SUCCESS, or non-zero error code if error.
119  */
120 int vb2_verify_data(const uint8_t *data,
121 		    uint32_t size,
122 		    struct vb2_signature *sig,
123 		    const struct vb2_public_key *key,
124 		    const struct vb2_workbuf *wb);
125 
126 /**
127  * Check the sanity of a key block using a public key.
128  *
129  * Header fields are also checked for sanity.  Does not verify key index or key
130  * block flags.  Signature inside block is destroyed during check.
131  *
132  * @param block		Key block to verify
133  * @param size		Size of key block buffer
134  * @param key		Key to use to verify block
135  * @param wb		Work buffer
136  * @return VB2_SUCCESS, or non-zero error code if error.
137  */
138 int vb2_verify_keyblock(struct vb2_keyblock *block,
139 			uint32_t size,
140 			const struct vb2_public_key *key,
141 			const struct vb2_workbuf *wb);
142 
143 /**
144  * Check the sanity of a firmware preamble using a public key.
145  *
146  * The signature in the preamble is destroyed during the check.
147  *
148  * @param preamble     	Preamble to verify
149  * @param size		Size of preamble buffer
150  * @param key		Key to use to verify preamble
151  * @param wb		Work buffer
152  * @return VB2_SUCCESS, or non-zero error code if error.
153  */
154 int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
155 			   uint32_t size,
156 			   const struct vb2_public_key *key,
157 			   const struct vb2_workbuf *wb);
158 
159 #endif  /* VBOOT_REFERENCE_VB2_COMMON_H_ */
160