host.h 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192
  1. /* Copyright 2015 The Chromium OS Authors. All rights reserved.
  2. * Use of this source code is governed by a BSD-style license that can be
  3. * found in the LICENSE file.
  4. *
  5. * Boot descriptor block host functions
  6. */
  7. #ifndef VBOOT_REFERENCE_BDB_HOST_H_
  8. #define VBOOT_REFERENCE_BDB_HOST_H_
  9. #include <stdlib.h>
  10. #include <openssl/pem.h>
  11. #include "bdb_struct.h"
  12. /*****************************************************************************/
  13. /*
  14. Expected calling sequence:
  15. Load and check just the header
  16. bdb_check_header(buf, size);
  17. Load and verify the entire BDB
  18. bdb_verify(buf, size, bdb_key_hash, dev_mode_flag);
  19. bdb_check_header() again - paranoia against bad storage devices
  20. bdb_check_key() on BDB key
  21. bdb_sha256() on BDB key
  22. Compare with appropriate root key hash
  23. If dev_mode_flag(), mismatch is not fatal
  24. bdb_check_sig() on BDB header sig
  25. bdb_sha256() on OEM area 1, RW datakey
  26. bdb_rsa_verify() on digest using BDB key
  27. bdb_check_key() on RW datakey
  28. bdb_check_data() on RW data
  29. bdb_check_sig() on data sig
  30. bdb_sha256() on data, OEM area 1, hashes
  31. bdb_rsa_verify() on digest using RW datakey
  32. Check RW datakey version. If normal boot from primary BDB, roll forward
  33. Check data version. If normal boot from primary BDB, roll forward
  34. */
  35. /*****************************************************************************/
  36. /* Codes for functions returning numeric error codes */
  37. enum bdb_host_return_code {
  38. /* All/any of bdb_return_code, and the following... */
  39. /* Other errors */
  40. BDB_ERROR_HOST = 200,
  41. };
  42. /*****************************************************************************/
  43. /* Functions */
  44. /**
  45. * Like strncpy, but guaranteeing null termination
  46. */
  47. char *strzcpy(char *dest, const char *src, size_t size);
  48. /**
  49. * Read a file.
  50. *
  51. * Caller must free() the returned buffer.
  52. *
  53. * @param filename Path to file
  54. * @param size_ptr Destination for size of buffer
  55. * @return A newly allocated buffer containing the data, or NULL if error.
  56. */
  57. uint8_t *read_file(const char *filename, uint32_t *size_ptr);
  58. /**
  59. * Write a file.
  60. *
  61. * @param buf Data to write
  62. * @param size Size of data in bytes
  63. * @return 0 if success, non-zero error code if error.
  64. */
  65. int write_file(const char *filename, const void *buf, uint32_t size);
  66. /**
  67. * Read a PEM from a file.
  68. *
  69. * Caller must free the PEM with RSA_free().
  70. *
  71. * @param filename Path to file
  72. * @return A newly allocated PEM object, or NULL if error.
  73. */
  74. struct rsa_st *read_pem(const char *filename);
  75. /**
  76. * Create a BDB public key object.
  77. *
  78. * Caller must free() the returned key.
  79. *
  80. * @param filename Path to file containing public key (.keyb)
  81. * @param key_version Version for key
  82. * @param desc Description. Optional; may be NULL.
  83. * @return A newly allocated public key, or NULL if error.
  84. */
  85. struct bdb_key *bdb_create_key(const char *filename,
  86. uint32_t key_version,
  87. const char *desc);
  88. /**
  89. * Create a BDB signature object.
  90. *
  91. * Caller must free() the returned signature.
  92. *
  93. * @param data Data to sign
  94. * @param size Size of data in bytes
  95. * @param key PEM key
  96. * @param sig_alg Signature algorithm
  97. * @param desc Description. Optional; may be NULL.
  98. * @return A newly allocated signature, or NULL if error.
  99. */
  100. struct bdb_sig *bdb_create_sig(const void *data,
  101. size_t size,
  102. struct rsa_st *key,
  103. uint32_t sig_alg,
  104. const char *desc);
  105. struct bdb_create_params
  106. {
  107. /* Load address */
  108. uint64_t bdb_load_address;
  109. /* OEM areas. Size may be 0, in which case the buffer is ignored */
  110. uint8_t *oem_area_0;
  111. uint32_t oem_area_0_size;
  112. uint8_t *oem_area_1;
  113. uint32_t oem_area_1_size;
  114. /* Public BDB key and datakey */
  115. struct bdb_key *bdbkey;
  116. struct bdb_key *datakey;
  117. /* Private BDB key and datakey */
  118. struct rsa_st *private_bdbkey;
  119. struct rsa_st *private_datakey;
  120. /* Descriptions for header and data signatures */
  121. char *header_sig_description;
  122. char *data_sig_description;
  123. /* Data description and version */
  124. char *data_description;
  125. uint32_t data_version;
  126. /* Data hashes and count */
  127. struct bdb_hash *hash;
  128. uint32_t num_hashes;
  129. };
  130. /**
  131. * Sign data key in BDB
  132. *
  133. * @param bdb (IN/OUT) Buffer is freed upon successful call. Caller is
  134. * responsible for freeing the newly allocated buffer.
  135. * @param key Private BDB key to be signed with
  136. * @return BDB_SUCCESS on success or BDB_ERROR_* otherwise.
  137. */
  138. int bdb_sign_datakey(uint8_t **bdb, struct rsa_st *key);
  139. /**
  140. * Sign data section of BDB
  141. *
  142. * @param bdb (IN/OUT) Buffer is freed upon successful call. Caller is
  143. * responsible for freeing the newly allocated buffer.
  144. * @param key Private data key to be signed with
  145. * @return BDB_SUCCESS on success or BDB_ERROR_* otherwise.
  146. */
  147. int bdb_sign_data(uint8_t **bdb, struct rsa_st *key);
  148. /**
  149. * Create a new BDB
  150. *
  151. * Caller must free() returned object.
  152. *
  153. * @param p Creation parameters
  154. * @return A newly allocated BDB, or NULL if error.
  155. */
  156. struct bdb_header *bdb_create(struct bdb_create_params *p);
  157. /*****************************************************************************/
  158. #endif /* VBOOT_REFERENCE_BDB_HOST_H_ */