int vb2_check_keyblock(const struct vb2_keyblock *block,
uint32_t size,
const struct vb2_signature *sig)
{
if(size < sizeof(*block)) {
VB2_DEBUG("Not enough space for key block header.\n");
return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER;
}
if (memcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) {
VB2_DEBUG("Not a valid verified boot key block.\n");
return VB2_ERROR_KEYBLOCK_MAGIC;
}
if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) {
VB2_DEBUG("Incompatible key block header version.\n");
return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
}
if (size < block->keyblock_size) {
VB2_DEBUG("Not enough data for key block.\n");
return VB2_ERROR_KEYBLOCK_SIZE;
}
if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) {
VB2_DEBUG("Key block signature off end of block\n");
return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE;
}
/* Make sure advertised signature data sizes are sane. */
if (block->keyblock_size < sig->data_size) {
VB2_DEBUG("Signature calculated past end of block\n");
return VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH;
}
/* Verify we signed enough data */
if (sig->data_size < sizeof(struct vb2_keyblock)) {
VB2_DEBUG("Didn't sign enough data\n");
return VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE;
}
/* Verify data key is inside the block and inside signed data */
if (vb2_verify_packed_key_inside(block, block->keyblock_size,
&block->data_key)) {
VB2_DEBUG("Data key off end of key block\n");
return VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE;
}
if (vb2_verify_packed_key_inside(block, sig->data_size,
&block->data_key)) {
VB2_DEBUG("Data key off end of signed data\n");
return VB2_ERROR_KEYBLOCK_DATA_KEY_UNSIGNED;
}
return VB2_SUCCESS;
}
int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
struct vb2_signature *sig = &preamble->preamble_signature;
VB2_DEBUG("Verifying preamble.\n");
/* Sanity checks before attempting signature of data */
if(size < sizeof(*preamble)) {
VB2_DEBUG("Not enough data for preamble header\n");
return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
}
if (preamble->header_version_major !=
FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) {
VB2_DEBUG("Incompatible firmware preamble header version.\n");
return VB2_ERROR_PREAMBLE_HEADER_VERSION;
}
if (preamble->header_version_minor < 1) {
VB2_DEBUG("Only preamble header 2.1+ supported\n");
return VB2_ERROR_PREAMBLE_HEADER_OLD;
}
if (size < preamble->preamble_size) {
VB2_DEBUG("Not enough data for preamble.\n");
return VB2_ERROR_PREAMBLE_SIZE;
}
/* Check signature */
if (vb2_verify_signature_inside(preamble, preamble->preamble_size,
sig)) {
VB2_DEBUG("Preamble signature off end of preamble\n");
return VB2_ERROR_PREAMBLE_SIG_OUTSIDE;
}
/* Make sure advertised signature data sizes are sane. */
if (preamble->preamble_size < sig->data_size) {
VB2_DEBUG("Signature calculated past end of the block\n");
return VB2_ERROR_PREAMBLE_SIGNED_TOO_MUCH;
}
if (vb2_verify_data((const uint8_t *)preamble, size, sig, key, wb)) {
VB2_DEBUG("Preamble signature validation failed\n");
return VB2_ERROR_PREAMBLE_SIG_INVALID;
}
/* Verify we signed enough data */
if (sig->data_size < sizeof(struct vb2_fw_preamble)) {
VB2_DEBUG("Didn't sign enough data\n");
return VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE;
}
/* Verify body signature is inside the signed data */
if (vb2_verify_signature_inside(preamble, sig->data_size,
&preamble->body_signature)) {
VB2_DEBUG("Firmware body signature off end of preamble\n");
return VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE;
}
/* Verify kernel subkey is inside the signed data */
if (vb2_verify_packed_key_inside(preamble, sig->data_size,
&preamble->kernel_subkey)) {
VB2_DEBUG("Kernel subkey off end of preamble\n");
return VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE;
}
/* Success */
return VB2_SUCCESS;
}
int vb2_verify_keyblock(struct vb2_keyblock *block,
uint32_t size,
const struct vb2_public_key *key,
const struct vb2_workbuf *wb)
{
struct vb2_signature *sig;
int rv;
/* Sanity checks before attempting signature of data */
if(size < sizeof(*block)) {
VB2_DEBUG("Not enough space for key block header.\n");
return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER;
}
if (memcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) {
VB2_DEBUG("Not a valid verified boot key block.\n");
return VB2_ERROR_KEYBLOCK_MAGIC;
}
if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) {
VB2_DEBUG("Incompatible key block header version.\n");
return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
}
if (size < block->keyblock_size) {
VB2_DEBUG("Not enough data for key block.\n");
return VB2_ERROR_KEYBLOCK_SIZE;
}
/* Check signature */
sig = &block->keyblock_signature;
if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) {
VB2_DEBUG("Key block signature off end of block\n");
return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE;
}
/* Make sure advertised signature data sizes are sane. */
if (block->keyblock_size < sig->data_size) {
VB2_DEBUG("Signature calculated past end of block\n");
return VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH;
}
VB2_DEBUG("Checking key block signature...\n");
rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb);
if (rv) {
VB2_DEBUG("Invalid key block signature.\n");
return VB2_ERROR_KEYBLOCK_SIG_INVALID;
}
/* Verify we signed enough data */
if (sig->data_size < sizeof(struct vb2_keyblock)) {
VB2_DEBUG("Didn't sign enough data\n");
return VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE;
}
/* Verify data key is inside the block and inside signed data */
if (vb2_verify_packed_key_inside(block, block->keyblock_size,
&block->data_key)) {
VB2_DEBUG("Data key off end of key block\n");
return VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE;
}
if (vb2_verify_packed_key_inside(block, sig->data_size,
&block->data_key)) {
VB2_DEBUG("Data key off end of signed data\n");
return VB2_ERROR_KEYBLOCK_DATA_KEY_UNSIGNED;
}
/* Success */
return VB2_SUCCESS;
}