uboot/lib/libavb/avb_vbmeta_image.c
<<
>>
Prefs
   1// SPDX-License-Identifier: MIT
   2/*
   3 * Copyright (C) 2016 The Android Open Source Project
   4 */
   5
   6#include "avb_vbmeta_image.h"
   7#include "avb_crypto.h"
   8#include "avb_rsa.h"
   9#include "avb_sha.h"
  10#include "avb_util.h"
  11#include "avb_version.h"
  12
  13AvbVBMetaVerifyResult avb_vbmeta_image_verify(
  14    const uint8_t* data,
  15    size_t length,
  16    const uint8_t** out_public_key_data,
  17    size_t* out_public_key_length) {
  18  AvbVBMetaVerifyResult ret;
  19  AvbVBMetaImageHeader h;
  20  uint8_t* computed_hash;
  21  const AvbAlgorithmData* algorithm;
  22  AvbSHA256Ctx sha256_ctx;
  23  AvbSHA512Ctx sha512_ctx;
  24  const uint8_t* header_block;
  25  const uint8_t* authentication_block;
  26  const uint8_t* auxiliary_block;
  27  int verification_result;
  28
  29  ret = AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER;
  30
  31  if (out_public_key_data != NULL) {
  32    *out_public_key_data = NULL;
  33  }
  34  if (out_public_key_length != NULL) {
  35    *out_public_key_length = 0;
  36  }
  37
  38  /* Ensure magic is correct. */
  39  if (avb_safe_memcmp(data, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
  40    avb_error("Magic is incorrect.\n");
  41    goto out;
  42  }
  43
  44  /* Before we byteswap, ensure length is long enough. */
  45  if (length < sizeof(AvbVBMetaImageHeader)) {
  46    avb_error("Length is smaller than header.\n");
  47    goto out;
  48  }
  49  avb_vbmeta_image_header_to_host_byte_order((const AvbVBMetaImageHeader*)data,
  50                                             &h);
  51
  52  /* Ensure we don't attempt to access any fields if we do not meet
  53   * the specified minimum version of libavb.
  54   */
  55  if ((h.required_libavb_version_major != AVB_VERSION_MAJOR) ||
  56      (h.required_libavb_version_minor > AVB_VERSION_MINOR)) {
  57    avb_error("Mismatch between image version and libavb version.\n");
  58    ret = AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION;
  59    goto out;
  60  }
  61
  62  /* Ensure |release_string| ends with a NUL byte. */
  63  if (h.release_string[AVB_RELEASE_STRING_SIZE - 1] != '\0') {
  64    avb_error("Release string does not end with a NUL byte.\n");
  65    goto out;
  66  }
  67
  68  /* Ensure inner block sizes are multiple of 64. */
  69  if ((h.authentication_data_block_size & 0x3f) != 0 ||
  70      (h.auxiliary_data_block_size & 0x3f) != 0) {
  71    avb_error("Block size is not a multiple of 64.\n");
  72    goto out;
  73  }
  74
  75  /* Ensure block sizes all add up to at most |length|. */
  76  uint64_t block_total = sizeof(AvbVBMetaImageHeader);
  77  if (!avb_safe_add_to(&block_total, h.authentication_data_block_size) ||
  78      !avb_safe_add_to(&block_total, h.auxiliary_data_block_size)) {
  79    avb_error("Overflow while computing size of boot image.\n");
  80    goto out;
  81  }
  82  if (block_total > length) {
  83    avb_error("Block sizes add up to more than given length.\n");
  84    goto out;
  85  }
  86
  87  uintptr_t data_ptr = (uintptr_t)data;
  88  /* Ensure passed in memory doesn't wrap. */
  89  if (!avb_safe_add(NULL, (uint64_t)data_ptr, length)) {
  90    avb_error("Boot image location and length mismatch.\n");
  91    goto out;
  92  }
  93
  94  /* Ensure hash and signature are entirely in the Authentication data block. */
  95  uint64_t hash_end;
  96  if (!avb_safe_add(&hash_end, h.hash_offset, h.hash_size) ||
  97      hash_end > h.authentication_data_block_size) {
  98    avb_error("Hash is not entirely in its block.\n");
  99    goto out;
 100  }
 101  uint64_t signature_end;
 102  if (!avb_safe_add(&signature_end, h.signature_offset, h.signature_size) ||
 103      signature_end > h.authentication_data_block_size) {
 104    avb_error("Signature is not entirely in its block.\n");
 105    goto out;
 106  }
 107
 108  /* Ensure public key is entirely in the Auxiliary data block. */
 109  uint64_t pubkey_end;
 110  if (!avb_safe_add(&pubkey_end, h.public_key_offset, h.public_key_size) ||
 111      pubkey_end > h.auxiliary_data_block_size) {
 112    avb_error("Public key is not entirely in its block.\n");
 113    goto out;
 114  }
 115
 116  /* Ensure public key metadata (if set) is entirely in the Auxiliary
 117   * data block. */
 118  if (h.public_key_metadata_size > 0) {
 119    uint64_t pubkey_md_end;
 120    if (!avb_safe_add(&pubkey_md_end,
 121                      h.public_key_metadata_offset,
 122                      h.public_key_metadata_size) ||
 123        pubkey_md_end > h.auxiliary_data_block_size) {
 124      avb_error("Public key metadata is not entirely in its block.\n");
 125      goto out;
 126    }
 127  }
 128
 129  /* Bail early if there's no hash or signature. */
 130  if (h.algorithm_type == AVB_ALGORITHM_TYPE_NONE) {
 131    ret = AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED;
 132    goto out;
 133  }
 134
 135  /* Ensure algorithm field is supported. */
 136  algorithm = avb_get_algorithm_data(h.algorithm_type);
 137  if (!algorithm) {
 138    avb_error("Invalid or unknown algorithm.\n");
 139    goto out;
 140  }
 141
 142  /* Bail if the embedded hash size doesn't match the chosen algorithm. */
 143  if (h.hash_size != algorithm->hash_len) {
 144    avb_error("Embedded hash has wrong size.\n");
 145    goto out;
 146  }
 147
 148  /* No overflow checks needed from here-on after since all block
 149   * sizes and offsets have been verified above.
 150   */
 151
 152  header_block = data;
 153  authentication_block = header_block + sizeof(AvbVBMetaImageHeader);
 154  auxiliary_block = authentication_block + h.authentication_data_block_size;
 155
 156  switch (h.algorithm_type) {
 157    /* Explicit fall-through: */
 158    case AVB_ALGORITHM_TYPE_SHA256_RSA2048:
 159    case AVB_ALGORITHM_TYPE_SHA256_RSA4096:
 160    case AVB_ALGORITHM_TYPE_SHA256_RSA8192:
 161      avb_sha256_init(&sha256_ctx);
 162      avb_sha256_update(
 163          &sha256_ctx, header_block, sizeof(AvbVBMetaImageHeader));
 164      avb_sha256_update(
 165          &sha256_ctx, auxiliary_block, h.auxiliary_data_block_size);
 166      computed_hash = avb_sha256_final(&sha256_ctx);
 167      break;
 168    /* Explicit fall-through: */
 169    case AVB_ALGORITHM_TYPE_SHA512_RSA2048:
 170    case AVB_ALGORITHM_TYPE_SHA512_RSA4096:
 171    case AVB_ALGORITHM_TYPE_SHA512_RSA8192:
 172      avb_sha512_init(&sha512_ctx);
 173      avb_sha512_update(
 174          &sha512_ctx, header_block, sizeof(AvbVBMetaImageHeader));
 175      avb_sha512_update(
 176          &sha512_ctx, auxiliary_block, h.auxiliary_data_block_size);
 177      computed_hash = avb_sha512_final(&sha512_ctx);
 178      break;
 179    default:
 180      avb_error("Unknown algorithm.\n");
 181      goto out;
 182  }
 183
 184  if (avb_safe_memcmp(authentication_block + h.hash_offset,
 185                      computed_hash,
 186                      h.hash_size) != 0) {
 187    avb_error("Hash does not match!\n");
 188    ret = AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH;
 189    goto out;
 190  }
 191
 192  verification_result =
 193      avb_rsa_verify(auxiliary_block + h.public_key_offset,
 194                     h.public_key_size,
 195                     authentication_block + h.signature_offset,
 196                     h.signature_size,
 197                     authentication_block + h.hash_offset,
 198                     h.hash_size,
 199                     algorithm->padding,
 200                     algorithm->padding_len);
 201
 202  if (verification_result == 0) {
 203    ret = AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH;
 204    goto out;
 205  }
 206
 207  if (h.public_key_size > 0) {
 208    if (out_public_key_data != NULL) {
 209      *out_public_key_data = auxiliary_block + h.public_key_offset;
 210    }
 211    if (out_public_key_length != NULL) {
 212      *out_public_key_length = h.public_key_size;
 213    }
 214  }
 215
 216  ret = AVB_VBMETA_VERIFY_RESULT_OK;
 217
 218out:
 219  return ret;
 220}
 221
 222void avb_vbmeta_image_header_to_host_byte_order(const AvbVBMetaImageHeader* src,
 223                                                AvbVBMetaImageHeader* dest) {
 224  avb_memcpy(dest, src, sizeof(AvbVBMetaImageHeader));
 225
 226  dest->required_libavb_version_major =
 227      avb_be32toh(dest->required_libavb_version_major);
 228  dest->required_libavb_version_minor =
 229      avb_be32toh(dest->required_libavb_version_minor);
 230
 231  dest->authentication_data_block_size =
 232      avb_be64toh(dest->authentication_data_block_size);
 233  dest->auxiliary_data_block_size =
 234      avb_be64toh(dest->auxiliary_data_block_size);
 235
 236  dest->algorithm_type = avb_be32toh(dest->algorithm_type);
 237
 238  dest->hash_offset = avb_be64toh(dest->hash_offset);
 239  dest->hash_size = avb_be64toh(dest->hash_size);
 240
 241  dest->signature_offset = avb_be64toh(dest->signature_offset);
 242  dest->signature_size = avb_be64toh(dest->signature_size);
 243
 244  dest->public_key_offset = avb_be64toh(dest->public_key_offset);
 245  dest->public_key_size = avb_be64toh(dest->public_key_size);
 246
 247  dest->public_key_metadata_offset =
 248      avb_be64toh(dest->public_key_metadata_offset);
 249  dest->public_key_metadata_size = avb_be64toh(dest->public_key_metadata_size);
 250
 251  dest->descriptors_offset = avb_be64toh(dest->descriptors_offset);
 252  dest->descriptors_size = avb_be64toh(dest->descriptors_size);
 253
 254  dest->rollback_index = avb_be64toh(dest->rollback_index);
 255  dest->flags = avb_be32toh(dest->flags);
 256}
 257
 258const char* avb_vbmeta_verify_result_to_string(AvbVBMetaVerifyResult result) {
 259  const char* ret = NULL;
 260
 261  switch (result) {
 262    case AVB_VBMETA_VERIFY_RESULT_OK:
 263      ret = "OK";
 264      break;
 265    case AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED:
 266      ret = "OK_NOT_SIGNED";
 267      break;
 268    case AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER:
 269      ret = "INVALID_VBMETA_HEADER";
 270      break;
 271    case AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION:
 272      ret = "UNSUPPORTED_VERSION";
 273      break;
 274    case AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH:
 275      ret = "HASH_MISMATCH";
 276      break;
 277    case AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH:
 278      ret = "SIGNATURE_MISMATCH";
 279      break;
 280      /* Do not add a 'default:' case here because of -Wswitch. */
 281  }
 282
 283  if (ret == NULL) {
 284    avb_error("Unknown AvbVBMetaVerifyResult value.\n");
 285    ret = "(unknown)";
 286  }
 287
 288  return ret;
 289}
 290