/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * Host functions for signatures. */ #include <openssl/rsa.h> #include "2sysincludes.h" #include "2common.h" #include "2rsa.h" #include "2sha.h" #include "vb2_common.h" #include "host_common.h" #include "host_key2.h" #include "host_signature2.h" #include "host_misc.h" /** * Get the digest info for a hash algorithm * * @param hash_alg Hash algorithm * @param buf_ptr On success, points to the digest info * @param size_ptr On success, contains the info size in bytes * @return VB2_SUCCESS, or non-zero error code on failure. */ static int vb2_digest_info(enum vb2_hash_algorithm hash_alg, const uint8_t **buf_ptr, uint32_t *size_ptr) { *buf_ptr = NULL; *size_ptr = 0; switch (hash_alg) { #if VB2_SUPPORT_SHA1 case VB2_HASH_SHA1: { static const uint8_t info[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; *buf_ptr = info; *size_ptr = sizeof(info); return VB2_SUCCESS; } #endif #if VB2_SUPPORT_SHA256 case VB2_HASH_SHA256: { static const uint8_t info[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; *buf_ptr = info; *size_ptr = sizeof(info); return VB2_SUCCESS; } #endif #if VB2_SUPPORT_SHA512 case VB2_HASH_SHA512: { static const uint8_t info[] = { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; *buf_ptr = info; *size_ptr = sizeof(info); return VB2_SUCCESS; } #endif default: return VB2_ERROR_DIGEST_INFO; } } int vb2_sign_data(struct vb2_signature **sig_ptr, const uint8_t *data, uint32_t size, const struct vb2_private_key *key, const char *desc) { struct vb2_signature s = { .c.magic = VB2_MAGIC_SIGNATURE, .c.struct_version_major = VB2_SIGNATURE_VERSION_MAJOR, .c.struct_version_minor = VB2_SIGNATURE_VERSION_MINOR, .c.fixed_size = sizeof(s), .sig_alg = key->sig_alg, .hash_alg = key->hash_alg, .data_size = size, .guid = key->guid, }; struct vb2_digest_context dc; uint32_t digest_size; const uint8_t *info = NULL; uint32_t info_size = 0; uint32_t sig_digest_size; uint8_t *sig_digest; uint8_t *buf; *sig_ptr = NULL; /* Use key description if no description supplied */ if (!desc) desc = key->desc; s.c.desc_size = vb2_desc_size(desc); s.sig_offset = s.c.fixed_size + s.c.desc_size; s.sig_size = vb2_sig_size(key->sig_alg, key->hash_alg); if (!s.sig_size) return VB2_SIGN_DATA_SIG_SIZE; s.c.total_size = s.sig_offset + s.sig_size; /* Determine digest size and allocate buffer */ if (s.sig_alg != VB2_SIG_NONE) { if (vb2_digest_info(s.hash_alg, &info, &info_size)) return VB2_SIGN_DATA_DIGEST_INFO; } digest_size = vb2_digest_size(key->hash_alg); if (!digest_size) return VB2_SIGN_DATA_DIGEST_SIZE; sig_digest_size = info_size + digest_size; sig_digest = malloc(sig_digest_size); if (!sig_digest) return VB2_SIGN_DATA_DIGEST_ALLOC; /* Prepend digest info, if any */ if (info_size) memcpy(sig_digest, info, info_size); /* Calculate hash digest */ if (vb2_digest_init(&dc, s.hash_alg)) { free(sig_digest); return VB2_SIGN_DATA_DIGEST_INIT; } if (vb2_digest_extend(&dc, data, size)) { free(sig_digest); return VB2_SIGN_DATA_DIGEST_EXTEND; } if (vb2_digest_finalize(&dc, sig_digest + info_size, digest_size)) { free(sig_digest); return VB2_SIGN_DATA_DIGEST_FINALIZE; } /* Allocate signature buffer and copy header */ buf = calloc(1, s.c.total_size); memcpy(buf, &s, sizeof(s)); /* strcpy() is ok because we allocated buffer based on desc length */ if (desc) strcpy((char *)buf + s.c.fixed_size, desc); if (s.sig_alg == VB2_SIG_NONE) { /* Bare hash signature is just the digest */ memcpy(buf + s.sig_offset, sig_digest, sig_digest_size); } else { /* RSA-encrypt the signature */ if (RSA_private_encrypt(sig_digest_size, sig_digest, buf + s.sig_offset, key->rsa_private_key, RSA_PKCS1_PADDING) == -1) { free(sig_digest); free(buf); return VB2_SIGN_DATA_RSA_ENCRYPT; } } free(sig_digest); *sig_ptr = (struct vb2_signature *)buf; return VB2_SUCCESS; } int vb2_sig_size_for_key(uint32_t *size_ptr, const struct vb2_private_key *key, const char *desc) { uint32_t size = vb2_sig_size(key->sig_alg, key->hash_alg); if (!size) return VB2_ERROR_SIG_SIZE_FOR_KEY; size += sizeof(struct vb2_signature); size += vb2_desc_size(desc ? desc : key->desc); *size_ptr = size; return VB2_SUCCESS; } int vb2_sig_size_for_keys(uint32_t *size_ptr, const struct vb2_private_key **key_list, uint32_t key_count) { uint32_t total = 0, size = 0; int rv, i; *size_ptr = 0; for (i = 0; i < key_count; i++) { rv = vb2_sig_size_for_key(&size, key_list[i], NULL); if (rv) return rv; total += size; } *size_ptr = total; return VB2_SUCCESS; } int vb2_sign_object(uint8_t *buf, uint32_t sig_offset, const struct vb2_private_key *key, const char *desc) { struct vb2_struct_common *c = (struct vb2_struct_common *)buf; struct vb2_signature *sig = NULL; int rv; rv = vb2_sign_data(&sig, buf, sig_offset, key, desc); if (rv) return rv; if (sig_offset + sig->c.total_size > c->total_size) { free(sig); return VB2_SIGN_OBJECT_OVERFLOW; } memcpy(buf + sig_offset, sig, sig->c.total_size); free(sig); return VB2_SUCCESS; } int vb2_sign_object_multiple(uint8_t *buf, uint32_t sig_offset, const struct vb2_private_key **key_list, uint32_t key_count) { struct vb2_struct_common *c = (struct vb2_struct_common *)buf; uint32_t sig_next = sig_offset; int rv, i; for (i = 0; i < key_count; i++) { struct vb2_signature *sig = NULL; rv = vb2_sign_data(&sig, buf, sig_offset, key_list[i], NULL); if (rv) return rv; if (sig_next + sig->c.total_size > c->total_size) { free(sig); return VB2_SIGN_OBJECT_OVERFLOW; } memcpy(buf + sig_next, sig, sig->c.total_size); sig_next += sig->c.total_size; free(sig); } return VB2_SUCCESS; }