1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <android_avb/avb_vbmeta_image.h>
26 #include <android_avb/avb_crypto.h>
27 #include <android_avb/avb_rsa.h>
28 #include <android_avb/avb_sha.h>
29 #include <android_avb/avb_util.h>
30 #include <android_avb/avb_version.h>
31
avb_vbmeta_image_verify(const uint8_t * data,size_t length,const uint8_t ** out_public_key_data,size_t * out_public_key_length)32 AvbVBMetaVerifyResult avb_vbmeta_image_verify(
33 const uint8_t* data,
34 size_t length,
35 const uint8_t** out_public_key_data,
36 size_t* out_public_key_length) {
37 AvbVBMetaVerifyResult ret;
38 AvbVBMetaImageHeader h;
39 uint8_t* computed_hash;
40 const AvbAlgorithmData* algorithm;
41 AvbSHA256Ctx sha256_ctx;
42 AvbSHA512Ctx sha512_ctx;
43 const uint8_t* header_block;
44 const uint8_t* authentication_block;
45 const uint8_t* auxiliary_block;
46 int verification_result;
47
48 ret = AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER;
49
50 if (out_public_key_data != NULL) {
51 *out_public_key_data = NULL;
52 }
53 if (out_public_key_length != NULL) {
54 *out_public_key_length = 0;
55 }
56
57 /* Before we byteswap or compare Magic, ensure length is long enough. */
58 if (length < sizeof(AvbVBMetaImageHeader)) {
59 avb_error("Length is smaller than header.\n");
60 goto out;
61 }
62
63 /* Ensure magic is correct. */
64 if (avb_safe_memcmp(data, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
65 avb_error("Magic is incorrect.\n");
66 goto out;
67 }
68
69 avb_vbmeta_image_header_to_host_byte_order((const AvbVBMetaImageHeader*)data,
70 &h);
71
72 /* Ensure we don't attempt to access any fields if we do not meet
73 * the specified minimum version of libavb.
74 */
75 if ((h.required_libavb_version_major != AVB_VERSION_MAJOR) ||
76 (h.required_libavb_version_minor > AVB_VERSION_MINOR)) {
77 avb_error("Mismatch between image version and libavb version.\n");
78 ret = AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION;
79 goto out;
80 }
81
82 /* Ensure |release_string| ends with a NUL byte. */
83 if (h.release_string[AVB_RELEASE_STRING_SIZE - 1] != '\0') {
84 avb_error("Release string does not end with a NUL byte.\n");
85 goto out;
86 }
87
88 /* Ensure inner block sizes are multiple of 64. */
89 if ((h.authentication_data_block_size & 0x3f) != 0 ||
90 (h.auxiliary_data_block_size & 0x3f) != 0) {
91 avb_error("Block size is not a multiple of 64.\n");
92 goto out;
93 }
94
95 /* Ensure block sizes all add up to at most |length|. */
96 uint64_t block_total = sizeof(AvbVBMetaImageHeader);
97 if (!avb_safe_add_to(&block_total, h.authentication_data_block_size) ||
98 !avb_safe_add_to(&block_total, h.auxiliary_data_block_size)) {
99 avb_error("Overflow while computing size of boot image.\n");
100 goto out;
101 }
102 if (block_total > length) {
103 avb_error("Block sizes add up to more than given length.\n");
104 goto out;
105 }
106
107 uintptr_t data_ptr = (uintptr_t)data;
108 /* Ensure passed in memory doesn't wrap. */
109 if (!avb_safe_add(NULL, (uint64_t)data_ptr, length)) {
110 avb_error("Boot image location and length mismatch.\n");
111 goto out;
112 }
113
114 /* Ensure hash and signature are entirely in the Authentication data block. */
115 uint64_t hash_end;
116 if (!avb_safe_add(&hash_end, h.hash_offset, h.hash_size) ||
117 hash_end > h.authentication_data_block_size) {
118 avb_error("Hash is not entirely in its block.\n");
119 goto out;
120 }
121 uint64_t signature_end;
122 if (!avb_safe_add(&signature_end, h.signature_offset, h.signature_size) ||
123 signature_end > h.authentication_data_block_size) {
124 avb_error("Signature is not entirely in its block.\n");
125 goto out;
126 }
127
128 /* Ensure public key is entirely in the Auxiliary data block. */
129 uint64_t pubkey_end;
130 if (!avb_safe_add(&pubkey_end, h.public_key_offset, h.public_key_size) ||
131 pubkey_end > h.auxiliary_data_block_size) {
132 avb_error("Public key is not entirely in its block.\n");
133 goto out;
134 }
135
136 /* Ensure public key metadata (if set) is entirely in the Auxiliary
137 * data block. */
138 if (h.public_key_metadata_size > 0) {
139 uint64_t pubkey_md_end;
140 if (!avb_safe_add(&pubkey_md_end,
141 h.public_key_metadata_offset,
142 h.public_key_metadata_size) ||
143 pubkey_md_end > h.auxiliary_data_block_size) {
144 avb_error("Public key metadata is not entirely in its block.\n");
145 goto out;
146 }
147 }
148
149 /* Bail early if there's no hash or signature. */
150 if (h.algorithm_type == AVB_ALGORITHM_TYPE_NONE) {
151 ret = AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED;
152 goto out;
153 }
154
155 /* Ensure algorithm field is supported. */
156 algorithm = avb_get_algorithm_data(h.algorithm_type);
157 if (!algorithm) {
158 avb_error("Invalid or unknown algorithm.\n");
159 goto out;
160 }
161
162 /* Bail if the embedded hash size doesn't match the chosen algorithm. */
163 if (h.hash_size != algorithm->hash_len) {
164 avb_error("Embedded hash has wrong size.\n");
165 goto out;
166 }
167
168 /* No overflow checks needed from here-on after since all block
169 * sizes and offsets have been verified above.
170 */
171
172 header_block = data;
173 authentication_block = header_block + sizeof(AvbVBMetaImageHeader);
174 auxiliary_block = authentication_block + h.authentication_data_block_size;
175
176 switch (h.algorithm_type) {
177 /* Explicit fall-through: */
178 case AVB_ALGORITHM_TYPE_SHA256_RSA2048:
179 case AVB_ALGORITHM_TYPE_SHA256_RSA4096:
180 case AVB_ALGORITHM_TYPE_SHA256_RSA8192:
181
182 sha256_ctx.tot_len = sizeof(AvbVBMetaImageHeader) +
183 h.auxiliary_data_block_size;
184 avb_sha256_init(&sha256_ctx);
185 avb_sha256_update(
186 &sha256_ctx, header_block, sizeof(AvbVBMetaImageHeader));
187 avb_sha256_update(
188 &sha256_ctx, auxiliary_block, h.auxiliary_data_block_size);
189 computed_hash = avb_sha256_final(&sha256_ctx);
190 break;
191 /* Explicit fall-through: */
192 case AVB_ALGORITHM_TYPE_SHA512_RSA2048:
193 case AVB_ALGORITHM_TYPE_SHA512_RSA4096:
194 case AVB_ALGORITHM_TYPE_SHA512_RSA8192:
195 sha512_ctx.tot_len = sizeof(AvbVBMetaImageHeader) +
196 h.auxiliary_data_block_size;
197 avb_sha512_init(&sha512_ctx);
198 avb_sha512_update(
199 &sha512_ctx, header_block, sizeof(AvbVBMetaImageHeader));
200 avb_sha512_update(
201 &sha512_ctx, auxiliary_block, h.auxiliary_data_block_size);
202 computed_hash = avb_sha512_final(&sha512_ctx);
203 break;
204 default:
205 avb_error("Unknown algorithm.\n");
206 goto out;
207 }
208
209 if (avb_safe_memcmp(authentication_block + h.hash_offset,
210 computed_hash,
211 h.hash_size) != 0) {
212 avb_error("Hash does not match!\n");
213 ret = AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH;
214 goto out;
215 }
216
217 verification_result =
218 avb_rsa_verify(auxiliary_block + h.public_key_offset,
219 h.public_key_size,
220 authentication_block + h.signature_offset,
221 h.signature_size,
222 authentication_block + h.hash_offset,
223 h.hash_size,
224 algorithm->padding,
225 algorithm->padding_len);
226
227 if (verification_result == 0) {
228 ret = AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH;
229 goto out;
230 }
231
232 if (h.public_key_size > 0) {
233 if (out_public_key_data != NULL) {
234 *out_public_key_data = auxiliary_block + h.public_key_offset;
235 }
236 if (out_public_key_length != NULL) {
237 *out_public_key_length = h.public_key_size;
238 }
239 }
240
241 ret = AVB_VBMETA_VERIFY_RESULT_OK;
242
243 out:
244 return ret;
245 }
246
avb_vbmeta_image_header_to_host_byte_order(const AvbVBMetaImageHeader * src,AvbVBMetaImageHeader * dest)247 void avb_vbmeta_image_header_to_host_byte_order(const AvbVBMetaImageHeader* src,
248 AvbVBMetaImageHeader* dest) {
249 avb_memcpy(dest, src, sizeof(AvbVBMetaImageHeader));
250
251 dest->required_libavb_version_major =
252 avb_be32toh(dest->required_libavb_version_major);
253 dest->required_libavb_version_minor =
254 avb_be32toh(dest->required_libavb_version_minor);
255
256 dest->authentication_data_block_size =
257 avb_be64toh(dest->authentication_data_block_size);
258 dest->auxiliary_data_block_size =
259 avb_be64toh(dest->auxiliary_data_block_size);
260
261 dest->algorithm_type = avb_be32toh(dest->algorithm_type);
262
263 dest->hash_offset = avb_be64toh(dest->hash_offset);
264 dest->hash_size = avb_be64toh(dest->hash_size);
265
266 dest->signature_offset = avb_be64toh(dest->signature_offset);
267 dest->signature_size = avb_be64toh(dest->signature_size);
268
269 dest->public_key_offset = avb_be64toh(dest->public_key_offset);
270 dest->public_key_size = avb_be64toh(dest->public_key_size);
271
272 dest->public_key_metadata_offset =
273 avb_be64toh(dest->public_key_metadata_offset);
274 dest->public_key_metadata_size = avb_be64toh(dest->public_key_metadata_size);
275
276 dest->descriptors_offset = avb_be64toh(dest->descriptors_offset);
277 dest->descriptors_size = avb_be64toh(dest->descriptors_size);
278
279 dest->rollback_index = avb_be64toh(dest->rollback_index);
280 dest->flags = avb_be32toh(dest->flags);
281 }
282
avb_vbmeta_verify_result_to_string(AvbVBMetaVerifyResult result)283 const char* avb_vbmeta_verify_result_to_string(AvbVBMetaVerifyResult result) {
284 const char* ret = NULL;
285
286 switch (result) {
287 case AVB_VBMETA_VERIFY_RESULT_OK:
288 ret = "OK";
289 break;
290 case AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED:
291 ret = "OK_NOT_SIGNED";
292 break;
293 case AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER:
294 ret = "INVALID_VBMETA_HEADER";
295 break;
296 case AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION:
297 ret = "UNSUPPORTED_VERSION";
298 break;
299 case AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH:
300 ret = "HASH_MISMATCH";
301 break;
302 case AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH:
303 ret = "SIGNATURE_MISMATCH";
304 break;
305 /* Do not add a 'default:' case here because of -Wswitch. */
306 }
307
308 if (ret == NULL) {
309 avb_error("Unknown AvbVBMetaVerifyResult value.\n");
310 ret = "(unknown)";
311 }
312
313 return ret;
314 }
315