xref: /rk3399_rockchip-uboot/lib/avb/libavb/avb_vbmeta_image.c (revision 5a94b26492fd3ad20c580976e18e101b67d14e6e) 
1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include <android_avb/avb_vbmeta_image.h>
26 #include <android_avb/avb_crypto.h>
27 #include <android_avb/avb_rsa.h>
28 #include <android_avb/avb_sha.h>
29 #include <android_avb/avb_util.h>
30 #include <android_avb/avb_version.h>
31 
32 AvbVBMetaVerifyResult avb_vbmeta_image_verify(
33     const uint8_t* data,
34     size_t length,
35     const uint8_t** out_public_key_data,
36     size_t* out_public_key_length) {
37   AvbVBMetaVerifyResult ret;
38   AvbVBMetaImageHeader h;
39   uint8_t* computed_hash;
40   const AvbAlgorithmData* algorithm;
41   AvbSHA256Ctx sha256_ctx;
42   AvbSHA512Ctx sha512_ctx;
43   const uint8_t* header_block;
44   const uint8_t* authentication_block;
45   const uint8_t* auxiliary_block;
46   int verification_result;
47 
48   ret = AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER;
49 
50   if (out_public_key_data != NULL) {
51     *out_public_key_data = NULL;
52   }
53   if (out_public_key_length != NULL) {
54     *out_public_key_length = 0;
55   }
56 
57   /* Before we byteswap or compare Magic, ensure length is long enough. */
58   if (length < sizeof(AvbVBMetaImageHeader)) {
59     avb_error("Length is smaller than header.\n");
60     goto out;
61   }
62 
63   /* Ensure magic is correct. */
64   if (avb_safe_memcmp(data, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
65     avb_error("Magic is incorrect.\n");
66     goto out;
67   }
68 
69   avb_vbmeta_image_header_to_host_byte_order((const AvbVBMetaImageHeader*)data,
70                                              &h);
71 
72   /* Ensure we don't attempt to access any fields if we do not meet
73    * the specified minimum version of libavb.
74    */
75   if ((h.required_libavb_version_major != AVB_VERSION_MAJOR) ||
76       (h.required_libavb_version_minor > AVB_VERSION_MINOR)) {
77     avb_error("Mismatch between image version and libavb version.\n");
78     ret = AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION;
79     goto out;
80   }
81 
82   /* Ensure |release_string| ends with a NUL byte. */
83   if (h.release_string[AVB_RELEASE_STRING_SIZE - 1] != '\0') {
84     avb_error("Release string does not end with a NUL byte.\n");
85     goto out;
86   }
87 
88   /* Ensure inner block sizes are multiple of 64. */
89   if ((h.authentication_data_block_size & 0x3f) != 0 ||
90       (h.auxiliary_data_block_size & 0x3f) != 0) {
91     avb_error("Block size is not a multiple of 64.\n");
92     goto out;
93   }
94 
95   /* Ensure block sizes all add up to at most |length|. */
96   uint64_t block_total = sizeof(AvbVBMetaImageHeader);
97   if (!avb_safe_add_to(&block_total, h.authentication_data_block_size) ||
98       !avb_safe_add_to(&block_total, h.auxiliary_data_block_size)) {
99     avb_error("Overflow while computing size of boot image.\n");
100     goto out;
101   }
102   if (block_total > length) {
103     avb_error("Block sizes add up to more than given length.\n");
104     goto out;
105   }
106 
107   uintptr_t data_ptr = (uintptr_t)data;
108   /* Ensure passed in memory doesn't wrap. */
109   if (!avb_safe_add(NULL, (uint64_t)data_ptr, length)) {
110     avb_error("Boot image location and length mismatch.\n");
111     goto out;
112   }
113 
114   /* Ensure hash and signature are entirely in the Authentication data block. */
115   uint64_t hash_end;
116   if (!avb_safe_add(&hash_end, h.hash_offset, h.hash_size) ||
117       hash_end > h.authentication_data_block_size) {
118     avb_error("Hash is not entirely in its block.\n");
119     goto out;
120   }
121   uint64_t signature_end;
122   if (!avb_safe_add(&signature_end, h.signature_offset, h.signature_size) ||
123       signature_end > h.authentication_data_block_size) {
124     avb_error("Signature is not entirely in its block.\n");
125     goto out;
126   }
127 
128   /* Ensure public key is entirely in the Auxiliary data block. */
129   uint64_t pubkey_end;
130   if (!avb_safe_add(&pubkey_end, h.public_key_offset, h.public_key_size) ||
131       pubkey_end > h.auxiliary_data_block_size) {
132     avb_error("Public key is not entirely in its block.\n");
133     goto out;
134   }
135 
136   /* Ensure public key metadata (if set) is entirely in the Auxiliary
137    * data block. */
138   if (h.public_key_metadata_size > 0) {
139     uint64_t pubkey_md_end;
140     if (!avb_safe_add(&pubkey_md_end,
141                       h.public_key_metadata_offset,
142                       h.public_key_metadata_size) ||
143         pubkey_md_end > h.auxiliary_data_block_size) {
144       avb_error("Public key metadata is not entirely in its block.\n");
145       goto out;
146     }
147   }
148 
149   /* Bail early if there's no hash or signature. */
150   if (h.algorithm_type == AVB_ALGORITHM_TYPE_NONE) {
151     ret = AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED;
152     goto out;
153   }
154 
155   /* Ensure algorithm field is supported. */
156   algorithm = avb_get_algorithm_data(h.algorithm_type);
157   if (!algorithm) {
158     avb_error("Invalid or unknown algorithm.\n");
159     goto out;
160   }
161 
162   /* Bail if the embedded hash size doesn't match the chosen algorithm. */
163   if (h.hash_size != algorithm->hash_len) {
164     avb_error("Embedded hash has wrong size.\n");
165     goto out;
166   }
167 
168   /* No overflow checks needed from here-on after since all block
169    * sizes and offsets have been verified above.
170    */
171 
172   header_block = data;
173   authentication_block = header_block + sizeof(AvbVBMetaImageHeader);
174   auxiliary_block = authentication_block + h.authentication_data_block_size;
175 
176   switch (h.algorithm_type) {
177     /* Explicit fall-through: */
178     case AVB_ALGORITHM_TYPE_SHA256_RSA2048:
179     case AVB_ALGORITHM_TYPE_SHA256_RSA4096:
180     case AVB_ALGORITHM_TYPE_SHA256_RSA8192:
181 
182       sha256_ctx.tot_len = sizeof(AvbVBMetaImageHeader) +
183                                       h.auxiliary_data_block_size;
184       avb_sha256_init(&sha256_ctx);
185       avb_sha256_update(
186           &sha256_ctx, header_block, sizeof(AvbVBMetaImageHeader));
187       avb_sha256_update(
188           &sha256_ctx, auxiliary_block, h.auxiliary_data_block_size);
189       computed_hash = avb_sha256_final(&sha256_ctx);
190       break;
191     /* Explicit fall-through: */
192     case AVB_ALGORITHM_TYPE_SHA512_RSA2048:
193     case AVB_ALGORITHM_TYPE_SHA512_RSA4096:
194     case AVB_ALGORITHM_TYPE_SHA512_RSA8192:
195       sha512_ctx.tot_len = sizeof(AvbVBMetaImageHeader) +
196                                       h.auxiliary_data_block_size;
197       avb_sha512_init(&sha512_ctx);
198       avb_sha512_update(
199           &sha512_ctx, header_block, sizeof(AvbVBMetaImageHeader));
200       avb_sha512_update(
201           &sha512_ctx, auxiliary_block, h.auxiliary_data_block_size);
202       computed_hash = avb_sha512_final(&sha512_ctx);
203       break;
204     default:
205       avb_error("Unknown algorithm.\n");
206       goto out;
207   }
208 
209   if (avb_safe_memcmp(authentication_block + h.hash_offset,
210                       computed_hash,
211                       h.hash_size) != 0) {
212     avb_error("Hash does not match!\n");
213     ret = AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH;
214     goto out;
215   }
216 
217   verification_result =
218       avb_rsa_verify(auxiliary_block + h.public_key_offset,
219                      h.public_key_size,
220                      authentication_block + h.signature_offset,
221                      h.signature_size,
222                      authentication_block + h.hash_offset,
223                      h.hash_size,
224                      algorithm->padding,
225                      algorithm->padding_len);
226 
227   if (verification_result == 0) {
228     ret = AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH;
229     goto out;
230   }
231 
232   if (h.public_key_size > 0) {
233     if (out_public_key_data != NULL) {
234       *out_public_key_data = auxiliary_block + h.public_key_offset;
235     }
236     if (out_public_key_length != NULL) {
237       *out_public_key_length = h.public_key_size;
238     }
239   }
240 
241   ret = AVB_VBMETA_VERIFY_RESULT_OK;
242 
243 out:
244   return ret;
245 }
246 
247 void avb_vbmeta_image_header_to_host_byte_order(const AvbVBMetaImageHeader* src,
248                                                 AvbVBMetaImageHeader* dest) {
249   avb_memcpy(dest, src, sizeof(AvbVBMetaImageHeader));
250 
251   dest->required_libavb_version_major =
252       avb_be32toh(dest->required_libavb_version_major);
253   dest->required_libavb_version_minor =
254       avb_be32toh(dest->required_libavb_version_minor);
255 
256   dest->authentication_data_block_size =
257       avb_be64toh(dest->authentication_data_block_size);
258   dest->auxiliary_data_block_size =
259       avb_be64toh(dest->auxiliary_data_block_size);
260 
261   dest->algorithm_type = avb_be32toh(dest->algorithm_type);
262 
263   dest->hash_offset = avb_be64toh(dest->hash_offset);
264   dest->hash_size = avb_be64toh(dest->hash_size);
265 
266   dest->signature_offset = avb_be64toh(dest->signature_offset);
267   dest->signature_size = avb_be64toh(dest->signature_size);
268 
269   dest->public_key_offset = avb_be64toh(dest->public_key_offset);
270   dest->public_key_size = avb_be64toh(dest->public_key_size);
271 
272   dest->public_key_metadata_offset =
273       avb_be64toh(dest->public_key_metadata_offset);
274   dest->public_key_metadata_size = avb_be64toh(dest->public_key_metadata_size);
275 
276   dest->descriptors_offset = avb_be64toh(dest->descriptors_offset);
277   dest->descriptors_size = avb_be64toh(dest->descriptors_size);
278 
279   dest->rollback_index = avb_be64toh(dest->rollback_index);
280   dest->flags = avb_be32toh(dest->flags);
281 }
282 
283 const char* avb_vbmeta_verify_result_to_string(AvbVBMetaVerifyResult result) {
284   const char* ret = NULL;
285 
286   switch (result) {
287     case AVB_VBMETA_VERIFY_RESULT_OK:
288       ret = "OK";
289       break;
290     case AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED:
291       ret = "OK_NOT_SIGNED";
292       break;
293     case AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER:
294       ret = "INVALID_VBMETA_HEADER";
295       break;
296     case AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION:
297       ret = "UNSUPPORTED_VERSION";
298       break;
299     case AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH:
300       ret = "HASH_MISMATCH";
301       break;
302     case AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH:
303       ret = "SIGNATURE_MISMATCH";
304       break;
305       /* Do not add a 'default:' case here because of -Wswitch. */
306   }
307 
308   if (ret == NULL) {
309     avb_error("Unknown AvbVBMetaVerifyResult value.\n");
310     ret = "(unknown)";
311   }
312 
313   return ret;
314 }
315