xref: /rk3399_rockchip-uboot/lib/avb/libavb/avb_vbmeta_image.c (revision b27ae02dfdf0e26d23901e9b898629d6ec470a60) 
1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include <android_avb/avb_vbmeta_image.h>
26 #include <android_avb/avb_crypto.h>
27 #include <android_avb/avb_rsa.h>
28 #include <android_avb/avb_sha.h>
29 #include <android_avb/avb_util.h>
30 #include <android_avb/avb_version.h>
31 
32 AvbVBMetaVerifyResult avb_vbmeta_image_verify(
33     const uint8_t* data,
34     size_t length,
35     const uint8_t** out_public_key_data,
36     size_t* out_public_key_length) {
37   AvbVBMetaVerifyResult ret;
38   AvbVBMetaImageHeader h;
39   uint8_t* computed_hash;
40   const AvbAlgorithmData* algorithm;
41   AvbSHA256Ctx sha256_ctx;
42   AvbSHA512Ctx sha512_ctx;
43   const uint8_t* header_block;
44   const uint8_t* authentication_block;
45   const uint8_t* auxiliary_block;
46   int verification_result;
47 
48   ret = AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER;
49 
50   if (out_public_key_data != NULL) {
51     *out_public_key_data = NULL;
52   }
53   if (out_public_key_length != NULL) {
54     *out_public_key_length = 0;
55   }
56 
57   /* Before we byteswap or compare Magic, ensure length is long enough. */
58   if (length < sizeof(AvbVBMetaImageHeader)) {
59     avb_error("Length is smaller than header.\n");
60     goto out;
61   }
62 
63   /* Ensure magic is correct. */
64   if (avb_safe_memcmp(data, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
65     avb_error("Magic is incorrect.\n");
66     goto out;
67   }
68 
69   avb_vbmeta_image_header_to_host_byte_order((const AvbVBMetaImageHeader*)data,
70                                              &h);
71 
72   /* Ensure we don't attempt to access any fields if we do not meet
73    * the specified minimum version of libavb.
74    */
75   if ((h.required_libavb_version_major != AVB_VERSION_MAJOR) ||
76       (h.required_libavb_version_minor > AVB_VERSION_MINOR)) {
77     avb_error("Mismatch between image version and libavb version.\n");
78     ret = AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION;
79     goto out;
80   }
81 
82   /* Ensure |release_string| ends with a NUL byte. */
83   if (h.release_string[AVB_RELEASE_STRING_SIZE - 1] != '\0') {
84     avb_error("Release string does not end with a NUL byte.\n");
85     goto out;
86   }
87 
88   /* Ensure inner block sizes are multiple of 64. */
89   if ((h.authentication_data_block_size & 0x3f) != 0 ||
90       (h.auxiliary_data_block_size & 0x3f) != 0) {
91     avb_error("Block size is not a multiple of 64.\n");
92     goto out;
93   }
94 
95   /* Ensure block sizes all add up to at most |length|. */
96   uint64_t block_total = sizeof(AvbVBMetaImageHeader);
97   if (!avb_safe_add_to(&block_total, h.authentication_data_block_size) ||
98       !avb_safe_add_to(&block_total, h.auxiliary_data_block_size)) {
99     avb_error("Overflow while computing size of boot image.\n");
100     goto out;
101   }
102   if (block_total > length) {
103     avb_error("Block sizes add up to more than given length.\n");
104     goto out;
105   }
106 
107   uintptr_t data_ptr = (uintptr_t)data;
108   /* Ensure passed in memory doesn't wrap. */
109   if (!avb_safe_add(NULL, (uint64_t)data_ptr, length)) {
110     avb_error("Boot image location and length mismatch.\n");
111     goto out;
112   }
113 
114   /* Ensure hash and signature are entirely in the Authentication data block. */
115   uint64_t hash_end;
116   if (!avb_safe_add(&hash_end, h.hash_offset, h.hash_size) ||
117       hash_end > h.authentication_data_block_size) {
118     avb_error("Hash is not entirely in its block.\n");
119     goto out;
120   }
121   uint64_t signature_end;
122   if (!avb_safe_add(&signature_end, h.signature_offset, h.signature_size) ||
123       signature_end > h.authentication_data_block_size) {
124     avb_error("Signature is not entirely in its block.\n");
125     goto out;
126   }
127 
128   /* Ensure public key is entirely in the Auxiliary data block. */
129   uint64_t pubkey_end;
130   if (!avb_safe_add(&pubkey_end, h.public_key_offset, h.public_key_size) ||
131       pubkey_end > h.auxiliary_data_block_size) {
132     avb_error("Public key is not entirely in its block.\n");
133     goto out;
134   }
135 
136   /* Ensure public key metadata (if set) is entirely in the Auxiliary
137    * data block. */
138   if (h.public_key_metadata_size > 0) {
139     uint64_t pubkey_md_end;
140     if (!avb_safe_add(&pubkey_md_end,
141                       h.public_key_metadata_offset,
142                       h.public_key_metadata_size) ||
143         pubkey_md_end > h.auxiliary_data_block_size) {
144       avb_error("Public key metadata is not entirely in its block.\n");
145       goto out;
146     }
147   }
148 
149   /* Bail early if there's no hash or signature. */
150   if (h.algorithm_type == AVB_ALGORITHM_TYPE_NONE) {
151     ret = AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED;
152     goto out;
153   }
154 
155   /* Ensure algorithm field is supported. */
156   algorithm = avb_get_algorithm_data(h.algorithm_type);
157   if (!algorithm) {
158     avb_error("Invalid or unknown algorithm.\n");
159     goto out;
160   }
161 
162   /* Bail if the embedded hash size doesn't match the chosen algorithm. */
163   if (h.hash_size != algorithm->hash_len) {
164     avb_error("Embedded hash has wrong size.\n");
165     goto out;
166   }
167 
168   /* No overflow checks needed from here-on after since all block
169    * sizes and offsets have been verified above.
170    */
171 
172   header_block = data;
173   authentication_block = header_block + sizeof(AvbVBMetaImageHeader);
174   auxiliary_block = authentication_block + h.authentication_data_block_size;
175 
176   switch (h.algorithm_type) {
177     /* Explicit fall-through: */
178     case AVB_ALGORITHM_TYPE_SHA256_RSA2048:
179     case AVB_ALGORITHM_TYPE_SHA256_RSA4096:
180     case AVB_ALGORITHM_TYPE_SHA256_RSA8192:
181       avb_sha256_init(&sha256_ctx);
182       avb_sha256_update(
183           &sha256_ctx, header_block, sizeof(AvbVBMetaImageHeader));
184       avb_sha256_update(
185           &sha256_ctx, auxiliary_block, h.auxiliary_data_block_size);
186       computed_hash = avb_sha256_final(&sha256_ctx);
187       break;
188     /* Explicit fall-through: */
189     case AVB_ALGORITHM_TYPE_SHA512_RSA2048:
190     case AVB_ALGORITHM_TYPE_SHA512_RSA4096:
191     case AVB_ALGORITHM_TYPE_SHA512_RSA8192:
192       avb_sha512_init(&sha512_ctx);
193       avb_sha512_update(
194           &sha512_ctx, header_block, sizeof(AvbVBMetaImageHeader));
195       avb_sha512_update(
196           &sha512_ctx, auxiliary_block, h.auxiliary_data_block_size);
197       computed_hash = avb_sha512_final(&sha512_ctx);
198       break;
199     default:
200       avb_error("Unknown algorithm.\n");
201       goto out;
202   }
203 
204   if (avb_safe_memcmp(authentication_block + h.hash_offset,
205                       computed_hash,
206                       h.hash_size) != 0) {
207     avb_error("Hash does not match!\n");
208     ret = AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH;
209     goto out;
210   }
211 
212   verification_result =
213       avb_rsa_verify(auxiliary_block + h.public_key_offset,
214                      h.public_key_size,
215                      authentication_block + h.signature_offset,
216                      h.signature_size,
217                      authentication_block + h.hash_offset,
218                      h.hash_size,
219                      algorithm->padding,
220                      algorithm->padding_len);
221 
222   if (verification_result == 0) {
223     ret = AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH;
224     goto out;
225   }
226 
227   if (h.public_key_size > 0) {
228     if (out_public_key_data != NULL) {
229       *out_public_key_data = auxiliary_block + h.public_key_offset;
230     }
231     if (out_public_key_length != NULL) {
232       *out_public_key_length = h.public_key_size;
233     }
234   }
235 
236   ret = AVB_VBMETA_VERIFY_RESULT_OK;
237 
238 out:
239   return ret;
240 }
241 
242 void avb_vbmeta_image_header_to_host_byte_order(const AvbVBMetaImageHeader* src,
243                                                 AvbVBMetaImageHeader* dest) {
244   avb_memcpy(dest, src, sizeof(AvbVBMetaImageHeader));
245 
246   dest->required_libavb_version_major =
247       avb_be32toh(dest->required_libavb_version_major);
248   dest->required_libavb_version_minor =
249       avb_be32toh(dest->required_libavb_version_minor);
250 
251   dest->authentication_data_block_size =
252       avb_be64toh(dest->authentication_data_block_size);
253   dest->auxiliary_data_block_size =
254       avb_be64toh(dest->auxiliary_data_block_size);
255 
256   dest->algorithm_type = avb_be32toh(dest->algorithm_type);
257 
258   dest->hash_offset = avb_be64toh(dest->hash_offset);
259   dest->hash_size = avb_be64toh(dest->hash_size);
260 
261   dest->signature_offset = avb_be64toh(dest->signature_offset);
262   dest->signature_size = avb_be64toh(dest->signature_size);
263 
264   dest->public_key_offset = avb_be64toh(dest->public_key_offset);
265   dest->public_key_size = avb_be64toh(dest->public_key_size);
266 
267   dest->public_key_metadata_offset =
268       avb_be64toh(dest->public_key_metadata_offset);
269   dest->public_key_metadata_size = avb_be64toh(dest->public_key_metadata_size);
270 
271   dest->descriptors_offset = avb_be64toh(dest->descriptors_offset);
272   dest->descriptors_size = avb_be64toh(dest->descriptors_size);
273 
274   dest->rollback_index = avb_be64toh(dest->rollback_index);
275   dest->flags = avb_be32toh(dest->flags);
276 }
277 
278 const char* avb_vbmeta_verify_result_to_string(AvbVBMetaVerifyResult result) {
279   const char* ret = NULL;
280 
281   switch (result) {
282     case AVB_VBMETA_VERIFY_RESULT_OK:
283       ret = "OK";
284       break;
285     case AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED:
286       ret = "OK_NOT_SIGNED";
287       break;
288     case AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER:
289       ret = "INVALID_VBMETA_HEADER";
290       break;
291     case AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION:
292       ret = "UNSUPPORTED_VERSION";
293       break;
294     case AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH:
295       ret = "HASH_MISMATCH";
296       break;
297     case AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH:
298       ret = "SIGNATURE_MISMATCH";
299       break;
300       /* Do not add a 'default:' case here because of -Wswitch. */
301   }
302 
303   if (ret == NULL) {
304     avb_error("Unknown AvbVBMetaVerifyResult value.\n");
305     ret = "(unknown)";
306   }
307 
308   return ret;
309 }
310