1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2014 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker *
5*8617a60dSAndroid Build Coastguard Worker * Host functions for signatures.
6*8617a60dSAndroid Build Coastguard Worker */
7*8617a60dSAndroid Build Coastguard Worker
8*8617a60dSAndroid Build Coastguard Worker #include <openssl/rsa.h>
9*8617a60dSAndroid Build Coastguard Worker
10*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
11*8617a60dSAndroid Build Coastguard Worker #include "2rsa.h"
12*8617a60dSAndroid Build Coastguard Worker #include "2sha.h"
13*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h"
14*8617a60dSAndroid Build Coastguard Worker #include "host_common.h"
15*8617a60dSAndroid Build Coastguard Worker #include "host_common21.h"
16*8617a60dSAndroid Build Coastguard Worker #include "host_key21.h"
17*8617a60dSAndroid Build Coastguard Worker #include "host_misc.h"
18*8617a60dSAndroid Build Coastguard Worker #include "host_p11.h"
19*8617a60dSAndroid Build Coastguard Worker #include "host_signature21.h"
20*8617a60dSAndroid Build Coastguard Worker
vb2_digest_info(enum vb2_hash_algorithm hash_alg,const uint8_t ** buf_ptr,uint32_t * size_ptr)21*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_digest_info(enum vb2_hash_algorithm hash_alg,
22*8617a60dSAndroid Build Coastguard Worker const uint8_t **buf_ptr, uint32_t *size_ptr)
23*8617a60dSAndroid Build Coastguard Worker {
24*8617a60dSAndroid Build Coastguard Worker *buf_ptr = NULL;
25*8617a60dSAndroid Build Coastguard Worker *size_ptr = 0;
26*8617a60dSAndroid Build Coastguard Worker
27*8617a60dSAndroid Build Coastguard Worker switch (hash_alg) {
28*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1
29*8617a60dSAndroid Build Coastguard Worker case VB2_HASH_SHA1:
30*8617a60dSAndroid Build Coastguard Worker {
31*8617a60dSAndroid Build Coastguard Worker static const uint8_t info[] = {
32*8617a60dSAndroid Build Coastguard Worker 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
33*8617a60dSAndroid Build Coastguard Worker 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
34*8617a60dSAndroid Build Coastguard Worker };
35*8617a60dSAndroid Build Coastguard Worker *buf_ptr = info;
36*8617a60dSAndroid Build Coastguard Worker *size_ptr = sizeof(info);
37*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
38*8617a60dSAndroid Build Coastguard Worker }
39*8617a60dSAndroid Build Coastguard Worker #endif
40*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256
41*8617a60dSAndroid Build Coastguard Worker case VB2_HASH_SHA256:
42*8617a60dSAndroid Build Coastguard Worker {
43*8617a60dSAndroid Build Coastguard Worker static const uint8_t info[] = {
44*8617a60dSAndroid Build Coastguard Worker 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
45*8617a60dSAndroid Build Coastguard Worker 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
46*8617a60dSAndroid Build Coastguard Worker 0x00, 0x04, 0x20
47*8617a60dSAndroid Build Coastguard Worker };
48*8617a60dSAndroid Build Coastguard Worker *buf_ptr = info;
49*8617a60dSAndroid Build Coastguard Worker *size_ptr = sizeof(info);
50*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
51*8617a60dSAndroid Build Coastguard Worker }
52*8617a60dSAndroid Build Coastguard Worker #endif
53*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512
54*8617a60dSAndroid Build Coastguard Worker case VB2_HASH_SHA512:
55*8617a60dSAndroid Build Coastguard Worker {
56*8617a60dSAndroid Build Coastguard Worker static const uint8_t info[] = {
57*8617a60dSAndroid Build Coastguard Worker 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
58*8617a60dSAndroid Build Coastguard Worker 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
59*8617a60dSAndroid Build Coastguard Worker 0x00, 0x04, 0x40
60*8617a60dSAndroid Build Coastguard Worker };
61*8617a60dSAndroid Build Coastguard Worker *buf_ptr = info;
62*8617a60dSAndroid Build Coastguard Worker *size_ptr = sizeof(info);
63*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
64*8617a60dSAndroid Build Coastguard Worker }
65*8617a60dSAndroid Build Coastguard Worker #endif
66*8617a60dSAndroid Build Coastguard Worker default:
67*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_DIGEST_INFO;
68*8617a60dSAndroid Build Coastguard Worker }
69*8617a60dSAndroid Build Coastguard Worker }
70*8617a60dSAndroid Build Coastguard Worker
vb21_sign_data(struct vb21_signature ** sig_ptr,const uint8_t * data,uint32_t size,const struct vb2_private_key * key,const char * desc)71*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb21_sign_data(struct vb21_signature **sig_ptr, const uint8_t *data,
72*8617a60dSAndroid Build Coastguard Worker uint32_t size, const struct vb2_private_key *key,
73*8617a60dSAndroid Build Coastguard Worker const char *desc)
74*8617a60dSAndroid Build Coastguard Worker {
75*8617a60dSAndroid Build Coastguard Worker struct vb21_signature s = {
76*8617a60dSAndroid Build Coastguard Worker .c.magic = VB21_MAGIC_SIGNATURE,
77*8617a60dSAndroid Build Coastguard Worker .c.struct_version_major = VB21_SIGNATURE_VERSION_MAJOR,
78*8617a60dSAndroid Build Coastguard Worker .c.struct_version_minor = VB21_SIGNATURE_VERSION_MINOR,
79*8617a60dSAndroid Build Coastguard Worker .c.fixed_size = sizeof(s),
80*8617a60dSAndroid Build Coastguard Worker .sig_alg = key->sig_alg,
81*8617a60dSAndroid Build Coastguard Worker .hash_alg = key->hash_alg,
82*8617a60dSAndroid Build Coastguard Worker .data_size = size,
83*8617a60dSAndroid Build Coastguard Worker .id = key->id,
84*8617a60dSAndroid Build Coastguard Worker };
85*8617a60dSAndroid Build Coastguard Worker
86*8617a60dSAndroid Build Coastguard Worker vb2_error_t rv;
87*8617a60dSAndroid Build Coastguard Worker struct vb2_digest_context dc;
88*8617a60dSAndroid Build Coastguard Worker uint32_t digest_size;
89*8617a60dSAndroid Build Coastguard Worker const uint8_t *info = NULL;
90*8617a60dSAndroid Build Coastguard Worker uint32_t info_size = 0;
91*8617a60dSAndroid Build Coastguard Worker uint32_t sig_digest_size;
92*8617a60dSAndroid Build Coastguard Worker uint8_t *sig_digest = NULL;
93*8617a60dSAndroid Build Coastguard Worker uint8_t *buf = NULL;
94*8617a60dSAndroid Build Coastguard Worker
95*8617a60dSAndroid Build Coastguard Worker *sig_ptr = NULL;
96*8617a60dSAndroid Build Coastguard Worker
97*8617a60dSAndroid Build Coastguard Worker /* Use key description if no description supplied */
98*8617a60dSAndroid Build Coastguard Worker if (!desc)
99*8617a60dSAndroid Build Coastguard Worker desc = key->desc;
100*8617a60dSAndroid Build Coastguard Worker
101*8617a60dSAndroid Build Coastguard Worker s.c.desc_size = vb2_desc_size(desc);
102*8617a60dSAndroid Build Coastguard Worker
103*8617a60dSAndroid Build Coastguard Worker s.sig_offset = s.c.fixed_size + s.c.desc_size;
104*8617a60dSAndroid Build Coastguard Worker s.sig_size = vb2_sig_size(key->sig_alg, key->hash_alg);
105*8617a60dSAndroid Build Coastguard Worker if (!s.sig_size) {
106*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_SIG_SIZE;
107*8617a60dSAndroid Build Coastguard Worker goto done;
108*8617a60dSAndroid Build Coastguard Worker }
109*8617a60dSAndroid Build Coastguard Worker
110*8617a60dSAndroid Build Coastguard Worker s.c.total_size = s.sig_offset + s.sig_size;
111*8617a60dSAndroid Build Coastguard Worker /* Allocate signature buffer and copy header */
112*8617a60dSAndroid Build Coastguard Worker buf = calloc(1, s.c.total_size);
113*8617a60dSAndroid Build Coastguard Worker if (!buf) {
114*8617a60dSAndroid Build Coastguard Worker rv = VB2_ERROR_UNKNOWN;
115*8617a60dSAndroid Build Coastguard Worker goto done;
116*8617a60dSAndroid Build Coastguard Worker }
117*8617a60dSAndroid Build Coastguard Worker memcpy(buf, &s, sizeof(s));
118*8617a60dSAndroid Build Coastguard Worker
119*8617a60dSAndroid Build Coastguard Worker /* strcpy() is ok because we allocated buffer based on desc length */
120*8617a60dSAndroid Build Coastguard Worker if (desc)
121*8617a60dSAndroid Build Coastguard Worker strcpy((char *)buf + s.c.fixed_size, desc);
122*8617a60dSAndroid Build Coastguard Worker
123*8617a60dSAndroid Build Coastguard Worker /* If it is PKCS11#11 key, we could sign with pkcs11_sign instead */
124*8617a60dSAndroid Build Coastguard Worker if (key->key_location == PRIVATE_KEY_P11) {
125*8617a60dSAndroid Build Coastguard Worker /* RSA-encrypt the signature */
126*8617a60dSAndroid Build Coastguard Worker rv = pkcs11_sign(key->p11_key, key->hash_alg, data, size,
127*8617a60dSAndroid Build Coastguard Worker buf + s.sig_offset, s.sig_size);
128*8617a60dSAndroid Build Coastguard Worker goto done;
129*8617a60dSAndroid Build Coastguard Worker }
130*8617a60dSAndroid Build Coastguard Worker
131*8617a60dSAndroid Build Coastguard Worker /* Determine digest size and allocate buffer */
132*8617a60dSAndroid Build Coastguard Worker if (s.sig_alg != VB2_SIG_NONE) {
133*8617a60dSAndroid Build Coastguard Worker if (vb2_digest_info(s.hash_alg, &info, &info_size)) {
134*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_DIGEST_INFO;
135*8617a60dSAndroid Build Coastguard Worker goto done;
136*8617a60dSAndroid Build Coastguard Worker }
137*8617a60dSAndroid Build Coastguard Worker }
138*8617a60dSAndroid Build Coastguard Worker
139*8617a60dSAndroid Build Coastguard Worker digest_size = vb2_digest_size(key->hash_alg);
140*8617a60dSAndroid Build Coastguard Worker if (!digest_size) {
141*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_DIGEST_SIZE;
142*8617a60dSAndroid Build Coastguard Worker goto done;
143*8617a60dSAndroid Build Coastguard Worker }
144*8617a60dSAndroid Build Coastguard Worker
145*8617a60dSAndroid Build Coastguard Worker sig_digest_size = info_size + digest_size;
146*8617a60dSAndroid Build Coastguard Worker sig_digest = malloc(sig_digest_size);
147*8617a60dSAndroid Build Coastguard Worker if (!sig_digest) {
148*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_DIGEST_ALLOC;
149*8617a60dSAndroid Build Coastguard Worker goto done;
150*8617a60dSAndroid Build Coastguard Worker }
151*8617a60dSAndroid Build Coastguard Worker
152*8617a60dSAndroid Build Coastguard Worker /* Prepend digest info, if any */
153*8617a60dSAndroid Build Coastguard Worker if (info_size)
154*8617a60dSAndroid Build Coastguard Worker memcpy(sig_digest, info, info_size);
155*8617a60dSAndroid Build Coastguard Worker
156*8617a60dSAndroid Build Coastguard Worker /* Calculate hash digest */
157*8617a60dSAndroid Build Coastguard Worker if (vb2_digest_init(&dc, false, s.hash_alg, 0)) {
158*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_DIGEST_INIT;
159*8617a60dSAndroid Build Coastguard Worker goto done;
160*8617a60dSAndroid Build Coastguard Worker }
161*8617a60dSAndroid Build Coastguard Worker
162*8617a60dSAndroid Build Coastguard Worker if (vb2_digest_extend(&dc, data, size)) {
163*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_DIGEST_EXTEND;
164*8617a60dSAndroid Build Coastguard Worker goto done;
165*8617a60dSAndroid Build Coastguard Worker }
166*8617a60dSAndroid Build Coastguard Worker
167*8617a60dSAndroid Build Coastguard Worker if (vb2_digest_finalize(&dc, sig_digest + info_size, digest_size)) {
168*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_DIGEST_FINALIZE;
169*8617a60dSAndroid Build Coastguard Worker goto done;
170*8617a60dSAndroid Build Coastguard Worker }
171*8617a60dSAndroid Build Coastguard Worker
172*8617a60dSAndroid Build Coastguard Worker if (s.sig_alg == VB2_SIG_NONE) {
173*8617a60dSAndroid Build Coastguard Worker /* Bare hash signature is just the digest */
174*8617a60dSAndroid Build Coastguard Worker memcpy(buf + s.sig_offset, sig_digest, sig_digest_size);
175*8617a60dSAndroid Build Coastguard Worker } else {
176*8617a60dSAndroid Build Coastguard Worker /* RSA-encrypt the signature */
177*8617a60dSAndroid Build Coastguard Worker if (RSA_private_encrypt(sig_digest_size,
178*8617a60dSAndroid Build Coastguard Worker sig_digest,
179*8617a60dSAndroid Build Coastguard Worker buf + s.sig_offset,
180*8617a60dSAndroid Build Coastguard Worker key->rsa_private_key,
181*8617a60dSAndroid Build Coastguard Worker RSA_PKCS1_PADDING) == -1) {
182*8617a60dSAndroid Build Coastguard Worker rv = VB2_SIGN_DATA_RSA_ENCRYPT;
183*8617a60dSAndroid Build Coastguard Worker goto done;
184*8617a60dSAndroid Build Coastguard Worker }
185*8617a60dSAndroid Build Coastguard Worker }
186*8617a60dSAndroid Build Coastguard Worker rv = VB2_SUCCESS;
187*8617a60dSAndroid Build Coastguard Worker done:
188*8617a60dSAndroid Build Coastguard Worker free(sig_digest);
189*8617a60dSAndroid Build Coastguard Worker if (rv == VB2_SUCCESS)
190*8617a60dSAndroid Build Coastguard Worker *sig_ptr = (struct vb21_signature *)buf;
191*8617a60dSAndroid Build Coastguard Worker else
192*8617a60dSAndroid Build Coastguard Worker free(buf);
193*8617a60dSAndroid Build Coastguard Worker return rv;
194*8617a60dSAndroid Build Coastguard Worker }
195*8617a60dSAndroid Build Coastguard Worker
vb21_sig_size_for_key(uint32_t * size_ptr,const struct vb2_private_key * key,const char * desc)196*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb21_sig_size_for_key(uint32_t *size_ptr,
197*8617a60dSAndroid Build Coastguard Worker const struct vb2_private_key *key,
198*8617a60dSAndroid Build Coastguard Worker const char *desc)
199*8617a60dSAndroid Build Coastguard Worker {
200*8617a60dSAndroid Build Coastguard Worker uint32_t size = vb2_sig_size(key->sig_alg, key->hash_alg);
201*8617a60dSAndroid Build Coastguard Worker
202*8617a60dSAndroid Build Coastguard Worker if (!size)
203*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SIG_SIZE_FOR_KEY;
204*8617a60dSAndroid Build Coastguard Worker
205*8617a60dSAndroid Build Coastguard Worker size += sizeof(struct vb21_signature);
206*8617a60dSAndroid Build Coastguard Worker size += vb2_desc_size(desc ? desc : key->desc);
207*8617a60dSAndroid Build Coastguard Worker
208*8617a60dSAndroid Build Coastguard Worker *size_ptr = size;
209*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
210*8617a60dSAndroid Build Coastguard Worker }
211*8617a60dSAndroid Build Coastguard Worker
vb21_sig_size_for_keys(uint32_t * size_ptr,const struct vb2_private_key ** key_list,uint32_t key_count)212*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb21_sig_size_for_keys(uint32_t *size_ptr,
213*8617a60dSAndroid Build Coastguard Worker const struct vb2_private_key **key_list,
214*8617a60dSAndroid Build Coastguard Worker uint32_t key_count)
215*8617a60dSAndroid Build Coastguard Worker {
216*8617a60dSAndroid Build Coastguard Worker uint32_t total = 0, size = 0;
217*8617a60dSAndroid Build Coastguard Worker vb2_error_t rv, i;
218*8617a60dSAndroid Build Coastguard Worker
219*8617a60dSAndroid Build Coastguard Worker *size_ptr = 0;
220*8617a60dSAndroid Build Coastguard Worker
221*8617a60dSAndroid Build Coastguard Worker for (i = 0; i < key_count; i++) {
222*8617a60dSAndroid Build Coastguard Worker rv = vb21_sig_size_for_key(&size, key_list[i], NULL);
223*8617a60dSAndroid Build Coastguard Worker if (rv)
224*8617a60dSAndroid Build Coastguard Worker return rv;
225*8617a60dSAndroid Build Coastguard Worker total += size;
226*8617a60dSAndroid Build Coastguard Worker }
227*8617a60dSAndroid Build Coastguard Worker
228*8617a60dSAndroid Build Coastguard Worker *size_ptr = total;
229*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
230*8617a60dSAndroid Build Coastguard Worker }
231*8617a60dSAndroid Build Coastguard Worker
vb21_sign_object(uint8_t * buf,uint32_t sig_offset,const struct vb2_private_key * key,const char * desc)232*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb21_sign_object(uint8_t *buf, uint32_t sig_offset,
233*8617a60dSAndroid Build Coastguard Worker const struct vb2_private_key *key,
234*8617a60dSAndroid Build Coastguard Worker const char *desc)
235*8617a60dSAndroid Build Coastguard Worker {
236*8617a60dSAndroid Build Coastguard Worker struct vb21_struct_common *c = (struct vb21_struct_common *)buf;
237*8617a60dSAndroid Build Coastguard Worker struct vb21_signature *sig = NULL;
238*8617a60dSAndroid Build Coastguard Worker vb2_error_t rv;
239*8617a60dSAndroid Build Coastguard Worker
240*8617a60dSAndroid Build Coastguard Worker rv = vb21_sign_data(&sig, buf, sig_offset, key, desc);
241*8617a60dSAndroid Build Coastguard Worker if (rv)
242*8617a60dSAndroid Build Coastguard Worker return rv;
243*8617a60dSAndroid Build Coastguard Worker
244*8617a60dSAndroid Build Coastguard Worker if (sig_offset + sig->c.total_size > c->total_size) {
245*8617a60dSAndroid Build Coastguard Worker free(sig);
246*8617a60dSAndroid Build Coastguard Worker return VB2_SIGN_OBJECT_OVERFLOW;
247*8617a60dSAndroid Build Coastguard Worker }
248*8617a60dSAndroid Build Coastguard Worker
249*8617a60dSAndroid Build Coastguard Worker memcpy(buf + sig_offset, sig, sig->c.total_size);
250*8617a60dSAndroid Build Coastguard Worker free(sig);
251*8617a60dSAndroid Build Coastguard Worker
252*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
253*8617a60dSAndroid Build Coastguard Worker }
254*8617a60dSAndroid Build Coastguard Worker
vb21_sign_object_multiple(uint8_t * buf,uint32_t sig_offset,const struct vb2_private_key ** key_list,uint32_t key_count)255*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb21_sign_object_multiple(uint8_t *buf, uint32_t sig_offset,
256*8617a60dSAndroid Build Coastguard Worker const struct vb2_private_key **key_list,
257*8617a60dSAndroid Build Coastguard Worker uint32_t key_count)
258*8617a60dSAndroid Build Coastguard Worker {
259*8617a60dSAndroid Build Coastguard Worker struct vb21_struct_common *c = (struct vb21_struct_common *)buf;
260*8617a60dSAndroid Build Coastguard Worker uint32_t sig_next = sig_offset;
261*8617a60dSAndroid Build Coastguard Worker vb2_error_t rv, i;
262*8617a60dSAndroid Build Coastguard Worker
263*8617a60dSAndroid Build Coastguard Worker for (i = 0; i < key_count; i++) {
264*8617a60dSAndroid Build Coastguard Worker struct vb21_signature *sig = NULL;
265*8617a60dSAndroid Build Coastguard Worker
266*8617a60dSAndroid Build Coastguard Worker rv = vb21_sign_data(&sig, buf, sig_offset, key_list[i], NULL);
267*8617a60dSAndroid Build Coastguard Worker if (rv)
268*8617a60dSAndroid Build Coastguard Worker return rv;
269*8617a60dSAndroid Build Coastguard Worker
270*8617a60dSAndroid Build Coastguard Worker if (sig_next + sig->c.total_size > c->total_size) {
271*8617a60dSAndroid Build Coastguard Worker free(sig);
272*8617a60dSAndroid Build Coastguard Worker return VB2_SIGN_OBJECT_OVERFLOW;
273*8617a60dSAndroid Build Coastguard Worker }
274*8617a60dSAndroid Build Coastguard Worker
275*8617a60dSAndroid Build Coastguard Worker memcpy(buf + sig_next, sig, sig->c.total_size);
276*8617a60dSAndroid Build Coastguard Worker sig_next += sig->c.total_size;
277*8617a60dSAndroid Build Coastguard Worker free(sig);
278*8617a60dSAndroid Build Coastguard Worker }
279*8617a60dSAndroid Build Coastguard Worker
280*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
281*8617a60dSAndroid Build Coastguard Worker }
282