| /* Copyright 2017 The Chromium OS Authors. All rights reserved. |
| * Use of this source code is governed by a BSD-style license that can be |
| * found in the LICENSE file. |
| */ |
| |
| #include "common.h" |
| #include "console.h" |
| #include "rsa.h" |
| #include "sha256.h" |
| #include "shared_mem.h" |
| #include "vboot.h" |
| |
| #define CPRINTS(format, args...) cprints(CC_VBOOT, format, ## args) |
| #define CPRINTF(format, args...) cprintf(CC_VBOOT, format, ## args) |
| |
| int vboot_is_padding_valid(const uint8_t *data, uint32_t start, uint32_t end) |
| { |
| const uint32_t *data32 = (const uint32_t *)data; |
| int i; |
| |
| if (start > end) |
| return EC_ERROR_INVAL; |
| |
| if (start % 4 || end % 4) |
| return EC_ERROR_INVAL; |
| |
| for (i = start / 4; i < end / 4; i++) { |
| if (data32[i] != 0xffffffff) |
| return EC_ERROR_INVAL; |
| } |
| |
| return EC_SUCCESS; |
| } |
| |
| int vboot_verify(const uint8_t *data, int len, |
| const struct rsa_public_key *key, const uint8_t *sig) |
| { |
| struct sha256_ctx ctx; |
| uint8_t *hash; |
| uint32_t *workbuf; |
| int err = EC_SUCCESS; |
| |
| if (SHARED_MEM_ACQUIRE_CHECK(3 * RSANUMBYTES, (char **)&workbuf)) |
| return EC_ERROR_MEMORY_ALLOCATION; |
| |
| /* Compute hash of the RW firmware */ |
| SHA256_init(&ctx); |
| SHA256_update(&ctx, data, len); |
| hash = SHA256_final(&ctx); |
| |
| /* Verify the data */ |
| if (rsa_verify(key, sig, hash, workbuf) != 1) |
| err = EC_ERROR_VBOOT_DATA_VERIFY; |
| |
| shared_mem_release(workbuf); |
| |
| return err; |
| } |
