Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / refs/heads/factory-reef-8811.B / . / firmware / bdb / secrets.c
blob: 08bca5f5fa1adc43003483fa92c10bc254fa454a [file] [log] [blame]
/* Copyright 2016 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "2sysincludes.h"
#include "2hmac.h"
#include "2sha.h"
#include "bdb_api.h"
#include "bdb_struct.h"
#include "bdb.h"
#include "secrets.h"
static int get_constant(const uint8_t *buf, uint32_t buf_size,
const uint8_t *constant, uint8_t *out)
{
int digest_size = vb2_digest_size(VB2_HASH_SHA256);
const struct bdb_key *key = (const struct bdb_key *)buf;
if (!buf)
return !BDB_SUCCESS;
if (bdb_check_key(key, buf_size))
return !BDB_SUCCESS;
if (vb2_digest_buffer(buf, buf_size, VB2_HASH_SHA256, out, digest_size))
return !BDB_SUCCESS;
memcpy(out + digest_size, constant,
BDB_CONSTANT_BLOCK_SIZE - digest_size);
return BDB_SUCCESS;
}
int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type,
const uint8_t *buf, uint32_t buf_size)
{
uint8_t c[BDB_CONSTANT_BLOCK_SIZE];
const uint8_t *b = (const uint8_t *)c;
uint8_t *s;
uint8_t *o;
switch (type) {
case BDB_SECRET_TYPE_BDB:
s = o = ctx->ro_secrets->bdb;
if (get_constant(buf, buf_size, secret_constant_q, c))
return BDB_ERROR_SECRET_BDB;
break;
case BDB_SECRET_TYPE_BOOT_PATH:
s = o = ctx->ro_secrets->boot_path;
if (get_constant(buf, buf_size, secret_constant_l, c))
return BDB_ERROR_SECRET_BOOT_PATH;
break;
case BDB_SECRET_TYPE_BOOT_VERIFIED:
s = o = ctx->ro_secrets->boot_verified;
if (ctx->flags & VBA_CONTEXT_FLAG_KERNEL_DATA_KEY_VERIFIED)
b = secret_constant_kv1;
else
b = secret_constant_kv0;
break;
case BDB_SECRET_TYPE_BUC:
s = ctx->ro_secrets->boot_verified;
b = secret_constant_c;
o = ctx->rw_secrets->buc;
break;
default:
return BDB_ERROR_SECRET_TYPE;
}
vb2_sha256_extend(s, b, o);
return BDB_SUCCESS;
}
int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type)
{
uint8_t *s;
switch (type) {
case BDB_SECRET_TYPE_NVM_RW:
s = ctx->ro_secrets->nvm_rw;
break;
case BDB_SECRET_TYPE_BDB:
s = ctx->ro_secrets->bdb;
break;
case BDB_SECRET_TYPE_BOOT_PATH:
s = ctx->ro_secrets->boot_path;
break;
case BDB_SECRET_TYPE_BOOT_VERIFIED:
s = ctx->ro_secrets->boot_verified;
break;
case BDB_SECRET_TYPE_BUC:
s = ctx->rw_secrets->buc;
break;
default:
return BDB_ERROR_SECRET_TYPE;
}
memset(s, 0, BDB_SECRET_SIZE);
return BDB_SUCCESS;
}