Propagate use of uint64_t to more functions that may need to deal with arbitrary length data.
This CL fixes some functions to use uint64_t that I missed the first time around. It ended up requiring some minor changes to how some of the helper functions work (StatefulMemcpy*()).
Also adds new tests to make sure that reference code can verify/process big firmware and kernel images.
BUG=670
TEST=Adds some new, old ones still pass.
Review URL: http://codereview.chromium.org/1519008
diff --git a/utils/firmware_image.c b/utils/firmware_image.c
index a598f54..2e3f924 100644
--- a/utils/firmware_image.c
+++ b/utils/firmware_image.c
@@ -66,6 +66,7 @@
st.remaining_len = image_len;
st.remaining_buf = firmware_buf;
+ st.overrun = 0;
/* Read and compare magic bytes. */
StatefulMemcpy(&st, &image->magic, FIRMWARE_MAGIC_SIZE);
@@ -132,7 +133,7 @@
image->firmware_data = (uint8_t*) Malloc(image->firmware_len);
StatefulMemcpy(&st, image->firmware_data, image->firmware_len);
- if(st.remaining_len != 0) { /* Overrun or underrun. */
+ if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */
Free(firmware_buf);
return NULL;
}
@@ -174,6 +175,7 @@
header_blob = (uint8_t*) Malloc(GetFirmwareHeaderLen(image));
st.remaining_len = GetFirmwareHeaderLen(image);
st.remaining_buf = header_blob;
+ st.overrun = 0;
StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len));
StatefulMemcpy_r(&st, &image->firmware_sign_algorithm, FIELD_LEN(header_len));
@@ -183,7 +185,7 @@
RSAProcessedKeySize(image->firmware_sign_algorithm));
StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum));
- if (st.remaining_len != 0) { /* Underrun or Overrun. */
+ if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */
Free(header_blob);
return NULL;
}
@@ -202,12 +204,13 @@
preamble_blob = (uint8_t*) Malloc(GetFirmwarePreambleLen());
st.remaining_len = GetFirmwarePreambleLen();
st.remaining_buf = preamble_blob;
+ st.overrun = 0;
StatefulMemcpy_r(&st, &image->firmware_version, FIELD_LEN(firmware_version));
StatefulMemcpy_r(&st, &image->firmware_len, FIELD_LEN(firmware_len));
StatefulMemcpy_r(&st, image->preamble, FIELD_LEN(preamble));
- if (st.remaining_len != 0 ) { /* Underrun or Overrun. */
+ if (st.overrun || st.remaining_len != 0 ) { /* Underrun or Overrun. */
Free(preamble_blob);
return NULL;
}
@@ -235,6 +238,7 @@
firmware_blob = (uint8_t*) Malloc(*blob_len);
st.remaining_len = *blob_len;
st.remaining_buf = firmware_blob;
+ st.overrun = 0;
header_blob = GetFirmwareHeaderBlob(image);
preamble_blob = GetFirmwarePreambleBlob(image);
@@ -251,7 +255,7 @@
Free(preamble_blob);
Free(header_blob);
- if (st.remaining_len != 0) { /* Underrun or Overrun. */
+ if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */
Free(firmware_blob);
return NULL;
}
@@ -381,8 +385,8 @@
int VerifyFirmwarePreamble(RSAPublicKey* firmware_sign_key,
const uint8_t* preamble_blob,
int algorithm,
- int* firmware_len) {
- uint32_t len;
+ uint64_t* firmware_len) {
+ uint64_t len;
int preamble_len;
uint16_t firmware_version;
@@ -400,14 +404,14 @@
Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version),
sizeof(len));
- *firmware_len = (int) len;
+ *firmware_len = len;
return 0;
}
int VerifyFirmwareData(RSAPublicKey* firmware_sign_key,
const uint8_t* preamble_start,
const uint8_t* firmware_data_start,
- int firmware_len,
+ uint64_t firmware_len,
int algorithm) {
int signature_len = siglen_map[algorithm];
uint8_t* digest;
@@ -437,7 +441,8 @@
int error_code = 0;
int algorithm; /* Signing key algorithm. */
RSAPublicKey* firmware_sign_key = NULL;
- int firmware_sign_key_len, signature_len, header_len, firmware_len;
+ int firmware_sign_key_len, signature_len, header_len;
+ uint64_t firmware_len;
const uint8_t* header_ptr = NULL; /* Pointer to header. */
const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */
const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */
@@ -473,6 +478,7 @@
algorithm,
&firmware_len))) {
RSAPublicKeyFree(firmware_sign_key);
+ fprintf(stderr, "Couldn't verify Firmware preamble.\n");
return error_code; /* AKA jump to recovery. */
}
/* Only continue if firmware data verification succeeds. */
@@ -485,6 +491,7 @@
firmware_len,
algorithm))) {
RSAPublicKeyFree(firmware_sign_key);
+ fprintf(stderr, "Couldn't verify Firmware data.\n");
return error_code; /* AKA jump to recovery. */
}
@@ -539,7 +546,7 @@
/* Get sign key to verify the rest of the firmware. */
firmware_sign_key_size = RSAProcessedKeySize(image->firmware_sign_algorithm);
firmware_sign_key = RSAPublicKeyFromBuf(image->firmware_sign_key,
- firmware_sign_key_size);
+ firmware_sign_key_size);
signature_size = siglen_map[image->firmware_sign_algorithm];
if (image->firmware_sign_algorithm >= kNumAlgorithms)
@@ -555,8 +562,8 @@
FIELD_LEN(preamble));
preamble_digest = DigestFinal(&ctx);
if (!RSAVerify(firmware_sign_key, image->preamble_signature,
- signature_size, image->firmware_sign_algorithm,
- preamble_digest)) {
+ signature_size, image->firmware_sign_algorithm,
+ preamble_digest)) {
error_code = VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED;
goto verify_failure;
}
diff --git a/utils/kernel_image.c b/utils/kernel_image.c
index f92a9f8..32e12a8 100644
--- a/utils/kernel_image.c
+++ b/utils/kernel_image.c
@@ -69,6 +69,7 @@
st.remaining_len = image_len;
st.remaining_buf = kernel_buf;
+ st.overrun = 0;
/* Read and compare magic bytes. */
StatefulMemcpy(&st, &image->magic, KERNEL_MAGIC_SIZE);
@@ -154,7 +155,7 @@
image->kernel_data = (uint8_t*) Malloc(image->options.kernel_len);
StatefulMemcpy(&st, image->kernel_data, image->options.kernel_len);
- if(st.remaining_len != 0) { /* Overrun or underrun. */
+ if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */
Free(kernel_buf);
return NULL;
}
@@ -200,6 +201,7 @@
header_blob = (uint8_t*) Malloc(GetKernelHeaderLen(image));
st.remaining_len = GetKernelHeaderLen(image);
st.remaining_buf = header_blob;
+ st.overrun = 0;
StatefulMemcpy_r(&st, &image->header_version, FIELD_LEN(header_version));
StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len));
@@ -213,7 +215,7 @@
RSAProcessedKeySize(image->kernel_sign_algorithm));
StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum));
- if (st.remaining_len != 0) { /* Underrun or Overrun. */
+ if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */
Free(header_blob);
return NULL;
}
@@ -234,6 +236,7 @@
config_blob = (uint8_t*) Malloc(GetKernelConfigLen());
st.remaining_len = GetKernelConfigLen();
st.remaining_buf = config_blob;
+ st.overrun = 0;
StatefulMemcpy_r(&st, &image->kernel_version, FIELD_LEN(kernel_version));
StatefulMemcpy_r(&st, image->options.version, FIELD_LEN(options.version));
@@ -244,7 +247,7 @@
FIELD_LEN(options.kernel_load_addr));
StatefulMemcpy_r(&st, &image->options.kernel_entry_addr,
FIELD_LEN(options.kernel_entry_addr));
- if (st.remaining_len != 0) { /* Overrun or Underrun. */
+ if (st.overrun || st.remaining_len != 0) { /* Overrun or Underrun. */
Free(config_blob);
return NULL;
}
@@ -272,6 +275,7 @@
kernel_blob = (uint8_t*) Malloc(*blob_len);
st.remaining_len = *blob_len;
st.remaining_buf = kernel_blob;
+ st.overrun = 0;
header_blob = GetKernelHeaderBlob(image);
config_blob = GetKernelConfigBlob(image);
@@ -287,7 +291,7 @@
Free(config_blob);
Free(header_blob);
- if (st.remaining_len != 0) { /* Underrun or Overrun. */
+ if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */
Free(kernel_blob);
return NULL;
}
@@ -451,9 +455,10 @@
int VerifyKernelConfig(RSAPublicKey* kernel_sign_key,
const uint8_t* config_blob,
int algorithm,
- int* kernel_len) {
- uint32_t len, config_len;
- config_len = GetKernelConfigLen();
+ uint64_t* kernel_len) {
+ uint64_t len;
+ int config_len;
+ config_len = GetKernelConfigLen(NULL);
if (!RSAVerifyBinary_f(NULL, kernel_sign_key, /* Key to use */
config_blob, /* Data to verify */
config_len, /* Length of data */
@@ -465,14 +470,14 @@
config_blob + (FIELD_LEN(kernel_version) + FIELD_LEN(options.version) +
FIELD_LEN(options.cmd_line)),
sizeof(len));
- *kernel_len = (int) len;
+ *kernel_len = len;
return 0;
}
int VerifyKernelData(RSAPublicKey* kernel_sign_key,
const uint8_t* kernel_config_start,
const uint8_t* kernel_data_start,
- int kernel_len,
+ uint64_t kernel_len,
int algorithm) {
int signature_len = siglen_map[algorithm];
uint8_t* digest;
@@ -505,7 +510,8 @@
int kernel_sign_algorithm; /* Kernel Signing key algorithm. */
RSAPublicKey* kernel_sign_key;
int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len,
- header_len, kernel_len;
+ header_len;
+ uint64_t kernel_len;
const uint8_t* header_ptr; /* Pointer to header. */
const uint8_t* kernel_sign_key_ptr; /* Pointer to signing key. */
const uint8_t* config_ptr; /* Pointer to kernel config block. */