From 862d870dee62f601374c7ed3f8fa73e9b21f9e24 Mon Sep 17 00:00:00 2001
From: Stewart Smith <stewart@linux.vnet.ibm.com>
Date: Mon, 10 Oct 2016 17:41:31 +1100
Subject: stb: always recompute hash of container payload and compare

If our computed hash of stb container doesn't match what's in the container,
we should abort.

Useful in debug (e.g. in mambo)

Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
---
 libstb/stb.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/libstb/stb.c b/libstb/stb.c
index 6e1dcef..8c8f380 100644
--- a/libstb/stb.c
+++ b/libstb/stb.c
@@ -188,7 +188,7 @@ int tb_measure(enum resource_id id, uint32_t subid, void *buf, size_t len)
 {
 	int rc, r;
 	uint8_t digest[SHA512_DIGEST_LENGTH];
-	uint8_t* digestp;
+	const uint8_t *digestp;
 
 	rc = 0;
 	digestp = NULL;
@@ -227,20 +227,35 @@ int tb_measure(enum resource_id id, uint32_t subid, void *buf, size_t len)
 	 * the hash of the container payload (if it's a container) or the image
 	 * (if it's not a container)
 	 */
-	if (secure_mode && stb_is_container(buf, len)) {
-		digestp = (uint8_t*) stb_sw_payload_hash(buf, len);
-		memcpy(digest, digestp, TPM_ALG_SHA256_SIZE);
-	} else if (!secure_mode && stb_is_container(buf, len)) {
+	if (stb_is_container(buf, len)) {
+		digestp = stb_sw_payload_hash(buf, len);
+		if(!digestp) {
+			prlog(PR_EMERG, "STB Container is corrupt, can't find hash\n");
+			abort();
+		}
+
 		rom_driver->sha512(
 			      (void*)((uint8_t*)buf + SECURE_BOOT_HEADERS_SIZE),
 			      len - SECURE_BOOT_HEADERS_SIZE, digest);
+
 		prlog(PR_INFO, "STB: %s sha512 hash re-calculated\n",
 		      resource_map[r].name);
+		if (memcmp(digestp, digest, TPM_ALG_SHA256_SIZE) != 0) {
+			prlog(PR_ALERT, "STB: HASH IN CONTAINER DOESN'T MATCH CONTENT!\n");
+			prlog(PR_ALERT, "STB: Container hash:\n");
+			stb_print_data(digestp, TPM_ALG_SHA256_SIZE);
+			prlog(PR_ALERT, "STB: Computed hash (on %lx bytes):\n", len);
+			stb_print_data(digest, TPM_ALG_SHA256_SIZE);
+
+			if (secure_mode)
+				abort();
+		}
 	} else {
 		rom_driver->sha512(buf, len, digest);
 		prlog(PR_INFO, "STB: %s sha512 hash calculated\n",
 		      resource_map[r].name);
 	}
+
 #ifdef STB_DEBUG
 	/* print the payload/image hash */
 	prlog(PR_NOTICE, "STB: %s hash:\n", resource_map[r].name);
-- 
cgit v1.1