2 * Copyright (c) 2013, Google Inc.
4 * SPDX-License-Identifier: GPL-2.0+
13 DECLARE_GLOBAL_DATA_PTR
;
14 #endif /* !USE_HOSTCC*/
16 #include <u-boot/rsa.h>
17 #include <u-boot/rsa-checksum.h>
19 #define IMAGE_MAX_HASHED_NODES 100
23 void image_set_host_blob(void *blob
)
27 void *image_get_host_blob(void)
33 struct checksum_algo checksum_algos
[] = {
36 .checksum_len
= SHA1_SUM_LEN
,
37 .der_len
= SHA1_DER_LEN
,
38 .der_prefix
= sha1_der_prefix
,
40 .calculate_sign
= EVP_sha1
,
42 .calculate
= hash_calculate
,
46 .checksum_len
= SHA256_SUM_LEN
,
47 .der_len
= SHA256_DER_LEN
,
48 .der_prefix
= sha256_der_prefix
,
50 .calculate_sign
= EVP_sha256
,
52 .calculate
= hash_calculate
,
57 struct crypto_algo crypto_algos
[] = {
60 .key_len
= RSA2048_BYTES
,
62 .add_verify_data
= rsa_add_verify_data
,
67 .key_len
= RSA4096_BYTES
,
69 .add_verify_data
= rsa_add_verify_data
,
75 struct checksum_algo
*image_get_checksum_algo(const char *full_name
)
80 for (i
= 0; i
< ARRAY_SIZE(checksum_algos
); i
++) {
81 name
= checksum_algos
[i
].name
;
82 /* Make sure names match and next char is a comma */
83 if (!strncmp(name
, full_name
, strlen(name
)) &&
84 full_name
[strlen(name
)] == ',')
85 return &checksum_algos
[i
];
91 struct crypto_algo
*image_get_crypto_algo(const char *full_name
)
96 /* Move name to after the comma */
97 name
= strchr(full_name
, ',');
102 for (i
= 0; i
< ARRAY_SIZE(crypto_algos
); i
++) {
103 if (!strcmp(crypto_algos
[i
].name
, name
))
104 return &crypto_algos
[i
];
111 * fit_region_make_list() - Make a list of image regions
113 * Given a list of fdt_regions, create a list of image_regions. This is a
114 * simple conversion routine since the FDT and image code use different
118 * @fdt_regions: Pointer to FDT regions
119 * @count: Number of FDT regions
120 * @region: Pointer to image regions, which must hold @count records. If
121 * region is NULL, then (except for an SPL build) the array will be
123 * @return: Pointer to image regions
125 struct image_region
*fit_region_make_list(const void *fit
,
126 struct fdt_region
*fdt_regions
, int count
,
127 struct image_region
*region
)
131 debug("Hash regions:\n");
132 debug("%10s %10s\n", "Offset", "Size");
135 * Use malloc() except in SPL (to save code size). In SPL the caller
136 * must allocate the array.
138 #ifndef CONFIG_SPL_BUILD
140 region
= calloc(sizeof(*region
), count
);
144 for (i
= 0; i
< count
; i
++) {
145 debug("%10x %10x\n", fdt_regions
[i
].offset
,
146 fdt_regions
[i
].size
);
147 region
[i
].data
= fit
+ fdt_regions
[i
].offset
;
148 region
[i
].size
= fdt_regions
[i
].size
;
154 static int fit_image_setup_verify(struct image_sign_info
*info
,
155 const void *fit
, int noffset
, int required_keynode
,
160 if (fit_image_hash_get_algo(fit
, noffset
, &algo_name
)) {
161 *err_msgp
= "Can't get hash algo property";
164 memset(info
, '\0', sizeof(*info
));
165 info
->keyname
= fdt_getprop(fit
, noffset
, "key-name-hint", NULL
);
166 info
->fit
= (void *)fit
;
167 info
->node_offset
= noffset
;
168 info
->name
= algo_name
;
169 info
->checksum
= image_get_checksum_algo(algo_name
);
170 info
->crypto
= image_get_crypto_algo(algo_name
);
171 info
->fdt_blob
= gd_fdt_blob();
172 info
->required_keynode
= required_keynode
;
173 printf("%s:%s", algo_name
, info
->keyname
);
175 if (!info
->checksum
|| !info
->crypto
) {
176 *err_msgp
= "Unknown signature algorithm";
183 int fit_image_check_sig(const void *fit
, int noffset
, const void *data
,
184 size_t size
, int required_keynode
, char **err_msgp
)
186 struct image_sign_info info
;
187 struct image_region region
;
192 if (fit_image_setup_verify(&info
, fit
, noffset
, required_keynode
,
196 if (fit_image_hash_get_value(fit
, noffset
, &fit_value
,
198 *err_msgp
= "Can't get hash value property";
205 if (info
.crypto
->verify(&info
, ®ion
, 1, fit_value
, fit_value_len
)) {
206 *err_msgp
= "Verification failed";
213 static int fit_image_verify_sig(const void *fit
, int image_noffset
,
214 const char *data
, size_t size
, const void *sig_blob
,
222 /* Process all hash subnodes of the component image node */
223 fdt_for_each_subnode(noffset
, fit
, image_noffset
) {
224 const char *name
= fit_get_name(fit
, noffset
, NULL
);
226 if (!strncmp(name
, FIT_SIG_NODENAME
,
227 strlen(FIT_SIG_NODENAME
))) {
228 ret
= fit_image_check_sig(fit
, noffset
, data
,
240 if (noffset
== -FDT_ERR_TRUNCATED
|| noffset
== -FDT_ERR_BADSTRUCTURE
) {
241 err_msg
= "Corrupted or truncated tree";
245 return verified
? 0 : -EPERM
;
248 printf(" error!\n%s for '%s' hash node in '%s' image node\n",
249 err_msg
, fit_get_name(fit
, noffset
, NULL
),
250 fit_get_name(fit
, image_noffset
, NULL
));
254 int fit_image_verify_required_sigs(const void *fit
, int image_noffset
,
255 const char *data
, size_t size
, const void *sig_blob
,
258 int verify_count
= 0;
262 /* Work out what we need to verify */
264 sig_node
= fdt_subnode_offset(sig_blob
, 0, FIT_SIG_NODENAME
);
266 debug("%s: No signature node found: %s\n", __func__
,
267 fdt_strerror(sig_node
));
271 fdt_for_each_subnode(noffset
, sig_blob
, sig_node
) {
272 const char *required
;
275 required
= fdt_getprop(sig_blob
, noffset
, "required", NULL
);
276 if (!required
|| strcmp(required
, "image"))
278 ret
= fit_image_verify_sig(fit
, image_noffset
, data
, size
,
281 printf("Failed to verify required signature '%s'\n",
282 fit_get_name(sig_blob
, noffset
, NULL
));
294 int fit_config_check_sig(const void *fit
, int noffset
, int required_keynode
,
297 char * const exc_prop
[] = {"data"};
298 const char *prop
, *end
, *name
;
299 struct image_sign_info info
;
300 const uint32_t *strings
;
308 debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__
, gd_fdt_blob(),
309 fit_get_name(fit
, noffset
, NULL
),
310 fit_get_name(gd_fdt_blob(), required_keynode
, NULL
));
312 if (fit_image_setup_verify(&info
, fit
, noffset
, required_keynode
,
316 if (fit_image_hash_get_value(fit
, noffset
, &fit_value
,
318 *err_msgp
= "Can't get hash value property";
322 /* Count the number of strings in the property */
323 prop
= fdt_getprop(fit
, noffset
, "hashed-nodes", &prop_len
);
324 end
= prop
? prop
+ prop_len
: prop
;
325 for (name
= prop
, count
= 0; name
< end
; name
++)
329 *err_msgp
= "Can't get hashed-nodes property";
333 /* Add a sanity check here since we are using the stack */
334 if (count
> IMAGE_MAX_HASHED_NODES
) {
335 *err_msgp
= "Number of hashed nodes exceeds maximum";
339 /* Create a list of node names from those strings */
340 char *node_inc
[count
];
342 debug("Hash nodes (%d):\n", count
);
343 for (name
= prop
, i
= 0; name
< end
; name
+= strlen(name
) + 1, i
++) {
344 debug(" '%s'\n", name
);
345 node_inc
[i
] = (char *)name
;
349 * Each node can generate one region for each sub-node. Allow for
350 * 7 sub-nodes (hash@1, signature@1, etc.) and some extra.
352 max_regions
= 20 + count
* 7;
353 struct fdt_region fdt_regions
[max_regions
];
355 /* Get a list of regions to hash */
356 count
= fdt_find_regions(fit
, node_inc
, count
,
357 exc_prop
, ARRAY_SIZE(exc_prop
),
358 fdt_regions
, max_regions
- 1,
359 path
, sizeof(path
), 0);
361 *err_msgp
= "Failed to hash configuration";
365 *err_msgp
= "No data to hash";
368 if (count
>= max_regions
- 1) {
369 *err_msgp
= "Too many hash regions";
373 /* Add the strings */
374 strings
= fdt_getprop(fit
, noffset
, "hashed-strings", NULL
);
376 fdt_regions
[count
].offset
= fdt_off_dt_strings(fit
) +
377 fdt32_to_cpu(strings
[0]);
378 fdt_regions
[count
].size
= fdt32_to_cpu(strings
[1]);
382 /* Allocate the region list on the stack */
383 struct image_region region
[count
];
385 fit_region_make_list(fit
, fdt_regions
, count
, region
);
386 if (info
.crypto
->verify(&info
, region
, count
, fit_value
,
388 *err_msgp
= "Verification failed";
395 static int fit_config_verify_sig(const void *fit
, int conf_noffset
,
396 const void *sig_blob
, int sig_offset
)
403 /* Process all hash subnodes of the component conf node */
404 fdt_for_each_subnode(noffset
, fit
, conf_noffset
) {
405 const char *name
= fit_get_name(fit
, noffset
, NULL
);
407 if (!strncmp(name
, FIT_SIG_NODENAME
,
408 strlen(FIT_SIG_NODENAME
))) {
409 ret
= fit_config_check_sig(fit
, noffset
, sig_offset
,
421 if (noffset
== -FDT_ERR_TRUNCATED
|| noffset
== -FDT_ERR_BADSTRUCTURE
) {
422 err_msg
= "Corrupted or truncated tree";
426 return verified
? 0 : -EPERM
;
429 printf(" error!\n%s for '%s' hash node in '%s' config node\n",
430 err_msg
, fit_get_name(fit
, noffset
, NULL
),
431 fit_get_name(fit
, conf_noffset
, NULL
));
435 int fit_config_verify_required_sigs(const void *fit
, int conf_noffset
,
436 const void *sig_blob
)
441 /* Work out what we need to verify */
442 sig_node
= fdt_subnode_offset(sig_blob
, 0, FIT_SIG_NODENAME
);
444 debug("%s: No signature node found: %s\n", __func__
,
445 fdt_strerror(sig_node
));
449 fdt_for_each_subnode(noffset
, sig_blob
, sig_node
) {
450 const char *required
;
453 required
= fdt_getprop(sig_blob
, noffset
, "required", NULL
);
454 if (!required
|| strcmp(required
, "conf"))
456 ret
= fit_config_verify_sig(fit
, conf_noffset
, sig_blob
,
459 printf("Failed to verify required signature '%s'\n",
460 fit_get_name(sig_blob
, noffset
, NULL
));
468 int fit_config_verify(const void *fit
, int conf_noffset
)
470 return fit_config_verify_required_sigs(fit
, conf_noffset
,