1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (c) 2013, Google Inc.
12 DECLARE_GLOBAL_DATA_PTR
;
13 #endif /* !USE_HOSTCC*/
15 #include <u-boot/rsa.h>
16 #include <u-boot/rsa-checksum.h>
18 #define IMAGE_MAX_HASHED_NODES 100
22 void image_set_host_blob(void *blob
)
26 void *image_get_host_blob(void)
32 struct checksum_algo checksum_algos
[] = {
35 .checksum_len
= SHA1_SUM_LEN
,
36 .der_len
= SHA1_DER_LEN
,
37 .der_prefix
= sha1_der_prefix
,
39 .calculate_sign
= EVP_sha1
,
41 .calculate
= hash_calculate
,
45 .checksum_len
= SHA256_SUM_LEN
,
46 .der_len
= SHA256_DER_LEN
,
47 .der_prefix
= sha256_der_prefix
,
49 .calculate_sign
= EVP_sha256
,
51 .calculate
= hash_calculate
,
56 struct crypto_algo crypto_algos
[] = {
59 .key_len
= RSA2048_BYTES
,
61 .add_verify_data
= rsa_add_verify_data
,
66 .key_len
= RSA4096_BYTES
,
68 .add_verify_data
= rsa_add_verify_data
,
74 struct checksum_algo
*image_get_checksum_algo(const char *full_name
)
79 for (i
= 0; i
< ARRAY_SIZE(checksum_algos
); i
++) {
80 name
= checksum_algos
[i
].name
;
81 /* Make sure names match and next char is a comma */
82 if (!strncmp(name
, full_name
, strlen(name
)) &&
83 full_name
[strlen(name
)] == ',')
84 return &checksum_algos
[i
];
90 struct crypto_algo
*image_get_crypto_algo(const char *full_name
)
95 /* Move name to after the comma */
96 name
= strchr(full_name
, ',');
101 for (i
= 0; i
< ARRAY_SIZE(crypto_algos
); i
++) {
102 if (!strcmp(crypto_algos
[i
].name
, name
))
103 return &crypto_algos
[i
];
110 * fit_region_make_list() - Make a list of image regions
112 * Given a list of fdt_regions, create a list of image_regions. This is a
113 * simple conversion routine since the FDT and image code use different
117 * @fdt_regions: Pointer to FDT regions
118 * @count: Number of FDT regions
119 * @region: Pointer to image regions, which must hold @count records. If
120 * region is NULL, then (except for an SPL build) the array will be
122 * @return: Pointer to image regions
124 struct image_region
*fit_region_make_list(const void *fit
,
125 struct fdt_region
*fdt_regions
, int count
,
126 struct image_region
*region
)
130 debug("Hash regions:\n");
131 debug("%10s %10s\n", "Offset", "Size");
134 * Use malloc() except in SPL (to save code size). In SPL the caller
135 * must allocate the array.
137 #ifndef CONFIG_SPL_BUILD
139 region
= calloc(sizeof(*region
), count
);
143 for (i
= 0; i
< count
; i
++) {
144 debug("%10x %10x\n", fdt_regions
[i
].offset
,
145 fdt_regions
[i
].size
);
146 region
[i
].data
= fit
+ fdt_regions
[i
].offset
;
147 region
[i
].size
= fdt_regions
[i
].size
;
153 static int fit_image_setup_verify(struct image_sign_info
*info
,
154 const void *fit
, int noffset
, int required_keynode
,
159 if (fdt_totalsize(fit
) > CONFIG_FIT_SIGNATURE_MAX_SIZE
) {
160 *err_msgp
= "Total size too large";
164 if (fit_image_hash_get_algo(fit
, noffset
, &algo_name
)) {
165 *err_msgp
= "Can't get hash algo property";
168 memset(info
, '\0', sizeof(*info
));
169 info
->keyname
= fdt_getprop(fit
, noffset
, "key-name-hint", NULL
);
170 info
->fit
= (void *)fit
;
171 info
->node_offset
= noffset
;
172 info
->name
= algo_name
;
173 info
->checksum
= image_get_checksum_algo(algo_name
);
174 info
->crypto
= image_get_crypto_algo(algo_name
);
175 info
->fdt_blob
= gd_fdt_blob();
176 info
->required_keynode
= required_keynode
;
177 printf("%s:%s", algo_name
, info
->keyname
);
179 if (!info
->checksum
|| !info
->crypto
) {
180 *err_msgp
= "Unknown signature algorithm";
187 int fit_image_check_sig(const void *fit
, int noffset
, const void *data
,
188 size_t size
, int required_keynode
, char **err_msgp
)
190 struct image_sign_info info
;
191 struct image_region region
;
196 if (fit_image_setup_verify(&info
, fit
, noffset
, required_keynode
,
200 if (fit_image_hash_get_value(fit
, noffset
, &fit_value
,
202 *err_msgp
= "Can't get hash value property";
209 if (info
.crypto
->verify(&info
, ®ion
, 1, fit_value
, fit_value_len
)) {
210 *err_msgp
= "Verification failed";
217 static int fit_image_verify_sig(const void *fit
, int image_noffset
,
218 const char *data
, size_t size
, const void *sig_blob
,
226 /* Process all hash subnodes of the component image node */
227 fdt_for_each_subnode(noffset
, fit
, image_noffset
) {
228 const char *name
= fit_get_name(fit
, noffset
, NULL
);
230 if (!strncmp(name
, FIT_SIG_NODENAME
,
231 strlen(FIT_SIG_NODENAME
))) {
232 ret
= fit_image_check_sig(fit
, noffset
, data
,
244 if (noffset
== -FDT_ERR_TRUNCATED
|| noffset
== -FDT_ERR_BADSTRUCTURE
) {
245 err_msg
= "Corrupted or truncated tree";
249 return verified
? 0 : -EPERM
;
252 printf(" error!\n%s for '%s' hash node in '%s' image node\n",
253 err_msg
, fit_get_name(fit
, noffset
, NULL
),
254 fit_get_name(fit
, image_noffset
, NULL
));
258 int fit_image_verify_required_sigs(const void *fit
, int image_noffset
,
259 const char *data
, size_t size
, const void *sig_blob
,
262 int verify_count
= 0;
266 /* Work out what we need to verify */
268 sig_node
= fdt_subnode_offset(sig_blob
, 0, FIT_SIG_NODENAME
);
270 debug("%s: No signature node found: %s\n", __func__
,
271 fdt_strerror(sig_node
));
275 fdt_for_each_subnode(noffset
, sig_blob
, sig_node
) {
276 const char *required
;
279 required
= fdt_getprop(sig_blob
, noffset
, "required", NULL
);
280 if (!required
|| strcmp(required
, "image"))
282 ret
= fit_image_verify_sig(fit
, image_noffset
, data
, size
,
285 printf("Failed to verify required signature '%s'\n",
286 fit_get_name(sig_blob
, noffset
, NULL
));
298 int fit_config_check_sig(const void *fit
, int noffset
, int required_keynode
,
301 char * const exc_prop
[] = {"data"};
302 const char *prop
, *end
, *name
;
303 struct image_sign_info info
;
304 const uint32_t *strings
;
312 debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__
, gd_fdt_blob(),
313 fit_get_name(fit
, noffset
, NULL
),
314 fit_get_name(gd_fdt_blob(), required_keynode
, NULL
));
316 if (fit_image_setup_verify(&info
, fit
, noffset
, required_keynode
,
320 if (fit_image_hash_get_value(fit
, noffset
, &fit_value
,
322 *err_msgp
= "Can't get hash value property";
326 /* Count the number of strings in the property */
327 prop
= fdt_getprop(fit
, noffset
, "hashed-nodes", &prop_len
);
328 end
= prop
? prop
+ prop_len
: prop
;
329 for (name
= prop
, count
= 0; name
< end
; name
++)
333 *err_msgp
= "Can't get hashed-nodes property";
337 /* Add a sanity check here since we are using the stack */
338 if (count
> IMAGE_MAX_HASHED_NODES
) {
339 *err_msgp
= "Number of hashed nodes exceeds maximum";
343 /* Create a list of node names from those strings */
344 char *node_inc
[count
];
346 debug("Hash nodes (%d):\n", count
);
347 for (name
= prop
, i
= 0; name
< end
; name
+= strlen(name
) + 1, i
++) {
348 debug(" '%s'\n", name
);
349 node_inc
[i
] = (char *)name
;
353 * Each node can generate one region for each sub-node. Allow for
354 * 7 sub-nodes (hash-1, signature-1, etc.) and some extra.
356 max_regions
= 20 + count
* 7;
357 struct fdt_region fdt_regions
[max_regions
];
359 /* Get a list of regions to hash */
360 count
= fdt_find_regions(fit
, node_inc
, count
,
361 exc_prop
, ARRAY_SIZE(exc_prop
),
362 fdt_regions
, max_regions
- 1,
363 path
, sizeof(path
), 0);
365 *err_msgp
= "Failed to hash configuration";
369 *err_msgp
= "No data to hash";
372 if (count
>= max_regions
- 1) {
373 *err_msgp
= "Too many hash regions";
377 /* Add the strings */
378 strings
= fdt_getprop(fit
, noffset
, "hashed-strings", NULL
);
381 * The strings region offset must be a static 0x0.
382 * This is set in tool/image-host.c
384 fdt_regions
[count
].offset
= fdt_off_dt_strings(fit
);
385 fdt_regions
[count
].size
= fdt32_to_cpu(strings
[1]);
389 /* Allocate the region list on the stack */
390 struct image_region region
[count
];
392 fit_region_make_list(fit
, fdt_regions
, count
, region
);
393 if (info
.crypto
->verify(&info
, region
, count
, fit_value
,
395 *err_msgp
= "Verification failed";
402 static int fit_config_verify_sig(const void *fit
, int conf_noffset
,
403 const void *sig_blob
, int sig_offset
)
410 /* Process all hash subnodes of the component conf node */
411 fdt_for_each_subnode(noffset
, fit
, conf_noffset
) {
412 const char *name
= fit_get_name(fit
, noffset
, NULL
);
414 if (!strncmp(name
, FIT_SIG_NODENAME
,
415 strlen(FIT_SIG_NODENAME
))) {
416 ret
= fit_config_check_sig(fit
, noffset
, sig_offset
,
428 if (noffset
== -FDT_ERR_TRUNCATED
|| noffset
== -FDT_ERR_BADSTRUCTURE
) {
429 err_msg
= "Corrupted or truncated tree";
433 return verified
? 0 : -EPERM
;
436 printf(" error!\n%s for '%s' hash node in '%s' config node\n",
437 err_msg
, fit_get_name(fit
, noffset
, NULL
),
438 fit_get_name(fit
, conf_noffset
, NULL
));
442 int fit_config_verify_required_sigs(const void *fit
, int conf_noffset
,
443 const void *sig_blob
)
448 /* Work out what we need to verify */
449 sig_node
= fdt_subnode_offset(sig_blob
, 0, FIT_SIG_NODENAME
);
451 debug("%s: No signature node found: %s\n", __func__
,
452 fdt_strerror(sig_node
));
456 fdt_for_each_subnode(noffset
, sig_blob
, sig_node
) {
457 const char *required
;
460 required
= fdt_getprop(sig_blob
, noffset
, "required", NULL
);
461 if (!required
|| strcmp(required
, "conf"))
463 ret
= fit_config_verify_sig(fit
, conf_noffset
, sig_blob
,
466 printf("Failed to verify required signature '%s'\n",
467 fit_get_name(sig_blob
, noffset
, NULL
));
475 int fit_config_verify(const void *fit
, int conf_noffset
)
477 return fit_config_verify_required_sigs(fit
, conf_noffset
,