]> git.ipfire.org Git - thirdparty/u-boot.git/blob - common/image-sig.c
projects / thirdparty / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'u-boot-imx/master' into 'u-boot-arm/master'
[thirdparty/u-boot.git] / common / image-sig.c
1 /*
2 * Copyright (c) 2013, Google Inc.
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7 #ifdef USE_HOSTCC
8 #include "mkimage.h"
9 #include <time.h>
10 #else
11 #include <common.h>
12 #include <malloc.h>
13 DECLARE_GLOBAL_DATA_PTR;
14 #endif /* !USE_HOSTCC*/
15 #include <image.h>
16 #include <u-boot/rsa.h>
17 #include <u-boot/rsa-checksum.h>
18
19 #define IMAGE_MAX_HASHED_NODES 100
20
21 #ifdef USE_HOSTCC
22 void *host_blob;
23 void image_set_host_blob(void *blob)
24 {
25 host_blob = blob;
26 }
27 void *image_get_host_blob(void)
28 {
29 return host_blob;
30 }
31 #endif
32
33 struct checksum_algo checksum_algos[] = {
34 {
35 "sha1",
36 SHA1_SUM_LEN,
37 RSA2048_BYTES,
38 #if IMAGE_ENABLE_SIGN
39 EVP_sha1,
40 #endif
41 sha1_calculate,
42 padding_sha1_rsa2048,
43 },
44 {
45 "sha256",
46 SHA256_SUM_LEN,
47 RSA2048_BYTES,
48 #if IMAGE_ENABLE_SIGN
49 EVP_sha256,
50 #endif
51 sha256_calculate,
52 padding_sha256_rsa2048,
53 },
54 {
55 "sha256",
56 SHA256_SUM_LEN,
57 RSA4096_BYTES,
58 #if IMAGE_ENABLE_SIGN
59 EVP_sha256,
60 #endif
61 sha256_calculate,
62 padding_sha256_rsa4096,
63 }
64
65 };
66
67 struct image_sig_algo image_sig_algos[] = {
68 {
69 "sha1,rsa2048",
70 rsa_sign,
71 rsa_add_verify_data,
72 rsa_verify,
73 &checksum_algos[0],
74 },
75 {
76 "sha256,rsa2048",
77 rsa_sign,
78 rsa_add_verify_data,
79 rsa_verify,
80 &checksum_algos[1],
81 },
82 {
83 "sha256,rsa4096",
84 rsa_sign,
85 rsa_add_verify_data,
86 rsa_verify,
87 &checksum_algos[2],
88 }
89
90 };
91
92 struct image_sig_algo *image_get_sig_algo(const char *name)
93 {
94 int i;
95
96 for (i = 0; i < ARRAY_SIZE(image_sig_algos); i++) {
97 if (!strcmp(image_sig_algos[i].name, name))
98 return &image_sig_algos[i];
99 }
100
101 return NULL;
102 }
103
104 /**
105 * fit_region_make_list() - Make a list of image regions
106 *
107 * Given a list of fdt_regions, create a list of image_regions. This is a
108 * simple conversion routine since the FDT and image code use different
109 * structures.
110 *
111 * @fit: FIT image
112 * @fdt_regions: Pointer to FDT regions
113 * @count: Number of FDT regions
114 * @region: Pointer to image regions, which must hold @count records. If
115 * region is NULL, then (except for an SPL build) the array will be
116 * allocated.
117 * @return: Pointer to image regions
118 */
119 struct image_region *fit_region_make_list(const void *fit,
120 struct fdt_region *fdt_regions, int count,
121 struct image_region *region)
122 {
123 int i;
124
125 debug("Hash regions:\n");
126 debug("%10s %10s\n", "Offset", "Size");
127
128 /*
129 * Use malloc() except in SPL (to save code size). In SPL the caller
130 * must allocate the array.
131 */
132 #ifndef CONFIG_SPL_BUILD
133 if (!region)
134 region = calloc(sizeof(*region), count);
135 #endif
136 if (!region)
137 return NULL;
138 for (i = 0; i < count; i++) {
139 debug("%10x %10x\n", fdt_regions[i].offset,
140 fdt_regions[i].size);
141 region[i].data = fit + fdt_regions[i].offset;
142 region[i].size = fdt_regions[i].size;
143 }
144
145 return region;
146 }
147
148 static int fit_image_setup_verify(struct image_sign_info *info,
149 const void *fit, int noffset, int required_keynode,
150 char **err_msgp)
151 {
152 char *algo_name;
153
154 if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
155 *err_msgp = "Can't get hash algo property";
156 return -1;
157 }
158 memset(info, '\0', sizeof(*info));
159 info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
160 info->fit = (void *)fit;
161 info->node_offset = noffset;
162 info->algo = image_get_sig_algo(algo_name);
163 info->fdt_blob = gd_fdt_blob();
164 info->required_keynode = required_keynode;
165 printf("%s:%s", algo_name, info->keyname);
166
167 if (!info->algo) {
168 *err_msgp = "Unknown signature algorithm";
169 return -1;
170 }
171
172 return 0;
173 }
174
175 int fit_image_check_sig(const void *fit, int noffset, const void *data,
176 size_t size, int required_keynode, char **err_msgp)
177 {
178 struct image_sign_info info;
179 struct image_region region;
180 uint8_t *fit_value;
181 int fit_value_len;
182
183 *err_msgp = NULL;
184 if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
185 err_msgp))
186 return -1;
187
188 if (fit_image_hash_get_value(fit, noffset, &fit_value,
189 &fit_value_len)) {
190 *err_msgp = "Can't get hash value property";
191 return -1;
192 }
193
194 region.data = data;
195 region.size = size;
196
197 if (info.algo->verify(&info, &region, 1, fit_value, fit_value_len)) {
198 *err_msgp = "Verification failed";
199 return -1;
200 }
201
202 return 0;
203 }
204
205 static int fit_image_verify_sig(const void *fit, int image_noffset,
206 const char *data, size_t size, const void *sig_blob,
207 int sig_offset)
208 {
209 int noffset;
210 char *err_msg = "";
211 int verified = 0;
212 int ret;
213
214 /* Process all hash subnodes of the component image node */
215 for (noffset = fdt_first_subnode(fit, image_noffset);
216 noffset >= 0;
217 noffset = fdt_next_subnode(fit, noffset)) {
218 const char *name = fit_get_name(fit, noffset, NULL);
219
220 if (!strncmp(name, FIT_SIG_NODENAME,
221 strlen(FIT_SIG_NODENAME))) {
222 ret = fit_image_check_sig(fit, noffset, data,
223 size, -1, &err_msg);
224 if (ret) {
225 puts("- ");
226 } else {
227 puts("+ ");
228 verified = 1;
229 break;
230 }
231 }
232 }
233
234 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) {
235 err_msg = "Corrupted or truncated tree";
236 goto error;
237 }
238
239 return verified ? 0 : -EPERM;
240
241 error:
242 printf(" error!\n%s for '%s' hash node in '%s' image node\n",
243 err_msg, fit_get_name(fit, noffset, NULL),
244 fit_get_name(fit, image_noffset, NULL));
245 return -1;
246 }
247
248 int fit_image_verify_required_sigs(const void *fit, int image_noffset,
249 const char *data, size_t size, const void *sig_blob,
250 int *no_sigsp)
251 {
252 int verify_count = 0;
253 int noffset;
254 int sig_node;
255
256 /* Work out what we need to verify */
257 *no_sigsp = 1;
258 sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME);
259 if (sig_node < 0) {
260 debug("%s: No signature node found: %s\n", __func__,
261 fdt_strerror(sig_node));
262 return 0;
263 }
264
265 for (noffset = fdt_first_subnode(sig_blob, sig_node);
266 noffset >= 0;
267 noffset = fdt_next_subnode(sig_blob, noffset)) {
268 const char *required;
269 int ret;
270
271 required = fdt_getprop(sig_blob, noffset, "required", NULL);
272 if (!required || strcmp(required, "image"))
273 continue;
274 ret = fit_image_verify_sig(fit, image_noffset, data, size,
275 sig_blob, noffset);
276 if (ret) {
277 printf("Failed to verify required signature '%s'\n",
278 fit_get_name(sig_blob, noffset, NULL));
279 return ret;
280 }
281 verify_count++;
282 }
283
284 if (verify_count)
285 *no_sigsp = 0;
286
287 return 0;
288 }
289
290 int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
291 char **err_msgp)
292 {
293 char * const exc_prop[] = {"data"};
294 const char *prop, *end, *name;
295 struct image_sign_info info;
296 const uint32_t *strings;
297 uint8_t *fit_value;
298 int fit_value_len;
299 int max_regions;
300 int i, prop_len;
301 char path[200];
302 int count;
303
304 debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(),
305 fit_get_name(fit, noffset, NULL),
306 fit_get_name(gd_fdt_blob(), required_keynode, NULL));
307 *err_msgp = NULL;
308 if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
309 err_msgp))
310 return -1;
311
312 if (fit_image_hash_get_value(fit, noffset, &fit_value,
313 &fit_value_len)) {
314 *err_msgp = "Can't get hash value property";
315 return -1;
316 }
317
318 /* Count the number of strings in the property */
319 prop = fdt_getprop(fit, noffset, "hashed-nodes", &prop_len);
320 end = prop ? prop + prop_len : prop;
321 for (name = prop, count = 0; name < end; name++)
322 if (!*name)
323 count++;
324 if (!count) {
325 *err_msgp = "Can't get hashed-nodes property";
326 return -1;
327 }
328
329 /* Add a sanity check here since we are using the stack */
330 if (count > IMAGE_MAX_HASHED_NODES) {
331 *err_msgp = "Number of hashed nodes exceeds maximum";
332 return -1;
333 }
334
335 /* Create a list of node names from those strings */
336 char *node_inc[count];
337
338 debug("Hash nodes (%d):\n", count);
339 for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) {
340 debug(" '%s'\n", name);
341 node_inc[i] = (char *)name;
342 }
343
344 /*
345 * Each node can generate one region for each sub-node. Allow for
346 * 7 sub-nodes (hash@1, signature@1, etc.) and some extra.
347 */
348 max_regions = 20 + count * 7;
349 struct fdt_region fdt_regions[max_regions];
350
351 /* Get a list of regions to hash */
352 count = fdt_find_regions(fit, node_inc, count,
353 exc_prop, ARRAY_SIZE(exc_prop),
354 fdt_regions, max_regions - 1,
355 path, sizeof(path), 0);
356 if (count < 0) {
357 *err_msgp = "Failed to hash configuration";
358 return -1;
359 }
360 if (count == 0) {
361 *err_msgp = "No data to hash";
362 return -1;
363 }
364 if (count >= max_regions - 1) {
365 *err_msgp = "Too many hash regions";
366 return -1;
367 }
368
369 /* Add the strings */
370 strings = fdt_getprop(fit, noffset, "hashed-strings", NULL);
371 if (strings) {
372 fdt_regions[count].offset = fdt_off_dt_strings(fit) +
373 fdt32_to_cpu(strings[0]);
374 fdt_regions[count].size = fdt32_to_cpu(strings[1]);
375 count++;
376 }
377
378 /* Allocate the region list on the stack */
379 struct image_region region[count];
380
381 fit_region_make_list(fit, fdt_regions, count, region);
382 if (info.algo->verify(&info, region, count, fit_value,
383 fit_value_len)) {
384 *err_msgp = "Verification failed";
385 return -1;
386 }
387
388 return 0;
389 }
390
391 static int fit_config_verify_sig(const void *fit, int conf_noffset,
392 const void *sig_blob, int sig_offset)
393 {
394 int noffset;
395 char *err_msg = "";
396 int verified = 0;
397 int ret;
398
399 /* Process all hash subnodes of the component conf node */
400 for (noffset = fdt_first_subnode(fit, conf_noffset);
401 noffset >= 0;
402 noffset = fdt_next_subnode(fit, noffset)) {
403 const char *name = fit_get_name(fit, noffset, NULL);
404
405 if (!strncmp(name, FIT_SIG_NODENAME,
406 strlen(FIT_SIG_NODENAME))) {
407 ret = fit_config_check_sig(fit, noffset, sig_offset,
408 &err_msg);
409 if (ret) {
410 puts("- ");
411 } else {
412 puts("+ ");
413 verified = 1;
414 break;
415 }
416 }
417 }
418
419 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) {
420 err_msg = "Corrupted or truncated tree";
421 goto error;
422 }
423
424 return verified ? 0 : -EPERM;
425
426 error:
427 printf(" error!\n%s for '%s' hash node in '%s' config node\n",
428 err_msg, fit_get_name(fit, noffset, NULL),
429 fit_get_name(fit, conf_noffset, NULL));
430 return -1;
431 }
432
433 int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
434 const void *sig_blob)
435 {
436 int noffset;
437 int sig_node;
438
439 /* Work out what we need to verify */
440 sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME);
441 if (sig_node < 0) {
442 debug("%s: No signature node found: %s\n", __func__,
443 fdt_strerror(sig_node));
444 return 0;
445 }
446
447 for (noffset = fdt_first_subnode(sig_blob, sig_node);
448 noffset >= 0;
449 noffset = fdt_next_subnode(sig_blob, noffset)) {
450 const char *required;
451 int ret;
452
453 required = fdt_getprop(sig_blob, noffset, "required", NULL);
454 if (!required || strcmp(required, "conf"))
455 continue;
456 ret = fit_config_verify_sig(fit, conf_noffset, sig_blob,
457 noffset);
458 if (ret) {
459 printf("Failed to verify required signature '%s'\n",
460 fit_get_name(sig_blob, noffset, NULL));
461 return ret;
462 }
463 }
464
465 return 0;
466 }
467
468 int fit_config_verify(const void *fit, int conf_noffset)
469 {
470 return fit_config_verify_required_sigs(fit, conf_noffset,
471 gd_fdt_blob());
472 }
"Das U-Boot" Source Tree