]>
Commit | Line | Data |
---|---|---|
3e569a6b SG |
1 | /* |
2 | * Copyright (c) 2013, Google Inc. | |
3 | * | |
1a459660 | 4 | * SPDX-License-Identifier: GPL-2.0+ |
3e569a6b SG |
5 | */ |
6 | ||
7 | #ifdef USE_HOSTCC | |
8 | #include "mkimage.h" | |
9 | #include <time.h> | |
10 | #else | |
11 | #include <common.h> | |
56518e71 SG |
12 | #include <malloc.h> |
13 | DECLARE_GLOBAL_DATA_PTR; | |
3e569a6b | 14 | #endif /* !USE_HOSTCC*/ |
3e569a6b | 15 | #include <image.h> |
2b9912e6 JH |
16 | #include <u-boot/rsa.h> |
17 | #include <u-boot/rsa-checksum.h> | |
3e569a6b | 18 | |
4d098529 SG |
19 | #define IMAGE_MAX_HASHED_NODES 100 |
20 | ||
646257d1 | 21 | #ifdef USE_HOSTCC |
29a23f9d HS |
22 | void *host_blob; |
23 | void image_set_host_blob(void *blob) | |
646257d1 | 24 | { |
29a23f9d HS |
25 | host_blob = blob; |
26 | } | |
27 | void *image_get_host_blob(void) | |
28 | { | |
29 | return host_blob; | |
646257d1 HS |
30 | } |
31 | #endif | |
32 | ||
33 | struct checksum_algo checksum_algos[] = { | |
34 | { | |
35 | "sha1", | |
36 | SHA1_SUM_LEN, | |
db1b5f3d | 37 | RSA2048_BYTES, |
646257d1 HS |
38 | #if IMAGE_ENABLE_SIGN |
39 | EVP_sha1, | |
29a23f9d | 40 | #endif |
646257d1 HS |
41 | sha1_calculate, |
42 | padding_sha1_rsa2048, | |
646257d1 HS |
43 | }, |
44 | { | |
45 | "sha256", | |
46 | SHA256_SUM_LEN, | |
db1b5f3d | 47 | RSA2048_BYTES, |
646257d1 HS |
48 | #if IMAGE_ENABLE_SIGN |
49 | EVP_sha256, | |
29a23f9d | 50 | #endif |
646257d1 HS |
51 | sha256_calculate, |
52 | padding_sha256_rsa2048, | |
db1b5f3d HS |
53 | }, |
54 | { | |
55 | "sha256", | |
56 | SHA256_SUM_LEN, | |
57 | RSA4096_BYTES, | |
58 | #if IMAGE_ENABLE_SIGN | |
59 | EVP_sha256, | |
29a23f9d | 60 | #endif |
db1b5f3d HS |
61 | sha256_calculate, |
62 | padding_sha256_rsa4096, | |
646257d1 | 63 | } |
db1b5f3d | 64 | |
646257d1 | 65 | }; |
db1b5f3d | 66 | |
3e569a6b | 67 | struct image_sig_algo image_sig_algos[] = { |
19c402af SG |
68 | { |
69 | "sha1,rsa2048", | |
70 | rsa_sign, | |
71 | rsa_add_verify_data, | |
72 | rsa_verify, | |
646257d1 HS |
73 | &checksum_algos[0], |
74 | }, | |
75 | { | |
76 | "sha256,rsa2048", | |
77 | rsa_sign, | |
78 | rsa_add_verify_data, | |
79 | rsa_verify, | |
80 | &checksum_algos[1], | |
db1b5f3d HS |
81 | }, |
82 | { | |
83 | "sha256,rsa4096", | |
84 | rsa_sign, | |
85 | rsa_add_verify_data, | |
86 | rsa_verify, | |
87 | &checksum_algos[2], | |
19c402af | 88 | } |
db1b5f3d | 89 | |
3e569a6b SG |
90 | }; |
91 | ||
92 | struct image_sig_algo *image_get_sig_algo(const char *name) | |
93 | { | |
94 | int i; | |
95 | ||
96 | for (i = 0; i < ARRAY_SIZE(image_sig_algos); i++) { | |
97 | if (!strcmp(image_sig_algos[i].name, name)) | |
98 | return &image_sig_algos[i]; | |
99 | } | |
100 | ||
101 | return NULL; | |
102 | } | |
56518e71 | 103 | |
4d098529 SG |
104 | /** |
105 | * fit_region_make_list() - Make a list of image regions | |
106 | * | |
107 | * Given a list of fdt_regions, create a list of image_regions. This is a | |
108 | * simple conversion routine since the FDT and image code use different | |
109 | * structures. | |
110 | * | |
111 | * @fit: FIT image | |
112 | * @fdt_regions: Pointer to FDT regions | |
113 | * @count: Number of FDT regions | |
114 | * @region: Pointer to image regions, which must hold @count records. If | |
115 | * region is NULL, then (except for an SPL build) the array will be | |
116 | * allocated. | |
117 | * @return: Pointer to image regions | |
118 | */ | |
119 | struct image_region *fit_region_make_list(const void *fit, | |
120 | struct fdt_region *fdt_regions, int count, | |
121 | struct image_region *region) | |
122 | { | |
123 | int i; | |
124 | ||
125 | debug("Hash regions:\n"); | |
126 | debug("%10s %10s\n", "Offset", "Size"); | |
127 | ||
128 | /* | |
129 | * Use malloc() except in SPL (to save code size). In SPL the caller | |
130 | * must allocate the array. | |
131 | */ | |
132 | #ifndef CONFIG_SPL_BUILD | |
133 | if (!region) | |
134 | region = calloc(sizeof(*region), count); | |
135 | #endif | |
136 | if (!region) | |
137 | return NULL; | |
138 | for (i = 0; i < count; i++) { | |
139 | debug("%10x %10x\n", fdt_regions[i].offset, | |
140 | fdt_regions[i].size); | |
141 | region[i].data = fit + fdt_regions[i].offset; | |
142 | region[i].size = fdt_regions[i].size; | |
143 | } | |
144 | ||
145 | return region; | |
146 | } | |
147 | ||
56518e71 SG |
148 | static int fit_image_setup_verify(struct image_sign_info *info, |
149 | const void *fit, int noffset, int required_keynode, | |
150 | char **err_msgp) | |
151 | { | |
152 | char *algo_name; | |
153 | ||
154 | if (fit_image_hash_get_algo(fit, noffset, &algo_name)) { | |
155 | *err_msgp = "Can't get hash algo property"; | |
156 | return -1; | |
157 | } | |
158 | memset(info, '\0', sizeof(*info)); | |
159 | info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); | |
160 | info->fit = (void *)fit; | |
161 | info->node_offset = noffset; | |
162 | info->algo = image_get_sig_algo(algo_name); | |
163 | info->fdt_blob = gd_fdt_blob(); | |
164 | info->required_keynode = required_keynode; | |
165 | printf("%s:%s", algo_name, info->keyname); | |
166 | ||
167 | if (!info->algo) { | |
168 | *err_msgp = "Unknown signature algorithm"; | |
169 | return -1; | |
170 | } | |
171 | ||
172 | return 0; | |
173 | } | |
174 | ||
175 | int fit_image_check_sig(const void *fit, int noffset, const void *data, | |
176 | size_t size, int required_keynode, char **err_msgp) | |
177 | { | |
178 | struct image_sign_info info; | |
179 | struct image_region region; | |
180 | uint8_t *fit_value; | |
181 | int fit_value_len; | |
182 | ||
183 | *err_msgp = NULL; | |
184 | if (fit_image_setup_verify(&info, fit, noffset, required_keynode, | |
185 | err_msgp)) | |
186 | return -1; | |
187 | ||
188 | if (fit_image_hash_get_value(fit, noffset, &fit_value, | |
189 | &fit_value_len)) { | |
190 | *err_msgp = "Can't get hash value property"; | |
191 | return -1; | |
192 | } | |
193 | ||
194 | region.data = data; | |
195 | region.size = size; | |
196 | ||
197 | if (info.algo->verify(&info, ®ion, 1, fit_value, fit_value_len)) { | |
198 | *err_msgp = "Verification failed"; | |
199 | return -1; | |
200 | } | |
201 | ||
202 | return 0; | |
203 | } | |
204 | ||
205 | static int fit_image_verify_sig(const void *fit, int image_noffset, | |
206 | const char *data, size_t size, const void *sig_blob, | |
207 | int sig_offset) | |
208 | { | |
209 | int noffset; | |
210 | char *err_msg = ""; | |
211 | int verified = 0; | |
212 | int ret; | |
213 | ||
214 | /* Process all hash subnodes of the component image node */ | |
215 | for (noffset = fdt_first_subnode(fit, image_noffset); | |
216 | noffset >= 0; | |
217 | noffset = fdt_next_subnode(fit, noffset)) { | |
218 | const char *name = fit_get_name(fit, noffset, NULL); | |
219 | ||
220 | if (!strncmp(name, FIT_SIG_NODENAME, | |
221 | strlen(FIT_SIG_NODENAME))) { | |
222 | ret = fit_image_check_sig(fit, noffset, data, | |
223 | size, -1, &err_msg); | |
224 | if (ret) { | |
225 | puts("- "); | |
226 | } else { | |
227 | puts("+ "); | |
228 | verified = 1; | |
229 | break; | |
230 | } | |
231 | } | |
232 | } | |
233 | ||
234 | if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) { | |
235 | err_msg = "Corrupted or truncated tree"; | |
236 | goto error; | |
237 | } | |
238 | ||
239 | return verified ? 0 : -EPERM; | |
240 | ||
241 | error: | |
242 | printf(" error!\n%s for '%s' hash node in '%s' image node\n", | |
243 | err_msg, fit_get_name(fit, noffset, NULL), | |
244 | fit_get_name(fit, image_noffset, NULL)); | |
245 | return -1; | |
246 | } | |
247 | ||
248 | int fit_image_verify_required_sigs(const void *fit, int image_noffset, | |
249 | const char *data, size_t size, const void *sig_blob, | |
250 | int *no_sigsp) | |
251 | { | |
252 | int verify_count = 0; | |
253 | int noffset; | |
254 | int sig_node; | |
255 | ||
256 | /* Work out what we need to verify */ | |
257 | *no_sigsp = 1; | |
258 | sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); | |
259 | if (sig_node < 0) { | |
260 | debug("%s: No signature node found: %s\n", __func__, | |
261 | fdt_strerror(sig_node)); | |
262 | return 0; | |
263 | } | |
264 | ||
265 | for (noffset = fdt_first_subnode(sig_blob, sig_node); | |
266 | noffset >= 0; | |
267 | noffset = fdt_next_subnode(sig_blob, noffset)) { | |
268 | const char *required; | |
269 | int ret; | |
270 | ||
271 | required = fdt_getprop(sig_blob, noffset, "required", NULL); | |
272 | if (!required || strcmp(required, "image")) | |
273 | continue; | |
274 | ret = fit_image_verify_sig(fit, image_noffset, data, size, | |
275 | sig_blob, noffset); | |
276 | if (ret) { | |
277 | printf("Failed to verify required signature '%s'\n", | |
278 | fit_get_name(sig_blob, noffset, NULL)); | |
279 | return ret; | |
280 | } | |
281 | verify_count++; | |
282 | } | |
283 | ||
284 | if (verify_count) | |
285 | *no_sigsp = 0; | |
286 | ||
287 | return 0; | |
288 | } | |
4d098529 SG |
289 | |
290 | int fit_config_check_sig(const void *fit, int noffset, int required_keynode, | |
291 | char **err_msgp) | |
292 | { | |
293 | char * const exc_prop[] = {"data"}; | |
294 | const char *prop, *end, *name; | |
295 | struct image_sign_info info; | |
296 | const uint32_t *strings; | |
297 | uint8_t *fit_value; | |
298 | int fit_value_len; | |
299 | int max_regions; | |
300 | int i, prop_len; | |
301 | char path[200]; | |
302 | int count; | |
303 | ||
304 | debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(), | |
305 | fit_get_name(fit, noffset, NULL), | |
306 | fit_get_name(gd_fdt_blob(), required_keynode, NULL)); | |
307 | *err_msgp = NULL; | |
308 | if (fit_image_setup_verify(&info, fit, noffset, required_keynode, | |
309 | err_msgp)) | |
310 | return -1; | |
311 | ||
312 | if (fit_image_hash_get_value(fit, noffset, &fit_value, | |
313 | &fit_value_len)) { | |
314 | *err_msgp = "Can't get hash value property"; | |
315 | return -1; | |
316 | } | |
317 | ||
318 | /* Count the number of strings in the property */ | |
319 | prop = fdt_getprop(fit, noffset, "hashed-nodes", &prop_len); | |
320 | end = prop ? prop + prop_len : prop; | |
321 | for (name = prop, count = 0; name < end; name++) | |
322 | if (!*name) | |
323 | count++; | |
324 | if (!count) { | |
325 | *err_msgp = "Can't get hashed-nodes property"; | |
326 | return -1; | |
327 | } | |
328 | ||
329 | /* Add a sanity check here since we are using the stack */ | |
330 | if (count > IMAGE_MAX_HASHED_NODES) { | |
331 | *err_msgp = "Number of hashed nodes exceeds maximum"; | |
332 | return -1; | |
333 | } | |
334 | ||
335 | /* Create a list of node names from those strings */ | |
336 | char *node_inc[count]; | |
337 | ||
338 | debug("Hash nodes (%d):\n", count); | |
339 | for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) { | |
340 | debug(" '%s'\n", name); | |
341 | node_inc[i] = (char *)name; | |
342 | } | |
343 | ||
344 | /* | |
345 | * Each node can generate one region for each sub-node. Allow for | |
346 | * 7 sub-nodes (hash@1, signature@1, etc.) and some extra. | |
347 | */ | |
348 | max_regions = 20 + count * 7; | |
349 | struct fdt_region fdt_regions[max_regions]; | |
350 | ||
351 | /* Get a list of regions to hash */ | |
352 | count = fdt_find_regions(fit, node_inc, count, | |
353 | exc_prop, ARRAY_SIZE(exc_prop), | |
354 | fdt_regions, max_regions - 1, | |
355 | path, sizeof(path), 0); | |
356 | if (count < 0) { | |
357 | *err_msgp = "Failed to hash configuration"; | |
358 | return -1; | |
359 | } | |
360 | if (count == 0) { | |
361 | *err_msgp = "No data to hash"; | |
362 | return -1; | |
363 | } | |
364 | if (count >= max_regions - 1) { | |
365 | *err_msgp = "Too many hash regions"; | |
366 | return -1; | |
367 | } | |
368 | ||
369 | /* Add the strings */ | |
370 | strings = fdt_getprop(fit, noffset, "hashed-strings", NULL); | |
371 | if (strings) { | |
372 | fdt_regions[count].offset = fdt_off_dt_strings(fit) + | |
373 | fdt32_to_cpu(strings[0]); | |
374 | fdt_regions[count].size = fdt32_to_cpu(strings[1]); | |
375 | count++; | |
376 | } | |
377 | ||
378 | /* Allocate the region list on the stack */ | |
379 | struct image_region region[count]; | |
380 | ||
381 | fit_region_make_list(fit, fdt_regions, count, region); | |
382 | if (info.algo->verify(&info, region, count, fit_value, | |
383 | fit_value_len)) { | |
384 | *err_msgp = "Verification failed"; | |
385 | return -1; | |
386 | } | |
387 | ||
388 | return 0; | |
389 | } | |
390 | ||
391 | static int fit_config_verify_sig(const void *fit, int conf_noffset, | |
392 | const void *sig_blob, int sig_offset) | |
393 | { | |
394 | int noffset; | |
395 | char *err_msg = ""; | |
396 | int verified = 0; | |
397 | int ret; | |
398 | ||
399 | /* Process all hash subnodes of the component conf node */ | |
400 | for (noffset = fdt_first_subnode(fit, conf_noffset); | |
401 | noffset >= 0; | |
402 | noffset = fdt_next_subnode(fit, noffset)) { | |
403 | const char *name = fit_get_name(fit, noffset, NULL); | |
404 | ||
405 | if (!strncmp(name, FIT_SIG_NODENAME, | |
406 | strlen(FIT_SIG_NODENAME))) { | |
407 | ret = fit_config_check_sig(fit, noffset, sig_offset, | |
408 | &err_msg); | |
409 | if (ret) { | |
410 | puts("- "); | |
411 | } else { | |
412 | puts("+ "); | |
413 | verified = 1; | |
414 | break; | |
415 | } | |
416 | } | |
417 | } | |
418 | ||
419 | if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) { | |
420 | err_msg = "Corrupted or truncated tree"; | |
421 | goto error; | |
422 | } | |
423 | ||
424 | return verified ? 0 : -EPERM; | |
425 | ||
426 | error: | |
427 | printf(" error!\n%s for '%s' hash node in '%s' config node\n", | |
428 | err_msg, fit_get_name(fit, noffset, NULL), | |
429 | fit_get_name(fit, conf_noffset, NULL)); | |
430 | return -1; | |
431 | } | |
432 | ||
433 | int fit_config_verify_required_sigs(const void *fit, int conf_noffset, | |
434 | const void *sig_blob) | |
435 | { | |
436 | int noffset; | |
437 | int sig_node; | |
438 | ||
439 | /* Work out what we need to verify */ | |
440 | sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); | |
441 | if (sig_node < 0) { | |
442 | debug("%s: No signature node found: %s\n", __func__, | |
443 | fdt_strerror(sig_node)); | |
444 | return 0; | |
445 | } | |
446 | ||
447 | for (noffset = fdt_first_subnode(sig_blob, sig_node); | |
448 | noffset >= 0; | |
449 | noffset = fdt_next_subnode(sig_blob, noffset)) { | |
450 | const char *required; | |
451 | int ret; | |
452 | ||
453 | required = fdt_getprop(sig_blob, noffset, "required", NULL); | |
454 | if (!required || strcmp(required, "conf")) | |
455 | continue; | |
456 | ret = fit_config_verify_sig(fit, conf_noffset, sig_blob, | |
457 | noffset); | |
458 | if (ret) { | |
459 | printf("Failed to verify required signature '%s'\n", | |
460 | fit_get_name(sig_blob, noffset, NULL)); | |
461 | return ret; | |
462 | } | |
463 | } | |
464 | ||
465 | return 0; | |
466 | } | |
467 | ||
468 | int fit_config_verify(const void *fit, int conf_noffset) | |
469 | { | |
12df2abe SG |
470 | return fit_config_verify_required_sigs(fit, conf_noffset, |
471 | gd_fdt_blob()); | |
4d098529 | 472 | } |