1 /* 2 * Copyright (c) 2013, Google Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #ifdef USE_HOSTCC 8 #include "mkimage.h" 9 #include <time.h> 10 #else 11 #include <common.h> 12 #include <malloc.h> 13 #include <optee_include/OpteeClientInterface.h> 14 DECLARE_GLOBAL_DATA_PTR; 15 #endif /* !USE_HOSTCC*/ 16 #include <image.h> 17 #include <u-boot/rsa.h> 18 #include <u-boot/rsa-checksum.h> 19 20 #define IMAGE_MAX_HASHED_NODES 100 21 22 #ifdef USE_HOSTCC 23 void *host_blob; 24 void image_set_host_blob(void *blob) 25 { 26 host_blob = blob; 27 } 28 void *image_get_host_blob(void) 29 { 30 return host_blob; 31 } 32 #endif 33 34 struct checksum_algo checksum_algos[] = { 35 { 36 .name = "sha1", 37 .checksum_len = SHA1_SUM_LEN, 38 .der_len = SHA1_DER_LEN, 39 .der_prefix = sha1_der_prefix, 40 #if IMAGE_ENABLE_SIGN 41 .calculate_sign = EVP_sha1, 42 #endif 43 .calculate = hash_calculate, 44 }, 45 { 46 .name = "sha256", 47 .checksum_len = SHA256_SUM_LEN, 48 .der_len = SHA256_DER_LEN, 49 .der_prefix = sha256_der_prefix, 50 #if IMAGE_ENABLE_SIGN 51 .calculate_sign = EVP_sha256, 52 #endif 53 .calculate = hash_calculate, 54 } 55 56 }; 57 58 struct crypto_algo crypto_algos[] = { 59 { 60 .name = "rsa2048", 61 .key_len = RSA2048_BYTES, 62 .sign = rsa_sign, 63 .add_verify_data = rsa_add_verify_data, 64 .verify = rsa_verify, 65 }, 66 { 67 .name = "rsa4096", 68 .key_len = RSA4096_BYTES, 69 .sign = rsa_sign, 70 .add_verify_data = rsa_add_verify_data, 71 .verify = rsa_verify, 72 } 73 74 }; 75 76 struct padding_algo padding_algos[] = { 77 { 78 .name = "pkcs-1.5", 79 .verify = padding_pkcs_15_verify, 80 }, 81 #ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 82 { 83 .name = "pss", 84 .verify = padding_pss_verify, 85 } 86 #endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ 87 }; 88 89 struct checksum_algo *image_get_checksum_algo(const char *full_name) 90 { 91 int i; 92 const char *name; 93 94 for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) { 95 name = checksum_algos[i].name; 96 /* Make sure names match and next char is a comma */ 97 if (!strncmp(name, full_name, strlen(name)) && 98 full_name[strlen(name)] == ',') 99 return &checksum_algos[i]; 100 } 101 102 return NULL; 103 } 104 105 struct crypto_algo *image_get_crypto_algo(const char *full_name) 106 { 107 int i; 108 const char *name; 109 110 /* Move name to after the comma */ 111 name = strchr(full_name, ','); 112 if (!name) 113 return NULL; 114 name += 1; 115 116 for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) { 117 if (!strcmp(crypto_algos[i].name, name)) 118 return &crypto_algos[i]; 119 } 120 121 return NULL; 122 } 123 124 struct padding_algo *image_get_padding_algo(const char *name) 125 { 126 int i; 127 128 if (!name) 129 return NULL; 130 131 for (i = 0; i < ARRAY_SIZE(padding_algos); i++) { 132 if (!strcmp(padding_algos[i].name, name)) 133 return &padding_algos[i]; 134 } 135 136 return NULL; 137 } 138 139 /** 140 * fit_region_make_list() - Make a list of image regions 141 * 142 * Given a list of fdt_regions, create a list of image_regions. This is a 143 * simple conversion routine since the FDT and image code use different 144 * structures. 145 * 146 * @fit: FIT image 147 * @fdt_regions: Pointer to FDT regions 148 * @count: Number of FDT regions 149 * @region: Pointer to image regions, which must hold @count records. If 150 * region is NULL, then (except for an SPL build) the array will be 151 * allocated. 152 * @return: Pointer to image regions 153 */ 154 struct image_region *fit_region_make_list(const void *fit, 155 struct fdt_region *fdt_regions, int count, 156 struct image_region *region) 157 { 158 int i; 159 160 debug("Hash regions:\n"); 161 debug("%10s %10s\n", "Offset", "Size"); 162 163 /* 164 * Use malloc() except in SPL (to save code size). In SPL the caller 165 * must allocate the array. 166 */ 167 #ifndef CONFIG_SPL_BUILD 168 if (!region) 169 region = calloc(sizeof(*region), count); 170 #endif 171 if (!region) 172 return NULL; 173 for (i = 0; i < count; i++) { 174 debug("%10x %10x\n", fdt_regions[i].offset, 175 fdt_regions[i].size); 176 region[i].data = fit + fdt_regions[i].offset; 177 region[i].size = fdt_regions[i].size; 178 } 179 180 return region; 181 } 182 183 static int fit_image_setup_verify(struct image_sign_info *info, 184 const void *fit, int noffset, int required_keynode, 185 char **err_msgp) 186 { 187 char *algo_name; 188 const char *padding_name; 189 190 if (fit_image_hash_get_algo(fit, noffset, &algo_name)) { 191 *err_msgp = "Can't get hash algo property"; 192 return -1; 193 } 194 195 padding_name = fdt_getprop(fit, noffset, "padding", NULL); 196 if (!padding_name) 197 padding_name = RSA_DEFAULT_PADDING_NAME; 198 199 memset(info, '\0', sizeof(*info)); 200 info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); 201 info->fit = (void *)fit; 202 info->node_offset = noffset; 203 info->name = algo_name; 204 info->checksum = image_get_checksum_algo(algo_name); 205 info->crypto = image_get_crypto_algo(algo_name); 206 info->padding = image_get_padding_algo(padding_name); 207 info->fdt_blob = gd_fdt_blob(); 208 info->required_keynode = required_keynode; 209 printf("%s:%s", algo_name, info->keyname); 210 211 if (!info->checksum || !info->crypto) { 212 *err_msgp = "Unknown signature algorithm"; 213 return -1; 214 } 215 216 return 0; 217 } 218 219 int fit_image_check_sig(const void *fit, int noffset, const void *data, 220 size_t size, int required_keynode, char **err_msgp) 221 { 222 struct image_sign_info info; 223 struct image_region region; 224 uint8_t *fit_value; 225 int fit_value_len; 226 227 *err_msgp = NULL; 228 if (fit_image_setup_verify(&info, fit, noffset, required_keynode, 229 err_msgp)) 230 return -1; 231 232 if (fit_image_hash_get_value(fit, noffset, &fit_value, 233 &fit_value_len)) { 234 *err_msgp = "Can't get hash value property"; 235 return -1; 236 } 237 238 region.data = data; 239 region.size = size; 240 241 if (info.crypto->verify(&info, ®ion, 1, fit_value, fit_value_len)) { 242 *err_msgp = "Verification failed"; 243 return -1; 244 } 245 246 return 0; 247 } 248 249 static int fit_image_verify_sig(const void *fit, int image_noffset, 250 const char *data, size_t size, const void *sig_blob, 251 int sig_offset) 252 { 253 int noffset; 254 char *err_msg = ""; 255 int verified = 0; 256 int ret; 257 258 /* Process all hash subnodes of the component image node */ 259 fdt_for_each_subnode(noffset, fit, image_noffset) { 260 const char *name = fit_get_name(fit, noffset, NULL); 261 262 if (!strncmp(name, FIT_SIG_NODENAME, 263 strlen(FIT_SIG_NODENAME))) { 264 ret = fit_image_check_sig(fit, noffset, data, 265 size, -1, &err_msg); 266 if (ret) { 267 puts("- "); 268 } else { 269 puts("+ "); 270 verified = 1; 271 break; 272 } 273 } 274 } 275 276 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) { 277 err_msg = "Corrupted or truncated tree"; 278 goto error; 279 } 280 281 if (verified) 282 return 0; 283 284 error: 285 printf(" error!\n%s for '%s' hash node in '%s' image node\n", 286 err_msg, fit_get_name(fit, noffset, NULL), 287 fit_get_name(fit, image_noffset, NULL)); 288 return -1; 289 } 290 291 int fit_image_verify_required_sigs(const void *fit, int image_noffset, 292 const char *data, size_t size, const void *sig_blob, 293 int *no_sigsp) 294 { 295 int verify_count = 0; 296 int noffset; 297 int sig_node; 298 299 /* Work out what we need to verify */ 300 *no_sigsp = 1; 301 sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); 302 if (sig_node < 0) { 303 printf("No RSA key found\n"); 304 return -EINVAL; 305 } 306 307 fdt_for_each_subnode(noffset, sig_blob, sig_node) { 308 const char *required; 309 int ret; 310 311 required = fdt_getprop(sig_blob, noffset, "required", NULL); 312 if (!required || strcmp(required, "image")) 313 continue; 314 ret = fit_image_verify_sig(fit, image_noffset, data, size, 315 sig_blob, noffset); 316 if (ret) { 317 printf("Failed to verify required signature '%s'\n", 318 fit_get_name(sig_blob, noffset, NULL)); 319 return ret; 320 } 321 verify_count++; 322 } 323 324 if (verify_count) 325 *no_sigsp = 0; 326 327 return 0; 328 } 329 330 int fit_config_check_sig(const void *fit, int noffset, int required_keynode, 331 char **err_msgp) 332 { 333 char * const exc_prop[] = {"data"}; 334 const char *prop, *end, *name; 335 struct image_sign_info info; 336 const uint32_t *strings; 337 uint8_t *fit_value; 338 int fit_value_len; 339 int max_regions; 340 int i, prop_len; 341 char path[200]; 342 int count; 343 344 debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(), 345 fit_get_name(fit, noffset, NULL), 346 fit_get_name(gd_fdt_blob(), required_keynode, NULL)); 347 *err_msgp = NULL; 348 if (fit_image_setup_verify(&info, fit, noffset, required_keynode, 349 err_msgp)) 350 return -1; 351 352 if (fit_image_hash_get_value(fit, noffset, &fit_value, 353 &fit_value_len)) { 354 *err_msgp = "Can't get hash value property"; 355 return -1; 356 } 357 358 /* Count the number of strings in the property */ 359 prop = fdt_getprop(fit, noffset, "hashed-nodes", &prop_len); 360 end = prop ? prop + prop_len : prop; 361 for (name = prop, count = 0; name < end; name++) 362 if (!*name) 363 count++; 364 if (!count) { 365 *err_msgp = "Can't get hashed-nodes property"; 366 return -1; 367 } 368 369 /* Add a sanity check here since we are using the stack */ 370 if (count > IMAGE_MAX_HASHED_NODES) { 371 *err_msgp = "Number of hashed nodes exceeds maximum"; 372 return -1; 373 } 374 375 /* Create a list of node names from those strings */ 376 char *node_inc[count]; 377 378 debug("Hash nodes (%d):\n", count); 379 for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) { 380 debug(" '%s'\n", name); 381 node_inc[i] = (char *)name; 382 } 383 384 /* 385 * Each node can generate one region for each sub-node. Allow for 386 * 7 sub-nodes (hash@1, signature@1, etc.) and some extra. 387 */ 388 max_regions = 20 + count * 7; 389 struct fdt_region fdt_regions[max_regions]; 390 391 /* Get a list of regions to hash */ 392 count = fdt_find_regions(fit, node_inc, count, 393 exc_prop, ARRAY_SIZE(exc_prop), 394 fdt_regions, max_regions - 1, 395 path, sizeof(path), 0); 396 if (count < 0) { 397 *err_msgp = "Failed to hash configuration"; 398 return -1; 399 } 400 if (count == 0) { 401 *err_msgp = "No data to hash"; 402 return -1; 403 } 404 if (count >= max_regions - 1) { 405 *err_msgp = "Too many hash regions"; 406 return -1; 407 } 408 409 /* Add the strings */ 410 strings = fdt_getprop(fit, noffset, "hashed-strings", NULL); 411 if (strings) { 412 fdt_regions[count].offset = fdt_off_dt_strings(fit) + 413 fdt32_to_cpu(strings[0]); 414 fdt_regions[count].size = fdt32_to_cpu(strings[1]); 415 count++; 416 } 417 418 /* Allocate the region list on the stack */ 419 struct image_region region[count]; 420 421 fit_region_make_list(fit, fdt_regions, count, region); 422 if (info.crypto->verify(&info, region, count, fit_value, 423 fit_value_len)) { 424 *err_msgp = "Verification failed"; 425 return -1; 426 } 427 /* Get the secure flag here and write the secure data and the secure flag */ 428 #if !defined(USE_HOSTCC) 429 #ifdef CONFIG_SPL_FIT_HW_CRYPTO 430 rsa_burn_key_hash(&info); 431 #endif 432 #endif 433 434 return 0; 435 } 436 437 static int fit_config_verify_sig(const void *fit, int conf_noffset, 438 const void *sig_blob, int sig_offset) 439 { 440 int noffset; 441 char *err_msg = ""; 442 int verified = 0; 443 int ret; 444 445 /* Process all hash subnodes of the component conf node */ 446 fdt_for_each_subnode(noffset, fit, conf_noffset) { 447 const char *name = fit_get_name(fit, noffset, NULL); 448 449 if (!strncmp(name, FIT_SIG_NODENAME, 450 strlen(FIT_SIG_NODENAME))) { 451 ret = fit_config_check_sig(fit, noffset, sig_offset, 452 &err_msg); 453 if (ret) { 454 puts("- "); 455 } else { 456 puts("+ "); 457 verified = 1; 458 break; 459 } 460 } 461 } 462 463 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) { 464 err_msg = "Corrupted or truncated tree"; 465 goto error; 466 } 467 468 if (verified) 469 return 0; 470 471 error: 472 printf(" error!\n%s for '%s' hash node in '%s' config node\n", 473 err_msg, fit_get_name(fit, noffset, NULL), 474 fit_get_name(fit, conf_noffset, NULL)); 475 return -1; 476 } 477 478 int fit_config_verify_required_sigs(const void *fit, int conf_noffset, 479 const void *sig_blob) 480 { 481 int noffset; 482 int sig_node; 483 484 /* Work out what we need to verify */ 485 sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); 486 if (sig_node < 0) { 487 printf("No RSA key found\n"); 488 return -EINVAL; 489 } 490 491 fdt_for_each_subnode(noffset, sig_blob, sig_node) { 492 const char *required; 493 int ret; 494 495 required = fdt_getprop(sig_blob, noffset, "required", NULL); 496 if (!required || strcmp(required, "conf")) 497 continue; 498 ret = fit_config_verify_sig(fit, conf_noffset, sig_blob, 499 noffset); 500 if (ret) { 501 printf("Failed to verify required signature '%s'\n", 502 fit_get_name(sig_blob, noffset, NULL)); 503 #ifndef USE_HOSTCC 504 /* 505 * Allow bring up if enable FIT_SIGNATURE but 506 * not enable the device secure boot. 507 * 508 * return value: 1: device secure boot is enabled. 509 */ 510 if (fit_board_verify_required_sigs()) 511 return ret; 512 #else 513 return ret; 514 #endif 515 } 516 } 517 518 return 0; 519 } 520 521 int fit_config_verify(const void *fit, int conf_noffset) 522 { 523 return fit_config_verify_required_sigs(fit, conf_noffset, 524 gd_fdt_blob()); 525 } 526 527 #ifndef USE_HOSTCC 528 #if CONFIG_IS_ENABLED(FIT_ROLLBACK_PROTECT) 529 __weak int fit_read_otp_rollback_index(uint32_t fit_index, uint32_t *otp_index) 530 { 531 *otp_index = 0; 532 533 return 0; 534 } 535 __weak int fit_rollback_index_verify(const void *fit, uint32_t rollback_fd, 536 uint32_t *this_index, uint32_t *min_index) 537 { 538 *this_index = 0; 539 *min_index = 0; 540 541 return 0; 542 } 543 #endif 544 #endif 545