1 /* 2 * Copyright (c) 2013, Google Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #ifdef USE_HOSTCC 8 #include "mkimage.h" 9 #include <time.h> 10 #else 11 #include <common.h> 12 #include <malloc.h> 13 #include <optee_include/OpteeClientInterface.h> 14 DECLARE_GLOBAL_DATA_PTR; 15 #endif /* !USE_HOSTCC*/ 16 #include <image.h> 17 #include <u-boot/rsa.h> 18 #include <u-boot/rsa-checksum.h> 19 20 #define IMAGE_MAX_HASHED_NODES 100 21 22 #ifdef USE_HOSTCC 23 void *host_blob; 24 void image_set_host_blob(void *blob) 25 { 26 host_blob = blob; 27 } 28 void *image_get_host_blob(void) 29 { 30 return host_blob; 31 } 32 #endif 33 34 struct checksum_algo checksum_algos[] = { 35 { 36 .name = "sha1", 37 .checksum_len = SHA1_SUM_LEN, 38 .der_len = SHA1_DER_LEN, 39 .der_prefix = sha1_der_prefix, 40 #if IMAGE_ENABLE_SIGN 41 .calculate_sign = EVP_sha1, 42 #endif 43 .calculate = hash_calculate, 44 }, 45 { 46 .name = "sha256", 47 .checksum_len = SHA256_SUM_LEN, 48 .der_len = SHA256_DER_LEN, 49 .der_prefix = sha256_der_prefix, 50 #if IMAGE_ENABLE_SIGN 51 .calculate_sign = EVP_sha256, 52 #endif 53 .calculate = hash_calculate, 54 } 55 56 }; 57 58 struct crypto_algo crypto_algos[] = { 59 { 60 .name = "rsa2048", 61 .key_len = RSA2048_BYTES, 62 .sign = rsa_sign, 63 .add_verify_data = rsa_add_verify_data, 64 .verify = rsa_verify, 65 }, 66 { 67 .name = "rsa4096", 68 .key_len = RSA4096_BYTES, 69 .sign = rsa_sign, 70 .add_verify_data = rsa_add_verify_data, 71 .verify = rsa_verify, 72 } 73 74 }; 75 76 struct checksum_algo *image_get_checksum_algo(const char *full_name) 77 { 78 int i; 79 const char *name; 80 81 for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) { 82 name = checksum_algos[i].name; 83 /* Make sure names match and next char is a comma */ 84 if (!strncmp(name, full_name, strlen(name)) && 85 full_name[strlen(name)] == ',') 86 return &checksum_algos[i]; 87 } 88 89 return NULL; 90 } 91 92 struct crypto_algo *image_get_crypto_algo(const char *full_name) 93 { 94 int i; 95 const char *name; 96 97 /* Move name to after the comma */ 98 name = strchr(full_name, ','); 99 if (!name) 100 return NULL; 101 name += 1; 102 103 for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) { 104 if (!strcmp(crypto_algos[i].name, name)) 105 return &crypto_algos[i]; 106 } 107 108 return NULL; 109 } 110 111 /** 112 * fit_region_make_list() - Make a list of image regions 113 * 114 * Given a list of fdt_regions, create a list of image_regions. This is a 115 * simple conversion routine since the FDT and image code use different 116 * structures. 117 * 118 * @fit: FIT image 119 * @fdt_regions: Pointer to FDT regions 120 * @count: Number of FDT regions 121 * @region: Pointer to image regions, which must hold @count records. If 122 * region is NULL, then (except for an SPL build) the array will be 123 * allocated. 124 * @return: Pointer to image regions 125 */ 126 struct image_region *fit_region_make_list(const void *fit, 127 struct fdt_region *fdt_regions, int count, 128 struct image_region *region) 129 { 130 int i; 131 132 debug("Hash regions:\n"); 133 debug("%10s %10s\n", "Offset", "Size"); 134 135 /* 136 * Use malloc() except in SPL (to save code size). In SPL the caller 137 * must allocate the array. 138 */ 139 #ifndef CONFIG_SPL_BUILD 140 if (!region) 141 region = calloc(sizeof(*region), count); 142 #endif 143 if (!region) 144 return NULL; 145 for (i = 0; i < count; i++) { 146 debug("%10x %10x\n", fdt_regions[i].offset, 147 fdt_regions[i].size); 148 region[i].data = fit + fdt_regions[i].offset; 149 region[i].size = fdt_regions[i].size; 150 } 151 152 return region; 153 } 154 155 static int fit_image_setup_verify(struct image_sign_info *info, 156 const void *fit, int noffset, int required_keynode, 157 char **err_msgp) 158 { 159 char *algo_name; 160 161 if (fit_image_hash_get_algo(fit, noffset, &algo_name)) { 162 *err_msgp = "Can't get hash algo property"; 163 return -1; 164 } 165 memset(info, '\0', sizeof(*info)); 166 info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); 167 info->fit = (void *)fit; 168 info->node_offset = noffset; 169 info->name = algo_name; 170 info->checksum = image_get_checksum_algo(algo_name); 171 info->crypto = image_get_crypto_algo(algo_name); 172 info->fdt_blob = gd_fdt_blob(); 173 info->required_keynode = required_keynode; 174 printf("%s:%s", algo_name, info->keyname); 175 176 if (!info->checksum || !info->crypto) { 177 *err_msgp = "Unknown signature algorithm"; 178 return -1; 179 } 180 181 return 0; 182 } 183 184 int fit_image_check_sig(const void *fit, int noffset, const void *data, 185 size_t size, int required_keynode, char **err_msgp) 186 { 187 struct image_sign_info info; 188 struct image_region region; 189 uint8_t *fit_value; 190 int fit_value_len; 191 192 *err_msgp = NULL; 193 if (fit_image_setup_verify(&info, fit, noffset, required_keynode, 194 err_msgp)) 195 return -1; 196 197 if (fit_image_hash_get_value(fit, noffset, &fit_value, 198 &fit_value_len)) { 199 *err_msgp = "Can't get hash value property"; 200 return -1; 201 } 202 203 region.data = data; 204 region.size = size; 205 206 if (info.crypto->verify(&info, ®ion, 1, fit_value, fit_value_len)) { 207 *err_msgp = "Verification failed"; 208 return -1; 209 } 210 211 return 0; 212 } 213 214 static int fit_image_verify_sig(const void *fit, int image_noffset, 215 const char *data, size_t size, const void *sig_blob, 216 int sig_offset) 217 { 218 int noffset; 219 char *err_msg = ""; 220 int verified = 0; 221 int ret; 222 223 /* Process all hash subnodes of the component image node */ 224 fdt_for_each_subnode(noffset, fit, image_noffset) { 225 const char *name = fit_get_name(fit, noffset, NULL); 226 227 if (!strncmp(name, FIT_SIG_NODENAME, 228 strlen(FIT_SIG_NODENAME))) { 229 ret = fit_image_check_sig(fit, noffset, data, 230 size, -1, &err_msg); 231 if (ret) { 232 puts("- "); 233 } else { 234 puts("+ "); 235 verified = 1; 236 break; 237 } 238 } 239 } 240 241 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) { 242 err_msg = "Corrupted or truncated tree"; 243 goto error; 244 } 245 246 if (verified) 247 return 0; 248 249 error: 250 printf(" error!\n%s for '%s' hash node in '%s' image node\n", 251 err_msg, fit_get_name(fit, noffset, NULL), 252 fit_get_name(fit, image_noffset, NULL)); 253 return -1; 254 } 255 256 int fit_image_verify_required_sigs(const void *fit, int image_noffset, 257 const char *data, size_t size, const void *sig_blob, 258 int *no_sigsp) 259 { 260 int verify_count = 0; 261 int noffset; 262 int sig_node; 263 264 /* Work out what we need to verify */ 265 *no_sigsp = 1; 266 sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); 267 if (sig_node < 0) { 268 printf("No RSA key found\n"); 269 return -EINVAL; 270 } 271 272 fdt_for_each_subnode(noffset, sig_blob, sig_node) { 273 const char *required; 274 int ret; 275 276 required = fdt_getprop(sig_blob, noffset, "required", NULL); 277 if (!required || strcmp(required, "image")) 278 continue; 279 ret = fit_image_verify_sig(fit, image_noffset, data, size, 280 sig_blob, noffset); 281 if (ret) { 282 printf("Failed to verify required signature '%s'\n", 283 fit_get_name(sig_blob, noffset, NULL)); 284 return ret; 285 } 286 verify_count++; 287 } 288 289 if (verify_count) 290 *no_sigsp = 0; 291 292 return 0; 293 } 294 295 int fit_config_check_sig(const void *fit, int noffset, int required_keynode, 296 char **err_msgp) 297 { 298 char * const exc_prop[] = {"data"}; 299 const char *prop, *end, *name; 300 struct image_sign_info info; 301 const uint32_t *strings; 302 uint8_t *fit_value; 303 int fit_value_len; 304 int max_regions; 305 int i, prop_len; 306 char path[200]; 307 int count; 308 309 debug("%s: fdt=%p, conf='%s', sig='%s'\n", __func__, gd_fdt_blob(), 310 fit_get_name(fit, noffset, NULL), 311 fit_get_name(gd_fdt_blob(), required_keynode, NULL)); 312 *err_msgp = NULL; 313 if (fit_image_setup_verify(&info, fit, noffset, required_keynode, 314 err_msgp)) 315 return -1; 316 317 if (fit_image_hash_get_value(fit, noffset, &fit_value, 318 &fit_value_len)) { 319 *err_msgp = "Can't get hash value property"; 320 return -1; 321 } 322 323 /* Count the number of strings in the property */ 324 prop = fdt_getprop(fit, noffset, "hashed-nodes", &prop_len); 325 end = prop ? prop + prop_len : prop; 326 for (name = prop, count = 0; name < end; name++) 327 if (!*name) 328 count++; 329 if (!count) { 330 *err_msgp = "Can't get hashed-nodes property"; 331 return -1; 332 } 333 334 /* Add a sanity check here since we are using the stack */ 335 if (count > IMAGE_MAX_HASHED_NODES) { 336 *err_msgp = "Number of hashed nodes exceeds maximum"; 337 return -1; 338 } 339 340 /* Create a list of node names from those strings */ 341 char *node_inc[count]; 342 343 debug("Hash nodes (%d):\n", count); 344 for (name = prop, i = 0; name < end; name += strlen(name) + 1, i++) { 345 debug(" '%s'\n", name); 346 node_inc[i] = (char *)name; 347 } 348 349 /* 350 * Each node can generate one region for each sub-node. Allow for 351 * 7 sub-nodes (hash@1, signature@1, etc.) and some extra. 352 */ 353 max_regions = 20 + count * 7; 354 struct fdt_region fdt_regions[max_regions]; 355 356 /* Get a list of regions to hash */ 357 count = fdt_find_regions(fit, node_inc, count, 358 exc_prop, ARRAY_SIZE(exc_prop), 359 fdt_regions, max_regions - 1, 360 path, sizeof(path), 0); 361 if (count < 0) { 362 *err_msgp = "Failed to hash configuration"; 363 return -1; 364 } 365 if (count == 0) { 366 *err_msgp = "No data to hash"; 367 return -1; 368 } 369 if (count >= max_regions - 1) { 370 *err_msgp = "Too many hash regions"; 371 return -1; 372 } 373 374 /* Add the strings */ 375 strings = fdt_getprop(fit, noffset, "hashed-strings", NULL); 376 if (strings) { 377 fdt_regions[count].offset = fdt_off_dt_strings(fit) + 378 fdt32_to_cpu(strings[0]); 379 fdt_regions[count].size = fdt32_to_cpu(strings[1]); 380 count++; 381 } 382 383 /* Allocate the region list on the stack */ 384 struct image_region region[count]; 385 386 fit_region_make_list(fit, fdt_regions, count, region); 387 if (info.crypto->verify(&info, region, count, fit_value, 388 fit_value_len)) { 389 *err_msgp = "Verification failed"; 390 return -1; 391 } 392 393 return 0; 394 } 395 396 static int fit_config_verify_sig(const void *fit, int conf_noffset, 397 const void *sig_blob, int sig_offset) 398 { 399 int noffset; 400 char *err_msg = ""; 401 int verified = 0; 402 int ret; 403 404 /* Process all hash subnodes of the component conf node */ 405 fdt_for_each_subnode(noffset, fit, conf_noffset) { 406 const char *name = fit_get_name(fit, noffset, NULL); 407 408 if (!strncmp(name, FIT_SIG_NODENAME, 409 strlen(FIT_SIG_NODENAME))) { 410 ret = fit_config_check_sig(fit, noffset, sig_offset, 411 &err_msg); 412 if (ret) { 413 puts("- "); 414 } else { 415 puts("+ "); 416 verified = 1; 417 break; 418 } 419 } 420 } 421 422 if (noffset == -FDT_ERR_TRUNCATED || noffset == -FDT_ERR_BADSTRUCTURE) { 423 err_msg = "Corrupted or truncated tree"; 424 goto error; 425 } 426 427 if (verified) 428 return 0; 429 430 error: 431 printf(" error!\n%s for '%s' hash node in '%s' config node\n", 432 err_msg, fit_get_name(fit, noffset, NULL), 433 fit_get_name(fit, conf_noffset, NULL)); 434 return -1; 435 } 436 437 int fit_config_verify_required_sigs(const void *fit, int conf_noffset, 438 const void *sig_blob) 439 { 440 int noffset; 441 int sig_node; 442 443 /* Work out what we need to verify */ 444 sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); 445 if (sig_node < 0) { 446 printf("No RSA key found\n"); 447 return -EINVAL; 448 } 449 450 fdt_for_each_subnode(noffset, sig_blob, sig_node) { 451 const char *required; 452 int ret; 453 454 required = fdt_getprop(sig_blob, noffset, "required", NULL); 455 if (!required || strcmp(required, "conf")) 456 continue; 457 ret = fit_config_verify_sig(fit, conf_noffset, sig_blob, 458 noffset); 459 if (ret) { 460 printf("Failed to verify required signature '%s'\n", 461 fit_get_name(sig_blob, noffset, NULL)); 462 return ret; 463 } 464 } 465 466 return 0; 467 } 468 469 int fit_config_verify(const void *fit, int conf_noffset) 470 { 471 return fit_config_verify_required_sigs(fit, conf_noffset, 472 gd_fdt_blob()); 473 } 474 475 #ifndef USE_HOSTCC 476 #if CONFIG_IS_ENABLED(FIT_ROLLBACK_PROTECT) 477 int fit_rollback_index_verify(const void *fit, uint32_t rollback_fd, 478 uint32_t *this_index, uint32_t *min_index) 479 { 480 uint32_t tmp_this; 481 uint64_t tmp_min; 482 int images_noffset; 483 int def_noffset; 484 485 if (fit_get_image_defconf_node(fit, &images_noffset, &def_noffset)) 486 return -ENOENT; 487 488 if (fit_image_get_rollback_index(fit, def_noffset, &tmp_this)) 489 return -ENODEV; 490 491 /* TODO */ 492 tmp_min = tmp_this; 493 494 *this_index = tmp_this; 495 *min_index = tmp_min; 496 497 return 0; 498 } 499 #endif 500 #endif 501