1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (c) 2013, Google Inc.
5 * (C) Copyright 2008 Semihalf
7 * (C) Copyright 2000-2006
8 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
13 #include <fdt_region.h>
17 #include <openssl/pem.h>
18 #include <openssl/evp.h>
21 * fit_set_hash_value - set hash value in requested has node
22 * @fit: pointer to the FIT format image header
23 * @noffset: hash node offset
24 * @value: hash value to be set
25 * @value_len: hash value length
27 * fit_set_hash_value() attempts to set hash value in a node at offset
28 * given and returns operation status to the caller.
34 static int fit_set_hash_value(void *fit, int noffset, uint8_t *value,
39 ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len);
41 printf("Can't set hash '%s' property for '%s' node(%s)\n",
42 FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL),
44 return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
51 * fit_image_process_hash - Process a single subnode of the images/ node
53 * Check each subnode and process accordingly. For hash nodes we generate
54 * a hash of the supplied data and store it in the node.
56 * @fit: pointer to the FIT format image header
57 * @image_name: name of image being processed (used to display errors)
58 * @noffset: subnode offset
59 * @data: data to process
60 * @size: size of data in bytes
61 * Return: 0 if ok, -1 on error
63 static int fit_image_process_hash(void *fit, const char *image_name,
64 int noffset, const void *data, size_t size)
66 uint8_t value[FIT_MAX_HASH_LEN];
67 const char *node_name;
72 node_name = fit_get_name(fit, noffset, NULL);
74 if (fit_image_hash_get_algo(fit, noffset, &algo)) {
75 printf("Can't get hash algo property for '%s' hash node in '%s' image node\n",
76 node_name, image_name);
80 if (calculate_hash(data, size, algo, value, &value_len)) {
81 printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n",
82 algo, node_name, image_name);
83 return -EPROTONOSUPPORT;
86 ret = fit_set_hash_value(fit, noffset, value, value_len);
88 printf("Can't set hash value for '%s' hash node in '%s' image node\n",
89 node_name, image_name);
97 * fit_image_write_sig() - write the signature to a FIT
99 * This writes the signature and signer data to the FIT.
101 * @fit: pointer to the FIT format image header
102 * @noffset: hash node offset
103 * @value: signature value to be set
104 * @value_len: signature value length
105 * @comment: Text comment to write (NULL for none)
109 * -FDT_ERR_..., on failure
111 static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
112 int value_len, const char *comment, const char *region_prop,
113 int region_proplen, const char *cmdname, const char *algo_name)
119 * Get the current string size, before we update the FIT and add
122 string_size = fdt_size_dt_strings(fit);
124 ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len);
126 ret = fdt_setprop_string(fit, noffset, "signer-name",
130 ret = fdt_setprop_string(fit, noffset, "signer-version",
134 ret = fdt_setprop_string(fit, noffset, "comment", comment);
136 time_t timestamp = imagetool_get_source_date(cmdname,
138 uint32_t t = cpu_to_uimage(timestamp);
140 ret = fdt_setprop(fit, noffset, FIT_TIMESTAMP_PROP, &t,
143 if (region_prop && !ret) {
146 ret = fdt_setprop(fit, noffset, "hashed-nodes",
147 region_prop, region_proplen);
148 /* This is a legacy offset, it is unused, and must remain 0. */
150 strdata[1] = cpu_to_fdt32(string_size);
152 ret = fdt_setprop(fit, noffset, "hashed-strings",
153 strdata, sizeof(strdata));
156 if (algo_name && !ret)
157 ret = fdt_setprop_string(fit, noffset, "algo", algo_name);
162 static int fit_image_setup_sig(struct image_sign_info *info,
163 const char *keydir, const char *keyfile, void *fit,
164 const char *image_name, int noffset, const char *require_keys,
165 const char *engine_id, const char *algo_name)
167 const char *node_name;
168 const char *padding_name;
170 node_name = fit_get_name(fit, noffset, NULL);
172 if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
173 printf("Can't get algo property for '%s' signature node in '%s' image node\n",
174 node_name, image_name);
179 padding_name = fdt_getprop(fit, noffset, "padding", NULL);
181 memset(info, '\0', sizeof(*info));
182 info->keydir = keydir;
183 info->keyfile = keyfile;
184 info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
186 info->node_offset = noffset;
187 info->name = strdup(algo_name);
188 info->checksum = image_get_checksum_algo(algo_name);
189 info->crypto = image_get_crypto_algo(algo_name);
190 info->padding = image_get_padding_algo(padding_name);
191 info->require_keys = require_keys;
192 info->engine_id = engine_id;
193 if (!info->checksum || !info->crypto) {
194 printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
195 algo_name, node_name, image_name);
203 * fit_image_process_sig- Process a single subnode of the images/ node
205 * Check each subnode and process accordingly. For signature nodes we
206 * generate a signed hash of the supplied data and store it in the node.
208 * @keydir: Directory containing keys to use for signing
209 * @keydest: Destination FDT blob to write public keys into (NULL if none)
210 * @fit: pointer to the FIT format image header
211 * @image_name: name of image being processed (used to display errors)
212 * @noffset: subnode offset
213 * @data: data to process
214 * @size: size of data in bytes
215 * @comment: Comment to add to signature nodes
216 * @require_keys: Mark all keys as 'required'
217 * @engine_id: Engine to use for signing
218 * Return: keydest node if @keydest is non-NULL, else 0 if none; -ve error code
221 static int fit_image_process_sig(const char *keydir, const char *keyfile,
222 void *keydest, void *fit, const char *image_name,
223 int noffset, const void *data, size_t size,
224 const char *comment, int require_keys, const char *engine_id,
225 const char *cmdname, const char *algo_name)
227 struct image_sign_info info;
228 struct image_region region;
229 const char *node_name;
234 if (fit_image_setup_sig(&info, keydir, keyfile, fit, image_name,
235 noffset, require_keys ? "image" : NULL,
236 engine_id, algo_name))
239 node_name = fit_get_name(fit, noffset, NULL);
242 ret = info.crypto->sign(&info, ®ion, 1, &value, &value_len);
244 printf("Failed to sign '%s' signature node in '%s' image node: %d\n",
245 node_name, image_name, ret);
247 /* We allow keys to be missing */
253 ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
254 NULL, 0, cmdname, algo_name);
256 if (ret == -FDT_ERR_NOSPACE)
258 printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n",
259 node_name, image_name, fdt_strerror(ret));
264 /* Get keyname again, as FDT has changed and invalidated our pointer */
265 info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
268 * Write the public key into the supplied FDT file; this might fail
269 * several times, since we try signing with successively increasing
273 ret = info.crypto->add_verify_data(&info, keydest);
275 printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
276 node_name, image_name);
279 /* Return the node that was written to */
286 static int fit_image_read_data(char *filename, unsigned char *data,
294 fd = open(filename, O_RDONLY | O_BINARY);
296 printf("Can't open file %s (err=%d => %s)\n",
297 filename, errno, strerror(errno));
301 /* Compute file size */
302 if (fstat(fd, &sbuf) < 0) {
303 printf("Can't fstat file %s (err=%d => %s)\n",
304 filename, errno, strerror(errno));
308 /* Check file size */
309 if (sbuf.st_size != expected_size) {
310 printf("File %s don't have the expected size (size=%lld, expected=%d)\n",
311 filename, (long long)sbuf.st_size, expected_size);
316 n = read(fd, data, sbuf.st_size);
318 printf("Can't read file %s (err=%d => %s)\n",
319 filename, errno, strerror(errno));
323 /* Check that we have read all the file */
324 if (n != sbuf.st_size) {
325 printf("Can't read all file %s (read %zd bytes, expected %lld)\n",
326 filename, n, (long long)sbuf.st_size);
337 static int get_random_data(void *data, int size)
339 unsigned char *tmp = data;
340 struct timespec date;
344 printf("%s: pointer data is NULL\n", __func__);
349 ret = clock_gettime(CLOCK_MONOTONIC, &date);
351 printf("%s: clock_gettime has failed (%s)\n", __func__,
356 srandom(date.tv_nsec);
358 for (i = 0; i < size; i++) {
359 *tmp = random() & 0xff;
367 static int fit_image_setup_cipher(struct image_cipher_info *info,
368 const char *keydir, void *fit,
369 const char *image_name, int image_noffset,
376 if (fit_image_cipher_get_algo(fit, noffset, &algo_name)) {
377 printf("Can't get algo name for cipher in image '%s'\n",
382 info->keydir = keydir;
384 /* Read the key name */
385 info->keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
386 if (!info->keyname) {
387 printf("Can't get key name for cipher in image '%s'\n",
395 * If this property is not provided then mkimage will generate
396 * a random IV and store it in the FIT image
398 info->ivname = fdt_getprop(fit, noffset, "iv-name-hint", NULL);
401 info->node_noffset = noffset;
402 info->name = algo_name;
404 info->cipher = image_get_cipher_algo(algo_name);
406 printf("Can't get algo for cipher '%s'\n", image_name);
410 /* Read the key in the file */
411 snprintf(filename, sizeof(filename), "%s/%s%s",
412 info->keydir, info->keyname, ".bin");
413 info->key = malloc(info->cipher->key_len);
415 printf("Can't allocate memory for key\n");
419 ret = fit_image_read_data(filename, (unsigned char *)info->key,
420 info->cipher->key_len);
424 info->iv = malloc(info->cipher->iv_len);
426 printf("Can't allocate memory for iv\n");
432 /* Read the IV in the file */
433 snprintf(filename, sizeof(filename), "%s/%s%s",
434 info->keydir, info->ivname, ".bin");
435 ret = fit_image_read_data(filename, (unsigned char *)info->iv,
436 info->cipher->iv_len);
438 /* Generate an ramdom IV */
439 ret = get_random_data((void *)info->iv, info->cipher->iv_len);
446 int fit_image_write_cipher(void *fit, int image_noffset, int noffset,
447 const void *data, size_t size,
448 unsigned char *data_ciphered, int data_ciphered_len)
452 /* Replace data with ciphered data */
453 ret = fdt_setprop(fit, image_noffset, FIT_DATA_PROP,
454 data_ciphered, data_ciphered_len);
455 if (ret == -FDT_ERR_NOSPACE) {
460 printf("Can't replace data with ciphered data (err = %d)\n", ret);
464 /* add non ciphered data size */
465 ret = fdt_setprop_u32(fit, image_noffset, "data-size-unciphered", size);
466 if (ret == -FDT_ERR_NOSPACE) {
471 printf("Can't add unciphered data size (err = %d)\n", ret);
480 fit_image_process_cipher(const char *keydir, void *keydest, void *fit,
481 const char *image_name, int image_noffset,
482 int node_noffset, const void *data, size_t size,
485 struct image_cipher_info info;
486 unsigned char *data_ciphered = NULL;
487 int data_ciphered_len;
490 memset(&info, 0, sizeof(info));
492 ret = fit_image_setup_cipher(&info, keydir, fit, image_name,
493 image_noffset, node_noffset);
497 ret = info.cipher->encrypt(&info, data, size,
498 &data_ciphered, &data_ciphered_len);
503 * Write the public key into the supplied FDT file; this might fail
504 * several times, since we try signing with successively increasing
506 * And, if needed, write the iv in the FIT file
509 ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset);
511 printf("Failed to add verification data for cipher '%s' in image '%s'\n",
512 info.keyname, image_name);
517 ret = fit_image_write_cipher(fit, image_noffset, node_noffset,
519 data_ciphered, data_ciphered_len);
523 free((void *)info.key);
524 free((void *)info.iv);
528 int fit_image_cipher_data(const char *keydir, void *keydest,
529 void *fit, int image_noffset, const char *comment,
530 int require_keys, const char *engine_id,
533 const char *image_name;
536 int cipher_node_offset, len;
539 image_name = fit_get_name(fit, image_noffset, NULL);
541 printf("Can't get image name\n");
545 /* Get image data and data length */
546 if (fit_image_get_data(fit, image_noffset, &data, &size)) {
547 printf("Can't get image data/size\n");
552 * Don't cipher ciphered data.
554 * If the data-size-unciphered property is present the data for this
555 * image is already encrypted. This is important as 'mkimage -F' can be
556 * run multiple times on a FIT image.
558 if (fdt_getprop(fit, image_noffset, "data-size-unciphered", &len))
560 if (len != -FDT_ERR_NOTFOUND) {
561 printf("Failure testing for data-size-unciphered\n");
565 /* Process cipher node if present */
566 cipher_node_offset = fdt_subnode_offset(fit, image_noffset,
567 FIT_CIPHER_NODENAME);
568 if (cipher_node_offset == -FDT_ERR_NOTFOUND)
570 if (cipher_node_offset < 0) {
571 printf("Failure getting cipher node\n");
574 if (!IMAGE_ENABLE_ENCRYPT || !keydir)
576 return fit_image_process_cipher(keydir, keydest, fit, image_name,
577 image_noffset, cipher_node_offset, data, size, cmdname);
581 * fit_image_add_verification_data() - calculate/set verig. data for image node
583 * This adds hash and signature values for an component image node.
585 * All existing hash subnodes are checked, if algorithm property is set to
586 * one of the supported hash algorithms, hash value is computed and
587 * corresponding hash node property is set, for example:
589 * Input component image node structure:
591 * o image-1 (at image_noffset)
592 * | - data = [binary data]
596 * Output component image node structure:
598 * o image-1 (at image_noffset)
599 * | - data = [binary data]
602 * |- value = sha1(data)
604 * For signature details, please see doc/uImage.FIT/signature.txt
606 * @keydir Directory containing *.key and *.crt files (or NULL)
607 * @keydest FDT Blob to write public keys into (NULL if none)
608 * @fit: Pointer to the FIT format image header
609 * @image_noffset: Requested component image node
610 * @comment: Comment to add to signature nodes
611 * @require_keys: Mark all keys as 'required'
612 * @engine_id: Engine to use for signing
613 * @return: 0 on success, <0 on failure
615 int fit_image_add_verification_data(const char *keydir, const char *keyfile,
616 void *keydest, void *fit, int image_noffset,
617 const char *comment, int require_keys, const char *engine_id,
618 const char *cmdname, const char* algo_name)
620 const char *image_name;
625 /* Get image data and data length */
626 if (fit_image_get_data(fit, image_noffset, &data, &size)) {
627 printf("Can't get image data/size\n");
631 image_name = fit_get_name(fit, image_noffset, NULL);
633 /* Process all hash subnodes of the component image node */
634 for (noffset = fdt_first_subnode(fit, image_noffset);
636 noffset = fdt_next_subnode(fit, noffset)) {
637 const char *node_name;
641 * Check subnode name, must be equal to "hash" or "signature".
642 * Multiple hash nodes require unique unit node
643 * names, e.g. hash-1, hash-2, signature-1, etc.
645 node_name = fit_get_name(fit, noffset, NULL);
646 if (!strncmp(node_name, FIT_HASH_NODENAME,
647 strlen(FIT_HASH_NODENAME))) {
648 ret = fit_image_process_hash(fit, image_name, noffset,
650 } else if (IMAGE_ENABLE_SIGN && (keydir || keyfile) &&
651 !strncmp(node_name, FIT_SIG_NODENAME,
652 strlen(FIT_SIG_NODENAME))) {
653 ret = fit_image_process_sig(keydir, keyfile, keydest,
654 fit, image_name, noffset, data, size,
655 comment, require_keys, engine_id, cmdname,
670 static void strlist_init(struct strlist *list)
672 memset(list, '\0', sizeof(*list));
675 static void strlist_free(struct strlist *list)
679 for (i = 0; i < list->count; i++)
680 free(list->strings[i]);
684 static int strlist_add(struct strlist *list, const char *str)
689 list->strings = realloc(list->strings,
690 (list->count + 1) * sizeof(char *));
693 list->strings[list->count++] = dup;
698 static const char *fit_config_get_image_list(const void *fit, int noffset,
699 int *lenp, int *allow_missingp)
701 static const char default_list[] = FIT_KERNEL_PROP "\0"
705 /* If there is an "sign-image" property, use that */
706 prop = fdt_getprop(fit, noffset, "sign-images", lenp);
709 return *lenp ? prop : NULL;
712 /* Default image list */
714 *lenp = sizeof(default_list);
720 * fit_config_add_hash() - Add a list of nodes to hash for an image
722 * This adds a list of paths to image nodes (as referred to by a particular
723 * offset) that need to be hashed, to protect a configuration
725 * @fit: Pointer to the FIT format image header
726 * @image_noffset: Offset of image to process (e.g. /images/kernel-1)
727 * @node_inc: List of nodes to add to
728 * @conf_name Configuration-node name, child of /configurations node (only
729 * used for error messages)
730 * @sig_name Signature-node name (only used for error messages)
731 * @iname: Name of image being processed (e.g. "kernel-1" (only used
732 * for error messages)
734 static int fit_config_add_hash(const void *fit, int image_noffset,
735 struct strlist *node_inc, const char *conf_name,
736 const char *sig_name, const char *iname)
743 ret = fdt_get_path(fit, image_noffset, path, sizeof(path));
746 if (strlist_add(node_inc, path))
749 /* Add all this image's hashes */
751 for (noffset = fdt_first_subnode(fit, image_noffset);
753 noffset = fdt_next_subnode(fit, noffset)) {
754 const char *name = fit_get_name(fit, noffset, NULL);
756 if (strncmp(name, FIT_HASH_NODENAME,
757 strlen(FIT_HASH_NODENAME)))
759 ret = fdt_get_path(fit, noffset, path, sizeof(path));
762 if (strlist_add(node_inc, path))
768 printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n",
769 conf_name, sig_name, iname);
773 /* Add this image's cipher node if present */
774 noffset = fdt_subnode_offset(fit, image_noffset,
775 FIT_CIPHER_NODENAME);
776 if (noffset != -FDT_ERR_NOTFOUND) {
778 printf("Failed to get cipher node in configuration '%s/%s' image '%s': %s\n",
779 conf_name, sig_name, iname,
780 fdt_strerror(noffset));
783 ret = fdt_get_path(fit, noffset, path, sizeof(path));
786 if (strlist_add(node_inc, path))
793 printf("Out of memory processing configuration '%s/%s'\n", conf_name,
798 printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n",
799 iname, conf_name, sig_name, fdt_strerror(ret));
804 * fit_config_get_hash_list() - Get the regions to sign
806 * This calculates a list of nodes to hash for this particular configuration,
807 * returning it as a string list (struct strlist, not a devicetree string list)
809 * @fit: Pointer to the FIT format image header
810 * @conf_noffset: Offset of configuration node to sign (child of
811 * /configurations node)
812 * @sig_offset: Offset of signature node containing info about how to sign it
813 * (child of 'signatures' node)
814 * @return 0 if OK, -ENOENT if an image referred to by the configuration cannot
815 * be found, -ENOMSG if ther were no images in the configuration
817 static int fit_config_get_hash_list(const void *fit, int conf_noffset,
818 int sig_offset, struct strlist *node_inc)
821 const char *prop, *iname, *end;
822 const char *conf_name, *sig_name;
827 conf_name = fit_get_name(fit, conf_noffset, NULL);
828 sig_name = fit_get_name(fit, sig_offset, NULL);
831 * Build a list of nodes we need to hash. We always need the root
832 * node and the configuration.
834 strlist_init(node_inc);
835 snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, conf_name);
836 if (strlist_add(node_inc, "/") ||
837 strlist_add(node_inc, name))
840 /* Get a list of images that we intend to sign */
841 prop = fit_config_get_image_list(fit, sig_offset, &len,
846 /* Locate the images */
849 for (iname = prop; iname < end; iname += strlen(iname) + 1) {
851 int index, max_index;
853 max_index = fdt_stringlist_count(fit, conf_noffset, iname);
855 for (index = 0; index < max_index; index++) {
856 image_noffset = fit_conf_get_prop_node_index(fit, conf_noffset,
859 if (image_noffset < 0) {
860 printf("Failed to find image '%s' in configuration '%s/%s'\n",
861 iname, conf_name, sig_name);
868 ret = fit_config_add_hash(fit, image_noffset, node_inc,
869 conf_name, sig_name, iname);
878 printf("Failed to find any images for configuration '%s/%s'\n",
879 conf_name, sig_name);
886 printf("Out of memory processing configuration '%s/%s'\n", conf_name,
892 * fit_config_get_regions() - Get the regions to sign
894 * This calculates a list of node to hash for this particular configuration,
895 * then finds which regions of the devicetree they correspond to.
897 * @fit: Pointer to the FIT format image header
898 * @conf_noffset: Offset of configuration node to sign (child of
899 * /configurations node)
900 * @sig_offset: Offset of signature node containing info about how to sign it
901 * (child of 'signatures' node)
902 * @regionp: Returns list of regions that need to be hashed (allocated; must be
903 * freed by the caller)
904 * @region_count: Returns number of regions
905 * @region_propp: Returns string-list property containing the list of nodes
906 * that correspond to the regions. Each entry is a full path to the node.
907 * This is in devicetree format, i.e. a \0 between each string. This is
908 * allocated and must be freed by the caller.
909 * @region_proplen: Returns length of *@@region_propp in bytes
910 * @return 0 if OK, -ENOMEM if out of memory, -EIO if the regions to hash could
911 * not be found, -EINVAL if no registers were found to hash
913 static int fit_config_get_regions(const void *fit, int conf_noffset,
914 int sig_offset, struct image_region **regionp,
915 int *region_countp, char **region_propp,
918 char * const exc_prop[] = {
921 FIT_DATA_POSITION_PROP,
922 FIT_DATA_OFFSET_PROP,
924 struct strlist node_inc;
925 struct image_region *region;
926 struct fdt_region fdt_regions[100];
927 const char *conf_name, *sig_name;
933 conf_name = fit_get_name(fit, conf_noffset, NULL);
934 sig_name = fit_get_name(fit, sig_offset, NULL);
935 debug("%s: conf='%s', sig='%s'\n", __func__, conf_name, sig_name);
937 /* Get a list of nodes we want to hash */
938 ret = fit_config_get_hash_list(fit, conf_noffset, sig_offset,
943 /* Get a list of regions to hash */
944 count = fdt_find_regions(fit, node_inc.strings, node_inc.count,
945 exc_prop, ARRAY_SIZE(exc_prop),
946 fdt_regions, ARRAY_SIZE(fdt_regions),
947 path, sizeof(path), 1);
949 printf("Failed to hash configuration '%s/%s': %s\n", conf_name,
950 sig_name, fdt_strerror(ret));
954 printf("No data to hash for configuration '%s/%s': %s\n",
955 conf_name, sig_name, fdt_strerror(ret));
959 /* Build our list of data blocks */
960 region = fit_region_make_list(fit, fdt_regions, count, NULL);
962 printf("Out of memory hashing configuration '%s/%s'\n",
963 conf_name, sig_name);
967 /* Create a list of all hashed properties */
968 debug("Hash nodes:\n");
969 for (i = len = 0; i < node_inc.count; i++) {
970 debug(" %s\n", node_inc.strings[i]);
971 len += strlen(node_inc.strings[i]) + 1;
973 region_prop = malloc(len);
975 printf("Out of memory setting up regions for configuration '%s/%s'\n",
976 conf_name, sig_name);
979 for (i = len = 0; i < node_inc.count;
980 len += strlen(node_inc.strings[i]) + 1, i++)
981 strcpy(region_prop + len, node_inc.strings[i]);
982 strlist_free(&node_inc);
984 *region_countp = count;
986 *region_propp = region_prop;
987 *region_proplen = len;
993 * fit_config_process_sig - Process a single subnode of the configurations/ node
995 * Generate a signed hash of the supplied data and store it in the node.
997 * @keydir: Directory containing keys to use for signing
998 * @keydest: Destination FDT blob to write public keys into (NULL if none)
999 * @fit: pointer to the FIT format image header
1000 * @conf_name name of config being processed (used to display errors)
1001 * @conf_noffset: Offset of configuration node, e.g. '/configurations/conf-1'
1002 * @noffset: subnode offset, e.g. '/configurations/conf-1/sig-1'
1003 * @comment: Comment to add to signature nodes
1004 * @require_keys: Mark all keys as 'required'
1005 * @engine_id: Engine to use for signing
1006 * @cmdname: Command name used when reporting errors
1007 * @return keydest node if @keydest is non-NULL, else 0 if none; -ve error code
1010 static int fit_config_process_sig(const char *keydir, const char *keyfile,
1011 void *keydest, void *fit, const char *conf_name,
1012 int conf_noffset, int noffset, const char *comment,
1013 int require_keys, const char *engine_id, const char *cmdname,
1014 const char *algo_name)
1016 struct image_sign_info info;
1017 const char *node_name;
1018 struct image_region *region;
1026 node_name = fit_get_name(fit, noffset, NULL);
1027 if (fit_config_get_regions(fit, conf_noffset, noffset, ®ion,
1028 ®ion_count, ®ion_prop,
1032 if (fit_image_setup_sig(&info, keydir, keyfile, fit, conf_name, noffset,
1033 require_keys ? "conf" : NULL, engine_id,
1037 ret = info.crypto->sign(&info, region, region_count, &value,
1041 printf("Failed to sign '%s' signature node in '%s' conf node\n",
1042 node_name, conf_name);
1044 /* We allow keys to be missing */
1050 ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
1051 region_prop, region_proplen, cmdname,
1054 if (ret == -FDT_ERR_NOSPACE)
1056 printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n",
1057 node_name, conf_name, fdt_strerror(ret));
1063 /* Get keyname again, as FDT has changed and invalidated our pointer */
1064 info.keyname = fdt_getprop(fit, noffset, FIT_KEY_HINT, NULL);
1066 /* Write the public key into the supplied FDT file */
1068 ret = info.crypto->add_verify_data(&info, keydest);
1070 printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
1071 node_name, conf_name);
1079 static int fit_config_add_verification_data(const char *keydir,
1080 const char *keyfile, void *keydest, void *fit, int conf_noffset,
1081 const char *comment, int require_keys, const char *engine_id,
1082 const char *cmdname, const char *algo_name,
1083 struct image_summary *summary)
1085 const char *conf_name;
1088 conf_name = fit_get_name(fit, conf_noffset, NULL);
1090 /* Process all hash subnodes of the configuration node */
1091 for (noffset = fdt_first_subnode(fit, conf_noffset);
1093 noffset = fdt_next_subnode(fit, noffset)) {
1094 const char *node_name;
1097 node_name = fit_get_name(fit, noffset, NULL);
1098 if (!strncmp(node_name, FIT_SIG_NODENAME,
1099 strlen(FIT_SIG_NODENAME))) {
1100 ret = fit_config_process_sig(keydir, keyfile, keydest,
1101 fit, conf_name, conf_noffset, noffset, comment,
1102 require_keys, engine_id, cmdname, algo_name);
1106 summary->sig_offset = noffset;
1107 fdt_get_path(fit, noffset, summary->sig_path,
1108 sizeof(summary->sig_path));
1111 summary->keydest_offset = ret;
1112 fdt_get_path(keydest, ret,
1113 summary->keydest_path,
1114 sizeof(summary->keydest_path));
1123 * 0) open file (open)
1124 * 1) read certificate (PEM_read_X509)
1125 * 2) get public key (X509_get_pubkey)
1126 * 3) provide der format (d2i_RSAPublicKey)
1128 static int read_pub_key(const char *keydir, const void *name,
1129 unsigned char **pubkey, int *pubkey_len)
1132 EVP_PKEY *key = NULL;
1137 memset(path, 0, 1024);
1138 snprintf(path, sizeof(path), "%s/%s.crt", keydir, (char *)name);
1140 /* Open certificate file */
1141 f = fopen(path, "r");
1143 fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
1144 path, strerror(errno));
1148 /* Read the certificate */
1150 if (!PEM_read_X509(f, &cert, NULL, NULL)) {
1151 printf("Couldn't read certificate");
1156 /* Get the public key from the certificate. */
1157 key = X509_get_pubkey(cert);
1159 printf("Couldn't read public key\n");
1165 ret = i2d_PublicKey(key, pubkey);
1167 printf("Couldn't get DER form\n");
1182 int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
1184 int pre_load_noffset;
1185 const void *algo_name;
1186 const void *key_name;
1187 unsigned char *pubkey = NULL;
1188 int ret, pubkey_len;
1190 if (!keydir || !keydest || !fit)
1193 /* Search node pre-load sig */
1194 pre_load_noffset = fdt_path_offset(keydest, IMAGE_PRE_LOAD_PATH);
1195 if (pre_load_noffset < 0) {
1200 algo_name = fdt_getprop(keydest, pre_load_noffset, "algo-name", NULL);
1201 key_name = fdt_getprop(keydest, pre_load_noffset, "key-name", NULL);
1203 /* Check that all mandatory properties are present */
1204 if (!algo_name || !key_name) {
1206 printf("The property algo-name is missing in the node %s\n",
1207 IMAGE_PRE_LOAD_PATH);
1209 printf("The property key-name is missing in the node %s\n",
1210 IMAGE_PRE_LOAD_PATH);
1215 /* Read public key */
1216 ret = read_pub_key(keydir, key_name, &pubkey, &pubkey_len);
1220 /* Add the public key to the device tree */
1221 ret = fdt_setprop(keydest, pre_load_noffset, "public-key",
1222 pubkey, pubkey_len);
1224 printf("Can't set public-key in node %s (ret = %d)\n",
1225 IMAGE_PRE_LOAD_PATH, ret);
1231 int fit_cipher_data(const char *keydir, void *keydest, void *fit,
1232 const char *comment, int require_keys,
1233 const char *engine_id, const char *cmdname)
1239 /* Find images parent node offset */
1240 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1241 if (images_noffset < 0) {
1242 printf("Can't find images parent node '%s' (%s)\n",
1243 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
1244 return images_noffset;
1247 /* Process its subnodes, print out component images details */
1248 for (noffset = fdt_first_subnode(fit, images_noffset);
1250 noffset = fdt_next_subnode(fit, noffset)) {
1252 * Direct child node of the images parent node,
1253 * i.e. component image node.
1255 ret = fit_image_cipher_data(keydir, keydest,
1256 fit, noffset, comment,
1257 require_keys, engine_id,
1266 int fit_add_verification_data(const char *keydir, const char *keyfile,
1267 void *keydest, void *fit, const char *comment,
1268 int require_keys, const char *engine_id,
1269 const char *cmdname, const char *algo_name,
1270 struct image_summary *summary)
1272 int images_noffset, confs_noffset;
1276 /* Find images parent node offset */
1277 images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
1278 if (images_noffset < 0) {
1279 printf("Can't find images parent node '%s' (%s)\n",
1280 FIT_IMAGES_PATH, fdt_strerror(images_noffset));
1281 return images_noffset;
1284 /* Process its subnodes, print out component images details */
1285 for (noffset = fdt_first_subnode(fit, images_noffset);
1287 noffset = fdt_next_subnode(fit, noffset)) {
1289 * Direct child node of the images parent node,
1290 * i.e. component image node.
1292 ret = fit_image_add_verification_data(keydir, keyfile, keydest,
1293 fit, noffset, comment, require_keys, engine_id,
1294 cmdname, algo_name);
1299 /* If there are no keys, we can't sign configurations */
1300 if (!IMAGE_ENABLE_SIGN || !(keydir || keyfile))
1303 /* Find configurations parent node offset */
1304 confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
1305 if (confs_noffset < 0) {
1306 printf("Can't find images parent node '%s' (%s)\n",
1307 FIT_CONFS_PATH, fdt_strerror(confs_noffset));
1311 /* Process its subnodes, print out component images details */
1312 for (noffset = fdt_first_subnode(fit, confs_noffset);
1314 noffset = fdt_next_subnode(fit, noffset)) {
1315 ret = fit_config_add_verification_data(keydir, keyfile, keydest,
1316 fit, noffset, comment,
1319 algo_name, summary);
1327 #ifdef CONFIG_FIT_SIGNATURE
1328 int fit_check_sign(const void *fit, const void *key,
1329 const char *fit_uname_config)
1334 cfg_noffset = fit_conf_get_node(fit, fit_uname_config);
1338 printf("Verifying Hash Integrity for node '%s'... ",
1339 fdt_get_name(fit, cfg_noffset, NULL));
1340 ret = fit_config_verify(fit, cfg_noffset);
1343 printf("Verified OK, loading images\n");
1344 ret = bootm_host_load_images(fit, cfg_noffset);
projects / platform / kernel / u-boot.git / blob