2
* Copyright (c) 2013, Google Inc.
4
* (C) Copyright 2008 Semihalf
6
* (C) Copyright 2000-2006
7
* Wolfgang Denk, DENX Software Engineering, wd@denx.de.
9
* SPDX-License-Identifier: GPL-2.0+
17
* fit_set_hash_value - set hash value in requested has node
18
* @fit: pointer to the FIT format image header
19
* @noffset: hash node offset
20
* @value: hash value to be set
21
* @value_len: hash value length
23
* fit_set_hash_value() attempts to set hash value in a node at offset
24
* given and returns operation status to the caller.
30
static int fit_set_hash_value(void *fit, int noffset, uint8_t *value,
35
ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len);
37
printf("Can't set hash '%s' property for '%s' node(%s)\n",
38
FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL),
47
* fit_image_process_hash - Process a single subnode of the images/ node
49
* Check each subnode and process accordingly. For hash nodes we generate
50
* a hash of the supplised data and store it in the node.
52
* @fit: pointer to the FIT format image header
53
* @image_name: name of image being processes (used to display errors)
54
* @noffset: subnode offset
55
* @data: data to process
56
* @size: size of data in bytes
57
* @return 0 if ok, -1 on error
59
static int fit_image_process_hash(void *fit, const char *image_name,
60
int noffset, const void *data, size_t size)
62
uint8_t value[FIT_MAX_HASH_LEN];
63
const char *node_name;
67
node_name = fit_get_name(fit, noffset, NULL);
69
if (fit_image_hash_get_algo(fit, noffset, &algo)) {
70
printf("Can't get hash algo property for '%s' hash node in '%s' image node\n",
71
node_name, image_name);
75
if (calculate_hash(data, size, algo, value, &value_len)) {
76
printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n",
77
algo, node_name, image_name);
81
if (fit_set_hash_value(fit, noffset, value, value_len)) {
82
printf("Can't set hash value for '%s' hash node in '%s' image node\n",
83
node_name, image_name);
91
* fit_image_write_sig() - write the signature to a FIT
93
* This writes the signature and signer data to the FIT.
95
* @fit: pointer to the FIT format image header
96
* @noffset: hash node offset
97
* @value: signature value to be set
98
* @value_len: signature value length
99
* @comment: Text comment to write (NULL for none)
103
* -FDT_ERR_..., on failure
105
static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
106
int value_len, const char *comment, const char *region_prop,
113
* Get the current string size, before we update the FIT and add
116
string_size = fdt_size_dt_strings(fit);
118
ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len);
120
ret = fdt_setprop_string(fit, noffset, "signer-name",
124
ret = fdt_setprop_string(fit, noffset, "signer-version",
128
ret = fdt_setprop_string(fit, noffset, "comment", comment);
130
ret = fit_set_timestamp(fit, noffset, time(NULL));
131
if (region_prop && !ret) {
134
ret = fdt_setprop(fit, noffset, "hashed-nodes",
135
region_prop, region_proplen);
137
strdata[1] = cpu_to_fdt32(string_size);
139
ret = fdt_setprop(fit, noffset, "hashed-strings",
140
strdata, sizeof(strdata));
147
static int fit_image_setup_sig(struct image_sign_info *info,
148
const char *keydir, void *fit, const char *image_name,
149
int noffset, const char *require_keys)
151
const char *node_name;
154
node_name = fit_get_name(fit, noffset, NULL);
155
if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
156
printf("Can't get algo property for '%s' signature node in '%s' image node\n",
157
node_name, image_name);
161
memset(info, '\0', sizeof(*info));
162
info->keydir = keydir;
163
info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
165
info->node_offset = noffset;
166
info->algo = image_get_sig_algo(algo_name);
167
info->require_keys = require_keys;
169
printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
170
algo_name, node_name, image_name);
178
* fit_image_process_sig- Process a single subnode of the images/ node
180
* Check each subnode and process accordingly. For signature nodes we
181
* generate a signed hash of the supplised data and store it in the node.
183
* @keydir: Directory containing keys to use for signing
184
* @keydest: Destination FDT blob to write public keys into
185
* @fit: pointer to the FIT format image header
186
* @image_name: name of image being processes (used to display errors)
187
* @noffset: subnode offset
188
* @data: data to process
189
* @size: size of data in bytes
190
* @comment: Comment to add to signature nodes
191
* @require_keys: Mark all keys as 'required'
192
* @return 0 if ok, -1 on error
194
static int fit_image_process_sig(const char *keydir, void *keydest,
195
void *fit, const char *image_name,
196
int noffset, const void *data, size_t size,
197
const char *comment, int require_keys)
199
struct image_sign_info info;
200
struct image_region region;
201
const char *node_name;
206
if (fit_image_setup_sig(&info, keydir, fit, image_name, noffset,
207
require_keys ? "image" : NULL))
210
node_name = fit_get_name(fit, noffset, NULL);
213
ret = info.algo->sign(&info, ®ion, 1, &value, &value_len);
215
printf("Failed to sign '%s' signature node in '%s' image node: %d\n",
216
node_name, image_name, ret);
218
/* We allow keys to be missing */
224
ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
227
printf("Can't write signature for '%s' signature node in '%s' image node: %s\n",
228
node_name, image_name, fdt_strerror(ret));
233
/* Get keyname again, as FDT has changed and invalidated our pointer */
234
info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
236
/* Write the public key into the supplied FDT file */
237
if (keydest && info.algo->add_verify_data(&info, keydest)) {
238
printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
239
node_name, image_name);
247
* fit_image_add_verification_data() - calculate/set verig. data for image node
249
* This adds hash and signature values for an component image node.
251
* All existing hash subnodes are checked, if algorithm property is set to
252
* one of the supported hash algorithms, hash value is computed and
253
* corresponding hash node property is set, for example:
255
* Input component image node structure:
257
* o image@1 (at image_noffset)
258
* | - data = [binary data]
262
* Output component image node structure:
264
* o image@1 (at image_noffset)
265
* | - data = [binary data]
268
* |- value = sha1(data)
270
* For signature details, please see doc/uImage.FIT/signature.txt
272
* @keydir Directory containing *.key and *.crt files (or NULL)
273
* @keydest FDT Blob to write public keys into (NULL if none)
274
* @fit: Pointer to the FIT format image header
275
* @image_noffset: Requested component image node
276
* @comment: Comment to add to signature nodes
277
* @require_keys: Mark all keys as 'required'
278
* @return: 0 on success, <0 on failure
280
int fit_image_add_verification_data(const char *keydir, void *keydest,
281
void *fit, int image_noffset, const char *comment,
284
const char *image_name;
289
/* Get image data and data length */
290
if (fit_image_get_data(fit, image_noffset, &data, &size)) {
291
printf("Can't get image data/size\n");
295
image_name = fit_get_name(fit, image_noffset, NULL);
297
/* Process all hash subnodes of the component image node */
298
for (noffset = fdt_first_subnode(fit, image_noffset);
300
noffset = fdt_next_subnode(fit, noffset)) {
301
const char *node_name;
305
* Check subnode name, must be equal to "hash" or "signature".
306
* Multiple hash nodes require unique unit node
307
* names, e.g. hash@1, hash@2, signature@1, etc.
309
node_name = fit_get_name(fit, noffset, NULL);
310
if (!strncmp(node_name, FIT_HASH_NODENAME,
311
strlen(FIT_HASH_NODENAME))) {
312
ret = fit_image_process_hash(fit, image_name, noffset,
314
} else if (IMAGE_ENABLE_SIGN && keydir &&
315
!strncmp(node_name, FIT_SIG_NODENAME,
316
strlen(FIT_SIG_NODENAME))) {
317
ret = fit_image_process_sig(keydir, keydest,
318
fit, image_name, noffset, data, size,
319
comment, require_keys);
333
static void strlist_init(struct strlist *list)
335
memset(list, '\0', sizeof(*list));
338
static void strlist_free(struct strlist *list)
342
for (i = 0; i < list->count; i++)
343
free(list->strings[i]);
347
static int strlist_add(struct strlist *list, const char *str)
352
list->strings = realloc(list->strings,
353
(list->count + 1) * sizeof(char *));
356
list->strings[list->count++] = dup;
361
static const char *fit_config_get_image_list(void *fit, int noffset,
362
int *lenp, int *allow_missingp)
364
static const char default_list[] = FIT_KERNEL_PROP "\0"
368
/* If there is an "image" property, use that */
369
prop = fdt_getprop(fit, noffset, "sign-images", lenp);
372
return *lenp ? prop : NULL;
375
/* Default image list */
377
*lenp = sizeof(default_list);
382
static int fit_config_get_hash_list(void *fit, int conf_noffset,
383
int sig_offset, struct strlist *node_inc)
386
const char *prop, *iname, *end;
387
const char *conf_name, *sig_name;
388
char name[200], path[200];
392
conf_name = fit_get_name(fit, conf_noffset, NULL);
393
sig_name = fit_get_name(fit, sig_offset, NULL);
396
* Build a list of nodes we need to hash. We always need the root
397
* node and the configuration.
399
strlist_init(node_inc);
400
snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH, conf_name);
401
if (strlist_add(node_inc, "/") ||
402
strlist_add(node_inc, name))
405
/* Get a list of images that we intend to sign */
406
prop = fit_config_get_image_list(fit, sig_offset, &len,
411
/* Locate the images */
414
for (iname = prop; iname < end; iname += strlen(iname) + 1) {
419
image_noffset = fit_conf_get_prop_node(fit, conf_noffset,
421
if (image_noffset < 0) {
422
printf("Failed to find image '%s' in configuration '%s/%s'\n",
423
iname, conf_name, sig_name);
430
ret = fdt_get_path(fit, image_noffset, path, sizeof(path));
433
if (strlist_add(node_inc, path))
436
snprintf(name, sizeof(name), "%s/%s", FIT_CONFS_PATH,
439
/* Add all this image's hashes */
441
for (noffset = fdt_first_subnode(fit, image_noffset);
443
noffset = fdt_next_subnode(fit, noffset)) {
444
const char *name = fit_get_name(fit, noffset, NULL);
446
if (strncmp(name, FIT_HASH_NODENAME,
447
strlen(FIT_HASH_NODENAME)))
449
ret = fdt_get_path(fit, noffset, path, sizeof(path));
452
if (strlist_add(node_inc, path))
458
printf("Failed to find any hash nodes in configuration '%s/%s' image '%s' - without these it is not possible to verify this image\n",
459
conf_name, sig_name, iname);
467
printf("Failed to find any images for configuration '%s/%s'\n",
468
conf_name, sig_name);
475
printf("Out of memory processing configuration '%s/%s'\n", conf_name,
480
printf("Failed to get path for image '%s' in configuration '%s/%s': %s\n",
481
iname, conf_name, sig_name, fdt_strerror(ret));
485
static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
486
struct image_region **regionp, int *region_countp,
487
char **region_propp, int *region_proplen)
489
char * const exc_prop[] = {"data"};
490
struct strlist node_inc;
491
struct image_region *region;
492
struct fdt_region fdt_regions[100];
493
const char *conf_name, *sig_name;
499
conf_name = fit_get_name(fit, conf_noffset, NULL);
500
sig_name = fit_get_name(fit, conf_noffset, NULL);
501
debug("%s: conf='%s', sig='%s'\n", __func__, conf_name, sig_name);
503
/* Get a list of nodes we want to hash */
504
ret = fit_config_get_hash_list(fit, conf_noffset, noffset, &node_inc);
508
/* Get a list of regions to hash */
509
count = fdt_find_regions(fit, node_inc.strings, node_inc.count,
510
exc_prop, ARRAY_SIZE(exc_prop),
511
fdt_regions, ARRAY_SIZE(fdt_regions),
512
path, sizeof(path), 1);
514
printf("Failed to hash configuration '%s/%s': %s\n", conf_name,
515
sig_name, fdt_strerror(ret));
519
printf("No data to hash for configuration '%s/%s': %s\n",
520
conf_name, sig_name, fdt_strerror(ret));
524
/* Build our list of data blocks */
525
region = fit_region_make_list(fit, fdt_regions, count, NULL);
527
printf("Out of memory hashing configuration '%s/%s'\n",
528
conf_name, sig_name);
532
/* Create a list of all hashed properties */
533
debug("Hash nodes:\n");
534
for (i = len = 0; i < node_inc.count; i++) {
535
debug(" %s\n", node_inc.strings[i]);
536
len += strlen(node_inc.strings[i]) + 1;
538
region_prop = malloc(len);
540
printf("Out of memory setting up regions for configuration '%s/%s'\n",
541
conf_name, sig_name);
544
for (i = len = 0; i < node_inc.count;
545
len += strlen(node_inc.strings[i]) + 1, i++)
546
strcpy(region_prop + len, node_inc.strings[i]);
547
strlist_free(&node_inc);
549
*region_countp = count;
551
*region_propp = region_prop;
552
*region_proplen = len;
557
static int fit_config_process_sig(const char *keydir, void *keydest,
558
void *fit, const char *conf_name, int conf_noffset,
559
int noffset, const char *comment, int require_keys)
561
struct image_sign_info info;
562
const char *node_name;
563
struct image_region *region;
571
node_name = fit_get_name(fit, noffset, NULL);
572
if (fit_config_get_data(fit, conf_noffset, noffset, ®ion,
573
®ion_count, ®ion_prop, ®ion_proplen))
576
if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset,
577
require_keys ? "conf" : NULL))
580
ret = info.algo->sign(&info, region, region_count, &value, &value_len);
583
printf("Failed to sign '%s' signature node in '%s' conf node\n",
584
node_name, conf_name);
586
/* We allow keys to be missing */
592
if (fit_image_write_sig(fit, noffset, value, value_len, comment,
593
region_prop, region_proplen)) {
594
printf("Can't write signature for '%s' signature node in '%s' conf node\n",
595
node_name, conf_name);
601
/* Get keyname again, as FDT has changed and invalidated our pointer */
602
info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
604
/* Write the public key into the supplied FDT file */
605
if (keydest && info.algo->add_verify_data(&info, keydest)) {
606
printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
607
node_name, conf_name);
614
static int fit_config_add_verification_data(const char *keydir, void *keydest,
615
void *fit, int conf_noffset, const char *comment,
618
const char *conf_name;
621
conf_name = fit_get_name(fit, conf_noffset, NULL);
623
/* Process all hash subnodes of the configuration node */
624
for (noffset = fdt_first_subnode(fit, conf_noffset);
626
noffset = fdt_next_subnode(fit, noffset)) {
627
const char *node_name;
630
node_name = fit_get_name(fit, noffset, NULL);
631
if (!strncmp(node_name, FIT_SIG_NODENAME,
632
strlen(FIT_SIG_NODENAME))) {
633
ret = fit_config_process_sig(keydir, keydest,
634
fit, conf_name, conf_noffset, noffset, comment,
644
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
645
const char *comment, int require_keys)
647
int images_noffset, confs_noffset;
651
/* Find images parent node offset */
652
images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH);
653
if (images_noffset < 0) {
654
printf("Can't find images parent node '%s' (%s)\n",
655
FIT_IMAGES_PATH, fdt_strerror(images_noffset));
656
return images_noffset;
659
/* Process its subnodes, print out component images details */
660
for (noffset = fdt_first_subnode(fit, images_noffset);
662
noffset = fdt_next_subnode(fit, noffset)) {
664
* Direct child node of the images parent node,
665
* i.e. component image node.
667
ret = fit_image_add_verification_data(keydir, keydest,
668
fit, noffset, comment, require_keys);
673
/* If there are no keys, we can't sign configurations */
674
if (!IMAGE_ENABLE_SIGN || !keydir)
677
/* Find configurations parent node offset */
678
confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH);
679
if (confs_noffset < 0) {
680
printf("Can't find images parent node '%s' (%s)\n",
681
FIT_IMAGES_PATH, fdt_strerror(confs_noffset));
685
/* Process its subnodes, print out component images details */
686
for (noffset = fdt_first_subnode(fit, confs_noffset);
688
noffset = fdt_next_subnode(fit, noffset)) {
689
ret = fit_config_add_verification_data(keydir, keydest,
690
fit, noffset, comment,
699
#ifdef CONFIG_FIT_SIGNATURE
700
int fit_check_sign(const void *working_fdt, const void *key)
705
cfg_noffset = fit_conf_get_node(working_fdt, NULL);
709
ret = fit_config_verify(working_fdt, cfg_noffset);