diff mbox series

[V2] Allow to encrypt sw-description

Message ID 20201125125727.198604-1-sbabic@denx.de
State Accepted
Headers show
Series [V2] Allow to encrypt sw-description | expand

Commit Message

Stefano Babic Nov. 25, 2020, 12:57 p.m. UTC
In some use cases, even sw-description is required to be encrypted. This
is useful in case sw-description contains Lua code and it is not
desirable to expose this code.

A new CONFIG_ENCRYPTED_SW_DESCRIPTION is added - this is
at compile time because it is a security option.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---

Changes since V1:
	- encrypted flag not passed to extract_file_to_tmp
	  in case of SIGNED_IMAGES

 Kconfig                 |  8 ++++++++
 core/cpio_utils.c       |  4 ++--
 core/stream_interface.c | 22 ++++++++++++++++------
 core/swupdate.c         |  9 ++++++---
 include/util.h          |  2 +-
 5 files changed, 33 insertions(+), 12 deletions(-)
diff mbox series

Patch

diff --git a/Kconfig b/Kconfig
index 3b610cf..75f9eaa 100644
--- a/Kconfig
+++ b/Kconfig
@@ -466,6 +466,14 @@  config ENCRYPTED_IMAGES
 comment "Image encryption needs an SSL implementation"
 	depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
 
+config ENCRYPTED_SW_DESCRIPTION
+	bool "Even sw-description is encrypted"
+	depends on ENCRYPTED_IMAGES
+	help
+	  sw-description is not encrypted as default, but it is encrypted
+	  if this is set. It is a compile time option, and mix of plain and
+	  encrypted sw-descriptions is not possible.
+
 config PKCS11
 	bool "Enable PKCS#11 cryptographic operations"
 	default n
diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index 0508862..8520a0e 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -677,7 +677,7 @@  int extract_cpio_header(int fd, struct filehdr *fhdr, unsigned long *offset)
 	return 0;
 }
 
-int extract_sw_description(int fd, const char *descfile, off_t *offs)
+int extract_sw_description(int fd, const char *descfile, off_t *offs, bool encrypted)
 {
 	struct filehdr fdh;
 	unsigned long offset = *offs;
@@ -713,7 +713,7 @@  int extract_sw_description(int fd, const char *descfile, off_t *offs)
 		close(fdout);
 		return -1;
 	}
-	if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, NULL, 0, NULL, NULL) < 0) {
+	if (copyfile(fd, &fdout, fdh.size, &offset, 0, 0, 0, &checksum, NULL, encrypted ? 1 : 0, NULL, NULL) < 0) {
 		ERROR("%s corrupted or not valid", descfile);
 		close(fdout);
 		return -1;
diff --git a/core/stream_interface.c b/core/stream_interface.c
index 0752e5c..d0586ea 100644
--- a/core/stream_interface.c
+++ b/core/stream_interface.c
@@ -72,7 +72,7 @@  pthread_cond_t stream_wkup = PTHREAD_COND_INITIALIZER;
 
 static struct installer inst;
 
-static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs)
+static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs, bool encrypted)
 {
 	char output_file[MAX_IMAGE_FNAME];
 	struct filehdr fdh;
@@ -102,7 +102,8 @@  static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs)
 	if (fdout < 0)
 		return -1;
 
-	if (copyfile(fd, &fdout, fdh.size, poffs, 0, 0, 0, &checksum, NULL, 0, NULL, NULL) < 0) {
+	if (copyfile(fd, &fdout, fdh.size, poffs, 0, 0, 0, &checksum, NULL,
+		     encrypted ? 1 : 0, NULL, NULL) < 0) {
 		close(fdout);
 		return -1;
 	}
@@ -127,6 +128,11 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 	char output_file[MAX_IMAGE_FNAME];
 	const char* TMPDIR = get_tmpdir();
 	bool installed_directly = false;
+	bool encrypted_sw_desc = false;
+
+#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
+	encrypted_sw_desc = true;
+#endif
 
 	/* preset the info about the install parts */
 
@@ -141,7 +147,7 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 		switch (status) {
 		/* Waiting for the first Header */
 		case STREAM_WAIT_DESCRIPTION:
-			if (extract_file_to_tmp(fd, SW_DESCRIPTION_FILENAME, &offset) < 0 )
+			if (extract_file_to_tmp(fd, SW_DESCRIPTION_FILENAME, &offset, encrypted_sw_desc) < 0 )
 				return -1;
 
 			status = STREAM_WAIT_SIGNATURE;
@@ -150,7 +156,7 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 		case STREAM_WAIT_SIGNATURE:
 #ifdef CONFIG_SIGNED_IMAGES
 			snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
-			if (extract_file_to_tmp(fd, output_file, &offset) < 0 )
+			if (extract_file_to_tmp(fd, output_file, &offset, false) < 0 )
 				return -1;
 #endif
 			snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME);
@@ -356,7 +362,11 @@  static int save_stream(int fdin, struct swupdate_cfg *software)
 	unsigned long offset;
 	char output_file[MAX_IMAGE_FNAME];
 	const char* TMPDIR = get_tmpdir();
+	bool encrypted_sw_desc = false;
 
+#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
+	encrypted_sw_desc = true;
+#endif
 	if (fdin < 0)
 		return -EINVAL;
 
@@ -417,14 +427,14 @@  static int save_stream(int fdin, struct swupdate_cfg *software)
 	lseek(tmpfd, 0, SEEK_SET);
 	offset = 0;
 
-	if (extract_file_to_tmp(tmpfd, SW_DESCRIPTION_FILENAME, &offset) < 0) {
+	if (extract_file_to_tmp(tmpfd, SW_DESCRIPTION_FILENAME, &offset, encrypted_sw_desc) < 0) {
 		ERROR("%s cannot be extracted", SW_DESCRIPTION_FILENAME);
 		ret = -EINVAL;
 		goto no_copy_output;
 	}
 #ifdef CONFIG_SIGNED_IMAGES
 	snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME);
-	if (extract_file_to_tmp(tmpfd, output_file, &offset) < 0 ) {
+	if (extract_file_to_tmp(tmpfd, output_file, &offset, false) < 0 ) {
 		ERROR("Signature cannot be extracted:%s", output_file);
 		ret = -EINVAL;
 		goto no_copy_output;
diff --git a/core/swupdate.c b/core/swupdate.c
index 56e6c96..9adafa8 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -304,8 +304,11 @@  static int install_from_file(char *fname, int check)
 	int fdsw;
 	off_t pos;
 	int ret;
+	bool encrypted_sw_desc = false;
 
-
+#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION
+	encrypted_sw_desc = true;
+#endif
 	if (!strlen(fname)) {
 		ERROR("Image not found...please reboot");
 		exit(EXIT_FAILURE);
@@ -321,10 +324,10 @@  static int install_from_file(char *fname, int check)
 	}
 
 	pos = 0;
-	ret = extract_sw_description(fdsw, SW_DESCRIPTION_FILENAME, &pos);
+	ret = extract_sw_description(fdsw, SW_DESCRIPTION_FILENAME, &pos, encrypted_sw_desc);
 #ifdef CONFIG_SIGNED_IMAGES
 	ret |= extract_sw_description(fdsw, SW_DESCRIPTION_FILENAME ".sig",
-		&pos);
+		&pos, false);
 #endif
 	/*
 	 * Check if files could be extracted
diff --git a/include/util.h b/include/util.h
index 92aec5f..97cdad0 100644
--- a/include/util.h
+++ b/include/util.h
@@ -191,7 +191,7 @@  int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs,
 	int skip_file, int compressed, uint32_t *checksum,
 	unsigned char *hash, int encrypted, const char *imgivt, writeimage callback);
 int copyimage(void *out, struct img_type *img, writeimage callback);
-int extract_sw_description(int fd, const char *descfile, off_t *offs);
+int extract_sw_description(int fd, const char *descfile, off_t *offs, bool encrypted);
 off_t extract_next_file(int fd, int fdout, off_t start, int compressed,
 			int encrypted, char *ivt, unsigned char *hash);
 int openfileoutput(const char *filename);