From patchwork Mon Dec 4 10:05:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1871484 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=S0rG/5vw; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=fgQzOkiv; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::43d; helo=mail-wr1-x43d.google.com; envelope-from=swupdate+bncbdy5juxlviebbk6jw2vqmgqest7bxvi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wr1-x43d.google.com (mail-wr1-x43d.google.com [IPv6:2a00:1450:4864:20::43d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SkK805bqXz23nk for ; Mon, 4 Dec 2023 21:06:40 +1100 (AEDT) Received: by mail-wr1-x43d.google.com with SMTP id ffacd0b85a97d-33342edbd15sf806631f8f.0 for ; Mon, 04 Dec 2023 02:06:40 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701684397; cv=pass; d=google.com; s=arc-20160816; b=AA+au0nvW7CaFzh9kKRhWNDBeRqd51tiO9vC4K9H/C/4W8kvIzeFwuzRpLj2++kMWq QMXwFrpebVoh4EMLlCZwKMQhMNEqdpT1e0R131k4C0T2vI1zky+xx+9Q39xur+kKZ6VX cJUQ4tBq6cMvOH/9SMc6hi2+2ma/yoX0oIMLqPiZv9Zv5UjAvn3lz39085Kc5z4F7aIb xeKZNk9M03N/nMgn6RSvVTiXlNaNOrjn61yZoFgC2cFNSDzHXtigtqyI4IctG4w4FZgy 4dLswNfRdGTcnE3/Q1LbuihW7CTqy+X9Zz4aj0GZpcOpTNp/8XWxYy1Q0BN18Tg8gc0g Flgg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=dStzCnoSivGRsR1rI1MIo7NkMIusPcvKOHb40Ki/P0ceKgKayREliAxL6rGJReqld2 PBTB/2Y+PMIHRL+NS0qXtgQ2o1Lf39ZDFr1tPslxPocdwqtOYSf5tYnyS7txqLNl42fT 22n/bJ765YnaH+a/AOy0SDhtoOOCJJOf5IGXE637NDBFwbEyWecZChF2dIiZ7fT1qpBv 6A47OHs3nr1a38zcmC5+sW817cFdqsRbqCEq2g7muH+kHK7VtWUWu98lpO/97QYyWGCd +3xpN/ctT+FgMtdPs3FsJPcVE8/hGlPCB0U3liSLygB6xFpRnaYv+/xwX6pQjGfBjExD xPiw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FbFFIHCT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701684397; x=1702289197; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; b=S0rG/5vw3G7oX3MdAMDcF031i68yzd0NdY4UuQ8aqe7u5AlCS5X7ZIQys+fntslsOB qhnRdzX9cM3nsvdjinpBzSOQHodtatJnWJqVj9oxK4LuT3Pu7dmhiiOcNeZd8rxEp0aN /TvgIhyD2iKWfpuOFxVTdgC7E701O7zuhbZhyMxFUtIJ+Fr6oTOT+0OzkADsRaFF6h9D P/C4+GGJRYkjruL/poPWAxdR6H3j2pTzEeNFUO5woLj7obSBQE4hY3U9t3lY+GfD4VNJ GFS9AN0/8fulhQJIS3uQ7z7mFe5EJMoSVjkTIbJp3lUtRDqhdZCANkgFhgl1vnkzuMC6 x+JQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701684397; x=1702289197; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; b=fgQzOkiv8s/L6qMA719JbLSK2My5d/w/HDUwM0KczarBja3RyPHqCEtpbB00U9Ui2L uMxN21WexnEQiLJu6tcWM83a7CIfDJfLA4jEo7RsRrgX2eQUORLGokkaYyF9RFFzZRrz HeufO5n94s3cC9nxYmxghvYUi5BFC82908eSY/YfL+VakijtvirXQGpoSCF/Hwt8NuCI kgzDbcsrVBEuo0gO2f5pkVTta9whvDBOeNVP4eaXChqGPyTbN0Ab1K33CU2dprUlPC5K E/74bXh/JX/2KZpsd16GwkH8Okxqe8XaK5Y6voGUYDlWXCgNViYCCualglCqdzwNEp34 dnlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701684397; x=1702289197; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=i4zQoLHF+5wMUqGjsLSOAETTt3O0QlT+TRD4bw1VCHs=; b=eGspfFQr4oKYo3UcCbJM228FXDUQw/f6zaUx13VbFILo05qyPwKLfkVNFMGu8NwWH/ gTdIoaxVm3tiKpOHbGoh6cJXJFfmgyObb3iWOK9BrCG38GUIm6fYDIrOtwsG1t+WhdyG a5Qc0fxB+jVblxym7q9Ds5LRKxWs6qeIrd7PofWI3WjzwJ3Uf5uoNpuKOtLGNzKS2yan WUWXlbRJDXGf+wx9Lkqi/mxcC03xUk3JcVzjBI7m3zldSFSmFj6sPyQrSskJ4Bkqd9tl 9oJ46wLDMXM5Ued4NKt7WG/CQevOA3cjeDcvU6AuJjnRQapRlBgdT/nBUiTALLjUMetc qH2g== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yw7iH+3qtEnRFU2xWv+pEVrBLnxt5stv4Xz+rnSlC/owFVkWCvJ /9SGJaaxap+0Wwd8UJVxcGQ= X-Google-Smtp-Source: AGHT+IECuF5x7AJa5xPOLjJ1YLOri3QLOfIaRBois+Tn06FXvkfw++rIA9IRcHdCI/ffnlDEgSt/gQ== X-Received: by 2002:a5d:54c6:0:b0:333:2fd2:816d with SMTP id x6-20020a5d54c6000000b003332fd2816dmr2697767wrv.138.1701684396163; Mon, 04 Dec 2023 02:06:36 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6000:1e88:b0:333:3450:aeb7 with SMTP id dd8-20020a0560001e8800b003333450aeb7ls1138704wrb.1.-pod-prod-09-eu; Mon, 04 Dec 2023 02:06:34 -0800 (PST) X-Received: by 2002:a05:6000:184d:b0:333:4052:bfef with SMTP id c13-20020a056000184d00b003334052bfefmr1805038wri.52.1701684393637; Mon, 04 Dec 2023 02:06:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701684393; cv=none; d=google.com; s=arc-20160816; b=YXd2/WqKCE9LK6S+IPhfJG624hFomlHmC17v7wEMUbT+slEmEe/xayQTdrDcsplHeN DkDJbFffRrZFp1L1Kpt2LgzZXW5kuZ7ufi39oX+6pmFr/kH+PMBK2QEAFZG4ci73Etzb MIrYlp0dEhhWm7azVEEqPGjuM6CcPEKrKiuSBoK4KnKQRgx1Uh0xVrJJt7XnlPzEfrkL BUIsLzrWlKP5BVVPzhy2f0vMDWPs03oiyCOHKNjE6HWlYQ5Yk6/uy1UILUXtEg+xgv3F Tv9e7EstQhCJbkhkaYq2puaBoRKFNQbZvB1i79D+FIyBtrtto+L1K+4gB3p5yNj4eEcd U7Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=7FGd3M+/eCP1GVRU/y1FEz69TE/uY9l4fs6eONGF4uE=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=eTTVNqLaJqBza/2+Qe2KRmZ6YGrRIKs+SBAScmdCZpEVxt4xXrxaL489UbPjEwrxPR i6wg3EorYDHuLjhcvD1yw4R51Rr2jBNrEwnB1tN7551R2BtLw/uOMGudEImQwTwIFkVH A/Sl37eUL65D0RScfQR+bamlTzV0NfJfJuCoorOs5/gaanp1MDVgrVfKvmnpuqkBW3ny RKBCImqcTia/rfVI3B7Em14wBxk6Rs2NebHYvEx2lUQnABmnyS58y5MWgbXYkCY0qtpV P96OjfuDChZFIjyuPjYV8KYAD1v2P04ySTdE7wemDETQ+9b+PE/W4dCSPiUZ5UGqDEfl bhRA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FbFFIHCT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com. [2a00:1450:4864:20::634]) by gmr-mx.google.com with ESMTPS id r13-20020a5d494d000000b0033333a0a592si301140wrs.7.2023.12.04.02.06.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Dec 2023 02:06:33 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) client-ip=2a00:1450:4864:20::634; Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-a19ce1404e1so383076366b.3 for ; Mon, 04 Dec 2023 02:06:33 -0800 (PST) X-Received: by 2002:a17:906:718a:b0:a01:b8c6:7724 with SMTP id h10-20020a170906718a00b00a01b8c67724mr3180325ejk.73.1701684392621; Mon, 04 Dec 2023 02:06:32 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id js22-20020a17090797d600b00a1b32663d7csm2032919ejc.102.2023.12.04.02.06.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 02:06:31 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V2][PATCH 09/10] Add support for asymmetrical encrypted images Date: Mon, 4 Dec 2023 11:05:41 +0100 Message-ID: <20231204100620.27789-10-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> References: <20231204100620.27789-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=FbFFIHCT; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::634 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Michael Glembotzki --- Kconfig | 12 ++++++++++++ core/cpio_utils.c | 41 ++++++++++++++++++++++++++++++++++++++++- core/installer.c | 7 +++++++ core/stream_interface.c | 35 +++++++++++++++++++++++++++++++++-- 4 files changed, 92 insertions(+), 3 deletions(-) diff --git a/Kconfig b/Kconfig index 5a3dc9a..d3412b3 100644 --- a/Kconfig +++ b/Kconfig @@ -507,6 +507,18 @@ config ENCRYPTED_SW_DESCRIPTION if this is set. It is a compile time option, and mix of plain and encrypted sw-descriptions is not possible. +config ASYM_ENCRYPTED_SW_DESCRIPTION + bool "Asymmetrical encrypted sw-description" + depends on ENCRYPTED_SW_DESCRIPTION && !PKCS11 + depends on SSL_IMPL_OPENSSL + default n + help + This option enables support for asymmetrical encrypted sw-description, + making it possible to encrypt images device specific. The artifacts + persist in being symmetrically encrypted by retrieving an AES key from + the sw-description, which may be the same or distinct for each artifact. + Cryptographic Message Syntax (CMS) with OpenSSL is used for encryption. + config ENCRYPTED_IMAGES_HARDEN_LOGGING bool "Harden logging for encrypted images" default n diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 4556033..cfd4bbe 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -445,6 +445,11 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby unsigned char *aes_key = NULL; unsigned char *ivt = NULL; unsigned char ivtbuf[AES_BLK_SIZE]; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + unsigned char aeskeybuf[AES_256_KEY_LEN]; + char keylen_ascii; +#endif + char keylen; struct InputState input_state = { .fdin = fdin, @@ -514,7 +519,40 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby } if (encrypted) { +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if(!imgaeskey) { + return -EINVAL; + } + + keylen_ascii = strlen(imgaeskey); + switch (keylen_ascii) { + case AES_128_KEY_LEN * 2: + case AES_192_KEY_LEN * 2: + case AES_256_KEY_LEN * 2: + // valid hex string size for AES 128/192/256 + keylen = keylen_ascii / 2; + break; + default: + ERROR("Invalid image aes_key length"); + return -EINVAL; + } + + if (!imgivt || strlen(imgivt) != (AES_BLK_SIZE*2)) { + ERROR("Invalid image ivt length"); + return -EINVAL; + } + + if (is_hex_str(imgivt) || ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt) || + is_hex_str(imgaeskey) || ascii_to_bin(aeskeybuf, keylen, imgaeskey)) { + ERROR("Setting aes_key or ivt"); + return -EINVAL; + } + + aes_key = aeskeybuf; + ivt = ivtbuf; +#else aes_key = get_aes_key(); + keylen = get_aes_keylen(); if (imgivt) { if (strlen(imgivt) != (AES_BLK_SIZE * 2) || is_hex_str(imgivt) || @@ -525,7 +563,8 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby ivt = ivtbuf; } else ivt = get_aes_ivt(); - decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, get_aes_keylen(), ivt); +#endif + decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, keylen, ivt); if (!decrypt_state.dcrypt) { ERROR("decrypt initialization failure, aborting"); ret = -EFAULT; diff --git a/core/installer.c b/core/installer.c index db86075..ba85f98 100644 --- a/core/installer.c +++ b/core/installer.c @@ -498,6 +498,13 @@ void cleanup_files(struct swupdate_cfg *software) { free(fn); } #endif + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (asprintf(&fn, "%s%s.enc", TMPDIR, SW_DESCRIPTION_FILENAME) != ENOMEM_ASPRINTF) { + remove_sw_file(fn); + free(fn); + } +#endif } int preupdatecmd(struct swupdate_cfg *swcfg) diff --git a/core/stream_interface.c b/core/stream_interface.c index bfafa30..ba88193 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -45,6 +45,7 @@ #include "state.h" #include "bootloader.h" #include "hw-compatibility.h" +#include "sslapi.h" #define BUFF_SIZE 4096 #define PERCENT_LB_INDEX 4 @@ -144,11 +145,14 @@ static int extract_files(int fd, struct swupdate_cfg *software) int fdout; struct img_type *img, *part; char output_file[MAX_IMAGE_FNAME]; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + char enc_output_file[MAX_IMAGE_FNAME]; +#endif const char* TMPDIR = get_tmpdir(); bool installed_directly = false; bool encrypted_sw_desc = false; -#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION +#if defined(CONFIG_ENCRYPTED_SW_DESCRIPTION) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) encrypted_sw_desc = true; #endif @@ -168,6 +172,16 @@ static int extract_files(int fd, struct swupdate_cfg *software) if (extract_file_to_tmp(fd, SW_DESCRIPTION_FILENAME, &offset, encrypted_sw_desc) < 0 ) return -1; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME); + snprintf(enc_output_file, sizeof(enc_output_file), "%s.enc", output_file); + if (rename(output_file, enc_output_file)) + return -1; + + if (swupdate_decrypt_file(software->dgst, enc_output_file, output_file)) + return -1; +#endif + status = STREAM_WAIT_SIGNATURE; break; @@ -381,10 +395,13 @@ static int save_stream(int fdin, struct swupdate_cfg *software) unsigned int tmpsize; unsigned long offset; char output_file[MAX_IMAGE_FNAME]; +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + char enc_output_file[MAX_IMAGE_FNAME]; +#endif const char* TMPDIR = get_tmpdir(); bool encrypted_sw_desc = false; -#ifdef CONFIG_ENCRYPTED_SW_DESCRIPTION +#if defined(CONFIG_ENCRYPTED_SW_DESCRIPTION) && !defined(CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION) encrypted_sw_desc = true; #endif if (fdin < 0) @@ -452,6 +469,20 @@ static int save_stream(int fdin, struct swupdate_cfg *software) ret = -EINVAL; goto no_copy_output; } + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + snprintf(output_file, sizeof(output_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME); + snprintf(enc_output_file, sizeof(enc_output_file), "%s.enc", output_file); + if (rename(output_file, enc_output_file)) { + ret = -EINVAL; + goto no_copy_output; + } + if (swupdate_decrypt_file(software->dgst, enc_output_file, output_file)) { + ret = -EINVAL; + goto no_copy_output; + } +#endif + #ifdef CONFIG_SIGNED_IMAGES snprintf(output_file, sizeof(output_file), "%s.sig", SW_DESCRIPTION_FILENAME); if (extract_file_to_tmp(tmpfd, output_file, &offset, false) < 0 ) {