From patchwork Wed Dec 18 17:25:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1212629 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47dMNs48N0z9sSF for ; Thu, 19 Dec 2019 04:26:01 +1100 (AEDT) Received: from phobos.denx.de (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0218C80A01; Wed, 18 Dec 2019 18:25:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 4F2F1814A0; Wed, 18 Dec 2019 18:25:51 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=KHOP_HELO_FCRDNS, SPF_HELO_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.2 Received: from vrout10.yaziba.net (vrout10-bl2.yaziba.net [185.56.204.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E318880A01 for ; Wed, 18 Dec 2019 18:25:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=philippe.reynes@softathome.com Received: from mtaout10.int.yaziba.net (mtaout10.int.yaziba.net [10.4.20.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout10.yaziba.net (mx10.yaziba.net) with ESMTPS id 003AE51F7D; Wed, 18 Dec 2019 18:25:46 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mtaout10.int.yaziba.net (Postfix) with ESMTP id 0ACEB16008B; Wed, 18 Dec 2019 18:25:47 +0100 (CET) Received: from mtaout10.int.yaziba.net ([127.0.0.1]) by localhost (mtaout10.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id dZC2tO3FJnf2; Wed, 18 Dec 2019 18:25:46 +0100 (CET) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout10.int.yaziba.net (Postfix) with ESMTPSA id E256016030C; Wed, 18 Dec 2019 18:25:46 +0100 (CET) From: Philippe Reynes To: jagan@amarulasolutions.com, simon.k.r.goldschmidt@gmail.com, sr@denx.de, jwerner@chromium.org, bmeng.cn@gmail.com, alex.kiernan@gmail.com, takahiro.akashi@linaro.org, hs@denx.de Subject: [PATCH 2/2] u-boot: fit: add support to decrypt fit with aes Date: Wed, 18 Dec 2019 18:25:42 +0100 Message-Id: <1576689942-25910-2-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1576689942-25910-1-git-send-email-philippe.reynes@softathome.com> References: <1576689942-25910-1-git-send-email-philippe.reynes@softathome.com> X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedufedrvddtledgleejucetufdoteggodetrfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffojghfsedttdertdertddtnecuhfhrohhmpefrhhhilhhiphhpvgcutfgvhihnvghsuceophhhihhlihhpphgvrdhrvgihnhgvshesshhofhhtrghthhhomhgvrdgtohhmqeenucfkphepudegledriedrudeiiedrudejtdenucfrrghrrghmpehmohguvgepshhmthhpohhuth X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.26 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: u-boot@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.101.4 at phobos.denx.de X-Virus-Status: Clean This commit add to u-boot the support to decrypt fit image encrypted with aes. The FIT image contains the key name and the IV name. Then u-boot look for the key and IV in his device tree and decrypt images before moving to the next stage. Signed-off-by: Philippe Reynes --- common/image-cipher.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++ common/image-fit.c | 63 ++++++++++++++++++++++++++++++ include/image.h | 12 ++++++ include/u-boot/aes.h | 13 +++++++ lib/Makefile | 1 + lib/aes/Makefile | 5 +++ lib/aes/aes-decrypt.c | 41 ++++++++++++++++++++ tools/Makefile | 2 +- 8 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 lib/aes/Makefile create mode 100644 lib/aes/aes-decrypt.c diff --git a/common/image-cipher.c b/common/image-cipher.c index ab8b45b..cee3b03 100644 --- a/common/image-cipher.c +++ b/common/image-cipher.c @@ -24,6 +24,7 @@ struct cipher_algo cipher_algos[] = { .calculate_type = EVP_aes_128_cbc, #endif .encrypt = image_aes_encrypt, + .decrypt = image_aes_decrypt, .add_cipher_data = image_aes_add_cipher_data }, { @@ -34,6 +35,7 @@ struct cipher_algo cipher_algos[] = { .calculate_type = EVP_aes_192_cbc, #endif .encrypt = image_aes_encrypt, + .decrypt = image_aes_decrypt, .add_cipher_data = image_aes_add_cipher_data }, { @@ -44,6 +46,7 @@ struct cipher_algo cipher_algos[] = { .calculate_type = EVP_aes_256_cbc, #endif .encrypt = image_aes_encrypt, + .decrypt = image_aes_decrypt, .add_cipher_data = image_aes_add_cipher_data } }; @@ -61,3 +64,104 @@ struct cipher_algo *image_get_cipher_algo(const char *full_name) return NULL; } + +static int fit_image_setup_decrypt(struct image_cipher_info *info, + const void *fit, int image_noffset, + int cipher_noffset) +{ + const void *fdt = gd_fdt_blob(); + const char *node_name; + char node_path[128]; + int noffset; + char *algo_name; + int ret; + + node_name = fit_get_name(fit, image_noffset, NULL); + if (!node_name) { + printf("Can't get node name\n"); + return -1; + } + + if (fit_image_cipher_get_algo(fit, cipher_noffset, &algo_name)) { + printf("Can't get algo name for cipher '%s' in image '%s'\n", + node_name, node_name); + return -1; + } + + info->keyname = fdt_getprop(fit, cipher_noffset, "key-name-hint", NULL); + if (!info->keyname) { + printf("Can't get key name\n"); + return -1; + } + + info->ivname = fdt_getprop(fit, cipher_noffset, "iv-name-hint", NULL); + if (!info->ivname) { + printf("Can't get IV name\n"); + return -1; + } + + info->fit = fit; + info->node_noffset = image_noffset; + info->name = algo_name; + info->cipher = image_get_cipher_algo(algo_name); + if (!info->cipher) { + printf("Can't get cipher\n"); + return -1; + } + + ret = fit_image_get_data_size_unciphered(fit, image_noffset, + &info->size_unciphered); + if (ret) { + printf("Can't get size of unciphered data\n"); + return -1; + } + + /* + * Search the cipher node in the u-boot fdt + * the path should be: /cipher/key--- + */ + snprintf(node_path, sizeof(node_path), "/%s/key-%s-%s-%s", + FIT_CIPHER_NODENAME, algo_name, info->keyname, info->ivname); + + noffset = fdt_path_offset(fdt, node_path); + if (noffset < 0) { + printf("Can't found cipher node offset\n"); + return -1; + } + + /* read key */ + info->key = fdt_getprop(fdt, noffset, "key", NULL); + if (!info->key) { + printf("Can't get key in cipher node '%s'\n", node_path); + return -1; + } + + /* read iv */ + info->iv = fdt_getprop(fdt, noffset, "iv", NULL); + if (!info->iv) { + printf("Can't get IV in cipher node '%s'\n", node_path); + return -1; + } + + return 0; +} + +int fit_image_decrypt_data(const void *fit, + int image_noffset, int cipher_noffset, + const void *data_ciphered, size_t size_ciphered, + void **data_unciphered, size_t *size_unciphered) +{ + struct image_cipher_info info; + int ret; + + ret = fit_image_setup_decrypt(&info, fit, image_noffset, + cipher_noffset); + if (ret < 0) + goto out; + + ret = info.cipher->decrypt(&info, data_ciphered, size_ciphered, + data_unciphered, size_unciphered); + + out: + return ret; +} diff --git a/common/image-fit.c b/common/image-fit.c index a06760e..03042f3 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -948,6 +948,31 @@ int fit_image_get_data_size(const void *fit, int noffset, int *data_size) } /** + * Get 'data-size-unciphered' property from a given image node. + * + * @fit: pointer to the FIT image header + * @noffset: component image node offset + * @data_size: holds the data-size property + * + * returns: + * 0, on success + * -ENOENT if the property could not be found + */ +int fit_image_get_data_size_unciphered(const void *fit, int noffset, + size_t *data_size) +{ + const fdt32_t *val; + + val = fdt_getprop(fit, noffset, "data-size-unciphered", NULL); + if (!val) + return -ENOENT; + + *data_size = (size_t)fdt32_to_cpu(*val); + + return 0; +} + +/** * fit_image_get_data_and_size - get data and its size including * both embedded and external data * @fit: pointer to the FIT format image header @@ -1381,6 +1406,32 @@ int fit_all_image_verify(const void *fit) return 1; } +#ifdef CONFIG_FIT_CIPHER +static int fit_image_uncipher(const void *fit, int image_noffset, + void **data, size_t *size) +{ + int cipher_noffset, ret; + void *dst; + size_t size_dst; + + cipher_noffset = fdt_subnode_offset(fit, image_noffset, + FIT_CIPHER_NODENAME); + if (cipher_noffset < 0) + return 0; + + ret = fit_image_decrypt_data(fit, image_noffset, cipher_noffset, + *data, *size, &dst, &size_dst); + if (ret) + goto out; + + *data = dst; + *size = size_dst; + + out: + return ret; +} +#endif /* CONFIG_FIT_CIPHER */ + /** * fit_image_check_os - check whether image node is of a given os type * @fit: pointer to the FIT format image header @@ -1980,6 +2031,18 @@ int fit_image_load(bootm_headers_t *images, ulong addr, return -ENOENT; } +#ifdef CONFIG_FIT_CIPHER + /* Decrypt data before uncompress/move */ + if (IMAGE_ENABLE_DECRYPT) { + puts(" Decrypting Data ... "); + if (fit_image_uncipher(fit, noffset, &buf, &size)) { + puts("Error\n"); + return -EACCES; + } + puts("OK\n"); + } +#endif + #if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS) /* perform any post-processing on the image data */ board_fit_image_post_process(&buf, &size); diff --git a/include/image.h b/include/image.h index 14a9a5b..b9667d8 100644 --- a/include/image.h +++ b/include/image.h @@ -1022,6 +1022,8 @@ int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset); int fit_image_get_data_position(const void *fit, int noffset, int *data_position); int fit_image_get_data_size(const void *fit, int noffset, int *data_size); +int fit_image_get_data_size_unciphered(const void *fit, int noffset, + size_t *data_size); int fit_image_get_data_and_size(const void *fit, int noffset, const void **data, size_t *size); @@ -1065,6 +1067,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset, int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); int fit_all_image_verify(const void *fit); +int fit_config_decrypt(const void *fit, int conf_noffset); int fit_image_check_os(const void *fit, int noffset, uint8_t os); int fit_image_check_arch(const void *fit, int noffset, uint8_t arch); int fit_image_check_type(const void *fit, int noffset, uint8_t type); @@ -1292,6 +1295,11 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, int fit_image_check_sig(const void *fit, int noffset, const void *data, size_t size, int required_keynode, char **err_msgp); +int fit_image_decrypt_data(const void *fit, + int image_noffset, int cipher_noffset, + const void *data, size_t size, + void **data_unciphered, size_t *size_unciphered); + /** * fit_region_make_list() - Make a list of regions to hash * @@ -1366,6 +1374,10 @@ struct cipher_algo { int (*add_cipher_data)(struct image_cipher_info *info, void *keydest); + + int (*decrypt)(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *data_len); }; int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo); diff --git a/include/u-boot/aes.h b/include/u-boot/aes.h index 4fb2cb7..3228104 100644 --- a/include/u-boot/aes.h +++ b/include/u-boot/aes.h @@ -28,4 +28,17 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) } #endif /* IMAGE_ENABLE_ENCRYPT */ +#if IMAGE_ENABLE_DECRYPT +int image_aes_decrypt(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *size); +#else +int image_aes_decrypt(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *size) +{ + return -ENXIO; +} +#endif /* IMAGE_ENABLE_DECRYPT */ + #endif diff --git a/lib/Makefile b/lib/Makefile index 1fb650c..70e6879 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -21,6 +21,7 @@ obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o obj-y += crypto/ obj-$(CONFIG_AES) += aes.o +obj-$(CONFIG_AES) += aes/ ifndef API_BUILD ifneq ($(CONFIG_UT_UNICODE)$(CONFIG_EFI_LOADER),) diff --git a/lib/aes/Makefile b/lib/aes/Makefile new file mode 100644 index 0000000..daed52a --- /dev/null +++ b/lib/aes/Makefile @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-2.0+ +# +# Copyright (c) 2019, Softathome + +obj-$(CONFIG_$(SPL_)FIT_CIPHER) += aes-decrypt.o diff --git a/lib/aes/aes-decrypt.c b/lib/aes/aes-decrypt.c new file mode 100644 index 0000000..345029f --- /dev/null +++ b/lib/aes/aes-decrypt.c @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2019, softathome + */ + +#ifndef USE_HOSTCC +#include +#include +#endif +#include +#include + +int image_aes_decrypt(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *size) +{ +#ifndef USE_HOSTCC + unsigned char key_exp[AES256_EXPAND_KEY_LENGTH]; + unsigned int aes_blocks, key_len = info->cipher->key_len; + + *data = malloc(cipher_len); + if (!*data) { + printf("Can't allocate memory to decrypt\n"); + return -ENOMEM; + } + *size = info->size_unciphered; + + memcpy(&key_exp[0], info->key, key_len); + + /* First we expand the key. */ + aes_expand_key((u8 *)info->key, key_len, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = DIV_ROUND_UP(cipher_len, AES_BLOCK_LENGTH); + + aes_cbc_decrypt_blocks(key_len, key_exp, (u8 *)info->iv, + (u8 *)cipher, *data, aes_blocks); +#endif + + return 0; +} diff --git a/tools/Makefile b/tools/Makefile index 051127a..99be724 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -77,7 +77,7 @@ RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \ rsa-mod-exp.o) AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \ - aes-encrypt.o) + aes-encrypt.o aes-decrypt.o) ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o