From patchwork Thu Sep 17 13:01:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 1366117 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BscYw6BZcz9sS8 for ; Thu, 17 Sep 2020 23:02:12 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9C4D5823BF; Thu, 17 Sep 2020 15:01:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 40E2E823B3; Thu, 17 Sep 2020 15:01:55 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 67DFF823AE for ; Thu, 17 Sep 2020 15:01:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id AC40F51FD0; Thu, 17 Sep 2020 15:01:51 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id BE58B160478; Thu, 17 Sep 2020 15:01:51 +0200 (CEST) Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ZPaV_RM9JIrm; Thu, 17 Sep 2020 15:01:51 +0200 (CEST) Received: from sahnlpt0333.softathome.com (lfbn-idf3-1-17-196.w81-249.abo.wanadoo.fr [81.249.144.196]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id 95EFB1603F2; Thu, 17 Sep 2020 15:01:51 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, patrick.oppenlander@gmail.com Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH 1/2] fit: cipher: aes: allow to store the IV in the FIT image Date: Thu, 17 Sep 2020 15:01:46 +0200 Message-Id: <1600347707-19080-1-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedujedrtdeggdeitdcutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecuggftrfgrthhtvghrnhepuefgleejvdetgeevveejheeujeevtdefteevffeivdelgedtiefhleekgfdtffeknecukfhppeekuddrvdegledrudeggedrudelieenucfrrghrrghmpehmohguvgepshhmthhpohhuth X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes --- include/image.h | 2 +- include/u-boot/aes.h | 6 +++-- lib/aes/aes-encrypt.c | 22 +++++++++++++++---- tools/image-host.c | 61 +++++++++++++++++++++++++++++++++++++++++---------- 4 files changed, 72 insertions(+), 19 deletions(-) diff --git a/include/image.h b/include/image.h index 9a5a87d..10995b8 100644 --- a/include/image.h +++ b/include/image.h @@ -1463,7 +1463,7 @@ struct cipher_algo { unsigned char **cipher, int *cipher_len); int (*add_cipher_data)(struct image_cipher_info *info, - void *keydest); + void *keydest, void *fit, int node_noffset); int (*decrypt)(struct image_cipher_info *info, const void *cipher, size_t cipher_len, diff --git a/include/u-boot/aes.h b/include/u-boot/aes.h index 3228104..acbc50b 100644 --- a/include/u-boot/aes.h +++ b/include/u-boot/aes.h @@ -13,7 +13,8 @@ int image_aes_encrypt(struct image_cipher_info *info, const unsigned char *data, int size, unsigned char **cipher, int *cipher_len); -int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest); +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, + void *fit, int node_noffset); #else int image_aes_encrypt(struct image_cipher_info *info, const unsigned char *data, int size, @@ -22,7 +23,8 @@ int image_aes_encrypt(struct image_cipher_info *info, return -ENXIO; } -int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, + void *fit, int node_noffset) { return -ENXIO; } diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c index de00a83..a6d1720 100644 --- a/lib/aes/aes-encrypt.c +++ b/lib/aes/aes-encrypt.c @@ -74,7 +74,8 @@ int image_aes_encrypt(struct image_cipher_info *info, return ret; } -int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, + void *fit, int node_noffset) { int parent, node; char name[128]; @@ -97,8 +98,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) goto done; /* Either create or overwrite the named key node */ - snprintf(name, sizeof(name), "key-%s-%s-%s", - info->name, info->keyname, info->ivname); + if (info->ivname) + snprintf(name, sizeof(name), "key-%s-%s-%s", + info->name, info->keyname, info->ivname); + else + snprintf(name, sizeof(name), "key-%s-%s", + info->name, info->keyname); + node = fdt_subnode_offset(keydest, parent, name); if (node == -FDT_ERR_NOTFOUND) { node = fdt_add_subnode(keydest, parent, name); @@ -116,9 +122,17 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) ret = node; } - if (!ret) + if (ret) + goto done; + + if (info->ivname) + /* Store the IV in the u-boot device tree */ ret = fdt_setprop(keydest, node, "iv", info->iv, info->cipher->iv_len); + else + /* Store the IV in the FIT image */ + ret = fdt_setprop(fit, node_noffset, "iv", + info->iv, info->cipher->iv_len); if (!ret) ret = fdt_setprop(keydest, node, "key", diff --git a/tools/image-host.c b/tools/image-host.c index 3d52593..8886bef 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -320,6 +320,36 @@ err: return ret; } +static int get_random_data(void *data, int size) +{ + unsigned char *tmp = data; + struct timespec date; + int i, ret = 0; + + if (!tmp) { + printf("%s: pointer data is NULL\n", __func__); + ret = -1; + goto out; + } + + ret = clock_gettime(CLOCK_MONOTONIC, &date); + if (ret < 0) { + printf("%s: clock_gettime has failed (err=%d, str=%s)\n", + __func__, ret, strerror(ret)); + goto out; + } + + srand(date.tv_nsec); + + for (i = 0; i < size; i++) { + *tmp = rand() & 0xff; + tmp++; + } + + out: + return ret; +} + static int fit_image_setup_cipher(struct image_cipher_info *info, const char *keydir, void *fit, const char *image_name, int image_noffset, @@ -345,13 +375,13 @@ static int fit_image_setup_cipher(struct image_cipher_info *info, goto out; } - /* Read the IV name */ + /* + * Read the IV name + * + * If this property is not provided then mkimage will generate + * a random IV and store it in the FIT image + */ info->ivname = fdt_getprop(fit, noffset, "iv-name-hint", NULL); - if (!info->ivname) { - printf("Can't get iv name for cipher in image '%s'\n", - image_name); - goto out; - } info->fit = fit; info->node_noffset = noffset; @@ -377,17 +407,23 @@ static int fit_image_setup_cipher(struct image_cipher_info *info, if (ret < 0) goto out; - /* Read the IV in the file */ - snprintf(filename, sizeof(filename), "%s/%s%s", - info->keydir, info->ivname, ".bin"); info->iv = malloc(info->cipher->iv_len); if (!info->iv) { printf("Can't allocate memory for iv\n"); ret = -1; goto out; } - ret = fit_image_read_data(filename, (unsigned char *)info->iv, - info->cipher->iv_len); + + if (info->ivname) { + /* Read the IV in the file */ + snprintf(filename, sizeof(filename), "%s/%s%s", + info->keydir, info->ivname, ".bin"); + ret = fit_image_read_data(filename, (unsigned char *)info->iv, + info->cipher->iv_len); + } else { + /* Generate an ramdom IV */ + ret = get_random_data((void *)info->iv, info->cipher->iv_len); + } out: return ret; @@ -453,9 +489,10 @@ fit_image_process_cipher(const char *keydir, void *keydest, void *fit, * Write the public key into the supplied FDT file; this might fail * several times, since we try signing with successively increasing * size values + * And, if needed, write the iv in the FIT file */ if (keydest) { - ret = info.cipher->add_cipher_data(&info, keydest); + ret = info.cipher->add_cipher_data(&info, keydest, fit, node_noffset); if (ret) { printf("Failed to add verification data for cipher '%s' in image '%s'\n", info.keyname, image_name);