From patchwork Fri Jun 5 13:54:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Babic X-Patchwork-Id: 1304161 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::23b; helo=mail-lj1-x23b.google.com; envelope-from=swupdate+bncbcxploxj6ikrblu55h3akgqe2zfqsqy@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20161025 header.b=ex1M57qF; dkim-atps=neutral Received: from mail-lj1-x23b.google.com (mail-lj1-x23b.google.com [IPv6:2a00:1450:4864:20::23b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49dkfr3cTBz9sT8 for ; Fri, 5 Jun 2020 23:54:58 +1000 (AEST) Received: by mail-lj1-x23b.google.com with SMTP id m16sf683952ljj.22 for ; Fri, 05 Jun 2020 06:54:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1591365295; cv=pass; d=google.com; s=arc-20160816; b=WazkynjYPmTlkpbi+v3WKcoiM2lFVWnSi+ms+MNClKtVmIjsBFxd2BT72l7Vv2We0C XL8+SjkzhtPw4+x9vwq85MKYLyVn/2MzhQpCuz55pONWQhICqVX4fNGXhNN99Y/QUq9j 6rJNmtXTxNL5w5mB5xA5RnSnorExGubOHRo7/oMfh7u2+TOH2F91ZQf/AWqDc5ZD269f jcGnss1IrcCmwWjrZm0jmGiA7k/aH3bHG27XK6Jq1btZpGx3LcGNMYdWc64BiFyhiPKb aGIpfGIeImC4SigkvtesyTWuOnU7cGSRJkRcZXicP/OPdV2M2vRUmwRXlDd7ikR8uVHD Fc+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=2JADBlpV72Vr6x1734bFXCRsT3N4mS9L6Fu13c9c/ck=; b=aKEJ9bY3Y5UA45+pFqPf0IoMK4XiSyV1uX3DzQlyggfaLGGGSI2NGAmyqA5FBj67M8 rj7gJEPCDRiq7xNvqMnQzweZLY1PkFTGv7PimLYjW6GBhdR+JkiRxS+SZv8aYBo9cXCp FLz76ALQ2rc9WiUkqSdkwFiED72EiS4wO7on5vw8joGVKbZnbjBE+9oiLSB0JuEy7Qpl qOw/+C+DyjuTCw7K59BHrB+q2KC/LlAcSjpjDvtjZF01UoF3lp7puXdTOpClXNVFxltL yjrySokc1apONSTpkZMhHNu9pFVPuamz502hJgZl9no8W1sfW6ckjF+65lb1/R2R/Oyv aEiA== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=2JADBlpV72Vr6x1734bFXCRsT3N4mS9L6Fu13c9c/ck=; b=ex1M57qFbRfk27sWwS8KDBR4IN5xJsKfO03h5kigO69Hnmkfd41b/RF6jmpXkglz4n rAc0uJMtsJmun6RPnS2r1lcVkI4U1GCpofPbTNp+ZNdiIs1j596iABmQkDDPYOtnF6qY yofEfHMNQQUI0CQs9Yci1WReRPXPmMpdg/r71SjW+j+QPDo8aiegWTLB8T32rWSkSeUs 6GPJZ3eM74J7YqYpqbdAh5CdKAnjjDrArT4Ncg7sVRnGJLuc39idamyHv2Vm3CoJvIiH ZL4uA44pR8zPR2b+VTH8dN+kUOigu4Wd3UeLgkdnmd+3xbGrVQecDQhr44csQo2NiXDC 6/2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=2JADBlpV72Vr6x1734bFXCRsT3N4mS9L6Fu13c9c/ck=; b=Xh4/Gki8vN0WG6IBWXCulnzYi4GcwraKHz7uGc8prhJ+R5ZgZj1059RCeGZ6zOVSr1 GS1HUhcYECuW1c5eWpILs5KNVOZtkYvfMixJ4yxSEJg7EP5Q54oX7AR6f0g0B+9Cnjt0 EFEvbnj5T+y/PynCE+UPTRC7Nyii7gwHuPKjGqq1fjmEkpPDjYvZ8ONnnI8XOzedth5p 35VPgBABI78DEMVM2yoKf2zboMSnHxUg0i6QwR4uxRiej/3sr5uOcj6QrkdnlVRCbOyd LNGd4xzmAwGR1DRNgRAe7SfTaR861uihIYzzL8bJMKMcLdDTRl9BpiUQRkghpEsrrg7X aCVA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOAM532XjWdK/UQqj/Lr9TYwRicMJM04de0dZmKsE1AEvtC5lWrYfkPi YVqIOtBJ0A3rO5wk+EverDg= X-Google-Smtp-Source: ABdhPJxeB59Y3675NB/3uwbQl5inMp5c4fBNMyOfOA3/foCsRmosTAY3+in+sVf964tZmqzIK7k5jg== X-Received: by 2002:a05:651c:333:: with SMTP id b19mr4830176ljp.204.1591365294876; Fri, 05 Jun 2020 06:54:54 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:651c:1032:: with SMTP id w18ls272842ljm.10.gmail; Fri, 05 Jun 2020 06:54:54 -0700 (PDT) X-Received: by 2002:a2e:3c06:: with SMTP id j6mr4963146lja.357.1591365293995; Fri, 05 Jun 2020 06:54:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591365293; cv=none; d=google.com; s=arc-20160816; b=qQBrBEyUI+x3j0xhMscL03RNqeFEx3hxDCIV0O1piKQKyNCbKPIYkibxk3ZAHtGETK TGnc3lgfnMw3Eyi0w91fJjfZ1hbwmrgmnGI4Rb++wNmrMTzBUbukz0BcyB+v8DKCEg2W PXL2fnhEMOjqUosCqEqkgQifVi+navu0pWBzGGv4cBIQ2OUcZ0LMRbttpUUYt+kFww6h YJh2PKGWrQ8xuPpfRN6MrU7W14vC/crDLS2qgnnp36jGLjS6e7WVdzqX8910exLTb7LU TYKhd7jiJfkGek4sNp/e+6XEmMLwAjxvdLiUJTUWMO4q6eCxp7pMLCX3EbD0JR0GocKt b+2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=myOLjlfhUF5WTWbGRJCTc9X9eD3WJPNDmqN6ga/h6rI=; b=aphvxvox39ep5ECo5y7APMsDIZCeMpS62ojxHv59GYCVXkQraLqifLI3fshOJY6yVD O/4rFqqO91McBj3jNkBsU41Ghka3vvuGfo8lqvmol3Ad4vfGsUZ0cztMatb4fnZCU/vD 13rpa26BU0BqGcAOJ6BzbeOLw1IglXJ/buB4+FZldkb4xp7kS3RMfok2odlcETKn+m1Y 62rBA3G21vvOdDIcgJecVSkhyx3hGc5rxnukloYC2HnYZcIquaOWUfzqdX0SNPTFiAZ8 IBYuD6kJlZMJ4iF/M/OPxnHtRBYgfIOmF9l/ddxSuFf+Oc8B0Zu6woKlbM904PX6YW6d 7tWQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.10]) by gmr-mx.google.com with ESMTPS id f16si157107lfm.0.2020.06.05.06.54.53 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Jun 2020 06:54:53 -0700 (PDT) Received-SPF: neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) client-ip=212.18.0.10; Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 49dkfj2nKBz1rsXP; Fri, 5 Jun 2020 15:54:53 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 49dkfj2Wj6z1r572; Fri, 5 Jun 2020 15:54:53 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id S-z-RMB7-jkq; Fri, 5 Jun 2020 15:54:52 +0200 (CEST) Received: from babic.homelinux.org (host-88-217-136-221.customer.m-online.net [88.217.136.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS; Fri, 5 Jun 2020 15:54:52 +0200 (CEST) Received: from localhost (mail.babic.homelinux.org [127.0.0.1]) by babic.homelinux.org (Postfix) with ESMTP id A7A864540959; Fri, 5 Jun 2020 15:54:51 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at babic.homelinux.org Received: from babic.homelinux.org ([127.0.0.1]) by localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0wGsQ8OXd9q; Fri, 5 Jun 2020 15:54:49 +0200 (CEST) Received: from paperino.fritz.box (paperino.fritz.box [192.168.178.64]) by babic.homelinux.org (Postfix) with ESMTP id F18B84540402; Fri, 5 Jun 2020 15:54:48 +0200 (CEST) From: Stefano Babic To: swupdate@googlegroups.com Cc: Stefano Babic Subject: [swupdate] [PATCH] Add option to disable cpio CRC check Date: Fri, 5 Jun 2020 15:54:46 +0200 Message-Id: <20200605135446.2855531-1-sbabic@denx.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Original-Sender: sbabic@denx.de X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Disable CRC check in cpio header if sha256 is enabled. CRC in CPIO is not a real crc, but it is simply the sum of all bytes belonging to a file as 32 bit value. It is very weak and does not add any further safety if sha256 is activated. CPIO tool is buggy on Linux distros and CRC is not computed correctly and set to zero when a file is larger than 2GB. While cpio on OE is patched to fix this, a SWU built outside OE has a wrong computed CRC and SWUpdate will abort the update. This option drops the check when the stronger sha256 check is activated. Signed-off-by: Stefano Babic --- Kconfig | 12 ++++++++++++ core/cpio_utils.c | 8 ++------ core/stream_interface.c | 14 ++++---------- include/util.h | 21 +++++++++++++++++++-- 4 files changed, 37 insertions(+), 18 deletions(-) diff --git a/Kconfig b/Kconfig index 5b9235b..444eb1f 100644 --- a/Kconfig +++ b/Kconfig @@ -396,6 +396,18 @@ config HASH_VERIFY comment "Hash checking needs an SSL implementation" depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS +config DISABLE_CPIO_CRC + bool "Disable cpio CRC verify if SHA 256 is enabled" + depends on HASH_VERIFY + default n + help + Disable CRC check in cpio header if sha256 is enabled. + CRC in CPIO is not a real crc, but it is simply the sum + of all bytes belonging to a file as 32 bit value. It is + very weak and does not add any further safety if sha256 + is activated. CPIO in Linux distros has also a bug and + CRC field is set to 0 when a file is larger as 2GB. + config SIGNED_IMAGES bool "Enable verification of signed images" depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 9afb699..e2e857c 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -793,9 +793,7 @@ off_t extract_next_file(int fd, int fdout, off_t start, int compressed, (unsigned long)checksum, (checksum == fdh.chksum) ? "VERIFIED" : "WRONG"); - if (checksum != fdh.chksum) { - ERROR("Checksum WRONG ! Computed 0x%lx, it should be 0x%lx", - (unsigned long)checksum, fdh.chksum); + if (!swupdate_verify_chksum(checksum, fdh.chksum)) { return -EINVAL; } @@ -839,9 +837,7 @@ int cpio_scan(int fd, struct swupdate_cfg *cfg, off_t start) return -1; } - if ((uint32_t)(fdh.chksum) != checksum) { - ERROR("Checksum verification failed for %s: %x != %x", - fdh.filename, (uint32_t)fdh.chksum, checksum); + if (!swupdate_verify_chksum(fdh.chksum, checksum)) { return -1; } diff --git a/core/stream_interface.c b/core/stream_interface.c index e0d6fa4..99e5c62 100644 --- a/core/stream_interface.c +++ b/core/stream_interface.c @@ -103,11 +103,9 @@ static int extract_file_to_tmp(int fd, const char *fname, unsigned long *poffs) close(fdout); return -1; } - if (checksum != (uint32_t)fdh.chksum) { + if (!swupdate_verify_chksum(checksum, fdh.chksum)) { close(fdout); - ERROR("Checksum WRONG ! Computed 0x%ux, it should be 0x%ux", - (unsigned int)checksum, (unsigned int)fdh.chksum); - return -1; + return -1; } close(fdout); @@ -218,9 +216,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) close(fdout); return -1; } - if (checksum != (unsigned long)fdh.chksum) { - ERROR("Checksum WRONG ! Computed 0x%ux, it should be 0x%ux", - (unsigned int)checksum, (unsigned int)fdh.chksum); + if (!swupdate_verify_chksum(checksum, fdh.chksum)) { close(fdout); return -1; } @@ -231,9 +227,7 @@ static int extract_files(int fd, struct swupdate_cfg *software) if (copyfile(fd, &fdout, fdh.size, &offset, 0, skip, 0, &checksum, NULL, 0, NULL, NULL) < 0) { return -1; } - if (checksum != (unsigned long)fdh.chksum) { - ERROR("Checksum WRONG ! Computed 0x%ux, it should be 0x%ux", - (unsigned int)checksum, (unsigned int)fdh.chksum); + if (!swupdate_verify_chksum(checksum, fdh.chksum)) { return -1; } break; diff --git a/include/util.h b/include/util.h index 2f83c8a..55fe70f 100644 --- a/include/util.h +++ b/include/util.h @@ -11,6 +11,7 @@ #include #include #include +#include #if defined(__linux__) #include #endif @@ -85,6 +86,8 @@ struct installer { typedef void (*notifier) (RECOVERY_STATUS status, int error, int level, const char *msg); +void notify(RECOVERY_STATUS status, int error, int level, const char *msg); +void notify_init(void); #define swupdate_notify(status, format, level, arg...) do { \ if (loglevel >= level) { \ char tmpbuf[NOTIFY_BUF_SIZE]; \ @@ -137,6 +140,22 @@ typedef void (*notifier) (RECOVERY_STATUS status, int error, int level, const ch #define LG_16 4 #define FROM_HEX(f) from_ascii (f, sizeof f, LG_16) +#if !defined(CONFIG_DISABLE_CPIO_CRC) +static inline bool swupdate_verify_chksum(const uint32_t chk1, const uint32_t chk2) { + bool ret = (chk1 == chk2); + if (!ret) { + ERROR("Checksum WRONG ! Computed 0x%ux, it should be 0x%ux", + chk1, chk2); + } + return ret; +} +#else +static inline bool swupdate_verify_chksum( + const uint32_t __attribute__ ((__unused__))chk1, + const uint32_t __attribute__ ((__unused__))chk2) { + return true; +} +#endif uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase); int ascii_to_hash(unsigned char *hash, const char *s); @@ -187,8 +206,6 @@ int mkpath(char *dir, mode_t mode); int swupdate_file_setnonblock(int fd, bool block); int register_notifier(notifier client); -void notify(RECOVERY_STATUS status, int error, int level, const char *msg); -void notify_init(void); int syslog_init(void); char **splitargs(char *args, int *argc);