TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / cea8b590ae9ac656a6c8273c53986ff017152673 / . / bl2 / ext / mcuboot / bootutil / src / image_validate.c
blob: 59e0b69f7717d258ea1ce3e3dd1424953a5a050f [file] [log] [blame]
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
Oliver Swedef9982442018-08-24 18:37:44 +0100[diff] [blame]20/*
21 * Original code taken from mcuboot project at:
David Vincze39e78552018-10-10 17:10:01 +0200[diff] [blame]22 * https://github.com/JuulLabs-OSS/mcuboot
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]23 * Git SHA of the original version: 4f0ea747c314547daa6b6299ccbd77ae4dee6758
David Vincze39e78552018-10-10 17:10:01 +0200[diff] [blame]24 * Modifications are Copyright (c) 2018-2019 Arm Limited.
Oliver Swedef9982442018-08-24 18:37:44 +0100[diff] [blame]25 */
26
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]27#include <assert.h>
28#include <stddef.h>
29#include <inttypes.h>
30#include <string.h>
31
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]32#include "flash_map/flash_map.h"
33#include "bootutil/image.h"
34#include "bootutil/sha256.h"
35#include "bootutil/sign_key.h"
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]36#include "security_cnt.h"
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]37
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]38#if defined(MCUBOOT_SIGN_RSA)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]39#include "mbedtls/rsa.h"
40#endif
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]41
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]42#include "mbedtls/asn1.h"
43
44#include "bootutil_priv.h"
45
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]46#ifdef MCUBOOT_HW_KEY
47#include "platform/include/tfm_plat_crypto_keys.h"
48#endif
49
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]50/*
51 * Compute SHA256 over the image.
52 */
53static int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]54bootutil_img_hash(int image_index,
55 struct image_header *hdr, const struct flash_area *fap,
56 uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *hash_result,
57 uint8_t *seed, int seed_len)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]58{
59 bootutil_sha256_context sha256_ctx;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]60 uint32_t size;
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]61#ifndef MCUBOOT_RAM_LOADING
62 uint32_t blk_sz;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]63 uint32_t off;
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]64 int rc;
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]65#endif /* MCUBOOT_RAM_LOADING */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]66
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]67 (void)image_index;
68
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]69 bootutil_sha256_init(&sha256_ctx);
70
71 /* in some cases (split image) the hash is seeded with data from
72 * the loader image */
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]73 if (seed && (seed_len > 0)) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]74 bootutil_sha256_update(&sha256_ctx, seed, seed_len);
75 }
76
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]77 /* Hash is computed over image header and image itself. */
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]78 size = BOOT_TLV_OFF(hdr);
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]79
David Vincze219a1752019-10-14 11:35:09 +0200[diff] [blame]80 /* If protected TLVs are present (e.g. security counter TLV) then the
81 * TLV info header and these TLVs must be included in the hash calculation.
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]82 */
83 if (hdr->ih_protect_tlv_size != 0) {
84 size += hdr->ih_protect_tlv_size;
85 }
86
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]87#ifdef MCUBOOT_RAM_LOADING
88 bootutil_sha256_update(&sha256_ctx,(void*)(hdr->ih_load_addr), size);
89#else
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]90 for (off = 0; off < size; off += blk_sz) {
91 blk_sz = size - off;
92 if (blk_sz > tmp_buf_sz) {
93 blk_sz = tmp_buf_sz;
94 }
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]95 rc = flash_area_read(fap, off, tmp_buf, blk_sz);
96 if (rc) {
97 return rc;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]98 }
99 bootutil_sha256_update(&sha256_ctx, tmp_buf, blk_sz);
100 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]101#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]102 bootutil_sha256_finish(&sha256_ctx, hash_result);
103
104 return 0;
105}
106
107/*
108 * Currently, we only support being able to verify one type of
109 * signature, because there is a single verification function that we
110 * call. List the type of TLV we are expecting. If we aren't
111 * configured for any signature, don't define this macro.
112 */
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]113
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]114#if defined(MCUBOOT_SIGN_RSA)
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]115# if MCUBOOT_SIGN_RSA_LEN == 2048
116# define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
117# elif MCUBOOT_SIGN_RSA_LEN == 3072
118# define EXPECTED_SIG_TLV IMAGE_TLV_RSA3072_PSS
119# else
120# error "Unsupported RSA signature length"
121# endif
122# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
123# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE)
124#else
125# define SIG_BUF_SIZE 32 /* no signing, sha256 digest only */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]126#endif
127
128#ifdef EXPECTED_SIG_TLV
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]129#ifdef MCUBOOT_HW_KEY
130extern unsigned int pub_key_len;
131static int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]132bootutil_find_key(uint8_t image_id, uint8_t *key, uint16_t key_len)
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]133{
134 bootutil_sha256_context sha256_ctx;
135 uint8_t hash[32];
136 uint8_t key_hash[32];
137 uint32_t key_hash_size= sizeof(key_hash);
138 enum tfm_plat_err_t plat_err;
139
140 bootutil_sha256_init(&sha256_ctx);
141 bootutil_sha256_update(&sha256_ctx, key, key_len);
142 bootutil_sha256_finish(&sha256_ctx, hash);
143
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]144 plat_err = tfm_plat_get_rotpk_hash(image_id, key_hash, &key_hash_size);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]145 if (plat_err != TFM_PLAT_ERR_SUCCESS) {
146 return -1;
147 }
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]148 if (!boot_secure_memequal(hash, key_hash, key_hash_size)) {
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]149 bootutil_keys[0].key = key;
150 pub_key_len = key_len;
151 return 0;
152 }
153 return -1;
154}
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]155#else /* !MCUBOOT_HW_KEY */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]156static int
157bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len)
158{
159 bootutil_sha256_context sha256_ctx;
160 int i;
161 const struct bootutil_key *key;
162 uint8_t hash[32];
163
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]164 if (keyhash_len > 32) {
165 return -1;
166 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]167
168 for (i = 0; i < bootutil_key_cnt; i++) {
169 key = &bootutil_keys[i];
170 bootutil_sha256_init(&sha256_ctx);
171 bootutil_sha256_update(&sha256_ctx, key->key, *key->len);
172 bootutil_sha256_finish(&sha256_ctx, hash);
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]173 if (!boot_secure_memequal(hash, keyhash, keyhash_len)) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]174 return i;
175 }
176 }
177 return -1;
178}
179#endif
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]180#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]181
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]182/**
183 * Reads the value of an image's security counter.
184 *
185 * @param hdr Pointer to the image header structure.
186 * @param fap Pointer to a description structure of the image's
187 * flash area.
188 * @param security_cnt Pointer to store the security counter value.
189 *
190 * @return 0 on success; nonzero on failure.
191 */
192int32_t
193bootutil_get_img_security_cnt(struct image_header *hdr,
194 const struct flash_area *fap,
195 uint32_t *img_security_cnt)
196{
197 struct image_tlv_info info;
198 struct image_tlv tlv;
199 uint32_t off;
200 uint32_t end;
201 uint32_t found = 0;
202 int32_t rc;
203
204 if ((hdr == NULL) ||
205 (fap == NULL) ||
206 (img_security_cnt == NULL)) {
207 /* Invalid parameter. */
208 return BOOT_EBADARGS;
209 }
210
211 /* The TLVs come after the image. */
212 off = hdr->ih_hdr_size + hdr->ih_img_size;
213
214 /* The TLV area always starts with an image_tlv_info structure. */
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]215 rc = LOAD_IMAGE_DATA(fap, off, &info, sizeof(info));
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]216 if (rc != 0) {
217 return BOOT_EFLASH;
218 }
219
220 if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
221 return BOOT_EBADMAGIC;
222 }
223
224 /* The security counter TLV is in the protected part of the TLV area. */
225 if (hdr->ih_protect_tlv_size != 0) {
226 end = off + (uint32_t)hdr->ih_protect_tlv_size;
227 off += sizeof(info);
228
229 /* Traverse through the protected TLV area to find the
230 * security counter TLV.
231 */
232 while (off < end) {
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]233 rc = LOAD_IMAGE_DATA(fap, off, &tlv, sizeof(tlv));
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]234 if (rc != 0) {
235 return BOOT_EFLASH;
236 }
237
238 if (tlv.it_type == IMAGE_TLV_SEC_CNT) {
239
240 if (tlv.it_len != sizeof(*img_security_cnt)) {
241 /* Security counter is not valid. */
242 break;
243 }
244
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]245 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv),
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]246 img_security_cnt, tlv.it_len);
247 if (rc != 0) {
248 return BOOT_EFLASH;
249 }
250
251 /* Security counter has been found. */
252 found = 1;
253 break;
254 }
255
256 /* Avoid integer overflow. */
Tamas Ban056ed0b2019-09-16 12:48:32 +0100[diff] [blame]257 if (boot_add_uint32_overflow_check(off, (sizeof(tlv) + tlv.it_len)))
258 {
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]259 /* Potential overflow. */
260 break;
261 } else {
262 off += sizeof(tlv) + tlv.it_len;
263 }
264 }
265 }
266
267 if (found) {
268 return 0;
269 }
270
271 return -1;
272}
273
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]274/*
275 * Verify the integrity of the image.
276 * Return non-zero if image could not be validated/does not validate.
277 */
278int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]279bootutil_img_validate(int image_index,
280 struct image_header *hdr, const struct flash_area *fap,
281 uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *seed,
282 int seed_len, uint8_t *out_hash)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]283{
284 uint32_t off;
285 uint32_t end;
286 int sha256_valid = 0;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]287#ifdef EXPECTED_SIG_TLV
288 int valid_signature = 0;
289 int key_id = -1;
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]290#ifdef MCUBOOT_HW_KEY
291 /* Few extra bytes for encoding and for public exponent */
292 uint8_t key_buf[SIG_BUF_SIZE + 24];
293#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]294#endif
295 struct image_tlv tlv;
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]296 uint8_t buf[SIG_BUF_SIZE];
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]297 uint8_t hash[32] = {0};
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]298 uint32_t security_cnt;
299 uint32_t img_security_cnt;
300 int32_t security_counter_valid = 0;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]301 int rc;
302
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]303 rc = bootutil_img_hash(image_index, hdr, fap, tmp_buf,
304 tmp_buf_sz, hash, seed, seed_len);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]305 if (rc) {
306 return rc;
307 }
308
309 if (out_hash) {
310 memcpy(out_hash, hash, 32);
311 }
312
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]313 rc = boot_find_tlv_offs(hdr, fap, &off, &end);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]314 if (rc) {
315 return rc;
316 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]317
318 /*
319 * Traverse through all of the TLVs, performing any checks we know
320 * and are able to do.
321 */
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]322 while (off < end) {
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]323 rc = LOAD_IMAGE_DATA(fap, off, &tlv, sizeof(tlv));
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]324 if (rc) {
325 return rc;
326 }
327
328 if (tlv.it_type == IMAGE_TLV_SHA256) {
329 /*
330 * Verify the SHA256 image hash. This must always be
331 * present.
332 */
333 if (tlv.it_len != sizeof(hash)) {
334 return -1;
335 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]336 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), buf, sizeof(hash));
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]337 if (rc) {
338 return rc;
339 }
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]340 if (boot_secure_memequal(hash, buf, sizeof(hash))) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]341 return -1;
342 }
343
344 sha256_valid = 1;
345#ifdef EXPECTED_SIG_TLV
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]346#ifndef MCUBOOT_HW_KEY
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]347 } else if (tlv.it_type == IMAGE_TLV_KEYHASH) {
348 /*
349 * Determine which key we should be checking.
350 */
351 if (tlv.it_len > 32) {
352 return -1;
353 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]354 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), buf, tlv.it_len);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]355 if (rc) {
356 return rc;
357 }
358 key_id = bootutil_find_key(buf, tlv.it_len);
359 /*
360 * The key may not be found, which is acceptable. There
361 * can be multiple signatures, each preceded by a key.
362 */
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]363#else /* MCUBOOT_HW_KEY */
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]364 } else if (tlv.it_type == IMAGE_TLV_KEY) {
365 /*
366 * Determine which key we should be checking.
367 */
368 if (tlv.it_len > sizeof(key_buf)) {
369 return -1;
370 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]371 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), key_buf, tlv.it_len);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]372 if (rc) {
373 return rc;
374 }
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame^]375 key_id = bootutil_find_key(image_index, key_buf, tlv.it_len);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]376 /*
377 * The key may not be found, which is acceptable. There
378 * can be multiple signatures, each preceded by a key.
379 */
380#endif /* MCUBOOT_HW_KEY */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]381 } else if (tlv.it_type == EXPECTED_SIG_TLV) {
382 /* Ignore this signature if it is out of bounds. */
David Vinczefb068302019-07-24 11:00:22 +0200[diff] [blame]383 if (key_id >= 0 && key_id < bootutil_key_cnt) {
384 if (!EXPECTED_SIG_LEN(tlv.it_len) || tlv.it_len > sizeof(buf)) {
385 return -1;
386 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]387 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), buf, tlv.it_len);
David Vinczefb068302019-07-24 11:00:22 +0200[diff] [blame]388 if (rc) {
389 return -1;
390 }
391 rc = bootutil_verify_sig(hash, sizeof(hash), buf, tlv.it_len,
392 key_id);
393 if (rc == 0) {
394 valid_signature = 1;
395 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]396 }
397 key_id = -1;
398#endif
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]399 } else if (tlv.it_type == IMAGE_TLV_SEC_CNT) {
400 /*
401 * Verify the image's security counter.
402 * This must always be present.
403 */
404 if (tlv.it_len != sizeof(img_security_cnt)) {
405 /* Security counter is not valid. */
406 return -1;
407 }
408
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]409 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv),
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]410 &img_security_cnt, tlv.it_len);
411 if (rc) {
412 return rc;
413 }
414
415 rc = boot_nv_security_counter_get(0, &security_cnt);
416 if (rc) {
417 return rc;
418 }
419
420 /* Compare the new image's security counter value against the
421 * stored security counter value.
422 */
423 if (img_security_cnt < security_cnt) {
424 /* The image's security counter is not accepted. */
425 return -1;
426 }
427
428 /* The image's security counter has been successfully verified. */
429 security_counter_valid = 1;
430 }
431
432 /* Avoid integer overflow. */
Tamas Ban056ed0b2019-09-16 12:48:32 +0100[diff] [blame]433 if (boot_add_uint32_overflow_check(off, (sizeof(tlv) + tlv.it_len))) {
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]434 /* Potential overflow. */
435 break;
436 } else {
437 off += sizeof(tlv) + tlv.it_len;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]438 }
439 }
440
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]441 if (!sha256_valid || !security_counter_valid) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]442 return -1;
443 }
444
445#ifdef EXPECTED_SIG_TLV
446 if (!valid_signature) {
447 return -1;
448 }
449#endif
450
451 return 0;
452}