TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / c256612e0e773c76ae07dc8de7f776e3c029d7b0 / . / bl2 / ext / mcuboot / bootutil / src / image_validate.c
blob: 53ac659f386df5ec89d904e58d798608e6102c33 [file] [log] [blame]
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
Oliver Swedef9982442018-08-24 18:37:44 +0100[diff] [blame]20/*
21 * Original code taken from mcuboot project at:
David Vincze39e78552018-10-10 17:10:01 +0200[diff] [blame]22 * https://github.com/JuulLabs-OSS/mcuboot
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]23 * Git SHA of the original version: 4f0ea747c314547daa6b6299ccbd77ae4dee6758
David Vincze39e78552018-10-10 17:10:01 +0200[diff] [blame]24 * Modifications are Copyright (c) 2018-2019 Arm Limited.
Oliver Swedef9982442018-08-24 18:37:44 +0100[diff] [blame]25 */
26
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]27#include <assert.h>
28#include <stddef.h>
29#include <inttypes.h>
30#include <string.h>
31
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]32#include "flash_map/flash_map.h"
33#include "bootutil/image.h"
34#include "bootutil/sha256.h"
35#include "bootutil/sign_key.h"
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]36#include "security_cnt.h"
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]37
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]38#if defined(MCUBOOT_SIGN_RSA)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]39#include "mbedtls/rsa.h"
40#endif
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]41
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]42#include "mbedtls/asn1.h"
43
44#include "bootutil_priv.h"
45
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]46#ifdef MCUBOOT_HW_KEY
47#include "platform/include/tfm_plat_crypto_keys.h"
48#endif
49
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]50/*
51 * Compute SHA256 over the image.
52 */
53static int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]54bootutil_img_hash(int image_index,
55 struct image_header *hdr, const struct flash_area *fap,
56 uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *hash_result,
57 uint8_t *seed, int seed_len)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]58{
59 bootutil_sha256_context sha256_ctx;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]60 uint32_t size;
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]61#ifndef MCUBOOT_RAM_LOADING
62 uint32_t blk_sz;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]63 uint32_t off;
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]64 int rc;
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]65#endif /* MCUBOOT_RAM_LOADING */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]66
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]67 (void)image_index;
68
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]69 bootutil_sha256_init(&sha256_ctx);
70
71 /* in some cases (split image) the hash is seeded with data from
72 * the loader image */
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]73 if (seed && (seed_len > 0)) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]74 bootutil_sha256_update(&sha256_ctx, seed, seed_len);
75 }
76
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]77 /* Hash is computed over image header and image itself. */
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]78 size = BOOT_TLV_OFF(hdr);
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]79
David Vincze219a1752019-10-14 11:35:09 +0200[diff] [blame]80 /* If protected TLVs are present (e.g. security counter TLV) then the
81 * TLV info header and these TLVs must be included in the hash calculation.
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]82 */
83 if (hdr->ih_protect_tlv_size != 0) {
84 size += hdr->ih_protect_tlv_size;
85 }
86
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]87#ifdef MCUBOOT_RAM_LOADING
88 bootutil_sha256_update(&sha256_ctx,(void*)(hdr->ih_load_addr), size);
89#else
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]90 for (off = 0; off < size; off += blk_sz) {
91 blk_sz = size - off;
92 if (blk_sz > tmp_buf_sz) {
93 blk_sz = tmp_buf_sz;
94 }
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]95 rc = flash_area_read(fap, off, tmp_buf, blk_sz);
96 if (rc) {
97 return rc;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]98 }
99 bootutil_sha256_update(&sha256_ctx, tmp_buf, blk_sz);
100 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]101#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]102 bootutil_sha256_finish(&sha256_ctx, hash_result);
103
104 return 0;
105}
106
107/*
108 * Currently, we only support being able to verify one type of
109 * signature, because there is a single verification function that we
110 * call. List the type of TLV we are expecting. If we aren't
111 * configured for any signature, don't define this macro.
112 */
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]113
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]114#if defined(MCUBOOT_SIGN_RSA)
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]115# if MCUBOOT_SIGN_RSA_LEN == 2048
116# define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
117# elif MCUBOOT_SIGN_RSA_LEN == 3072
118# define EXPECTED_SIG_TLV IMAGE_TLV_RSA3072_PSS
119# else
120# error "Unsupported RSA signature length"
121# endif
122# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
123# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE)
124#else
125# define SIG_BUF_SIZE 32 /* no signing, sha256 digest only */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]126#endif
127
128#ifdef EXPECTED_SIG_TLV
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]129#ifdef MCUBOOT_HW_KEY
130extern unsigned int pub_key_len;
131static int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]132bootutil_find_key(uint8_t image_id, uint8_t *key, uint16_t key_len)
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]133{
134 bootutil_sha256_context sha256_ctx;
135 uint8_t hash[32];
136 uint8_t key_hash[32];
137 uint32_t key_hash_size= sizeof(key_hash);
138 enum tfm_plat_err_t plat_err;
139
140 bootutil_sha256_init(&sha256_ctx);
141 bootutil_sha256_update(&sha256_ctx, key, key_len);
142 bootutil_sha256_finish(&sha256_ctx, hash);
143
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]144 plat_err = tfm_plat_get_rotpk_hash(image_id, key_hash, &key_hash_size);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]145 if (plat_err != TFM_PLAT_ERR_SUCCESS) {
146 return -1;
147 }
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]148 if (!boot_secure_memequal(hash, key_hash, key_hash_size)) {
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]149 bootutil_keys[0].key = key;
150 pub_key_len = key_len;
151 return 0;
152 }
153 return -1;
154}
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]155#else /* !MCUBOOT_HW_KEY */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]156static int
157bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len)
158{
159 bootutil_sha256_context sha256_ctx;
160 int i;
161 const struct bootutil_key *key;
162 uint8_t hash[32];
163
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]164 if (keyhash_len > 32) {
165 return -1;
166 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]167
168 for (i = 0; i < bootutil_key_cnt; i++) {
169 key = &bootutil_keys[i];
170 bootutil_sha256_init(&sha256_ctx);
171 bootutil_sha256_update(&sha256_ctx, key->key, *key->len);
172 bootutil_sha256_finish(&sha256_ctx, hash);
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]173 if (!boot_secure_memequal(hash, keyhash, keyhash_len)) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]174 return i;
175 }
176 }
177 return -1;
178}
179#endif
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]180#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]181
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]182/**
183 * Reads the value of an image's security counter.
184 *
185 * @param hdr Pointer to the image header structure.
186 * @param fap Pointer to a description structure of the image's
187 * flash area.
188 * @param security_cnt Pointer to store the security counter value.
189 *
190 * @return 0 on success; nonzero on failure.
191 */
192int32_t
193bootutil_get_img_security_cnt(struct image_header *hdr,
194 const struct flash_area *fap,
195 uint32_t *img_security_cnt)
196{
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]197 struct image_tlv tlv;
198 uint32_t off;
199 uint32_t end;
200 uint32_t found = 0;
201 int32_t rc;
202
203 if ((hdr == NULL) ||
204 (fap == NULL) ||
205 (img_security_cnt == NULL)) {
206 /* Invalid parameter. */
207 return BOOT_EBADARGS;
208 }
209
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]210 /* The security counter TLV is in the protected part of the TLV area. */
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame^]211 if (hdr->ih_protect_tlv_size == 0) {
212 return BOOT_EBADIMAGE;
213 }
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]214
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame^]215 rc = boot_find_tlv_offs(hdr, fap, &off, &end);
216 if (rc) {
217 return rc;
218 }
219
220 /* Calculate the end of the protected TLV area. */
221 end = off - sizeof(struct image_tlv_info) +
222 (uint32_t)hdr->ih_protect_tlv_size;
223
224 /* Traverse through the protected TLV area to find
225 * the security counter TLV.
226 */
227 while (off < end) {
228 rc = LOAD_IMAGE_DATA(fap, off, &tlv, sizeof(tlv));
229 if (rc != 0) {
230 return BOOT_EFLASH;
231 }
232
233 if (tlv.it_type == IMAGE_TLV_SEC_CNT) {
234
235 if (tlv.it_len != sizeof(*img_security_cnt)) {
236 /* Security counter is not valid. */
237 break;
238 }
239
240 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv),
241 img_security_cnt, tlv.it_len);
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]242 if (rc != 0) {
243 return BOOT_EFLASH;
244 }
245
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame^]246 /* Security counter has been found. */
247 found = 1;
248 break;
249 }
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]250
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame^]251 /* Avoid integer overflow. */
252 if (boot_add_uint32_overflow_check(off, (sizeof(tlv) + tlv.it_len)))
253 {
254 /* Potential overflow. */
255 break;
256 } else {
257 off += sizeof(tlv) + tlv.it_len;
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]258 }
259 }
260
261 if (found) {
262 return 0;
263 }
264
265 return -1;
266}
267
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]268/*
269 * Verify the integrity of the image.
270 * Return non-zero if image could not be validated/does not validate.
271 */
272int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]273bootutil_img_validate(int image_index,
274 struct image_header *hdr, const struct flash_area *fap,
275 uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *seed,
276 int seed_len, uint8_t *out_hash)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]277{
278 uint32_t off;
279 uint32_t end;
280 int sha256_valid = 0;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]281#ifdef EXPECTED_SIG_TLV
282 int valid_signature = 0;
283 int key_id = -1;
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]284#ifdef MCUBOOT_HW_KEY
285 /* Few extra bytes for encoding and for public exponent */
286 uint8_t key_buf[SIG_BUF_SIZE + 24];
287#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]288#endif
289 struct image_tlv tlv;
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]290 uint8_t buf[SIG_BUF_SIZE];
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]291 uint8_t hash[32] = {0};
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]292 uint32_t security_cnt;
293 uint32_t img_security_cnt;
294 int32_t security_counter_valid = 0;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]295 int rc;
296
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]297 rc = bootutil_img_hash(image_index, hdr, fap, tmp_buf,
298 tmp_buf_sz, hash, seed, seed_len);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]299 if (rc) {
300 return rc;
301 }
302
303 if (out_hash) {
304 memcpy(out_hash, hash, 32);
305 }
306
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]307 rc = boot_find_tlv_offs(hdr, fap, &off, &end);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]308 if (rc) {
309 return rc;
310 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]311
312 /*
313 * Traverse through all of the TLVs, performing any checks we know
314 * and are able to do.
315 */
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]316 while (off < end) {
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]317 rc = LOAD_IMAGE_DATA(fap, off, &tlv, sizeof(tlv));
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]318 if (rc) {
319 return rc;
320 }
321
322 if (tlv.it_type == IMAGE_TLV_SHA256) {
323 /*
324 * Verify the SHA256 image hash. This must always be
325 * present.
326 */
327 if (tlv.it_len != sizeof(hash)) {
328 return -1;
329 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]330 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), buf, sizeof(hash));
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]331 if (rc) {
332 return rc;
333 }
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]334 if (boot_secure_memequal(hash, buf, sizeof(hash))) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]335 return -1;
336 }
337
338 sha256_valid = 1;
339#ifdef EXPECTED_SIG_TLV
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]340#ifndef MCUBOOT_HW_KEY
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]341 } else if (tlv.it_type == IMAGE_TLV_KEYHASH) {
342 /*
343 * Determine which key we should be checking.
344 */
345 if (tlv.it_len > 32) {
346 return -1;
347 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]348 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), buf, tlv.it_len);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]349 if (rc) {
350 return rc;
351 }
352 key_id = bootutil_find_key(buf, tlv.it_len);
353 /*
354 * The key may not be found, which is acceptable. There
355 * can be multiple signatures, each preceded by a key.
356 */
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]357#else /* MCUBOOT_HW_KEY */
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]358 } else if (tlv.it_type == IMAGE_TLV_KEY) {
359 /*
360 * Determine which key we should be checking.
361 */
362 if (tlv.it_len > sizeof(key_buf)) {
363 return -1;
364 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]365 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), key_buf, tlv.it_len);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]366 if (rc) {
367 return rc;
368 }
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]369 key_id = bootutil_find_key(image_index, key_buf, tlv.it_len);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]370 /*
371 * The key may not be found, which is acceptable. There
372 * can be multiple signatures, each preceded by a key.
373 */
374#endif /* MCUBOOT_HW_KEY */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]375 } else if (tlv.it_type == EXPECTED_SIG_TLV) {
376 /* Ignore this signature if it is out of bounds. */
David Vinczefb068302019-07-24 11:00:22 +0200[diff] [blame]377 if (key_id >= 0 && key_id < bootutil_key_cnt) {
378 if (!EXPECTED_SIG_LEN(tlv.it_len) || tlv.it_len > sizeof(buf)) {
379 return -1;
380 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]381 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv), buf, tlv.it_len);
David Vinczefb068302019-07-24 11:00:22 +0200[diff] [blame]382 if (rc) {
383 return -1;
384 }
385 rc = bootutil_verify_sig(hash, sizeof(hash), buf, tlv.it_len,
386 key_id);
387 if (rc == 0) {
388 valid_signature = 1;
389 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]390 }
391 key_id = -1;
392#endif
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]393 } else if (tlv.it_type == IMAGE_TLV_SEC_CNT) {
394 /*
395 * Verify the image's security counter.
396 * This must always be present.
397 */
398 if (tlv.it_len != sizeof(img_security_cnt)) {
399 /* Security counter is not valid. */
400 return -1;
401 }
402
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]403 rc = LOAD_IMAGE_DATA(fap, off + sizeof(tlv),
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]404 &img_security_cnt, tlv.it_len);
405 if (rc) {
406 return rc;
407 }
408
409 rc = boot_nv_security_counter_get(0, &security_cnt);
410 if (rc) {
411 return rc;
412 }
413
414 /* Compare the new image's security counter value against the
415 * stored security counter value.
416 */
417 if (img_security_cnt < security_cnt) {
418 /* The image's security counter is not accepted. */
419 return -1;
420 }
421
422 /* The image's security counter has been successfully verified. */
423 security_counter_valid = 1;
424 }
425
426 /* Avoid integer overflow. */
Tamas Ban056ed0b2019-09-16 12:48:32 +0100[diff] [blame]427 if (boot_add_uint32_overflow_check(off, (sizeof(tlv) + tlv.it_len))) {
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]428 /* Potential overflow. */
429 break;
430 } else {
431 off += sizeof(tlv) + tlv.it_len;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]432 }
433 }
434
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]435 if (!sha256_valid || !security_counter_valid) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]436 return -1;
437 }
438
439#ifdef EXPECTED_SIG_TLV
440 if (!valid_signature) {
441 return -1;
442 }
443#endif
444
445 return 0;
446}