Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 1 | /* |
Amir Samuelov | a338294 | 2014-03-13 13:48:57 +0200 | [diff] [blame] | 2 | * Copyright (c) 2011,2013-2014 The Linux Foundation. All rights reserved. |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions |
| 6 | * are met: |
| 7 | * * Redistributions of source code must retain the above copyright |
| 8 | * notice, this list of conditions and the following disclaimer. |
| 9 | * * Redistributions in binary form must reproduce the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer in |
| 11 | * the documentation and/or other materials provided with the |
| 12 | * distribution. |
| 13 | * |
| 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 15 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 16 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 17 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 18 | * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| 20 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS |
| 21 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
| 22 | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| 23 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| 24 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 25 | * SUCH DAMAGE. |
| 26 | */ |
| 27 | #include <x509.h> |
| 28 | #include <certificate.h> |
| 29 | #include <crypto_hash.h> |
| 30 | #include "image_verify.h" |
Amir Samuelov | 67ae1d3 | 2013-03-24 16:27:52 +0200 | [diff] [blame] | 31 | #include "scm.h" |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 32 | |
| 33 | /* |
| 34 | * Returns -1 if decryption failed otherwise size of plain_text in bytes |
| 35 | */ |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 36 | static int |
| 37 | image_decrypt_signature(unsigned char *signature_ptr, unsigned char *plain_text) |
| 38 | { |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 39 | /* |
| 40 | * Extract Public Key and Decrypt Signature |
| 41 | */ |
| 42 | int ret = -1; |
| 43 | X509 *x509_certificate = NULL; |
| 44 | unsigned char *cert_ptr = certBuffer; |
| 45 | unsigned int cert_size = sizeof(certBuffer); |
| 46 | EVP_PKEY *pub_key = NULL; |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 47 | RSA *rsa_key = NULL; |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 48 | |
| 49 | /* |
| 50 | * Get Pubkey and Convert the internal EVP_PKEY to RSA internal struct |
| 51 | */ |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 52 | if ((x509_certificate = d2i_X509(NULL, &cert_ptr, cert_size)) == NULL) { |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 53 | dprintf(CRITICAL, |
| 54 | "ERROR: Image Invalid, X509_Certificate is NULL!\n"); |
| 55 | goto cleanup; |
| 56 | } |
| 57 | pub_key = X509_get_pubkey(x509_certificate); |
| 58 | rsa_key = EVP_PKEY_get1_RSA(pub_key); |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 59 | if (rsa_key == NULL) { |
| 60 | dprintf(CRITICAL, "ERROR: Boot Invalid, RSA_KEY is NULL!\n"); |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 61 | goto cleanup; |
| 62 | } |
| 63 | |
| 64 | ret = RSA_public_decrypt(SIGNATURE_SIZE, signature_ptr, plain_text, |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 65 | rsa_key, RSA_PKCS1_PADDING); |
| 66 | dprintf(SPEW, "DEBUG openssl: Return of RSA_public_decrypt = %d\n", |
| 67 | ret); |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 68 | |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 69 | cleanup: |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 70 | if (rsa_key != NULL) |
| 71 | RSA_free(rsa_key); |
| 72 | if (x509_certificate != NULL) |
| 73 | X509_free(x509_certificate); |
| 74 | if (pub_key != NULL) |
| 75 | EVP_PKEY_free(pub_key); |
| 76 | return ret; |
| 77 | } |
| 78 | |
| 79 | /* |
| 80 | * Returns 1 when image is signed and authorized. |
| 81 | * Returns 0 when image is unauthorized. |
| 82 | * Expects a pointer to the start of image and pointer to start of sig |
| 83 | */ |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 84 | int |
| 85 | image_verify(unsigned char *image_ptr, |
| 86 | unsigned char *signature_ptr, |
| 87 | unsigned int image_size, unsigned hash_type) |
| 88 | { |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 89 | |
| 90 | int ret = -1; |
| 91 | int auth = 0; |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 92 | unsigned char *plain_text = NULL; |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 93 | unsigned int digest[8]; |
| 94 | unsigned int hash_size; |
| 95 | |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 96 | plain_text = (unsigned char *)calloc(sizeof(char), SIGNATURE_SIZE); |
| 97 | if (plain_text == NULL) { |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 98 | dprintf(CRITICAL, "ERROR: Calloc failed during verification\n"); |
| 99 | goto cleanup; |
| 100 | } |
| 101 | |
Amir Samuelov | a338294 | 2014-03-13 13:48:57 +0200 | [diff] [blame] | 102 | /* |
| 103 | * Calculate hash of image and save calculated hash on TZ. |
| 104 | */ |
| 105 | hash_size = |
| 106 | (hash_type == CRYPTO_AUTH_ALG_SHA256) ? SHA256_SIZE : SHA1_SIZE; |
| 107 | hash_find(image_ptr, image_size, (unsigned char *)&digest, hash_type); |
| 108 | #ifdef TZ_SAVE_KERNEL_HASH |
| 109 | if (hash_type == CRYPTO_AUTH_ALG_SHA256) { |
| 110 | save_kernel_hash_cmd(digest); |
| 111 | dprintf(INFO, "Image hash saved.\n"); |
| 112 | } else |
| 113 | dprintf(INFO, "image_verify: hash is not SHA-256.\n"); |
| 114 | #endif |
| 115 | |
| 116 | /* |
| 117 | * Decrypt the pre-calculated expected image hash. |
Sundarajan Srinivasan | f390859 | 2014-04-21 14:14:30 -0700 | [diff] [blame] | 118 | * Return value, ret should be equal to hash_size. Otherwise it means a failure. With this check |
| 119 | * we avoid a potential vulnerability due to trailing data placed at the end of digest. |
Amir Samuelov | a338294 | 2014-03-13 13:48:57 +0200 | [diff] [blame] | 120 | */ |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 121 | ret = image_decrypt_signature(signature_ptr, plain_text); |
Sundarajan Srinivasan | f390859 | 2014-04-21 14:14:30 -0700 | [diff] [blame] | 122 | if (ret != hash_size) { |
| 123 | dprintf(CRITICAL, "ERROR: Image Invalid! signature check failed! ret %d\n", ret); |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 124 | goto cleanup; |
| 125 | } |
| 126 | |
| 127 | /* |
Amir Samuelov | a338294 | 2014-03-13 13:48:57 +0200 | [diff] [blame] | 128 | * Compare the expected hash with the calculated hash. |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 129 | */ |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 130 | if (memcmp(plain_text, digest, hash_size) != 0) { |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 131 | dprintf(CRITICAL, |
| 132 | "ERROR: Image Invalid! Please use another image!\n"); |
| 133 | ret = -1; |
| 134 | goto cleanup; |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 135 | } else { |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 136 | /* Authorized image */ |
| 137 | auth = 1; |
| 138 | } |
| 139 | |
| 140 | /* Cleanup after complete usage of openssl - cached data and objects */ |
Ajay Dudani | b01e506 | 2011-12-03 23:23:42 -0800 | [diff] [blame] | 141 | cleanup: |
Shashank Mittal | cd98d47 | 2011-08-02 14:29:24 -0700 | [diff] [blame] | 142 | if (plain_text != NULL) |
| 143 | free(plain_text); |
| 144 | EVP_cleanup(); |
| 145 | CRYPTO_cleanup_all_ex_data(); |
| 146 | ERR_remove_thread_state(NULL); |
| 147 | return auth; |
| 148 | } |