Add support for signature verification routines
Enabled high level logic flow for the signed image
signature validation routines.
Includes reading hash type, key type from Manifest file.
Change-Id: I9b0213042bb15882f351e7937fd17fb0a3e9fb33
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
diff --git a/image_verify.hpp b/image_verify.hpp
index b5c4514..3e65288 100644
--- a/image_verify.hpp
+++ b/image_verify.hpp
@@ -1,5 +1,6 @@
#pragma once
#include <experimental/filesystem>
+#include <set>
namespace phosphor
{
@@ -9,7 +10,16 @@
{
namespace fs = std::experimental::filesystem;
+using Key_t = std::string;
+using Hash_t = std::string;
+using PublicKeyPath = fs::path;
+using HashFilePath = fs::path;
+using KeyHashPathPair = std::pair<HashFilePath, PublicKeyPath>;
+using AvailableKeyTypes = std::set<Key_t>;
+// BMC flash image file name list.
+const std::vector<std::string> bmcImages = {"image-kernel", "image-rofs",
+ "image-rwfs", "image-u-boot"};
/** @class Signature
* @brief Contains signature verification functions.
* @details The software image class that contains the signature
@@ -25,11 +35,13 @@
Signature& operator=(Signature&&) = default;
~Signature() = default;
- /** @brief Constructs Verify Class
- *
- * @param[in] imageDirPath - file path
+ /**
+ * @brief Constructs Signature.
+ * @param[in] imageDirPath - image path
+ * @param[in] signedConfPath - Path of public key
+ * hash function files
*/
- Signature(const fs::path& imageDirPath) : imageDirPath(imageDirPath){};
+ Signature(const fs::path& imageDirPath, const fs::path& signedConfPath);
/**
* @brief Image signature verification function.
@@ -45,8 +57,55 @@
bool verify();
private:
- /** @brief Directory where software images are placed*/
+ /**
+ * @brief Function used for system level file signature validation
+ * of image specfic publickey file and manifest file
+ * using the available public keys and hash functions
+ * in the system.
+ * Refer code-update documenation for more details.
+ */
+ bool systemLevelVerify();
+
+ /**
+ * @brief Return all key types stored in the BMC based on the
+ * public key and hashfunc files stored in the BMC.
+ *
+ * @return list
+ */
+ AvailableKeyTypes getAvailableKeyTypesFromSystem() const;
+
+ /**
+ * @brief Return public key and hash function file names for the
+ * corresponding key type
+ *
+ * @param[in] key - key type
+ * @return Pair of hash and public key file names
+ */
+ inline KeyHashPathPair getKeyHashFileNames(const Key_t& key) const;
+
+ /**
+ * @brief Verify the file signature using public key and hash function
+ *
+ * @param[in] - Image file path
+ * @param[in] - Signature file path
+ * @param[in] - Public key
+ * @param[in] - Hash function name
+ * @return true if signature verification was successful, false if not
+ */
+ bool verifyFile(const fs::path& file, const fs::path& signature,
+ const fs::path& publicKey, const std::string& hashFunc);
+
+ /** @brief Directory where software images are placed */
fs::path imageDirPath;
+
+ /** @brief Path of public key and hash function files */
+ fs::path signedConfPath;
+
+ /** @brief key type defined in mainfest file */
+ Key_t keyType;
+
+ /** @brief Hash type defined in mainfest file */
+ Hash_t hashType;
};
} // namespace image