blob: 02e10938fb46b62a036f33dbadefc4c59fe0408c [file] [log] [blame]
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -06001#pragma once
Jayashankar Padatha0135602019-04-22 16:22:58 +05302#include "openssl_alloc.hpp"
Gunnar Millsb0ce9962018-09-07 13:39:10 -05003
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -06004#include <openssl/evp.h>
5#include <openssl/pem.h>
Gunnar Millsb0ce9962018-09-07 13:39:10 -05006#include <openssl/rsa.h>
7#include <sys/mman.h>
8#include <unistd.h>
9
Adriana Kobylakc98d9122020-05-05 10:36:01 -050010#include <filesystem>
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -060011#include <set>
Andrew Geissler9155b712020-05-16 13:04:44 -050012#include <string>
Henry Tian574f94b2021-01-06 10:33:59 +080013#include <vector>
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -060014
15namespace phosphor
16{
17namespace software
18{
19namespace image
20{
21
Adriana Kobylakc98d9122020-05-05 10:36:01 -050022namespace fs = std::filesystem;
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -060023using Key_t = std::string;
24using Hash_t = std::string;
25using PublicKeyPath = fs::path;
26using HashFilePath = fs::path;
27using KeyHashPathPair = std::pair<HashFilePath, PublicKeyPath>;
28using AvailableKeyTypes = std::set<Key_t>;
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -060029
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -060030// RAII support for openSSL functions.
31using BIO_MEM_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
32using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
33using EVP_MD_CTX_Ptr =
Adriana Kobylak5ed9b2d2018-09-06 13:15:34 -050034 std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_free)>;
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -060035
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -060036/** @struct CustomFd
37 *
38 * RAII wrapper for file descriptor.
39 */
40struct CustomFd
41{
42 public:
43 CustomFd() = delete;
44 CustomFd(const CustomFd&) = delete;
45 CustomFd& operator=(const CustomFd&) = delete;
46 CustomFd(CustomFd&&) = default;
47 CustomFd& operator=(CustomFd&&) = default;
48 /** @brief Saves File descriptor and uses it to do file operation
49 *
50 * @param[in] fd - File descriptor
51 */
52 CustomFd(int fd) : fd(fd)
Adriana Kobylak58aa7502020-06-08 11:12:11 -050053 {}
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -060054
55 ~CustomFd()
56 {
57 if (fd >= 0)
58 {
59 close(fd);
60 }
61 }
62
63 int operator()() const
64 {
65 return fd;
66 }
67
68 private:
69 /** @brief File descriptor */
70 int fd = -1;
71};
72
73/** @struct CustomMap
74 *
75 * RAII wrapper for mmap.
76 */
77struct CustomMap
78{
79 private:
80 /** @brief starting address of the map */
81 void* addr;
82
83 /** @brief length of the mapping */
84 size_t length;
85
86 public:
87 CustomMap() = delete;
88 CustomMap(const CustomMap&) = delete;
89 CustomMap& operator=(const CustomMap&) = delete;
90 CustomMap(CustomMap&&) = default;
91 CustomMap& operator=(CustomMap&&) = default;
92
93 /** @brief Saves starting address of the map and
94 * and length of the file.
95 * @param[in] addr - Starting address of the map
96 * @param[in] length - length of the map
97 */
98 CustomMap(void* addr, size_t length) : addr(addr), length(length)
Adriana Kobylak58aa7502020-06-08 11:12:11 -050099 {}
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -0600100
101 ~CustomMap()
102 {
103 munmap(addr, length);
104 }
105
106 void* operator()() const
107 {
108 return addr;
109 }
110};
111
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600112/** @class Signature
113 * @brief Contains signature verification functions.
114 * @details The software image class that contains the signature
115 * verification functions for signed image.
116 */
117class Signature
118{
119 public:
120 Signature() = delete;
121 Signature(const Signature&) = delete;
122 Signature& operator=(const Signature&) = delete;
123 Signature(Signature&&) = default;
124 Signature& operator=(Signature&&) = default;
125 ~Signature() = default;
126
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600127 /**
128 * @brief Constructs Signature.
129 * @param[in] imageDirPath - image path
130 * @param[in] signedConfPath - Path of public key
131 * hash function files
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600132 */
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600133 Signature(const fs::path& imageDirPath, const fs::path& signedConfPath);
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600134
135 /**
136 * @brief Image signature verification function.
137 * Verify the Manifest and public key file signature using the
138 * public keys available in the system first. After successful
139 * validation, continue the whole image files signature
140 * validation using the image specific public key and the
141 * hash function.
142 *
143 * @return true if signature verification was successful,
144 * false if not
145 */
146 bool verify();
147
148 private:
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600149 /**
150 * @brief Function used for system level file signature validation
Gunnar Millse11a2022018-03-23 12:04:48 -0500151 * of image specific publickey file and manifest file
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600152 * using the available public keys and hash functions
153 * in the system.
Gunnar Mills2bcba022018-04-08 15:02:04 -0500154 * Refer code-update documentation for more details.
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600155 */
156 bool systemLevelVerify();
157
158 /**
159 * @brief Return all key types stored in the BMC based on the
160 * public key and hashfunc files stored in the BMC.
161 *
162 * @return list
163 */
164 AvailableKeyTypes getAvailableKeyTypesFromSystem() const;
165
166 /**
167 * @brief Return public key and hash function file names for the
168 * corresponding key type
169 *
170 * @param[in] key - key type
171 * @return Pair of hash and public key file names
172 */
173 inline KeyHashPathPair getKeyHashFileNames(const Key_t& key) const;
174
175 /**
176 * @brief Verify the file signature using public key and hash function
177 *
178 * @param[in] - Image file path
179 * @param[in] - Signature file path
180 * @param[in] - Public key
181 * @param[in] - Hash function name
182 * @return true if signature verification was successful, false if not
183 */
184 bool verifyFile(const fs::path& file, const fs::path& signature,
185 const fs::path& publicKey, const std::string& hashFunc);
186
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -0600187 /**
188 * @brief Create RSA object from the public key
189 * @param[in] - publickey
190 * @param[out] - RSA Object.
191 */
192 inline RSA* createPublicRSA(const fs::path& publicKey);
193
194 /**
195 * @brief Memory map the file
196 * @param[in] - file path
197 * @param[in] - file size
198 * @param[out] - Custom Mmap address
199 */
200 CustomMap mapFile(const fs::path& path, size_t size);
201
202 /** @brief Directory where software images are placed*/
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600203 fs::path imageDirPath;
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600204
205 /** @brief Path of public key and hash function files */
206 fs::path signedConfPath;
207
208 /** @brief key type defined in mainfest file */
209 Key_t keyType;
210
211 /** @brief Hash type defined in mainfest file */
212 Hash_t hashType;
Henry Tian574f94b2021-01-06 10:33:59 +0800213
214 /** @brief Check and Verify the required image files
215 *
216 * @param[in] filePath - BMC tarball file path
217 * @param[in] publicKeyPath - publicKey file Path
218 * @param[in] imageList - Image filenames included in the BMC tarball
219 * @param[out] result - Boolean
220 * true if all image files are found in BMC tarball and
221 * Verify Sucess false if one of image files is missing
222 */
223 bool checkAndVerifyImage(const std::string& filePath,
224 const std::string& publicKeyPath,
225 const std::vector<std::string>& imageList);
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600226};
227
228} // namespace image
229} // namespace software
230} // namespace phosphor