blob: 98fda6f8793576ea98be3fc4a0a85445b81b1b10 [file] [log] [blame]
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -06001#pragma once
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -06002#include <openssl/rsa.h>
3#include <openssl/evp.h>
4#include <openssl/pem.h>
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -06005#include <experimental/filesystem>
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -06006#include <set>
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -06007#include <unistd.h>
8#include <sys/mman.h>
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -06009
10namespace phosphor
11{
12namespace software
13{
14namespace image
15{
16
17namespace fs = std::experimental::filesystem;
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -060018using Key_t = std::string;
19using Hash_t = std::string;
20using PublicKeyPath = fs::path;
21using HashFilePath = fs::path;
22using KeyHashPathPair = std::pair<HashFilePath, PublicKeyPath>;
23using AvailableKeyTypes = std::set<Key_t>;
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -060024
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -060025// RAII support for openSSL functions.
26using BIO_MEM_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
27using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
28using EVP_MD_CTX_Ptr =
29 std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_destroy)>;
30
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -060031/** @struct CustomFd
32 *
33 * RAII wrapper for file descriptor.
34 */
35struct CustomFd
36{
37 public:
38 CustomFd() = delete;
39 CustomFd(const CustomFd&) = delete;
40 CustomFd& operator=(const CustomFd&) = delete;
41 CustomFd(CustomFd&&) = default;
42 CustomFd& operator=(CustomFd&&) = default;
43 /** @brief Saves File descriptor and uses it to do file operation
44 *
45 * @param[in] fd - File descriptor
46 */
47 CustomFd(int fd) : fd(fd)
48 {
49 }
50
51 ~CustomFd()
52 {
53 if (fd >= 0)
54 {
55 close(fd);
56 }
57 }
58
59 int operator()() const
60 {
61 return fd;
62 }
63
64 private:
65 /** @brief File descriptor */
66 int fd = -1;
67};
68
69/** @struct CustomMap
70 *
71 * RAII wrapper for mmap.
72 */
73struct CustomMap
74{
75 private:
76 /** @brief starting address of the map */
77 void* addr;
78
79 /** @brief length of the mapping */
80 size_t length;
81
82 public:
83 CustomMap() = delete;
84 CustomMap(const CustomMap&) = delete;
85 CustomMap& operator=(const CustomMap&) = delete;
86 CustomMap(CustomMap&&) = default;
87 CustomMap& operator=(CustomMap&&) = default;
88
89 /** @brief Saves starting address of the map and
90 * and length of the file.
91 * @param[in] addr - Starting address of the map
92 * @param[in] length - length of the map
93 */
94 CustomMap(void* addr, size_t length) : addr(addr), length(length)
95 {
96 }
97
98 ~CustomMap()
99 {
100 munmap(addr, length);
101 }
102
103 void* operator()() const
104 {
105 return addr;
106 }
107};
108
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600109/** @class Signature
110 * @brief Contains signature verification functions.
111 * @details The software image class that contains the signature
112 * verification functions for signed image.
113 */
114class Signature
115{
116 public:
117 Signature() = delete;
118 Signature(const Signature&) = delete;
119 Signature& operator=(const Signature&) = delete;
120 Signature(Signature&&) = default;
121 Signature& operator=(Signature&&) = default;
122 ~Signature() = default;
123
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600124 /**
125 * @brief Constructs Signature.
126 * @param[in] imageDirPath - image path
127 * @param[in] signedConfPath - Path of public key
128 * hash function files
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600129 */
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600130 Signature(const fs::path& imageDirPath, const fs::path& signedConfPath);
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600131
132 /**
133 * @brief Image signature verification function.
134 * Verify the Manifest and public key file signature using the
135 * public keys available in the system first. After successful
136 * validation, continue the whole image files signature
137 * validation using the image specific public key and the
138 * hash function.
139 *
140 * @return true if signature verification was successful,
141 * false if not
142 */
143 bool verify();
144
145 private:
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600146 /**
147 * @brief Function used for system level file signature validation
Gunnar Millse11a2022018-03-23 12:04:48 -0500148 * of image specific publickey file and manifest file
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600149 * using the available public keys and hash functions
150 * in the system.
Gunnar Mills2bcba022018-04-08 15:02:04 -0500151 * Refer code-update documentation for more details.
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600152 */
153 bool systemLevelVerify();
154
155 /**
156 * @brief Return all key types stored in the BMC based on the
157 * public key and hashfunc files stored in the BMC.
158 *
159 * @return list
160 */
161 AvailableKeyTypes getAvailableKeyTypesFromSystem() const;
162
163 /**
164 * @brief Return public key and hash function file names for the
165 * corresponding key type
166 *
167 * @param[in] key - key type
168 * @return Pair of hash and public key file names
169 */
170 inline KeyHashPathPair getKeyHashFileNames(const Key_t& key) const;
171
172 /**
173 * @brief Verify the file signature using public key and hash function
174 *
175 * @param[in] - Image file path
176 * @param[in] - Signature file path
177 * @param[in] - Public key
178 * @param[in] - Hash function name
179 * @return true if signature verification was successful, false if not
180 */
181 bool verifyFile(const fs::path& file, const fs::path& signature,
182 const fs::path& publicKey, const std::string& hashFunc);
183
Jayanth Othayothfb6e1fc2018-02-21 05:43:20 -0600184 /**
185 * @brief Create RSA object from the public key
186 * @param[in] - publickey
187 * @param[out] - RSA Object.
188 */
189 inline RSA* createPublicRSA(const fs::path& publicKey);
190
191 /**
192 * @brief Memory map the file
193 * @param[in] - file path
194 * @param[in] - file size
195 * @param[out] - Custom Mmap address
196 */
197 CustomMap mapFile(const fs::path& path, size_t size);
198
199 /** @brief Directory where software images are placed*/
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600200 fs::path imageDirPath;
Jayanth Othayoth2ab9b102018-02-21 05:27:47 -0600201
202 /** @brief Path of public key and hash function files */
203 fs::path signedConfPath;
204
205 /** @brief key type defined in mainfest file */
206 Key_t keyType;
207
208 /** @brief Hash type defined in mainfest file */
209 Hash_t hashType;
Jayanth Othayoth9d7cd832018-02-21 05:12:39 -0600210};
211
212} // namespace image
213} // namespace software
214} // namespace phosphor