From patchwork Mon Jan 15 19:26:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1886825 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=O6uQYr6R; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=IcSLx5mm; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::43e; helo=mail-wr1-x43e.google.com; envelope-from=swupdate+bncbdy5juxlviebba4ps2wqmgqectk66zi@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wr1-x43e.google.com (mail-wr1-x43e.google.com [IPv6:2a00:1450:4864:20::43e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TDMdg2mHyz1yPg for ; Tue, 16 Jan 2024 06:29:11 +1100 (AEDT) Received: by mail-wr1-x43e.google.com with SMTP id ffacd0b85a97d-3368698f0casf5655908f8f.1 for ; Mon, 15 Jan 2024 11:29:11 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705346947; cv=pass; d=google.com; s=arc-20160816; b=lT1+xIa7H2wnKrntbTrOYWngD8eyVMuHRx9fBEC0Kz5rL/NdJutSWkBeYZg80AYjF8 mYhpiTdsS3f+jPZD2H63Qbh8XrYpwgJHw/zR5wIBIGjcQxoGG7KuDlgqA0EG669G+3w3 Le61GjamFP+20Yq+Hc+sE9K42WDCjn9Y9LsmfT8qF2cnM3wAFw0iNH6F9yIfmtxp/0C4 r4cijxgdyrZwlP35+KBmqshmE9RMlNCTjOfzzTj21/FA48ZjPtegYUg6gXiHbhBavNz6 lC0yBWj3xvCn1xQofpAimEU2XIrOGreQcaRXyz1SSQ5CzO7bHHVHq3l2n9AccFmcFh3Q fV/g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=xrLwg7SpSjZUWhkwIfO6QnHvEd9UfK+gh7Sfs24rOYgos+1ySd3evDjmYFouzVK652 iFKK0Xn0p1jYDk37JCUKkesvdDS/tQSTfphh+/TRdyWydWMCB4weGc72uVNa/MJEl7wz oIdbYOKcdFtp7rURjOkvy+T/bWZkH1hDw7j9vHMWvlvnEMAJA5R2NLLdHkgzDXmZWqDB QNRaZzYoyRxaYF/IdVSmh1J0tUNkGDQQceeCtlGuQaJaPjDp5tjIObNXWpHu0nHdanXj YpPDZeWD0rIcaI5n+udPNOuIPzePDyTTr6Z1cb+pzp0LZEnTvB2IYH1+JtDYsrI7gEv0 uFbg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LhWdj9XE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1705346947; x=1705951747; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; b=O6uQYr6R4Z1vOU6hQqoUg28vymrudgm8gRvobBoriKBd6GRkYb5C9mxVypb0ZOTNy4 md0B/43QXNdS6YqIhW6CGK45AP4KuY3x1+cbmbQOQdr2FLI+OLya+I6+Vhz5l0/tdBri ei4hJHld4aF+KU/kcQnXbjGeRypZXHVeTKKqc8aiwGgBjG5F4aWmg50LiOcIj9x6hwGV pXdLDd7Fp39OGhUK9qpQz7Dd1P0g5UFDqkbwOE2dgFb8/KUemAD44Dm2q2Cg6Bj9g3jX YPE4ws/1z8tAFUVYTP85nOt1I0cTmYsuzsh2nQxIKdnSRlYfH4DYfYii5/OpiRN6Z3rJ 96vQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705346947; x=1705951747; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; b=IcSLx5mm5zgyoyJWjkhAFpu1kE44zgbJlNioLOJAP6x5GoCd0U3dg6DU1mdFz0fFCb quAxp4P6vJmPR57lL1k4LM1MPSTNii57pwJnVKM9Na2SAIblGb23gXgu893A5W4otsHV j5BwchVjCmzaOJxtCgUJm9axZDlgwYPwFWn+wd8upVAhs9YkEOWi6uyX0mC/Nl6jMunX c9gVd0kww3QPHaoFAes8t9vE7KoeUIspaQrV+kFw6+nblw/4l87Mh2X4svn3zLSCWlWY 2ADvdsyRGzaqE0AI+LBaLm+NGiVv8C+2rPsqQ5vgpBEe1fwvVf0fw5gF8Oly4EoJ4tVO AIdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705346947; x=1705951747; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=+sITOAYZwQY/ffGz9PwDTYErnHi3z3pKUjzeWTASPhs=; b=dEE/Whx/wWeYCiKXyG74uaH7PqzOV9Q96D46+6D2x9OhSWExljLVmx7cmgV8/+FEaH SyWkXHsiEgWESz25iOeJwAHlthehONCq448d9BFHKSwYy22+LHmBIsClpl97tLyLcW2A WFFQ0QA+PfYt9hVtXFh304jHkCgnztLwdbkVb41B2nW23N6rHYAq49Axh28qy9REn4wo 2MBbSaIpygH0T+Vy0hbTDQq57xIfBTi3bHAA7nTVgm2cvS6gH4PtPFvmncjSjloNRZce vo1WOidcSOI4YD2LXj6O4Rz1lg50whDk3viGxd7TSLRcfe4wlAb/jq5Cn5dovyIrpgde TDMA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0Yyf44ZLS4VD7Zebh5R0nhVmpkbe7YjKnrqxJ5CyhOLZNVv+x71p s+SjC2f9JW4LnVIdPLZkUpo= X-Google-Smtp-Source: AGHT+IHK8LE2UlZfallYm/wUvfVaWZZTXDDeaXMyUrnw74JOFvHqX5EAC3wrXAHXlwwlxGzMfQlaxg== X-Received: by 2002:a05:6000:14b:b0:337:5baa:ec9d with SMTP id r11-20020a056000014b00b003375baaec9dmr1872952wrx.8.1705346947498; Mon, 15 Jan 2024 11:29:07 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:adf:db05:0:b0:337:8317:7170 with SMTP id s5-20020adfdb05000000b0033783177170ls2198613wri.2.-pod-prod-08-eu; Mon, 15 Jan 2024 11:29:05 -0800 (PST) X-Received: by 2002:a5d:5709:0:b0:337:a6fc:1d8a with SMTP id a9-20020a5d5709000000b00337a6fc1d8amr710736wrv.84.1705346945498; Mon, 15 Jan 2024 11:29:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705346945; cv=none; d=google.com; s=arc-20160816; b=WBqcn5rXIXkifd9E/XLeSvPGIgV+Z+wJ7DnSBVq70hl5xO9B9S3zRQOdeoT49GNarm POW/04qQLl36TyOgMAJ/nGUMFGAJlBZkbTg0G6jit5p70l2EWoTFO1vJTBE4IGg3Z0xo SqTVZolC4PTSKOe5+ON2bJ25YBFqeezOMvUQUoGzh93XN/bE2cURBBZpKv7nhU0n7Rxm +HiNOpMBvjq2K6Tiyp02YkzLMJ2DpyQJNCPyi21z3FJCV84Q5RCCd1pau1LHG+NVh5+l emvoE8qDXawtZErLwp9WLqidCDI2YTMaSOSlKoss/1Us7Hxxr7P8oGzN4yPEFxlfyzEE Qpog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=JH6rgdhAMqOHQhjCcldEykNfiGwDThoglXaTp5cXxDo=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=nIqLBJetV/hX7FSNMCWEb6roYVkI/HgNULa1oLCjIhhJIoXvmVWmujgXE3VeOizToX pTpRd+Fq0oxJoLNmYGpMWaT9AJtQdBzB19Wbz/CAcg5bBglh1PuIRas+BicWmfX5bccA jrXwK9hYPd7Bq9Jam+VtXuSQr4LLEkZK9s4Zc8HRfLt8Y0K38dkOkHSHFb8lRZYE+59P 9k7eVlRnBoHr/I/T/lrPwkaaS1p+8m+pgC5402CcT2rFp264I3RUFCqf9ugXKnCl5NGK zvUPmWnnnGIiB1YKYcxqKlMl6PKUEOnD8i1tuR/zaQW0g7Z+hYwZi7FcBPZuRTG28aUC A7VA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LhWdj9XE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com. [2a00:1450:4864:20::631]) by gmr-mx.google.com with ESMTPS id l8-20020a5d6d88000000b003367f2ef462si282284wrs.8.2024.01.15.11.29.05 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jan 2024 11:29:05 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) client-ip=2a00:1450:4864:20::631; Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a28b1095064so1019290966b.2 for ; Mon, 15 Jan 2024 11:29:05 -0800 (PST) X-Received: by 2002:a17:907:7244:b0:a2d:9a0c:27f0 with SMTP id ds4-20020a170907724400b00a2d9a0c27f0mr776846ejc.42.1705346944757; Mon, 15 Jan 2024 11:29:04 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id tl7-20020a170907c30700b00a2de58581f6sm1289255ejc.74.2024.01.15.11.29.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 11:29:04 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V4][PATCH 7/8] Add support for asymmetrical encrypted images Date: Mon, 15 Jan 2024 20:26:44 +0100 Message-ID: <20240115192845.51530-8-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> References: <20240115192845.51530-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LhWdj9XE; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::631 as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Asymmetric decryption is now supported exclusively for the sw-description file. Applying asymmetric decryption to other artifacts is deemed impractical. Hence, when 'encrypted == ASYMMETRIC,' an asymmetrically encrypted sw-description file is anticipated and written to fdout. The __swupdate_copy function decrypts the sw-description file from a temporary copy named 'sw-description.enc,' which is subsequently removed post-update. Signed-off-by: Michael Glembotzki --- Kconfig | 12 +++++++++++ core/cpio_utils.c | 55 +++++++++++++++++++++++++++++++++++++++++++++-- core/installer.c | 7 ++++++ 3 files changed, 72 insertions(+), 2 deletions(-) diff --git a/Kconfig b/Kconfig index 5a3dc9a..a6f0671 100644 --- a/Kconfig +++ b/Kconfig @@ -507,6 +507,18 @@ config ENCRYPTED_SW_DESCRIPTION if this is set. It is a compile time option, and mix of plain and encrypted sw-descriptions is not possible. +config ASYM_ENCRYPTED_SW_DESCRIPTION + bool "Asymmetrical encrypted sw-description" + depends on ENCRYPTED_SW_DESCRIPTION && !PKCS11 + depends on SSL_IMPL_OPENSSL + default n + help + This option enables support for asymmetrical encrypted sw-description, + making it possible to decrypt images device specific. The artifacts + themselves are still encrypted symmetrically. An AES key can optionally + be provided in the sw-description, or the default AES key will be used. + Cryptographic Message Syntax (CMS) is used for decryption. + config ENCRYPTED_IMAGES_HARDEN_LOGGING bool "Harden logging for encrypted images" default n diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 03d43c9..2310156 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -26,6 +26,7 @@ #include "util.h" #include "sslapi.h" #include "progress.h" +#include "parsers.h" #define MODULE_NAME "cpio" @@ -444,6 +445,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby unsigned char *aes_key = NULL; unsigned char *ivt = NULL; unsigned char ivtbuf[AES_BLK_SIZE]; + char keylen; struct InputState input_state = { .fdin = fdin, @@ -513,7 +515,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby } if (encrypted == SYMMETRIC) { - aes_key = get_aes_key(); + /* Use default ivt, if no image ivt is provided */ if (imgivt) { if (!strlen(imgivt) || !is_hex_str(imgivt) || ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { ERROR("Invalid image ivt"); @@ -522,7 +524,19 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby ivt = ivtbuf; } else ivt = get_aes_ivt(); - decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, get_aes_keylen(), ivt); + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + aes_key = get_tmp_aes_key(); + keylen = get_tmp_aes_keylen(); +#endif + + /* Use default aes-key, if no aes-key is provided within the sw-description */ + if (!aes_key) { + aes_key = get_aes_key(); + keylen = get_aes_keylen(); + } + + decrypt_state.dcrypt = swupdate_DECRYPT_init(aes_key, keylen, ivt); if (!decrypt_state.dcrypt) { ERROR("decrypt initialization failure, aborting"); ret = -EFAULT; @@ -680,6 +694,43 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby *checksum = input_state.checksum; } +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (encrypted == ASYMMETRIC) { + char sw_desc_file[MAX_IMAGE_FNAME]; + char sw_desc_file_enc[MAX_IMAGE_FNAME]; + const char *TMPDIR = get_tmpdir(); + /* + * Assume the asym encrypted sw-description file is written to fdout + */ + int fdout = out ? *(int *)out : -1; + + if (fdout < 0) { + ERROR("out argument: invalid fd or pointer"); + ret = -EFAULT; + goto copyfile_exit; + } + close(fdout); + + snprintf(sw_desc_file, sizeof(sw_desc_file), "%s%s", TMPDIR, SW_DESCRIPTION_FILENAME); + snprintf(sw_desc_file_enc, sizeof(sw_desc_file_enc), "%s.enc", sw_desc_file); + + if (rename(sw_desc_file, sw_desc_file_enc)) { + ERROR("Renaming %s to %s failed", sw_desc_file, sw_desc_file_enc); + ret = -EFAULT; + goto copyfile_exit; + } + + /* + * Decrypt the asym encrypted sw-description file + */ + if (swupdate_decrypt_file(get_swupdate_cfg()->dgst, sw_desc_file_enc, sw_desc_file)) { + ERROR("Decrypting %s failed", sw_desc_file); + ret = -EFAULT; + goto copyfile_exit; + } + } +#endif + ret = 0; copyfile_exit: diff --git a/core/installer.c b/core/installer.c index 20b5b51..7707672 100644 --- a/core/installer.c +++ b/core/installer.c @@ -497,6 +497,13 @@ void cleanup_files(struct swupdate_cfg *software) { free(fn); } #endif + +#ifdef CONFIG_ASYM_ENCRYPTED_SW_DESCRIPTION + if (asprintf(&fn, "%s%s.enc", TMPDIR, SW_DESCRIPTION_FILENAME) != ENOMEM_ASPRINTF) { + remove_sw_file(fn); + free(fn); + } +#endif } int preupdatecmd(struct swupdate_cfg *swcfg)