Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set of a new hash computing functions (SP1) #141

Merged
merged 5 commits into from
Mar 2, 2023
+510 −279
Merged

Set of a new hash computing functions (SP1) #141

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fe42046
misc_utils: Move byte_swap function to new misc_utils.c file
softwarecki Feb 27, 2023
9a87f03
hash: New hash functions
softwarecki Feb 27, 2023
7b36048
manifest: pkcs1_5: Use new hash functions
softwarecki Feb 27, 2023
379f735
hash: Remove old hash functions
softwarecki Feb 27, 2023
67546f9
rimage: Removed hash context from image structure
softwarecki Feb 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
manifest: pkcs1_5: Use new hash functions 
Switched to use new hash functions. The parameter list for the rimage_sign
and rimage_verify functions has been simplified. The necessary information
is now included in the hash_context structure. In addition, code fragments
that may be common to different versions of the manifest have been
separated.

Signed-off-by: Adrian Warecki <adrian.warecki@intel.com>
@softwarecki
softwarecki committed Mar 1, 2023
commit 7b3604839f9e93c3cbd97b65513952e31b756175
157 changes: 98 additions & 59 deletions src/manifest.c
View file
Original file line number Diff line number Diff line change
@@ -23,6 +23,8 @@
#include <rimage/plat_auth.h>
#include <rimage/manifest.h>
#include <rimage/file_utils.h>
#include <rimage/misc_utils.h>
#include <rimage/hash.h>

static int man_open_rom_file(struct image *image)
{
@@ -733,7 +735,8 @@ static void man_create_modules_in_config(struct image *image, struct sof_man_fw_
static int man_hash_modules(struct image *image, struct sof_man_fw_desc *desc)
{
struct sof_man_module *man_module;
int i;
size_t mod_offset, mod_size;
int i, ret = 0;

for (i = 0; i < image->num_modules; i++) {
man_module = (void *)desc + SOF_MAN_MODULE_OFFSET(i);
@@ -744,14 +747,19 @@ static int man_hash_modules(struct image *image, struct sof_man_fw_desc *desc)
continue;
}

ri_sha256(image,
man_module->segment[SOF_MAN_SEGMENT_TEXT].file_offset,
(man_module->segment[SOF_MAN_SEGMENT_TEXT].flags.r.length +
man_module->segment[SOF_MAN_SEGMENT_RODATA].flags.r.length) *
MAN_PAGE_SIZE, man_module->hash);
mod_offset = man_module->segment[SOF_MAN_SEGMENT_TEXT].file_offset;
mod_size = (man_module->segment[SOF_MAN_SEGMENT_TEXT].flags.r.length +
man_module->segment[SOF_MAN_SEGMENT_RODATA].flags.r.length) *
MAN_PAGE_SIZE;

assert((mod_offset + mod_size) <= image->adsp->image_size);

ret = hash_sha256(image->fw_image + mod_offset, mod_size, man_module->hash, sizeof(man_module->hash));
if (ret)
break;
}

return 0;
return ret;
}

/* used by others */
@@ -897,8 +905,7 @@ int man_write_fw_v1_8(struct image *image)
{
struct sof_man_fw_desc *desc;
struct fw_image_manifest_v1_8 *m;
uint8_t hash[SOF_MAN_MOD_SHA256_LEN];
int ret, i;
int ret;

/* init image */
ret = man_init_image_v1_8(image);
@@ -956,20 +963,31 @@ int man_write_fw_v1_8(struct image *image)
/* calculate hash for ADSP meta data extension - 0x480 to end */
/* image_end is updated every time a section is added */
assert(image->image_end > MAN_FW_DESC_OFFSET_V1_8);
ri_sha256(image, MAN_FW_DESC_OFFSET_V1_8, image->image_end
- MAN_FW_DESC_OFFSET_V1_8,
m->adsp_file_ext.comp_desc[0].hash);
ret = hash_sha256(image->fw_image + MAN_FW_DESC_OFFSET_V1_8,
image->image_end - MAN_FW_DESC_OFFSET_V1_8,
m->adsp_file_ext.comp_desc[0].hash,
sizeof(m->adsp_file_ext.comp_desc[0].hash));
if (ret)
goto err;

/* calculate hash for platform auth data - repeated in hash 2 and 4 */
ri_sha256(image, MAN_META_EXT_OFFSET_V1_8,
sizeof(struct sof_man_adsp_meta_file_ext_v1_8), hash);
assert(image->image_end > (MAN_FW_DESC_OFFSET_V1_8 +
sizeof(struct sof_man_adsp_meta_file_ext_v1_8)));

ret = hash_sha256(image->fw_image + MAN_FW_DESC_OFFSET_V1_8,
image->image_end - MAN_FW_DESC_OFFSET_V1_8,
m->signed_pkg.module[0].hash,
sizeof(m->signed_pkg.module[0].hash));
if (ret)
goto err;

/* hash values in reverse order */
for (i = 0; i < SOF_MAN_MOD_SHA256_LEN; i++) {
m->signed_pkg.module[0].hash[i] =
m->partition_info.module[0].hash[i] =
hash[SOF_MAN_MOD_SHA256_LEN - 1 - i];
}
bytes_swap(m->signed_pkg.module[0].hash, sizeof(m->signed_pkg.module[0].hash));

/* Copy module hash to partition_info */
assert(sizeof(m->partition_info.module[0].hash) == sizeof(m->signed_pkg.module[0].hash));
memcpy(m->partition_info.module[0].hash, m->signed_pkg.module[0].hash,
sizeof(m->partition_info.module[0].hash));

/* sign manifest */
ret = ri_manifest_sign_v1_8(image);
@@ -1059,8 +1077,11 @@ int man_write_fw_meu_v1_5(struct image *image)
man_hash_modules(image, desc);

/* calculate hash for ADSP meta data extension */
ri_sha256(image, image->meu_offset, image->image_end -
image->meu_offset, meta->comp_desc[0].hash);
assert(image->meu_offset < image->image_end);
ret = hash_sha256(image->fw_image + image->meu_offset, image->image_end - image->meu_offset,
meta->comp_desc[0].hash, sizeof(meta->comp_desc[0].hash));
if (ret)
goto err;

/* write the unsigned files */
ret = man_write_unsigned_mod(image, meta_start_offset,
@@ -1140,8 +1161,11 @@ int man_write_fw_meu_v1_8(struct image *image)
man_hash_modules(image, desc);

/* calculate hash for ADSP meta data extension */
ri_sha256(image, image->meu_offset, image->image_end -
image->meu_offset, meta->comp_desc[0].hash);
assert(image->meu_offset < image->image_end);
ret = hash_sha256(image->fw_image + image->meu_offset, image->image_end - image->meu_offset,
meta->comp_desc[0].hash, sizeof(meta->comp_desc[0].hash));
if (ret)
goto err;

/* write the unsigned files */
ret = man_write_unsigned_mod(image, meta_start_offset,
@@ -1223,8 +1247,11 @@ int man_write_fw_meu_v2_5(struct image *image)
man_hash_modules(image, desc);

/* calculate hash for ADSP meta data extension */
ri_sha384(image, image->meu_offset, image->image_end -
image->meu_offset, meta->comp_desc[0].hash);
assert(image->meu_offset < image->image_end);
ret = hash_sha384(image->fw_image + image->meu_offset, image->image_end - image->meu_offset,
meta->comp_desc[0].hash, sizeof(meta->comp_desc[0].hash));
if (ret)
goto err;

/* write the unsigned files */
ret = man_write_unsigned_mod(image, meta_start_offset,
@@ -1247,8 +1274,7 @@ int man_write_fw_v2_5(struct image *image)
{
struct sof_man_fw_desc *desc;
struct fw_image_manifest_v2_5 *m;
uint8_t hash[SOF_MAN_MOD_SHA384_LEN];
int ret, i;
int ret;

/* init image */
ret = man_init_image_v2_5(image);
@@ -1310,22 +1336,28 @@ int man_write_fw_v2_5(struct image *image)
man_hash_modules(image, desc);

/* calculate hash inside ADSP meta data extension for padding to end */
ri_sha384(image, image->meu_offset, image->image_end - image->meu_offset,
m->adsp_file_ext.comp_desc[0].hash);
assert(image->meu_offset < image->image_end);
ret = hash_sha384(image->fw_image + image->meu_offset, image->image_end - image->meu_offset,
m->adsp_file_ext.comp_desc[0].hash,
sizeof(m->adsp_file_ext.comp_desc[0].hash));
if (ret)
goto err;

/* mue writes 0xff to 16 bytes of padding */
for (i = 0; i < 16; i++)
m->reserved[i] = 0xff;
memset(m->reserved, 0xff, 16);

/* calculate hash inside ext info 16 of sof_man_adsp_meta_file_ext_v2_5 */
ri_sha384(image, MAN_META_EXT_OFFSET_V2_5,
sizeof(struct sof_man_adsp_meta_file_ext_v2_5), hash);
assert((MAN_META_EXT_OFFSET_V2_5 + sizeof(struct sof_man_adsp_meta_file_ext_v2_5)) <
image->image_end);

ret = hash_sha384(image->fw_image + MAN_META_EXT_OFFSET_V2_5,
sizeof(struct sof_man_adsp_meta_file_ext_v2_5),
m->signed_pkg.module[0].hash, sizeof(m->signed_pkg.module[0].hash));
if (ret)
goto err;

/* hash values in reverse order */
for (i = 0; i < SOF_MAN_MOD_SHA384_LEN; i++) {
m->signed_pkg.module[0].hash[i] =
hash[SOF_MAN_MOD_SHA384_LEN - 1 - i];
}
bytes_swap(m->signed_pkg.module[0].hash, sizeof(m->signed_pkg.module[0].hash));

/* sign manifest */
ret = ri_manifest_sign_v2_5(image);
@@ -1385,11 +1417,10 @@ static int man_init_image_ace_v1_5(struct image *image)

int man_write_fw_ace_v1_5(struct image *image)
{

struct hash_context hash;
struct sof_man_fw_desc *desc;
struct fw_image_manifest_ace_v1_5 *m;
uint8_t hash[SOF_MAN_MOD_SHA384_LEN];
int ret, i;
int ret;

/* init image */
ret = man_init_image_ace_v1_5(image);
@@ -1455,35 +1486,43 @@ int man_write_fw_ace_v1_5(struct image *image)
man_hash_modules(image, desc);

/* calculate hash inside ADSP meta data extension for padding to end */
ri_sha384(image, image->meu_offset, image->image_end - image->meu_offset,
m->adsp_file_ext.comp_desc[0].hash);
assert(image->meu_offset < image->image_end);
ret = hash_sha384(image->fw_image + image->meu_offset, image->image_end - image->meu_offset,
m->adsp_file_ext.comp_desc[0].hash,
sizeof(m->adsp_file_ext.comp_desc[0].hash));
if (ret)
goto err;

/* mue writes 0xff to 16 bytes of padding */
for (i = 0; i < 16; i++)
m->reserved[i] = 0xff;
memset(m->reserved, 0xff, 16);

/* calculate hash inside ext info 16 of sof_man_adsp_meta_file_ext_v2_5 */
ri_sha384(image, MAN_META_EXT_OFFSET_ACE_V1_5,
sizeof(struct sof_man_adsp_meta_file_ext_v2_5), hash);
assert((MAN_META_EXT_OFFSET_ACE_V1_5 + sizeof(struct sof_man_adsp_meta_file_ext_v2_5)) <
image->image_end);

ret = hash_sha384(image->fw_image + MAN_META_EXT_OFFSET_ACE_V1_5,
sizeof(struct sof_man_adsp_meta_file_ext_v2_5),
m->signed_pkg.module[0].hash, sizeof(m->signed_pkg.module[0].hash));
if (ret)
goto err;

/* hash values in reverse order */
for (i = 0; i < SOF_MAN_MOD_SHA384_LEN; i++) {
m->signed_pkg.module[0].hash[i] =
hash[SOF_MAN_MOD_SHA384_LEN - 1 - i];
}
bytes_swap(m->signed_pkg.module[0].hash, sizeof(m->signed_pkg.module[0].hash));

/* calculate hash - SHA384 on CAVS2_5+ */
module_sha384_create(image);
module_sha_update(image, image->fw_image,
sizeof(struct CsePartitionDirHeader_v2_5) +
sizeof(struct CsePartitionDirEntry) * 3);
module_sha_update(image, image->fw_image + 0x4c0, image->image_end - 0x4c0);
module_sha_complete(image, hash);
hash_sha384_init(&hash);
hash_update(&hash, image->fw_image,
sizeof(struct CsePartitionDirHeader_v2_5) +
sizeof(struct CsePartitionDirEntry) * 3);

hash_update(&hash, image->fw_image + 0x4c0, image->image_end - 0x4c0);
hash_finalize(&hash);

/* hash values in reverse order */
for (i = 0; i < SOF_MAN_MOD_SHA384_LEN; i++) {
m->info_0x16.hash[i] = hash[SOF_MAN_MOD_SHA384_LEN - 1 - i];
}
ret = hash_get_digest(&hash, m->info_0x16.hash, sizeof(m->info_0x16.hash));
if (ret < 0)
goto err;
bytes_swap(m->info_0x16.hash, sizeof(m->info_0x16.hash));

/* sign manifest */
ret = ri_manifest_sign_ace_v1_5(image);
279 changes: 129 additions & 150 deletions src/pkcs1_5.c
View file
Original file line number Diff line number Diff line change
@@ -24,6 +24,7 @@
#include <rimage/css.h>
#include <rimage/manifest.h>
#include <rimage/misc_utils.h>
#include <rimage/hash.h>

#define DEBUG_PKCS 0

@@ -155,8 +156,8 @@ static void rimage_set_modexp(EVP_PKEY *privkey, unsigned char *mod, unsigned ch
#endif

#if OPENSSL_VERSION_NUMBER < 0x30000000L
static int rimage_sign(EVP_PKEY *privkey, struct image *image, enum manver ver,
unsigned char *digest, unsigned char *signature)
static int rimage_sign(EVP_PKEY *privkey, enum manver ver, struct hash_context *digest,
unsigned char *signature)
{
unsigned char sig[MAN_RSA_SIGNATURE_LEN_2_5];
unsigned int siglen = MAN_RSA_SIGNATURE_LEN;
@@ -169,13 +170,13 @@ static int rimage_sign(EVP_PKEY *privkey, struct image *image, enum manver ver,
case V15:
/* fallthrough */
case V18:
ret = RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH,
ret = RSA_sign(NID_sha256, digest->digest, digest->digest_length,
signature, &siglen, priv_rsa);
break;
case V25:
/* fallthrough */
case VACE15:
ret = RSA_padding_add_PKCS1_PSS(priv_rsa, sig, digest, image->md,
ret = RSA_padding_add_PKCS1_PSS(priv_rsa, sig, digest->digest, digest->algo,
/* salt length */ 32);
if (ret > 0)
ret = RSA_private_encrypt(RSA_size(priv_rsa), sig, signature, priv_rsa,
@@ -188,12 +189,11 @@ static int rimage_sign(EVP_PKEY *privkey, struct image *image, enum manver ver,
return ret;
}
#else
static int rimage_sign(EVP_PKEY *privkey, struct image *image, enum manver ver,
unsigned char *digest, unsigned char *signature)
static int rimage_sign(EVP_PKEY *privkey, enum manver ver,
struct hash_context *digest, unsigned char *signature)
{
EVP_PKEY_CTX *ctx = NULL;
size_t siglen = MAN_RSA_SIGNATURE_LEN;
size_t sig_in = MAN_RSA_SIGNATURE_LEN_2_5;
int ret;

ctx = EVP_PKEY_CTX_new(privkey, NULL /* no engine */);
@@ -217,28 +217,19 @@ static int rimage_sign(EVP_PKEY *privkey, struct image *image, enum manver ver,
goto out;
}

ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha384());
if (ret <= 0) {
fprintf(stderr, "error: failed to set signature\n");
goto out;
}
siglen = MAN_RSA_SIGNATURE_LEN_2_5;
}

ret = EVP_PKEY_sign(ctx, signature, &sig_in, digest, SHA384_DIGEST_LENGTH);
if (ret <= 0) {
fprintf(stderr, "error: failed to sign manifest\n");
goto out;
}
ret = EVP_PKEY_CTX_set_signature_md(ctx, digest->algo);
if (ret <= 0) {
fprintf(stderr, "error: failed to set signature algorithm\n");
goto out;
}
else {
ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
if (ret <= 0) {
fprintf(stderr, "error: failed to set signature\n");
goto out;
}

ret = EVP_PKEY_sign(ctx, signature, &siglen, digest, SHA256_DIGEST_LENGTH);
if (ret <= 0)
fprintf(stderr, "error: failed to sign manifest\n");
ret = EVP_PKEY_sign(ctx, signature, &siglen, digest->digest, digest->digest_length);
if (ret <= 0) {
fprintf(stderr, "error: failed to sign manifest\n");
goto out;
}

out:
@@ -249,8 +240,8 @@ static int rimage_sign(EVP_PKEY *privkey, struct image *image, enum manver ver,
#endif

#if OPENSSL_VERSION_NUMBER < 0x30000000L
static int rimage_verify(EVP_PKEY *privkey, struct image *image, enum manver ver,
unsigned char *digest, unsigned char *signature)
static int rimage_verify(EVP_PKEY *privkey, enum manver ver, struct hash_context *digest,
unsigned char *signature)
{
unsigned char sig[MAN_RSA_SIGNATURE_LEN_2_5];
unsigned int siglen = MAN_RSA_SIGNATURE_LEN;
@@ -264,8 +255,8 @@ static int rimage_verify(EVP_PKEY *privkey, struct image *image, enum manver ver
case V15:
/* fallthrough */
case V18:
ret = RSA_verify(NID_sha256, digest, SHA256_DIGEST_LENGTH, signature, siglen,
priv_rsa);
ret = RSA_verify(NID_sha256, digest->digest, digest->digest_length, signature,
siglen, priv_rsa);

if (ret <= 0) {
ERR_error_string(ERR_get_error(), err_buf);
@@ -284,7 +275,7 @@ static int rimage_verify(EVP_PKEY *privkey, struct image *image, enum manver ver
return ret;
}

ret = RSA_verify_PKCS1_PSS(priv_rsa, digest, image->md, sig, 32);
ret = RSA_verify_PKCS1_PSS(priv_rsa, digest->digest, digest->algo, sig, 32);
if (ret <= 0) {
ERR_error_string(ERR_get_error(), err_buf);
fprintf(stderr, "error: verify %s\n", err_buf);
@@ -297,12 +288,11 @@ static int rimage_verify(EVP_PKEY *privkey, struct image *image, enum manver ver
return ret;
}
#else
static int rimage_verify(EVP_PKEY *privkey, struct image *image, enum manver ver,
unsigned char *digest, unsigned char *signature)
static int rimage_verify(EVP_PKEY *privkey, enum manver ver,struct hash_context *digest,
unsigned char *signature)
{
EVP_PKEY_CTX *ctx = NULL;
size_t siglen = MAN_RSA_SIGNATURE_LEN;
size_t siglen25 = MAN_RSA_SIGNATURE_LEN_2_5;
char err_buf[256];
int ret;

@@ -314,26 +304,19 @@ static int rimage_verify(EVP_PKEY *privkey, struct image *image, enum manver ver
if (ret <= 0)
goto out;

ret = EVP_PKEY_CTX_set_signature_md(ctx, digest->algo);
if (ret <= 0) {
ERR_error_string(ERR_get_error(), err_buf);
fprintf(stderr, "error: set signature %s\n", err_buf);
goto out;
}

switch (ver) {
case V15:
/* fallthrough */
case V15 /* fallthrough */
case V18:
ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
if (ret <= 0) {
ERR_error_string(ERR_get_error(), err_buf);
fprintf(stderr, "error: set signature %s\n", err_buf);
goto out;
}

ret = EVP_PKEY_verify(ctx, signature, siglen, digest, SHA256_DIGEST_LENGTH);
if (ret <= 0) {
ERR_error_string(ERR_get_error(), err_buf);
fprintf(stderr, "error: verify %s\n", err_buf);
}

break;
case V25:
/* fallthrough */

case V25: /* fallthrough */
case VACE15:
ret = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING);
if (ret <= 0)
@@ -343,21 +326,20 @@ static int rimage_verify(EVP_PKEY *privkey, struct image *image, enum manver ver
if (ret <= 0)
goto out;

ret = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha384());
if (ret <= 0)
goto out;

ret = EVP_PKEY_verify(ctx, signature, siglen25, digest, SHA384_DIGEST_LENGTH);
if (ret <= 0) {
ERR_error_string(ERR_get_error(), err_buf);
fprintf(stderr, "error: verify %s\n", err_buf);
}

siglen = MAN_RSA_SIGNATURE_LEN_2_5;
break;
default:
return -EINVAL;
}

ret = EVP_PKEY_verify(ctx, signature, siglen, digest->digest, digest->digest_length);
if (ret <= 0) {
ERR_error_string(ERR_get_error(), err_buf);
fprintf(stderr, "error: verify %s\n", err_buf);
}

break;

out:
EVP_PKEY_CTX_free(ctx);

@@ -397,7 +379,7 @@ int pkcs_v1_5_sign_man_v1_5(struct image *image,
void *ptr1, unsigned int size1)
{
EVP_PKEY *privkey;
unsigned char digest[SHA256_DIGEST_LENGTH];
struct hash_context digest;
unsigned char mod[MAN_RSA_KEY_MODULUS_LEN];
int ret = -EINVAL, i;

@@ -418,22 +400,20 @@ int pkcs_v1_5_sign_man_v1_5(struct image *image,
}

/* calculate the digest */
module_sha256_create(image);
module_sha_update(image, ptr1, size1);
module_sha_complete(image, digest);
hash_sha256_init(&digest);
hash_update(&digest, ptr1, size1);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* sign the manifest */
ret = rimage_sign(privkey, image, V15, digest,
(unsigned char *)man->css_header.signature);

ret = rimage_sign(privkey, V15, &digest, (unsigned char *)man->css_header.signature);
if (ret <= 0) {
fprintf(stderr, "error: failed to sign manifest\n");
return ret;
goto err;
}

/* copy public key modulus and exponent to manifest */
@@ -448,6 +428,7 @@ int pkcs_v1_5_sign_man_v1_5(struct image *image,
bytes_swap(man->css_header.signature,
sizeof(man->css_header.signature));

err:
EVP_PKEY_free(privkey);
return ret;
}
@@ -465,7 +446,7 @@ int pkcs_v1_5_sign_man_v1_8(struct image *image,
unsigned int size2)
{
EVP_PKEY *privkey;
unsigned char digest[SHA256_DIGEST_LENGTH];
struct hash_context digest;
unsigned char mod[MAN_RSA_KEY_MODULUS_LEN];
int ret = -EINVAL, i;

@@ -487,22 +468,21 @@ int pkcs_v1_5_sign_man_v1_8(struct image *image,
}

/* calculate the digest */
module_sha256_create(image);
module_sha_update(image, ptr1, size1);
module_sha_update(image, ptr2, size2);
module_sha_complete(image, digest);
hash_sha256_init(&digest);
hash_update(&digest, ptr1, size1);
hash_update(&digest, ptr2, size2);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* sign the manifest */
ret = rimage_sign(privkey, image, V18, digest,
(unsigned char *)man->css.signature);
ret = rimage_sign(privkey, V18, &digest, (unsigned char *)man->css.signature);
if (ret <= 0) {
fprintf(stderr, "error: failed to sign manifest\n");
return ret;
goto err;
}

/* copy public key modulus and exponent to manifest */
@@ -515,6 +495,7 @@ int pkcs_v1_5_sign_man_v1_8(struct image *image,
/* signature is reveresd, swap it */
bytes_swap(man->css.signature, sizeof(man->css.signature));

err:
EVP_PKEY_free(privkey);
return ret;
}
@@ -525,7 +506,7 @@ int pkcs_v1_5_sign_man_v2_5(struct image *image,
unsigned int size2)
{
EVP_PKEY *privkey;
unsigned char digest[SHA384_DIGEST_LENGTH];
struct hash_context digest;
unsigned char mod[MAN_RSA_KEY_MODULUS_LEN_2_5];
int ret = -EINVAL, i;

@@ -547,22 +528,21 @@ int pkcs_v1_5_sign_man_v2_5(struct image *image,
}

/* calculate the digest - SHA384 on CAVS2_5+ */
module_sha384_create(image);
module_sha_update(image, ptr1, size1);
module_sha_update(image, ptr2, size2);
module_sha_complete(image, digest);
hash_sha384_init(&digest);
hash_update(&digest, ptr1, size1);
hash_update(&digest, ptr2, size2);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA384_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* sign the manifest */
ret = rimage_sign(privkey, image, V25, digest,
(unsigned char *)man->css.signature);
ret = rimage_sign(privkey, V25, &digest, (unsigned char *)man->css.signature);
if (ret <= 0) {
fprintf(stderr, "error: failed to sign manifest\n");
return ret;
goto err;
}

/* copy public key modulus and exponent to manifest */
@@ -575,6 +555,7 @@ int pkcs_v1_5_sign_man_v2_5(struct image *image,
/* signature is reversed, swap it */
bytes_swap(man->css.signature, sizeof(man->css.signature));

err:
EVP_PKEY_free(privkey);
return ret;
}
@@ -585,7 +566,7 @@ int pkcs_v1_5_sign_man_ace_v1_5(struct image *image,
unsigned int size2)
{
EVP_PKEY *privkey;
unsigned char digest[SHA384_DIGEST_LENGTH];
struct hash_context digest;
unsigned char mod[MAN_RSA_KEY_MODULUS_LEN_2_5];
int ret = -EINVAL, i;

@@ -607,22 +588,21 @@ int pkcs_v1_5_sign_man_ace_v1_5(struct image *image,
}

/* calculate the digest - SHA384 on CAVS2_5+ */
module_sha384_create(image);
module_sha_update(image, ptr1, size1);
module_sha_update(image, ptr2, size2);
module_sha_complete(image, digest);
hash_sha384_init(&digest);
hash_update(&digest, ptr1, size1);
hash_update(&digest, ptr2, size2);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA384_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* sign the manifest */
ret = rimage_sign(privkey, image, VACE15, digest,
(unsigned char *)man->css.signature);
ret = rimage_sign(privkey, VACE15, &digest, (unsigned char *)man->css.signature);
if (ret <= 0) {
fprintf(stderr, "error: failed to sign manifest\n");
return ret;
goto err;
}

/* copy public key modulus and exponent to manifest */
@@ -635,6 +615,7 @@ int pkcs_v1_5_sign_man_ace_v1_5(struct image *image,
/* signature is reversed, swap it */
bytes_swap(man->css.signature, sizeof(man->css.signature));

err:
EVP_PKEY_free(privkey);
return ret;
}
@@ -713,8 +694,8 @@ int pkcs_v1_5_verify_man_v1_5(struct image *image,
void *ptr1, unsigned int size1)
{
EVP_PKEY *privkey;
unsigned char digest[SHA256_DIGEST_LENGTH];
int ret = -EINVAL, i;
struct hash_context digest;
int ret = -EINVAL;

#if DEBUG_PKCS
fprintf(stdout, "offsets 0x%lx size 0x%x\n",
@@ -734,28 +715,27 @@ int pkcs_v1_5_verify_man_v1_5(struct image *image,
}

/* calculate the digest */
module_sha256_create(image);
module_sha_update(image, ptr1, size1);
module_sha_complete(image, digest);
hash_sha256_init(&digest);
hash_update(&digest, ptr1, size1);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* signature is reversed, swap it */
bytes_swap(man->css_header.signature,
sizeof(man->css_header.signature));

/* verify */
ret = rimage_verify(privkey, image, V15, digest,
(unsigned char *)man->css_header.signature);
ret = rimage_verify(privkey, V15, &digest, (unsigned char *)man->css_header.signature);
if (ret <= 0)
fprintf(stderr, "error: failed to verify manifest\n");
else
fprintf(stdout, "pkcs: signature is valid !\n");


err:
EVP_PKEY_free(privkey);
return ret;
}
@@ -773,8 +753,8 @@ int pkcs_v1_5_verify_man_v1_8(struct image *image,
unsigned int size2)
{
EVP_PKEY *privkey;
unsigned char digest[SHA256_DIGEST_LENGTH];
int ret = -EINVAL, i;
struct hash_context digest;
int ret = -EINVAL;

#if DEBUG_PKCS
fprintf(stdout, "offsets 0x%lx size 0x%x offset 0x%lx size 0x%x\n",
@@ -794,27 +774,27 @@ int pkcs_v1_5_verify_man_v1_8(struct image *image,
}

/* calculate the digest */
module_sha256_create(image);
module_sha_update(image, ptr1, size1);
module_sha_update(image, ptr2, size2);
module_sha_complete(image, digest);
hash_sha256_init(&digest);
hash_update(&digest, ptr1, size1);
hash_update(&digest, ptr2, size2);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* signature is reveresd, swap it */
bytes_swap(man->css.signature, sizeof(man->css.signature));

/* verify */
ret = rimage_verify(privkey, image, V18, digest,
(unsigned char *)man->css.signature);
ret = rimage_verify(privkey, V18, &digest, (unsigned char *)man->css.signature);
if (ret <= 0)
fprintf(stderr, "error: failed to verify manifest\n");
else
fprintf(stdout, "pkcs: signature is valid !\n");

err:
EVP_PKEY_free(privkey);
return ret;
}
@@ -832,8 +812,8 @@ int pkcs_v1_5_verify_man_v2_5(struct image *image,
unsigned int size2)
{
EVP_PKEY *privkey;
unsigned char digest[SHA384_DIGEST_LENGTH];
int ret = -EINVAL, i;
struct hash_context digest;
int ret = -EINVAL;

#if DEBUG_PKCS
fprintf(stdout, "offsets 0x%lx size 0x%x offset 0x%lx size 0x%x\n",
@@ -853,28 +833,28 @@ int pkcs_v1_5_verify_man_v2_5(struct image *image,
}

/* calculate the digest - SHA384 on CAVS2_5+ */
module_sha384_create(image);
module_sha_update(image, ptr1, size1);
module_sha_update(image, ptr2, size2);
module_sha_complete(image, digest);
hash_sha384_init(&digest);
hash_update(&digest, ptr1, size1);
hash_update(&digest, ptr2, size2);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA384_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* signature is reversed, swap it */
bytes_swap(man->css.signature, sizeof(man->css.signature));

/* verify */
ret = rimage_verify(privkey, image, V25, digest,
(unsigned char *)man->css.signature);
ret = rimage_verify(privkey, V25, &digest, (unsigned char *)man->css.signature);

if (ret <= 0)
fprintf(stderr, "error: failed to verify manifest\n");
else
fprintf(stdout, "pkcs: signature is valid !\n");

err:
EVP_PKEY_free(privkey);
return ret;
}
@@ -885,8 +865,8 @@ int pkcs_v1_5_verify_man_ace_v1_5(struct image *image,
unsigned int size2)
{
EVP_PKEY *privkey;
unsigned char digest[SHA384_DIGEST_LENGTH];
int ret = -EINVAL, i;
struct hash_context digest;
int ret = -EINVAL;

#if DEBUG_PKCS
fprintf(stdout, "offsets 0x%lx size 0x%x offset 0x%lx size 0x%x\n",
@@ -906,28 +886,27 @@ int pkcs_v1_5_verify_man_ace_v1_5(struct image *image,
}

/* calculate the digest - SHA384 on CAVS2_5+ */
module_sha384_create(image);
module_sha_update(image, ptr1, size1);
module_sha_update(image, ptr2, size2);
module_sha_complete(image, digest);
hash_sha384_init(&digest);
hash_update(&digest, ptr1, size1);
hash_update(&digest, ptr2, size2);
ret = hash_finalize(&digest);
if (ret)
goto err;

fprintf(stdout, " pkcs: digest for manifest is ");
for (i = 0; i < SHA384_DIGEST_LENGTH; i++)
fprintf(stdout, "%02x", digest[i]);
fprintf(stdout, "\n");
hash_print(&digest);

/* signature is reversed, swap it */
bytes_swap(man->css.signature, sizeof(man->css.signature));

/* verify */
ret = rimage_verify(privkey, image, VACE15, digest,
(unsigned char *)man->css.signature);

ret = rimage_verify(privkey, VACE15, &digest, (unsigned char *)man->css.signature);
if (ret <= 0)
fprintf(stderr, "error: failed to verify manifest\n");
else
fprintf(stdout, "pkcs: signature is valid !\n");

err:
EVP_PKEY_free(privkey);
return ret;
}