diff options
| author | Jayanth Othayoth <ojayanth@in.ibm.com> | 2018-02-21 05:27:47 -0600 |
|---|---|---|
| committer | Jayanth Othayoth <ojayanth@in.ibm.com> | 2018-03-13 06:08:20 -0500 |
| commit | 2ab9b1098efa8280f0cea165d1b6856e1ce05170 (patch) | |
| tree | 4f080b7954cb47269bcf4f2b9da4009a12ae1e30 /image_verify.hpp | |
| parent | 9d7cd834ecfd2a8e868de398c8122fd31e0b7961 (diff) | |
| download | phosphor-bmc-code-mgmt-2ab9b1098efa8280f0cea165d1b6856e1ce05170.tar.gz phosphor-bmc-code-mgmt-2ab9b1098efa8280f0cea165d1b6856e1ce05170.zip | |
Add support for signature verification routines
Enabled high level logic flow for the signed image
signature validation routines.
Includes reading hash type, key type from Manifest file.
Change-Id: I9b0213042bb15882f351e7937fd17fb0a3e9fb33
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Diffstat (limited to 'image_verify.hpp')
| -rw-r--r-- | image_verify.hpp | 69 |
1 files changed, 64 insertions, 5 deletions
diff --git a/image_verify.hpp b/image_verify.hpp index b5c4514..3e65288 100644 --- a/image_verify.hpp +++ b/image_verify.hpp @@ -1,5 +1,6 @@ #pragma once #include <experimental/filesystem> +#include <set> namespace phosphor { @@ -9,7 +10,16 @@ namespace image { namespace fs = std::experimental::filesystem; +using Key_t = std::string; +using Hash_t = std::string; +using PublicKeyPath = fs::path; +using HashFilePath = fs::path; +using KeyHashPathPair = std::pair<HashFilePath, PublicKeyPath>; +using AvailableKeyTypes = std::set<Key_t>; +// BMC flash image file name list. +const std::vector<std::string> bmcImages = {"image-kernel", "image-rofs", + "image-rwfs", "image-u-boot"}; /** @class Signature * @brief Contains signature verification functions. * @details The software image class that contains the signature @@ -25,11 +35,13 @@ class Signature Signature& operator=(Signature&&) = default; ~Signature() = default; - /** @brief Constructs Verify Class - * - * @param[in] imageDirPath - file path + /** + * @brief Constructs Signature. + * @param[in] imageDirPath - image path + * @param[in] signedConfPath - Path of public key + * hash function files */ - Signature(const fs::path& imageDirPath) : imageDirPath(imageDirPath){}; + Signature(const fs::path& imageDirPath, const fs::path& signedConfPath); /** * @brief Image signature verification function. @@ -45,8 +57,55 @@ class Signature bool verify(); private: - /** @brief Directory where software images are placed*/ + /** + * @brief Function used for system level file signature validation + * of image specfic publickey file and manifest file + * using the available public keys and hash functions + * in the system. + * Refer code-update documenation for more details. + */ + bool systemLevelVerify(); + + /** + * @brief Return all key types stored in the BMC based on the + * public key and hashfunc files stored in the BMC. + * + * @return list + */ + AvailableKeyTypes getAvailableKeyTypesFromSystem() const; + + /** + * @brief Return public key and hash function file names for the + * corresponding key type + * + * @param[in] key - key type + * @return Pair of hash and public key file names + */ + inline KeyHashPathPair getKeyHashFileNames(const Key_t& key) const; + + /** + * @brief Verify the file signature using public key and hash function + * + * @param[in] - Image file path + * @param[in] - Signature file path + * @param[in] - Public key + * @param[in] - Hash function name + * @return true if signature verification was successful, false if not + */ + bool verifyFile(const fs::path& file, const fs::path& signature, + const fs::path& publicKey, const std::string& hashFunc); + + /** @brief Directory where software images are placed */ fs::path imageDirPath; + + /** @brief Path of public key and hash function files */ + fs::path signedConfPath; + + /** @brief key type defined in mainfest file */ + Key_t keyType; + + /** @brief Hash type defined in mainfest file */ + Hash_t hashType; }; } // namespace image |
