diff options
Diffstat (limited to 'image_verify.hpp')
-rw-r--r-- | image_verify.hpp | 69 |
1 files changed, 64 insertions, 5 deletions
diff --git a/image_verify.hpp b/image_verify.hpp index b5c4514..3e65288 100644 --- a/image_verify.hpp +++ b/image_verify.hpp @@ -1,5 +1,6 @@ #pragma once #include <experimental/filesystem> +#include <set> namespace phosphor { @@ -9,7 +10,16 @@ namespace image { namespace fs = std::experimental::filesystem; +using Key_t = std::string; +using Hash_t = std::string; +using PublicKeyPath = fs::path; +using HashFilePath = fs::path; +using KeyHashPathPair = std::pair<HashFilePath, PublicKeyPath>; +using AvailableKeyTypes = std::set<Key_t>; +// BMC flash image file name list. +const std::vector<std::string> bmcImages = {"image-kernel", "image-rofs", + "image-rwfs", "image-u-boot"}; /** @class Signature * @brief Contains signature verification functions. * @details The software image class that contains the signature @@ -25,11 +35,13 @@ class Signature Signature& operator=(Signature&&) = default; ~Signature() = default; - /** @brief Constructs Verify Class - * - * @param[in] imageDirPath - file path + /** + * @brief Constructs Signature. + * @param[in] imageDirPath - image path + * @param[in] signedConfPath - Path of public key + * hash function files */ - Signature(const fs::path& imageDirPath) : imageDirPath(imageDirPath){}; + Signature(const fs::path& imageDirPath, const fs::path& signedConfPath); /** * @brief Image signature verification function. @@ -45,8 +57,55 @@ class Signature bool verify(); private: - /** @brief Directory where software images are placed*/ + /** + * @brief Function used for system level file signature validation + * of image specfic publickey file and manifest file + * using the available public keys and hash functions + * in the system. + * Refer code-update documenation for more details. + */ + bool systemLevelVerify(); + + /** + * @brief Return all key types stored in the BMC based on the + * public key and hashfunc files stored in the BMC. + * + * @return list + */ + AvailableKeyTypes getAvailableKeyTypesFromSystem() const; + + /** + * @brief Return public key and hash function file names for the + * corresponding key type + * + * @param[in] key - key type + * @return Pair of hash and public key file names + */ + inline KeyHashPathPair getKeyHashFileNames(const Key_t& key) const; + + /** + * @brief Verify the file signature using public key and hash function + * + * @param[in] - Image file path + * @param[in] - Signature file path + * @param[in] - Public key + * @param[in] - Hash function name + * @return true if signature verification was successful, false if not + */ + bool verifyFile(const fs::path& file, const fs::path& signature, + const fs::path& publicKey, const std::string& hashFunc); + + /** @brief Directory where software images are placed */ fs::path imageDirPath; + + /** @brief Path of public key and hash function files */ + fs::path signedConfPath; + + /** @brief key type defined in mainfest file */ + Key_t keyType; + + /** @brief Hash type defined in mainfest file */ + Hash_t hashType; }; } // namespace image |