[U-Boot] [PATCH 0/2] rsa signature: check that required key is really mandatory

[U-Boot] [PATCH 0/2] rsa signature: check that required key is really mandatory

[Philippe Reynes]

This serie fix an issue with the required key on rsa signature. If a required
key is defined, only FIT signed with this key should be accepted. right now,
there is an issue with required key, u-boot may used others key than required
key.

The first commit add a test in vboot to check that u-boot don't allow FIT with
another key than the required key. This test fails and show the issue.
The second commit fix this issue with required key, so the test with required
key succeed.

Daniele Alessandrelli (1):
  rsa: Return immediately if required-key verification fails

Philippe Reynes (1):
  pytest: vboot: add a test for required key

 lib/rsa/rsa-verify.c                               |  3 +-
 test/py/tests/test_vboot.py                        | 57 ++++++++++++++++++++++
 .../tests/vboot/sign-configs-sha256-pss-prod.its   | 46 +++++++++++++++++
 3 files changed, 104 insertions(+), 2 deletions(-)
 create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss-prod.its

-- 
2.7.4

[U-Boot] [PATCH 1/2] pytest: vboot: add a test for required key

[Philippe Reynes]

This commit add a test in the vboot test to check that
when a required key is asked, only FIT signed with this
key is used/accepted by u-boot.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 test/py/tests/test_vboot.py                        | 57 ++++++++++++++++++++++
 .../tests/vboot/sign-configs-sha256-pss-prod.its   | 46 +++++++++++++++++
 2 files changed, 103 insertions(+)
 create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss-prod.its

diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index 4627ceb..9c41ee5 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -80,6 +80,8 @@ def test_vboot(u_boot_console):
         assert(expect_string in ''.join(output))
         if boots:
             assert('sandbox: continuing, as we cannot run' in ''.join(output))
+        else:
+            assert('sandbox: continuing, as we cannot run' not in ''.join(output))
 
     def make_fit(its):
         """Make a new FIT from the .its source file.
@@ -106,6 +108,20 @@ def test_vboot(u_boot_console):
         util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
                                 '-r', fit])
 
+    def sign_fit_norequire(sha_algo):
+        """Sign the FIT
+
+        Signs the FIT and writes the signature into it. It also writes the
+        public key into the dtb.
+
+        Args:
+            sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
+                    use.
+        """
+        cons.log.action('%s: Sign images' % sha_algo)
+        util.run_and_log(cons, [mkimage, '-F', '-k', tmpdir, '-K', dtb,
+                                fit])
+
     def replace_fit_totalsize(size):
         """Replace FIT header's totalsize with something greater.
 
@@ -195,6 +211,35 @@ def test_vboot(u_boot_console):
         util.run_and_log_expect_exception(cons, [fit_check_sign, '-f', fit,
                 '-k', dtb], 1, 'Failed to verify required signature')
 
+    def test_required_key(sha_algo, padding):
+        """Test verified boot with the given hash algorithm.
+
+        This function test if u-boot reject an image when a required
+        key isn't used to sign a FIT.
+
+        Args:
+            sha_algo: Either 'sha1' or 'sha256', to select the algorithm to
+                    use.
+        """
+        # Compile our device tree files for kernel and U-Boot. These are
+        # regenerated here since mkimage will modify them (by adding a
+        # public key) below.
+        dtc('sandbox-kernel.dts')
+        dtc('sandbox-u-boot.dts')
+
+        # Build the FIT with prod key (keys required)
+        # Build the FIT with dev key (keys NOT required)
+        # The dtb contain the key prod and dev and the key prod are set as required.
+        # Then try to boot the FIT with dev key
+        # This FIT should not be accepted by u-boot because the key prod is required
+        cons.log.action('%s: Test FIT with configs images' % sha_algo)
+        make_fit('sign-configs-%s%s-prod.its' % (sha_algo , padding))
+        sign_fit(sha_algo)
+        make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
+        sign_fit(sha_algo)
+
+        run_bootm(sha_algo, 'signed configs', '', False)
+
     cons = u_boot_console
     tmpdir = cons.config.result_dir + '/'
     tmp = tmpdir + 'vboot.tmp'
@@ -217,6 +262,17 @@ def test_vboot(u_boot_console):
     util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sdev.key -out '
                      '%sdev.crt' % (tmpdir, tmpdir))
 
+    # Create an RSA key pair (prod)
+    public_exponent = 65537
+    util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %sprod.key '
+                     '-pkeyopt rsa_keygen_bits:2048 '
+                     '-pkeyopt rsa_keygen_pubexp:%d' %
+                     (tmpdir, public_exponent))
+
+    # Create a certificate containing the public key (prod)
+    util.run_and_log(cons, 'openssl req -batch -new -x509 -key %sprod.key -out '
+                     '%sprod.crt' % (tmpdir, tmpdir))
+
     # Create a number kernel image with zeroes
     with open('%stest-kernel.bin' % tmpdir, 'w') as fd:
         fd.write(5000 * chr(0))
@@ -230,6 +286,7 @@ def test_vboot(u_boot_console):
         test_with_algo('sha1','-pss')
         test_with_algo('sha256','')
         test_with_algo('sha256','-pss')
+        test_required_key('sha256','-pss')
     finally:
         # Go back to the original U-Boot with the correct dtb.
         cons.config.dtb = old_dtb
diff --git a/test/py/tests/vboot/sign-configs-sha256-pss-prod.its b/test/py/tests/vboot/sign-configs-sha256-pss-prod.its
new file mode 100644
index 0000000..aac732e
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha256-pss-prod.its
@@ -0,0 +1,46 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			hash-1 {
+				algo = "sha256";
+			};
+		};
+		fdt-1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			hash-1 {
+				algo = "sha256";
+			};
+		};
+	};
+	configurations {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+			signature {
+				algo = "sha256,rsa2048";
+				padding = "pss";
+				key-name-hint = "prod";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
-- 
2.7.4

[U-Boot] [PATCH 2/2] rsa: Return immediately if required-key verification fails

[Philippe Reynes]

From: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>

Currently, if image verification with a required key fails, rsa_verify()
code tries to find another key to verify the FIT image. This however, is
not the intended behavior as the documentation says that required keys
"must be verified for the image / configuration to be considered valid".

This patch fixes the issue by making rsa_verify() return immediately if
the verification of a required key fails.

Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
---
 lib/rsa/rsa-verify.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 287fcc4..82dc513 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -437,8 +437,7 @@ int rsa_verify(struct image_sign_info *info,
 	if (info->required_keynode != -1) {
 		ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
 			info->required_keynode);
-		if (!ret)
-			return ret;
+		return ret;
 	}
 
 	/* Look for a key that matches our hint */
-- 
2.7.4

[U-Boot] [PATCH 1/2] pytest: vboot: add a test for required key

[Simon Glass]

On Wed, 18 Sep 2019 at 08:05, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit add a test in the vboot test to check that
> when a required key is asked, only FIT signed with this
> key is used/accepted by u-boot.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  test/py/tests/test_vboot.py                        | 57 ++++++++++++++++++++++
>  .../tests/vboot/sign-configs-sha256-pss-prod.its   | 46 +++++++++++++++++
>  2 files changed, 103 insertions(+)
>  create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss-prod.its

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH 2/2] rsa: Return immediately if required-key verification fails

[Simon Glass]

On Wed, 18 Sep 2019 at 08:05, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> From: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
>
> Currently, if image verification with a required key fails, rsa_verify()
> code tries to find another key to verify the FIT image. This however, is
> not the intended behavior as the documentation says that required keys
> "must be verified for the image / configuration to be considered valid".
>
> This patch fixes the issue by making rsa_verify() return immediately if
> the verification of a required key fails.
>
> Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
> ---
>  lib/rsa/rsa-verify.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH 2/2] rsa: Return immediately if required-key verification fails

[sjg at google.com]

On Wed, 18 Sep 2019 at 08:05, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> From: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
>
> Currently, if image verification with a required key fails, rsa_verify()
> code tries to find another key to verify the FIT image. This however, is
> not the intended behavior as the documentation says that required keys
> "must be verified for the image / configuration to be considered valid".
>
> This patch fixes the issue by making rsa_verify() return immediately if
> the verification of a required key fails.
>
> Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@gmail.com>
> ---
>  lib/rsa/rsa-verify.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot-dm/next, thanks!

[U-Boot] [PATCH 1/2] pytest: vboot: add a test for required key

[sjg at google.com]

On Wed, 18 Sep 2019 at 08:05, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
>
> This commit add a test in the vboot test to check that
> when a required key is asked, only FIT signed with this
> key is used/accepted by u-boot.
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  test/py/tests/test_vboot.py                        | 57 ++++++++++++++++++++++
>  .../tests/vboot/sign-configs-sha256-pss-prod.its   | 46 +++++++++++++++++
>  2 files changed, 103 insertions(+)
>  create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss-prod.its

Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot-dm/next, thanks!