image/create.go - mynewt-artifact - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *  http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package image

 import (
 	"bytes"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"encoding/asn1"
 	"encoding/binary"
 	"encoding/hex"
 	"io/ioutil"
 	"math/big"

 	"mynewt.apache.org/newt/artifact/sec"
 	"mynewt.apache.org/newt/util"
 )

 type ImageCreator struct {
 	Body         []byte
 	Version      ImageVersion
 	SigKeys      []sec.SignKey
 	PlainSecret  []byte
 	CipherSecret []byte
 	HeaderSize   int
 	InitialHash  []byte
 	Bootable     bool
 }

 type ImageCreateOpts struct {
 	SrcBinFilename    string
 	SrcEncKeyFilename string
 	Version           ImageVersion
 	SigKeys           []sec.SignKey
 	LoaderHash        []byte
 }

 type ECDSASig struct {
 	R *big.Int
 	S *big.Int
 }

 func NewImageCreator() ImageCreator {
 	return ImageCreator{
 		HeaderSize: IMAGE_HEADER_SIZE,
 		Bootable:   true,
 	}
 }

 func sigTlvType(key sec.SignKey) uint8 {
 	key.AssertValid()

 	if key.Rsa != nil {
 		return IMAGE_TLV_RSA2048
 	} else {
 		switch key.Ec.Curve.Params().Name {
 		case "P-224":
 			return IMAGE_TLV_ECDSA224
 		case "P-256":
 			return IMAGE_TLV_ECDSA256
 		default:
 			return 0
 		}
 	}
 }

 func GenerateEncTlv(cipherSecret []byte) (ImageTlv, error) {
 	var encType uint8

 	if len(cipherSecret) == 256 {
 		encType = IMAGE_TLV_ENC_RSA
 	} else if len(cipherSecret) == 24 {
 		encType = IMAGE_TLV_ENC_KEK
 	} else {
 		return ImageTlv{}, util.FmtNewtError("Invalid enc TLV size ")
 	}

 	return ImageTlv{
 		Header: ImageTlvHdr{
 			Type: encType,
 			Pad:  0,
 			Len:  uint16(len(cipherSecret)),
 		},
 		Data: cipherSecret,
 	}, nil
 }

 func GenerateSigRsa(key sec.SignKey, hash []byte) ([]byte, error) {
 	opts := rsa.PSSOptions{
 		SaltLength: rsa.PSSSaltLengthEqualsHash,
 	}
 	signature, err := rsa.SignPSS(
 		rand.Reader, key.Rsa, crypto.SHA256, hash, &opts)
 	if err != nil {
 		return nil, util.FmtNewtError("Failed to compute signature: %s", err)
 	}

 	return signature, nil
 }

 func GenerateSigEc(key sec.SignKey, hash []byte) ([]byte, error) {
 	r, s, err := ecdsa.Sign(rand.Reader, key.Ec, hash)
 	if err != nil {
 		return nil, util.FmtNewtError("Failed to compute signature: %s", err)
 	}

 	ECDSA := ECDSASig{
 		R: r,
 		S: s,
 	}

 	signature, err := asn1.Marshal(ECDSA)
 	if err != nil {
 		return nil, util.FmtNewtError("Failed to construct signature: %s", err)
 	}

 	sigLen := key.SigLen()
 	if len(signature) > int(sigLen) {
 		return nil, util.FmtNewtError("Something is really wrong\n")
 	}

 	pad := make([]byte, int(sigLen)-len(signature))
 	signature = append(signature, pad...)

 	return signature, nil
 }

 func GenerateSig(key sec.SignKey, hash []byte) ([]byte, error) {
 	key.AssertValid()

 	if key.Rsa != nil {
 		return GenerateSigRsa(key, hash)
 	} else {
 		return GenerateSigEc(key, hash)
 	}
 }

 func BuildKeyHashTlv(keyBytes []byte) ImageTlv {
 	data := sec.RawKeyHash(keyBytes)
 	return ImageTlv{
 		Header: ImageTlvHdr{
 			Type: IMAGE_TLV_KEYHASH,
 			Pad:  0,
 			Len:  uint16(len(data)),
 		},
 		Data: data,
 	}
 }

 func BuildSigTlvs(keys []sec.SignKey, hash []byte) ([]ImageTlv, error) {
 	var tlvs []ImageTlv

 	for _, key := range keys {
 		key.AssertValid()

 		// Key hash TLV.
 		pubKey, err := key.PubBytes()
 		if err != nil {
 			return nil, err
 		}
 		tlv := BuildKeyHashTlv(pubKey)
 		tlvs = append(tlvs, tlv)

 		// Signature TLV.
 		sig, err := GenerateSig(key, hash)
 		if err != nil {
 			return nil, err
 		}
 		tlv = ImageTlv{
 			Header: ImageTlvHdr{
 				Type: sigTlvType(key),
 				Len:  uint16(len(sig)),
 			},
 			Data: sig,
 		}
 		tlvs = append(tlvs, tlv)
 	}

 	return tlvs, nil
 }

 func GeneratePlainSecret() ([]byte, error) {
 	plainSecret := make([]byte, 16)
 	if _, err := rand.Read(plainSecret); err != nil {
 		return nil, util.FmtNewtError(
 			"Random generation error: %s\n", err)
 	}

 	return plainSecret, nil
 }

 func GenerateCipherSecret(pubKeBytes []byte,
 	plainSecret []byte) ([]byte, error) {

 	// Try reading as PEM (asymetric key).
 	rsaPubKe, err := sec.ParsePubKePem(pubKeBytes)
 	if err != nil {
 		return nil, err
 	}
 	if rsaPubKe != nil {
 		return sec.EncryptSecretRsa(rsaPubKe, plainSecret)
 	}

 	// Not PEM; assume this is a base64 encoded symetric key
 	aesPubKe, err := sec.ParseKeBase64(pubKeBytes)
 	if err != nil {
 		return nil, err
 	}
 	if aesPubKe != nil {
 		return sec.EncryptSecretAes(aesPubKe, plainSecret)
 	}

 	return nil, util.FmtNewtError("Invalid image-crypt key")
 }

 func GenerateImage(opts ImageCreateOpts) (Image, error) {
 	ic := NewImageCreator()

 	srcBin, err := ioutil.ReadFile(opts.SrcBinFilename)
 	if err != nil {
 		return Image{}, util.FmtNewtError(
 			"Can't read app binary: %s", err.Error())
 	}

 	ic.Body = srcBin
 	ic.Version = opts.Version
 	ic.SigKeys = opts.SigKeys

 	if opts.LoaderHash != nil {
 		ic.InitialHash = opts.LoaderHash
 		ic.Bootable = false
 	} else {
 		ic.Bootable = true
 	}

 	if opts.SrcEncKeyFilename != "" {
 		plainSecret, err := GeneratePlainSecret()
 		if err != nil {
 			return Image{}, err
 		}

 		pubKeBytes, err := ioutil.ReadFile(opts.SrcEncKeyFilename)
 		if err != nil {
 			return Image{}, util.FmtNewtError(
 				"Error reading pubkey file: %s", err.Error())
 		}

 		cipherSecret, err := GenerateCipherSecret(pubKeBytes, plainSecret)
 		if err != nil {
 			return Image{}, err
 		}

 		ic.PlainSecret = plainSecret
 		ic.CipherSecret = cipherSecret
 	}

 	ri, err := ic.Create()
 	if err != nil {
 		return Image{}, err
 	}

 	return ri, nil
 }

 func calcHash(initialHash []byte, hdr ImageHdr, pad []byte,
 	plainBody []byte) ([]byte, error) {

 	hash := sha256.New()

 	add := func(itf interface{}) error {
 		b := &bytes.Buffer{}
 		if err := binary.Write(b, binary.LittleEndian, itf); err != nil {
 			return err
 		}
 		if err := binary.Write(hash, binary.LittleEndian, itf); err != nil {
 			return util.FmtNewtError("Failed to hash data: %s", err.Error())
 		}

 		return nil
 	}

 	if initialHash != nil {
 		if err := add(initialHash); err != nil {
 			return nil, err
 		}
 	}

 	if err := add(hdr); err != nil {
 		return nil, err
 	}

 	if err := add(pad); err != nil {
 		return nil, err
 	}

 	extra := hdr.HdrSz - IMAGE_HEADER_SIZE
 	if extra > 0 {
 		b := make([]byte, extra)
 		if err := add(b); err != nil {
 			return nil, err
 		}
 	}

 	if err := add(plainBody); err != nil {
 		return nil, err
 	}

 	return hash.Sum(nil), nil
 }

 func (ic *ImageCreator) Create() (Image, error) {
 	img := Image{}

 	// First the header
 	img.Header = ImageHdr{
 		Magic: IMAGE_MAGIC,
 		Pad1:  0,
 		HdrSz: IMAGE_HEADER_SIZE,
 		Pad2:  0,
 		ImgSz: uint32(len(ic.Body)),
 		Flags: 0,
 		Vers:  ic.Version,
 		Pad3:  0,
 	}

 	if !ic.Bootable {
 		img.Header.Flags |= IMAGE_F_NON_BOOTABLE
 	}

 	if ic.CipherSecret != nil {
 		img.Header.Flags |= IMAGE_F_ENCRYPTED
 	}

 	if ic.HeaderSize != 0 {
 		// Pad the header out to the given size.  There will just be zeros
 		// between the header and the start of the image when it is padded.
 		extra := ic.HeaderSize - IMAGE_HEADER_SIZE
 		if extra < 0 {
 			return img, util.FmtNewtError("Image header must be at "+
 				"least %d bytes", IMAGE_HEADER_SIZE)
 		}

 		img.Header.HdrSz = uint16(ic.HeaderSize)
 		img.Pad = make([]byte, extra)
 	}

 	hashBytes, err := calcHash(ic.InitialHash, img.Header, img.Pad, ic.Body)
 	if err != nil {
 		return img, err
 	}

 	// Followed by data.
 	if ic.CipherSecret != nil {
 		encBody, err := sec.EncryptAES(ic.Body, ic.PlainSecret)
 		if err != nil {
 			return img, err
 		}
 		img.Body = append(img.Body, encBody...)
 	} else {
 		img.Body = append(img.Body, ic.Body...)
 	}

 	util.StatusMessage(util.VERBOSITY_VERBOSE,
 		"Computed Hash for image as %s\n", hex.EncodeToString(hashBytes))

 	// Hash TLV.
 	tlv := ImageTlv{
 		Header: ImageTlvHdr{
 			Type: IMAGE_TLV_SHA256,
 			Pad:  0,
 			Len:  uint16(len(hashBytes)),
 		},
 		Data: hashBytes,
 	}
 	img.Tlvs = append(img.Tlvs, tlv)

 	tlvs, err := BuildSigTlvs(ic.SigKeys, hashBytes)
 	if err != nil {
 		return img, err
 	}
 	img.Tlvs = append(img.Tlvs, tlvs...)

 	if ic.CipherSecret != nil {
 		tlv, err := GenerateEncTlv(ic.CipherSecret)
 		if err != nil {
 			return img, err
 		}
 		img.Tlvs = append(img.Tlvs, tlv)
 	}

 	return img, nil
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package image

	import (
	"bytes"
	"crypto"
	"crypto/ecdsa"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"encoding/asn1"
	"encoding/binary"
	"encoding/hex"
	"io/ioutil"
	"math/big"

	"mynewt.apache.org/newt/artifact/sec"
	"mynewt.apache.org/newt/util"
	)

	type ImageCreator struct {
	Body []byte
	Version ImageVersion
	SigKeys []sec.SignKey
	PlainSecret []byte
	CipherSecret []byte
	HeaderSize int
	InitialHash []byte
	Bootable bool
	}

	type ImageCreateOpts struct {
	SrcBinFilename string
	SrcEncKeyFilename string
	Version ImageVersion
	SigKeys []sec.SignKey
	LoaderHash []byte
	}

	type ECDSASig struct {
	R *big.Int
	S *big.Int
	}

	func NewImageCreator() ImageCreator {
	return ImageCreator{
	HeaderSize: IMAGE_HEADER_SIZE,
	Bootable: true,
	}
	}

	func sigTlvType(key sec.SignKey) uint8 {
	key.AssertValid()

	if key.Rsa != nil {
	return IMAGE_TLV_RSA2048
	} else {
	switch key.Ec.Curve.Params().Name {
	case "P-224":
	return IMAGE_TLV_ECDSA224
	case "P-256":
	return IMAGE_TLV_ECDSA256
	default:
	return 0
	}
	}
	}

	func GenerateEncTlv(cipherSecret []byte) (ImageTlv, error) {
	var encType uint8

	if len(cipherSecret) == 256 {
	encType = IMAGE_TLV_ENC_RSA
	} else if len(cipherSecret) == 24 {
	encType = IMAGE_TLV_ENC_KEK
	} else {
	return ImageTlv{}, util.FmtNewtError("Invalid enc TLV size ")
	}

	return ImageTlv{
	Header: ImageTlvHdr{
	Type: encType,
	Pad: 0,
	Len: uint16(len(cipherSecret)),
	},
	Data: cipherSecret,
	}, nil
	}

	func GenerateSigRsa(key sec.SignKey, hash []byte) ([]byte, error) {
	opts := rsa.PSSOptions{
	SaltLength: rsa.PSSSaltLengthEqualsHash,
	}
	signature, err := rsa.SignPSS(
	rand.Reader, key.Rsa, crypto.SHA256, hash, &opts)
	if err != nil {
	return nil, util.FmtNewtError("Failed to compute signature: %s", err)
	}

	return signature, nil
	}

	func GenerateSigEc(key sec.SignKey, hash []byte) ([]byte, error) {
	r, s, err := ecdsa.Sign(rand.Reader, key.Ec, hash)
	if err != nil {
	return nil, util.FmtNewtError("Failed to compute signature: %s", err)
	}

	ECDSA := ECDSASig{
	R: r,
	S: s,
	}

	signature, err := asn1.Marshal(ECDSA)
	if err != nil {
	return nil, util.FmtNewtError("Failed to construct signature: %s", err)
	}

	sigLen := key.SigLen()
	if len(signature) > int(sigLen) {
	return nil, util.FmtNewtError("Something is really wrong\n")
	}

	pad := make([]byte, int(sigLen)-len(signature))
	signature = append(signature, pad...)

	return signature, nil
	}

	func GenerateSig(key sec.SignKey, hash []byte) ([]byte, error) {
	key.AssertValid()

	if key.Rsa != nil {
	return GenerateSigRsa(key, hash)
	} else {
	return GenerateSigEc(key, hash)
	}
	}

	func BuildKeyHashTlv(keyBytes []byte) ImageTlv {
	data := sec.RawKeyHash(keyBytes)
	return ImageTlv{
	Header: ImageTlvHdr{
	Type: IMAGE_TLV_KEYHASH,
	Pad: 0,
	Len: uint16(len(data)),
	},
	Data: data,
	}
	}

	func BuildSigTlvs(keys []sec.SignKey, hash []byte) ([]ImageTlv, error) {
	var tlvs []ImageTlv

	for _, key := range keys {
	key.AssertValid()

	// Key hash TLV.
	pubKey, err := key.PubBytes()
	if err != nil {
	return nil, err
	}
	tlv := BuildKeyHashTlv(pubKey)
	tlvs = append(tlvs, tlv)

	// Signature TLV.
	sig, err := GenerateSig(key, hash)
	if err != nil {
	return nil, err
	}
	tlv = ImageTlv{
	Header: ImageTlvHdr{
	Type: sigTlvType(key),
	Len: uint16(len(sig)),
	},
	Data: sig,
	}
	tlvs = append(tlvs, tlv)
	}

	return tlvs, nil
	}

	func GeneratePlainSecret() ([]byte, error) {
	plainSecret := make([]byte, 16)
	if _, err := rand.Read(plainSecret); err != nil {
	return nil, util.FmtNewtError(
	"Random generation error: %s\n", err)
	}

	return plainSecret, nil
	}

	func GenerateCipherSecret(pubKeBytes []byte,
	plainSecret []byte) ([]byte, error) {

	// Try reading as PEM (asymetric key).
	rsaPubKe, err := sec.ParsePubKePem(pubKeBytes)
	if err != nil {
	return nil, err
	}
	if rsaPubKe != nil {
	return sec.EncryptSecretRsa(rsaPubKe, plainSecret)
	}

	// Not PEM; assume this is a base64 encoded symetric key
	aesPubKe, err := sec.ParseKeBase64(pubKeBytes)
	if err != nil {
	return nil, err
	}
	if aesPubKe != nil {
	return sec.EncryptSecretAes(aesPubKe, plainSecret)
	}

	return nil, util.FmtNewtError("Invalid image-crypt key")
	}

	func GenerateImage(opts ImageCreateOpts) (Image, error) {
	ic := NewImageCreator()

	srcBin, err := ioutil.ReadFile(opts.SrcBinFilename)
	if err != nil {
	return Image{}, util.FmtNewtError(
	"Can't read app binary: %s", err.Error())
	}

	ic.Body = srcBin
	ic.Version = opts.Version
	ic.SigKeys = opts.SigKeys

	if opts.LoaderHash != nil {
	ic.InitialHash = opts.LoaderHash
	ic.Bootable = false
	} else {
	ic.Bootable = true
	}

	if opts.SrcEncKeyFilename != "" {
	plainSecret, err := GeneratePlainSecret()
	if err != nil {
	return Image{}, err
	}

	pubKeBytes, err := ioutil.ReadFile(opts.SrcEncKeyFilename)
	if err != nil {
	return Image{}, util.FmtNewtError(
	"Error reading pubkey file: %s", err.Error())
	}

	cipherSecret, err := GenerateCipherSecret(pubKeBytes, plainSecret)
	if err != nil {
	return Image{}, err
	}

	ic.PlainSecret = plainSecret
	ic.CipherSecret = cipherSecret
	}

	ri, err := ic.Create()
	if err != nil {
	return Image{}, err
	}

	return ri, nil
	}

	func calcHash(initialHash []byte, hdr ImageHdr, pad []byte,
	plainBody []byte) ([]byte, error) {

	hash := sha256.New()

	add := func(itf interface{}) error {
	b := &bytes.Buffer{}
	if err := binary.Write(b, binary.LittleEndian, itf); err != nil {
	return err
	}
	if err := binary.Write(hash, binary.LittleEndian, itf); err != nil {
	return util.FmtNewtError("Failed to hash data: %s", err.Error())
	}

	return nil
	}

	if initialHash != nil {
	if err := add(initialHash); err != nil {
	return nil, err
	}
	}

	if err := add(hdr); err != nil {
	return nil, err
	}

	if err := add(pad); err != nil {
	return nil, err
	}

	extra := hdr.HdrSz - IMAGE_HEADER_SIZE
	if extra > 0 {
	b := make([]byte, extra)
	if err := add(b); err != nil {
	return nil, err
	}
	}

	if err := add(plainBody); err != nil {
	return nil, err
	}

	return hash.Sum(nil), nil
	}

	func (ic *ImageCreator) Create() (Image, error) {
	img := Image{}

	// First the header
	img.Header = ImageHdr{
	Magic: IMAGE_MAGIC,
	Pad1: 0,
	HdrSz: IMAGE_HEADER_SIZE,
	Pad2: 0,
	ImgSz: uint32(len(ic.Body)),
	Flags: 0,
	Vers: ic.Version,
	Pad3: 0,
	}

	if !ic.Bootable {
	img.Header.Flags \|= IMAGE_F_NON_BOOTABLE
	}

	if ic.CipherSecret != nil {
	img.Header.Flags \|= IMAGE_F_ENCRYPTED
	}

	if ic.HeaderSize != 0 {
	// Pad the header out to the given size. There will just be zeros
	// between the header and the start of the image when it is padded.
	extra := ic.HeaderSize - IMAGE_HEADER_SIZE
	if extra < 0 {
	return img, util.FmtNewtError("Image header must be at "+
	"least %d bytes", IMAGE_HEADER_SIZE)
	}

	img.Header.HdrSz = uint16(ic.HeaderSize)
	img.Pad = make([]byte, extra)
	}

	hashBytes, err := calcHash(ic.InitialHash, img.Header, img.Pad, ic.Body)
	if err != nil {
	return img, err
	}

	// Followed by data.
	if ic.CipherSecret != nil {
	encBody, err := sec.EncryptAES(ic.Body, ic.PlainSecret)
	if err != nil {
	return img, err
	}
	img.Body = append(img.Body, encBody...)
	} else {
	img.Body = append(img.Body, ic.Body...)
	}

	util.StatusMessage(util.VERBOSITY_VERBOSE,
	"Computed Hash for image as %s\n", hex.EncodeToString(hashBytes))

	// Hash TLV.
	tlv := ImageTlv{
	Header: ImageTlvHdr{
	Type: IMAGE_TLV_SHA256,
	Pad: 0,
	Len: uint16(len(hashBytes)),
	},
	Data: hashBytes,
	}
	img.Tlvs = append(img.Tlvs, tlv)

	tlvs, err := BuildSigTlvs(ic.SigKeys, hashBytes)
	if err != nil {
	return img, err
	}
	img.Tlvs = append(img.Tlvs, tlvs...)

	if ic.CipherSecret != nil {
	tlv, err := GenerateEncTlv(ic.CipherSecret)
	if err != nil {
	return img, err
	}
	img.Tlvs = append(img.Tlvs, tlv)
	}

	return img, nil
	}