iPXE
imgcrypt.c
Go to the documentation of this file.
1/*
2 * Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
22 */
23
24FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
26#include <string.h>
27#include <syslog.h>
28#include <ipxe/image.h>
29#include <ipxe/cms.h>
30#include <ipxe/privkey.h>
31#include <usr/imgcrypt.h>
32
33/** @file
34 *
35 * Image encryption management
36 *
37 */
38
39/**
40 * Decrypt image using downloaded envelope
41 *
42 * @v image Image to decrypt
43 * @v envelope Image containing decryption key
44 * @v name Decrypted image name (or NULL to use default)
45 * @ret rc Return status code
46 */
47int imgdecrypt ( struct image *image, struct image *envelope,
48 const char *name ) {
49 struct cms_message *cms;
50 int rc;
51
52 /* Parse envelope */
53 if ( ( rc = cms_message ( envelope, &cms ) ) != 0 )
54 goto err_parse;
55
56 /* Decrypt image */
57 if ( ( rc = cms_decrypt ( cms, image, name, &private_key ) ) != 0 )
58 goto err_decrypt;
59
60 /* Drop reference to message */
61 cms_put ( cms );
62 cms = NULL;
63
64 /* Record decryption */
65 syslog ( LOG_NOTICE, "Image \"%s\" decrypted OK\n", image->name );
66
67 return 0;
68
69 err_decrypt:
70 cms_put ( cms );
71 err_parse:
72 syslog ( LOG_ERR, "Image \"%s\" decryption failed: %s\n",
73 image->name, strerror ( rc ) );
74 return rc;
75}
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
struct arbelprm_rc_send_wqe rc
Definition arbel.h:3
const char * name
Definition ath9k_hw.c:1986
int cms_decrypt(struct cms_message *cms, struct image *image, const char *name, struct private_key *private_key)
Decrypt CMS message.
Definition cms.c:1039
Cryptographic Message Syntax (PKCS #7)
static void cms_put(struct cms_message *cms)
Drop reference to CMS message.
Definition cms.h:94
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
#define LOG_ERR
Error: error conditions.
Definition syslog.h:36
#define LOG_NOTICE
Notice: normal but significant conditions.
Definition syslog.h:42
Executable images.
int imgdecrypt(struct image *image, struct image *envelope, const char *name)
Decrypt image using downloaded envelope.
Definition imgcrypt.c:47
Image encryption management.
String functions.
Private key.
char * strerror(int errno)
Retrieve string representation of error number.
Definition strerror.c:79
A CMS message.
Definition cms.h:55
An executable image.
Definition image.h:24
char * name
Name.
Definition image.h:38
A private key.
Definition privkey.h:17
System logger.
#define syslog(priority, fmt,...)
Write message to system log.
Definition syslog.h:94