iPXE
imgcrypt.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <string.h>
27 #include <syslog.h>
28 #include <ipxe/image.h>
29 #include <ipxe/cms.h>
30 #include <ipxe/privkey.h>
31 #include <usr/imgcrypt.h>
32 
33 /** @file
34  *
35  * Image encryption management
36  *
37  */
38 
39 /**
40  * Decrypt image using downloaded envelope
41  *
42  * @v image Image to decrypt
43  * @v envelope Image containing decryption key
44  * @v name Decrypted image name (or NULL to use default)
45  * @ret rc Return status code
46  */
47 int imgdecrypt ( struct image *image, struct image *envelope,
48  const char *name ) {
49  struct cms_message *cms;
50  int rc;
51 
52  /* Parse envelope */
53  if ( ( rc = cms_message ( envelope, &cms ) ) != 0 )
54  goto err_parse;
55 
56  /* Decrypt image */
57  if ( ( rc = cms_decrypt ( cms, image, name, &private_key ) ) != 0 )
58  goto err_decrypt;
59 
60  /* Drop reference to message */
61  cms_put ( cms );
62  cms = NULL;
63 
64  /* Record decryption */
65  syslog ( LOG_NOTICE, "Image \"%s\" decrypted OK\n", image->name );
66 
67  return 0;
68 
69  err_decrypt:
70  cms_put ( cms );
71  err_parse:
72  syslog ( LOG_ERR, "Image \"%s\" decryption failed: %s\n",
73  image->name, strerror ( rc ) );
74  return rc;
75 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
const char * name
Definition: ath9k_hw.c:1984
An executable image.
Definition: image.h:24
#define LOG_ERR
Error: error conditions.
Definition: syslog.h:35
A CMS message.
Definition: cms.h:55
Private key.
Executable images.
int imgdecrypt(struct image *image, struct image *envelope, const char *name)
Decrypt image using downloaded envelope.
Definition: imgcrypt.c:47
System logger.
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
static void cms_put(struct cms_message *cms)
Drop reference to CMS message.
Definition: cms.h:94
int cms_decrypt(struct cms_message *cms, struct image *image, const char *name, struct private_key *private_key)
Decrypt CMS message.
Definition: cms.c:1059
#define syslog(priority, fmt,...)
Write message to system log.
Definition: syslog.h:93
A private key.
Definition: privkey.h:16
Image encryption management.
Cryptographic Message Syntax (PKCS #7)
char * name
Name.
Definition: image.h:34
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
String functions.
#define LOG_NOTICE
Notice: normal but significant conditions.
Definition: syslog.h:41