uboot/lib/rsa/rsa-sign.c
<<
>>
Prefs
   1/*
   2 * Copyright (c) 2013, Google Inc.
   3 *
   4 * SPDX-License-Identifier:     GPL-2.0+
   5 */
   6
   7#include "mkimage.h"
   8#include <stdio.h>
   9#include <string.h>
  10#include <image.h>
  11#include <time.h>
  12#include <openssl/rsa.h>
  13#include <openssl/pem.h>
  14#include <openssl/err.h>
  15#include <openssl/ssl.h>
  16#include <openssl/evp.h>
  17
  18#if OPENSSL_VERSION_NUMBER >= 0x10000000L
  19#define HAVE_ERR_REMOVE_THREAD_STATE
  20#endif
  21
  22static int rsa_err(const char *msg)
  23{
  24        unsigned long sslErr = ERR_get_error();
  25
  26        fprintf(stderr, "%s", msg);
  27        fprintf(stderr, ": %s\n",
  28                ERR_error_string(sslErr, 0));
  29
  30        return -1;
  31}
  32
  33/**
  34 * rsa_get_pub_key() - read a public key from a .crt file
  35 *
  36 * @keydir:     Directory containins the key
  37 * @name        Name of key file (will have a .crt extension)
  38 * @rsap        Returns RSA object, or NULL on failure
  39 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
  40 */
  41static int rsa_get_pub_key(const char *keydir, const char *name, RSA **rsap)
  42{
  43        char path[1024];
  44        EVP_PKEY *key;
  45        X509 *cert;
  46        RSA *rsa;
  47        FILE *f;
  48        int ret;
  49
  50        *rsap = NULL;
  51        snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
  52        f = fopen(path, "r");
  53        if (!f) {
  54                fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
  55                        path, strerror(errno));
  56                return -EACCES;
  57        }
  58
  59        /* Read the certificate */
  60        cert = NULL;
  61        if (!PEM_read_X509(f, &cert, NULL, NULL)) {
  62                rsa_err("Couldn't read certificate");
  63                ret = -EINVAL;
  64                goto err_cert;
  65        }
  66
  67        /* Get the public key from the certificate. */
  68        key = X509_get_pubkey(cert);
  69        if (!key) {
  70                rsa_err("Couldn't read public key\n");
  71                ret = -EINVAL;
  72                goto err_pubkey;
  73        }
  74
  75        /* Convert to a RSA_style key. */
  76        rsa = EVP_PKEY_get1_RSA(key);
  77        if (!rsa) {
  78                rsa_err("Couldn't convert to a RSA style key");
  79                ret = -EINVAL;
  80                goto err_rsa;
  81        }
  82        fclose(f);
  83        EVP_PKEY_free(key);
  84        X509_free(cert);
  85        *rsap = rsa;
  86
  87        return 0;
  88
  89err_rsa:
  90        EVP_PKEY_free(key);
  91err_pubkey:
  92        X509_free(cert);
  93err_cert:
  94        fclose(f);
  95        return ret;
  96}
  97
  98/**
  99 * rsa_get_priv_key() - read a private key from a .key file
 100 *
 101 * @keydir:     Directory containins the key
 102 * @name        Name of key file (will have a .key extension)
 103 * @rsap        Returns RSA object, or NULL on failure
 104 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
 105 */
 106static int rsa_get_priv_key(const char *keydir, const char *name, RSA **rsap)
 107{
 108        char path[1024];
 109        RSA *rsa;
 110        FILE *f;
 111
 112        *rsap = NULL;
 113        snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
 114        f = fopen(path, "r");
 115        if (!f) {
 116                fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
 117                        path, strerror(errno));
 118                return -ENOENT;
 119        }
 120
 121        rsa = PEM_read_RSAPrivateKey(f, 0, NULL, path);
 122        if (!rsa) {
 123                rsa_err("Failure reading private key");
 124                fclose(f);
 125                return -EPROTO;
 126        }
 127        fclose(f);
 128        *rsap = rsa;
 129
 130        return 0;
 131}
 132
 133static int rsa_init(void)
 134{
 135        int ret;
 136
 137        ret = SSL_library_init();
 138        if (!ret) {
 139                fprintf(stderr, "Failure to init SSL library\n");
 140                return -1;
 141        }
 142        SSL_load_error_strings();
 143
 144        OpenSSL_add_all_algorithms();
 145        OpenSSL_add_all_digests();
 146        OpenSSL_add_all_ciphers();
 147
 148        return 0;
 149}
 150
 151static void rsa_remove(void)
 152{
 153        CRYPTO_cleanup_all_ex_data();
 154        ERR_free_strings();
 155#ifdef HAVE_ERR_REMOVE_THREAD_STATE
 156        ERR_remove_thread_state(NULL);
 157#else
 158        ERR_remove_state(0);
 159#endif
 160        EVP_cleanup();
 161}
 162
 163static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
 164                const struct image_region region[], int region_count,
 165                uint8_t **sigp, uint *sig_size)
 166{
 167        EVP_PKEY *key;
 168        EVP_MD_CTX *context;
 169        int size, ret = 0;
 170        uint8_t *sig;
 171        int i;
 172
 173        key = EVP_PKEY_new();
 174        if (!key)
 175                return rsa_err("EVP_PKEY object creation failed");
 176
 177        if (!EVP_PKEY_set1_RSA(key, rsa)) {
 178                ret = rsa_err("EVP key setup failed");
 179                goto err_set;
 180        }
 181
 182        size = EVP_PKEY_size(key);
 183        sig = malloc(size);
 184        if (!sig) {
 185                fprintf(stderr, "Out of memory for signature (%d bytes)\n",
 186                        size);
 187                ret = -ENOMEM;
 188                goto err_alloc;
 189        }
 190
 191        context = EVP_MD_CTX_create();
 192        if (!context) {
 193                ret = rsa_err("EVP context creation failed");
 194                goto err_create;
 195        }
 196        EVP_MD_CTX_init(context);
 197        if (!EVP_SignInit(context, checksum_algo->calculate_sign())) {
 198                ret = rsa_err("Signer setup failed");
 199                goto err_sign;
 200        }
 201
 202        for (i = 0; i < region_count; i++) {
 203                if (!EVP_SignUpdate(context, region[i].data, region[i].size)) {
 204                        ret = rsa_err("Signing data failed");
 205                        goto err_sign;
 206                }
 207        }
 208
 209        if (!EVP_SignFinal(context, sig, sig_size, key)) {
 210                ret = rsa_err("Could not obtain signature");
 211                goto err_sign;
 212        }
 213        EVP_MD_CTX_cleanup(context);
 214        EVP_MD_CTX_destroy(context);
 215        EVP_PKEY_free(key);
 216
 217        debug("Got signature: %d bytes, expected %d\n", *sig_size, size);
 218        *sigp = sig;
 219        *sig_size = size;
 220
 221        return 0;
 222
 223err_sign:
 224        EVP_MD_CTX_destroy(context);
 225err_create:
 226        free(sig);
 227err_alloc:
 228err_set:
 229        EVP_PKEY_free(key);
 230        return ret;
 231}
 232
 233int rsa_sign(struct image_sign_info *info,
 234             const struct image_region region[], int region_count,
 235             uint8_t **sigp, uint *sig_len)
 236{
 237        RSA *rsa;
 238        int ret;
 239
 240        ret = rsa_init();
 241        if (ret)
 242                return ret;
 243
 244        ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa);
 245        if (ret)
 246                goto err_priv;
 247        ret = rsa_sign_with_key(rsa, info->algo->checksum, region,
 248                                region_count, sigp, sig_len);
 249        if (ret)
 250                goto err_sign;
 251
 252        RSA_free(rsa);
 253        rsa_remove();
 254
 255        return ret;
 256
 257err_sign:
 258        RSA_free(rsa);
 259err_priv:
 260        rsa_remove();
 261        return ret;
 262}
 263
 264/*
 265 * rsa_get_exponent(): - Get the public exponent from an RSA key
 266 */
 267static int rsa_get_exponent(RSA *key, uint64_t *e)
 268{
 269        int ret;
 270        BIGNUM *bn_te;
 271        uint64_t te;
 272
 273        ret = -EINVAL;
 274        bn_te = NULL;
 275
 276        if (!e)
 277                goto cleanup;
 278
 279        if (BN_num_bits(key->e) > 64)
 280                goto cleanup;
 281
 282        *e = BN_get_word(key->e);
 283
 284        if (BN_num_bits(key->e) < 33) {
 285                ret = 0;
 286                goto cleanup;
 287        }
 288
 289        bn_te = BN_dup(key->e);
 290        if (!bn_te)
 291                goto cleanup;
 292
 293        if (!BN_rshift(bn_te, bn_te, 32))
 294                goto cleanup;
 295
 296        if (!BN_mask_bits(bn_te, 32))
 297                goto cleanup;
 298
 299        te = BN_get_word(bn_te);
 300        te <<= 32;
 301        *e |= te;
 302        ret = 0;
 303
 304cleanup:
 305        if (bn_te)
 306                BN_free(bn_te);
 307
 308        return ret;
 309}
 310
 311/*
 312 * rsa_get_params(): - Get the important parameters of an RSA public key
 313 */
 314int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
 315                   BIGNUM **modulusp, BIGNUM **r_squaredp)
 316{
 317        BIGNUM *big1, *big2, *big32, *big2_32;
 318        BIGNUM *n, *r, *r_squared, *tmp;
 319        BN_CTX *bn_ctx = BN_CTX_new();
 320        int ret = 0;
 321
 322        /* Initialize BIGNUMs */
 323        big1 = BN_new();
 324        big2 = BN_new();
 325        big32 = BN_new();
 326        r = BN_new();
 327        r_squared = BN_new();
 328        tmp = BN_new();
 329        big2_32 = BN_new();
 330        n = BN_new();
 331        if (!big1 || !big2 || !big32 || !r || !r_squared || !tmp || !big2_32 ||
 332            !n) {
 333                fprintf(stderr, "Out of memory (bignum)\n");
 334                return -ENOMEM;
 335        }
 336
 337        if (0 != rsa_get_exponent(key, exponent))
 338                ret = -1;
 339
 340        if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) ||
 341            !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
 342                ret = -1;
 343
 344        /* big2_32 = 2^32 */
 345        if (!BN_exp(big2_32, big2, big32, bn_ctx))
 346                ret = -1;
 347
 348        /* Calculate n0_inv = -1 / n[0] mod 2^32 */
 349        if (!BN_mod_inverse(tmp, n, big2_32, bn_ctx) ||
 350            !BN_sub(tmp, big2_32, tmp))
 351                ret = -1;
 352        *n0_invp = BN_get_word(tmp);
 353
 354        /* Calculate R = 2^(# of key bits) */
 355        if (!BN_set_word(tmp, BN_num_bits(n)) ||
 356            !BN_exp(r, big2, tmp, bn_ctx))
 357                ret = -1;
 358
 359        /* Calculate r_squared = R^2 mod n */
 360        if (!BN_copy(r_squared, r) ||
 361            !BN_mul(tmp, r_squared, r, bn_ctx) ||
 362            !BN_mod(r_squared, tmp, n, bn_ctx))
 363                ret = -1;
 364
 365        *modulusp = n;
 366        *r_squaredp = r_squared;
 367
 368        BN_free(big1);
 369        BN_free(big2);
 370        BN_free(big32);
 371        BN_free(r);
 372        BN_free(tmp);
 373        BN_free(big2_32);
 374        if (ret) {
 375                fprintf(stderr, "Bignum operations failed\n");
 376                return -ENOMEM;
 377        }
 378
 379        return ret;
 380}
 381
 382static int fdt_add_bignum(void *blob, int noffset, const char *prop_name,
 383                          BIGNUM *num, int num_bits)
 384{
 385        int nwords = num_bits / 32;
 386        int size;
 387        uint32_t *buf, *ptr;
 388        BIGNUM *tmp, *big2, *big32, *big2_32;
 389        BN_CTX *ctx;
 390        int ret;
 391
 392        tmp = BN_new();
 393        big2 = BN_new();
 394        big32 = BN_new();
 395        big2_32 = BN_new();
 396        if (!tmp || !big2 || !big32 || !big2_32) {
 397                fprintf(stderr, "Out of memory (bignum)\n");
 398                return -ENOMEM;
 399        }
 400        ctx = BN_CTX_new();
 401        if (!tmp) {
 402                fprintf(stderr, "Out of memory (bignum context)\n");
 403                return -ENOMEM;
 404        }
 405        BN_set_word(big2, 2L);
 406        BN_set_word(big32, 32L);
 407        BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */
 408
 409        size = nwords * sizeof(uint32_t);
 410        buf = malloc(size);
 411        if (!buf) {
 412                fprintf(stderr, "Out of memory (%d bytes)\n", size);
 413                return -ENOMEM;
 414        }
 415
 416        /* Write out modulus as big endian array of integers */
 417        for (ptr = buf + nwords - 1; ptr >= buf; ptr--) {
 418                BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */
 419                *ptr = cpu_to_fdt32(BN_get_word(tmp));
 420                BN_rshift(num, num, 32); /*  N = N/B */
 421        }
 422
 423        ret = fdt_setprop(blob, noffset, prop_name, buf, size);
 424        if (ret) {
 425                fprintf(stderr, "Failed to write public key to FIT\n");
 426                return -ENOSPC;
 427        }
 428        free(buf);
 429        BN_free(tmp);
 430        BN_free(big2);
 431        BN_free(big32);
 432        BN_free(big2_32);
 433
 434        return ret;
 435}
 436
 437int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
 438{
 439        BIGNUM *modulus, *r_squared;
 440        uint64_t exponent;
 441        uint32_t n0_inv;
 442        int parent, node;
 443        char name[100];
 444        int ret;
 445        int bits;
 446        RSA *rsa;
 447
 448        debug("%s: Getting verification data\n", __func__);
 449        ret = rsa_get_pub_key(info->keydir, info->keyname, &rsa);
 450        if (ret)
 451                return ret;
 452        ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
 453        if (ret)
 454                return ret;
 455        bits = BN_num_bits(modulus);
 456        parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME);
 457        if (parent == -FDT_ERR_NOTFOUND) {
 458                parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME);
 459                if (parent < 0) {
 460                        ret = parent;
 461                        if (ret != -FDT_ERR_NOSPACE) {
 462                                fprintf(stderr, "Couldn't create signature node: %s\n",
 463                                        fdt_strerror(parent));
 464                        }
 465                }
 466        }
 467        if (ret)
 468                goto done;
 469
 470        /* Either create or overwrite the named key node */
 471        snprintf(name, sizeof(name), "key-%s", info->keyname);
 472        node = fdt_subnode_offset(keydest, parent, name);
 473        if (node == -FDT_ERR_NOTFOUND) {
 474                node = fdt_add_subnode(keydest, parent, name);
 475                if (node < 0) {
 476                        ret = node;
 477                        if (ret != -FDT_ERR_NOSPACE) {
 478                                fprintf(stderr, "Could not create key subnode: %s\n",
 479                                        fdt_strerror(node));
 480                        }
 481                }
 482        } else if (node < 0) {
 483                fprintf(stderr, "Cannot select keys parent: %s\n",
 484                        fdt_strerror(node));
 485                ret = node;
 486        }
 487
 488        if (!ret) {
 489                ret = fdt_setprop_string(keydest, node, "key-name-hint",
 490                                 info->keyname);
 491        }
 492        if (!ret)
 493                ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
 494        if (!ret)
 495                ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv);
 496        if (!ret) {
 497                ret = fdt_setprop_u64(keydest, node, "rsa,exponent", exponent);
 498        }
 499        if (!ret) {
 500                ret = fdt_add_bignum(keydest, node, "rsa,modulus", modulus,
 501                                     bits);
 502        }
 503        if (!ret) {
 504                ret = fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared,
 505                                     bits);
 506        }
 507        if (!ret) {
 508                ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP,
 509                                         info->algo->name);
 510        }
 511        if (info->require_keys) {
 512                ret = fdt_setprop_string(keydest, node, "required",
 513                                         info->require_keys);
 514        }
 515done:
 516        BN_free(modulus);
 517        BN_free(r_squared);
 518        if (ret)
 519                return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
 520
 521        return 0;
 522}
 523