]>
git.ipfire.org Git - people/ms/u-boot.git/blob - lib/rsa/rsa-sign.c
2 * Copyright (c) 2013, Google Inc.
4 * SPDX-License-Identifier: GPL-2.0+
12 #include <openssl/bn.h>
13 #include <openssl/rsa.h>
14 #include <openssl/pem.h>
15 #include <openssl/err.h>
16 #include <openssl/ssl.h>
17 #include <openssl/evp.h>
18 #include <openssl/engine.h>
20 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
21 #define HAVE_ERR_REMOVE_THREAD_STATE
24 #if OPENSSL_VERSION_NUMBER < 0x10100000L
25 static void RSA_get0_key(const RSA
*r
,
26 const BIGNUM
**n
, const BIGNUM
**e
, const BIGNUM
**d
)
37 static int rsa_err(const char *msg
)
39 unsigned long sslErr
= ERR_get_error();
41 fprintf(stderr
, "%s", msg
);
42 fprintf(stderr
, ": %s\n",
43 ERR_error_string(sslErr
, 0));
49 * rsa_pem_get_pub_key() - read a public key from a .crt file
51 * @keydir: Directory containins the key
52 * @name Name of key file (will have a .crt extension)
53 * @rsap Returns RSA object, or NULL on failure
54 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
56 static int rsa_pem_get_pub_key(const char *keydir
, const char *name
, RSA
**rsap
)
66 snprintf(path
, sizeof(path
), "%s/%s.crt", keydir
, name
);
69 fprintf(stderr
, "Couldn't open RSA certificate: '%s': %s\n",
70 path
, strerror(errno
));
74 /* Read the certificate */
76 if (!PEM_read_X509(f
, &cert
, NULL
, NULL
)) {
77 rsa_err("Couldn't read certificate");
82 /* Get the public key from the certificate. */
83 key
= X509_get_pubkey(cert
);
85 rsa_err("Couldn't read public key\n");
90 /* Convert to a RSA_style key. */
91 rsa
= EVP_PKEY_get1_RSA(key
);
93 rsa_err("Couldn't convert to a RSA style key");
114 * rsa_engine_get_pub_key() - read a public key from given engine
116 * @keydir: Key prefix
118 * @engine Engine to use
119 * @rsap Returns RSA object, or NULL on failure
120 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
122 static int rsa_engine_get_pub_key(const char *keydir
, const char *name
,
123 ENGINE
*engine
, RSA
**rsap
)
125 const char *engine_id
;
133 engine_id
= ENGINE_get_id(engine
);
135 if (engine_id
&& !strcmp(engine_id
, "pkcs11")) {
137 snprintf(key_id
, sizeof(key_id
),
138 "pkcs11:%s;object=%s;type=public",
141 snprintf(key_id
, sizeof(key_id
),
142 "pkcs11:object=%s;type=public",
145 fprintf(stderr
, "Engine not supported\n");
149 key
= ENGINE_load_public_key(engine
, key_id
, NULL
, NULL
);
151 return rsa_err("Failure loading public key from engine");
153 /* Convert to a RSA_style key. */
154 rsa
= EVP_PKEY_get1_RSA(key
);
156 rsa_err("Couldn't convert to a RSA style key");
172 * rsa_get_pub_key() - read a public key
174 * @keydir: Directory containing the key (PEM file) or key prefix (engine)
175 * @name Name of key file (will have a .crt extension)
176 * @engine Engine to use
177 * @rsap Returns RSA object, or NULL on failure
178 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
180 static int rsa_get_pub_key(const char *keydir
, const char *name
,
181 ENGINE
*engine
, RSA
**rsap
)
184 return rsa_engine_get_pub_key(keydir
, name
, engine
, rsap
);
185 return rsa_pem_get_pub_key(keydir
, name
, rsap
);
189 * rsa_pem_get_priv_key() - read a private key from a .key file
191 * @keydir: Directory containing the key
192 * @name Name of key file (will have a .key extension)
193 * @rsap Returns RSA object, or NULL on failure
194 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
196 static int rsa_pem_get_priv_key(const char *keydir
, const char *name
,
204 snprintf(path
, sizeof(path
), "%s/%s.key", keydir
, name
);
205 f
= fopen(path
, "r");
207 fprintf(stderr
, "Couldn't open RSA private key: '%s': %s\n",
208 path
, strerror(errno
));
212 rsa
= PEM_read_RSAPrivateKey(f
, 0, NULL
, path
);
214 rsa_err("Failure reading private key");
225 * rsa_engine_get_priv_key() - read a private key from given engine
227 * @keydir: Key prefix
229 * @engine Engine to use
230 * @rsap Returns RSA object, or NULL on failure
231 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
233 static int rsa_engine_get_priv_key(const char *keydir
, const char *name
,
234 ENGINE
*engine
, RSA
**rsap
)
236 const char *engine_id
;
244 engine_id
= ENGINE_get_id(engine
);
246 if (engine_id
&& !strcmp(engine_id
, "pkcs11")) {
248 snprintf(key_id
, sizeof(key_id
),
249 "pkcs11:%s;object=%s;type=private",
252 snprintf(key_id
, sizeof(key_id
),
253 "pkcs11:object=%s;type=private",
256 fprintf(stderr
, "Engine not supported\n");
260 key
= ENGINE_load_private_key(engine
, key_id
, NULL
, NULL
);
262 return rsa_err("Failure loading private key from engine");
264 /* Convert to a RSA_style key. */
265 rsa
= EVP_PKEY_get1_RSA(key
);
267 rsa_err("Couldn't convert to a RSA style key");
283 * rsa_get_priv_key() - read a private key
285 * @keydir: Directory containing the key (PEM file) or key prefix (engine)
287 * @engine Engine to use for signing
288 * @rsap Returns RSA object, or NULL on failure
289 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
291 static int rsa_get_priv_key(const char *keydir
, const char *name
,
292 ENGINE
*engine
, RSA
**rsap
)
295 return rsa_engine_get_priv_key(keydir
, name
, engine
, rsap
);
296 return rsa_pem_get_priv_key(keydir
, name
, rsap
);
299 static int rsa_init(void)
303 #if OPENSSL_VERSION_NUMBER < 0x10100000L
304 ret
= SSL_library_init();
306 ret
= OPENSSL_init_ssl(0, NULL
);
309 fprintf(stderr
, "Failure to init SSL library\n");
312 #if OPENSSL_VERSION_NUMBER < 0x10100000L
313 SSL_load_error_strings();
315 OpenSSL_add_all_algorithms();
316 OpenSSL_add_all_digests();
317 OpenSSL_add_all_ciphers();
323 static int rsa_engine_init(const char *engine_id
, ENGINE
**pe
)
328 ENGINE_load_builtin_engines();
330 e
= ENGINE_by_id(engine_id
);
332 fprintf(stderr
, "Engine isn't available\n");
334 goto err_engine_by_id
;
337 if (!ENGINE_init(e
)) {
338 fprintf(stderr
, "Couldn't initialize engine\n");
340 goto err_engine_init
;
343 if (!ENGINE_set_default_RSA(e
)) {
344 fprintf(stderr
, "Couldn't set engine as default for RSA\n");
358 #if OPENSSL_VERSION_NUMBER < 0x10100000L
364 static void rsa_remove(void)
366 #if OPENSSL_VERSION_NUMBER < 0x10100000L
367 CRYPTO_cleanup_all_ex_data();
369 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
370 ERR_remove_thread_state(NULL
);
378 static void rsa_engine_remove(ENGINE
*e
)
386 static int rsa_sign_with_key(RSA
*rsa
, struct checksum_algo
*checksum_algo
,
387 const struct image_region region
[], int region_count
,
388 uint8_t **sigp
, uint
*sig_size
)
396 key
= EVP_PKEY_new();
398 return rsa_err("EVP_PKEY object creation failed");
400 if (!EVP_PKEY_set1_RSA(key
, rsa
)) {
401 ret
= rsa_err("EVP key setup failed");
405 size
= EVP_PKEY_size(key
);
408 fprintf(stderr
, "Out of memory for signature (%d bytes)\n",
414 context
= EVP_MD_CTX_create();
416 ret
= rsa_err("EVP context creation failed");
419 EVP_MD_CTX_init(context
);
420 if (!EVP_SignInit(context
, checksum_algo
->calculate_sign())) {
421 ret
= rsa_err("Signer setup failed");
425 for (i
= 0; i
< region_count
; i
++) {
426 if (!EVP_SignUpdate(context
, region
[i
].data
, region
[i
].size
)) {
427 ret
= rsa_err("Signing data failed");
432 if (!EVP_SignFinal(context
, sig
, sig_size
, key
)) {
433 ret
= rsa_err("Could not obtain signature");
436 #if OPENSSL_VERSION_NUMBER < 0x10100000L
437 EVP_MD_CTX_cleanup(context
);
439 EVP_MD_CTX_reset(context
);
441 EVP_MD_CTX_destroy(context
);
444 debug("Got signature: %d bytes, expected %d\n", *sig_size
, size
);
451 EVP_MD_CTX_destroy(context
);
460 int rsa_sign(struct image_sign_info
*info
,
461 const struct image_region region
[], int region_count
,
462 uint8_t **sigp
, uint
*sig_len
)
472 if (info
->engine_id
) {
473 ret
= rsa_engine_init(info
->engine_id
, &e
);
478 ret
= rsa_get_priv_key(info
->keydir
, info
->keyname
, e
, &rsa
);
481 ret
= rsa_sign_with_key(rsa
, info
->checksum
, region
,
482 region_count
, sigp
, sig_len
);
488 rsa_engine_remove(e
);
497 rsa_engine_remove(e
);
504 * rsa_get_exponent(): - Get the public exponent from an RSA key
506 static int rsa_get_exponent(RSA
*key
, uint64_t *e
)
519 RSA_get0_key(key
, NULL
, &key_e
, NULL
);
520 if (BN_num_bits(key_e
) > 64)
523 *e
= BN_get_word(key_e
);
525 if (BN_num_bits(key_e
) < 33) {
530 bn_te
= BN_dup(key_e
);
534 if (!BN_rshift(bn_te
, bn_te
, 32))
537 if (!BN_mask_bits(bn_te
, 32))
540 te
= BN_get_word(bn_te
);
553 * rsa_get_params(): - Get the important parameters of an RSA public key
555 int rsa_get_params(RSA
*key
, uint64_t *exponent
, uint32_t *n0_invp
,
556 BIGNUM
**modulusp
, BIGNUM
**r_squaredp
)
558 BIGNUM
*big1
, *big2
, *big32
, *big2_32
;
559 BIGNUM
*n
, *r
, *r_squared
, *tmp
;
561 BN_CTX
*bn_ctx
= BN_CTX_new();
564 /* Initialize BIGNUMs */
569 r_squared
= BN_new();
573 if (!big1
|| !big2
|| !big32
|| !r
|| !r_squared
|| !tmp
|| !big2_32
||
575 fprintf(stderr
, "Out of memory (bignum)\n");
579 if (0 != rsa_get_exponent(key
, exponent
))
582 RSA_get0_key(key
, &key_n
, NULL
, NULL
);
583 if (!BN_copy(n
, key_n
) || !BN_set_word(big1
, 1L) ||
584 !BN_set_word(big2
, 2L) || !BN_set_word(big32
, 32L))
588 if (!BN_exp(big2_32
, big2
, big32
, bn_ctx
))
591 /* Calculate n0_inv = -1 / n[0] mod 2^32 */
592 if (!BN_mod_inverse(tmp
, n
, big2_32
, bn_ctx
) ||
593 !BN_sub(tmp
, big2_32
, tmp
))
595 *n0_invp
= BN_get_word(tmp
);
597 /* Calculate R = 2^(# of key bits) */
598 if (!BN_set_word(tmp
, BN_num_bits(n
)) ||
599 !BN_exp(r
, big2
, tmp
, bn_ctx
))
602 /* Calculate r_squared = R^2 mod n */
603 if (!BN_copy(r_squared
, r
) ||
604 !BN_mul(tmp
, r_squared
, r
, bn_ctx
) ||
605 !BN_mod(r_squared
, tmp
, n
, bn_ctx
))
609 *r_squaredp
= r_squared
;
618 fprintf(stderr
, "Bignum operations failed\n");
625 static int fdt_add_bignum(void *blob
, int noffset
, const char *prop_name
,
626 BIGNUM
*num
, int num_bits
)
628 int nwords
= num_bits
/ 32;
631 BIGNUM
*tmp
, *big2
, *big32
, *big2_32
;
639 if (!tmp
|| !big2
|| !big32
|| !big2_32
) {
640 fprintf(stderr
, "Out of memory (bignum)\n");
645 fprintf(stderr
, "Out of memory (bignum context)\n");
648 BN_set_word(big2
, 2L);
649 BN_set_word(big32
, 32L);
650 BN_exp(big2_32
, big2
, big32
, ctx
); /* B = 2^32 */
652 size
= nwords
* sizeof(uint32_t);
655 fprintf(stderr
, "Out of memory (%d bytes)\n", size
);
659 /* Write out modulus as big endian array of integers */
660 for (ptr
= buf
+ nwords
- 1; ptr
>= buf
; ptr
--) {
661 BN_mod(tmp
, num
, big2_32
, ctx
); /* n = N mod B */
662 *ptr
= cpu_to_fdt32(BN_get_word(tmp
));
663 BN_rshift(num
, num
, 32); /* N = N/B */
667 * We try signing with successively increasing size values, so this
668 * might fail several times
670 ret
= fdt_setprop(blob
, noffset
, prop_name
, buf
, size
);
672 return -FDT_ERR_NOSPACE
;
682 int rsa_add_verify_data(struct image_sign_info
*info
, void *keydest
)
684 BIGNUM
*modulus
, *r_squared
;
694 debug("%s: Getting verification data\n", __func__
);
695 if (info
->engine_id
) {
696 ret
= rsa_engine_init(info
->engine_id
, &e
);
700 ret
= rsa_get_pub_key(info
->keydir
, info
->keyname
, e
, &rsa
);
702 goto err_get_pub_key
;
703 ret
= rsa_get_params(rsa
, &exponent
, &n0_inv
, &modulus
, &r_squared
);
706 bits
= BN_num_bits(modulus
);
707 parent
= fdt_subnode_offset(keydest
, 0, FIT_SIG_NODENAME
);
708 if (parent
== -FDT_ERR_NOTFOUND
) {
709 parent
= fdt_add_subnode(keydest
, 0, FIT_SIG_NODENAME
);
712 if (ret
!= -FDT_ERR_NOSPACE
) {
713 fprintf(stderr
, "Couldn't create signature node: %s\n",
714 fdt_strerror(parent
));
721 /* Either create or overwrite the named key node */
722 snprintf(name
, sizeof(name
), "key-%s", info
->keyname
);
723 node
= fdt_subnode_offset(keydest
, parent
, name
);
724 if (node
== -FDT_ERR_NOTFOUND
) {
725 node
= fdt_add_subnode(keydest
, parent
, name
);
728 if (ret
!= -FDT_ERR_NOSPACE
) {
729 fprintf(stderr
, "Could not create key subnode: %s\n",
733 } else if (node
< 0) {
734 fprintf(stderr
, "Cannot select keys parent: %s\n",
740 ret
= fdt_setprop_string(keydest
, node
, "key-name-hint",
744 ret
= fdt_setprop_u32(keydest
, node
, "rsa,num-bits", bits
);
746 ret
= fdt_setprop_u32(keydest
, node
, "rsa,n0-inverse", n0_inv
);
748 ret
= fdt_setprop_u64(keydest
, node
, "rsa,exponent", exponent
);
751 ret
= fdt_add_bignum(keydest
, node
, "rsa,modulus", modulus
,
755 ret
= fdt_add_bignum(keydest
, node
, "rsa,r-squared", r_squared
,
759 ret
= fdt_setprop_string(keydest
, node
, FIT_ALGO_PROP
,
762 if (!ret
&& info
->require_keys
) {
763 ret
= fdt_setprop_string(keydest
, node
, "required",
770 ret
= ret
== -FDT_ERR_NOSPACE
? -ENOSPC
: -EIO
;
775 rsa_engine_remove(e
);