[J-u-boot.git] / lib / rsa / rsa-sign.c

// SPDX-License-Identifier: GPL-2.0+
/*
 * Copyright (c) 2013, Google Inc.
 */

#define OPENSSL_API_COMPAT 0x10101000L

#include "mkimage.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <image.h>
#include <time.h>
#include <u-boot/fdt-libcrypto.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/engine.h>

static int rsa_err(const char *msg)
{
	unsigned long sslErr = ERR_get_error();

	fprintf(stderr, "%s", msg);
	fprintf(stderr, ": %s\n",
		ERR_error_string(sslErr, 0));

	return -1;
}

/**
 * rsa_pem_get_pub_key() - read a public key from a .crt file
 *
 * @keydir:	Directory containins the key
 * @name	Name of key file (will have a .crt extension)
 * @evpp	Returns EVP_PKEY object, or NULL on failure
 * Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
 */
static int rsa_pem_get_pub_key(const char *keydir, const char *name, EVP_PKEY **evpp)
{
	char path[1024];
	EVP_PKEY *key = NULL;
	X509 *cert;
	FILE *f;
	int ret;

	if (!evpp)
		return -EINVAL;

	*evpp = NULL;
	snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
	f = fopen(path, "r");
	if (!f) {
		fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
			path, strerror(errno));
		return -EACCES;
	}

	/* Read the certificate */
	cert = NULL;
	if (!PEM_read_X509(f, &cert, NULL, NULL)) {
		rsa_err("Couldn't read certificate");
		ret = -EINVAL;
		goto err_cert;
	}

	/* Get the public key from the certificate. */
	key = X509_get_pubkey(cert);
	if (!key) {
		rsa_err("Couldn't read public key\n");
		ret = -EINVAL;
		goto err_pubkey;
	}

	fclose(f);
	*evpp = key;
	X509_free(cert);

	return 0;

err_pubkey:
	X509_free(cert);
err_cert:
	fclose(f);
	return ret;
}

/**
 * rsa_engine_get_pub_key() - read a public key from given engine
 *
 * @keydir:	Key prefix
 * @name	Name of key
 * @engine	Engine to use
 * @evpp	Returns EVP_PKEY object, or NULL on failure
 * Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
 */
static int rsa_engine_get_pub_key(const char *keydir, const char *name,
				  ENGINE *engine, EVP_PKEY **evpp)
{
	const char *engine_id;
	char key_id[1024];
	EVP_PKEY *key = NULL;

	if (!evpp)
		return -EINVAL;

	*evpp = NULL;

	engine_id = ENGINE_get_id(engine);

	if (engine_id && !strcmp(engine_id, "pkcs11")) {
		if (keydir)
			if (strstr(keydir, "object="))
				snprintf(key_id, sizeof(key_id),
					 "%s;type=public",
					 keydir);
			else
				snprintf(key_id, sizeof(key_id),
					 "%s;object=%s;type=public",
					 keydir, name);
		else
			snprintf(key_id, sizeof(key_id),
				 "object=%s;type=public",
				 name);
	} else if (engine_id) {
		if (keydir)
			snprintf(key_id, sizeof(key_id),
				 "%s%s",
				 keydir, name);
		else
			snprintf(key_id, sizeof(key_id),
				 "%s",
				 name);
	} else {
		fprintf(stderr, "Engine not supported\n");
		return -ENOTSUP;
	}

	key = ENGINE_load_public_key(engine, key_id, NULL, NULL);
	if (!key)
		return rsa_err("Failure loading public key from engine");

	*evpp = key;

	return 0;
}

/**
 * rsa_get_pub_key() - read a public key
 *
 * @keydir:	Directory containing the key (PEM file) or key prefix (engine)
 * @name	Name of key file (will have a .crt extension)
 * @engine	Engine to use
 * @evpp	Returns EVP_PKEY object, or NULL on failure
 * Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
 */
static int rsa_get_pub_key(const char *keydir, const char *name,
			   ENGINE *engine, EVP_PKEY **evpp)
{
	if (engine)
		return rsa_engine_get_pub_key(keydir, name, engine, evpp);
	return rsa_pem_get_pub_key(keydir, name, evpp);
}

/**
 * rsa_pem_get_priv_key() - read a private key from a .key file
 *
 * @keydir:	Directory containing the key
 * @name	Name of key file (will have a .key extension)
 * @evpp	Returns EVP_PKEY object, or NULL on failure
 * Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
 */
static int rsa_pem_get_priv_key(const char *keydir, const char *name,
				const char *keyfile, EVP_PKEY **evpp)
{
	char path[1024] = {0};
	FILE *f = NULL;

	if (!evpp)
		return -EINVAL;

	*evpp = NULL;
	if (keydir && name)
		snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
	else if (keyfile)
		snprintf(path, sizeof(path), "%s", keyfile);
	else
		return -EINVAL;

	f = fopen(path, "r");
	if (!f) {
		fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
			path, strerror(errno));
		return -ENOENT;
	}

	if (!PEM_read_PrivateKey(f, evpp, NULL, path)) {
		rsa_err("Failure reading private key");
		fclose(f);
		return -EPROTO;
	}
	fclose(f);

	return 0;
}

/**
 * rsa_engine_get_priv_key() - read a private key from given engine
 *
 * @keydir:	Key prefix
 * @name	Name of key
 * @engine	Engine to use
 * @evpp	Returns EVP_PKEY object, or NULL on failure
 * Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
 */
static int rsa_engine_get_priv_key(const char *keydir, const char *name,
				   const char *keyfile,
				   ENGINE *engine, EVP_PKEY **evpp)
{
	const char *engine_id;
	char key_id[1024];
	EVP_PKEY *key = NULL;

	if (!evpp)
		return -EINVAL;

	engine_id = ENGINE_get_id(engine);

	if (engine_id && !strcmp(engine_id, "pkcs11")) {
		if (!keydir && !name) {
			fprintf(stderr, "Please use 'keydir' with PKCS11\n");
			return -EINVAL;
		}
		if (keydir)
			if (strstr(keydir, "object="))
				snprintf(key_id, sizeof(key_id),
					 "%s;type=private",
					 keydir);
			else
				snprintf(key_id, sizeof(key_id),
					 "%s;object=%s;type=private",
					 keydir, name);
		else
			snprintf(key_id, sizeof(key_id),
				 "object=%s;type=private",
				 name);
	} else if (engine_id) {
		if (keydir && name)
			snprintf(key_id, sizeof(key_id),
				 "%s%s",
				 keydir, name);
		else if (name)
			snprintf(key_id, sizeof(key_id),
				 "%s",
				 name ? name : "");
		else if (keyfile)
			snprintf(key_id, sizeof(key_id), "%s", keyfile);
		else
			return -EINVAL;

	} else {
		fprintf(stderr, "Engine not supported\n");
		return -ENOTSUP;
	}

	key = ENGINE_load_private_key(engine, key_id, NULL, NULL);
	if (!key)
		return rsa_err("Failure loading private key from engine");

	*evpp = key;

	return 0;
}

/**
 * rsa_get_priv_key() - read a private key
 *
 * @keydir:	Directory containing the key (PEM file) or key prefix (engine)
 * @name	Name of key
 * @engine	Engine to use for signing
 * @evpp	Returns EVP_PKEY object, or NULL on failure
 * Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
 */
static int rsa_get_priv_key(const char *keydir, const char *name,
			    const char *keyfile, ENGINE *engine, EVP_PKEY **evpp)
{
	if (engine)
		return rsa_engine_get_priv_key(keydir, name, keyfile, engine,
					       evpp);
	return rsa_pem_get_priv_key(keydir, name, keyfile, evpp);
}

static int rsa_init(void)
{
	int ret;

	ret = OPENSSL_init_ssl(0, NULL);
	if (!ret) {
		fprintf(stderr, "Failure to init SSL library\n");
		return -1;
	}

	return 0;
}

static int rsa_engine_init(const char *engine_id, ENGINE **pe)
{
	const char *key_pass;
	ENGINE *e;
	int ret;

	ENGINE_load_builtin_engines();

	e = ENGINE_by_id(engine_id);
	if (!e) {
		fprintf(stderr, "Engine isn't available\n");
		return -1;
	}

	if (!ENGINE_init(e)) {
		fprintf(stderr, "Couldn't initialize engine\n");
		ret = -1;
		goto err_engine_init;
	}

	if (!ENGINE_set_default_RSA(e)) {
		fprintf(stderr, "Couldn't set engine as default for RSA\n");
		ret = -1;
		goto err_set_rsa;
	}

	key_pass = getenv("MKIMAGE_SIGN_PIN");
	if (key_pass) {
		if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
			fprintf(stderr, "Couldn't set PIN\n");
			ret = -1;
			goto err_set_pin;
		}
	}

	*pe = e;

	return 0;

err_set_pin:
err_set_rsa:
	ENGINE_finish(e);
err_engine_init:
	ENGINE_free(e);
	return ret;
}

static void rsa_engine_remove(ENGINE *e)
{
	if (e) {
		ENGINE_finish(e);
		ENGINE_free(e);
	}
}

static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
			     struct checksum_algo *checksum_algo,
		const struct image_region region[], int region_count,
		uint8_t **sigp, uint *sig_size)
{
	EVP_PKEY_CTX *ckey;
	EVP_MD_CTX *context;
	int ret = 0;
	size_t size;
	uint8_t *sig;
	int i;

	size = EVP_PKEY_size(pkey);
	sig = malloc(size);
	if (!sig) {
		fprintf(stderr, "Out of memory for signature (%zu bytes)\n",
			size);
		ret = -ENOMEM;
		goto err_alloc;
	}

	context = EVP_MD_CTX_new();
	if (!context) {
		ret = rsa_err("EVP context creation failed");
		goto err_create;
	}

	ckey = EVP_PKEY_CTX_new(pkey, NULL);
	if (!ckey) {
		ret = rsa_err("EVP key context creation failed");
		goto err_create;
	}

	if (EVP_DigestSignInit(context, &ckey,
			       checksum_algo->calculate_sign(),
			       NULL, pkey) <= 0) {
		ret = rsa_err("Signer setup failed");
		goto err_sign;
	}

	if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo &&
	    !strcmp(padding_algo->name, "pss")) {
		if (EVP_PKEY_CTX_set_rsa_padding(ckey,
						 RSA_PKCS1_PSS_PADDING) <= 0) {
			ret = rsa_err("Signer padding setup failed");
			goto err_sign;
		}
	}

	for (i = 0; i < region_count; i++) {
		if (!EVP_DigestSignUpdate(context, region[i].data,
					  region[i].size)) {
			ret = rsa_err("Signing data failed");
			goto err_sign;
		}
	}

	if (!EVP_DigestSignFinal(context, sig, &size)) {
		ret = rsa_err("Could not obtain signature");
		goto err_sign;
	}

	EVP_MD_CTX_free(context);

	debug("Got signature: %zu bytes, expected %d\n", size, EVP_PKEY_size(pkey));
	*sigp = sig;
	*sig_size = size;

	return 0;

err_sign:
	EVP_MD_CTX_free(context);
err_create:
	free(sig);
err_alloc:
	return ret;
}

int rsa_sign(struct image_sign_info *info,
	     const struct image_region region[], int region_count,
	     uint8_t **sigp, uint *sig_len)
{
	EVP_PKEY *pkey = NULL;
	ENGINE *e = NULL;
	int ret;

	ret = rsa_init();
	if (ret)
		return ret;

	if (info->engine_id) {
		ret = rsa_engine_init(info->engine_id, &e);
		if (ret)
			return ret;
	}

	ret = rsa_get_priv_key(info->keydir, info->keyname, info->keyfile,
			       e, &pkey);
	if (ret)
		goto err_priv;
	ret = rsa_sign_with_key(pkey, info->padding, info->checksum, region,
				region_count, sigp, sig_len);
	if (ret)
		goto err_sign;

	EVP_PKEY_free(pkey);
	if (info->engine_id)
		rsa_engine_remove(e);

	return ret;

err_sign:
	EVP_PKEY_free(pkey);
err_priv:
	if (info->engine_id)
		rsa_engine_remove(e);
	return ret;
}

/*
 * rsa_get_exponent(): - Get the public exponent from an RSA key
 */
static int rsa_get_exponent(RSA *key, uint64_t *e)
{
	int ret;
	BIGNUM *bn_te;
	const BIGNUM *key_e;
	uint64_t te;

	ret = -EINVAL;
	bn_te = NULL;

	if (!e)
		goto cleanup;

	RSA_get0_key(key, NULL, &key_e, NULL);
	if (BN_num_bits(key_e) > 64)
		goto cleanup;

	*e = BN_get_word(key_e);

	if (BN_num_bits(key_e) < 33) {
		ret = 0;
		goto cleanup;
	}

	bn_te = BN_dup(key_e);
	if (!bn_te)
		goto cleanup;

	if (!BN_rshift(bn_te, bn_te, 32))
		goto cleanup;

	if (!BN_mask_bits(bn_te, 32))
		goto cleanup;

	te = BN_get_word(bn_te);
	te <<= 32;
	*e |= te;
	ret = 0;

cleanup:
	if (bn_te)
		BN_free(bn_te);

	return ret;
}

/*
 * rsa_get_params(): - Get the important parameters of an RSA public key
 */
int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
		   BIGNUM **modulusp, BIGNUM **r_squaredp)
{
	BIGNUM *big1, *big2, *big32, *big2_32;
	BIGNUM *n, *r, *r_squared, *tmp;
	const BIGNUM *key_n;
	BN_CTX *bn_ctx = BN_CTX_new();
	int ret = 0;

	/* Initialize BIGNUMs */
	big1 = BN_new();
	big2 = BN_new();
	big32 = BN_new();
	r = BN_new();
	r_squared = BN_new();
	tmp = BN_new();
	big2_32 = BN_new();
	n = BN_new();
	if (!big1 || !big2 || !big32 || !r || !r_squared || !tmp || !big2_32 ||
	    !n) {
		fprintf(stderr, "Out of memory (bignum)\n");
		return -ENOMEM;
	}

	if (0 != rsa_get_exponent(key, exponent))
		ret = -1;

	RSA_get0_key(key, &key_n, NULL, NULL);
	if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
	    !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
		ret = -1;

	/* big2_32 = 2^32 */
	if (!BN_exp(big2_32, big2, big32, bn_ctx))
		ret = -1;

	/* Calculate n0_inv = -1 / n[0] mod 2^32 */
	if (!BN_mod_inverse(tmp, n, big2_32, bn_ctx) ||
	    !BN_sub(tmp, big2_32, tmp))
		ret = -1;
	*n0_invp = BN_get_word(tmp);

	/* Calculate R = 2^(# of key bits) */
	if (!BN_set_word(tmp, BN_num_bits(n)) ||
	    !BN_exp(r, big2, tmp, bn_ctx))
		ret = -1;

	/* Calculate r_squared = R^2 mod n */
	if (!BN_copy(r_squared, r) ||
	    !BN_mul(tmp, r_squared, r, bn_ctx) ||
	    !BN_mod(r_squared, tmp, n, bn_ctx))
		ret = -1;

	*modulusp = n;
	*r_squaredp = r_squared;

	BN_free(big1);
	BN_free(big2);
	BN_free(big32);
	BN_free(r);
	BN_free(tmp);
	BN_free(big2_32);
	if (ret) {
		fprintf(stderr, "Bignum operations failed\n");
		return -ENOMEM;
	}

	return ret;
}

int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
{
	BIGNUM *modulus, *r_squared;
	uint64_t exponent;
	uint32_t n0_inv;
	int parent, node = -FDT_ERR_NOTFOUND;
	char name[100];
	int ret;
	int bits;
	RSA *rsa;
	EVP_PKEY *pkey = NULL;
	ENGINE *e = NULL;

	debug("%s: Getting verification data\n", __func__);
	if (info->engine_id) {
		ret = rsa_engine_init(info->engine_id, &e);
		if (ret)
			return ret;
	}
	ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
	if (ret)
		goto err_get_pub_key;

	rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
	ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
	if (ret)
		goto err_get_params;
	bits = BN_num_bits(modulus);
	parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME);
	if (parent == -FDT_ERR_NOTFOUND) {
		parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME);
		if (parent < 0) {
			ret = parent;
			if (ret != -FDT_ERR_NOSPACE) {
				fprintf(stderr, "Couldn't create signature node: %s\n",
					fdt_strerror(parent));
			}
		}
	}
	if (ret)
		goto done;

	/* Either create or overwrite the named key node */
	snprintf(name, sizeof(name), "key-%s", info->keyname);
	node = fdt_subnode_offset(keydest, parent, name);
	if (node == -FDT_ERR_NOTFOUND) {
		node = fdt_add_subnode(keydest, parent, name);
		if (node < 0) {
			ret = node;
			if (ret != -FDT_ERR_NOSPACE) {
				fprintf(stderr, "Could not create key subnode: %s\n",
					fdt_strerror(node));
			}
		}
	} else if (node < 0) {
		fprintf(stderr, "Cannot select keys parent: %s\n",
			fdt_strerror(node));
		ret = node;
	}

	if (!ret) {
		ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
					 info->keyname);
	}
	if (!ret)
		ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
	if (!ret)
		ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv);
	if (!ret) {
		ret = fdt_setprop_u64(keydest, node, "rsa,exponent", exponent);
	}
	if (!ret) {
		ret = fdt_add_bignum(keydest, node, "rsa,modulus", modulus,
				     bits);
	}
	if (!ret) {
		ret = fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared,
				     bits);
	}
	if (!ret) {
		ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP,
					 info->name);
	}
	if (!ret && info->require_keys) {
		ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
					 info->require_keys);
	}
done:
	BN_free(modulus);
	BN_free(r_squared);
	if (ret)
		ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
err_get_params:
	EVP_PKEY_free(pkey);
err_get_pub_key:
	if (info->engine_id)
		rsa_engine_remove(e);

	if (ret)
		return ret;

	return node;
}
Commit	Line	Data
83d290c5	1	// SPDX-License-Identifier: GPL-2.0+
19c402af SG	2	/*
19c402af SG	3	* Copyright (c) 2013, Google Inc.
19c402af SG	4	*/
19c402af SG	5
3a8b9199 HS	6	#define OPENSSL_API_COMPAT 0x10101000L
3a8b9199 HS	7
19c402af	8	#include "mkimage.h"
0ff042d8	9	#include <stdlib.h>
19c402af SG	10	#include <stdio.h>
19c402af SG	11	#include <string.h>
19c402af SG	12	#include <image.h>
19c402af SG	13	#include <time.h>
4c17e5f6	14	#include <u-boot/fdt-libcrypto.h>
c3b43281	15	#include <openssl/bn.h>
fbc77742	16	#include <openssl/ec.h>
19c402af SG	17	#include <openssl/rsa.h>
	18	#include <openssl/pem.h>
	19	#include <openssl/err.h>
	20	#include <openssl/ssl.h>
	21	#include <openssl/evp.h>
f1ca1fde	22	#include <openssl/engine.h>
19c402af	23
19c402af SG	24	static int rsa_err(const char *msg)
	25	{
	26	unsigned long sslErr = ERR_get_error();
	27
	28	fprintf(stderr, "%s", msg);
	29	fprintf(stderr, ": %s\n",
	30	ERR_error_string(sslErr, 0));
	31
	32	return -1;
	33	}
	34
	35	/**
f1ca1fde	36	* rsa_pem_get_pub_key() - read a public key from a .crt file
19c402af SG	37	*
	38	* @keydir: Directory containins the key
	39	* @name Name of key file (will have a .crt extension)
fbc77742	40	* @evpp Returns EVP_PKEY object, or NULL on failure
185f812c	41	* Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
19c402af	42	*/
fbc77742	43	static int rsa_pem_get_pub_key(const char keydir, const char name, EVP_PKEY **evpp)
19c402af SG	44	{
19c402af SG	45	char path[1024];
fbc77742	46	EVP_PKEY *key = NULL;
19c402af	47	X509 *cert;
19c402af SG	48	FILE *f;
	49	int ret;
	50
fbc77742 CD	51	if (!evpp)
	52	return -EINVAL;
	53
	54	*evpp = NULL;
19c402af SG	55	snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
	56	f = fopen(path, "r");
	57	if (!f) {
	58	fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
	59	path, strerror(errno));
	60	return -EACCES;
	61	}
	62
	63	/* Read the certificate */
	64	cert = NULL;
	65	if (!PEM_read_X509(f, &cert, NULL, NULL)) {
	66	rsa_err("Couldn't read certificate");
	67	ret = -EINVAL;
	68	goto err_cert;
	69	}
	70
	71	/* Get the public key from the certificate. */
	72	key = X509_get_pubkey(cert);
	73	if (!key) {
	74	rsa_err("Couldn't read public key\n");
	75	ret = -EINVAL;
	76	goto err_pubkey;
	77	}
	78
19c402af	79	fclose(f);
fbc77742	80	*evpp = key;
19c402af	81	X509_free(cert);
19c402af SG	82
	83	return 0;
	84
19c402af SG	85	err_pubkey:
	86	X509_free(cert);
	87	err_cert:
	88	fclose(f);
	89	return ret;
	90	}
	91
	92	/**
f1ca1fde	93	* rsa_engine_get_pub_key() - read a public key from given engine
19c402af	94	*
f1ca1fde GM	95	* @keydir: Key prefix
	96	* @name Name of key
	97	* @engine Engine to use
fbc77742	98	* @evpp Returns EVP_PKEY object, or NULL on failure
185f812c	99	* Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
f1ca1fde GM	100	*/
f1ca1fde GM	101	static int rsa_engine_get_pub_key(const char keydir, const char name,
fbc77742	102	ENGINE engine, EVP_PKEY *evpp)
f1ca1fde GM	103	{
	104	const char *engine_id;
	105	char key_id[1024];
fbc77742 CD	106	EVP_PKEY *key = NULL;
	107
	108	if (!evpp)
	109	return -EINVAL;
f1ca1fde	110
fbc77742	111	*evpp = NULL;
f1ca1fde GM	112
	113	engine_id = ENGINE_get_id(engine);
	114
	115	if (engine_id && !strcmp(engine_id, "pkcs11")) {
	116	if (keydir)
24bf6e84 JL	117	if (strstr(keydir, "object="))
24bf6e84 JL	118	snprintf(key_id, sizeof(key_id),
ece85cc0	119	"%s;type=public",
24bf6e84 JL	120	keydir);
	121	else
	122	snprintf(key_id, sizeof(key_id),
ece85cc0	123	"%s;object=%s;type=public",
24bf6e84	124	keydir, name);
f1ca1fde GM	125	else
f1ca1fde GM	126	snprintf(key_id, sizeof(key_id),
ece85cc0	127	"object=%s;type=public",
f1ca1fde	128	name);
5b123e01 VJ	129	} else if (engine_id) {
	130	if (keydir)
	131	snprintf(key_id, sizeof(key_id),
	132	"%s%s",
	133	keydir, name);
	134	else
	135	snprintf(key_id, sizeof(key_id),
	136	"%s",
	137	name);
f1ca1fde GM	138	} else {
	139	fprintf(stderr, "Engine not supported\n");
	140	return -ENOTSUP;
	141	}
	142
	143	key = ENGINE_load_public_key(engine, key_id, NULL, NULL);
	144	if (!key)
	145	return rsa_err("Failure loading public key from engine");
	146
fbc77742	147	*evpp = key;
f1ca1fde GM	148
f1ca1fde GM	149	return 0;
f1ca1fde GM	150	}
	151
	152	/**
	153	* rsa_get_pub_key() - read a public key
	154	*
	155	* @keydir: Directory containing the key (PEM file) or key prefix (engine)
	156	* @name Name of key file (will have a .crt extension)
	157	* @engine Engine to use
fbc77742	158	* @evpp Returns EVP_PKEY object, or NULL on failure
185f812c	159	* Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
f1ca1fde GM	160	*/
f1ca1fde GM	161	static int rsa_get_pub_key(const char keydir, const char name,
fbc77742	162	ENGINE engine, EVP_PKEY *evpp)
f1ca1fde GM	163	{
f1ca1fde GM	164	if (engine)
fbc77742 CD	165	return rsa_engine_get_pub_key(keydir, name, engine, evpp);
fbc77742 CD	166	return rsa_pem_get_pub_key(keydir, name, evpp);
f1ca1fde GM	167	}
	168
	169	/**
	170	* rsa_pem_get_priv_key() - read a private key from a .key file
	171	*
	172	* @keydir: Directory containing the key
19c402af	173	* @name Name of key file (will have a .key extension)
fbc77742	174	* @evpp Returns EVP_PKEY object, or NULL on failure
185f812c	175	* Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
19c402af	176	*/
f1ca1fde	177	static int rsa_pem_get_priv_key(const char keydir, const char name,
fbc77742	178	const char keyfile, EVP_PKEY *evpp)
19c402af	179	{
fbc77742 CD	180	char path[1024] = {0};
	181	FILE *f = NULL;
	182
	183	if (!evpp)
	184	return -EINVAL;
19c402af	185
fbc77742	186	*evpp = NULL;
824ee745 AG	187	if (keydir && name)
	188	snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
	189	else if (keyfile)
	190	snprintf(path, sizeof(path), "%s", keyfile);
	191	else
	192	return -EINVAL;
	193
19c402af SG	194	f = fopen(path, "r");
	195	if (!f) {
	196	fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
	197	path, strerror(errno));
	198	return -ENOENT;
	199	}
	200
fbc77742	201	if (!PEM_read_PrivateKey(f, evpp, NULL, path)) {
19c402af SG	202	rsa_err("Failure reading private key");
	203	fclose(f);
	204	return -EPROTO;
	205	}
	206	fclose(f);
19c402af SG	207
	208	return 0;
	209	}
	210
f1ca1fde GM	211	/**
	212	* rsa_engine_get_priv_key() - read a private key from given engine
	213	*
	214	* @keydir: Key prefix
	215	* @name Name of key
	216	* @engine Engine to use
fbc77742	217	* @evpp Returns EVP_PKEY object, or NULL on failure
185f812c	218	* Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
f1ca1fde GM	219	*/
f1ca1fde GM	220	static int rsa_engine_get_priv_key(const char keydir, const char name,
824ee745	221	const char *keyfile,
fbc77742	222	ENGINE engine, EVP_PKEY *evpp)
f1ca1fde GM	223	{
	224	const char *engine_id;
	225	char key_id[1024];
fbc77742	226	EVP_PKEY *key = NULL;
f1ca1fde	227
fbc77742 CD	228	if (!evpp)
fbc77742 CD	229	return -EINVAL;
f1ca1fde GM	230
	231	engine_id = ENGINE_get_id(engine);
	232
	233	if (engine_id && !strcmp(engine_id, "pkcs11")) {
824ee745 AG	234	if (!keydir && !name) {
	235	fprintf(stderr, "Please use 'keydir' with PKCS11\n");
	236	return -EINVAL;
	237	}
f1ca1fde	238	if (keydir)
24bf6e84 JL	239	if (strstr(keydir, "object="))
24bf6e84 JL	240	snprintf(key_id, sizeof(key_id),
ece85cc0	241	"%s;type=private",
24bf6e84 JL	242	keydir);
	243	else
	244	snprintf(key_id, sizeof(key_id),
ece85cc0	245	"%s;object=%s;type=private",
24bf6e84	246	keydir, name);
f1ca1fde GM	247	else
f1ca1fde GM	248	snprintf(key_id, sizeof(key_id),
ece85cc0	249	"object=%s;type=private",
f1ca1fde	250	name);
5b123e01	251	} else if (engine_id) {
824ee745	252	if (keydir && name)
5b123e01 VJ	253	snprintf(key_id, sizeof(key_id),
	254	"%s%s",
	255	keydir, name);
d607dfd8	256	else if (name)
5b123e01 VJ	257	snprintf(key_id, sizeof(key_id),
5b123e01 VJ	258	"%s",
295ab733	259	name ? name : "");
824ee745 AG	260	else if (keyfile)
	261	snprintf(key_id, sizeof(key_id), "%s", keyfile);
	262	else
	263	return -EINVAL;
	264
f1ca1fde GM	265	} else {
	266	fprintf(stderr, "Engine not supported\n");
	267	return -ENOTSUP;
	268	}
	269
	270	key = ENGINE_load_private_key(engine, key_id, NULL, NULL);
	271	if (!key)
	272	return rsa_err("Failure loading private key from engine");
	273
fbc77742	274	*evpp = key;
f1ca1fde GM	275
f1ca1fde GM	276	return 0;
f1ca1fde GM	277	}
	278
	279	/**
	280	* rsa_get_priv_key() - read a private key
	281	*
	282	* @keydir: Directory containing the key (PEM file) or key prefix (engine)
	283	* @name Name of key
	284	* @engine Engine to use for signing
fbc77742	285	* @evpp Returns EVP_PKEY object, or NULL on failure
185f812c	286	* Return: 0 if ok, -ve on error (in which case *evpp will be set to NULL)
f1ca1fde GM	287	*/
f1ca1fde GM	288	static int rsa_get_priv_key(const char keydir, const char name,
fbc77742	289	const char keyfile, ENGINE engine, EVP_PKEY **evpp)
f1ca1fde GM	290	{
f1ca1fde GM	291	if (engine)
824ee745	292	return rsa_engine_get_priv_key(keydir, name, keyfile, engine,
fbc77742 CD	293	evpp);
fbc77742 CD	294	return rsa_pem_get_priv_key(keydir, name, keyfile, evpp);
f1ca1fde GM	295	}
f1ca1fde GM	296
19c402af SG	297	static int rsa_init(void)
	298	{
	299	int ret;
	300
c3b43281	301	ret = OPENSSL_init_ssl(0, NULL);
19c402af SG	302	if (!ret) {
	303	fprintf(stderr, "Failure to init SSL library\n");
	304	return -1;
	305	}
19c402af SG	306
	307	return 0;
	308	}
	309
f1ca1fde GM	310	static int rsa_engine_init(const char engine_id, ENGINE *pe)
f1ca1fde GM	311	{
62b27a56	312	const char *key_pass;
f1ca1fde GM	313	ENGINE *e;
	314	int ret;
	315
	316	ENGINE_load_builtin_engines();
	317
	318	e = ENGINE_by_id(engine_id);
	319	if (!e) {
	320	fprintf(stderr, "Engine isn't available\n");
fe68a67a	321	return -1;
f1ca1fde GM	322	}
	323
	324	if (!ENGINE_init(e)) {
	325	fprintf(stderr, "Couldn't initialize engine\n");
	326	ret = -1;
	327	goto err_engine_init;
	328	}
	329
	330	if (!ENGINE_set_default_RSA(e)) {
	331	fprintf(stderr, "Couldn't set engine as default for RSA\n");
	332	ret = -1;
	333	goto err_set_rsa;
	334	}
	335
62b27a56 MKB	336	key_pass = getenv("MKIMAGE_SIGN_PIN");
	337	if (key_pass) {
	338	if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
	339	fprintf(stderr, "Couldn't set PIN\n");
	340	ret = -1;
	341	goto err_set_pin;
	342	}
	343	}
	344
f1ca1fde GM	345	*pe = e;
	346
	347	return 0;
	348
62b27a56	349	err_set_pin:
f1ca1fde GM	350	err_set_rsa:
	351	ENGINE_finish(e);
	352	err_engine_init:
	353	ENGINE_free(e);
f1ca1fde GM	354	return ret;
	355	}
	356
f1ca1fde GM	357	static void rsa_engine_remove(ENGINE *e)
	358	{
	359	if (e) {
	360	ENGINE_finish(e);
	361	ENGINE_free(e);
	362	}
	363	}
	364
fbc77742	365	static int rsa_sign_with_key(EVP_PKEY pkey, struct padding_algo padding_algo,
20031567	366	struct checksum_algo *checksum_algo,
646257d1 HS	367	const struct image_region region[], int region_count,
646257d1 HS	368	uint8_t *sigp, uint sig_size)
19c402af	369	{
20031567	370	EVP_PKEY_CTX *ckey;
19c402af	371	EVP_MD_CTX *context;
3b5d6979 PR	372	int ret = 0;
3b5d6979 PR	373	size_t size;
19c402af SG	374	uint8_t *sig;
	375	int i;
	376
fbc77742	377	size = EVP_PKEY_size(pkey);
19c402af SG	378	sig = malloc(size);
19c402af SG	379	if (!sig) {
3b5d6979	380	fprintf(stderr, "Out of memory for signature (%zu bytes)\n",
19c402af SG	381	size);
	382	ret = -ENOMEM;
	383	goto err_alloc;
	384	}
	385
9b5ad4f5	386	context = EVP_MD_CTX_new();
19c402af SG	387	if (!context) {
	388	ret = rsa_err("EVP context creation failed");
	389	goto err_create;
	390	}
20031567	391
fbc77742	392	ckey = EVP_PKEY_CTX_new(pkey, NULL);
20031567 PR	393	if (!ckey) {
	394	ret = rsa_err("EVP key context creation failed");
	395	goto err_create;
	396	}
	397
	398	if (EVP_DigestSignInit(context, &ckey,
3b5d6979	399	checksum_algo->calculate_sign(),
fbc77742	400	NULL, pkey) <= 0) {
19c402af SG	401	ret = rsa_err("Signer setup failed");
	402	goto err_sign;
	403	}
	404
2bbed3ff SG	405	if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo &&
2bbed3ff SG	406	!strcmp(padding_algo->name, "pss")) {
061daa0b PR	407	if (EVP_PKEY_CTX_set_rsa_padding(ckey,
	408	RSA_PKCS1_PSS_PADDING) <= 0) {
	409	ret = rsa_err("Signer padding setup failed");
	410	goto err_sign;
	411	}
	412	}
061daa0b	413
19c402af	414	for (i = 0; i < region_count; i++) {
3b5d6979 PR	415	if (!EVP_DigestSignUpdate(context, region[i].data,
3b5d6979 PR	416	region[i].size)) {
19c402af SG	417	ret = rsa_err("Signing data failed");
	418	goto err_sign;
	419	}
	420	}
	421
3b5d6979	422	if (!EVP_DigestSignFinal(context, sig, &size)) {
19c402af SG	423	ret = rsa_err("Could not obtain signature");
	424	goto err_sign;
	425	}
3b5d6979	426
9b5ad4f5	427	EVP_MD_CTX_free(context);
19c402af	428
6d59ace9	429	debug("Got signature: %zu bytes, expected %d\n", size, EVP_PKEY_size(pkey));
19c402af SG	430	*sigp = sig;
	431	*sig_size = size;
	432
	433	return 0;
	434
	435	err_sign:
9b5ad4f5	436	EVP_MD_CTX_free(context);
19c402af SG	437	err_create:
	438	free(sig);
	439	err_alloc:
19c402af SG	440	return ret;
	441	}
	442
	443	int rsa_sign(struct image_sign_info *info,
	444	const struct image_region region[], int region_count,
	445	uint8_t *sigp, uint sig_len)
	446	{
fbc77742	447	EVP_PKEY *pkey = NULL;
f1ca1fde	448	ENGINE *e = NULL;
19c402af SG	449	int ret;
	450
	451	ret = rsa_init();
	452	if (ret)
	453	return ret;
	454
f1ca1fde GM	455	if (info->engine_id) {
	456	ret = rsa_engine_init(info->engine_id, &e);
	457	if (ret)
fe68a67a	458	return ret;
f1ca1fde GM	459	}
f1ca1fde GM	460
824ee745	461	ret = rsa_get_priv_key(info->keydir, info->keyname, info->keyfile,
fbc77742	462	e, &pkey);
19c402af SG	463	if (ret)
19c402af SG	464	goto err_priv;
fbc77742	465	ret = rsa_sign_with_key(pkey, info->padding, info->checksum, region,
646257d1	466	region_count, sigp, sig_len);
19c402af SG	467	if (ret)
	468	goto err_sign;
	469
fbc77742	470	EVP_PKEY_free(pkey);
f1ca1fde GM	471	if (info->engine_id)
f1ca1fde GM	472	rsa_engine_remove(e);
19c402af SG	473
	474	return ret;
	475
	476	err_sign:
fbc77742	477	EVP_PKEY_free(pkey);
19c402af	478	err_priv:
f1ca1fde GM	479	if (info->engine_id)
f1ca1fde GM	480	rsa_engine_remove(e);
19c402af SG	481	return ret;
	482	}
	483
e0f2f155 MW	484	/*
	485	* rsa_get_exponent(): - Get the public exponent from an RSA key
	486	*/
	487	static int rsa_get_exponent(RSA key, uint64_t e)
	488	{
	489	int ret;
	490	BIGNUM *bn_te;
c3b43281	491	const BIGNUM *key_e;
e0f2f155 MW	492	uint64_t te;
	493
	494	ret = -EINVAL;
	495	bn_te = NULL;
	496
	497	if (!e)
	498	goto cleanup;
	499
c3b43281 JW	500	RSA_get0_key(key, NULL, &key_e, NULL);
c3b43281 JW	501	if (BN_num_bits(key_e) > 64)
e0f2f155 MW	502	goto cleanup;
e0f2f155 MW	503
c3b43281	504	*e = BN_get_word(key_e);
e0f2f155	505
c3b43281	506	if (BN_num_bits(key_e) < 33) {
e0f2f155 MW	507	ret = 0;
	508	goto cleanup;
	509	}
	510
c3b43281	511	bn_te = BN_dup(key_e);
e0f2f155 MW	512	if (!bn_te)
	513	goto cleanup;
	514
	515	if (!BN_rshift(bn_te, bn_te, 32))
	516	goto cleanup;
	517
	518	if (!BN_mask_bits(bn_te, 32))
	519	goto cleanup;
	520
	521	te = BN_get_word(bn_te);
	522	te <<= 32;
	523	*e \|= te;
	524	ret = 0;
	525
	526	cleanup:
	527	if (bn_te)
	528	BN_free(bn_te);
	529
	530	return ret;
	531	}
	532
19c402af SG	533	/*
	534	* rsa_get_params(): - Get the important parameters of an RSA public key
	535	*/
e0f2f155 MW	536	int rsa_get_params(RSA key, uint64_t exponent, uint32_t *n0_invp,
e0f2f155 MW	537	BIGNUM modulusp, BIGNUM r_squaredp)
19c402af SG	538	{
	539	BIGNUM big1, big2, big32, big2_32;
	540	BIGNUM n, r, r_squared, tmp;
c3b43281	541	const BIGNUM *key_n;
19c402af SG	542	BN_CTX *bn_ctx = BN_CTX_new();
	543	int ret = 0;
	544
	545	/* Initialize BIGNUMs */
	546	big1 = BN_new();
	547	big2 = BN_new();
	548	big32 = BN_new();
	549	r = BN_new();
	550	r_squared = BN_new();
	551	tmp = BN_new();
	552	big2_32 = BN_new();
	553	n = BN_new();
	554	if (!big1 \|\| !big2 \|\| !big32 \|\| !r \|\| !r_squared \|\| !tmp \|\| !big2_32 \|\|
	555	!n) {
	556	fprintf(stderr, "Out of memory (bignum)\n");
	557	return -ENOMEM;
	558	}
	559
e0f2f155 MW	560	if (0 != rsa_get_exponent(key, exponent))
	561	ret = -1;
	562
c3b43281 JW	563	RSA_get0_key(key, &key_n, NULL, NULL);
c3b43281 JW	564	if (!BN_copy(n, key_n) \|\| !BN_set_word(big1, 1L) \|\|
19c402af SG	565	!BN_set_word(big2, 2L) \|\| !BN_set_word(big32, 32L))
	566	ret = -1;
	567
	568	/* big2_32 = 2^32 */
	569	if (!BN_exp(big2_32, big2, big32, bn_ctx))
	570	ret = -1;
	571
	572	/* Calculate n0_inv = -1 / n[0] mod 2^32 */
	573	if (!BN_mod_inverse(tmp, n, big2_32, bn_ctx) \|\|
	574	!BN_sub(tmp, big2_32, tmp))
	575	ret = -1;
	576	*n0_invp = BN_get_word(tmp);
	577
	578	/* Calculate R = 2^(# of key bits) */
	579	if (!BN_set_word(tmp, BN_num_bits(n)) \|\|
	580	!BN_exp(r, big2, tmp, bn_ctx))
	581	ret = -1;
	582
	583	/* Calculate r_squared = R^2 mod n */
	584	if (!BN_copy(r_squared, r) \|\|
	585	!BN_mul(tmp, r_squared, r, bn_ctx) \|\|
	586	!BN_mod(r_squared, tmp, n, bn_ctx))
	587	ret = -1;
	588
	589	*modulusp = n;
	590	*r_squaredp = r_squared;
	591
	592	BN_free(big1);
	593	BN_free(big2);
	594	BN_free(big32);
	595	BN_free(r);
	596	BN_free(tmp);
	597	BN_free(big2_32);
	598	if (ret) {
	599	fprintf(stderr, "Bignum operations failed\n");
	600	return -ENOMEM;
	601	}
	602
	603	return ret;
	604	}
	605
19c402af SG	606	int rsa_add_verify_data(struct image_sign_info info, void keydest)
	607	{
	608	BIGNUM modulus, r_squared;
e0f2f155	609	uint64_t exponent;
19c402af	610	uint32_t n0_inv;
dd02c667	611	int parent, node = -FDT_ERR_NOTFOUND;
19c402af SG	612	char name[100];
	613	int ret;
	614	int bits;
	615	RSA *rsa;
fbc77742	616	EVP_PKEY *pkey = NULL;
f1ca1fde	617	ENGINE *e = NULL;
19c402af SG	618
19c402af SG	619	debug("%s: Getting verification data\n", __func__);
f1ca1fde GM	620	if (info->engine_id) {
	621	ret = rsa_engine_init(info->engine_id, &e);
	622	if (ret)
	623	return ret;
	624	}
fbc77742	625	ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
19c402af	626	if (ret)
f1ca1fde	627	goto err_get_pub_key;
fe68a67a	628
675c3ccc	629	rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
e0f2f155	630	ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
19c402af	631	if (ret)
f1ca1fde	632	goto err_get_params;
19c402af SG	633	bits = BN_num_bits(modulus);
	634	parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME);
	635	if (parent == -FDT_ERR_NOTFOUND) {
	636	parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME);
	637	if (parent < 0) {
597a8b2c SG	638	ret = parent;
	639	if (ret != -FDT_ERR_NOSPACE) {
	640	fprintf(stderr, "Couldn't create signature node: %s\n",
	641	fdt_strerror(parent));
	642	}
19c402af SG	643	}
19c402af SG	644	}
597a8b2c SG	645	if (ret)
597a8b2c SG	646	goto done;
19c402af SG	647
	648	/* Either create or overwrite the named key node */
	649	snprintf(name, sizeof(name), "key-%s", info->keyname);
	650	node = fdt_subnode_offset(keydest, parent, name);
	651	if (node == -FDT_ERR_NOTFOUND) {
	652	node = fdt_add_subnode(keydest, parent, name);
	653	if (node < 0) {
597a8b2c SG	654	ret = node;
	655	if (ret != -FDT_ERR_NOSPACE) {
	656	fprintf(stderr, "Could not create key subnode: %s\n",
	657	fdt_strerror(node));
	658	}
19c402af SG	659	}
	660	} else if (node < 0) {
	661	fprintf(stderr, "Cannot select keys parent: %s\n",
	662	fdt_strerror(node));
597a8b2c	663	ret = node;
19c402af SG	664	}
19c402af SG	665
597a8b2c	666	if (!ret) {
72188f54 SG	667	ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
72188f54 SG	668	info->keyname);
597a8b2c	669	}
4f427a42 SG	670	if (!ret)
	671	ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
	672	if (!ret)
	673	ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv);
e0f2f155 MW	674	if (!ret) {
	675	ret = fdt_setprop_u64(keydest, node, "rsa,exponent", exponent);
	676	}
4f427a42 SG	677	if (!ret) {
	678	ret = fdt_add_bignum(keydest, node, "rsa,modulus", modulus,
	679	bits);
	680	}
	681	if (!ret) {
	682	ret = fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared,
	683	bits);
	684	}
	685	if (!ret) {
	686	ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP,
83dd98e0	687	info->name);
4f427a42	688	}
2b9ec762	689	if (!ret && info->require_keys) {
72188f54	690	ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
4f427a42	691	info->require_keys);
19c402af	692	}
597a8b2c	693	done:
19c402af SG	694	BN_free(modulus);
	695	BN_free(r_squared);
	696	if (ret)
f1ca1fde GM	697	ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
f1ca1fde GM	698	err_get_params:
fbc77742	699	EVP_PKEY_free(pkey);
f1ca1fde GM	700	err_get_pub_key:
	701	if (info->engine_id)
	702	rsa_engine_remove(e);
19c402af	703
c033dc8c SG	704	if (ret)
	705	return ret;
	706
	707	return node;
19c402af	708	}