1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) 2013, Google Inc.
4 */
5
6 #include "mkimage.h"
7 #include <stdlib.h>
8 #include <stdio.h>
9 #include <string.h>
10 #include <image.h>
11 #include <time.h>
12 #include <openssl/bn.h>
13 #include <openssl/rsa.h>
14 #include <openssl/pem.h>
15 #include <openssl/err.h>
16 #include <openssl/ssl.h>
17 #include <openssl/evp.h>
18 #include <openssl/engine.h>
19
20 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
21 #define HAVE_ERR_REMOVE_THREAD_STATE
22 #endif
23
24 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
25 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
RSA_get0_key(const RSA * r,const BIGNUM ** n,const BIGNUM ** e,const BIGNUM ** d)26 static void RSA_get0_key(const RSA *r,
27 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
28 {
29 if (n != NULL)
30 *n = r->n;
31 if (e != NULL)
32 *e = r->e;
33 if (d != NULL)
34 *d = r->d;
35 }
36 #endif
37
rsa_err(const char * msg)38 static int rsa_err(const char *msg)
39 {
40 unsigned long sslErr = ERR_get_error();
41
42 fprintf(stderr, "%s", msg);
43 fprintf(stderr, ": %s\n",
44 ERR_error_string(sslErr, 0));
45
46 return -1;
47 }
48
49 /**
50 * rsa_pem_get_pub_key() - read a public key from a .crt file
51 *
52 * @keydir: Directory containins the key
53 * @name Name of key file (will have a .crt extension)
54 * @rsap Returns RSA object, or NULL on failure
55 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
56 */
rsa_pem_get_pub_key(const char * keydir,const char * name,RSA ** rsap)57 static int rsa_pem_get_pub_key(const char *keydir, const char *name, RSA **rsap)
58 {
59 char path[1024];
60 EVP_PKEY *key;
61 X509 *cert;
62 RSA *rsa;
63 FILE *f;
64 int ret;
65
66 *rsap = NULL;
67 snprintf(path, sizeof(path), "%s/%s.crt", keydir, name);
68 f = fopen(path, "r");
69 if (!f) {
70 fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n",
71 path, strerror(errno));
72 return -EACCES;
73 }
74
75 /* Read the certificate */
76 cert = NULL;
77 if (!PEM_read_X509(f, &cert, NULL, NULL)) {
78 rsa_err("Couldn't read certificate");
79 ret = -EINVAL;
80 goto err_cert;
81 }
82
83 /* Get the public key from the certificate. */
84 key = X509_get_pubkey(cert);
85 if (!key) {
86 rsa_err("Couldn't read public key\n");
87 ret = -EINVAL;
88 goto err_pubkey;
89 }
90
91 /* Convert to a RSA_style key. */
92 rsa = EVP_PKEY_get1_RSA(key);
93 if (!rsa) {
94 rsa_err("Couldn't convert to a RSA style key");
95 ret = -EINVAL;
96 goto err_rsa;
97 }
98 fclose(f);
99 EVP_PKEY_free(key);
100 X509_free(cert);
101 *rsap = rsa;
102
103 return 0;
104
105 err_rsa:
106 EVP_PKEY_free(key);
107 err_pubkey:
108 X509_free(cert);
109 err_cert:
110 fclose(f);
111 return ret;
112 }
113
114 /**
115 * rsa_engine_get_pub_key() - read a public key from given engine
116 *
117 * @keydir: Key prefix
118 * @name Name of key
119 * @engine Engine to use
120 * @rsap Returns RSA object, or NULL on failure
121 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
122 */
rsa_engine_get_pub_key(const char * keydir,const char * name,ENGINE * engine,RSA ** rsap)123 static int rsa_engine_get_pub_key(const char *keydir, const char *name,
124 ENGINE *engine, RSA **rsap)
125 {
126 const char *engine_id;
127 char key_id[1024];
128 EVP_PKEY *key;
129 RSA *rsa;
130 int ret;
131
132 *rsap = NULL;
133
134 engine_id = ENGINE_get_id(engine);
135
136 if (engine_id && !strcmp(engine_id, "pkcs11")) {
137 if (keydir)
138 if (strstr(keydir, "object="))
139 snprintf(key_id, sizeof(key_id),
140 "pkcs11:%s;type=public",
141 keydir);
142 else
143 snprintf(key_id, sizeof(key_id),
144 "pkcs11:%s;object=%s;type=public",
145 keydir, name);
146 else
147 snprintf(key_id, sizeof(key_id),
148 "pkcs11:object=%s;type=public",
149 name);
150 } else if (engine_id) {
151 if (keydir)
152 snprintf(key_id, sizeof(key_id),
153 "%s%s",
154 keydir, name);
155 else
156 snprintf(key_id, sizeof(key_id),
157 "%s",
158 name);
159 } else {
160 fprintf(stderr, "Engine not supported\n");
161 return -ENOTSUP;
162 }
163
164 key = ENGINE_load_public_key(engine, key_id, NULL, NULL);
165 if (!key)
166 return rsa_err("Failure loading public key from engine");
167
168 /* Convert to a RSA_style key. */
169 rsa = EVP_PKEY_get1_RSA(key);
170 if (!rsa) {
171 rsa_err("Couldn't convert to a RSA style key");
172 ret = -EINVAL;
173 goto err_rsa;
174 }
175
176 EVP_PKEY_free(key);
177 *rsap = rsa;
178
179 return 0;
180
181 err_rsa:
182 EVP_PKEY_free(key);
183 return ret;
184 }
185
186 /**
187 * rsa_get_pub_key() - read a public key
188 *
189 * @keydir: Directory containing the key (PEM file) or key prefix (engine)
190 * @name Name of key file (will have a .crt extension)
191 * @engine Engine to use
192 * @rsap Returns RSA object, or NULL on failure
193 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
194 */
rsa_get_pub_key(const char * keydir,const char * name,ENGINE * engine,RSA ** rsap)195 static int rsa_get_pub_key(const char *keydir, const char *name,
196 ENGINE *engine, RSA **rsap)
197 {
198 if (engine)
199 return rsa_engine_get_pub_key(keydir, name, engine, rsap);
200 return rsa_pem_get_pub_key(keydir, name, rsap);
201 }
202
203 /**
204 * rsa_pem_get_priv_key() - read a private key from a .key file
205 *
206 * @keydir: Directory containing the key
207 * @name Name of key file (will have a .key extension)
208 * @rsap Returns RSA object, or NULL on failure
209 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
210 */
rsa_pem_get_priv_key(const char * keydir,const char * name,RSA ** rsap)211 static int rsa_pem_get_priv_key(const char *keydir, const char *name,
212 RSA **rsap)
213 {
214 char path[1024];
215 RSA *rsa;
216 FILE *f;
217
218 *rsap = NULL;
219 snprintf(path, sizeof(path), "%s/%s.key", keydir, name);
220 f = fopen(path, "r");
221 if (!f) {
222 fprintf(stderr, "Couldn't open RSA private key: '%s': %s\n",
223 path, strerror(errno));
224 return -ENOENT;
225 }
226
227 rsa = PEM_read_RSAPrivateKey(f, 0, NULL, path);
228 if (!rsa) {
229 rsa_err("Failure reading private key");
230 fclose(f);
231 return -EPROTO;
232 }
233 fclose(f);
234 *rsap = rsa;
235
236 return 0;
237 }
238
239 /**
240 * rsa_engine_get_priv_key() - read a private key from given engine
241 *
242 * @keydir: Key prefix
243 * @name Name of key
244 * @engine Engine to use
245 * @rsap Returns RSA object, or NULL on failure
246 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
247 */
rsa_engine_get_priv_key(const char * keydir,const char * name,ENGINE * engine,RSA ** rsap)248 static int rsa_engine_get_priv_key(const char *keydir, const char *name,
249 ENGINE *engine, RSA **rsap)
250 {
251 const char *engine_id;
252 char key_id[1024];
253 EVP_PKEY *key;
254 RSA *rsa;
255 int ret;
256
257 *rsap = NULL;
258
259 engine_id = ENGINE_get_id(engine);
260
261 if (engine_id && !strcmp(engine_id, "pkcs11")) {
262 if (keydir)
263 if (strstr(keydir, "object="))
264 snprintf(key_id, sizeof(key_id),
265 "pkcs11:%s;type=private",
266 keydir);
267 else
268 snprintf(key_id, sizeof(key_id),
269 "pkcs11:%s;object=%s;type=private",
270 keydir, name);
271 else
272 snprintf(key_id, sizeof(key_id),
273 "pkcs11:object=%s;type=private",
274 name);
275 } else if (engine_id) {
276 if (keydir)
277 snprintf(key_id, sizeof(key_id),
278 "%s%s",
279 keydir, name);
280 else
281 snprintf(key_id, sizeof(key_id),
282 "%s",
283 name);
284 } else {
285 fprintf(stderr, "Engine not supported\n");
286 return -ENOTSUP;
287 }
288
289 key = ENGINE_load_private_key(engine, key_id, NULL, NULL);
290 if (!key)
291 return rsa_err("Failure loading private key from engine");
292
293 /* Convert to a RSA_style key. */
294 rsa = EVP_PKEY_get1_RSA(key);
295 if (!rsa) {
296 rsa_err("Couldn't convert to a RSA style key");
297 ret = -EINVAL;
298 goto err_rsa;
299 }
300
301 EVP_PKEY_free(key);
302 *rsap = rsa;
303
304 return 0;
305
306 err_rsa:
307 EVP_PKEY_free(key);
308 return ret;
309 }
310
311 /**
312 * rsa_get_priv_key() - read a private key
313 *
314 * @keydir: Directory containing the key (PEM file) or key prefix (engine)
315 * @name Name of key
316 * @engine Engine to use for signing
317 * @rsap Returns RSA object, or NULL on failure
318 * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL)
319 */
rsa_get_priv_key(const char * keydir,const char * name,ENGINE * engine,RSA ** rsap)320 static int rsa_get_priv_key(const char *keydir, const char *name,
321 ENGINE *engine, RSA **rsap)
322 {
323 if (engine)
324 return rsa_engine_get_priv_key(keydir, name, engine, rsap);
325 return rsa_pem_get_priv_key(keydir, name, rsap);
326 }
327
rsa_init(void)328 static int rsa_init(void)
329 {
330 int ret;
331
332 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
333 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
334 ret = SSL_library_init();
335 #else
336 ret = OPENSSL_init_ssl(0, NULL);
337 #endif
338 if (!ret) {
339 fprintf(stderr, "Failure to init SSL library\n");
340 return -1;
341 }
342 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
343 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
344 SSL_load_error_strings();
345
346 OpenSSL_add_all_algorithms();
347 OpenSSL_add_all_digests();
348 OpenSSL_add_all_ciphers();
349 #endif
350
351 return 0;
352 }
353
rsa_engine_init(const char * engine_id,ENGINE ** pe)354 static int rsa_engine_init(const char *engine_id, ENGINE **pe)
355 {
356 ENGINE *e;
357 int ret;
358
359 ENGINE_load_builtin_engines();
360
361 e = ENGINE_by_id(engine_id);
362 if (!e) {
363 fprintf(stderr, "Engine isn't available\n");
364 ret = -1;
365 goto err_engine_by_id;
366 }
367
368 if (!ENGINE_init(e)) {
369 fprintf(stderr, "Couldn't initialize engine\n");
370 ret = -1;
371 goto err_engine_init;
372 }
373
374 if (!ENGINE_set_default_RSA(e)) {
375 fprintf(stderr, "Couldn't set engine as default for RSA\n");
376 ret = -1;
377 goto err_set_rsa;
378 }
379
380 *pe = e;
381
382 return 0;
383
384 err_set_rsa:
385 ENGINE_finish(e);
386 err_engine_init:
387 ENGINE_free(e);
388 err_engine_by_id:
389 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
390 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
391 ENGINE_cleanup();
392 #endif
393 return ret;
394 }
395
rsa_remove(void)396 static void rsa_remove(void)
397 {
398 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
399 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
400 CRYPTO_cleanup_all_ex_data();
401 ERR_free_strings();
402 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
403 ERR_remove_thread_state(NULL);
404 #else
405 ERR_remove_state(0);
406 #endif
407 EVP_cleanup();
408 #endif
409 }
410
rsa_engine_remove(ENGINE * e)411 static void rsa_engine_remove(ENGINE *e)
412 {
413 if (e) {
414 ENGINE_finish(e);
415 ENGINE_free(e);
416 }
417 }
418
rsa_sign_with_key(RSA * rsa,struct padding_algo * padding_algo,struct checksum_algo * checksum_algo,const struct image_region region[],int region_count,uint8_t ** sigp,uint * sig_size)419 static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo,
420 struct checksum_algo *checksum_algo,
421 const struct image_region region[], int region_count,
422 uint8_t **sigp, uint *sig_size)
423 {
424 EVP_PKEY *key;
425 EVP_PKEY_CTX *ckey;
426 EVP_MD_CTX *context;
427 int ret = 0;
428 size_t size;
429 uint8_t *sig;
430 int i;
431
432 key = EVP_PKEY_new();
433 if (!key)
434 return rsa_err("EVP_PKEY object creation failed");
435
436 if (!EVP_PKEY_set1_RSA(key, rsa)) {
437 ret = rsa_err("EVP key setup failed");
438 goto err_set;
439 }
440
441 size = EVP_PKEY_size(key);
442 sig = malloc(size);
443 if (!sig) {
444 fprintf(stderr, "Out of memory for signature (%zu bytes)\n",
445 size);
446 ret = -ENOMEM;
447 goto err_alloc;
448 }
449
450 context = EVP_MD_CTX_create();
451 if (!context) {
452 ret = rsa_err("EVP context creation failed");
453 goto err_create;
454 }
455 EVP_MD_CTX_init(context);
456
457 ckey = EVP_PKEY_CTX_new(key, NULL);
458 if (!ckey) {
459 ret = rsa_err("EVP key context creation failed");
460 goto err_create;
461 }
462
463 if (EVP_DigestSignInit(context, &ckey,
464 checksum_algo->calculate_sign(),
465 NULL, key) <= 0) {
466 ret = rsa_err("Signer setup failed");
467 goto err_sign;
468 }
469
470 #ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
471 if (padding_algo && !strcmp(padding_algo->name, "pss")) {
472 if (EVP_PKEY_CTX_set_rsa_padding(ckey,
473 RSA_PKCS1_PSS_PADDING) <= 0) {
474 ret = rsa_err("Signer padding setup failed");
475 goto err_sign;
476 }
477 }
478 #endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
479
480 for (i = 0; i < region_count; i++) {
481 if (!EVP_DigestSignUpdate(context, region[i].data,
482 region[i].size)) {
483 ret = rsa_err("Signing data failed");
484 goto err_sign;
485 }
486 }
487
488 if (!EVP_DigestSignFinal(context, sig, &size)) {
489 ret = rsa_err("Could not obtain signature");
490 goto err_sign;
491 }
492
493 #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
494 (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
495 EVP_MD_CTX_cleanup(context);
496 #else
497 EVP_MD_CTX_reset(context);
498 #endif
499 EVP_MD_CTX_destroy(context);
500 EVP_PKEY_free(key);
501
502 debug("Got signature: %d bytes, expected %zu\n", *sig_size, size);
503 *sigp = sig;
504 *sig_size = size;
505
506 return 0;
507
508 err_sign:
509 EVP_MD_CTX_destroy(context);
510 err_create:
511 free(sig);
512 err_alloc:
513 err_set:
514 EVP_PKEY_free(key);
515 return ret;
516 }
517
rsa_sign(struct image_sign_info * info,const struct image_region region[],int region_count,uint8_t ** sigp,uint * sig_len)518 int rsa_sign(struct image_sign_info *info,
519 const struct image_region region[], int region_count,
520 uint8_t **sigp, uint *sig_len)
521 {
522 RSA *rsa;
523 ENGINE *e = NULL;
524 int ret;
525
526 ret = rsa_init();
527 if (ret)
528 return ret;
529
530 if (info->engine_id) {
531 ret = rsa_engine_init(info->engine_id, &e);
532 if (ret)
533 goto err_engine;
534 }
535
536 ret = rsa_get_priv_key(info->keydir, info->keyname, e, &rsa);
537 if (ret)
538 goto err_priv;
539 ret = rsa_sign_with_key(rsa, info->padding, info->checksum, region,
540 region_count, sigp, sig_len);
541 if (ret)
542 goto err_sign;
543
544 RSA_free(rsa);
545 if (info->engine_id)
546 rsa_engine_remove(e);
547 rsa_remove();
548
549 return ret;
550
551 err_sign:
552 RSA_free(rsa);
553 err_priv:
554 if (info->engine_id)
555 rsa_engine_remove(e);
556 err_engine:
557 rsa_remove();
558 return ret;
559 }
560
561 /*
562 * rsa_get_exponent(): - Get the public exponent from an RSA key
563 */
rsa_get_exponent(RSA * key,uint64_t * e)564 static int rsa_get_exponent(RSA *key, uint64_t *e)
565 {
566 int ret;
567 BIGNUM *bn_te;
568 const BIGNUM *key_e;
569 uint64_t te;
570
571 ret = -EINVAL;
572 bn_te = NULL;
573
574 if (!e)
575 goto cleanup;
576
577 RSA_get0_key(key, NULL, &key_e, NULL);
578 if (BN_num_bits(key_e) > 64)
579 goto cleanup;
580
581 *e = BN_get_word(key_e);
582
583 if (BN_num_bits(key_e) < 33) {
584 ret = 0;
585 goto cleanup;
586 }
587
588 bn_te = BN_dup(key_e);
589 if (!bn_te)
590 goto cleanup;
591
592 if (!BN_rshift(bn_te, bn_te, 32))
593 goto cleanup;
594
595 if (!BN_mask_bits(bn_te, 32))
596 goto cleanup;
597
598 te = BN_get_word(bn_te);
599 te <<= 32;
600 *e |= te;
601 ret = 0;
602
603 cleanup:
604 if (bn_te)
605 BN_free(bn_te);
606
607 return ret;
608 }
609
610 /*
611 * rsa_get_params(): - Get the important parameters of an RSA public key
612 */
rsa_get_params(RSA * key,uint64_t * exponent,uint32_t * n0_invp,BIGNUM ** modulusp,BIGNUM ** r_squaredp)613 int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
614 BIGNUM **modulusp, BIGNUM **r_squaredp)
615 {
616 BIGNUM *big1, *big2, *big32, *big2_32;
617 BIGNUM *n, *r, *r_squared, *tmp;
618 const BIGNUM *key_n;
619 BN_CTX *bn_ctx = BN_CTX_new();
620 int ret = 0;
621
622 /* Initialize BIGNUMs */
623 big1 = BN_new();
624 big2 = BN_new();
625 big32 = BN_new();
626 r = BN_new();
627 r_squared = BN_new();
628 tmp = BN_new();
629 big2_32 = BN_new();
630 n = BN_new();
631 if (!big1 || !big2 || !big32 || !r || !r_squared || !tmp || !big2_32 ||
632 !n) {
633 fprintf(stderr, "Out of memory (bignum)\n");
634 return -ENOMEM;
635 }
636
637 if (0 != rsa_get_exponent(key, exponent))
638 ret = -1;
639
640 RSA_get0_key(key, &key_n, NULL, NULL);
641 if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
642 !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
643 ret = -1;
644
645 /* big2_32 = 2^32 */
646 if (!BN_exp(big2_32, big2, big32, bn_ctx))
647 ret = -1;
648
649 /* Calculate n0_inv = -1 / n[0] mod 2^32 */
650 if (!BN_mod_inverse(tmp, n, big2_32, bn_ctx) ||
651 !BN_sub(tmp, big2_32, tmp))
652 ret = -1;
653 *n0_invp = BN_get_word(tmp);
654
655 /* Calculate R = 2^(# of key bits) */
656 if (!BN_set_word(tmp, BN_num_bits(n)) ||
657 !BN_exp(r, big2, tmp, bn_ctx))
658 ret = -1;
659
660 /* Calculate r_squared = R^2 mod n */
661 if (!BN_copy(r_squared, r) ||
662 !BN_mul(tmp, r_squared, r, bn_ctx) ||
663 !BN_mod(r_squared, tmp, n, bn_ctx))
664 ret = -1;
665
666 *modulusp = n;
667 *r_squaredp = r_squared;
668
669 BN_free(big1);
670 BN_free(big2);
671 BN_free(big32);
672 BN_free(r);
673 BN_free(tmp);
674 BN_free(big2_32);
675 if (ret) {
676 fprintf(stderr, "Bignum operations failed\n");
677 return -ENOMEM;
678 }
679
680 return ret;
681 }
682
fdt_add_bignum(void * blob,int noffset,const char * prop_name,BIGNUM * num,int num_bits)683 static int fdt_add_bignum(void *blob, int noffset, const char *prop_name,
684 BIGNUM *num, int num_bits)
685 {
686 int nwords = num_bits / 32;
687 int size;
688 uint32_t *buf, *ptr;
689 BIGNUM *tmp, *big2, *big32, *big2_32;
690 BN_CTX *ctx;
691 int ret;
692
693 tmp = BN_new();
694 big2 = BN_new();
695 big32 = BN_new();
696 big2_32 = BN_new();
697
698 /*
699 * Note: This code assumes that all of the above succeed, or all fail.
700 * In practice memory allocations generally do not fail (unless the
701 * process is killed), so it does not seem worth handling each of these
702 * as a separate case. Technicaly this could leak memory on failure,
703 * but a) it won't happen in practice, and b) it doesn't matter as we
704 * will immediately exit with a failure code.
705 */
706 if (!tmp || !big2 || !big32 || !big2_32) {
707 fprintf(stderr, "Out of memory (bignum)\n");
708 return -ENOMEM;
709 }
710 ctx = BN_CTX_new();
711 if (!ctx) {
712 fprintf(stderr, "Out of memory (bignum context)\n");
713 return -ENOMEM;
714 }
715 BN_set_word(big2, 2L);
716 BN_set_word(big32, 32L);
717 BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */
718
719 size = nwords * sizeof(uint32_t);
720 buf = malloc(size);
721 if (!buf) {
722 fprintf(stderr, "Out of memory (%d bytes)\n", size);
723 return -ENOMEM;
724 }
725
726 /* Write out modulus as big endian array of integers */
727 for (ptr = buf + nwords - 1; ptr >= buf; ptr--) {
728 BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */
729 *ptr = cpu_to_fdt32(BN_get_word(tmp));
730 BN_rshift(num, num, 32); /* N = N/B */
731 }
732
733 /*
734 * We try signing with successively increasing size values, so this
735 * might fail several times
736 */
737 ret = fdt_setprop(blob, noffset, prop_name, buf, size);
738 free(buf);
739 BN_free(tmp);
740 BN_free(big2);
741 BN_free(big32);
742 BN_free(big2_32);
743
744 return ret ? -FDT_ERR_NOSPACE : 0;
745 }
746
rsa_add_verify_data(struct image_sign_info * info,void * keydest)747 int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
748 {
749 BIGNUM *modulus, *r_squared;
750 uint64_t exponent;
751 uint32_t n0_inv;
752 int parent, node;
753 char name[100];
754 int ret;
755 int bits;
756 RSA *rsa;
757 ENGINE *e = NULL;
758
759 debug("%s: Getting verification data\n", __func__);
760 if (info->engine_id) {
761 ret = rsa_engine_init(info->engine_id, &e);
762 if (ret)
763 return ret;
764 }
765 ret = rsa_get_pub_key(info->keydir, info->keyname, e, &rsa);
766 if (ret)
767 goto err_get_pub_key;
768 ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
769 if (ret)
770 goto err_get_params;
771 bits = BN_num_bits(modulus);
772 parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME);
773 if (parent == -FDT_ERR_NOTFOUND) {
774 parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME);
775 if (parent < 0) {
776 ret = parent;
777 if (ret != -FDT_ERR_NOSPACE) {
778 fprintf(stderr, "Couldn't create signature node: %s\n",
779 fdt_strerror(parent));
780 }
781 }
782 }
783 if (ret)
784 goto done;
785
786 /* Either create or overwrite the named key node */
787 snprintf(name, sizeof(name), "key-%s", info->keyname);
788 node = fdt_subnode_offset(keydest, parent, name);
789 if (node == -FDT_ERR_NOTFOUND) {
790 node = fdt_add_subnode(keydest, parent, name);
791 if (node < 0) {
792 ret = node;
793 if (ret != -FDT_ERR_NOSPACE) {
794 fprintf(stderr, "Could not create key subnode: %s\n",
795 fdt_strerror(node));
796 }
797 }
798 } else if (node < 0) {
799 fprintf(stderr, "Cannot select keys parent: %s\n",
800 fdt_strerror(node));
801 ret = node;
802 }
803
804 if (!ret) {
805 ret = fdt_setprop_string(keydest, node, FIT_KEY_HINT,
806 info->keyname);
807 }
808 if (!ret)
809 ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits);
810 if (!ret)
811 ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv);
812 if (!ret) {
813 ret = fdt_setprop_u64(keydest, node, "rsa,exponent", exponent);
814 }
815 if (!ret) {
816 ret = fdt_add_bignum(keydest, node, "rsa,modulus", modulus,
817 bits);
818 }
819 if (!ret) {
820 ret = fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared,
821 bits);
822 }
823 if (!ret) {
824 ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP,
825 info->name);
826 }
827 if (!ret && info->require_keys) {
828 ret = fdt_setprop_string(keydest, node, FIT_KEY_REQUIRED,
829 info->require_keys);
830 }
831 done:
832 BN_free(modulus);
833 BN_free(r_squared);
834 if (ret)
835 ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
836 err_get_params:
837 RSA_free(rsa);
838 err_get_pub_key:
839 if (info->engine_id)
840 rsa_engine_remove(e);
841
842 return ret;
843 }
844