diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2022-05-19 13:55:44 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2022-05-19 13:55:44 +0200 |
| commit | ac082938497f82c4cf1aa015436a4b8261741348 (patch) | |
| tree | 60339c61f3bbfbdb4cc038b8d2a559793754a605 | |
| parent | acef9438e94f5960064d650080270549eae27ab7 (diff) | |
| parent | 66faea1edf07acd85dadbd67e208bef651ede2a0 (diff) | |
| download | barebox-ac082938497f82c4cf1aa015436a4b8261741348.tar.gz barebox-ac082938497f82c4cf1aa015436a4b8261741348.tar.xz | |
Merge branch 'for-next/rsa'
| -rw-r--r-- | common/image-fit.c | 51 | ||||
| -rw-r--r-- | crypto/Makefile | 12 | ||||
| -rw-r--r-- | crypto/rsa.c | 135 | ||||
| -rw-r--r-- | include/rsa.h | 7 | ||||
| -rw-r--r-- | scripts/Kbuild.include | 49 | ||||
| -rw-r--r-- | scripts/rsatoc.c | 109 |
6 files changed, 221 insertions, 142 deletions
diff --git a/common/image-fit.c b/common/image-fit.c index 38a372ff52..a410632d70 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -255,10 +255,8 @@ static struct digest *fit_alloc_digest(struct device_node *sig_node, static int fit_check_rsa_signature(struct device_node *sig_node, enum hash_algo algo, void *hash) { - struct rsa_public_key *key; - const char *key_name; - char *key_path; - struct device_node *key_node; + const struct rsa_public_key *key; + const char *key_name = NULL; int sig_len; const char *sig_value; int ret; @@ -269,39 +267,32 @@ static int fit_check_rsa_signature(struct device_node *sig_node, return -EINVAL; } - if (of_property_read_string(sig_node, "key-name-hint", &key_name)) { - pr_err("key name not found in %s\n", sig_node->full_name); - return -EINVAL; - } - - key = rsa_get_key(key_name); - if (IS_ERR(key)) { - key_path = xasprintf("/signature/key-%s", key_name); - key_node = of_find_node_by_path(key_path); - if (!key_node) { - pr_info("failed to find key node %s\n", key_path); - free(key_path); - return -ENOENT; + of_property_read_string(sig_node, "key-name-hint", &key_name); + if (key_name) { + key = rsa_get_key(key_name); + if (key) { + ret = rsa_verify(key, sig_value, sig_len, hash, algo); + if (!ret) + goto ok; } - free(key_path); + } - key = rsa_of_read_key(key_node); + for_each_rsa_key(key) { + if (key_name && !strcmp(key->key_name_hint, key_name)) + continue; - if (IS_ERR(key)) { - pr_info("failed to read key in %s\n", key_node->full_name); - return -ENOENT; - } + ret = rsa_verify(key, sig_value, sig_len, hash, algo); + if (!ret) + goto ok; } - ret = rsa_verify(key, sig_value, sig_len, hash, algo); - if (ret) - pr_err("image signature BAD\n"); - else - pr_info("image signature OK\n"); + pr_err("image signature BAD\n"); - rsa_key_free(key); + return -EBADMSG; +ok: + pr_info("image signature OK\n"); - return ret; + return 0; } /* diff --git a/crypto/Makefile b/crypto/Makefile index be0f79d4e3..7e67f58bc7 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -25,7 +25,13 @@ extra-$(CONFIG_CRYPTO_RSA_BUILTIN_KEYS) += rsa-keys.h ifdef CONFIG_CRYPTO_RSA_BUILTIN_KEYS $(obj)/rsa.o: $(obj)/rsa-keys.h -$(eval $(call config_filename,CRYPTO_RSA_KEY)) -$(obj)/rsa-keys.h: FORCE - $(call cmd,rsa_keys,$(CONFIG_CRYPTO_RSA_KEY_NAME_HINT):$(CRYPTO_RSA_KEY_SRCPREFIX)$(CRYPTO_RSA_KEY_FILENAME)) + +CONFIG_CRYPTO_RSA_KEY := $(CONFIG_CRYPTO_RSA_KEY:"%"=%) + +ifneq ($(filter-out pkcs11:%, $(CONFIG_CRYPTO_RSA_KEY)),) +RSA_DEP := $(CONFIG_CRYPTO_RSA_KEY) +endif + +$(obj)/rsa-keys.h: $(RSA_DEP) FORCE + $(call cmd,rsa_keys,$(CONFIG_CRYPTO_RSA_KEY_NAME_HINT):$(if $(RSA_DEP),$<,$(CONFIG_CRYPTO_RSA_KEY))) endif diff --git a/crypto/rsa.c b/crypto/rsa.c index 1aea738e52..e97e5192ab 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -5,6 +5,7 @@ * * SPDX-License-Identifier: GPL-2.0+ */ +#define pr_fmt(fmt) "rsa: " fmt #include <common.h> #include <malloc.h> @@ -184,8 +185,8 @@ static int pow_mod(const struct rsa_public_key *key, void *__inout) /* Sanity check for stack size - key->len is in 32-bit words */ if (key->len > RSA_MAX_KEY_BITS / 32) { - debug("RSA key words %u exceeds maximum %d\n", key->len, - RSA_MAX_KEY_BITS / 32); + pr_debug("RSA key words %u exceeds maximum %d\n", key->len, + RSA_MAX_KEY_BITS / 32); return -EINVAL; } @@ -199,13 +200,13 @@ static int pow_mod(const struct rsa_public_key *key, void *__inout) return -EINVAL; if (k < 2) { - debug("Public exponent is too short (%d bits, minimum 2)\n", - k); + pr_debug("Public exponent is too short (%d bits, minimum 2)\n", + k); return -EINVAL; } if (!is_public_exponent_bit_set(key, 0)) { - debug("LSB of RSA public exponent must be set.\n"); + pr_debug("LSB of RSA public exponent must be set.\n"); return -EINVAL; } @@ -317,7 +318,7 @@ int rsa_verify(const struct rsa_public_key *key, const uint8_t *sig, return -EOPNOTSUPP; if (sig_len != (key->len * sizeof(uint32_t))) { - debug("Signature is of incorrect length %u, should be %zu\n", sig_len, + pr_debug("Signature is of incorrect length %u, should be %zu\n", sig_len, key->len * sizeof(uint32_t)); ret = -EINVAL; goto out_free_digest; @@ -325,8 +326,8 @@ int rsa_verify(const struct rsa_public_key *key, const uint8_t *sig, /* Sanity check for stack size */ if (sig_len > RSA_MAX_SIG_BITS / 8) { - debug("Signature length %u exceeds maximum %d\n", sig_len, - RSA_MAX_SIG_BITS / 8); + pr_debug("Signature length %u exceeds maximum %d\n", sig_len, + RSA_MAX_SIG_BITS / 8); ret = -EINVAL; goto out_free_digest; } @@ -341,27 +342,27 @@ int rsa_verify(const struct rsa_public_key *key, const uint8_t *sig, PS_end = T_offset - 1; if (buf[PS_end] != 0x00) { - pr_err(" = -EBADMSG [EM[T-1] == %02u]\n", buf[PS_end]); + pr_debug(" = -EBADMSG [EM[T-1] == %02u]\n", buf[PS_end]); ret = -EBADMSG; goto out_free_digest; } for (i = 2; i < PS_end; i++) { if (buf[i] != 0xff) { - pr_err(" = -EBADMSG [EM[PS%x] == %02u]\n", i - 2, buf[i]); + pr_debug(" = -EBADMSG [EM[PS%x] == %02u]\n", i - 2, buf[i]); ret = -EBADMSG; goto out_free_digest; } } if (memcmp(asn1_template, buf + T_offset, asn1_size) != 0) { - pr_err(" = -EBADMSG [EM[T] ASN.1 mismatch]\n"); + pr_debug(" = -EBADMSG [EM[T] ASN.1 mismatch]\n"); ret = -EBADMSG; goto out_free_digest; } if (memcmp(hash, buf + T_offset + asn1_size, digest_length(d)) != 0) { - pr_err(" = -EKEYREJECTED [EM[T] hash mismatch]\n"); + pr_debug(" = -EKEYREJECTED [EM[T] hash mismatch]\n"); ret = -EKEYREJECTED; goto out_free_digest; } @@ -388,8 +389,13 @@ struct rsa_public_key *rsa_of_read_key(struct device_node *node) struct rsa_public_key *key; int err; + if (strncmp(node->name, "key-", 4)) + return ERR_PTR(-EINVAL); + key = xzalloc(sizeof(*key)); + key->key_name_hint = xstrdup(node->name + 4); + of_property_read_u32(node, "rsa,num-bits", &key->len); of_property_read_u32(node, "rsa,n0-inverse", &key->n0inv); @@ -403,15 +409,15 @@ struct rsa_public_key *rsa_of_read_key(struct device_node *node) rr = of_get_property(node, "rsa,r-squared", NULL); if (!key->len || !modulus || !rr) { - debug("%s: Missing RSA key info", __func__); + pr_debug("%s: Missing RSA key info", __func__); err = -EFAULT; goto out; } /* Sanity check for stack size */ if (key->len > RSA_MAX_KEY_BITS || key->len < RSA_MIN_KEY_BITS) { - debug("RSA key bits %u outside allowed range %d..%d\n", - key->len, RSA_MIN_KEY_BITS, RSA_MAX_KEY_BITS); + pr_debug("RSA key bits %u outside allowed range %d..%d\n", + key->len, RSA_MIN_KEY_BITS, RSA_MAX_KEY_BITS); err = -EFAULT; goto out; } @@ -439,35 +445,102 @@ void rsa_key_free(struct rsa_public_key *key) free(key); } -#ifdef CONFIG_CRYPTO_RSA_BUILTIN_KEYS -#include "rsa-keys.h" +static LIST_HEAD(rsa_keys); -extern const struct rsa_public_key * const __rsa_keys_start; -extern const struct rsa_public_key * const __rsa_keys_end; +const struct rsa_public_key *rsa_key_next(const struct rsa_public_key *prev) +{ + prev = list_prepare_entry(prev, &rsa_keys, list); + list_for_each_entry_continue(prev, &rsa_keys, list) + return prev; -struct rsa_public_key *rsa_get_key(const char *name) + return NULL; +} + +const struct rsa_public_key *rsa_get_key(const char *name) { const struct rsa_public_key *key; - struct rsa_public_key *new; - const struct rsa_public_key * const *iter; - for (iter = &__rsa_keys_start; iter != &__rsa_keys_end; iter++) { - key = *iter; - if (!strcmp(name, key->key_name_hint)) - goto found; + list_for_each_entry(key, &rsa_keys, list) { + if (!strcmp(key->key_name_hint, name)) + return key; } - return ERR_PTR(-ENOENT); -found: + return NULL; +} + +static int rsa_key_add(struct rsa_public_key *key) +{ + if (rsa_get_key(key->key_name_hint)) + return -EEXIST; + + list_add_tail(&key->list, &rsa_keys); + + return 0; +} + +static struct rsa_public_key *rsa_key_dup(const struct rsa_public_key *key) +{ + struct rsa_public_key *new; + new = xmemdup(key, sizeof(*key)); new->modulus = xmemdup(key->modulus, key->len * sizeof(uint32_t)); new->rr = xmemdup(key->rr, key->len * sizeof(uint32_t)); return new; } -#else -struct rsa_public_key *rsa_get_key(const char *name) + +extern const struct rsa_public_key * const __rsa_keys_start; +extern const struct rsa_public_key * const __rsa_keys_end; + +static void rsa_init_keys_of(void) +{ + struct device_node *sigs, *sig; + struct rsa_public_key *key; + int ret; + + if (!IS_ENABLED(CONFIG_OFTREE)) + return; + + sigs = of_find_node_by_path("/signature"); + if (!sigs) + return; + + for_each_child_of_node(sigs, sig) { + key = rsa_of_read_key(sig); + if (IS_ERR(key)) { + pr_err("Cannot read rsa key from %s: %pe\n", + sig->full_name, key); + continue; + } + + ret = rsa_key_add(key); + if (ret) + pr_err("Cannot add rsa key %s: %s\n", + key->key_name_hint, strerror(-ret)); + } +} + +static int rsa_init_keys(void) { - return ERR_PTR(-ENOENT); + const struct rsa_public_key * const *iter; + struct rsa_public_key *key; + int ret; + + for (iter = &__rsa_keys_start; iter != &__rsa_keys_end; iter++) { + key = rsa_key_dup(*iter); + ret = rsa_key_add(key); + if (ret) + pr_err("Cannot add rsa key %s: %s\n", + key->key_name_hint, strerror(-ret)); + } + + rsa_init_keys_of(); + + return 0; } + +device_initcall(rsa_init_keys); + +#ifdef CONFIG_CRYPTO_RSA_BUILTIN_KEYS +#include "rsa-keys.h" #endif diff --git a/include/rsa.h b/include/rsa.h index 803660d19a..650fb234f2 100644 --- a/include/rsa.h +++ b/include/rsa.h @@ -29,6 +29,7 @@ struct rsa_public_key { uint32_t *rr; /* R^2 as little endian array */ uint64_t exponent; /* public exponent */ char *key_name_hint; + struct list_head list; }; /** @@ -52,6 +53,10 @@ int rsa_verify(const struct rsa_public_key *key, const uint8_t *sig, struct rsa_public_key *rsa_of_read_key(struct device_node *node); void rsa_key_free(struct rsa_public_key *key); -struct rsa_public_key *rsa_get_key(const char *name); +const struct rsa_public_key *rsa_get_key(const char *name); +const struct rsa_public_key *rsa_key_next(const struct rsa_public_key *prev); + +#define for_each_rsa_key(key) \ + for (key = rsa_key_next(NULL); key; key = rsa_key_next(key)) #endif diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include index ab092e455c..eeb459f8fa 100644 --- a/scripts/Kbuild.include +++ b/scripts/Kbuild.include @@ -262,55 +262,6 @@ why = \ echo-why = $(call escsq, $(strip $(why))) endif -############################################################################### -# -# When a Kconfig string contains a filename, it is suitable for -# passing to shell commands. It is surrounded by double-quotes, and -# any double-quotes or backslashes within it are escaped by -# backslashes. -# -# This is no use for dependencies or $(wildcard). We need to strip the -# surrounding quotes and the escaping from quotes and backslashes, and -# we *do* need to escape any spaces in the string. So, for example: -# -# Usage: $(eval $(call config_filename,FOO)) -# -# Defines FOO_FILENAME based on the contents of the CONFIG_FOO option, -# transformed as described above to be suitable for use within the -# makefile. -# -# Also, if the filename is a relative filename and exists in the source -# tree but not the build tree, define FOO_SRCPREFIX as $(srctree)/ to -# be prefixed to *both* command invocation and dependencies. -# -# Note: We also print the filenames in the quiet_cmd_foo text, and -# perhaps ought to have a version specially escaped for that purpose. -# But it's only cosmetic, and $(patsubst "%",%,$(CONFIG_FOO)) is good -# enough. It'll strip the quotes in the common case where there's no -# space and it's a simple filename, and it'll retain the quotes when -# there's a space. There are some esoteric cases in which it'll print -# the wrong thing, but we don't really care. The actual dependencies -# and commands *do* get it right, with various combinations of single -# and double quotes, backslashes and spaces in the filenames. -# -############################################################################### -# -define config_filename -ifneq ($$(CONFIG_$(1)),"") -$(1)_FILENAME := $$(subst \\,\,$$(subst \$$(quote),$$(quote),$$(subst $$(space_escape),\$$(space),$$(patsubst "%",%,$$(subst $$(space),$$(space_escape),$$(CONFIG_$(1))))))) -ifneq ($$(patsubst /%,%,$$(firstword $$($(1)_FILENAME))),$$(firstword $$($(1)_FILENAME))) -else -ifeq ($$(wildcard $$($(1)_FILENAME)),) -ifneq ($$(wildcard $$(srctree)/$$($(1)_FILENAME)),) -$(1)_SRCPREFIX := $(srctree)/ -endif -endif -endif -endif -endef -# -############################################################################### - # delete partially updated (i.e. corrupted) files on error .DELETE_ON_ERROR: diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c index f2d91b8e0d..d7f6dad7f0 100644 --- a/scripts/rsatoc.c +++ b/scripts/rsatoc.c @@ -18,6 +18,8 @@ #include <openssl/evp.h> #include <openssl/engine.h> +static int dts; + static int rsa_err(const char *msg) { unsigned long sslErr = ERR_get_error(); @@ -184,8 +186,8 @@ cleanup: /* * rsa_get_params(): - Get the important parameters of an RSA public key */ -int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, - BIGNUM **modulusp, BIGNUM **r_squaredp) +static int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, + BIGNUM **modulusp, BIGNUM **r_squaredp) { BIGNUM *big1, *big2, *big32, *big2_32; BIGNUM *n, *r, *r_squared, *tmp; @@ -311,6 +313,7 @@ static int print_bignum(BIGNUM *num, int num_bits) BIGNUM *tmp, *big2, *big32, *big2_32; BN_CTX *ctx; int i; + uint32_t *arr; tmp = BN_new(); big2 = BN_new(); @@ -338,16 +341,35 @@ static int print_bignum(BIGNUM *num, int num_bits) BN_set_word(big32, 32L); BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */ + arr = malloc(num_bits / 32 * sizeof(uint32_t)); + for (i = 0; i < num_bits / 32; i++) { BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */ - if (i % 4) - fprintf(outfilep, " "); - else - fprintf(outfilep, "\n\t"); - fprintf(outfilep, "0x%08lx,", BN_get_word(tmp)); + arr[i] = BN_get_word(tmp); BN_rshift(num, num, 32); /* N = N/B */ } + if (dts) { + for (i = 0; i < num_bits / 32; i++) { + if (i % 4) + fprintf(outfilep, " "); + else + fprintf(outfilep, "\n\t\t\t\t"); + fprintf(outfilep, "0x%08x", arr[num_bits / 32 - 1 - i]); + BN_rshift(num, num, 32); /* N = N/B */ + } + } else { + for (i = 0; i < num_bits / 32; i++) { + if (i % 4) + fprintf(outfilep, " "); + else + fprintf(outfilep, "\n\t"); + fprintf(outfilep, "0x%08x,", arr[i]); + BN_rshift(num, num, 32); /* N = N/B */ + } + } + + free(arr); BN_free(tmp); BN_free(big2); BN_free(big32); @@ -359,7 +381,7 @@ static int print_bignum(BIGNUM *num, int num_bits) static int gen_key(const char *keyname, const char *path) { BIGNUM *modulus, *r_squared; - uint64_t exponent; + uint64_t exponent = 0; uint32_t n0_inv; int ret; int bits; @@ -404,25 +426,42 @@ static int gen_key(const char *keyname, const char *path) bits = BN_num_bits(modulus); - fprintf(outfilep, "\nstatic uint32_t %s_modulus[] = {", key_name_c); - print_bignum(modulus, bits); - fprintf(outfilep, "\n};\n\n"); - - fprintf(outfilep, "static uint32_t %s_rr[] = {", key_name_c); - print_bignum(r_squared, bits); - fprintf(outfilep, "\n};\n\n"); - - fprintf(outfilep, "static struct rsa_public_key %s = {\n", key_name_c); - fprintf(outfilep, "\t.len = %d,\n", bits / 32); - fprintf(outfilep, "\t.n0inv = 0x%0x,\n", n0_inv); - fprintf(outfilep, "\t.modulus = %s_modulus,\n", key_name_c); - fprintf(outfilep, "\t.rr = %s_rr,\n", key_name_c); - fprintf(outfilep, "\t.exponent = 0x%0lx,\n", exponent); - fprintf(outfilep, "\t.key_name_hint = \"%s\",\n", keyname); - fprintf(outfilep, "};\n\n"); - - fprintf(outfilep, "struct rsa_public_key *%sp __attribute__((section(\".rsa_keys.rodata.%s\"))) = &%s;\n", - key_name_c, key_name_c, key_name_c); + if (dts) { + fprintf(outfilep, "\t\tkey-%s {\n", key_name_c); + fprintf(outfilep, "\t\t\trsa,r-squared = <"); + print_bignum(r_squared, bits); + fprintf(outfilep, ">;\n"); + fprintf(outfilep, "\t\t\trsa,modulus= <"); + print_bignum(modulus, bits); + fprintf(outfilep, ">;\n"); + fprintf(outfilep, "\t\t\trsa,exponent = <0x%0lx 0x%lx>;\n", + (exponent >> 32) & 0xffffffff, + exponent & 0xffffffff); + fprintf(outfilep, "\t\t\trsa,n0-inverse = <0x%0x>;\n", n0_inv); + fprintf(outfilep, "\t\t\trsa,num-bits = <0x%0x>;\n", bits); + fprintf(outfilep, "\t\t\tkey-name-hint = \"%s\";\n", key_name_c); + fprintf(outfilep, "\t\t};\n"); + } else { + fprintf(outfilep, "\nstatic uint32_t %s_modulus[] = {", key_name_c); + print_bignum(modulus, bits); + fprintf(outfilep, "\n};\n\n"); + + fprintf(outfilep, "static uint32_t %s_rr[] = {", key_name_c); + print_bignum(r_squared, bits); + fprintf(outfilep, "\n};\n\n"); + + fprintf(outfilep, "static struct rsa_public_key %s = {\n", key_name_c); + fprintf(outfilep, "\t.len = %d,\n", bits / 32); + fprintf(outfilep, "\t.n0inv = 0x%0x,\n", n0_inv); + fprintf(outfilep, "\t.modulus = %s_modulus,\n", key_name_c); + fprintf(outfilep, "\t.rr = %s_rr,\n", key_name_c); + fprintf(outfilep, "\t.exponent = 0x%0lx,\n", exponent); + fprintf(outfilep, "\t.key_name_hint = \"%s\",\n", keyname); + fprintf(outfilep, "};\n\n"); + + fprintf(outfilep, "struct rsa_public_key *%sp __attribute__((section(\".rsa_keys.rodata.%s\"))) = &%s;\n", + key_name_c, key_name_c, key_name_c); + } return 0; } @@ -435,11 +474,14 @@ int main(int argc, char *argv[]) outfilep = stdout; - while ((opt = getopt(argc, argv, "o:")) > 0) { + while ((opt = getopt(argc, argv, "o:d")) > 0) { switch (opt) { case 'o': outfile = optarg; break; + case 'd': + dts = 1; + break; } } @@ -457,6 +499,12 @@ int main(int argc, char *argv[]) exit(1); } + if (dts) { + fprintf(outfilep, "/dts-v1/;\n"); + fprintf(outfilep, "/ {\n"); + fprintf(outfilep, "\tsignature {\n"); + } + for (i = optind; i < argc; i++) { keyname = argv[i]; @@ -484,5 +532,10 @@ int main(int argc, char *argv[]) gen_key(keyname, path); } + if (dts) { + fprintf(outfilep, "\t};\n"); + fprintf(outfilep, "};\n"); + } + exit(0); } |