Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 1 | /* |
Justin Chadwell | fa3ec4c | 2019-08-12 12:19:21 +0100 | [diff] [blame] | 2 | * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 3 | * |
dp-arm | fa3cf0b | 2017-05-03 09:38:09 +0100 | [diff] [blame] | 4 | * SPDX-License-Identifier: BSD-3-Clause |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 5 | */ |
| 6 | |
| 7 | #include <getopt.h> |
| 8 | #include <stdio.h> |
| 9 | #include <stdlib.h> |
| 10 | #include <string.h> |
| 11 | |
| 12 | #include <openssl/conf.h> |
| 13 | #include <openssl/evp.h> |
| 14 | #include <openssl/pem.h> |
| 15 | |
Masahiro Yamada | a27c166 | 2017-05-22 12:11:24 +0900 | [diff] [blame] | 16 | #if USE_TBBR_DEFS |
| 17 | #include <tbbr_oid.h> |
| 18 | #else |
| 19 | #include <platform_oid.h> |
| 20 | #endif |
| 21 | |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 22 | #include "cert.h" |
Juan Castillo | 1218dd5 | 2015-07-03 16:23:16 +0100 | [diff] [blame] | 23 | #include "cmd_opt.h" |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 24 | #include "debug.h" |
| 25 | #include "key.h" |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 26 | #include "sha.h" |
| 27 | |
| 28 | #define MAX_FILENAME_LEN 1024 |
| 29 | |
| 30 | /* |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 31 | * Create a new key container |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 32 | */ |
Masahiro Yamada | bccb109 | 2017-02-06 21:15:01 +0900 | [diff] [blame] | 33 | int key_new(key_t *key) |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 34 | { |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 35 | /* Create key pair container */ |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 36 | key->key = EVP_PKEY_new(); |
| 37 | if (key->key == NULL) { |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 38 | return 0; |
| 39 | } |
| 40 | |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 41 | return 1; |
| 42 | } |
| 43 | |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 44 | static int key_create_rsa(key_t *key) |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 45 | { |
Michalis Pappas | 3862894 | 2017-10-06 16:11:44 +0800 | [diff] [blame] | 46 | BIGNUM *e; |
| 47 | RSA *rsa = NULL; |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 48 | |
Michalis Pappas | 3862894 | 2017-10-06 16:11:44 +0800 | [diff] [blame] | 49 | e = BN_new(); |
| 50 | if (e == NULL) { |
| 51 | printf("Cannot create RSA exponent\n"); |
| 52 | goto err; |
| 53 | } |
| 54 | |
| 55 | if (!BN_set_word(e, RSA_F4)) { |
| 56 | printf("Cannot assign RSA exponent\n"); |
| 57 | goto err; |
| 58 | } |
| 59 | |
| 60 | rsa = RSA_new(); |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 61 | if (rsa == NULL) { |
| 62 | printf("Cannot create RSA key\n"); |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 63 | goto err; |
| 64 | } |
Michalis Pappas | 3862894 | 2017-10-06 16:11:44 +0800 | [diff] [blame] | 65 | |
| 66 | if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) { |
| 67 | printf("Cannot generate RSA key\n"); |
| 68 | goto err; |
| 69 | } |
| 70 | |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 71 | if (!EVP_PKEY_assign_RSA(key->key, rsa)) { |
| 72 | printf("Cannot assign RSA key\n"); |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 73 | goto err; |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 74 | } |
| 75 | |
Justin Chadwell | fa3ec4c | 2019-08-12 12:19:21 +0100 | [diff] [blame] | 76 | BN_free(e); |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 77 | return 1; |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 78 | err: |
| 79 | RSA_free(rsa); |
Michalis Pappas | 3862894 | 2017-10-06 16:11:44 +0800 | [diff] [blame] | 80 | BN_free(e); |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 81 | return 0; |
| 82 | } |
| 83 | |
| 84 | #ifndef OPENSSL_NO_EC |
| 85 | static int key_create_ecdsa(key_t *key) |
| 86 | { |
Masahiro Yamada | 48cb5e5 | 2017-02-06 19:47:44 +0900 | [diff] [blame] | 87 | EC_KEY *ec; |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 88 | |
| 89 | ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
| 90 | if (ec == NULL) { |
| 91 | printf("Cannot create EC key\n"); |
| 92 | goto err; |
| 93 | } |
| 94 | if (!EC_KEY_generate_key(ec)) { |
| 95 | printf("Cannot generate EC key\n"); |
| 96 | goto err; |
| 97 | } |
| 98 | EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS); |
| 99 | EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE); |
| 100 | if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) { |
| 101 | printf("Cannot assign EC key\n"); |
| 102 | goto err; |
| 103 | } |
| 104 | |
| 105 | return 1; |
| 106 | err: |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 107 | EC_KEY_free(ec); |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 108 | return 0; |
| 109 | } |
| 110 | #endif /* OPENSSL_NO_EC */ |
| 111 | |
| 112 | typedef int (*key_create_fn_t)(key_t *key); |
| 113 | static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = { |
Qixiang Xu | 31f3bb9 | 2017-09-22 16:21:41 +0800 | [diff] [blame] | 114 | key_create_rsa, /* KEY_ALG_RSA */ |
| 115 | key_create_rsa, /* KEY_ALG_RSA_1_5 */ |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 116 | #ifndef OPENSSL_NO_EC |
Qixiang Xu | 31f3bb9 | 2017-09-22 16:21:41 +0800 | [diff] [blame] | 117 | key_create_ecdsa, /* KEY_ALG_ECDSA */ |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 118 | #endif /* OPENSSL_NO_EC */ |
| 119 | }; |
| 120 | |
| 121 | int key_create(key_t *key, int type) |
| 122 | { |
| 123 | if (type >= KEY_ALG_MAX_NUM) { |
| 124 | printf("Invalid key type\n"); |
| 125 | return 0; |
| 126 | } |
| 127 | |
Juan Castillo | a2224ab | 2015-06-30 13:36:57 +0100 | [diff] [blame] | 128 | if (key_create_fn[type]) { |
| 129 | return key_create_fn[type](key); |
| 130 | } |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 131 | |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 132 | return 0; |
| 133 | } |
| 134 | |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 135 | int key_load(key_t *key, unsigned int *err_code) |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 136 | { |
Masahiro Yamada | 48cb5e5 | 2017-02-06 19:47:44 +0900 | [diff] [blame] | 137 | FILE *fp; |
| 138 | EVP_PKEY *k; |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 139 | |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 140 | if (key->fn) { |
| 141 | /* Load key from file */ |
| 142 | fp = fopen(key->fn, "r"); |
| 143 | if (fp) { |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 144 | k = PEM_read_PrivateKey(fp, &key->key, NULL, NULL); |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 145 | fclose(fp); |
| 146 | if (k) { |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 147 | *err_code = KEY_ERR_NONE; |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 148 | return 1; |
| 149 | } else { |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 150 | ERROR("Cannot load key from %s\n", key->fn); |
| 151 | *err_code = KEY_ERR_LOAD; |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 152 | } |
| 153 | } else { |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 154 | WARN("Cannot open file %s\n", key->fn); |
| 155 | *err_code = KEY_ERR_OPEN; |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 156 | } |
| 157 | } else { |
Juan Castillo | f9f39c3 | 2015-06-01 16:34:23 +0100 | [diff] [blame] | 158 | WARN("Key filename not specified\n"); |
| 159 | *err_code = KEY_ERR_FILENAME; |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 160 | } |
| 161 | |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 162 | return 0; |
| 163 | } |
| 164 | |
| 165 | int key_store(key_t *key) |
| 166 | { |
Masahiro Yamada | 48cb5e5 | 2017-02-06 19:47:44 +0900 | [diff] [blame] | 167 | FILE *fp; |
Juan Castillo | 11abdcd | 2014-10-21 11:30:42 +0100 | [diff] [blame] | 168 | |
| 169 | if (key->fn) { |
| 170 | fp = fopen(key->fn, "w"); |
| 171 | if (fp) { |
| 172 | PEM_write_PrivateKey(fp, key->key, |
| 173 | NULL, NULL, 0, NULL, NULL); |
| 174 | fclose(fp); |
| 175 | return 1; |
| 176 | } else { |
| 177 | ERROR("Cannot create file %s\n", key->fn); |
| 178 | } |
| 179 | } else { |
| 180 | ERROR("Key filename not specified\n"); |
| 181 | } |
| 182 | |
| 183 | return 0; |
| 184 | } |
Juan Castillo | 1218dd5 | 2015-07-03 16:23:16 +0100 | [diff] [blame] | 185 | |
| 186 | int key_init(void) |
| 187 | { |
Juan Castillo | 212f738 | 2015-12-15 16:37:57 +0000 | [diff] [blame] | 188 | cmd_opt_t cmd_opt; |
Juan Castillo | 1218dd5 | 2015-07-03 16:23:16 +0100 | [diff] [blame] | 189 | key_t *key; |
Juan Castillo | 1218dd5 | 2015-07-03 16:23:16 +0100 | [diff] [blame] | 190 | unsigned int i; |
| 191 | |
| 192 | for (i = 0; i < num_keys; i++) { |
| 193 | key = &keys[i]; |
| 194 | if (key->opt != NULL) { |
Juan Castillo | 212f738 | 2015-12-15 16:37:57 +0000 | [diff] [blame] | 195 | cmd_opt.long_opt.name = key->opt; |
| 196 | cmd_opt.long_opt.has_arg = required_argument; |
| 197 | cmd_opt.long_opt.flag = NULL; |
| 198 | cmd_opt.long_opt.val = CMD_OPT_KEY; |
| 199 | cmd_opt.help_msg = key->help_msg; |
| 200 | cmd_opt_add(&cmd_opt); |
Juan Castillo | 1218dd5 | 2015-07-03 16:23:16 +0100 | [diff] [blame] | 201 | } |
| 202 | } |
| 203 | |
Masahiro Yamada | 48cb5e5 | 2017-02-06 19:47:44 +0900 | [diff] [blame] | 204 | return 0; |
Juan Castillo | 1218dd5 | 2015-07-03 16:23:16 +0100 | [diff] [blame] | 205 | } |
| 206 | |
| 207 | key_t *key_get_by_opt(const char *opt) |
| 208 | { |
Masahiro Yamada | 48cb5e5 | 2017-02-06 19:47:44 +0900 | [diff] [blame] | 209 | key_t *key; |
Juan Castillo | 1218dd5 | 2015-07-03 16:23:16 +0100 | [diff] [blame] | 210 | unsigned int i; |
| 211 | |
| 212 | /* Sequential search. This is not a performance concern since the number |
| 213 | * of keys is bounded and the code runs on a host machine */ |
| 214 | for (i = 0; i < num_keys; i++) { |
| 215 | key = &keys[i]; |
| 216 | if (0 == strcmp(key->opt, opt)) { |
| 217 | return key; |
| 218 | } |
| 219 | } |
| 220 | |
| 221 | return NULL; |
| 222 | } |