xref: /rk3399_ARM-atf/tools/cert_create/src/key.c (revision 532ed6183868036e4a4f83cd7a71b93266a3bdb7) 
1 /*
2  * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <getopt.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 
36 #include <openssl/conf.h>
37 #include <openssl/evp.h>
38 #include <openssl/pem.h>
39 
40 #include "cert.h"
41 #include "cmd_opt.h"
42 #include "debug.h"
43 #include "key.h"
44 #include "platform_oid.h"
45 #include "sha.h"
46 
47 #define MAX_FILENAME_LEN		1024
48 
49 /*
50  * Create a new key container
51  */
52 static int key_new(key_t *key)
53 {
54 	/* Create key pair container */
55 	key->key = EVP_PKEY_new();
56 	if (key->key == NULL) {
57 		return 0;
58 	}
59 
60 	return 1;
61 }
62 
63 static int key_create_rsa(key_t *key)
64 {
65 	RSA *rsa = NULL;
66 
67 	rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
68 	if (rsa == NULL) {
69 		printf("Cannot create RSA key\n");
70 		goto err;
71 	}
72 	if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
73 		printf("Cannot assign RSA key\n");
74 		goto err;
75 	}
76 
77 	return 1;
78 err:
79 	RSA_free(rsa);
80 	return 0;
81 }
82 
83 #ifndef OPENSSL_NO_EC
84 static int key_create_ecdsa(key_t *key)
85 {
86 	EC_KEY *ec = NULL;
87 
88 	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
89 	if (ec == NULL) {
90 		printf("Cannot create EC key\n");
91 		goto err;
92 	}
93 	if (!EC_KEY_generate_key(ec)) {
94 		printf("Cannot generate EC key\n");
95 		goto err;
96 	}
97 	EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
98 	EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
99 	if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
100 		printf("Cannot assign EC key\n");
101 		goto err;
102 	}
103 
104 	return 1;
105 err:
106 	EC_KEY_free(ec);
107 	return 0;
108 }
109 #endif /* OPENSSL_NO_EC */
110 
111 typedef int (*key_create_fn_t)(key_t *key);
112 static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
113 	key_create_rsa,
114 #ifndef OPENSSL_NO_EC
115 	key_create_ecdsa,
116 #endif /* OPENSSL_NO_EC */
117 };
118 
119 int key_create(key_t *key, int type)
120 {
121 	if (type >= KEY_ALG_MAX_NUM) {
122 		printf("Invalid key type\n");
123 		return 0;
124 	}
125 
126 	/* Create OpenSSL key container */
127 	if (!key_new(key)) {
128 		return 0;
129 	}
130 
131 	if (key_create_fn[type]) {
132 		return key_create_fn[type](key);
133 	}
134 
135 	return 0;
136 }
137 
138 int key_load(key_t *key, unsigned int *err_code)
139 {
140 	FILE *fp = NULL;
141 	EVP_PKEY *k = NULL;
142 
143 	/* Create OpenSSL key container */
144 	if (!key_new(key)) {
145 		*err_code = KEY_ERR_MALLOC;
146 		return 0;
147 	}
148 
149 	if (key->fn) {
150 		/* Load key from file */
151 		fp = fopen(key->fn, "r");
152 		if (fp) {
153 			k = PEM_read_PrivateKey(fp, &key->key, NULL, NULL);
154 			fclose(fp);
155 			if (k) {
156 				*err_code = KEY_ERR_NONE;
157 				return 1;
158 			} else {
159 				ERROR("Cannot load key from %s\n", key->fn);
160 				*err_code = KEY_ERR_LOAD;
161 			}
162 		} else {
163 			WARN("Cannot open file %s\n", key->fn);
164 			*err_code = KEY_ERR_OPEN;
165 		}
166 	} else {
167 		WARN("Key filename not specified\n");
168 		*err_code = KEY_ERR_FILENAME;
169 	}
170 
171 	return 0;
172 }
173 
174 int key_store(key_t *key)
175 {
176 	FILE *fp = NULL;
177 
178 	if (key->fn) {
179 		fp = fopen(key->fn, "w");
180 		if (fp) {
181 			PEM_write_PrivateKey(fp, key->key,
182 					NULL, NULL, 0, NULL, NULL);
183 			fclose(fp);
184 			return 1;
185 		} else {
186 			ERROR("Cannot create file %s\n", key->fn);
187 		}
188 	} else {
189 		ERROR("Key filename not specified\n");
190 	}
191 
192 	return 0;
193 }
194 
195 int key_init(void)
196 {
197 	cmd_opt_t cmd_opt;
198 	key_t *key;
199 	int rc = 0;
200 	unsigned int i;
201 
202 	for (i = 0; i < num_keys; i++) {
203 		key = &keys[i];
204 		if (key->opt != NULL) {
205 			cmd_opt.long_opt.name = key->opt;
206 			cmd_opt.long_opt.has_arg = required_argument;
207 			cmd_opt.long_opt.flag = NULL;
208 			cmd_opt.long_opt.val = CMD_OPT_KEY;
209 			cmd_opt.help_msg = key->help_msg;
210 			cmd_opt_add(&cmd_opt);
211 		}
212 	}
213 
214 	return rc;
215 }
216 
217 key_t *key_get_by_opt(const char *opt)
218 {
219 	key_t *key = NULL;
220 	unsigned int i;
221 
222 	/* Sequential search. This is not a performance concern since the number
223 	 * of keys is bounded and the code runs on a host machine */
224 	for (i = 0; i < num_keys; i++) {
225 		key = &keys[i];
226 		if (0 == strcmp(key->opt, opt)) {
227 			return key;
228 		}
229 	}
230 
231 	return NULL;
232 }
233