xref: /rk3399_ARM-atf/tools/cert_create/src/key.c (revision f906a44e9ea9ccefaab2a9d40bb2cb3f354609c8) 
1 /*
2  * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <getopt.h>
8 #include <stdio.h>
9 #include <stdlib.h>
10 #include <string.h>
11 
12 #include <openssl/conf.h>
13 #include <openssl/evp.h>
14 #include <openssl/pem.h>
15 
16 #if USE_TBBR_DEFS
17 #include <tbbr_oid.h>
18 #else
19 #include <platform_oid.h>
20 #endif
21 
22 #include "cert.h"
23 #include "cmd_opt.h"
24 #include "debug.h"
25 #include "key.h"
26 #include "sha.h"
27 
28 #define MAX_FILENAME_LEN		1024
29 
30 /*
31  * Create a new key container
32  */
33 int key_new(key_t *key)
34 {
35 	/* Create key pair container */
36 	key->key = EVP_PKEY_new();
37 	if (key->key == NULL) {
38 		return 0;
39 	}
40 
41 	return 1;
42 }
43 
44 static int key_create_rsa(key_t *key)
45 {
46 	BIGNUM *e;
47 	RSA *rsa = NULL;
48 
49 	e = BN_new();
50 	if (e == NULL) {
51 		printf("Cannot create RSA exponent\n");
52 		goto err;
53 	}
54 
55 	if (!BN_set_word(e, RSA_F4)) {
56 		printf("Cannot assign RSA exponent\n");
57 		goto err;
58 	}
59 
60 	rsa = RSA_new();
61 	if (rsa == NULL) {
62 		printf("Cannot create RSA key\n");
63 		goto err;
64 	}
65 
66 	if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) {
67 		printf("Cannot generate RSA key\n");
68 		goto err;
69 	}
70 
71 	if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
72 		printf("Cannot assign RSA key\n");
73 		goto err;
74 	}
75 
76 	BN_free(e);
77 	return 1;
78 err:
79 	RSA_free(rsa);
80 	BN_free(e);
81 	return 0;
82 }
83 
84 #ifndef OPENSSL_NO_EC
85 static int key_create_ecdsa(key_t *key)
86 {
87 	EC_KEY *ec;
88 
89 	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
90 	if (ec == NULL) {
91 		printf("Cannot create EC key\n");
92 		goto err;
93 	}
94 	if (!EC_KEY_generate_key(ec)) {
95 		printf("Cannot generate EC key\n");
96 		goto err;
97 	}
98 	EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
99 	EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
100 	if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
101 		printf("Cannot assign EC key\n");
102 		goto err;
103 	}
104 
105 	return 1;
106 err:
107 	EC_KEY_free(ec);
108 	return 0;
109 }
110 #endif /* OPENSSL_NO_EC */
111 
112 typedef int (*key_create_fn_t)(key_t *key);
113 static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
114 	key_create_rsa, 	/* KEY_ALG_RSA */
115 	key_create_rsa, 	/* KEY_ALG_RSA_1_5 */
116 #ifndef OPENSSL_NO_EC
117 	key_create_ecdsa, 	/* KEY_ALG_ECDSA */
118 #endif /* OPENSSL_NO_EC */
119 };
120 
121 int key_create(key_t *key, int type)
122 {
123 	if (type >= KEY_ALG_MAX_NUM) {
124 		printf("Invalid key type\n");
125 		return 0;
126 	}
127 
128 	if (key_create_fn[type]) {
129 		return key_create_fn[type](key);
130 	}
131 
132 	return 0;
133 }
134 
135 int key_load(key_t *key, unsigned int *err_code)
136 {
137 	FILE *fp;
138 	EVP_PKEY *k;
139 
140 	if (key->fn) {
141 		/* Load key from file */
142 		fp = fopen(key->fn, "r");
143 		if (fp) {
144 			k = PEM_read_PrivateKey(fp, &key->key, NULL, NULL);
145 			fclose(fp);
146 			if (k) {
147 				*err_code = KEY_ERR_NONE;
148 				return 1;
149 			} else {
150 				ERROR("Cannot load key from %s\n", key->fn);
151 				*err_code = KEY_ERR_LOAD;
152 			}
153 		} else {
154 			WARN("Cannot open file %s\n", key->fn);
155 			*err_code = KEY_ERR_OPEN;
156 		}
157 	} else {
158 		WARN("Key filename not specified\n");
159 		*err_code = KEY_ERR_FILENAME;
160 	}
161 
162 	return 0;
163 }
164 
165 int key_store(key_t *key)
166 {
167 	FILE *fp;
168 
169 	if (key->fn) {
170 		fp = fopen(key->fn, "w");
171 		if (fp) {
172 			PEM_write_PrivateKey(fp, key->key,
173 					NULL, NULL, 0, NULL, NULL);
174 			fclose(fp);
175 			return 1;
176 		} else {
177 			ERROR("Cannot create file %s\n", key->fn);
178 		}
179 	} else {
180 		ERROR("Key filename not specified\n");
181 	}
182 
183 	return 0;
184 }
185 
186 int key_init(void)
187 {
188 	cmd_opt_t cmd_opt;
189 	key_t *key;
190 	unsigned int i;
191 
192 	for (i = 0; i < num_keys; i++) {
193 		key = &keys[i];
194 		if (key->opt != NULL) {
195 			cmd_opt.long_opt.name = key->opt;
196 			cmd_opt.long_opt.has_arg = required_argument;
197 			cmd_opt.long_opt.flag = NULL;
198 			cmd_opt.long_opt.val = CMD_OPT_KEY;
199 			cmd_opt.help_msg = key->help_msg;
200 			cmd_opt_add(&cmd_opt);
201 		}
202 	}
203 
204 	return 0;
205 }
206 
207 key_t *key_get_by_opt(const char *opt)
208 {
209 	key_t *key;
210 	unsigned int i;
211 
212 	/* Sequential search. This is not a performance concern since the number
213 	 * of keys is bounded and the code runs on a host machine */
214 	for (i = 0; i < num_keys; i++) {
215 		key = &keys[i];
216 		if (0 == strcmp(key->opt, opt)) {
217 			return key;
218 		}
219 	}
220 
221 	return NULL;
222 }
223