[PATCH 0/5] rsatoc: make useful for standalone RSA keys

[PATCH 0/5] rsatoc: make useful for standalone RSA keys

[Ahmad Fatoum]

Standalone RSA public keys are those that aren't part of the default
keyring used for FIT verification. This can be useful if barebox is to
do board-specific RSA verification of e.g. unlock tokens.

This series lays first ground work.

Ahmad Fatoum (4):
  scripts: allow user to build rsatoc if COMPILE_HOST_TOOLS
  rsatoc: support extracting RSA public key from X.509 SPKI format
  rsa: fix typos and missing type definitions
  rsatoc: support generating standalone keys unreferenced by FIT keyring

Rouven Czerwinski (1):
  rsa: escape pkcs11 string passed to RSA command

-- 
2.39.2

[PATCH 1/5] rsa: escape pkcs11 string passed to RSA command

[Ahmad Fatoum]

From: Rouven Czerwinski <r.czerwinski@pengutronix.de>

Escape the pkcs11 string that can be passed to the rsatoc script.
Otherwise the sh -c invocation for commands will interpret the pkcs11
URI semicolon separator as the end of the command.

Fixes: b39100bcea12 ("rsa: Allow to directly compile in rsa public keys")

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Link: https://lore.barebox.org/20230719134630.174215-1-r.czerwinski@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 scripts/Makefile.lib | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index f04c09f9e280..fe77c83ba230 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -625,7 +625,7 @@ quiet_cmd_b64dec = B64DEC  $@
 # target file.
 quiet_cmd_rsa_keys = RSAKEY  $@
 cmd_rsa_keys = \
-	$(objtree)/scripts/rsatoc -o $@.tmp $(2) &&			\
+	$(objtree)/scripts/rsatoc -o $@.tmp "$(2)" &&			\
 	if cmp -s $@.tmp $@; then					\
 		rm $@.tmp;						\
 	else								\
-- 
2.39.2

[PATCH 2/5] scripts: allow user to build rsatoc if COMPILE_HOST_TOOLS

[Ahmad Fatoum]

rsatoc is automatically built if CONFIG_CRYPTO_RSA_BUILTIN_KEYS=y.
For testing, it can be useful to build the tool standalone, so add an
option to do just that.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 crypto/Kconfig   | 1 +
 scripts/Kconfig  | 7 +++++++
 scripts/Makefile | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 04e5ef43705b..4ad7bd844fa1 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -121,6 +121,7 @@ config CRYPTO_RSA
 config CRYPTO_RSA_BUILTIN_KEYS
 	bool
 	default y if CRYPTO_RSA_KEY != ""
+	select RSATOC
 
 config CRYPTO_RSA_KEY
 	depends on CRYPTO_RSA
diff --git a/scripts/Kconfig b/scripts/Kconfig
index 26c6a3c19806..9be04fa7c8bf 100644
--- a/scripts/Kconfig
+++ b/scripts/Kconfig
@@ -110,6 +110,13 @@ config QOICONV
 	help
 	  This enable converting png to qoi images to generate boot logo.
 
+config RSATOC
+	bool "RSA to C converter" if COMPILE_HOST_TOOLS
+	help
+	  This utility converts RSA keys in PEM format to either C or
+	  device tree snippets. This requires OpenSSL on the build host
+	  and will be selected by the build system if required.
+
 endmenu
 
 menu "Target Tools"
diff --git a/scripts/Makefile b/scripts/Makefile
index 75dc5926c057..0a56401fac52 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -11,7 +11,7 @@ hostprogs-always-y					+= bareboxenv
 hostprogs-always-y					+= bareboxcrc32
 hostprogs-always-y					+= kernel-install
 hostprogs-always-$(CONFIG_QOICONV)			+= qoiconv
-hostprogs-always-$(CONFIG_CRYPTO_RSA_BUILTIN_KEYS)	+= rsatoc
+hostprogs-always-$(CONFIG_RSATOC)			+= rsatoc
 HOSTCFLAGS_rsatoc.o = `$(PKG_CONFIG) --cflags openssl`
 HOSTLDLIBS_rsatoc = `$(PKG_CONFIG) --libs openssl`
 hostprogs-always-$(CONFIG_IMD)				+= bareboximd
-- 
2.39.2

[PATCH 3/5] rsatoc: support extracting RSA public key from X.509 SPKI format

[Ahmad Fatoum]

In addition to PKCS#11 URIs, rsatoc supports extracting RSA public keys
out of x.509 PEM certificats, which is a base64-encoded format that begins
with the header `-----BEGIN CERTIFICATE-----'.

Another popular format for RSA public keys is the X.509 SPKI format,
which starts with the header `-----BEGIN PUBLIC KEY-----'. As public
keys are the only thing rsatoc is interested in, add support for the latter
as well.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 scripts/rsatoc.c | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c
index d7f6dad7f01e..f5b0ba27f9bc 100644
--- a/scripts/rsatoc.c
+++ b/scripts/rsatoc.c
@@ -58,17 +58,21 @@ static int rsa_pem_get_pub_key(const char *path, RSA **rsap)
 	/* Read the certificate */
 	cert = NULL;
 	if (!PEM_read_X509(f, &cert, NULL, NULL)) {
-		rsa_err("Couldn't read certificate");
-		ret = -EINVAL;
-		goto err_cert;
-	}
-
-	/* Get the public key from the certificate. */
-	key = X509_get_pubkey(cert);
-	if (!key) {
-		rsa_err("Couldn't read public key\n");
-		ret = -EINVAL;
-		goto err_pubkey;
+		rewind(f);
+		key = PEM_read_PUBKEY(f, NULL, NULL, NULL);
+		if (!key) {
+			rsa_err("Couldn't read certificate");
+			ret = -EINVAL;
+			goto err_cert;
+		}
+	} else {
+		/* Get the public key from the certificate. */
+		key = X509_get_pubkey(cert);
+		if (!key) {
+			rsa_err("Couldn't read public key\n");
+			ret = -EINVAL;
+			goto err_pubkey;
+		}
 	}
 
 	/* Convert to a RSA_style key. */
-- 
2.39.2

[PATCH 4/5] rsa: fix typos and missing type definitions

[Ahmad Fatoum]

Including <rsa.h> as first header shows some that some includes are
missing and looking into the file, the kerneldoc comment is out of date.
Fix both.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 include/rsa.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/rsa.h b/include/rsa.h
index 650fb234f263..f1e3c1b6c366 100644
--- a/include/rsa.h
+++ b/include/rsa.h
@@ -12,6 +12,7 @@
 #ifndef _RSA_H
 #define _RSA_H
 
+#include <linux/types.h>
 #include <errno.h>
 #include <digest.h>
 
@@ -38,10 +39,10 @@ struct rsa_public_key {
  * Verify a RSA PKCS1.5 signature against an expected hash.
  *
  * @info:	Specifies key and FIT information
- * @data:	Pointer to the input data
- * @data_len:	Data length
  * @sig:	Signature
  * @sig_len:	Number of bytes in signature
+ * @hash:	hash over payload
+ * @algo:	hashing algo
  * @return 0 if verified, -ve on error
  */
 int rsa_verify(const struct rsa_public_key *key, const uint8_t *sig,
@@ -51,6 +52,8 @@ int rsa_verify(const struct rsa_public_key *key, const uint8_t *sig,
 /* This is the maximum signature length that we support, in bits */
 #define RSA_MAX_SIG_BITS	4096
 
+struct device_node;
+
 struct rsa_public_key *rsa_of_read_key(struct device_node *node);
 void rsa_key_free(struct rsa_public_key *key);
 const struct rsa_public_key *rsa_get_key(const char *name);
-- 
2.39.2

[PATCH 5/5] rsatoc: support generating standalone keys unreferenced by FIT keyring

[Ahmad Fatoum]

By default, all keys generated by rsatoc and included into barebox,
whether as C code or device tree snippets are added to the single key
ring that's used for FIT image verification. Users may want to add other
keys by the same means, but not have them available to FIT image
verification.

Support this use case by adding a -s option that generates standalone
keys. These are unreferenced by the key ring and automatic DT parsing
and expect the user to manually reference them, either via global
variable with a symbol name equal __key_${hint} or by looking into
/signature-standalone/key-${hint}.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 scripts/Makefile.lib |  2 +-
 scripts/rsatoc.c     | 34 ++++++++++++++++++++++++++--------
 2 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index fe77c83ba230..680dc486fd76 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -625,7 +625,7 @@ quiet_cmd_b64dec = B64DEC  $@
 # target file.
 quiet_cmd_rsa_keys = RSAKEY  $@
 cmd_rsa_keys = \
-	$(objtree)/scripts/rsatoc -o $@.tmp "$(2)" &&			\
+	$(objtree)/scripts/rsatoc -o $@.tmp "$(2)" $(3) &&		\
 	if cmp -s $@.tmp $@; then					\
 		rm $@.tmp;						\
 	else								\
diff --git a/scripts/rsatoc.c b/scripts/rsatoc.c
index f5b0ba27f9bc..6d10dca4169c 100644
--- a/scripts/rsatoc.c
+++ b/scripts/rsatoc.c
@@ -18,7 +18,7 @@
 #include <openssl/evp.h>
 #include <openssl/engine.h>
 
-static int dts;
+static int dts, standalone;
 
 static int rsa_err(const char *msg)
 {
@@ -454,17 +454,24 @@ static int gen_key(const char *keyname, const char *path)
 		print_bignum(r_squared, bits);
 		fprintf(outfilep, "\n};\n\n");
 
-		fprintf(outfilep, "static struct rsa_public_key %s = {\n", key_name_c);
+		if (standalone) {
+			fprintf(outfilep, "struct rsa_public_key __key_%s;\n", key_name_c);
+			fprintf(outfilep, "struct rsa_public_key __key_%s = {\n", key_name_c);
+		} else {
+			fprintf(outfilep, "static struct rsa_public_key %s = {\n", key_name_c);
+		}
+
 		fprintf(outfilep, "\t.len = %d,\n", bits / 32);
 		fprintf(outfilep, "\t.n0inv = 0x%0x,\n", n0_inv);
 		fprintf(outfilep, "\t.modulus = %s_modulus,\n", key_name_c);
 		fprintf(outfilep, "\t.rr = %s_rr,\n", key_name_c);
 		fprintf(outfilep, "\t.exponent = 0x%0lx,\n", exponent);
 		fprintf(outfilep, "\t.key_name_hint = \"%s\",\n", keyname);
-		fprintf(outfilep, "};\n\n");
+		fprintf(outfilep, "};\n");
 
-		fprintf(outfilep, "struct rsa_public_key *%sp __attribute__((section(\".rsa_keys.rodata.%s\"))) = &%s;\n",
-			key_name_c, key_name_c, key_name_c);
+		if (!standalone)
+			fprintf(outfilep, "\nstruct rsa_public_key *%sp __attribute__((section(\".rsa_keys.rodata.%s\"))) = &%s;\n",
+				key_name_c, key_name_c, key_name_c);
 	}
 
 	return 0;
@@ -478,7 +485,7 @@ int main(int argc, char *argv[])
 
 	outfilep = stdout;
 
-	while ((opt = getopt(argc, argv, "o:d")) > 0) {
+	while ((opt = getopt(argc, argv, "o:ds")) > 0) {
 		switch (opt) {
 		case 'o':
 			outfile = optarg;
@@ -486,6 +493,9 @@ int main(int argc, char *argv[])
 		case 'd':
 			dts = 1;
 			break;
+		case 's':
+			standalone = 1;
+			break;
 		}
 	}
 
@@ -499,14 +509,22 @@ int main(int argc, char *argv[])
 	}
 
 	if (optind == argc) {
-		fprintf(stderr, "Usage: %s <key_name_hint>:<crt> ...\n", argv[0]);
+		fprintf(stderr, "Usage: %s [-ods]  OUTFIE<key_name_hint>:<crt> ...\n", argv[0]);
+		fprintf(stderr, "\t-o FILE\twrite output into FILE instead of stdout\n");
+		fprintf(stderr, "\t-d\tgenerate device tree snippet instead of C code\n");
+		fprintf(stderr, "\t-s\tgenerate standalone key outside FIT image keyring\n");
 		exit(1);
 	}
 
 	if (dts) {
 		fprintf(outfilep, "/dts-v1/;\n");
 		fprintf(outfilep, "/ {\n");
-		fprintf(outfilep, "\tsignature {\n");
+		if (standalone)
+			fprintf(outfilep, "\tsignature-standalone {\n");
+		else
+			fprintf(outfilep, "\tsignature {\n");
+	} else if (standalone) {
+		fprintf(outfilep, "#include <rsa.h>\n");
 	}
 
 	for (i = optind; i < argc; i++) {
-- 
2.39.2

Re: [PATCH 0/5] rsatoc: make useful for standalone RSA keys

[Sascha Hauer]

On Thu, Sep 21, 2023 at 12:23:05PM +0200, Ahmad Fatoum wrote:
> Standalone RSA public keys are those that aren't part of the default
> keyring used for FIT verification. This can be useful if barebox is to
> do board-specific RSA verification of e.g. unlock tokens.
> 
> This series lays first ground work.
> 
> Ahmad Fatoum (4):
>   scripts: allow user to build rsatoc if COMPILE_HOST_TOOLS
>   rsatoc: support extracting RSA public key from X.509 SPKI format
>   rsa: fix typos and missing type definitions
>   rsatoc: support generating standalone keys unreferenced by FIT keyring
> 
> Rouven Czerwinski (1):
>   rsa: escape pkcs11 string passed to RSA command

Applied, thanks

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |