static int get_rsa_pub_key(const char *path, struct rsa_public_key *key) { BIGNUM *modulus, *r_squared; uint32_t n0_inv; int ret; int bits; RSA *rsa; ret = rsa_get_pub_key(path, &rsa); if (ret) return ret; ret = rsa_get_params(rsa, &n0_inv, &modulus, &r_squared); if (ret) return ret; bits = BN_num_bits(modulus); get_key_bignum(modulus, bits, key->modulus); get_key_bignum(r_squared, bits, key->rr); key->len = htonl(bits); key->n0inv = htonl(n0_inv); BN_free(modulus); BN_free(r_squared); return 0; }
int rsa_add_verify_data(struct image_sign_info *info, void *keydest) { BIGNUM *modulus, *r_squared; uint64_t exponent; uint32_t n0_inv; int parent, node; char name[100]; int ret; int bits; RSA *rsa; debug("%s: Getting verification data\n", __func__); ret = rsa_get_pub_key(info->keydir, info->keyname, &rsa); if (ret) return ret; ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared); if (ret) return ret; bits = BN_num_bits(modulus); parent = fdt_subnode_offset(keydest, 0, FIT_SIG_NODENAME); if (parent == -FDT_ERR_NOTFOUND) { parent = fdt_add_subnode(keydest, 0, FIT_SIG_NODENAME); if (parent < 0) { ret = parent; if (ret != -FDT_ERR_NOSPACE) { fprintf(stderr, "Couldn't create signature node: %s\n", fdt_strerror(parent)); } } } if (ret) goto done; /* Either create or overwrite the named key node */ snprintf(name, sizeof(name), "key-%s", info->keyname); node = fdt_subnode_offset(keydest, parent, name); if (node == -FDT_ERR_NOTFOUND) { node = fdt_add_subnode(keydest, parent, name); if (node < 0) { ret = node; if (ret != -FDT_ERR_NOSPACE) { fprintf(stderr, "Could not create key subnode: %s\n", fdt_strerror(node)); } } } else if (node < 0) { fprintf(stderr, "Cannot select keys parent: %s\n", fdt_strerror(node)); ret = node; } if (!ret) { ret = fdt_setprop_string(keydest, node, "key-name-hint", info->keyname); } if (!ret) ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits); if (!ret) ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv); if (!ret) { ret = fdt_setprop_u64(keydest, node, "rsa,exponent", exponent); } if (!ret) { ret = fdt_add_bignum(keydest, node, "rsa,modulus", modulus, bits); } if (!ret) { ret = fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared, bits); } if (!ret) { ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP, info->name); } if (!ret && info->require_keys) { ret = fdt_setprop_string(keydest, node, "required", info->require_keys); } done: BN_free(modulus); BN_free(r_squared); if (ret) return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; return 0; }