ATF密钥生成和验签

Liangtao`

已于 2024-04-09 14:01:13 修改

阅读量458

点赞数 4

分类专栏： ATF 文章标签： ATF SecureBoot ARM 安全加密算法

于 2024-04-09 14:00:07 首次发布

本文链接：https://blog.csdn.net/qq_27350133/article/details/137549653

版权

ATF 专栏收录该内容

4 篇文章 1 订阅

订阅专栏

ATF密钥生成和验签

根密钥生成

密钥的生成依赖openssl库，需要提前安装：
```
sudo apt-get install openssl
```
生成.pem格式的RSA4096私钥
```
openssl genrsa -out pri_key.pem 4096
```

生成对应的DER格式公钥

 openssl rsa -in pri_key.pem -pubout -out pub_key.der -outform DER

计算公钥hash

openssl dgst -sha256 -binary pub_key.der > pub_key_sha256.bin

这里生成的私钥即可用于image的签名，公钥可用于验签，rotpk（根公钥）的hash通常存储在efuse或者otp中。根据ATF中定义的CoT实例，rotpk用于对trusted_boot_fw_cert和trusted_key_cert进行验签。

‍

为什么不直接在efuse和otp中直接存储公钥？

原因之一为公钥通常比较大，直接放在efuse中会占用较大空间，不划算。而使用sha256算法进行hash计算得到的摘要仅256bit，存储在efuse中不会占太大空间。

验签

由于efuse中存储的值是rotpk的hash，这样就导致一个问题，在信任链建立的初始阶段，无法从efuse中直接得到公钥对image进行验签，该如何解决？

因为trusted_boot_fw_cert和trusted_key_cert是使用根密钥进行签名的，对应的公钥会被存储在x509证书内部。

x509证书结构

重要的组成部分为与签名该证书的私钥对应的公钥，尾部的证书自身的签名。

那么在验签的时候就需要：

从证书中取出公钥对证书本身进行验签。这样保证了证书内容没被修改，但是不能保证公钥是否被修改。验签详细步骤为：
- 从证书中提取数字签名。
- 使用相同的哈希函数对证书内容（除了数字签名）进行哈希计算，得到一个新的哈希值。
- 使用公钥对数字签名进行解密，解密后应该得到与新哈希值相同的原始哈希值。
- 如果解密后的哈希值与新计算的哈希值相同，那么数字签名验证成功，这表明证书未被篡改。
然后需要对从证书中取出的公钥计算hash，并与efuse中存储的hash值做比较。如果相同则验签通过，否则验签失败。

对应的code位于drivers/auth/auth_mod.c：

/*
 * Authenticate by digital signature
 *
 * This function implements 'AUTH_METHOD_SIG'. To authenticate an image using
 * this method, the image must contain:
 *
 *   - Data to be signed
 *   - Signature
 *   - Signature algorithm
 *
 * We rely on the image parser module to extract this data from the image.
 * The parent image must contain:
 *
 *   - Public key (or a hash of it)
 *
 * If the parent image contains only a hash of the key, we will try to obtain
 * the public key from the image itself (i.e. self-signed certificates). In that
 * case, the signature verification is considered just an integrity check and
 * the authentication is established by calculating the hash of the key and
 * comparing it with the hash obtained from the parent.
 *
 * If the image has no parent (NULL), it means it has to be authenticated using
 * the ROTPK stored in the platform. Again, this ROTPK could be the key itself
 * or a hash of it.
 *
 * Return: 0 = success, Otherwise = error
 */
static int auth_signature(const auth_method_param_sig_t *param,
			  const auth_img_desc_t *img_desc,
			  void *img, unsigned int img_len)
{
	void *data_ptr, *pk_ptr, *pk_hash_ptr, *sig_ptr, *sig_alg_ptr;
	unsigned int data_len, pk_len, pk_hash_len, sig_len, sig_alg_len;
	unsigned int flags = 0;
	int rc = 0;

	/* Get the data to be signed from current image */
	rc = img_parser_get_auth_param(img_desc->img_type, param->data,
			img, img_len, &data_ptr, &data_len);
	return_if_error(rc);

	/* Get the signature from current image */
	rc = img_parser_get_auth_param(img_desc->img_type, param->sig,
			img, img_len, &sig_ptr, &sig_len);
	return_if_error(rc);

	/* Get the signature algorithm from current image */
	rc = img_parser_get_auth_param(img_desc->img_type, param->alg,
			img, img_len, &sig_alg_ptr, &sig_alg_len);
	return_if_error(rc);

	/* Get the public key from the parent. If there is no parent (NULL),
	 * the certificate has been signed with the ROTPK, so we have to get
	 * the PK from the platform */
	if (img_desc->parent) {
		rc = auth_get_param(param->pk, img_desc->parent,
				&pk_ptr, &pk_len);
	} else {
		rc = plat_get_rotpk_info(param->pk->cookie, &pk_ptr, &pk_len,
				&flags);
	}
	return_if_error(rc);

	//如果ROTPK是hash，就需要从证书中获取公钥，使用这个公钥验签
	if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) {
		/* If the PK is a hash of the key or if the ROTPK is not
		   deployed on the platform, retrieve the key from the image */
		pk_hash_ptr = pk_ptr;
		pk_hash_len = pk_len;
		rc = img_parser_get_auth_param(img_desc->img_type,
					param->pk, img, img_len,
					&pk_ptr, &pk_len);
		return_if_error(rc);

		/* Ask the crypto module to verify the signature */
		rc = crypto_mod_verify_signature(data_ptr, data_len,
						 sig_ptr, sig_len,
						 sig_alg_ptr, sig_alg_len,
						 pk_ptr, pk_len);
		return_if_error(rc);

		if (flags & ROTPK_NOT_DEPLOYED) {
			NOTICE("ROTPK is not deployed on platform. "
				"Skipping ROTPK verification.\n");
		} else {
#if PLAT_VERIFY_ROTPK
		//还需要验证证书中公钥是否合法，这是平台定义的，一般是计算公钥hash并与OTP中的hash对比。
			rc = plat_verify_rotpk(pk_ptr, pk_len,
					pk_hash_ptr, pk_hash_len);
#else
			/* platform may store the hash of a prefixed, suffixed or modified pk */
			rc = plat_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len);
			return_if_error(rc);

			/* Ask the crypto-module to verify the key hash */
			rc = crypto_mod_verify_hash(pk_ptr, pk_len,
				    pk_hash_ptr, pk_hash_len);
#endif
		}
	} else {
		/* Ask the crypto module to verify the signature */
		rc = crypto_mod_verify_signature(data_ptr, data_len,
						 sig_ptr, sig_len,
						 sig_alg_ptr, sig_alg_len,
						 pk_ptr, pk_len);
	}

	return rc;
}