scripts/imgtool: add pkcs11 support

Author: M1cha

scripts/imgtool/keys/__init__.py

@@ -29,11 +29,17 @@
 from cryptography.hazmat.primitives.asymmetric.x25519 import (
     X25519PrivateKey, X25519PublicKey)
 
+import pkcs11
+import pkcs11.exceptions
+import sys
+
 from .rsa import RSA, RSAPublic, RSAUsageError, RSA_KEY_SIZES
 from .ecdsa import ECDSA256P1, ECDSA256P1Public, ECDSAUsageError
 from .ed25519 import Ed25519, Ed25519Public, Ed25519UsageError
 from .x25519 import X25519, X25519Public, X25519UsageError
 
+from .imgtool_keys_pkcs11 import PKCS11
+
 
 class PasswordRequired(Exception):
     """Raised to indicate that the key is password protected, but a
@@ -42,6 +48,19 @@ class PasswordRequired(Exception):
 
 
 def load(path, passwd=None):
+    if path == "pkcs11":
+        try:
+            return PKCS11()
+        except pkcs11.exceptions.PinIncorrect:
+            print('ERROR: WRONG PIN')
+            sys.exit(1)
+        except pkcs11.exceptions.PinLocked:
+            print('ERROR: WRONG PIN, MAX ATTEMPTS REACHED. CONTACT YOUR SECURITY OFFICER.')
+            sys.exit(1)
+        except pkcs11.exceptions.DataLenRange:
+            print('ERROR: \'DataLenRange\' (maybe the PIN is too short?)')
+            sys.exit(1)
+
     """Try loading a key from the given path.  Returns None if the password wasn't specified."""
     with open(path, 'rb') as f:
         raw_pem = f.read()

scripts/imgtool/keys/imgtool_keys_pkcs11.py

@@ -0,0 +1,98 @@
+"""
+PKCS11 key management
+"""
+
+import hashlib
+import os
+import oscrypto.asymmetric
+import pkcs11
+import pkcs11.util.ec
+
+from .general import KeyClass
+
+
+class PKCS11UsageError(Exception):
+    pass
+
+
+class PKCS11(KeyClass):
+    def __init__(self, env=os.environ):
+        lib = pkcs11.lib(env['PKCS11_MODULE'])
+        self.token = lib.get_token(token_label=env['PKCS11_TOKEN_LABEL'])
+        self.key_id = bytes.fromhex(env['PKCS11_KEY_ID'])
+        self.session = self.token.open(user_pin=env['PKCS11_PIN'])
+
+    def __del__(self):
+        if hasattr(self, 'session'):
+            self.session.close()
+
+    def shortname(self):
+        return "ecdsa"
+
+    def _unsupported(self, name):
+        raise PKCS11UsageError("Operation {} requires private key".format(name))
+
+    def get_public_bytes(self):
+        pub = self.session.get_key(
+            id=self.key_id, key_type=pkcs11.KeyType.EC, object_class=pkcs11.ObjectClass.PUBLIC_KEY)
+        key = oscrypto.asymmetric.load_public_key(
+            pkcs11.util.ec.encode_ec_public_key(pub))
+        key = pkcs11.util.ec.encode_ec_public_key(pub)
+        return key
+
+    def get_private_bytes(self, minimal):
+        self._unsupported('get_private_bytes')
+
+    def export_private(self, path, passwd=None):
+        self._unsupported('export_private')
+
+    def export_public(self, path):
+        """Write the public key to the given file."""
+        pub = self.session.get_key(
+            id=self.key_id, key_type=pkcs11.KeyType.EC, object_class=pkcs11.ObjectClass.PUBLIC_KEY)
+        key = oscrypto.asymmetric.load_public_key(
+            pkcs11.util.ec.encode_ec_public_key(pub))
+        pem = oscrypto.asymmetric.dump_public_key(key, encoding='pem')
+
+        with open(path, 'wb') as f:
+            f.write(pem)
+
+    def sig_type(self):
+        return "ECDSA256_SHA256"
+
+    def sig_tlv(self):
+        return "ECDSA256"
+
+    def sig_len(self):
+        # The DER encoding depends on the high bit, and can be
+        # anywhere from 70 to 72 bytes.  Because we have to fill in
+        # the length field before computing the signature, however,
+        # we'll give the largest, and the sig checking code will allow
+        # for it to be up to two bytes larger than the actual
+        # signature.
+        return 72
+
+    def raw_sign(self, payload):
+        """Return the actual signature"""
+        priv = self.session.get_key(
+            id=self.key_id, key_type=pkcs11.KeyType.EC, object_class=pkcs11.ObjectClass.PRIVATE_KEY)
+        sig = priv.sign(hashlib.sha256(payload).digest(),
+                        mechanism=pkcs11.Mechanism.ECDSA)
+        return pkcs11.util.ec.encode_ecdsa_signature(sig)
+
+    def sign(self, payload):
+        # To make fixed length, pad with one or two zeros.
+        while True:
+            sig = self.raw_sign(payload)
+            if sig[-1] != 0x00:
+                break
+
+        sig += b'\000' * (self.sig_len() - len(sig))
+        return sig
+
+    def verify(self, signature, payload):
+        # strip possible paddings added during sign
+        signature = signature[:signature[1] + 2]
+
+        k = oscrypto.asymmetric.load_public_key(self.get_public_bytes())
+        return oscrypto.asymmetric.ecdsa_verify(k, signature, payload, 'sha256')

scripts/imgtool/keys/imgtool_keys_pkcs11_test.py

@@ -0,0 +1,107 @@
+"""
+Tests for PKCS11 keys
+"""
+
+import io
+import os.path
+import sys
+import tempfile
+import unittest
+import oscrypto
+import oscrypto.errors
+import pkcs11
+import pkcs11.exceptions
+
+sys.path.insert(0, os.path.abspath(
+    os.path.join(os.path.dirname(__file__), '../..')))
+
+from imgtool.keys import load, PKCS11
+
+
+class EcKeyGeneration(unittest.TestCase):
+
+    def setUp(self):
+        self.test_dir = tempfile.TemporaryDirectory()
+
+    def tname(self, base):
+        return os.path.join(self.test_dir.name, base)
+
+    def tearDown(self):
+        self.test_dir.cleanup()
+
+    def test_emit(self):
+        """Basic sanity check on the code emitters."""
+        k = PKCS11()
+
+        ccode = io.StringIO()
+        k.emit_c_public(ccode)
+        self.assertIn("ecdsa_pub_key", ccode.getvalue())
+        self.assertIn("ecdsa_pub_key_len", ccode.getvalue())
+
+        rustcode = io.StringIO()
+        k.emit_rust_public(rustcode)
+        self.assertIn("ECDSA_PUB_KEY", rustcode.getvalue())
+
+    def test_emit_pub(self):
+        """Basic sanity check on the code emitters."""
+        pubname = self.tname("public.pem")
+        k = PKCS11()
+        k.export_public(pubname)
+
+        k2 = load(pubname)
+
+        ccode = io.StringIO()
+        k2.emit_c_public(ccode)
+        self.assertIn("ecdsa_pub_key", ccode.getvalue())
+        self.assertIn("ecdsa_pub_key_len", ccode.getvalue())
+
+        rustcode = io.StringIO()
+        k2.emit_rust_public(rustcode)
+        self.assertIn("ECDSA_PUB_KEY", rustcode.getvalue())
+
+    def test_sig(self):
+        k = PKCS11()
+        buf = b'This is the message'
+        sig = k.raw_sign(buf)
+
+        k.verify(
+            signature=sig,
+            payload=buf)
+
+        # Modify the message to make sure the signature fails.
+        self.assertRaises(oscrypto.errors.SignatureError,
+                          k.verify,
+                          signature=sig,
+                          payload=b'This is thE message')
+
+    def clone_env(self):
+        return {
+            'PKCS11_MODULE': os.environ['PKCS11_MODULE'],
+            'PKCS11_TOKEN_LABEL': os.environ['PKCS11_TOKEN_LABEL'],
+            'PKCS11_KEY_ID': os.environ['PKCS11_KEY_ID'],
+            'PKCS11_PIN': os.environ['PKCS11_PIN'],
+        }
+
+    def test_env(self):
+        env = self.clone_env()
+        env['PKCS11_MODULE'] = '/invalid/path'
+        self.assertRaises(
+            pkcs11.exceptions.AlreadyInitialized, PKCS11, env=env)
+
+        env = self.clone_env()
+        env['PKCS11_TOKEN_LABEL'] = 'invalid_label'
+        self.assertRaises(pkcs11.exceptions.NoSuchToken, PKCS11, env=env)
+
+        env = self.clone_env()
+        env['PKCS11_PIN'] = '123456'
+        self.assertRaises(pkcs11.exceptions.PinIncorrect, PKCS11, env=env)
+
+        env = self.clone_env()
+        env['PKCS11_KEY_ID'] = '00'
+        k = PKCS11(env)
+        self.assertRaises(pkcs11.exceptions.NoSuchKey,
+                          k.raw_sign, payload=b'test')
+
+
+if __name__ == '__main__':
+    unittest.main()

scripts/requirements.txt

@@ -2,3 +2,7 @@ cryptography>=2.6
 intelhex
 click
 cbor>=1.0.0
+oscrypto
+
+# the current release doesn't parse 0-bytes in token labels correctly
+-e git+https://github.com/danni/python-pkcs11.git@3639994#egg=python-pkcs11