code signing tool with hardware security module

lwn · ‎08-25-2017

Hello,

The code-signing-tool requires access to private/public keys for generating the secure boot headers.

However, the need for having private key files in plain text on the file system for using CST is rather bad.

Private/privileged cryptographic material should be generated and accessible only within a secured environment like a hardware-security-module.

Is there (eventually going to be) any support in the CST to hand off RSA operations with private keys to a HSM?

Right now, there is always this loose end at the very beginning of the trusted-boot-chain, which contradicts best practices from a security standpoint.

u-boot/mkimage already has such capabilities: Add support for signing with pkcs11 -> http://git.denx.de/?p=u-boot.git;a=commit;h=f1ca1fdebf1cde1c37c91b3d85f8b7af111112ea

Thank you!

marouene_boubakri · ‎05-23-2018

The best approach would be creating an OpenSSL engine which talks to your HSM.

You create the CMS signature using OpenSSL's public accessors. OpenSSL in his turn will offload any cryprohraphic operation involved during signing to the HSM.

You can find a detailed answer here https://community.nxp.com/message/1021666

ayoubzaki · ‎05-03-2018

Hi,

we succesfully extended the CST backend code to allow signing code using HSM Module using PKCS11.

we also developed a solution that enable CST to remotely sign the code using Keys/HSM stored on other server over a secure channel.

For more information or inquiries you can contact us at :

info@embexus.com

https://embexus.com

Best regards,

brianmiller · ‎11-06-2017

The CST v2.3.2 back end code, included with the tool, can be rewritten to support an HSM. I ported it for my company to support the Amazon CloudHSM service. Most of it is trivial, except for when you want to generate the signing information. The HSM does not support CSM syntax signatures, but you can dig into the OpenSSL code and call the appropriate bits to construct the expected signature. You will need to link directly to the libcrypto.a file, instead of dynamically loading your system's file. Working through the OpenSSL code is tedious, but it's necessary. You'll have to pick a specific OpenSSL version, and then stick with it.

lwn · ‎11-08-2017

If it's not asked to much, would it be possible to get a diff-patch of your modifications, as a starting point?

brianmiller · ‎11-08-2017

Unfortunately, the patch would be massive. I've removed all unused functions, and rewritten a good chunk of what remained. And then it would take weeks for the code to be cleared to be let out of the company.

Since the hard part is creating the final CMS signature, here's the sequence of OpenSSL functions you'll need to call:
EVP_get_digestbyname()
d2i_X509()
CMS_ContentInfo_new()
ASN1_OBJECT_free()
CMS_SignedData_init()
M_ASN1_new_of()
cms_set1_SignerIdentifier()
cms_DigestAlgorithm_set() /* for mechanism */
cms_DigestAlgorithm_set() /* for message digest algorithm */
sk_X509_ALGOR_push()
CMS_SignerInfo_get0_algs()
X509_ALGOR_set0()
sk_CMS_SignerInfo_push()
CMS_signed_add1_attr_by_NID() /* for message digest */
CMS_signed_add1_attr_by_NID() /* for X509_gmtime_adj() */
CMS_signed_add1_attr_by_NID() /* for content type */
ASN1_item_i2d() /* for signed attributes */
/* finalize HSM digest */
ASN1_STRING_set0() /* add signature data */
ASN1_item_i2d() /* for CMS content info */

All of this is based on the OpenSSL code. Look in cms_smime.c CMS_sign(), cms_sd.c CMS_add1_signer() and CMS_SignerInfo_sign(). First get familiar with the HSM sample code and functions, and then write a signature function. Then you'll be able to plug it into the CST code without much difficulty.

code signing tool with hardware security module

code signing tool with hardware security module

QorIQ T1 Devices