[U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash
Marek Vasut
marex at denx.de
Thu Feb 6 04:47:06 CET 2014
Add support for "sha256,rsa2048" signature. This patch utilises the previously
laid groundwork for adding other hashes.
Signed-off-by: Marek Vasut <marex at denx.de>
---
common/image-sig.c | 8 +++++++-
lib/rsa/rsa-sign.c | 5 +++++
lib/rsa/rsa-verify.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 973b06d..c3d63bc 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -23,7 +23,13 @@ struct image_sig_algo image_sig_algos[] = {
rsa_sign,
rsa_add_verify_data,
rsa_verify,
- }
+ },
+ {
+ "sha256,rsa2048",
+ rsa_sign,
+ rsa_add_verify_data,
+ rsa_verify,
+ },
};
struct image_sig_algo *image_get_sig_algo(const char *name)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 4e11720..f1167b1 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -17,6 +17,7 @@
enum rsa_hash_type {
RSA_HASH_SHA1,
+ RSA_HASH_SHA256,
RSA_HASH_UNKNOWN,
};
@@ -169,6 +170,8 @@ static const EVP_MD *rsa_sign_get_hash(enum rsa_hash_type hash)
switch (hash) {
case RSA_HASH_SHA1:
return EVP_sha1();
+ case RSA_HASH_SHA256:
+ return EVP_sha256();
default: /* This must never happen. */
rsa_err("Invalid hash type!\n");
exit(1);
@@ -258,6 +261,8 @@ static enum rsa_hash_type rsa_get_sha_type(struct image_sign_info *info)
if (!strncmp(info->algo->name, "sha1", hash_str_len))
return RSA_HASH_SHA1;
+ else if (!strncmp(info->algo->name, "sha256", hash_str_len))
+ return RSA_HASH_SHA256;
else
return RSA_HASH_UNKNOWN;
}
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 9617f8d..67fb882 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -9,6 +9,7 @@
#include <malloc.h>
#include <rsa.h>
#include <sha1.h>
+#include <sha256.h>
#include <asm/byteorder.h>
#include <asm/errno.h>
#include <asm/unaligned.h>
@@ -70,6 +71,37 @@ static const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = {
0x05, 0x00, 0x04, 0x14
};
+static const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = {
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+ 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
+};
+
/**
* subtract_modulus() - subtract modulus from the given value
*
@@ -337,6 +369,28 @@ rsa_compute_hash_sha1(const struct image_region region[], int region_count,
return 0;
}
+static int
+rsa_compute_hash_sha256(const struct image_region region[], int region_count,
+ uint8_t **out_hash)
+{
+ sha256_context ctx;
+ int i;
+ uint8_t *hash;
+
+ hash = calloc(1, SHA256_SUM_LEN);
+ if (!hash)
+ return -ENOMEM;
+
+ sha256_starts(&ctx);
+ for (i = 0; i < region_count; i++)
+ sha256_update(&ctx, region[i].data, region[i].size);
+ sha256_finish(&ctx, hash);
+
+ *out_hash = hash;
+
+ return 0;
+}
+
static int rsa_compute_hash(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t **out_hash, const uint8_t **padding,
@@ -349,6 +403,10 @@ static int rsa_compute_hash(struct image_sign_info *info,
pad = padding_sha1_rsa2048;
len = RSA2048_BYTES - SHA1_SUM_LEN;
ret = rsa_compute_hash_sha1(region, region_count, out_hash);
+ } else if (!strcmp(info->algo->name, "sha256,rsa2048")) {
+ pad = padding_sha256_rsa2048;
+ len = RSA2048_BYTES - SHA256_SUM_LEN;
+ ret = rsa_compute_hash_sha256(region, region_count, out_hash);
} else {
ret = -EINVAL;
}
--
1.8.5.3
More information about the U-Boot
mailing list