[U-Boot] [PATCH 4/7] rsa: add sha256-rsa2048 algorithm

Simon Glass sjg at chromium.org
Sun Jan 26 22:10:26 CET 2014


Hi Heiko,

On 24 January 2014 23:44, Heiko Schocher <hs at denx.de> wrote:
> based on patch from andreas at oetken.name:
>
> http://patchwork.ozlabs.org/patch/294318/

Should probably add the full commit message in here.

>
> - removed checkpatch warnings
> - removed compiler warnings
> - rebased against current head
>
> Signed-off-by: Heiko Schocher <hs at denx.de>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: andreas at oetken.name
> ---
>  common/image-sig.c     | 33 +++++++++++++++++
>  include/image.h        | 21 +++++++++++
>  include/rsa-checksum.h | 25 +++++++++++++
>  include/rsa.h          | 25 +++++++++++++
>  lib/rsa/Makefile       |  2 +-
>  lib/rsa/rsa-checksum.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  lib/rsa/rsa-sign.c     | 10 +++---
>  lib/rsa/rsa-verify.c   | 83 +++++++++++++-----------------------------
>  8 files changed, 233 insertions(+), 64 deletions(-)
>  create mode 100644 include/rsa-checksum.h
>  create mode 100644 lib/rsa/rsa-checksum.c
>
> diff --git a/common/image-sig.c b/common/image-sig.c
> index 973b06d..8b212a7 100644
> --- a/common/image-sig.c
> +++ b/common/image-sig.c
> @@ -14,15 +14,47 @@ DECLARE_GLOBAL_DATA_PTR;
>  #endif /* !USE_HOSTCC*/
>  #include <image.h>
>  #include <rsa.h>
> +#include <rsa-checksum.h>
>
>  #define IMAGE_MAX_HASHED_NODES         100
>
> +#if defined(CONFIG_FIT_SIGNATURE)
> +struct checksum_algo checksum_algos[] = {
> +       {
> +               "sha1",
> +               SHA1_SUM_LEN,
> +#if IMAGE_ENABLE_SIGN
> +               EVP_sha1,
> +#else
> +               sha1_calculate,
> +               padding_sha1_rsa2048,
> +#endif
> +       },
> +       {
> +               "sha256",
> +               SHA256_SUM_LEN,
> +#if IMAGE_ENABLE_SIGN
> +               EVP_sha256,
> +#else
> +               sha256_calculate,
> +               padding_sha256_rsa2048,
> +#endif
> +       }
> +};
>  struct image_sig_algo image_sig_algos[] = {
>         {
>                 "sha1,rsa2048",
>                 rsa_sign,
>                 rsa_add_verify_data,
>                 rsa_verify,
> +               &checksum_algos[0],
> +       },
> +       {
> +               "sha256,rsa2048",
> +               rsa_sign,
> +               rsa_add_verify_data,
> +               rsa_verify,
> +               &checksum_algos[1],
>         }
>  };
>
> @@ -407,3 +439,4 @@ int fit_config_verify(const void *fit, int conf_noffset)
>         return !fit_config_verify_required_sigs(fit, conf_noffset,
>                                                 gd_fdt_blob());
>  }
> +#endif
> diff --git a/include/image.h b/include/image.h
> index f001a5f..eb3429f 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -832,6 +832,7 @@ int calculate_hash(const void *data, int data_len, const char *algo,
>  # ifdef USE_HOSTCC
>  #  define IMAGE_ENABLE_SIGN    1
>  #  define IMAGE_ENABLE_VERIFY  0
> +# include  <openssl/evp.h>
>  #else
>  #  define IMAGE_ENABLE_SIGN    0
>  #  define IMAGE_ENABLE_VERIFY  1
> @@ -871,6 +872,23 @@ struct image_region {
>         int size;
>  };
>
> +#if IMAGE_ENABLE_VERIFY
> +# include <rsa-checksum.h>
> +#endif
> +struct checksum_algo {
> +       const char *name;
> +       const int checksum_len;
> +#if IMAGE_ENABLE_SIGN
> +       const EVP_MD *(*calculate)(void);
> +#else
> +#if IMAGE_ENABLE_VERIFY
> +       void (*calculate)(const struct image_region region[],
> +                         int region_count, uint8_t *checksum);
> +       const uint8_t *rsa_padding;
> +#endif
> +#endif
> +};
> +
>  struct image_sig_algo {
>         const char *name;               /* Name of algorithm */
>
> @@ -921,6 +939,9 @@ struct image_sig_algo {
>         int (*verify)(struct image_sign_info *info,
>                       const struct image_region region[], int region_count,
>                       uint8_t *sig, uint sig_len);
> +
> +       /* pointer to checksum algorithm */
> +       struct checksum_algo *checksum;
>  };
>
>  /**
> diff --git a/include/rsa-checksum.h b/include/rsa-checksum.h
> new file mode 100644
> index 0000000..12494a6
> --- /dev/null
> +++ b/include/rsa-checksum.h
> @@ -0,0 +1,25 @@
> +/*
> + * Copyright (c) 2013, Andreas Oetken.
> + *
> + * SPDX-License-Identifier:    GPL-2.0+
> +*/
> +
> +#ifndef _RSA_CHECKSUM_H
> +#define _RSA_CHECKSUM_H
> +
> +#include <errno.h>
> +#include <image.h>
> +#include <sha1.h>
> +#include <sha256.h>
> +
> +#if IMAGE_ENABLE_VERIFY
> +extern const uint8_t padding_sha256_rsa2048[];
> +extern const uint8_t padding_sha1_rsa2048[];
> +
> +void sha256_calculate(const struct image_region region[], int region_count,
> +                     uint8_t *checksum);
> +void sha1_calculate(const struct image_region region[], int region_count,
> +                   uint8_t *checksum);
> +#endif
> +
> +#endif
> diff --git a/include/rsa.h b/include/rsa.h
> index add4c78..adf809b 100644
> --- a/include/rsa.h
> +++ b/include/rsa.h
> @@ -15,6 +15,20 @@
>  #include <errno.h>
>  #include <image.h>
>
> +/**
> + * struct rsa_public_key - holder for a public key
> + *
> + * An RSA public key consists of a modulus (typically called N), the inverse
> + * and R^2, where R is 2^(# key bits).
> + */
> +
> +struct rsa_public_key {
> +       uint len;        /* Length of modulus[] in number of uint32_t */
> +       uint32_t n0inv;        /* -1 / modulus[0] mod 2^32 */
> +       uint32_t *modulus;    /* modulus as little endian array */
> +       uint32_t *rr;        /* R^2 as little endian array */
> +};
> +
>  #if IMAGE_ENABLE_SIGN
>  /**
>   * sign() - calculate and return signature for given input data
> @@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
>  int rsa_verify(struct image_sign_info *info,
>                const struct image_region region[], int region_count,
>                uint8_t *sig, uint sig_len);
> +
> +int rsa_verify_256(struct image_sign_info *info,
> +              const struct image_region region[], int region_count,
> +              uint8_t *sig, uint sig_len);

Do we need to create this as a separate function? It seems a bit icky.
Can rsa_verify() not handle both?

>  #else
>  static inline int rsa_verify(struct image_sign_info *info,
>                 const struct image_region region[], int region_count,
> @@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info *info,
>  {
>         return -ENXIO;
>  }
> +
> +static inline int rsa_verify_256(struct image_sign_info *info,
> +               const struct image_region region[], int region_count,
> +               uint8_t *sig, uint sig_len)
> +{
> +       return -ENXIO;
> +}
>  #endif
>
>  #endif
> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
> index 164ab39..a5a96cb6 100644
> --- a/lib/rsa/Makefile
> +++ b/lib/rsa/Makefile
> @@ -7,4 +7,4 @@
>  # SPDX-License-Identifier:     GPL-2.0+
>  #
>
> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o
> +obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
> new file mode 100644
> index 0000000..e520e1c
> --- /dev/null
> +++ b/lib/rsa/rsa-checksum.c
> @@ -0,0 +1,98 @@
> +/*
> + * Copyright (c) 2013, Andreas Oetken.
> + *
> + * SPDX-License-Identifier:    GPL-2.0+
> + */
> +
> +#include <common.h>
> +#include <fdtdec.h>
> +#include <rsa.h>
> +#include <sha1.h>
> +#include <sha256.h>
> +#include <asm/byteorder.h>
> +#include <asm/errno.h>
> +#include <asm/unaligned.h>
> +
> +#define RSA2048_BYTES 256
> +
> +/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
> +
> +const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = {
> +0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
> +0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
> +0x00, 0x04, 0x20
> +};
> +
> +const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = {
> +       0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> +       0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30,
> +       0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
> +       0x05, 0x00, 0x04, 0x14
> +};
> +
> +void sha1_calculate(const struct image_region region[], int region_count,
> +                   uint8_t *checksum)
> +{
> +       sha1_context ctx;
> +       uint32_t i;
> +       i = 0;
> +
> +       sha1_starts(&ctx);
> +       for (i = 0; i < region_count; i++)
> +               sha1_update(&ctx, region[i].data, region[i].size);
> +       sha1_finish(&ctx, checksum);
> +}
> +
> +void sha256_calculate(const struct image_region region[], int region_count,
> +                     uint8_t *checksum)
> +{
> +       sha256_context ctx;
> +       uint32_t i;
> +       i = 0;
> +
> +       sha256_starts(&ctx);
> +       for (i = 0; i < region_count; i++)
> +               sha256_update(&ctx, region[i].data, region[i].size);
> +       sha256_finish(&ctx, checksum);
> +}
> diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
> index 549130e..0fe6e9f 100644
> --- a/lib/rsa/rsa-sign.c
> +++ b/lib/rsa/rsa-sign.c
> @@ -159,8 +159,9 @@ static void rsa_remove(void)
>         EVP_cleanup();
>  }
>
> -static int rsa_sign_with_key(RSA *rsa, const struct image_region region[],
> -               int region_count, uint8_t **sigp, uint *sig_size)
> +static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
> +               const struct image_region region[], int region_count,
> +               uint8_t **sigp, uint *sig_size)
>  {
>         EVP_PKEY *key;
>         EVP_MD_CTX *context;
> @@ -192,7 +193,7 @@ static int rsa_sign_with_key(RSA *rsa, const struct image_region region[],
>                 goto err_create;
>         }
>         EVP_MD_CTX_init(context);
> -       if (!EVP_SignInit(context, EVP_sha1())) {
> +       if (!EVP_SignInit(context, checksum_algo->calculate())) {
>                 ret = rsa_err("Signer setup failed");
>                 goto err_sign;
>         }
> @@ -242,7 +243,8 @@ int rsa_sign(struct image_sign_info *info,
>         ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa);
>         if (ret)
>                 goto err_priv;
> -       ret = rsa_sign_with_key(rsa, region, region_count, sigp, sig_len);
> +       ret = rsa_sign_with_key(rsa, info->algo->checksum, region,
> +                               region_count, sigp, sig_len);
>         if (ret)
>                 goto err_sign;
>
> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> index 02cc4e3..b3573a8 100644
> --- a/lib/rsa/rsa-verify.c
> +++ b/lib/rsa/rsa-verify.c
> @@ -8,23 +8,11 @@
>  #include <fdtdec.h>
>  #include <rsa.h>
>  #include <sha1.h>
> +#include <sha256.h>
>  #include <asm/byteorder.h>
>  #include <asm/errno.h>
>  #include <asm/unaligned.h>
>
> -/**
> - * struct rsa_public_key - holder for a public key
> - *
> - * An RSA public key consists of a modulus (typically called N), the inverse
> - * and R^2, where R is 2^(# key bits).
> - */
> -struct rsa_public_key {
> -       uint len;               /* Length of modulus[] in number of uint32_t */
> -       uint32_t n0inv;         /* -1 / modulus[0] mod 2^32 */
> -       uint32_t *modulus;      /* modulus as little endian array */
> -       uint32_t *rr;           /* R^2 as little endian array */
> -};
> -
>  #define UINT64_MULT32(v, multby)  (((uint64_t)(v)) * ((uint32_t)(multby)))
>
>  #define RSA2048_BYTES  (2048 / 8)
> @@ -36,39 +24,6 @@ struct rsa_public_key {
>  /* This is the maximum signature length that we support, in bits */
>  #define RSA_MAX_SIG_BITS       2048
>
> -static const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = {
> -       0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> -       0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30,
> -       0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
> -       0x05, 0x00, 0x04, 0x14
> -};
> -
>  /**
>   * subtract_modulus() - subtract modulus from the given value
>   *
> @@ -209,13 +164,14 @@ static int pow_mod(const struct rsa_public_key *key, uint32_t *inout)
>  }
>
>  static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig,
> -               const uint32_t sig_len, const uint8_t *hash)
> +                         const uint32_t sig_len, const uint8_t *hash,
> +                         struct checksum_algo *algo)
>  {
>         const uint8_t *padding;
>         int pad_len;
>         int ret;
>
> -       if (!key || !sig || !hash)
> +       if (!key || !sig || !hash || !algo)
>                 return -EIO;
>
>         if (sig_len != (key->len * sizeof(uint32_t))) {
> @@ -223,6 +179,8 @@ static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig,
>                 return -EINVAL;
>         }
>
> +       debug("Checksum algorithm: %s", algo->name);
> +
>         /* Sanity check for stack size */
>         if (sig_len > RSA_MAX_SIG_BITS / 8) {
>                 debug("Signature length %u exceeds maximum %d\n", sig_len,
> @@ -238,9 +196,8 @@ static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig,
>         if (ret)
>                 return ret;
>
> -       /* Determine padding to use depending on the signature type. */
> -       padding = padding_sha1_rsa2048;
> -       pad_len = RSA2048_BYTES - SHA1_SUM_LEN;
> +       padding = algo->rsa_padding;
> +       pad_len = RSA2048_BYTES - algo->checksum_len;
>
>         /* Check pkcs1.5 padding bytes. */
>         if (memcmp(buf, padding, pad_len)) {
> @@ -309,7 +266,7 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
>         }
>
>         debug("key length %d\n", key.len);
> -       ret = rsa_verify_key(&key, sig, sig_len, hash);
> +       ret = rsa_verify_key(&key, sig, sig_len, hash, info->algo->checksum);
>         if (ret) {
>                 printf("%s: RSA failed to verify: %d\n", __func__, ret);
>                 return ret;
> @@ -323,12 +280,22 @@ int rsa_verify(struct image_sign_info *info,
>                uint8_t *sig, uint sig_len)
>  {
>         const void *blob = info->fdt_blob;
> -       uint8_t hash[SHA1_SUM_LEN];
> +       /* Reserve memory for maximum checksum-length */
> +       uint8_t hash[RSA2048_BYTES];
>         int ndepth, noffset;
>         int sig_node, node;
>         char name[100];
> -       sha1_context ctx;
> -       int ret, i;
> +       int ret;
> +
> +       /*
> +        * Verify that the checksum-length does not exceed the
> +        * rsa-signature-length
> +        */
> +       if (info->algo->checksum->checksum_len > RSA2048_BYTES) {
> +               debug("%s: invlaid checksum-algorithm %s for RSA2048\n",
> +                     __func__, info->algo->checksum->name);
> +               return -EINVAL;
> +       }
>
>         sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME);
>         if (sig_node < 0) {
> @@ -336,10 +303,8 @@ int rsa_verify(struct image_sign_info *info,
>                 return -ENOENT;
>         }
>
> -       sha1_starts(&ctx);
> -       for (i = 0; i < region_count; i++)
> -               sha1_update(&ctx, region[i].data, region[i].size);
> -       sha1_finish(&ctx, hash);
> +       /* Calculate checksum with checksum-algorithm */
> +       info->algo->checksum->calculate(region, region_count, hash);
>
>         /* See if we must use a particular key */
>         if (info->required_keynode != -1) {
> --
> 1.8.3.1
>

Also can you please update the tests to include a sha256 test?

Regards,
Simon


More information about the U-Boot mailing list