[U-Boot] [PATCH 4/7] rsa: add sha256-rsa2048 algorithm
Heiko Schocher
hs at denx.de
Mon Jan 27 07:45:23 CET 2014
Hello Simon,
Am 26.01.2014 22:10, schrieb Simon Glass:
> Hi Heiko,
>
> On 24 January 2014 23:44, Heiko Schocher<hs at denx.de> wrote:
>> based on patch from andreas at oetken.name:
>>
>> http://patchwork.ozlabs.org/patch/294318/
>
> Should probably add the full commit message in here.
Ok, do this in v2.
>> - removed checkpatch warnings
>> - removed compiler warnings
>> - rebased against current head
>>
>> Signed-off-by: Heiko Schocher<hs at denx.de>
>> Cc: Simon Glass<sjg at chromium.org>
>> Cc: andreas at oetken.name
>> ---
>> common/image-sig.c | 33 +++++++++++++++++
>> include/image.h | 21 +++++++++++
>> include/rsa-checksum.h | 25 +++++++++++++
>> include/rsa.h | 25 +++++++++++++
>> lib/rsa/Makefile | 2 +-
>> lib/rsa/rsa-checksum.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++
>> lib/rsa/rsa-sign.c | 10 +++---
>> lib/rsa/rsa-verify.c | 83 +++++++++++++-----------------------------
>> 8 files changed, 233 insertions(+), 64 deletions(-)
>> create mode 100644 include/rsa-checksum.h
>> create mode 100644 lib/rsa/rsa-checksum.c
[...]
>> diff --git a/include/rsa.h b/include/rsa.h
>> index add4c78..adf809b 100644
>> --- a/include/rsa.h
>> +++ b/include/rsa.h
>> @@ -15,6 +15,20 @@
>> #include<errno.h>
>> #include<image.h>
>>
>> +/**
>> + * struct rsa_public_key - holder for a public key
>> + *
>> + * An RSA public key consists of a modulus (typically called N), the inverse
>> + * and R^2, where R is 2^(# key bits).
>> + */
>> +
>> +struct rsa_public_key {
>> + uint len; /* Length of modulus[] in number of uint32_t */
>> + uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */
>> + uint32_t *modulus; /* modulus as little endian array */
>> + uint32_t *rr; /* R^2 as little endian array */
>> +};
>> +
>> #if IMAGE_ENABLE_SIGN
>> /**
>> * sign() - calculate and return signature for given input data
>> @@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
>> int rsa_verify(struct image_sign_info *info,
>> const struct image_region region[], int region_count,
>> uint8_t *sig, uint sig_len);
>> +
>> +int rsa_verify_256(struct image_sign_info *info,
>> + const struct image_region region[], int region_count,
>> + uint8_t *sig, uint sig_len);
>
> Do we need to create this as a separate function? It seems a bit icky.
> Can rsa_verify() not handle both?
Good catch! I never defined rsa_verify_256(), remove this in v2.
>> #else
>> static inline int rsa_verify(struct image_sign_info *info,
>> const struct image_region region[], int region_count,
>> @@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info *info,
>> {
>> return -ENXIO;
>> }
>> +
>> +static inline int rsa_verify_256(struct image_sign_info *info,
>> + const struct image_region region[], int region_count,
>> + uint8_t *sig, uint sig_len)
>> +{
>> + return -ENXIO;
>> +}
>> #endif
>>
>> #endif
[...]
> Also can you please update the tests to include a sha256 test?
You mean the "test/vboot/vboot_test.sh" ?
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
More information about the U-Boot
mailing list