[U-Boot] [PATCH 4/7] rsa: add sha256-rsa2048 algorithm
Simon Glass
sjg at chromium.org
Mon Jan 27 18:36:29 CET 2014
Hi Heiko,
On 26 January 2014 22:45, Heiko Schocher <hs at denx.de> wrote:
> Hello Simon,
>
> Am 26.01.2014 22:10, schrieb Simon Glass:
>
>> Hi Heiko,
>>
>> On 24 January 2014 23:44, Heiko Schocher<hs at denx.de> wrote:
>>>
>>> based on patch from andreas at oetken.name:
>>>
>>> http://patchwork.ozlabs.org/patch/294318/
>>
>>
>> Should probably add the full commit message in here.
>
>
> Ok, do this in v2.
>
>
>>> - removed checkpatch warnings
>>> - removed compiler warnings
>>> - rebased against current head
>>>
>>> Signed-off-by: Heiko Schocher<hs at denx.de>
>>> Cc: Simon Glass<sjg at chromium.org>
>>> Cc: andreas at oetken.name
>>> ---
>>> common/image-sig.c | 33 +++++++++++++++++
>>> include/image.h | 21 +++++++++++
>>> include/rsa-checksum.h | 25 +++++++++++++
>>> include/rsa.h | 25 +++++++++++++
>>> lib/rsa/Makefile | 2 +-
>>> lib/rsa/rsa-checksum.c | 98
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++
>>> lib/rsa/rsa-sign.c | 10 +++---
>>> lib/rsa/rsa-verify.c | 83 +++++++++++++-----------------------------
>>> 8 files changed, 233 insertions(+), 64 deletions(-)
>>> create mode 100644 include/rsa-checksum.h
>>> create mode 100644 lib/rsa/rsa-checksum.c
>
> [...]
>
>>> diff --git a/include/rsa.h b/include/rsa.h
>>> index add4c78..adf809b 100644
>>> --- a/include/rsa.h
>>> +++ b/include/rsa.h
>>> @@ -15,6 +15,20 @@
>>> #include<errno.h>
>>> #include<image.h>
>>>
>>> +/**
>>> + * struct rsa_public_key - holder for a public key
>>> + *
>>> + * An RSA public key consists of a modulus (typically called N), the
>>> inverse
>>> + * and R^2, where R is 2^(# key bits).
>>> + */
>>> +
>>> +struct rsa_public_key {
>>> + uint len; /* Length of modulus[] in number of uint32_t */
>>> + uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */
>>> + uint32_t *modulus; /* modulus as little endian array */
>>> + uint32_t *rr; /* R^2 as little endian array */
>>> +};
>>> +
>>> #if IMAGE_ENABLE_SIGN
>>> /**
>>> * sign() - calculate and return signature for given input data
>>> @@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct
>>> image_sign_info *info,
>>> int rsa_verify(struct image_sign_info *info,
>>> const struct image_region region[], int region_count,
>>> uint8_t *sig, uint sig_len);
>>> +
>>> +int rsa_verify_256(struct image_sign_info *info,
>>> + const struct image_region region[], int region_count,
>>> + uint8_t *sig, uint sig_len);
>>
>>
>> Do we need to create this as a separate function? It seems a bit icky.
>> Can rsa_verify() not handle both?
>
>
> Good catch! I never defined rsa_verify_256(), remove this in v2.
>
>
>>> #else
>>> static inline int rsa_verify(struct image_sign_info *info,
>>> const struct image_region region[], int region_count,
>>> @@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info
>>> *info,
>>> {
>>> return -ENXIO;
>>> }
>>> +
>>> +static inline int rsa_verify_256(struct image_sign_info *info,
>>> + const struct image_region region[], int region_count,
>>> + uint8_t *sig, uint sig_len)
>>> +{
>>> + return -ENXIO;
>>> +}
>>> #endif
>>>
>>> #endif
>
> [...]
>
>> Also can you please update the tests to include a sha256 test?
>
>
> You mean the "test/vboot/vboot_test.sh" ?
Yes, you could expand this, or convert to Python if you prefer.
Regards,
Simon
More information about the U-Boot
mailing list