[U-Boot] [PATCH 4/7] rsa: add sha256-rsa2048 algorithm

Simon Glass sjg at chromium.org
Mon Jan 27 18:36:29 CET 2014


Hi Heiko,

On 26 January 2014 22:45, Heiko Schocher <hs at denx.de> wrote:
> Hello Simon,
>
> Am 26.01.2014 22:10, schrieb Simon Glass:
>
>> Hi Heiko,
>>
>> On 24 January 2014 23:44, Heiko Schocher<hs at denx.de>  wrote:
>>>
>>> based on patch from andreas at oetken.name:
>>>
>>> http://patchwork.ozlabs.org/patch/294318/
>>
>>
>> Should probably add the full commit message in here.
>
>
> Ok, do this in v2.
>
>
>>> - removed checkpatch warnings
>>> - removed compiler warnings
>>> - rebased against current head
>>>
>>> Signed-off-by: Heiko Schocher<hs at denx.de>
>>> Cc: Simon Glass<sjg at chromium.org>
>>> Cc: andreas at oetken.name
>>> ---
>>>   common/image-sig.c     | 33 +++++++++++++++++
>>>   include/image.h        | 21 +++++++++++
>>>   include/rsa-checksum.h | 25 +++++++++++++
>>>   include/rsa.h          | 25 +++++++++++++
>>>   lib/rsa/Makefile       |  2 +-
>>>   lib/rsa/rsa-checksum.c | 98
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++
>>>   lib/rsa/rsa-sign.c     | 10 +++---
>>>   lib/rsa/rsa-verify.c   | 83 +++++++++++++-----------------------------
>>>   8 files changed, 233 insertions(+), 64 deletions(-)
>>>   create mode 100644 include/rsa-checksum.h
>>>   create mode 100644 lib/rsa/rsa-checksum.c
>
> [...]
>
>>> diff --git a/include/rsa.h b/include/rsa.h
>>> index add4c78..adf809b 100644
>>> --- a/include/rsa.h
>>> +++ b/include/rsa.h
>>> @@ -15,6 +15,20 @@
>>>   #include<errno.h>
>>>   #include<image.h>
>>>
>>> +/**
>>> + * struct rsa_public_key - holder for a public key
>>> + *
>>> + * An RSA public key consists of a modulus (typically called N), the
>>> inverse
>>> + * and R^2, where R is 2^(# key bits).
>>> + */
>>> +
>>> +struct rsa_public_key {
>>> +       uint len;        /* Length of modulus[] in number of uint32_t */
>>> +       uint32_t n0inv;        /* -1 / modulus[0] mod 2^32 */
>>> +       uint32_t *modulus;    /* modulus as little endian array */
>>> +       uint32_t *rr;        /* R^2 as little endian array */
>>> +};
>>> +
>>>   #if IMAGE_ENABLE_SIGN
>>>   /**
>>>    * sign() - calculate and return signature for given input data
>>> @@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct
>>> image_sign_info *info,
>>>   int rsa_verify(struct image_sign_info *info,
>>>                 const struct image_region region[], int region_count,
>>>                 uint8_t *sig, uint sig_len);
>>> +
>>> +int rsa_verify_256(struct image_sign_info *info,
>>> +              const struct image_region region[], int region_count,
>>> +              uint8_t *sig, uint sig_len);
>>
>>
>> Do we need to create this as a separate function? It seems a bit icky.
>> Can rsa_verify() not handle both?
>
>
> Good catch! I never defined rsa_verify_256(), remove this in v2.
>
>
>>>   #else
>>>   static inline int rsa_verify(struct image_sign_info *info,
>>>                  const struct image_region region[], int region_count,
>>> @@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info
>>> *info,
>>>   {
>>>          return -ENXIO;
>>>   }
>>> +
>>> +static inline int rsa_verify_256(struct image_sign_info *info,
>>> +               const struct image_region region[], int region_count,
>>> +               uint8_t *sig, uint sig_len)
>>> +{
>>> +       return -ENXIO;
>>> +}
>>>   #endif
>>>
>>>   #endif
>
> [...]
>
>> Also can you please update the tests to include a sha256 test?
>
>
> You mean the "test/vboot/vboot_test.sh" ?

Yes, you could expand this, or convert to Python if you prefer.

Regards,
Simon


More information about the U-Boot mailing list