[U-Boot] [PATCH v1 00/11] import x509/pkcs7 parsers from linux
AKASHI Takahiro
takahiro.akashi at linaro.org
Fri Oct 11 07:41:49 UTC 2019
Asn1 parsers of x509 certificates and pkcs7 messages are required
to implement image authentication and variable authentication as
part of UEFI secure boot feature.
As we discussed before in the thread[1], most people insisted that
we should re-use corresponding source code from Linux repository
for this purpose.
Here is my attempt to import all the necessary files from Linux; Those
will eventually be part of UEFI secure boot implementation, but I'd like
to get early feedback from other peoples before submitting the whole
patchset so that they will be better formatted for merging.
My approach here is
* files from the latest Linux
* modify files as little as possible
* mark/protect unavoidable changes with "#if(n)def __UBOOT__"
so that future fixes/differences in Linux repository will easily
be applied to U-Boot.
Please note that checkpatch.pl will complain with a bunch of
warnings/errors but I intentionally left them unchanged for the sake
of better maintainability I said above.
Any comments will be appreciated.
-Takahiro Akashi
[1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html
Changes in v1 (Oct 11, 2019) from RFC
* change the kernel code base from v5.0 to v5.3
* comment off x509_check_for_self_signed() which is not useful
for UEFI secure boot (patch#9)
* improve usages of "#if(n)def __UBOOT__* to minimize differences
between U-Boot and linux kernel
AKASHI Takahiro (11):
linux_compat: add kmemdup()
include: time.h: define time64_t
include: kernel.h: include printk.h
cmd: add asn1_compiler
Makefile: add build script for asn1 parsers
lib: add asn1 decoder
lib: add oid registry utility
lib: crypto: add public key utility
lib: crypto: add x509 parser
lib: crypto: add pkcs7 message parser
lib: crypto: add rsa public key parser
cmd/Kconfig | 3 +
include/crypto/internal/rsa.h | 57 +
include/crypto/pkcs7.h | 47 +
include/crypto/public_key.h | 90 ++
include/keys/asymmetric-type.h | 88 ++
include/linux/asn1.h | 65 ++
include/linux/asn1_ber_bytecode.h | 89 ++
include/linux/asn1_decoder.h | 20 +
include/linux/compat.h | 4 +-
include/linux/kernel.h | 2 +
include/linux/oid_registry.h | 117 +++
include/linux/time.h | 24 +
lib/Kconfig | 12 +
lib/Makefile | 18 +
lib/asn1_decoder.c | 527 ++++++++++
lib/build_OID_registry | 203 ++++
lib/crypto/Kconfig | 38 +
lib/crypto/Makefile | 46 +
lib/crypto/asymmetric_type.c | 668 ++++++++++++
lib/crypto/pkcs7.asn1 | 135 +++
lib/crypto/pkcs7_parser.c | 693 +++++++++++++
lib/crypto/pkcs7_parser.h | 65 ++
lib/crypto/public_key.c | 376 +++++++
lib/crypto/rsa_helper.c | 198 ++++
lib/crypto/rsapubkey.asn1 | 4 +
lib/crypto/x509.asn1 | 60 ++
lib/crypto/x509_akid.asn1 | 35 +
lib/crypto/x509_cert_parser.c | 697 +++++++++++++
lib/crypto/x509_parser.h | 57 +
lib/crypto/x509_public_key.c | 292 ++++++
lib/linux_compat.c | 11 +
lib/oid_registry.c | 179 ++++
scripts/Makefile | 3 +
scripts/Makefile.build | 2 +-
scripts/asn1_compiler.c | 1611 +++++++++++++++++++++++++++++
35 files changed, 6533 insertions(+), 3 deletions(-)
create mode 100644 include/crypto/internal/rsa.h
create mode 100644 include/crypto/pkcs7.h
create mode 100644 include/crypto/public_key.h
create mode 100644 include/keys/asymmetric-type.h
create mode 100644 include/linux/asn1.h
create mode 100644 include/linux/asn1_ber_bytecode.h
create mode 100644 include/linux/asn1_decoder.h
create mode 100644 include/linux/oid_registry.h
create mode 100644 lib/asn1_decoder.c
create mode 100755 lib/build_OID_registry
create mode 100644 lib/crypto/Kconfig
create mode 100644 lib/crypto/Makefile
create mode 100644 lib/crypto/asymmetric_type.c
create mode 100644 lib/crypto/pkcs7.asn1
create mode 100644 lib/crypto/pkcs7_parser.c
create mode 100644 lib/crypto/pkcs7_parser.h
create mode 100644 lib/crypto/public_key.c
create mode 100644 lib/crypto/rsa_helper.c
create mode 100644 lib/crypto/rsapubkey.asn1
create mode 100644 lib/crypto/x509.asn1
create mode 100644 lib/crypto/x509_akid.asn1
create mode 100644 lib/crypto/x509_cert_parser.c
create mode 100644 lib/crypto/x509_parser.h
create mode 100644 lib/crypto/x509_public_key.c
create mode 100644 lib/oid_registry.c
create mode 100644 scripts/asn1_compiler.c
--
2.21.0
More information about the U-Boot
mailing list