[U-Boot] [PATCH v1 0/3] rsa: extend rsa_verify() for UEFI secure boot

Heinrich Schuchardt xypron.glpk at gmx.de
Sun Oct 13 14:16:29 UTC 2019 

On 10/9/19 7:30 AM, AKASHI Takahiro wrote:
> The current rsa_verify() requires five parameters for a RSA public key
> for efficiency while RSA, in theory, requires only two. In addition,
> those parameters are expected to come from FIT image.
>
> So this function won't fit very well when we want to use it for the purpose
> of implementing UEFI secure boot, in particular, image authentication
> as well as variable authentication, where the essential two parameters
> are set to be retrieved from one of X509 certificates in signature
> database.
>
> So, in this patch, additional three parameters will be calculated
> on the fly when rsa_verify() is called without fdt which should contain
> parameters above.
>
> This calculation heavily relies on "big-number (or multi-precision)
> library." Therefore some routines from BearSSL[1] under MIT license are
> imported in this implementation. See Patch#2.
> # Please let me know if this is not appropriate.
>
> # Checkpatch will complain with lots of warnings/errors, but
> # I intentionally don't fix them for maximum maintainability.

This patch series does not even compile:
https://travis-ci.org/xypron2/u-boot/builds/596983699

+common/image-sig.c:20:22: error: array type has incomplete element type
'struct checksum_algo'
+ struct checksum_algo checksum_algos[] = {
+                      ^~~~~~~~~~~~~~
+common/image-sig.c:22:3: error: field name not in record or union
initializer
+   .name = "sha1",
+   ^

Before resubmitting, please, run the whole series through Travis CI or
Gitlab CI.

Best regards

Heinrich

>
>   [1] https://bearssl.org/
>
> Changes in v1 (Oct 9, 2019)
> * fix a build error on pine64-lts_defconfig (reported by Heinrich)
>   by defining FIT_IMAGE_ENABLE_VERIFY flag and adding
>   SPL_RSA_VERIFY config (patch#1)
> * remove FIT-specific code from image-sig.c and put them to new
>   image-fit-sig.c to allow us to disable CONFIG_FIT_SIGNATURE (patch#1)
> * compile rsa-keyprop.c only if necessary (i.e. if
>   CONFIG_RSA_VERIFY_WITH_PKEY) (patch#2)
> * add SPDX license identifier in rsa-keyprop.c (patch#2)
> * include <common.h> instead of <stdio.h> (patch#2)
> * use U-Boot's byteorder helper functions instead of BearSSL's (patch#2)
>
> AKASHI Takahiro (3):
>   lib: rsa: decouple rsa from FIT image verification
>   lib: rsa: generate additional parameters for public key
>   lib: rsa: add rsa_verify_with_pkey()
>
>  Kconfig                      |   1 +
>  common/Makefile              |   3 +-
>  common/image-fit-sig.c       | 417 +++++++++++++++++++++++++
>  common/image-fit.c           |   6 +-
>  common/image-sig.c           | 396 ------------------------
>  include/image.h              |  14 +-
>  include/u-boot/rsa-mod-exp.h |   3 +
>  lib/rsa/Kconfig              |  12 +
>  lib/rsa/Makefile             |   2 +-
>  lib/rsa/rsa-keyprop.c        | 585 +++++++++++++++++++++++++++++++++++
>  lib/rsa/rsa-verify.c         |  65 +++-
>  tools/Makefile               |   2 +-
>  12 files changed, 1095 insertions(+), 411 deletions(-)
>  create mode 100644 common/image-fit-sig.c
>  create mode 100644 lib/rsa/rsa-keyprop.c
>

More information about the U-Boot mailing list