[PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config

[Heinrich Schuchardt]

On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> rsa_verify() will be extended to be able to perform RSA decryption without
> additional RSA key properties from FIT image, i.e. rr and n0inv.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> Reviewed-by: Simon Glass <sjg at chromium.org>

The patch series does not build for some configurations.

> ---
>   lib/rsa/Kconfig | 14 ++++++++++++++
>   1 file changed, 14 insertions(+)
>
> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> index 03ffa2969048..71e4c06bf883 100644
> --- a/lib/rsa/Kconfig
> +++ b/lib/rsa/Kconfig
> @@ -30,6 +30,20 @@ config RSA_VERIFY
>   	help
>   	  Add RSA signature verification support.
>
> +config RSA_VERIFY_WITH_PKEY

For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
I get an error:

lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'

RSA_PUBLIC_KEY_PARSER depends on
ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]

Please, fix the dependencies.

Best regards

Heinrich

> +	bool "Execute RSA verification without key parameters from FDT"
> +	depends on RSA
> +	help
> +	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
> +	  pre-calculated key properties, that are stored in fdt blob, in
> +	  decrypting a signature.
> +	  This does not suit the use case where there is no way defined to
> +	  provide such additional key properties in standardized form,
> +	  particularly UEFI secure boot.
> +	  This options enables RSA signature verification with a public key
> +	  directly specified in image_sign_info, where all the necessary
> +	  key properties will be calculated on the fly in verification code.
> +
>   config RSA_SOFTWARE_EXP
>   	bool "Enable driver for RSA Modular Exponentiation in software"
>   	depends on DM
>