[PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config

Tue Jan 14 12:43:40 CET 2020

On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
> On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
>> On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
>>> In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
>>> rsa_verify() will be extended to be able to perform RSA decryption without
>>> additional RSA key properties from FIT image, i.e. rr and n0inv.
>>>
>>> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
>>> Reviewed-by: Simon Glass <sjg at chromium.org>
>>
>> The patch series does not build for some configurations.
>>
>>> ---
>>>   lib/rsa/Kconfig | 14 ++++++++++++++
>>>   1 file changed, 14 insertions(+)
>>>
>>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
>>> index 03ffa2969048..71e4c06bf883 100644
>>> --- a/lib/rsa/Kconfig
>>> +++ b/lib/rsa/Kconfig
>>> @@ -30,6 +30,20 @@ config RSA_VERIFY
>>>   	help
>>>   	  Add RSA signature verification support.
>>>
>>> +config RSA_VERIFY_WITH_PKEY
>>
>> For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
>> I get an error:
>
> This error is inevitable as both RSA_VERIFY_WITH_PKEY and
> RSA_PUBLIC_KEY_PARSER are "select"able configurations with
> visible prompts and then

No, it is not inevitbable. Just ensure that in the Makefiles all modules
are selected that you need for your configuration.

> we should generally avoid potential illegal configurations;

Yes, we want to avoid potentially illegal configurations everywhere.
This is why we have a randconfig build target.

Best regards

Heinrich

> The one should NOT forcibly select the other as the kernel kconfig
> document suggests.
>
> #  Note:
> #        select should be used with care. select will force
> #        a symbol to a value without visiting the dependencies.
> #        By abusing select you are able to select a symbol FOO even
> #        if FOO depends on BAR that is not set.
> #        In general use select only for non-visible symbols
> #        (no prompts anywhere) and for symbols with no dependencies.
> #        That will limit the usefulness but on the other hand avoid
> #        the illegal configurations all over.
>
> -Takahiro Akashi
>
>
>> lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
>>
>> RSA_PUBLIC_KEY_PARSER depends on
>> ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
>>
>> Please, fix the dependencies.
>>
>> Best regards
>>
>> Heinrich
>>
>>> +	bool "Execute RSA verification without key parameters from FDT"
>>> +	depends on RSA
>>> +	help
>>> +	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
>>> +	  pre-calculated key properties, that are stored in fdt blob, in
>>> +	  decrypting a signature.
>>> +	  This does not suit the use case where there is no way defined to
>>> +	  provide such additional key properties in standardized form,
>>> +	  particularly UEFI secure boot.
>>> +	  This options enables RSA signature verification with a public key
>>> +	  directly specified in image_sign_info, where all the necessary
>>> +	  key properties will be calculated on the fly in verification code.
>>> +
>>>   config RSA_SOFTWARE_EXP
>>>   	bool "Enable driver for RSA Modular Exponentiation in software"
>>>   	depends on DM
>>>
>