[PATCH 25/49] image: Use Kconfig to enable FIT_RSASSA_PSS on host
Simon Glass
sjg at chromium.org
Tue May 4 01:11:12 CEST 2021
Add a host Kconfig for FIT_RSASSA_PSS. With this we can use
CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the
forcing of this in the image.h header.
Signed-off-by: Simon Glass <sjg at chromium.org>
---
(no changes since v1)
common/image-sig.c | 4 ++--
include/image.h | 3 ---
include/u-boot/rsa.h | 8 ++++----
lib/rsa/rsa-sign.c | 4 ++--
lib/rsa/rsa-verify.c | 4 ++--
tools/Kconfig | 5 +++++
6 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 31a4fd46061..bbc6bb3b1e3 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -100,12 +100,12 @@ struct padding_algo padding_algos[] = {
.name = "pkcs-1.5",
.verify = padding_pkcs_15_verify,
},
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
{
.name = "pss",
.verify = padding_pss_verify,
}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
};
struct checksum_algo *image_get_checksum_algo(const char *full_name)
diff --git a/include/image.h b/include/image.h
index 0356d03b2ce..3bb12ee3821 100644
--- a/include/image.h
+++ b/include/image.h
@@ -27,9 +27,6 @@ struct fdt_region;
#include <sys/types.h>
#include <linux/kconfig.h>
-/* new uImage format support enabled on host */
-#define CONFIG_FIT_RSASSA_PSS 1
-
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index bc564d56fa3..45fe3509093 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -119,11 +119,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
int padding_pss_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
#else
static inline int rsa_verify_hash(struct image_sign_info *info,
const uint8_t *hash,
@@ -146,14 +146,14 @@ static inline int padding_pkcs_15_verify(struct image_sign_info *info,
return -ENXIO;
}
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
static inline int padding_pss_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len)
{
return -ENXIO;
}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
#endif
#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index f4ed11e74a4..5ae77621fc6 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -442,7 +442,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
goto err_sign;
}
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
if (padding_algo && !strcmp(padding_algo->name, "pss")) {
if (EVP_PKEY_CTX_set_rsa_padding(ckey,
RSA_PKCS1_PSS_PADDING) <= 0) {
@@ -450,7 +450,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
goto err_sign;
}
}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
for (i = 0; i < region_count; i++) {
if (!EVP_DigestSignUpdate(context, region[i].data,
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 1998c773fc7..b1abfa8eacc 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -95,7 +95,7 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
return 0;
}
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
static void u32_i2osp(uint32_t val, uint8_t *buf)
{
buf[0] = (uint8_t)((val >> 24) & 0xff);
@@ -296,7 +296,7 @@ out:
return ret;
}
-#endif
+#endif /* FIT_RSASSA_PSS */
#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)
/**
diff --git a/tools/Kconfig b/tools/Kconfig
index 6d0f4565a80..8bd782cf5b9 100644
--- a/tools/Kconfig
+++ b/tools/Kconfig
@@ -24,6 +24,11 @@ config HOST_FIT_PRINT
help
Print the content of the FIT verbosely in the host build
+config HOST_FIT_RSASSA_PSS
+ def_bool y
+ help
+ Support the rsassa-pss signature scheme in the host build
+
config HOST_FIT_SHA1
def_bool y
help
--
2.31.1.527.g47e6f16901-goog
More information about the U-Boot
mailing list