[PATCH v2 26/50] image: Use Kconfig to enable FIT_RSASSA_PSS on host

Simon Glass sjg at chromium.org
Thu May 6 16:24:14 CEST 2021


Add a host Kconfig for FIT_RSASSA_PSS. With this we can use
CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the
forcing of this in the image.h header.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

(no changes since v1)

 common/image-sig.c   | 4 ++--
 include/image.h      | 3 ---
 include/u-boot/rsa.h | 8 ++++----
 lib/rsa/rsa-sign.c   | 4 ++--
 lib/rsa/rsa-verify.c | 4 ++--
 tools/Kconfig        | 5 +++++
 6 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/common/image-sig.c b/common/image-sig.c
index 31a4fd46061..bbc6bb3b1e3 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -100,12 +100,12 @@ struct padding_algo padding_algos[] = {
 		.name = "pkcs-1.5",
 		.verify = padding_pkcs_15_verify,
 	},
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
 	{
 		.name = "pss",
 		.verify = padding_pss_verify,
 	}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
 };
 
 struct checksum_algo *image_get_checksum_algo(const char *full_name)
diff --git a/include/image.h b/include/image.h
index 0356d03b2ce..3bb12ee3821 100644
--- a/include/image.h
+++ b/include/image.h
@@ -27,9 +27,6 @@ struct fdt_region;
 #include <sys/types.h>
 #include <linux/kconfig.h>
 
-/* new uImage format support enabled on host */
-#define CONFIG_FIT_RSASSA_PSS 1
-
 #define IMAGE_ENABLE_IGNORE	0
 #define IMAGE_INDENT_STRING	""
 
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index bc564d56fa3..45fe3509093 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -119,11 +119,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
 			   uint8_t *msg, int msg_len,
 			   const uint8_t *hash, int hash_len);
 
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
 int padding_pss_verify(struct image_sign_info *info,
 		       uint8_t *msg, int msg_len,
 		       const uint8_t *hash, int hash_len);
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
 #else
 static inline int rsa_verify_hash(struct image_sign_info *info,
 				  const uint8_t *hash,
@@ -146,14 +146,14 @@ static inline int padding_pkcs_15_verify(struct image_sign_info *info,
 	return -ENXIO;
 }
 
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
 static inline int padding_pss_verify(struct image_sign_info *info,
 				     uint8_t *msg, int msg_len,
 				     const uint8_t *hash, int hash_len)
 {
 	return -ENXIO;
 }
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
 #endif
 
 #define RSA_DEFAULT_PADDING_NAME		"pkcs-1.5"
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index f4ed11e74a4..5ae77621fc6 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -442,7 +442,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
 		goto err_sign;
 	}
 
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
 	if (padding_algo && !strcmp(padding_algo->name, "pss")) {
 		if (EVP_PKEY_CTX_set_rsa_padding(ckey,
 						 RSA_PKCS1_PSS_PADDING) <= 0) {
@@ -450,7 +450,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
 			goto err_sign;
 		}
 	}
-#endif /* CONFIG_FIT_RSASSA_PSS */
+#endif /* FIT_RSASSA_PSS */
 
 	for (i = 0; i < region_count; i++) {
 		if (!EVP_DigestSignUpdate(context, region[i].data,
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 1998c773fc7..b1abfa8eacc 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -95,7 +95,7 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
 	return 0;
 }
 
-#ifdef CONFIG_FIT_RSASSA_PSS
+#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS)
 static void u32_i2osp(uint32_t val, uint8_t *buf)
 {
 	buf[0] = (uint8_t)((val >> 24) & 0xff);
@@ -296,7 +296,7 @@ out:
 
 	return ret;
 }
-#endif
+#endif /* FIT_RSASSA_PSS */
 
 #if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)
 /**
diff --git a/tools/Kconfig b/tools/Kconfig
index 6d0f4565a80..8bd782cf5b9 100644
--- a/tools/Kconfig
+++ b/tools/Kconfig
@@ -24,6 +24,11 @@ config HOST_FIT_PRINT
 	help
 	  Print the content of the FIT verbosely in the host build
 
+config HOST_FIT_RSASSA_PSS
+	def_bool y
+	help
+	  Support the rsassa-pss signature scheme in the host build
+
 config HOST_FIT_SHA1
 	def_bool y
 	help
-- 
2.31.1.607.g51e8a6a459-goog



More information about the U-Boot mailing list