Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit db1b5f3d20666ffd52d649a3bd6141989b596e3f

Authored by Heiko Schocher
Committed by Tom Rini
1 parent 646257d1f4
Exists in v2017.01-smarct4x and in 40 other branches 8qm-imx_v2020.04_5.4.70_2.3.0, emb_lf_v2022.04, imx_v2015.04_4.1.15_1.0.0_ga, pitx_8mp_lf_v2020.04, smarc-8m-android-10.0.0_2.6.0, smarc-8m-android-11.0.0_2.0.0, smarc-8mp-android-11.0.0_2.0.0, smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2017.03_4.9.11_1.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2015.04_4.1.15_1.0.0_ga, smarc-imx_v2017.03_4.9.11_1.0.0_ga, smarc-imx_v2017.03_4.9.88_2.0.0_ga, smarc-imx_v2017.03_o8.1.0_1.3.0_8m, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_2.0.0_ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m-imx_v2019.04_4.19.35_1.1.0, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8mm-imx_v2019.04_4.19.35_1.1.0, smarc_8mm-imx_v2020.04_5.4.24_2.1.0, smarc_8mp_lf_v2020.04, smarc_8mq-imx_v2020.04_5.4.24_2.1.0, smarc_8mq_lf_v2020.04, ti-u-boot-2015.07, v2014.07, v2014.07-smarct33, v2014.07-smartmen, v2015.07-smarct33, v2015.07-smarct33-emmc, v2015.07-smarct4x, v2016.05-dlt, v2016.05-smarct3x, v2016.05-smarct3x-emmc, v2016.05-smarct4x, v2017.01-smarct3x, v2017.01-smarct3x-emmc

rsa: add sha256,rsa4096 algorithm 

Add support for sha256,rsa4096 signatures in u-boot.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name

Showing 6 changed files with 104 additions and 16 deletions Side-by-side Diff

... ... @@ -29,6 +29,7 @@
29 29 {
30 30 "sha1",
31 31 SHA1_SUM_LEN,
  32 + RSA2048_BYTES,
32 33 #if IMAGE_ENABLE_SIGN
33 34 EVP_sha1,
34 35 #else
35 36  
36 37  
37 38  
... ... @@ -39,14 +40,28 @@
39 40 {
40 41 "sha256",
41 42 SHA256_SUM_LEN,
  43 + RSA2048_BYTES,
42 44 #if IMAGE_ENABLE_SIGN
43 45 EVP_sha256,
44 46 #else
45 47 sha256_calculate,
46 48 padding_sha256_rsa2048,
47 49 #endif
  50 + },
  51 + {
  52 + "sha256",
  53 + SHA256_SUM_LEN,
  54 + RSA4096_BYTES,
  55 +#if IMAGE_ENABLE_SIGN
  56 + EVP_sha256,
  57 +#else
  58 + sha256_calculate,
  59 + padding_sha256_rsa4096,
  60 +#endif
48 61 }
  62 +
49 63 };
  64 +
50 65 struct image_sig_algo image_sig_algos[] = {
51 66 {
52 67 "sha1,rsa2048",
53 68  
... ... @@ -61,7 +76,15 @@
61 76 rsa_add_verify_data,
62 77 rsa_verify,
63 78 &checksum_algos[1],
  79 + },
  80 + {
  81 + "sha256,rsa4096",
  82 + rsa_sign,
  83 + rsa_add_verify_data,
  84 + rsa_verify,
  85 + &checksum_algos[2],
64 86 }
  87 +
65 88 };
66 89  
67 90 struct image_sig_algo *image_get_sig_algo(const char *name)
... ... @@ -879,6 +879,7 @@
879 879 struct checksum_algo {
880 880 const char *name;
881 881 const int checksum_len;
  882 + const int pad_len;
882 883 #if IMAGE_ENABLE_SIGN
883 884 const EVP_MD *(*calculate)(void);
884 885 #else
include/rsa-checksum.h
Diff comments   View file @ db1b5f3
... ... @@ -12,6 +12,7 @@
12 12 #include <sha1.h>
13 13 #include <sha256.h>
14 14  
  15 +extern const uint8_t padding_sha256_rsa4096[];
15 16 extern const uint8_t padding_sha256_rsa2048[];
16 17 extern const uint8_t padding_sha1_rsa2048[];
17 18  
... ... @@ -103,5 +103,15 @@
103 103 }
104 104 #endif
105 105  
  106 +#define RSA2048_BYTES (2048 / 8)
  107 +#define RSA4096_BYTES (4096 / 8)
  108 +
  109 +/* This is the minimum/maximum key size we support, in bits */
  110 +#define RSA_MIN_KEY_BITS 2048
  111 +#define RSA_MAX_KEY_BITS 4096
  112 +
  113 +/* This is the maximum signature length that we support, in bits */
  114 +#define RSA_MAX_SIG_BITS 4096
  115 +
106 116 #endif
lib/rsa/rsa-checksum.c
Diff comments   View file @ db1b5f3
... ... @@ -13,8 +13,6 @@
13 13 #include <asm/errno.h>
14 14 #include <asm/unaligned.h>
15 15  
16   -#define RSA2048_BYTES 256
17   -
18 16 /* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
19 17  
20 18 const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = {
... ... @@ -69,6 +67,69 @@
69 67 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30,
70 68 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
71 69 0x05, 0x00, 0x04, 0x14
  70 +};
  71 +
  72 +const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = {
  73 + 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  74 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  75 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  76 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  77 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  78 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  79 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  80 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  81 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  82 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  83 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  84 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  85 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  86 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  87 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  88 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  89 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  90 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  91 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  92 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  93 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  94 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  95 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  96 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  97 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  98 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  99 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  100 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  101 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  102 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  103 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  104 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  105 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  106 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  107 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  108 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  109 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  110 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  111 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  112 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  113 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  114 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  115 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  116 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  117 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  118 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  119 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  120 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  121 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  122 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  123 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  124 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  125 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  126 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  127 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  128 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  129 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  130 + 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
  131 + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
  132 + 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
72 133 };
73 134  
74 135 void sha1_calculate(const struct image_region region[], int region_count,
lib/rsa/rsa-verify.c
Diff comments   View file @ db1b5f3
... ... @@ -15,15 +15,6 @@
15 15  
16 16 #define UINT64_MULT32(v, multby) (((uint64_t)(v)) * ((uint32_t)(multby)))
17 17  
18   -#define RSA2048_BYTES (2048 / 8)
19   -
20   -/* This is the minimum/maximum key size we support, in bits */
21   -#define RSA_MIN_KEY_BITS 2048
22   -#define RSA_MAX_KEY_BITS 2048
23   -
24   -/* This is the maximum signature length that we support, in bits */
25   -#define RSA_MAX_SIG_BITS 2048
26   -
27 18 /**
28 19 * subtract_modulus() - subtract modulus from the given value
29 20 *
... ... @@ -197,7 +188,7 @@
197 188 return ret;
198 189  
199 190 padding = algo->rsa_padding;
200   - pad_len = RSA2048_BYTES - algo->checksum_len;
  191 + pad_len = algo->pad_len - algo->checksum_len;
201 192  
202 193 /* Check pkcs1.5 padding bytes. */
203 194 if (memcmp(buf, padding, pad_len)) {
... ... @@ -281,7 +272,7 @@
281 272 {
282 273 const void *blob = info->fdt_blob;
283 274 /* Reserve memory for maximum checksum-length */
284   - uint8_t hash[RSA2048_BYTES];
  275 + uint8_t hash[info->algo->checksum->pad_len];
285 276 int ndepth, noffset;
286 277 int sig_node, node;
287 278 char name[100];
... ... @@ -291,9 +282,10 @@
291 282 * Verify that the checksum-length does not exceed the
292 283 * rsa-signature-length
293 284 */
294   - if (info->algo->checksum->checksum_len > RSA2048_BYTES) {
295   - debug("%s: invlaid checksum-algorithm %s for RSA2048\n",
296   - __func__, info->algo->checksum->name);
  285 + if (info->algo->checksum->checksum_len >
  286 + info->algo->checksum->pad_len) {
  287 + debug("%s: invlaid checksum-algorithm %s for %s\n",
  288 + __func__, info->algo->checksum->name, info->algo->name);
297 289 return -EINVAL;
298 290 }
299 291