Hi,
On 1 December 2013 23:10, Heiko Schocher hs@denx.de wrote:
Hello Andreas,
Am 27.11.2013 13:10, schrieb andreas@oetken.name:
As proposed by Heiko I made some small changes and verified the patch with the checkpatch-script.
You can also use patman to generate, check and send your patch if you like.
I couldn't apply it due to the problems Heiko mentioned, but it looks promising. One I think I wonder if whether you could use the existing infrastructure in common/hash.c to select the hash algorithm?
Regards, Simon
From 169f40e72fceb222bb15dd59c1337f42371e97a5 Mon Sep 17 00:00:00 2001
From: Andreas Oetkenandreas.oetken@siemens.com Date: Wed, 27 Nov 2013 13:09:19 +0100 Subject: [PATCH] Added rsa-sha256 support.
Could you fix your commit message?
Please write in the commit message why and what you have changed in your patch. After "---" you can write for example the changelog of your patch, see a detailed help for sending patches, here:
http://www.denx.de/wiki/U-Boot/Patches
Signed-off-by: Andreas Oetkenandreas.oetken@siemens.com
common/image-sig.c | 33 +++++++++++++ include/image.h | 20 +++++++- include/rsa-checksum.h | 25 ++++++++++ include/rsa.h | 17 +++++++ lib/rsa/Makefile | 2 +- lib/rsa/rsa-checksum.c | 108 +++++++++++++++++++++++++++++++++++++++++++ lib/rsa/rsa-sign.c | 10 ++-- lib/rsa/rsa-verify.c | 80 +++++++++----------------------- test/vboot/sign-configs.its | 2 +- test/vboot/sign-images.its | 2 +- 10 files changed, 233 insertions(+), 66 deletions(-) create mode 100644 include/rsa-checksum.h create mode 100644 lib/rsa/rsa-checksum.c
Hmm.. I tried to apply your patch, but I get:
pollux:u-boot hs [20131202] $ git am mbox Wende an: rsa: add a more flexible way to support different hash algorithms (e.g. sha256) fatal: fehlerhafter Patch bei Zeile 24 Anwendung des Patches fehlgeschlagen bei 0001 rsa: add a more flexible way to support different hash algorithms (e.g. sha256) Die Kopie des fehlgeschlagenen Patches befindet sich in: /home/hs/ids/u-boot/.git/rebase-apply/patch Wenn Sie das Problem gelöst haben, führen Sie "git am --resolved" aus. Falls Sie diesen Patch auslassen möchten, führen Sie stattdessen "git am --skip" aus. Um den ursprünglichen Zweig wiederherzustellen und die Anwendung der Patches abzubrechen, führen Sie "git am --abort" aus. pollux:u-boot hs [20131202] $ git am --abort pollux:u-boot hs [20131202] $ vi mbox pollux:u-boot hs [20131202] $ patch -p1 < mbox patching file common/image-sig.c patch: **** malformed patch at line 49: #endif /* !USE_HOSTCC*/
pollux:u-boot hs [20131202] $
Can you have a look at this issue?
Beside of that, just some nitpicking comment:
[...]
diff --git a/include/rsa.h b/include/rsa.h index add4c78..12ae443 100644 --- a/include/rsa.h +++ b/include/rsa.h @@ -15,6 +15,23 @@ #include<errno.h> #include<image.h>
+#define RSA2048_BYTES (2048 / 8)
+/**
- struct rsa_public_key - holder for a public key
- An RSA public key consists of a modulus (typically called N), the
inverse
- and R^2, where R is 2^(# key bits).
- */
+struct rsa_public_key {
uint len; /* Length of modulus[] in number ofuint32_t */
uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */uint32_t *modulus; /* modulus as little endian array */uint32_t *rr; /* R^2 as little endian array */+};
only one empty line please.
#if IMAGE_ENABLE_SIGN /**
- sign() - calculate and return signature for given input data
[...]
diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c new file mode 100644 index 0000000..e75abb8 --- /dev/null +++ b/lib/rsa/rsa-checksum.c @@ -0,0 +1,108 @@ +/*
- Copyright (c) 2013, Andreas Oetken.
- SPDX-License-Identifier: GPL-2.0+
- */
+#include<common.h> +#include<fdtdec.h> +#include<rsa.h> +#include<sha1.h> +#include<sha256.h> +#include<asm/byteorder.h> +#include<asm/errno.h> +#include<asm/unaligned.h>
only one empty line please.
+/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
here too.. please fix globally.
[...]
bye, Heiko -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany