Hi Heiko,
On 26 January 2014 22:45, Heiko Schocher hs@denx.de wrote:
Hello Simon,
Am 26.01.2014 22:10, schrieb Simon Glass:
Hi Heiko,
On 24 January 2014 23:44, Heiko Schocherhs@denx.de wrote:
based on patch from andreas@oetken.name:
Should probably add the full commit message in here.
Ok, do this in v2.
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head
Signed-off-by: Heiko Schocherhs@denx.de Cc: Simon Glasssjg@chromium.org Cc: andreas@oetken.name
common/image-sig.c | 33 +++++++++++++++++ include/image.h | 21 +++++++++++ include/rsa-checksum.h | 25 +++++++++++++ include/rsa.h | 25 +++++++++++++ lib/rsa/Makefile | 2 +- lib/rsa/rsa-checksum.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++ lib/rsa/rsa-sign.c | 10 +++--- lib/rsa/rsa-verify.c | 83 +++++++++++++----------------------------- 8 files changed, 233 insertions(+), 64 deletions(-) create mode 100644 include/rsa-checksum.h create mode 100644 lib/rsa/rsa-checksum.c
[...]
diff --git a/include/rsa.h b/include/rsa.h index add4c78..adf809b 100644 --- a/include/rsa.h +++ b/include/rsa.h @@ -15,6 +15,20 @@ #include<errno.h> #include<image.h>
+/**
- struct rsa_public_key - holder for a public key
- An RSA public key consists of a modulus (typically called N), the
inverse
- and R^2, where R is 2^(# key bits).
- */
+struct rsa_public_key {
uint len; /* Length of modulus[] in number of uint32_t */uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */uint32_t *modulus; /* modulus as little endian array */uint32_t *rr; /* R^2 as little endian array */+};
- #if IMAGE_ENABLE_SIGN /**
- sign() - calculate and return signature for given input data
@@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info, int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len);
+int rsa_verify_256(struct image_sign_info *info,
const struct image_region region[], int region_count,uint8_t *sig, uint sig_len);Do we need to create this as a separate function? It seems a bit icky. Can rsa_verify() not handle both?
Good catch! I never defined rsa_verify_256(), remove this in v2.
#else static inline int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, @@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info *info, { return -ENXIO; }
+static inline int rsa_verify_256(struct image_sign_info *info,
const struct image_region region[], int region_count,uint8_t *sig, uint sig_len)+{
return -ENXIO;+} #endif
#endif
[...]
Also can you please update the tests to include a sha256 test?
You mean the "test/vboot/vboot_test.sh" ?
Yes, you could expand this, or convert to Python if you prefer.
Regards, Simon