Hi Simon,
On Mon, Sep 16, 2019 at 10:48:05PM -0700, Simon Glass wrote:
Hi AKASHI,
On Fri, 6 Sep 2019 at 00:05, AKASHI Takahiro takahiro.akashi@linaro.org wrote:
In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases.
In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly.
Note: the current code uses some "big number" routines from BearSSL for the calculation.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
include/u-boot/rsa-mod-exp.h | 3 + lib/rsa/Makefile | 2 +- lib/rsa/rsa-keyprop.c | 631 +++++++++++++++++++++++++++++++++++ 3 files changed, 635 insertions(+), 1 deletion(-) create mode 100644 lib/rsa/rsa-keyprop.c
diff --git a/include/u-boot/rsa-mod-exp.h b/include/u-boot/rsa-mod-exp.h index 8a428c4b6a1a..ca189292d869 100644 --- a/include/u-boot/rsa-mod-exp.h +++ b/include/u-boot/rsa-mod-exp.h @@ -26,6 +26,9 @@ struct key_prop { uint32_t exp_len; /* Exponent length in number of uint8_t */ };
+struct key_prop *rsa_gen_key_prop(const void *key, uint32_t keylen); +void rsa_free_key_prop(struct key_prop *prop);
/**
- rsa_mod_exp_sw() - Perform RSA Modular Exponentiation in sw
diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 226d8f3514a9..d66eef74c514 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -5,5 +5,5 @@ # (C) Copyright 2000-2007 # Wolfgang Denk, DENX Software Engineering, wd@denx.de.
-obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o rsa-keyprop.o
Can this code only be included when needed? It seems a bit large,
Okay, compiled in only if CONFIG_RSA_VERIFY_WITH_PKEY.
obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o diff --git a/lib/rsa/rsa-keyprop.c b/lib/rsa/rsa-keyprop.c new file mode 100644 index 000000000000..e650a931dff9 --- /dev/null +++ b/lib/rsa/rsa-keyprop.c @@ -0,0 +1,631 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- RSA library - generate parameters for a public key
- Copyright (c) 2019 Linaro Limited
- Author: AKASHI Takahiro
- Big number routines in this file come from BearSSL.
- See the original copyright below.
- Copyright (c) 2016 Thomas Pornin pornin@bolet.org
- Permission is hereby granted, free of charge, to any person obtaining
Can you use SPDX?
I'm not sure this license is listed in SPDX, but will ask the author.
- a copy of this software and associated documentation files (the
- "Software"), to deal in the Software without restriction, including
- without limitation the rights to use, copy, modify, merge, publish,
- distribute, sublicense, and/or sell copies of the Software, and to
- permit persons to whom the Software is furnished to do so, subject to
- the following conditions:
- The above copyright notice and this permission notice shall be
- included in all copies or substantial portions of the Software.
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- SOFTWARE.
- */
+#include <stdio.h>
Should this include common.h?
Okay.
+#include <image.h> +#include <malloc.h> +#include <crypto/internal/rsa.h>
Hmm this seems to be for running on the host?
rsa.h? No. It was imported from linux kernel to use rsa_parse_pub_key() in rsa_gen_key_prop().
Thanks, -Takahiro Akashi
Regards, Simon