[U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
This patch adds support for SHA-256 hash into the FIT image. The usage is as with the other hashing algorithms:
" hash@1 { algo = "sha256"; }; "
Signed-off-by: Marek Vasut marex@denx.de --- common/image-fit.c | 5 +++++ include/image.h | 15 ++++++++++++++- tools/Makefile | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/common/image-fit.c b/common/image-fit.c index cf4b67e..a7ecf8b 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -22,6 +22,7 @@ DECLARE_GLOBAL_DATA_PTR;
#include <bootstage.h> #include <sha1.h> +#include <sha256.h> #include <u-boot/crc.h> #include <u-boot/md5.h>
@@ -882,6 +883,10 @@ int calculate_hash(const void *data, int data_len, const char *algo, sha1_csum_wd((unsigned char *)data, data_len, (unsigned char *)value, CHUNKSZ_SHA1); *value_len = 20; + } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) { + sha256_csum_wd((unsigned char *)data, data_len, + (unsigned char *)value, CHUNKSZ_SHA256); + *value_len = 32; } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5); *value_len = 16; diff --git a/include/image.h b/include/image.h index 7de2bb2..e5c76e7 100644 --- a/include/image.h +++ b/include/image.h @@ -57,13 +57,18 @@ struct lmb; # ifdef CONFIG_SPL_SHA1_SUPPORT # define IMAGE_ENABLE_SHA1 1 # endif +# ifdef CONFIG_SPL_SHA256_SUPPORT +# define IMAGE_ENABLE_SHA256 1 +# endif # else # define CONFIG_CRC32 /* FIT images need CRC32 support */ # define CONFIG_MD5 /* and MD5 */ # define CONFIG_SHA1 /* and SHA1 */ +# define CONFIG_SHA256 /* and SHA256 */ # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 # define IMAGE_ENABLE_SHA1 1 +# define IMAGE_ENABLE_SHA256 1 # endif
#ifndef IMAGE_ENABLE_CRC32 @@ -78,6 +83,10 @@ struct lmb; #define IMAGE_ENABLE_SHA1 0 #endif
+#ifndef IMAGE_ENABLE_SHA256 +#define IMAGE_ENABLE_SHA256 0 +#endif + #endif /* CONFIG_FIT */
#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH @@ -345,6 +354,10 @@ extern bootm_headers_t images; #define CHUNKSZ_SHA1 (64 * 1024) #endif
+#ifndef CHUNKSZ_SHA256 +#define CHUNKSZ_SHA256 (64 * 1024) +#endif + #define uimage_to_cpu(x) be32_to_cpu(x) #define cpu_to_uimage(x) cpu_to_be32(x)
@@ -691,7 +704,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end); #define FIT_FDT_PROP "fdt" #define FIT_DEFAULT_PROP "default"
-#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), sha256_len(32)) */
/* cmdline argument format parsing */ int fit_parse_conf(const char *spec, ulong addr_curr, diff --git a/tools/Makefile b/tools/Makefile index 328cea3..e025004 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -71,6 +71,7 @@ EXT_OBJ_FILES-y += common/image-sig.o EXT_OBJ_FILES-y += lib/crc32.o EXT_OBJ_FILES-y += lib/md5.o EXT_OBJ_FILES-y += lib/sha1.o +EXT_OBJ_FILES-y += lib/sha256.o
# Source files located in the tools directory NOPED_OBJ_FILES-y += aisimage.o @@ -252,6 +253,7 @@ $(obj)mkimage$(SFX): $(obj)aisimage.o \ $(obj)os_support.o \ $(obj)pblimage.o \ $(obj)sha1.o \ + $(obj)sha256.o \ $(obj)ublimage.o \ $(LIBFDT_OBJS) \ $(RSA_OBJS)
Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c . Each file now has a function which does the correct hashing operation instead of having the SHA-1 hashing operation hard-coded in the rest of the code. This makes adding a new hashing operating much easier and cleaner.
Signed-off-by: Marek Vasut marex@denx.de --- lib/rsa/rsa-sign.c | 45 ++++++++++++++++++++++++-- lib/rsa/rsa-verify.c | 89 +++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 110 insertions(+), 24 deletions(-)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 549130e..4e11720 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -15,6 +15,11 @@ #include <openssl/ssl.h> #include <openssl/evp.h>
+enum rsa_hash_type { + RSA_HASH_SHA1, + RSA_HASH_UNKNOWN, +}; + #if OPENSSL_VERSION_NUMBER >= 0x10000000L #define HAVE_ERR_REMOVE_THREAD_STATE #endif @@ -159,7 +164,19 @@ static void rsa_remove(void) EVP_cleanup(); }
-static int rsa_sign_with_key(RSA *rsa, const struct image_region region[], +static const EVP_MD *rsa_sign_get_hash(enum rsa_hash_type hash) +{ + switch (hash) { + case RSA_HASH_SHA1: + return EVP_sha1(); + default: /* This must never happen. */ + rsa_err("Invalid hash type!\n"); + exit(1); + }; +} + +static int rsa_sign_with_key(RSA *rsa, enum rsa_hash_type hash, + const struct image_region region[], int region_count, uint8_t **sigp, uint *sig_size) { EVP_PKEY *key; @@ -192,7 +209,7 @@ static int rsa_sign_with_key(RSA *rsa, const struct image_region region[], goto err_create; } EVP_MD_CTX_init(context); - if (!EVP_SignInit(context, EVP_sha1())) { + if (!EVP_SignInit(context, rsa_sign_get_hash(hash))) { ret = rsa_err("Signer setup failed"); goto err_sign; } @@ -228,12 +245,34 @@ err_set: return ret; }
+static enum rsa_hash_type rsa_get_sha_type(struct image_sign_info *info) +{ + char *pos; + unsigned int hash_str_len; + + pos = strstr(info->algo->name, ","); + if (!pos) + return -EINVAL; + + hash_str_len = pos - info->algo->name; + + if (!strncmp(info->algo->name, "sha1", hash_str_len)) + return RSA_HASH_SHA1; + else + return RSA_HASH_UNKNOWN; +} + int rsa_sign(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t **sigp, uint *sig_len) { RSA *rsa; int ret; + enum rsa_hash_type hash; + + hash = rsa_get_sha_type(info); + if (hash == RSA_HASH_UNKNOWN) + return -EINVAL;
ret = rsa_init(); if (ret) @@ -242,7 +281,7 @@ int rsa_sign(struct image_sign_info *info, ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa); if (ret) goto err_priv; - ret = rsa_sign_with_key(rsa, region, region_count, sigp, sig_len); + ret = rsa_sign_with_key(rsa, hash, region, region_count, sigp, sig_len); if (ret) goto err_sign;
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 02cc4e3..9617f8d 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -6,6 +6,7 @@
#include <common.h> #include <fdtdec.h> +#include <malloc.h> #include <rsa.h> #include <sha1.h> #include <asm/byteorder.h> @@ -209,10 +210,9 @@ static int pow_mod(const struct rsa_public_key *key, uint32_t *inout) }
static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig, - const uint32_t sig_len, const uint8_t *hash) + const uint32_t sig_len, const uint8_t *hash, + const uint8_t *padding, int pad_len) { - const uint8_t *padding; - int pad_len; int ret;
if (!key || !sig || !hash) @@ -238,10 +238,6 @@ static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig, if (ret) return ret;
- /* Determine padding to use depending on the signature type. */ - padding = padding_sha1_rsa2048; - pad_len = RSA2048_BYTES - SHA1_SUM_LEN; - /* Check pkcs1.5 padding bytes. */ if (memcmp(buf, padding, pad_len)) { debug("In RSAVerify(): Padding check failed!\n"); @@ -266,7 +262,8 @@ static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src, int len) }
static int rsa_verify_with_keynode(struct image_sign_info *info, - const void *hash, uint8_t *sig, uint sig_len, int node) + const void *hash, uint8_t *sig, uint sig_len, int node, + const uint8_t *padding, int pad_len) { const void *blob = info->fdt_blob; struct rsa_public_key key; @@ -309,7 +306,7 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, }
debug("key length %d\n", key.len); - ret = rsa_verify_key(&key, sig, sig_len, hash); + ret = rsa_verify_key(&key, sig, sig_len, hash, padding, pad_len); if (ret) { printf("%s: RSA failed to verify: %d\n", __func__, ret); return ret; @@ -318,17 +315,64 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, return 0; }
+static int +rsa_compute_hash_sha1(const struct image_region region[], int region_count, + uint8_t **out_hash) +{ + sha1_context ctx; + int i; + uint8_t *hash; + + hash = calloc(1, SHA1_SUM_LEN); + if (!hash) + return -ENOMEM; + + sha1_starts(&ctx); + for (i = 0; i < region_count; i++) + sha1_update(&ctx, region[i].data, region[i].size); + sha1_finish(&ctx, hash); + + *out_hash = hash; + + return 0; +} + +static int rsa_compute_hash(struct image_sign_info *info, + const struct image_region region[], int region_count, + uint8_t **out_hash, const uint8_t **padding, + int *pad_len) +{ + int len, ret; + const uint8_t *pad; + + if (!strcmp(info->algo->name, "sha1,rsa2048")) { + pad = padding_sha1_rsa2048; + len = RSA2048_BYTES - SHA1_SUM_LEN; + ret = rsa_compute_hash_sha1(region, region_count, out_hash); + } else { + ret = -EINVAL; + } + + if (!ret) { + *padding = pad; + *pad_len = len; + } + + return ret; +} + int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len) { const void *blob = info->fdt_blob; - uint8_t hash[SHA1_SUM_LEN]; + uint8_t *hash = NULL; int ndepth, noffset; int sig_node, node; char name[100]; - sha1_context ctx; - int ret, i; + const uint8_t *padding; + int pad_len; + int ret;
sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME); if (sig_node < 0) { @@ -336,25 +380,26 @@ int rsa_verify(struct image_sign_info *info, return -ENOENT; }
- sha1_starts(&ctx); - for (i = 0; i < region_count; i++) - sha1_update(&ctx, region[i].data, region[i].size); - sha1_finish(&ctx, hash); + ret = rsa_compute_hash(info, region, region_count, &hash, + &padding, &pad_len); + if (ret) + return ret;
/* See if we must use a particular key */ if (info->required_keynode != -1) { ret = rsa_verify_with_keynode(info, hash, sig, sig_len, - info->required_keynode); + info->required_keynode, padding, pad_len); if (!ret) - return ret; + goto exit; }
/* Look for a key that matches our hint */ snprintf(name, sizeof(name), "key-%s", info->keyname); node = fdt_subnode_offset(blob, sig_node, name); - ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node); + ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node, + padding, pad_len); if (!ret) - return ret; + goto exit;
/* No luck, so try each of the keys in turn */ for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, &ndepth); @@ -362,11 +407,13 @@ int rsa_verify(struct image_sign_info *info, noffset = fdt_next_node(info->fit, noffset, &ndepth)) { if (ndepth == 1 && noffset != node) { ret = rsa_verify_with_keynode(info, hash, sig, sig_len, - noffset); + noffset, padding, pad_len); if (!ret) break; } }
+exit: + free(hash); return ret; }
Dear Marek,
In message 1391658426-24799-2-git-send-email-marex@denx.de you wrote:
Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c . Each file now has a function which does the correct hashing operation instead of having the SHA-1 hashing operation hard-coded in the rest of the code. This makes adding a new hashing operating much easier and cleaner.
...
noffset);
noffset, padding, pad_len);
Line too long.
Best regards,
Wolfgang Denk
On Thursday, February 06, 2014 at 01:18:31 PM, Wolfgang Denk wrote:
Dear Marek,
In message 1391658426-24799-2-git-send-email-marex@denx.de you wrote:
Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c . Each file now has a function which does the correct hashing operation instead of having the SHA-1 hashing operation hard-coded in the rest of the code. This makes adding a new hashing operating much easier and cleaner.
...
noffset);
noffset, padding,
pad_len);
Line too long.
I will need to cross-correlate this with Heiko's efforts, so there'll be V2 of either mine or his stuff.
Thanks for the review though.
Best regards, Marek Vasut
Add support for "sha256,rsa2048" signature. This patch utilises the previously laid groundwork for adding other hashes.
Signed-off-by: Marek Vasut marex@denx.de --- common/image-sig.c | 8 +++++++- lib/rsa/rsa-sign.c | 5 +++++ lib/rsa/rsa-verify.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/common/image-sig.c b/common/image-sig.c index 973b06d..c3d63bc 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -23,7 +23,13 @@ struct image_sig_algo image_sig_algos[] = { rsa_sign, rsa_add_verify_data, rsa_verify, - } + }, + { + "sha256,rsa2048", + rsa_sign, + rsa_add_verify_data, + rsa_verify, + }, };
struct image_sig_algo *image_get_sig_algo(const char *name) diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 4e11720..f1167b1 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -17,6 +17,7 @@
enum rsa_hash_type { RSA_HASH_SHA1, + RSA_HASH_SHA256, RSA_HASH_UNKNOWN, };
@@ -169,6 +170,8 @@ static const EVP_MD *rsa_sign_get_hash(enum rsa_hash_type hash) switch (hash) { case RSA_HASH_SHA1: return EVP_sha1(); + case RSA_HASH_SHA256: + return EVP_sha256(); default: /* This must never happen. */ rsa_err("Invalid hash type!\n"); exit(1); @@ -258,6 +261,8 @@ static enum rsa_hash_type rsa_get_sha_type(struct image_sign_info *info)
if (!strncmp(info->algo->name, "sha1", hash_str_len)) return RSA_HASH_SHA1; + else if (!strncmp(info->algo->name, "sha256", hash_str_len)) + return RSA_HASH_SHA256; else return RSA_HASH_UNKNOWN; } diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 9617f8d..67fb882 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -9,6 +9,7 @@ #include <malloc.h> #include <rsa.h> #include <sha1.h> +#include <sha256.h> #include <asm/byteorder.h> #include <asm/errno.h> #include <asm/unaligned.h> @@ -70,6 +71,37 @@ static const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = { 0x05, 0x00, 0x04, 0x14 };
+static const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = { + 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, + 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, +}; + /** * subtract_modulus() - subtract modulus from the given value * @@ -337,6 +369,28 @@ rsa_compute_hash_sha1(const struct image_region region[], int region_count, return 0; }
+static int +rsa_compute_hash_sha256(const struct image_region region[], int region_count, + uint8_t **out_hash) +{ + sha256_context ctx; + int i; + uint8_t *hash; + + hash = calloc(1, SHA256_SUM_LEN); + if (!hash) + return -ENOMEM; + + sha256_starts(&ctx); + for (i = 0; i < region_count; i++) + sha256_update(&ctx, region[i].data, region[i].size); + sha256_finish(&ctx, hash); + + *out_hash = hash; + + return 0; +} + static int rsa_compute_hash(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t **out_hash, const uint8_t **padding, @@ -349,6 +403,10 @@ static int rsa_compute_hash(struct image_sign_info *info, pad = padding_sha1_rsa2048; len = RSA2048_BYTES - SHA1_SUM_LEN; ret = rsa_compute_hash_sha1(region, region_count, out_hash); + } else if (!strcmp(info->algo->name, "sha256,rsa2048")) { + pad = padding_sha256_rsa2048; + len = RSA2048_BYTES - SHA256_SUM_LEN; + ret = rsa_compute_hash_sha256(region, region_count, out_hash); } else { ret = -EINVAL; }
Hi Marek,
On 5 February 2014 20:47, Marek Vasut marex@denx.de wrote:
Add support for "sha256,rsa2048" signature. This patch utilises the previously laid groundwork for adding other hashes.
Signed-off-by: Marek Vasut marex@denx.de
Does this conflict with Heiko's patch or is it the same?
Regards, Simon
On Sunday, February 16, 2014 at 12:31:53 AM, Simon Glass wrote:
Hi Marek,
On 5 February 2014 20:47, Marek Vasut marex@denx.de wrote:
Add support for "sha256,rsa2048" signature. This patch utilises the previously laid groundwork for adding other hashes.
Signed-off-by: Marek Vasut marex@denx.de
Does this conflict with Heiko's patch or is it the same?
Heiko's patchset is superior, so I drop this one please.
Best regards, Marek Vasut
Hello Marek,
Am 06.02.2014 04:47, schrieb Marek Vasut:
This patch adds support for SHA-256 hash into the FIT image. The usage is as with the other hashing algorithms:
" hash@1 { algo = "sha256"; }; "
Signed-off-by: Marek Vasutmarex@denx.de
common/image-fit.c | 5 +++++ include/image.h | 15 ++++++++++++++- tools/Makefile | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-)
seems I posted similiar patches ... you find them here:
[U-Boot,1/7] tools/image-host: fix sign-images bug http://patchwork.ozlabs.org/patch/314125/
[U-Boot,2/7] fdt: add "fdt sign" command http://patchwork.ozlabs.org/patch/314120/
[U-Boot,3/7] fit: add sha256 support http://patchwork.ozlabs.org/patch/314126/
[U-Boot,4/7] rsa: add sha256-rsa2048 algorithm http://patchwork.ozlabs.org/patch/314124/
[U-Boot,5/7] rsa: add sha256,rsa4096 algorithm http://patchwork.ozlabs.org/patch/314121/
I reworked the comments, except one is missing, and I can post "v2" Maybe you can try this patches?
bye, Heiko
On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote:
Hello Marek,
Am 06.02.2014 04:47, schrieb Marek Vasut:
This patch adds support for SHA-256 hash into the FIT image. The usage is as with the other hashing algorithms:
"
hash@1 {
algo = "sha256";};
"
Signed-off-by: Marek Vasutmarex@denx.de
common/image-fit.c | 5 +++++ include/image.h | 15 ++++++++++++++- tools/Makefile | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-)
seems I posted similiar patches ... you find them here:
Nice, thanks for bringing this up. Please review my series and check if there's possibly something interesting in that you might pull out into yours.
Otherwise, I'm all for applying your , since you also added rsa4096.
Best regards, Marek Vasut
Hello Marek,
Am 08.02.2014 15:18, schrieb Marek Vasut:
On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote:
Hello Marek,
Am 06.02.2014 04:47, schrieb Marek Vasut:
This patch adds support for SHA-256 hash into the FIT image. The usage is as with the other hashing algorithms:
"
hash@1 {
algo = "sha256";};
"
Signed-off-by: Marek Vasutmarex@denx.de
common/image-fit.c | 5 +++++ include/image.h | 15 ++++++++++++++- tools/Makefile | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-)
seems I posted similiar patches ... you find them here:
Nice, thanks for bringing this up. Please review my series and check if there's possibly something interesting in that you might pull out into yours.
I think, all your changes are also in my patchseries ...
Otherwise, I'm all for applying your , since you also added rsa4096.
bye, Heiko
On Monday, February 10, 2014 at 07:35:44 AM, Heiko Schocher wrote:
Hello Marek,
Am 08.02.2014 15:18, schrieb Marek Vasut:
On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote:
Hello Marek,
Am 06.02.2014 04:47, schrieb Marek Vasut:
This patch adds support for SHA-256 hash into the FIT image. The usage is as with the other hashing algorithms:
"
hash@1 {
algo = "sha256";};
"
Signed-off-by: Marek Vasutmarex@denx.de
common/image-fit.c | 5 +++++ include/image.h | 15 ++++++++++++++- tools/Makefile | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-)
seems I posted similiar patches ... you find them here:
Nice, thanks for bringing this up. Please review my series and check if there's possibly something interesting in that you might pull out into yours.
I think, all your changes are also in my patchseries ...
OK, thanks!
Best regards, Marek Vasut
Dear Marek,
In message 1391658426-24799-1-git-send-email-marex@denx.de you wrote:
This patch adds support for SHA-256 hash into the FIT image. The usage is as with the other hashing algorithms:
...
-#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), sha256_len(32)) */
Line too long.
Please make sure to run your patches through checkpatch !
Best regards,
Wolfgang Denk
On Thursday, February 06, 2014 at 01:17:36 PM, Wolfgang Denk wrote:
Dear Marek,
In message 1391658426-24799-1-git-send-email-marex@denx.de you wrote:
This patch adds support for SHA-256 hash into the FIT image. The usage is
as with the other hashing algorithms:
...
-#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), sha256_len(32)) */
Line too long.
Please make sure to run your patches through checkpatch !
This is weird, since all my patches should be checked upon 'git commit' via hook. Thanks for bringing this up to my attention, I will verify that.
Nonetheless, I would vouch for applying Heiko's patches instead.
Best regards, Marek Vasut
participants (4)
-
Heiko Schocher -
Marek Vasut -
Simon Glass -
Wolfgang Denk