[PATCH v4 00/29] Integrate MbedTLS v3.6 LTS with U-Boot
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations: ------------
1. MbedTLS is well maintained with LTS versions. 2. LWIP is integrated with MbedTLS and easily to enable HTTPS. 3. MbedTLS recently switched license back to GPLv2.
Prerequisite: -------------
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options: --------------------
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs with MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project: -------------------------------------
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader: 1. Decoding of Microsoft Authentication Code. 2. Decoding of PKCS#9 Authenticate Attributes. 3. Extending MbedTLS PKCS#7 lib to support multiple signer's certificates. 4. MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous: --------------
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader.
From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256,
sha512) are completely replaced when MbedTLS is enabled.
From v3, the size-growth is slightly reduced by refactoring Hash functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done: -----------
EFI Secure Boot test (EFI variables loading and verifying, EFI signed image verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues: -------------
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64) ``` add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053) Function old new delta mbedtls_internal_sha1_process - 4540 +4540 mbedtls_x509_crt_parse_der_internal - 3072 +3072 mbedtls_internal_md5_process - 2928 +2928 mbedtls_internal_sha256_process - 2052 +2052 mbedtls_pkcs7_parse_der - 1608 +1608 mbedtls_rsa_private - 1468 +1468 pkcs7_parse_message 372 1648 +1276 mbedtls_mpi_div_mpi - 1168 +1168 mbedtls_internal_sha512_process - 1056 +1056 mbedtls_mpi_inv_mod - 1000 +1000 mbedtls_x509_dn_gets - 996 +996 x509_populate_cert - 948 +948 K - 896 +896 oid_x520_attr_type - 840 +840 __udivti3 - 832 +832 mbedtls_x509_parse_subject_alt_name - 724 +724 mbedtls_rsa_deduce_primes - 720 +720 mbedtls_mpi_exp_mod - 668 +668 mbedtls_rsa_rsaes_pkcs1_v15_decrypt - 652 +652 pkcs7_get_signer_info - 632 +632 mbedtls_rsa_complete - 624 +624 mbedtls_rsa_validate_params - 608 +608 mbedtls_mpi_core_exp_mod - 560 +560 mbedtls_sha512_finish - 556 +556 mscode_parse 28 580 +552 mbedtls_x509_get_time - 552 +552 mbedtls_x509_get_name - 516 +516 mbedtls_sha256_finish - 484 +484 mbedtls_rsa_validate_crt - 464 +464 mbedtls_mpi_core_mla - 460 +460 rsa_rsassa_pkcs1_v15_encode - 420 +420 mbedtls_sha1_finish - 420 +420 mbedtls_mpi_gcd - 400 +400 oid_x509_ext - 360 +360 rsa_parse_pub_key 24 372 +348 mbedtls_x509_get_subject_alt_name_ext - 348 +348 mbedtls_sha512_starts - 340 +340 mbedtls_mpi_mul_mpi - 340 +340 mbedtls_rsa_rsassa_pkcs1_v15_sign - 336 +336 mbedtls_oid_get_numeric_string - 336 +336 mbedtls_md5_finish - 336 +336 mbedtls_pk_parse_subpubkey - 328 +328 oid_sig_alg - 320 +320 mbedtls_rsa_deduce_private_exponent - 312 +312 rsa_check_context.isra - 300 +300 mbedtls_rsa_rsaes_pkcs1_v15_encrypt - 288 +288 mbedtls_rsa_parse_pubkey - 284 +284 mbedtls_mpi_sub_abs - 284 +284 mbedtls_mpi_core_montmul - 276 +276 mbedtls_rsa_rsassa_pkcs1_v15_verify - 268 +268 mbedtls_asn1_traverse_sequence_of - 268 +268 mbedtls_sha512_update - 264 +264 mbedtls_asn1_get_alg - 256 +256 mbedtls_sha256_update - 252 +252 mbedtls_mpi_add_abs - 248 +248 oid_md_alg - 240 +240 mbedtls_sha1_update - 236 +236 mbedtls_rsa_deduce_crt - 236 +236 mbedtls_md5_update - 236 +236 mbedtls_rsa_import_raw - 232 +232 mbedtls_ct_memcpy_if - 228 +228 mbedtls_mpi_copy - 220 +220 mbedtls_mpi_cmp_mpi - 212 +212 mbedtls_mpi_shrink - 208 +208 mbedtls_ct_memmove_left - 208 +208 mbedtls_rsa_public - 204 +204 rsa_sign_wrap - 196 +196 mbedtls_pk_parse_public_key - 196 +196 asn1_get_tagged_int - 196 +196 mbedtls_mpi_mul_int - 184 +184 mbedtls_mpi_core_write_be - 184 +184 mbedtls_pk_verify_restartable - 180 +180 mbedtls_mpi_mod_mpi - 180 +180 mbedtls_asn1_get_len - 180 +180 pk_get_pk_alg.isra - 176 +176 mbedtls_mpi_core_fill_random - 176 +176 x509_populate_pubkey - 164 +164 rsa_verify_wrap - 164 +164 mbedtls_x509_crt_free - 164 +164 mbedtls_mpi_core_shift_r - 164 +164 oid_pk_alg - 160 +160 mbedtls_ct_zeroize_if - 156 +156 rsa_encrypt_wrap - 152 +152 rsa_decrypt_wrap - 152 +152 mbedtls_mpi_cmp_abs - 152 +152 add_sub_mpi - 152 +152 mbedtls_sha512 - 148 +148 mbedtls_rsa_check_privkey - 148 +148 mbedtls_mpi_core_shift_l - 148 +148 mbedtls_x509_get_ext - 144 +144 mbedtls_mpi_grow - 144 +144 mbedtls_mpi_core_read_be - 144 +144 mbedtls_x509_get_serial - 140 +140 mbedtls_asn1_write_len - 140 +140 pkcs7_get_one_cert - 136 +136 mbedtls_x509_crl_free - 136 +136 mbedtls_rsa_free - 136 +136 mbedtls_rsa_check_pubkey - 136 +136 mbedtls_x509_get_key_usage - 128 +128 mbedtls_asn1_get_bitstring - 128 +128 mbedtls_sha256_starts - 124 +124 mbedtls_mpi_core_mul - 124 +124 mbedtls_asn1_get_alg_null - 124 +124 mbedtls_x509_get_sig - 120 +120 mbedtls_pkcs7_free - 120 +120 mbedtls_oid_get_x509_ext_type - 120 +120 mbedtls_oid_get_pk_alg - 120 +120 mbedtls_oid_get_md_alg - 120 +120 mbedtls_oid_get_attr_short_name - 120 +120 mbedtls_x509_get_subject_alt_name - 116 +116 asn1_get_sequence_of_cb - 116 +116 mbedtls_x509_get_sig_alg - 112 +112 mbedtls_x509_get_ns_cert_type - 108 +108 mbedtls_mpi_resize_clear - 108 +108 mbedtls_mpi_lset - 108 +108 mbedtls_mpi_fill_random - 108 +108 mbedtls_asn1_get_sequence_of - 108 +108 mbedtls_mpi_core_get_mont_r2_unsafe - 104 +104 oid_sig_alg_from_asn1 - 100 +100 mbedtls_mpi_shift_l - 100 +100 public_key_verify_signature 312 408 +96 mbedtls_rsa_info - 96 +96 mbedtls_pk_setup - 96 +96 mbedtls_mpi_read_binary - 96 +96 mbedtls_rsa_check_pub_priv - 92 +92 mbedtls_mpi_lsb - 92 +92 mbedtls_asn1_get_bool - 92 +92 mbedtls_mpi_core_bigendian_to_host - 84 +84 mbedtls_mpi_core_bitlen - 76 +76 mbedtls_asn1_get_bitstring_null - 76 +76 x509_free_mbedtls_ctx.part - 72 +72 mbedtls_sha1_starts - 72 +72 mbedtls_mpi_core_cond_assign - 72 +72 hash_init_sha512 52 124 +72 hash_init_sha256 52 124 +72 CSWTCH 1266 1338 +72 x509_populate_dn_name_string - 68 +68 mbedtls_pk_free - 68 +68 mbedtls_oid_get_sig_alg - 68 +68 mbedtls_mpi_free - 68 +68 mbedtls_mpi_core_sub - 68 +68 mbedtls_mpi_core_check_zero_ct - 68 +68 pkcs7_free_signer_info - 64 +64 pkcs7_free_message 124 188 +64 mbedtls_oid_get_oid_by_md - 64 +64 rsa_debug - 60 +60 mbedtls_mpi_sub_int - 60 +60 mbedtls_mpi_core_add - 60 +60 mbedtls_mpi_cmp_int - 60 +60 mbedtls_mpi_add_int - 60 +60 mbedtls_md5_starts - 60 +60 mbedtls_platform_zeroize - 56 +56 mbedtls_asn1_get_tag - 56 +56 hash_init_sha1 52 108 +56 rsa_alloc_wrap - 52 +52 mbedtls_mpi_shift_r - 52 +52 mbedtls_mpi_core_montmul_init - 52 +52 mbedtls_mpi_core_from_mont_rep - 52 +52 mbedtls_mpi_core_clz - 52 +52 mbedtls_ct_memcmp - 52 +52 mbedtls_mpi_core_sub_int - 48 +48 mbedtls_asn1_write_tag - 48 +48 mbedtls_asn1_sequence_free - 48 +48 mbedtls_asn1_free_named_data_list_shallow - 48 +48 mbedtls_rsa_init - 44 +44 mbedtls_mpi_get_bit - 44 +44 x509_parse2_int - 40 +40 mbedtls_zeroize_and_free - 40 +40 mbedtls_rsa_pkcs1_verify - 40 +40 mbedtls_rsa_pkcs1_sign - 40 +40 mbedtls_mpi_core_exp_mod_working_limbs - 40 +40 rsa_free_wrap - 36 +36 mbedtls_md_info_from_type - 36 +36 mbedtls_x509_get_alg - 32 +32 mbedtls_pk_get_type - 28 +28 mbedtls_mpi_size - 28 +28 mbedtls_mpi_core_to_mont_rep - 28 +28 x509_get_timestamp - 24 +24 mbedtls_x509_free_subject_alt_name - 24 +24 mbedtls_rsa_pkcs1_encrypt - 20 +20 mbedtls_rsa_pkcs1_decrypt - 20 +20 mbedtls_pk_info_from_type - 20 +20 mbedtls_mpi_write_binary - 20 +20 mbedtls_md_get_size - 20 +20 rsa_can_do - 16 +16 mbedtls_x509_crt_parse_der - 16 +16 mbedtls_sha512_free - 16 +16 mbedtls_sha256_free - 16 +16 mbedtls_sha1_free - 16 +16 mbedtls_mpi_init - 16 +16 mbedtls_md5_free - 16 +16 hash_finish_sha512 72 88 +16 hash_finish_sha256 72 88 +16 hash_finish_sha1 72 88 +16 x509_free_certificate 88 100 +12 sha512_csum_wd 68 80 +12 sha256_csum_wd 68 80 +12 sha1_csum_wd 68 80 +12 rsa_check_pair_wrap - 12 +12 md5_wd 68 80 +12 mbedtls_x509_crt_init - 12 +12 mbedtls_sha512_init - 12 +12 mbedtls_sha256_init - 12 +12 mbedtls_sha1_init - 12 +12 mbedtls_pkcs7_init - 12 +12 mbedtls_mpi_bitlen - 12 +12 mbedtls_md5_init - 12 +12 mbedtls_asn1_get_int - 12 +12 rsa_get_bitlen - 8 +8 mpi_bigendian_to_host - 8 +8 memset_func - 8 +8 mbedtls_sha512_info - 8 +8 mbedtls_sha384_info - 8 +8 mbedtls_sha256_info - 8 +8 mbedtls_sha1_info - 8 +8 mbedtls_rsa_get_len - 8 +8 mbedtls_rsa_get_bitlen - 8 +8 mbedtls_pk_verify - 8 +8 mbedtls_pk_init - 8 +8 mbedtls_mpi_sub_mpi - 8 +8 mbedtls_mpi_add_mpi - 8 +8 mbedtls_md5_info - 8 +8 mbedtls_ct_zero - 8 +8 sha512_update 4 8 +4 sha384_update 4 8 +4 sha256_update 12 8 -4 sha1_update 12 8 -4 rsapubkey_machine 10 - -10 x509_note_not_before 12 - -12 x509_note_not_after 12 - -12 month_lengths 12 - -12 x509_akid_note_name 16 - -16 sha256_process 16 - -16 sha1_process 16 - -16 rsapubkey_action_table 16 - -16 pkcs7_sig_note_skid 16 - -16 pkcs7_sig_note_serial 16 - -16 pkcs7_sig_note_issuer 16 - -16 pkcs7_check_content_type 20 - -20 hash_update_sha512 36 16 -20 hash_update_sha256 36 16 -20 hash_update_sha1 36 16 -20 MD5Init 56 36 -20 x509_note_serial 24 - -24 x509_decoder 24 - -24 x509_akid_decoder 24 - -24 sha1_starts 60 36 -24 rsapubkey_decoder 24 - -24 pkcs7_decoder 24 - -24 mscode_machine 24 - -24 mscode_decoder 24 - -24 mscode_action_table 24 - -24 x509_note_subject 28 - -28 x509_note_issuer 28 - -28 x509_note_tbs_certificate 32 - -32 pkcs7_note_data 32 - -32 rsa_get_n 36 - -36 hash_update_sha384 36 - -36 x509_note_params 40 - -40 x509_akid_action_table 40 - -40 pkcs7_note_content 40 - -40 asn1_op_lengths 41 - -41 rsa_get_e 48 - -48 pkcs7_note_signeddata_version 48 - -48 pkcs7_note_certificate_list 48 - -48 hash_init_sha384 52 - -52 sha384_csum_wd 68 12 -56 sha256_starts 104 40 -64 sha256_padding 64 - -64 sha1_padding 64 - -64 mscode_note_digest 72 - -72 hash_finish_sha384 72 - -72 pkcs7_sig_note_set_of_authattrs 84 - -84 x509_note_OID 92 - -92 x509_akid_note_serial 92 - -92 x509_akid_note_kid 92 - -92 pkcs7_sig_note_pkey_algo 92 - -92 x509_akid_machine 93 - -93 x509_extract_name_segment 96 - -96 pkcs7_note_signerinfo_version 96 - -96 pkcs7_sig_note_signature 100 - -100 x509_action_table 104 - -104 x509_machine 113 - -113 x509_extract_key_data 116 - -116 sha512_finish 152 36 -116 pkcs7_note_OID 116 - -116 pkcs7_extract_cert 116 - -116 sha512_starts 168 40 -128 sha384_starts 168 40 -128 mscode_note_content_type 132 - -132 pkcs7_action_table 136 - -136 sha384_finish 152 4 -148 oid_index 150 - -150 MD5Final 196 44 -152 sha512_base_do_finalize 160 - -160 x509_process_extension 168 - -168 x509_note_signature 172 - -172 pkcs7_note_signed_info 216 - -216 sha256_update.part 228 - -228 pkcs7_machine 239 - -239 sha1_update.part 240 - -240 sha512_base_do_update 244 - -244 pkcs7_sig_note_digest_algo 244 - -244 look_up_OID 244 - -244 sprint_oid 260 - -260 MD5Update 260 - -260 sha1_finish 300 36 -264 mscode_note_digest_algo 280 - -280 oid_search_table 296 - -296 x509_cert_parse 408 108 -300 x509_get_sig_params 304 - -304 pkcs7_sig_note_authenticated_attr 316 - -316 x509_note_pkey_algo 336 - -336 sha256_finish 404 36 -368 sha256_armv8_ce_process 428 - -428 x509_fabricate_name.isra 460 - -460 sha1_armv8_ce_process 484 - -484 oid_data 513 - -513 sha512_K 640 - -640 x509_decode_time 672 - -672 sha512_block_fn 1212 - -1212 asn1_ber_decoder 1480 - -1480 MD5Transform 2552 - -2552 Total: Before=836523, After=874576, chg +4.55% ```
Raymond Mao (29): CI: Exclude MbedTLS subtree for CONFIG checks mbedtls: Add script to update MbedTLS subtree mbedtls: add mbedtls into the build system lib: Adapt digest header files to MbedTLS md5: Remove md5 non-watchdog API sha1: Remove sha1 non-watchdog API mbedtls: add digest shim layer for MbedTLS hash: integrate hash on mbedtls makefile: add mbedtls include directories mbedtls/external: support Microsoft Authentication Code mbedtls/external: support PKCS9 Authenticate Attributes mbedtls/external: support decoding multiple signer's cert mbedtls/external: update MbedTLS PKCS7 test suites public_key: move common functions to public key helper x509: move common functions to x509 helper pkcs7: move common functions to PKCS7 helper mbedtls: add public key porting layer lib/crypto: Adapt public_key header with MbedTLS mbedtls: add X509 cert parser porting layer lib/crypto: Adapt x509_cert_parser to MbedTLS mbedtls: add PKCS7 parser porting layer lib/crypto: Adapt PKCS7 parser to MbedTLS mbedtls: add MSCode parser porting layer lib/crypto: Adapt mscode_parser to MbedTLS mbedtls: add RSA helper layer on MbedTLS lib/rypto: Adapt rsa_helper to MbedTLS asn1_decoder: add build options for ASN1 decoder test: Remove ASN1 library test configs: enable MbedTLS as default setting
.azure-pipelines.yml | 3 +- .gitlab-ci.yml | 3 +- Makefile | 6 + board/friendlyarm/nanopi2/board.c | 3 +- board/gdsys/a38x/hre.c | 2 +- board/intel/edison/edison.c | 3 +- board/xilinx/zynq/bootimg.c | 2 +- common/hash.c | 143 +++++ configs/qemu_arm64_defconfig | 4 + configs/sandbox_defconfig | 3 + include/crypto/mscode.h | 4 + include/crypto/pkcs7_parser.h | 56 ++ include/crypto/public_key.h | 6 + include/crypto/x509_parser.h | 56 ++ include/limits.h | 29 + include/linux/kernel.h | 13 +- include/stdlib.h | 1 + include/u-boot/md5.h | 14 +- include/u-boot/sha1.h | 37 +- include/u-boot/sha256.h | 20 + include/u-boot/sha512.h | 22 +- lib/Kconfig | 4 + lib/Makefile | 14 +- lib/crypto/Kconfig | 2 +- lib/crypto/Makefile | 16 +- lib/crypto/asymmetric_type.c | 2 +- lib/crypto/pkcs7_helper.c | 40 ++ lib/crypto/pkcs7_parser.c | 28 - lib/crypto/public_key.c | 31 -- lib/crypto/public_key_helper.c | 42 ++ lib/crypto/x509_helper.c | 67 +++ lib/crypto/x509_public_key.c | 58 +- lib/mbedtls/Kconfig | 405 ++++++++++++++ lib/mbedtls/Makefile | 66 +++ .../external/mbedtls/include/mbedtls/oid.h | 35 ++ .../external/mbedtls/include/mbedtls/pkcs7.h | 21 + lib/mbedtls/external/mbedtls/library/pkcs7.c | 154 ++++-- .../tests/suites/test_suite_pkcs7.data | 4 +- lib/mbedtls/mbedtls_def_config.h | 69 +++ lib/mbedtls/md5.c | 57 ++ lib/mbedtls/mscode_parser.c | 123 +++++ lib/mbedtls/pkcs7_parser.c | 506 ++++++++++++++++++ lib/mbedtls/port/assert.h | 12 + lib/mbedtls/public_key.c | 82 +++ lib/mbedtls/rsa_helper.c | 95 ++++ lib/mbedtls/sha1.c | 99 ++++ lib/mbedtls/sha256.c | 62 +++ lib/mbedtls/sha512.c | 93 ++++ lib/mbedtls/x509_cert_parser.c | 446 +++++++++++++++ lib/md5.c | 15 - lib/sha1.c | 13 - lib/tpm-v1.c | 2 +- test/Kconfig | 2 +- tools/update-mbedtls-subtree.sh | 47 ++ 54 files changed, 2906 insertions(+), 236 deletions(-) create mode 100644 include/limits.h create mode 100644 lib/crypto/pkcs7_helper.c create mode 100644 lib/crypto/public_key_helper.c create mode 100644 lib/crypto/x509_helper.c create mode 100644 lib/mbedtls/Kconfig create mode 100644 lib/mbedtls/Makefile create mode 100644 lib/mbedtls/mbedtls_def_config.h create mode 100644 lib/mbedtls/md5.c create mode 100644 lib/mbedtls/mscode_parser.c create mode 100644 lib/mbedtls/pkcs7_parser.c create mode 100644 lib/mbedtls/port/assert.h create mode 100644 lib/mbedtls/public_key.c create mode 100644 lib/mbedtls/rsa_helper.c create mode 100644 lib/mbedtls/sha1.c create mode 100644 lib/mbedtls/sha256.c create mode 100644 lib/mbedtls/sha512.c create mode 100644 lib/mbedtls/x509_cert_parser.c create mode 100755 tools/update-mbedtls-subtree.sh
Since MbedTLS is an external repo with its own coding style, exclude it from Azure and gitlab CI CONFIG checks.
Signed-off-by: Raymond Mao raymond.mao@linaro.org Reviewed-by: Tom Rini trini@konsulko.com Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org --- Changes in v2 - Initial patch. Changes in v3 - None. Changes in v4 - None.
.azure-pipelines.yml | 3 ++- .gitlab-ci.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 27f69583c65..c8052771fa8 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -65,7 +65,8 @@ stages: # have no matches. - script: git grep -E '^#[[:blank:]]*(define|undef)[[:blank:]]*CONFIG_' :^doc/ :^arch/arm/dts/ :^scripts/kconfig/lkc.h - :^include/linux/kconfig.h :^tools/ :^dts/upstream/ && + :^include/linux/kconfig.h :^tools/ :^dts/upstream/ + :^lib/mbedtls/external :^lib/mbedtls/mbedtls_def_config.h && exit 1 || exit 0
- job: docs diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 165f765a833..a8f7f1940f3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -156,7 +156,8 @@ check for new CONFIG symbols outside Kconfig: # have no matches. - git grep -E '^#[[:blank:]]*(define|undef)[[:blank:]]*CONFIG_' :^doc/ :^arch/arm/dts/ :^scripts/kconfig/lkc.h - :^include/linux/kconfig.h :^tools/ :^dts/upstream/ && + :^include/linux/kconfig.h :^tools/ :^dts/upstream/ + :^lib/mbedtls/external :^lib/mbedtls/mbedtls_def_config.h && exit 1 || exit 0
# build documentation
lib/mbedtls/update-mbedtls-subtree.sh is a wrapper of git subtree commands. Usage from U-Boot top directory, run:
$ ./lib/mbedtls/update-mbedtls-subtree.sh pull <release-tag> $ ./lib/mbedtls/update-mbedtls-subtree.sh pick <commit-id>
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Initial patch. Changes in v3 - None. Changes in v4 - Minor fix and move the script into tools dir.
tools/update-mbedtls-subtree.sh | 47 +++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 tools/update-mbedtls-subtree.sh
diff --git a/tools/update-mbedtls-subtree.sh b/tools/update-mbedtls-subtree.sh new file mode 100755 index 00000000000..0a98a4d6e82 --- /dev/null +++ b/tools/update-mbedtls-subtree.sh @@ -0,0 +1,47 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0+ +# +# Copyright 2024 Linaro Ltd. +# +# Usage: from the top level U-Boot source tree, run: +# $ ./tools/update-mbedtls-subtree.sh pull <release-tag> +# $ ./tools/update-mbedtls-subtree.sh pick <commit-id> +# +# The script will pull changes from MbedTLS repo into U-Boot +# as a subtree located as <U-Boot>/lib/mbedtls/external/mbedtls sub-directory. +# It will automatically create a squash/merge commit listing the commits +# imported. + +set -e + +merge_commit_msg=$(cat << EOF +Subtree merge tag '$2' of MbedTLS repo [1] into lib/mbedtls/external/mbedtls + +[1] https://github.com/Mbed-TLS/mbedtls.git +EOF +) + +remote_add_and_fetch() { + if [ -z "$(git remote get-url mbedtls_upstream 2>/dev/null)" ]; then + echo "Warning: Script automatically adds new git remote via:" + echo " git remote add mbedtls_upstream \" + echo " https://github.com/Mbed-TLS/mbedtls.git" + git remote add mbedtls_upstream \ + https://github.com/Mbed-TLS/mbedtls.git + fi + git fetch mbedtls_upstream master +} + +if [ "$1" = 'pull' ]; then + remote_add_and_fetch + git subtree pull --prefix lib/mbedtls/external/mbedtls mbedtls_upstream \ + "$2" --squash -m "${merge_commit_msg}" +elif [ "$1" = 'pick' ]; then + remote_add_and_fetch + git cherry-pick -x --strategy=subtree \ + -Xsubtree=lib/mbedtls/external/mbedtls/ "$2" +else + echo "usage: $0 <op> <ref>" + echo " <op> pull or pick" + echo " <ref> release tag [pull] or commit id [pick]" +fi
On Tue, Jul 02, 2024 at 11:22:38AM -0700, Raymond Mao wrote:
lib/mbedtls/update-mbedtls-subtree.sh is a wrapper of git subtree commands. Usage from U-Boot top directory, run:
$ ./lib/mbedtls/update-mbedtls-subtree.sh pull <release-tag> $ ./lib/mbedtls/update-mbedtls-subtree.sh pick <commit-id>
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Initial patch.
Changes in v3
- None.
Changes in v4
- Minor fix and move the script into tools dir.
tools/update-mbedtls-subtree.sh | 47 +++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 tools/update-mbedtls-subtree.sh
Given how amazingly close this is to dts/update-dts-subtree.sh and also the lwIP version, can you and Jerome please co-ordinate on a short series that you can then both depend on a pre-req that makes, I don't know, tools/update-git-subtree.sh and that script takes upstream URI and whatever else would be needed so that all 3 of our "update or cherry-pick from a git subtree" scripts call that and are more or less one line scripts themselves? Thanks.
On 7/2/24 22:56, Tom Rini wrote:
On Tue, Jul 02, 2024 at 11:22:38AM -0700, Raymond Mao wrote:
lib/mbedtls/update-mbedtls-subtree.sh is a wrapper of git subtree commands. Usage from U-Boot top directory, run:
$ ./lib/mbedtls/update-mbedtls-subtree.sh pull <release-tag> $ ./lib/mbedtls/update-mbedtls-subtree.sh pick <commit-id>
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Initial patch.
Changes in v3
- None.
Changes in v4
- Minor fix and move the script into tools dir.
tools/update-mbedtls-subtree.sh | 47 +++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 tools/update-mbedtls-subtree.sh
Given how amazingly close this is to dts/update-dts-subtree.sh and also the lwIP version, can you and Jerome please co-ordinate on a short series that you can then both depend on a pre-req that makes, I don't know, tools/update-git-subtree.sh and that script takes upstream URI and whatever else would be needed so that all 3 of our "update or cherry-pick from a git subtree" scripts call that and are more or less one line scripts themselves? Thanks.
Sounds like a good idea :)
Raymond, FYI the lwIP series is at [1]. I will make sure I CC you on the next iteration BTW ;-). All the information about the subtree is in the cover letter and that's basically:
$ git subtree add --squash --prefix lib/lwip/lwip \ https://git.savannah.gnu.org/git/lwip.git STABLE-2_2_0_RELEASE
[1] https://lore.kernel.org/u-boot/3c2b8a90-1d4d-41ac-a15a-0d3b2a7d2a57@linaro.o...
Thanks,
Hi Jerome,
On Wed, 3 Jul 2024 at 03:16, Jerome Forissier jerome.forissier@linaro.org wrote:
On 7/2/24 22:56, Tom Rini wrote:
On Tue, Jul 02, 2024 at 11:22:38AM -0700, Raymond Mao wrote:
lib/mbedtls/update-mbedtls-subtree.sh is a wrapper of git subtree commands. Usage from U-Boot top directory, run:
$ ./lib/mbedtls/update-mbedtls-subtree.sh pull <release-tag> $ ./lib/mbedtls/update-mbedtls-subtree.sh pick <commit-id>
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Initial patch.
Changes in v3
- None.
Changes in v4
- Minor fix and move the script into tools dir.
tools/update-mbedtls-subtree.sh | 47 +++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 tools/update-mbedtls-subtree.sh
Given how amazingly close this is to dts/update-dts-subtree.sh and also the lwIP version, can you and Jerome please co-ordinate on a short series that you can then both depend on a pre-req that makes, I don't know, tools/update-git-subtree.sh and that script takes upstream URI and whatever else would be needed so that all 3 of our "update or cherry-pick from a git subtree" scripts call that and are more or less one line scripts themselves? Thanks.
Sounds like a good idea :)
Raymond, FYI the lwIP series is at [1]. I will make sure I CC you on the next iteration BTW ;-). All the information about the subtree is in the cover letter and that's basically:
$ git subtree add --squash --prefix lib/lwip/lwip \ https://git.savannah.gnu.org/git/lwip.git STABLE-2_2_0_RELEASE
[1] https://lore.kernel.org/u-boot/3c2b8a90-1d4d-41ac-a15a-0d3b2a7d2a57@linaro.o...
Thanks. I will send the patch and keep you in CC.
Regards, Raymond
Hi Tom,
On Tue, 2 Jul 2024 at 16:57, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:38AM -0700, Raymond Mao wrote:
lib/mbedtls/update-mbedtls-subtree.sh is a wrapper of git subtree commands. Usage from U-Boot top directory, run:
$ ./lib/mbedtls/update-mbedtls-subtree.sh pull <release-tag> $ ./lib/mbedtls/update-mbedtls-subtree.sh pick <commit-id>
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Initial patch.
Changes in v3
- None.
Changes in v4
- Minor fix and move the script into tools dir.
tools/update-mbedtls-subtree.sh | 47 +++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 tools/update-mbedtls-subtree.sh
Given how amazingly close this is to dts/update-dts-subtree.sh and also the lwIP version, can you and Jerome please co-ordinate on a short series that you can then both depend on a pre-req that makes, I don't know, tools/update-git-subtree.sh and that script takes upstream URI and whatever else would be needed so that all 3 of our "update or cherry-pick from a git subtree" scripts call that and are more or less one line scripts themselves? Thanks.
I agree. This is a good idea. I can make a prerequisite patch to merge
these 3 scripts.
Regards, Raymond
Port mbedtls with adapted libc header files. Add mbedtls default config header file. Optimize mbedtls default config by disabling unused features to reduce the target size. Add mbedtls kbuild makefile. Add Kconfig skeleton and config submenu entry for selecting crypto libraries between mbedtls and legacy ones.
Subsequent patches will separate those Kconfigs into pairs of _LEGACY and _MBEDTLS for controlling the implementations of legacy crypto libraries and MbedTLS ones respectively.
The motivation of moving and adapting *INT* macros from kernel.h to limits.h is to fullfill the MbedTLS building requirement. The conditional compilation statements in MbedTLS expects the *INT* macros as constant expressions, thus expressions like `((int)(~0U >> 1))` will not work.
Prerequisite ------------
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via:
$ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash
Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually:
$ git add --renormalize . $ git commit
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Disabled unused MbedTLS features to optimize the target size. Changes in v3 - Removed changes in stdio.h. Changes in v4 - Move limits.h as a common header file that is included by kernel.h. - Refactor the Kconfig to support legacy and MbedTLS options for each algorithm. - Refactor MbedTLS makefile and default config file to remove unused config options and objects. - removed the unused CONFIG_MBEDTLS_LIB_TLS.
include/limits.h | 29 ++++++++++++++ include/linux/kernel.h | 13 +----- include/stdlib.h | 1 + lib/Kconfig | 4 ++ lib/Makefile | 2 + lib/mbedtls/Kconfig | 47 ++++++++++++++++++++++ lib/mbedtls/Makefile | 49 +++++++++++++++++++++++ lib/mbedtls/mbedtls_def_config.h | 69 ++++++++++++++++++++++++++++++++ lib/mbedtls/port/assert.h | 12 ++++++ 9 files changed, 214 insertions(+), 12 deletions(-) create mode 100644 include/limits.h create mode 100644 lib/mbedtls/Kconfig create mode 100644 lib/mbedtls/Makefile create mode 100644 lib/mbedtls/mbedtls_def_config.h create mode 100644 lib/mbedtls/port/assert.h
diff --git a/include/limits.h b/include/limits.h new file mode 100644 index 00000000000..cc691d15650 --- /dev/null +++ b/include/limits.h @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2023 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#ifndef _LIMITS_H +#define _LIMITS_H + +#define INT_MAX 0x7fffffff +#define UINT_MAX 0xffffffffUL +#define CHAR_BIT 8 +#define UINT32_MAX 0xffffffffUL +#define UINT64_MAX 0xffffffffffffffffUL + +#ifdef CONFIG_64BIT + #define UINTPTR_MAX UINT64_MAX +#else + #define UINTPTR_MAX UINT32_MAX +#endif + +#ifndef SIZE_MAX +#define SIZE_MAX UINTPTR_MAX +#endif +#ifndef SSIZE_MAX +#define SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1)) +#endif + +#endif /* _LIMITS_H */ diff --git a/include/linux/kernel.h b/include/linux/kernel.h index 5cd6c9dc821..2cb2ceaf84b 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -3,25 +3,18 @@
#include <linux/types.h> #include <linux/printk.h> /* for printf/pr_* utilities */ +#include <limits.h>
#define USHRT_MAX ((u16)(~0U)) #define SHRT_MAX ((s16)(USHRT_MAX>>1)) #define SHRT_MIN ((s16)(-SHRT_MAX - 1)) -#define INT_MAX ((int)(~0U>>1)) #define INT_MIN (-INT_MAX - 1) -#define UINT_MAX (~0U) #define LONG_MAX ((long)(~0UL>>1)) #define LONG_MIN (-LONG_MAX - 1) #define ULONG_MAX (~0UL) #define LLONG_MAX ((long long)(~0ULL>>1)) #define LLONG_MIN (-LLONG_MAX - 1) #define ULLONG_MAX (~0ULL) -#ifndef SIZE_MAX -#define SIZE_MAX (~(size_t)0) -#endif -#ifndef SSIZE_MAX -#define SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1)) -#endif
#define U8_MAX ((u8)~0U) #define S8_MAX ((s8)(U8_MAX>>1)) @@ -36,10 +29,6 @@ #define S64_MAX ((s64)(U64_MAX>>1)) #define S64_MIN ((s64)(-S64_MAX - 1))
-/* Aliases defined by stdint.h */ -#define UINT32_MAX U32_MAX -#define UINT64_MAX U64_MAX - #define INT32_MAX S32_MAX
#define STACK_MAGIC 0xdeadbeef diff --git a/include/stdlib.h b/include/stdlib.h index 9c175d4d74c..dedfd52a144 100644 --- a/include/stdlib.h +++ b/include/stdlib.h @@ -7,5 +7,6 @@ #define __STDLIB_H_
#include <malloc.h> +#include <rand.h>
#endif /* __STDLIB_H_ */ diff --git a/lib/Kconfig b/lib/Kconfig index 189e6eb31aa..ff89af6be74 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -418,6 +418,10 @@ config CIRCBUF
source "lib/dhry/Kconfig"
+menu "Alternative crypto libraries" +source lib/mbedtls/Kconfig +endmenu + menu "Security support"
config AES diff --git a/lib/Makefile b/lib/Makefile index 2a76acf100d..a4600b09f49 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -94,6 +94,8 @@ obj-$(CONFIG_LIBAVB) += libavb/ obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += libfdt/ obj-$(CONFIG_$(SPL_TPL_)OF_REAL) += fdtdec_common.o fdtdec.o
+obj-$(CONFIG_MBEDTLS_LIB) += mbedtls/ + ifdef CONFIG_SPL_BUILD obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16-ccitt.o obj-$(CONFIG_$(SPL_TPL_)HASH) += crc16-ccitt.o diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig new file mode 100644 index 00000000000..3e9057f1acf --- /dev/null +++ b/lib/mbedtls/Kconfig @@ -0,0 +1,47 @@ +choice + prompt "Select crypto libraries" + default LEGACY_CRYPTO + help + Select crypto libraries. + LEGACY_CRYPTO for legacy crypto libraries, + MBEDTLS_LIB for MbedTLS libraries. + +config LEGACY_CRYPTO + bool "legacy crypto libraries" + select LEGACY_CRYPTO_BASIC + select LEGACY_CRYPTO_CERT + +config MBEDTLS_LIB + bool "MbedTLS libraries" + select MBEDTLS_LIB_CRYPTO + select MBEDTLS_LIB_X509 +endchoice + +if LEGACY_CRYPTO + +config LEGACY_CRYPTO_BASIC + bool "legacy basic crypto libraries" + help + Enable legacy basic crypto libraries. + +config LEGACY_CRYPTO_CERT + bool "legacy certificate libraries" + help + Enable legacy certificate libraries. + +endif # LEGACY_CRYPTO + +if MBEDTLS_LIB + +config MBEDTLS_LIB_CRYPTO + bool "MbedTLS crypto libraries" + help + Enable MbedTLS crypto libraries. + + +config MBEDTLS_LIB_X509 + bool "MbedTLS certificate libraries" + help + Enable MbedTLS certificate libraries. + +endif # MBEDTLS_LIB diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile new file mode 100644 index 00000000000..803ea0b62a0 --- /dev/null +++ b/lib/mbedtls/Makefile @@ -0,0 +1,49 @@ +# SPDX-License-Identifier: GPL-2.0+ +# +# Copyright (c) 2024 Linaro Limited +# Author: Raymond Mao raymond.mao@linaro.org + +MBEDTLS_LIB_DIR = external/mbedtls/library + +# MbedTLS default config file +ccflags-y += "-DMBEDTLS_CONFIG_FILE="mbedtls_def_config.h"" + +ccflags-y += \ + -I$(src)/port \ + -I$(src)/external/mbedtls/include \ + -I$(src)/external/mbedtls/library + +# MbedTLS crypto library +obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o +mbedtls_lib_crypto-y += \ + $(MBEDTLS_LIB_DIR)/platform_util.o \ + $(MBEDTLS_LIB_DIR)/constant_time.o \ + $(MBEDTLS_LIB_DIR)/md.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5) += $(MBEDTLS_LIB_DIR)/md5.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1) += $(MBEDTLS_LIB_DIR)/sha1.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256) += \ + $(MBEDTLS_LIB_DIR)/sha256.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512) += \ + $(MBEDTLS_LIB_DIR)/sha512.o + +# MbedTLS X509 library +obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o +mbedtls_lib_x509-y += $(MBEDTLS_LIB_DIR)/x509.o +mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER) += \ + $(MBEDTLS_LIB_DIR)/asn1parse.o \ + $(MBEDTLS_LIB_DIR)/asn1write.o \ + $(MBEDTLS_LIB_DIR)/oid.o +mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += \ + $(MBEDTLS_LIB_DIR)/bignum.o \ + $(MBEDTLS_LIB_DIR)/bignum_core.o \ + $(MBEDTLS_LIB_DIR)/rsa.o \ + $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o +mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += \ + $(MBEDTLS_LIB_DIR)/pk.o \ + $(MBEDTLS_LIB_DIR)/pk_wrap.o \ + $(MBEDTLS_LIB_DIR)/pkparse.o +mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER) += \ + $(MBEDTLS_LIB_DIR)/x509_crl.o \ + $(MBEDTLS_LIB_DIR)/x509_crt.o +mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += \ + $(MBEDTLS_LIB_DIR)/pkcs7.o diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h new file mode 100644 index 00000000000..38de6b0b9af --- /dev/null +++ b/lib/mbedtls/mbedtls_def_config.h @@ -0,0 +1,69 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * MbedTLS config file + * + * Derived from the MbedTLS internal config file, + * for more information about each build option, + * please refer to: + * external/mbedtls/include/mbedtls/mbedtls_config.h + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) + +#define MBEDTLS_MD_C + +#if CONFIG_IS_ENABLED(MD5) +#define MBEDTLS_MD5_C +#endif + +#if CONFIG_IS_ENABLED(SHA1) +#define MBEDTLS_SHA1_C +#endif + +#if CONFIG_IS_ENABLED(SHA256) +#define MBEDTLS_SHA256_C +#endif + +#if CONFIG_IS_ENABLED(SHA384) +#define MBEDTLS_SHA384_C +#endif + +#if CONFIG_IS_ENABLED(SHA512) +#define MBEDTLS_SHA512_C +#endif + +#endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */ + +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) + +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_X509_USE_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_CRL_PARSE_C +#endif + +#if CONFIG_IS_ENABLED(ASYMMETRIC_PUBLIC_KEY_SUBTYPE) +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +#endif + +#if CONFIG_IS_ENABLED(RSA_PUBLIC_KEY_PARSER) +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_RSA_C +#endif + +#if CONFIG_IS_ENABLED(PKCS7_MESSAGE_PARSER) +#define MBEDTLS_PKCS7_C +#endif + +#if CONFIG_IS_ENABLED(ASN1_DECODER) +#define MBEDTLS_OID_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#endif + +#endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */ diff --git a/lib/mbedtls/port/assert.h b/lib/mbedtls/port/assert.h new file mode 100644 index 00000000000..490701aa9d0 --- /dev/null +++ b/lib/mbedtls/port/assert.h @@ -0,0 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Dummy file to allow mbedtls linked with U-Boot to include assert.h + * + * Copyright (c) 2023 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#ifndef _MBEDTLS_ASSERT_H +#define _MBEDTLS_ASSERT_H + +#endif /* _MBEDTLS_ASSERT_H */
Adapt digest header files to support both original libs and MbedTLS by switching on/off MBEDTLS_LIB_CRYPTO. Introduce <alg>_LEGACY kconfig for legacy hash implementations.
FIXME: `IS_ENABLED` or `CONFIG_IS_ENABLED` is not applicable here, since including <linux/kconfig.h> causes undefined reference on schedule() with sandbox build. As <linux/kconfig.h> includes <generated/autoconf.h> which enables `CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no schedule() are defined in sandbox build. `#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` is a workaround.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Initial patch. Changes in v3 - Remove the changes that were done in previous clean-up patch set. Changes in v4 - Introduce <alg>_LEGACY kconfig for legacy hash implementations. - Minor fix of the include directories.
include/u-boot/md5.h | 7 +++ include/u-boot/sha1.h | 21 ++++++++- include/u-boot/sha256.h | 20 +++++++++ include/u-boot/sha512.h | 22 ++++++++-- lib/Makefile | 10 +++-- lib/mbedtls/Kconfig | 96 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 168 insertions(+), 8 deletions(-)
diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h index c465925ea8d..69898fcbe49 100644 --- a/include/u-boot/md5.h +++ b/include/u-boot/md5.h @@ -6,10 +6,16 @@ #ifndef _MD5_H #define _MD5_H
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +#include <mbedtls/md5.h> +#endif #include "compiler.h"
#define MD5_SUM_LEN 16
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +typedef mbedtls_md5_context MD5Context; +#else typedef struct MD5Context { __u32 buf[4]; __u32 bits[2]; @@ -18,6 +24,7 @@ typedef struct MD5Context { __u32 in32[16]; }; } MD5Context; +#endif
void MD5Init(MD5Context *ctx); void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len); diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h index c1e9f67068d..ab88134fb98 100644 --- a/include/u-boot/sha1.h +++ b/include/u-boot/sha1.h @@ -16,6 +16,21 @@
#include <linux/types.h>
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +/* + * FIXME: + * MbedTLS define the members of "mbedtls_sha256_context" as private, + * but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue. + * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external + * access. + * Directly including <external/mbedtls/library/common.h> is not allowed, + * since this will include <malloc.h> and break the sandbox test. + */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#include <mbedtls/sha1.h> +#endif + #ifdef __cplusplus extern "C" { #endif @@ -26,6 +41,9 @@ extern "C" {
extern const uint8_t sha1_der_prefix[];
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +typedef mbedtls_sha1_context sha1_context; +#else /** * \brief SHA-1 context structure */ @@ -36,13 +54,14 @@ typedef struct unsigned char buffer[64]; /*!< data block being processed */ } sha1_context; +#endif
/** * \brief SHA-1 context setup * * \param ctx SHA-1 context to be initialized */ -void sha1_starts( sha1_context *ctx ); +void sha1_starts(sha1_context *ctx);
/** * \brief SHA-1 process buffer diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index a4fe176c0b4..b58d5b58d39 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -3,6 +3,22 @@
#include <linux/types.h>
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +/* + * FIXME: + * MbedTLS define the members of "mbedtls_sha256_context" as private, + * but "state" needs to be access by arch/arm/cpu/armv8/sha256_ce_glue. + * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external + * access. + * Directly including <external/mbedtls/library/common.h> is not allowed, + * since this will include <malloc.h> and break the sandbox test. + */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#include <mbedtls/sha256.h> +#endif + +#define SHA224_SUM_LEN 28 #define SHA256_SUM_LEN 32 #define SHA256_DER_LEN 19
@@ -11,11 +27,15 @@ extern const uint8_t sha256_der_prefix[]; /* Reset watchdog each time we process this many bytes */ #define CHUNKSZ_SHA256 (64 * 1024)
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +typedef mbedtls_sha256_context sha256_context; +#else typedef struct { uint32_t total[2]; uint32_t state[8]; uint8_t buffer[64]; } sha256_context; +#endif
void sha256_starts(sha256_context * ctx); void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length); diff --git a/include/u-boot/sha512.h b/include/u-boot/sha512.h index 90bd96a3f8c..2b5a21a7c70 100644 --- a/include/u-boot/sha512.h +++ b/include/u-boot/sha512.h @@ -3,6 +3,10 @@
#include <linux/types.h>
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +#include <mbedtls/sha512.h> +#endif + #define SHA384_SUM_LEN 48 #define SHA384_DER_LEN 19 #define SHA512_SUM_LEN 64 @@ -12,11 +16,16 @@ #define CHUNKSZ_SHA384 (16 * 1024) #define CHUNKSZ_SHA512 (16 * 1024)
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +typedef mbedtls_sha512_context sha384_context; +typedef mbedtls_sha512_context sha512_context; +#else typedef struct { uint64_t state[SHA512_SUM_LEN / 8]; uint64_t count[2]; uint8_t buf[SHA512_BLOCK_SIZE]; } sha512_context; +#endif
extern const uint8_t sha512_der_prefix[];
@@ -29,12 +38,19 @@ void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
extern const uint8_t sha384_der_prefix[];
+#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) +void sha384_starts(sha512_context *ctx); +void +sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length); +void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]); +void sha384_csum_wd(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz); +#else void sha384_starts(sha512_context * ctx); void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length); void sha384_finish(sha512_context * ctx, uint8_t digest[SHA384_SUM_LEN]);
void sha384_csum_wd(const unsigned char *input, unsigned int ilen, - unsigned char *output, unsigned int chunk_sz); - - + unsigned char *output, unsigned int chunk_sz); +#endif #endif /* _SHA512_H */ diff --git a/lib/Makefile b/lib/Makefile index a4600b09f49..f76af77a969 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -69,14 +69,16 @@ obj-$(CONFIG_$(SPL_TPL_)CRC16) += crc16.o obj-y += crypto/
obj-$(CONFIG_$(SPL_TPL_)ACPI) += acpi/ -obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_ECDSA) += ecdsa/ obj-$(CONFIG_$(SPL_)RSA) += rsa/ obj-$(CONFIG_HASH) += hash-checksum.o obj-$(CONFIG_BLAKE2) += blake2/blake2b.o -obj-$(CONFIG_$(SPL_)SHA1) += sha1.o -obj-$(CONFIG_$(SPL_)SHA256) += sha256.o -obj-$(CONFIG_$(SPL_)SHA512) += sha512.o + +obj-$(CONFIG_$(SPL_)MD5_LEGACY) += md5.o +obj-$(CONFIG_$(SPL_)SHA1_LEGACY) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256_LEGACY) += sha256.o +obj-$(CONFIG_$(SPL_)SHA512_LEGACY) += sha512.o + obj-$(CONFIG_CRYPT_PW) += crypt/ obj-$(CONFIG_$(SPL_)ASN1_DECODER) += asn1_decoder.o
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 3e9057f1acf..6662a9d20f1 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -21,9 +21,105 @@ if LEGACY_CRYPTO
config LEGACY_CRYPTO_BASIC bool "legacy basic crypto libraries" + select MD5_LEGACY if MD5 + select SHA1_LEGACY if SHA1 + select SHA256_LEGACY if SHA256 + select SHA512_LEGACY if SHA512 + select SHA384_LEGACY if SHA384 + select SPL_MD5_LEGACY if MD5 && SPL + select SPL_SHA1_LEGACY if SHA1 && SPL + select SPL_SHA256_LEGACY if SHA256 && SPL + select SPL_SHA512_LEGACY if SHA512 && SPL + select SPL_SHA384_LEGACY if SHA384 && SPL help Enable legacy basic crypto libraries.
+if LEGACY_CRYPTO_BASIC + +config SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library. + +config SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library. + +config SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SHA512 + default y if TI_SECURE_DEVICE && FIT_SIGNATURE + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library. + +config SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SHA384 + select SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library. + +config MD5_LEGACY + bool "Enable MD5 support with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library. + +if SPL + +config SPL_SHA1_LEGACY + bool "Enable SHA1 support in SPL with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 + default y if SHA1 && LEGACY_CRYPTO_BASIC + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library. + +config SPL_SHA256_LEGACY + bool "Enable SHA256 support in SPL with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 + default y if SHA256 && LEGACY_CRYPTO_BASIC + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library. + +config SPL_SHA512_LEGACY + bool "Enable SHA512 support in SPL with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 + default y if SHA512 && LEGACY_CRYPTO_BASIC + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library. + +config SPL_SHA384_LEGACY + bool "Enable SHA384 support in SPL with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 + default y if SHA384 && LEGACY_CRYPTO_BASIC + select SPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library. + +config SPL_MD5_LEGACY + bool "Enable MD5 support in SPL with legacy crypto library" + depends on LEGACY_CRYPTO_BASIC && SPL_MD5 + default y if MD5 && LEGACY_CRYPTO_BASIC + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library. + +endif # SPL + +endif # LEGACY_CRYPTO_BASIC + config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" help
On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote:
Adapt digest header files to support both original libs and MbedTLS by switching on/off MBEDTLS_LIB_CRYPTO. Introduce <alg>_LEGACY kconfig for legacy hash implementations.
[snip]
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 3e9057f1acf..6662a9d20f1 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -21,9 +21,105 @@ if LEGACY_CRYPTO
config LEGACY_CRYPTO_BASIC bool "legacy basic crypto libraries"
- select MD5_LEGACY if MD5
- select SHA1_LEGACY if SHA1
- select SHA256_LEGACY if SHA256
- select SHA512_LEGACY if SHA512
- select SHA384_LEGACY if SHA384
- select SPL_MD5_LEGACY if MD5 && SPL
- select SPL_SHA1_LEGACY if SHA1 && SPL
- select SPL_SHA256_LEGACY if SHA256 && SPL
- select SPL_SHA512_LEGACY if SHA512 && SPL
- select SPL_SHA384_LEGACY if SHA384 && SPL help Enable legacy basic crypto libraries.
+if LEGACY_CRYPTO_BASIC
+config SHA1_LEGACY
- bool "Enable SHA1 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA1
- help
This option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SHA256_LEGACY
- bool "Enable SHA256 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA256
- help
This option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SHA512_LEGACY
- bool "Enable SHA512 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA512
- default y if TI_SECURE_DEVICE && FIT_SIGNATURE
- help
This option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SHA384_LEGACY
- bool "Enable SHA384 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA384
- select SHA512_LEGACY
- help
This option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config MD5_LEGACY
- bool "Enable MD5 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && MD5
- help
This option enables support of hashing using MD5 algorithmwith legacy crypto library.+if SPL
+config SPL_SHA1_LEGACY
- bool "Enable SHA1 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
- default y if SHA1 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SPL_SHA256_LEGACY
- bool "Enable SHA256 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
- default y if SHA256 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SPL_SHA512_LEGACY
- bool "Enable SHA512 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
- default y if SHA512 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SPL_SHA384_LEGACY
- bool "Enable SHA384 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
- default y if SHA384 && LEGACY_CRYPTO_BASIC
- select SPL_SHA512
- help
This option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config SPL_MD5_LEGACY
- bool "Enable MD5 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_MD5
- default y if MD5 && LEGACY_CRYPTO_BASIC
- help
This option enables support of hashing using MD5 algorithmwith legacy crypto library.+endif # SPL
+endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" help
This is all certainly moving in the right direction, but there's dependency issues: aarch64: w+ xilinx_zynqmp_kria +(xilinx_zynqmp_kria) +(xilinx_zynqmp_kria) WARNING: unmet direct dependencies detected for SPL_MD5_LEGACY +(xilinx_zynqmp_kria) Depends on [n]: LEGACY_CRYPTO [=y] && SPL [=y] && LEGACY_CRYPTO_BASIC [=y] && SPL_MD5 [=n] +(xilinx_zynqmp_kria) Selected by [y]: +(xilinx_zynqmp_kria) - LEGACY_CRYPTO_BASIC [=y] && LEGACY_CRYPTO [=y] && MD5 [=y] && SPL [=y]
Annoyingly I was not able to previously figure out how to make such problems a fatal error, but if you look at the output from each of the world build CI steps you'll see a lot of hits for "WARNING: unmet direct dependencies" and that'll help you track down which are where and what to do about it.
Hi Tom,
On Tue, 2 Jul 2024 at 18:48, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote:
Adapt digest header files to support both original libs and MbedTLS by switching on/off MBEDTLS_LIB_CRYPTO. Introduce <alg>_LEGACY kconfig for legacy hash implementations.
[snip]
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 3e9057f1acf..6662a9d20f1 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -21,9 +21,105 @@ if LEGACY_CRYPTO
config LEGACY_CRYPTO_BASIC bool "legacy basic crypto libraries"
select MD5_LEGACY if MD5select SHA1_LEGACY if SHA1select SHA256_LEGACY if SHA256select SHA512_LEGACY if SHA512select SHA384_LEGACY if SHA384select SPL_MD5_LEGACY if MD5 && SPLselect SPL_SHA1_LEGACY if SHA1 && SPLselect SPL_SHA256_LEGACY if SHA256 && SPLselect SPL_SHA512_LEGACY if SHA512 && SPLselect SPL_SHA384_LEGACY if SHA384 && SPL help Enable legacy basic crypto libraries.+if LEGACY_CRYPTO_BASIC
+config SHA1_LEGACY
bool "Enable SHA1 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA1helpThis option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SHA256_LEGACY
bool "Enable SHA256 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA256helpThis option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SHA512_LEGACY
bool "Enable SHA512 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA512default y if TI_SECURE_DEVICE && FIT_SIGNATUREhelpThis option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SHA384_LEGACY
bool "Enable SHA384 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA384select SHA512_LEGACYhelpThis option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config MD5_LEGACY
bool "Enable MD5 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && MD5helpThis option enables support of hashing using MD5 algorithmwith legacy crypto library.+if SPL
+config SPL_SHA1_LEGACY
bool "Enable SHA1 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA1default y if SHA1 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SPL_SHA256_LEGACY
bool "Enable SHA256 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA256default y if SHA256 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SPL_SHA512_LEGACY
bool "Enable SHA512 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA512default y if SHA512 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SPL_SHA384_LEGACY
bool "Enable SHA384 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA384default y if SHA384 && LEGACY_CRYPTO_BASICselect SPL_SHA512helpThis option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config SPL_MD5_LEGACY
bool "Enable MD5 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_MD5default y if MD5 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using MD5 algorithmwith legacy crypto library.+endif # SPL
+endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" help
This is all certainly moving in the right direction, but there's dependency issues: aarch64: w+ xilinx_zynqmp_kria +(xilinx_zynqmp_kria) +(xilinx_zynqmp_kria) WARNING: unmet direct dependencies detected for SPL_MD5_LEGACY +(xilinx_zynqmp_kria) Depends on [n]: LEGACY_CRYPTO [=y] && SPL [=y] && LEGACY_CRYPTO_BASIC [=y] && SPL_MD5 [=n] +(xilinx_zynqmp_kria) Selected by [y]: +(xilinx_zynqmp_kria) - LEGACY_CRYPTO_BASIC [=y] && LEGACY_CRYPTO [=y] && MD5 [=y] && SPL [=y]
I am a bit confused by SPL_MD5, why it is [n] when both MD5 and SPL are [y]. Of course we can replace 'SPL_MD5' with 'MD5 && SPL' to solve the warning, but I guess the wrong dependence is on SPL_MD5 but not the new added ones. ``` config SPL_MD5 bool "Support MD5 algorithm in SPL" depends on SPL ``` I think it should be 'default y if SPL && MD5' instead of 'depends on SPL'.
Similarly SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is not selected when both ASYMMETRIC_PUBLIC_KEY_SUBTYPE and SPL are selected; SPL_ASN1_DECODER is not selected when both ASN1_DECODER and SPL are selected.
I think generally for each algorithm, 'SPL_<ALG>' config should be selected when both 'SPL' and '<ALG>' are selected.
If you agree I can fix this in the next patch set.
Regards, Raymond
On Tue, Jul 02, 2024 at 08:02:37PM -0400, Raymond Mao wrote:
Hi Tom,
On Tue, 2 Jul 2024 at 18:48, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote:
Adapt digest header files to support both original libs and MbedTLS by switching on/off MBEDTLS_LIB_CRYPTO. Introduce <alg>_LEGACY kconfig for legacy hash implementations.
[snip]
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 3e9057f1acf..6662a9d20f1 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -21,9 +21,105 @@ if LEGACY_CRYPTO
config LEGACY_CRYPTO_BASIC bool "legacy basic crypto libraries"
select MD5_LEGACY if MD5select SHA1_LEGACY if SHA1select SHA256_LEGACY if SHA256select SHA512_LEGACY if SHA512select SHA384_LEGACY if SHA384select SPL_MD5_LEGACY if MD5 && SPLselect SPL_SHA1_LEGACY if SHA1 && SPLselect SPL_SHA256_LEGACY if SHA256 && SPLselect SPL_SHA512_LEGACY if SHA512 && SPLselect SPL_SHA384_LEGACY if SHA384 && SPL help Enable legacy basic crypto libraries.+if LEGACY_CRYPTO_BASIC
+config SHA1_LEGACY
bool "Enable SHA1 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA1helpThis option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SHA256_LEGACY
bool "Enable SHA256 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA256helpThis option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SHA512_LEGACY
bool "Enable SHA512 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA512default y if TI_SECURE_DEVICE && FIT_SIGNATUREhelpThis option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SHA384_LEGACY
bool "Enable SHA384 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SHA384select SHA512_LEGACYhelpThis option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config MD5_LEGACY
bool "Enable MD5 support with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && MD5helpThis option enables support of hashing using MD5 algorithmwith legacy crypto library.+if SPL
+config SPL_SHA1_LEGACY
bool "Enable SHA1 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA1default y if SHA1 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using SHA1 algorithmwith legacy crypto library.+config SPL_SHA256_LEGACY
bool "Enable SHA256 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA256default y if SHA256 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using SHA256 algorithmwith legacy crypto library.+config SPL_SHA512_LEGACY
bool "Enable SHA512 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA512default y if SHA512 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using SHA512 algorithmwith legacy crypto library.+config SPL_SHA384_LEGACY
bool "Enable SHA384 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_SHA384default y if SHA384 && LEGACY_CRYPTO_BASICselect SPL_SHA512helpThis option enables support of hashing using SHA384 algorithmwith legacy crypto library.+config SPL_MD5_LEGACY
bool "Enable MD5 support in SPL with legacy crypto library"depends on LEGACY_CRYPTO_BASIC && SPL_MD5default y if MD5 && LEGACY_CRYPTO_BASIChelpThis option enables support of hashing using MD5 algorithmwith legacy crypto library.+endif # SPL
+endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" help
This is all certainly moving in the right direction, but there's dependency issues: aarch64: w+ xilinx_zynqmp_kria +(xilinx_zynqmp_kria) +(xilinx_zynqmp_kria) WARNING: unmet direct dependencies detected for SPL_MD5_LEGACY +(xilinx_zynqmp_kria) Depends on [n]: LEGACY_CRYPTO [=y] && SPL [=y] && LEGACY_CRYPTO_BASIC [=y] && SPL_MD5 [=n] +(xilinx_zynqmp_kria) Selected by [y]: +(xilinx_zynqmp_kria) - LEGACY_CRYPTO_BASIC [=y] && LEGACY_CRYPTO [=y] && MD5 [=y] && SPL [=y]
I am a bit confused by SPL_MD5, why it is [n] when both MD5 and SPL are [y]. Of course we can replace 'SPL_MD5' with 'MD5 && SPL' to solve the warning, but I guess the wrong dependence is on SPL_MD5 but not the new added ones.
config SPL_MD5 bool "Support MD5 algorithm in SPL" depends on SPLI think it should be 'default y if SPL && MD5' instead of 'depends on SPL'.
Similarly SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is not selected when both ASYMMETRIC_PUBLIC_KEY_SUBTYPE and SPL are selected; SPL_ASN1_DECODER is not selected when both ASN1_DECODER and SPL are selected.
I think generally for each algorithm, 'SPL_<ALG>' config should be selected when both 'SPL' and '<ALG>' are selected.
If you agree I can fix this in the next patch set.
Kconfig error messages are a bit difficult to understand at times, yes. Please figure out what exactly the depends on / default y combinations should be such that (a) there's no functional changes, and buildman size comparison builds are good for that and (b) no warnings like this are found.
We don't need an API specially for non-watchdog since md5_wd supports it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG. Set 0x10000 as default chunk size for MD5.
Signed-off-by: Raymond Mao raymond.mao@linaro.org Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org Reviewed-by: Michal Simek michal.simek@amd.com --- Changes in v3 - Initial patch. Changes in v4 - Update commit message.
board/friendlyarm/nanopi2/board.c | 3 ++- board/intel/edison/edison.c | 3 ++- board/xilinx/zynq/bootimg.c | 2 +- include/u-boot/md5.h | 7 +------ lib/md5.c | 15 --------------- 5 files changed, 6 insertions(+), 24 deletions(-)
diff --git a/board/friendlyarm/nanopi2/board.c b/board/friendlyarm/nanopi2/board.c index c8cbc5a15fa..2d764e8eef3 100644 --- a/board/friendlyarm/nanopi2/board.c +++ b/board/friendlyarm/nanopi2/board.c @@ -263,7 +263,8 @@ static void make_ether_addr(u8 *addr) hash[6] = readl(PHY_BASEADDR_ECID + 0x08); hash[7] = readl(PHY_BASEADDR_ECID + 0x0c);
- md5((unsigned char *)&hash[4], 64, (unsigned char *)hash); + md5_wd((unsigned char *)&hash[4], 64, (unsigned char *)hash, + MD5_DEF_CHUNK_SZ);
hash[0] ^= hash[2]; hash[1] ^= hash[3]; diff --git a/board/intel/edison/edison.c b/board/intel/edison/edison.c index 911ffda2fc7..27fda3fc1d2 100644 --- a/board/intel/edison/edison.c +++ b/board/intel/edison/edison.c @@ -32,7 +32,8 @@ static void assign_serial(void) if (!mmc) return;
- md5((unsigned char *)mmc->cid, sizeof(mmc->cid), ssn); + md5_wd((unsigned char *)mmc->cid, sizeof(mmc->cid), ssn, + MD5_DEF_CHUNK_SZ);
snprintf(usb0addr, sizeof(usb0addr), "02:00:86:%02x:%02x:%02x", ssn[13], ssn[14], ssn[15]); diff --git a/board/xilinx/zynq/bootimg.c b/board/xilinx/zynq/bootimg.c index 79bec3a4cfb..9eb0735f55d 100644 --- a/board/xilinx/zynq/bootimg.c +++ b/board/xilinx/zynq/bootimg.c @@ -135,7 +135,7 @@ int zynq_validate_partition(u32 start_addr, u32 len, u32 chksum_off)
memcpy(&checksum[0], (u32 *)chksum_off, MD5_CHECKSUM_SIZE);
- md5_wd((u8 *)start_addr, len, &calchecksum[0], 0x10000); + md5_wd((u8 *)start_addr, len, &calchecksum[0], MD5_DEF_CHUNK_SZ);
if (!memcmp(checksum, calchecksum, MD5_CHECKSUM_SIZE)) return 0; diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h index 69898fcbe49..c98b1a58088 100644 --- a/include/u-boot/md5.h +++ b/include/u-boot/md5.h @@ -12,6 +12,7 @@ #include "compiler.h"
#define MD5_SUM_LEN 16 +#define MD5_DEF_CHUNK_SZ 0x10000
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) typedef mbedtls_md5_context MD5Context; @@ -30,12 +31,6 @@ void MD5Init(MD5Context *ctx); void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len); void MD5Final(unsigned char digest[16], MD5Context *ctx);
-/* - * Calculate and store in 'output' the MD5 digest of 'len' bytes at - * 'input'. 'output' must have enough space to hold 16 bytes. - */ -void md5 (unsigned char *input, int len, unsigned char output[16]); - /* * Calculate and store in 'output' the MD5 digest of 'len' bytes at 'input'. * 'output' must have enough space to hold 16 bytes. If 'chunk' Trigger the diff --git a/lib/md5.c b/lib/md5.c index 34343cf8e23..2d8977b2e85 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -262,21 +262,6 @@ MD5Transform(__u32 buf[4], __u32 const in[16]) buf[3] += d; }
-/* - * Calculate and store in 'output' the MD5 digest of 'len' bytes at - * 'input'. 'output' must have enough space to hold 16 bytes. - */ -void -md5 (unsigned char *input, int len, unsigned char output[16]) -{ - MD5Context context; - - MD5Init(&context); - MD5Update(&context, input, len); - MD5Final(output, &context); -} - - /* * Calculate and store in 'output' the MD5 digest of 'len' bytes at 'input'. * 'output' must have enough space to hold 16 bytes. If 'chunk' Trigger the
We don't need an API specially for non-watchdog since sha1_csum_wd supports it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG. Set 0x10000 as default chunk size for SHA1.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v4 - Initial patch.
board/gdsys/a38x/hre.c | 2 +- include/u-boot/sha1.h | 12 ++---------- lib/sha1.c | 13 ------------- lib/tpm-v1.c | 2 +- 4 files changed, 4 insertions(+), 25 deletions(-)
diff --git a/board/gdsys/a38x/hre.c b/board/gdsys/a38x/hre.c index f303793b63b..06856ea36d3 100644 --- a/board/gdsys/a38x/hre.c +++ b/board/gdsys/a38x/hre.c @@ -166,7 +166,7 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], return -1; if (err) continue; - sha1_csum(buf, buf_len, digest); + sha1_csum_wd(buf, buf_len, digest, SHA1_DEF_CHUNK_SZ); if (!memcmp(digest, pubkey_digest, 20)) { *handle = key_handles[i]; return 0; diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h index ab88134fb98..36c3db15e22 100644 --- a/include/u-boot/sha1.h +++ b/include/u-boot/sha1.h @@ -39,6 +39,8 @@ extern "C" { #define SHA1_SUM_LEN 20 #define SHA1_DER_LEN 15
+#define SHA1_DEF_CHUNK_SZ 0x10000 + extern const uint8_t sha1_der_prefix[];
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) @@ -81,16 +83,6 @@ void sha1_update(sha1_context *ctx, const unsigned char *input, */ void sha1_finish( sha1_context *ctx, unsigned char output[20] );
-/** - * \brief Output = SHA-1( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-1 checksum result - */ -void sha1_csum(const unsigned char *input, unsigned int ilen, - unsigned char *output); - /** * \brief Output = SHA-1( input buffer ), with watchdog triggering * diff --git a/lib/sha1.c b/lib/sha1.c index 7ef536f4b5d..81412283b49 100644 --- a/lib/sha1.c +++ b/lib/sha1.c @@ -304,19 +304,6 @@ void sha1_finish (sha1_context * ctx, unsigned char output[20]) PUT_UINT32_BE (ctx->state[4], output, 16); }
-/* - * Output = SHA-1( input buffer ) - */ -void sha1_csum(const unsigned char *input, unsigned int ilen, - unsigned char *output) -{ - sha1_context ctx; - - sha1_starts (&ctx); - sha1_update (&ctx, input, ilen); - sha1_finish (&ctx, output); -} - /* * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz' * bytes of input processed. diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index e66023da5e6..a6727c575fd 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -871,7 +871,7 @@ u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], return -1; if (err) continue; - sha1_csum(buf, buf_len, digest); + sha1_csum_wd(buf, buf_len, digest, SHA1_DEF_CHUNK_SZ); if (!memcmp(digest, pubkey_digest, 20)) { *handle = key_handles[i]; return 0;
On Tue, 2 Jul 2024 at 21:26, Raymond Mao raymond.mao@linaro.org wrote:
We don't need an API specially for non-watchdog since sha1_csum_wd supports it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG. Set 0x10000 as default chunk size for SHA1.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v4
- Initial patch.
board/gdsys/a38x/hre.c | 2 +- include/u-boot/sha1.h | 12 ++---------- lib/sha1.c | 13 ------------- lib/tpm-v1.c | 2 +- 4 files changed, 4 insertions(+), 25 deletions(-)
diff --git a/board/gdsys/a38x/hre.c b/board/gdsys/a38x/hre.c index f303793b63b..06856ea36d3 100644 --- a/board/gdsys/a38x/hre.c +++ b/board/gdsys/a38x/hre.c @@ -166,7 +166,7 @@ static int find_key(struct udevice *tpm, const uint8_t auth[20], return -1; if (err) continue;
sha1_csum(buf, buf_len, digest);
sha1_csum_wd(buf, buf_len, digest, SHA1_DEF_CHUNK_SZ); if (!memcmp(digest, pubkey_digest, 20)) { *handle = key_handles[i]; return 0;diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h index ab88134fb98..36c3db15e22 100644 --- a/include/u-boot/sha1.h +++ b/include/u-boot/sha1.h @@ -39,6 +39,8 @@ extern "C" { #define SHA1_SUM_LEN 20 #define SHA1_DER_LEN 15
+#define SHA1_DEF_CHUNK_SZ 0x10000
extern const uint8_t sha1_der_prefix[];
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) @@ -81,16 +83,6 @@ void sha1_update(sha1_context *ctx, const unsigned char *input, */ void sha1_finish( sha1_context *ctx, unsigned char output[20] );
-/**
- \brief Output = SHA-1( input buffer )
- \param input buffer holding the data
- \param ilen length of the input data
- \param output SHA-1 checksum result
- */
-void sha1_csum(const unsigned char *input, unsigned int ilen,
unsigned char *output);/**
- \brief Output = SHA-1( input buffer ), with watchdog triggering
diff --git a/lib/sha1.c b/lib/sha1.c index 7ef536f4b5d..81412283b49 100644 --- a/lib/sha1.c +++ b/lib/sha1.c @@ -304,19 +304,6 @@ void sha1_finish (sha1_context * ctx, unsigned char output[20]) PUT_UINT32_BE (ctx->state[4], output, 16); }
-/*
- Output = SHA-1( input buffer )
- */
-void sha1_csum(const unsigned char *input, unsigned int ilen,
unsigned char *output)-{
sha1_context ctx;sha1_starts (&ctx);sha1_update (&ctx, input, ilen);sha1_finish (&ctx, output);-}
/*
- Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
- bytes of input processed.
diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index e66023da5e6..a6727c575fd 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -871,7 +871,7 @@ u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20], return -1; if (err) continue;
sha1_csum(buf, buf_len, digest);
sha1_csum_wd(buf, buf_len, digest, SHA1_DEF_CHUNK_SZ); if (!memcmp(digest, pubkey_digest, 20)) { *handle = key_handles[i]; return 0;-- 2.25.1
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Implement digest shim layer on top of MbedTLS crypto library. Introduce <alg>_MBEDTLS kconfig for MbedTLS crypto implementations.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Split the shim layer into separated files and use the original head files instead of creating new ones. Changes in v3 - Refactored sha1_hmac and removed non-watchdog md5 function. Changes in v4 - Refactored hash _wd functions. - Introduce <alg>_MBEDTLS kconfig for MbedTLS crypto implementations.
include/u-boot/sha1.h | 4 ++ lib/mbedtls/Kconfig | 95 +++++++++++++++++++++++++++++++++++++++++ lib/mbedtls/Makefile | 15 +++++-- lib/mbedtls/md5.c | 57 +++++++++++++++++++++++++ lib/mbedtls/sha1.c | 99 +++++++++++++++++++++++++++++++++++++++++++ lib/mbedtls/sha256.c | 62 +++++++++++++++++++++++++++ lib/mbedtls/sha512.c | 93 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 421 insertions(+), 4 deletions(-) create mode 100644 lib/mbedtls/md5.c create mode 100644 lib/mbedtls/sha1.c create mode 100644 lib/mbedtls/sha256.c create mode 100644 lib/mbedtls/sha512.c
diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h index 36c3db15e22..2fca7f1be16 100644 --- a/include/u-boot/sha1.h +++ b/include/u-boot/sha1.h @@ -41,6 +41,10 @@ extern "C" {
#define SHA1_DEF_CHUNK_SZ 0x10000
+#define K_IPAD_VAL 0x36 +#define K_OPAD_VAL 0x5C +#define K_PAD_LEN 64 + extern const uint8_t sha1_der_prefix[];
#if defined(CONFIG_MBEDTLS_LIB_CRYPTO) diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 6662a9d20f1..0cdf0135667 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -131,9 +131,104 @@ if MBEDTLS_LIB
config MBEDTLS_LIB_CRYPTO bool "MbedTLS crypto libraries" + select MD5_MBEDTLS if MD5 + select SHA1_MBEDTLS if SHA1 + select SHA256_MBEDTLS if SHA256 + select SHA512_MBEDTLS if SHA512 + select SHA384_MBEDTLS if SHA384 + select SPL_MD5_MBEDTLS if MD5 && SPL + select SPL_SHA1_MBEDTLS if SHA1 && SPL + select SPL_SHA256_MBEDTLS if SHA256 && SPL + select SPL_SHA512_MBEDTLS if SHA512 && SPL + select SPL_SHA384_MBEDTLS if SHA384 && SPL help Enable MbedTLS crypto libraries.
+if MBEDTLS_LIB_CRYPTO + +config SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library. + +config SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library. + +config SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SHA512 + default y if TI_SECURE_DEVICE && FIT_SIGNATURE + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library. + +config SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SHA384 + select SHA512_MBEDTLS + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library. + +config MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library. + +if SPL + +config SPL_SHA1_MBEDTLS + bool "Enable SHA1 support in SPL with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1 + default y if SHA1 && MBEDTLS_LIB_CRYPTO + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library. + +config SPL_SHA256_MBEDTLS + bool "Enable SHA256 support in SPL with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256 + default y if SHA256 && MBEDTLS_LIB_CRYPTO + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library. + +config SPL_SHA512_MBEDTLS + bool "Enable SHA512 support in SPL with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512 + default y if SHA512 && MBEDTLS_LIB_CRYPTO + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library. + +config SPL_SHA384_MBEDTLS + bool "Enable SHA384 support in SPL with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384 + default y if SHA384 && MBEDTLS_LIB_CRYPTO + select SPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library. + +config SPL_MD5_MBEDTLS + bool "Enable MD5 support in SPL with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO && SPL_MD5 + default y if MD5 && MBEDTLS_LIB_CRYPTO + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library. + +endif # SPL + +endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 803ea0b62a0..32a98b7f4ca 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -13,17 +13,24 @@ ccflags-y += \ -I$(src)/external/mbedtls/include \ -I$(src)/external/mbedtls/library
+# shim layer for hash +obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += hash_mbedtls.o +hash_mbedtls-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o + # MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y += \ $(MBEDTLS_LIB_DIR)/platform_util.o \ $(MBEDTLS_LIB_DIR)/constant_time.o \ $(MBEDTLS_LIB_DIR)/md.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5) += $(MBEDTLS_LIB_DIR)/md5.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1) += $(MBEDTLS_LIB_DIR)/sha1.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256) += \ +mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha256.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512) += \ +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o
# MbedTLS X509 library diff --git a/lib/mbedtls/md5.c b/lib/mbedtls/md5.c new file mode 100644 index 00000000000..04388fce249 --- /dev/null +++ b/lib/mbedtls/md5.c @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Hash shim layer on MbedTLS Crypto library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ +#include "compiler.h" + +#ifndef USE_HOSTCC +#include <watchdog.h> +#endif /* USE_HOSTCC */ +#include <u-boot/md5.h> + +void MD5Init(MD5Context *ctx) +{ + mbedtls_md5_init(ctx); + mbedtls_md5_starts(ctx); +} + +void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len) +{ + mbedtls_md5_update(ctx, buf, len); +} + +void MD5Final(unsigned char digest[16], MD5Context *ctx) +{ + mbedtls_md5_finish(ctx, digest); + mbedtls_md5_free(ctx); +} + +void md5_wd(const unsigned char *input, unsigned int len, + unsigned char output[16], unsigned int chunk_sz) +{ + MD5Context context; + + MD5Init(&context); + + if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) { + const unsigned char *curr = input; + const unsigned char *end = input + len; + int chunk; + + while (curr < end) { + chunk = end - curr; + if (chunk > chunk_sz) + chunk = chunk_sz; + MD5Update(&context, curr, chunk); + curr += chunk; + schedule(); + } + } else { + MD5Update(&context, input, len); + } + + MD5Final(output, &context); +} diff --git a/lib/mbedtls/sha1.c b/lib/mbedtls/sha1.c new file mode 100644 index 00000000000..2aee5037795 --- /dev/null +++ b/lib/mbedtls/sha1.c @@ -0,0 +1,99 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Hash shim layer on MbedTLS Crypto library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ +#ifndef USE_HOSTCC +#include <cyclic.h> +#endif /* USE_HOSTCC */ +#include <string.h> +#include <u-boot/sha1.h> + +const u8 sha1_der_prefix[SHA1_DER_LEN] = { + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, + 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 +}; + +void sha1_starts(sha1_context *ctx) +{ + mbedtls_sha1_init(ctx); + mbedtls_sha1_starts(ctx); +} + +void sha1_update(sha1_context *ctx, const unsigned char *input, + unsigned int length) +{ + mbedtls_sha1_update(ctx, input, length); +} + +void sha1_finish(sha1_context *ctx, unsigned char output[SHA1_SUM_LEN]) +{ + mbedtls_sha1_finish(ctx, output); + mbedtls_sha1_free(ctx); +} + +void sha1_csum_wd(const unsigned char *input, unsigned int ilen, + unsigned char *output, unsigned int chunk_sz) +{ + sha1_context ctx; + + sha1_starts(&ctx); + + if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) { + const unsigned char *curr = input; + const unsigned char *end = input + ilen; + int chunk; + + while (curr < end) { + chunk = end - curr; + if (chunk > chunk_sz) + chunk = chunk_sz; + sha1_update(&ctx, curr, chunk); + curr += chunk; + schedule(); + } + } else { + sha1_update(&ctx, input, ilen); + } + + sha1_finish(&ctx, output); +} + +void sha1_hmac(const unsigned char *key, int keylen, + const unsigned char *input, unsigned int ilen, + unsigned char *output) +{ + int i; + sha1_context ctx; + unsigned char k_ipad[K_PAD_LEN]; + unsigned char k_opad[K_PAD_LEN]; + unsigned char tmpbuf[20]; + + if (keylen > K_PAD_LEN) + return; + + memset(k_ipad, K_IPAD_VAL, sizeof(k_ipad)); + memset(k_opad, K_OPAD_VAL, sizeof(k_opad)); + + for (i = 0; i < keylen; i++) { + k_ipad[i] ^= key[i]; + k_opad[i] ^= key[i]; + } + + sha1_starts(&ctx); + sha1_update(&ctx, k_ipad, sizeof(k_ipad)); + sha1_update(&ctx, input, ilen); + sha1_finish(&ctx, tmpbuf); + + sha1_starts(&ctx); + sha1_update(&ctx, k_opad, sizeof(k_opad)); + sha1_update(&ctx, tmpbuf, sizeof(tmpbuf)); + sha1_finish(&ctx, output); + + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memset(tmpbuf, 0, sizeof(tmpbuf)); + memset(&ctx, 0, sizeof(sha1_context)); +} diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c new file mode 100644 index 00000000000..24aa58fa674 --- /dev/null +++ b/lib/mbedtls/sha256.c @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Hash shim layer on MbedTLS Crypto library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ +#ifndef USE_HOSTCC +#include <cyclic.h> +#endif /* USE_HOSTCC */ +#include <u-boot/sha256.h> + +const u8 sha256_der_prefix[SHA256_DER_LEN] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20 +}; + +void sha256_starts(sha256_context *ctx) +{ + mbedtls_sha256_init(ctx); + mbedtls_sha256_starts(ctx, 0); +} + +void +sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length) +{ + mbedtls_sha256_update(ctx, input, length); +} + +void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]) +{ + mbedtls_sha256_finish(ctx, digest); + mbedtls_sha256_free(ctx); +} + +void sha256_csum_wd(const unsigned char *input, unsigned int ilen, + unsigned char *output, unsigned int chunk_sz) +{ + sha256_context ctx; + + sha256_starts(&ctx); + + if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) { + const unsigned char *curr = input; + const unsigned char *end = input + ilen; + int chunk; + + while (curr < end) { + chunk = end - curr; + if (chunk > chunk_sz) + chunk = chunk_sz; + sha256_update(&ctx, curr, chunk); + curr += chunk; + schedule(); + } + } else { + sha256_update(&ctx, input, ilen); + } + + sha256_finish(&ctx, output); +} diff --git a/lib/mbedtls/sha512.c b/lib/mbedtls/sha512.c new file mode 100644 index 00000000000..5615248cb91 --- /dev/null +++ b/lib/mbedtls/sha512.c @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Hash shim layer on MbedTLS Crypto library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ +#ifndef USE_HOSTCC +#include <cyclic.h> +#endif /* USE_HOSTCC */ +#include <compiler.h> +#include <u-boot/sha512.h> + +const u8 sha384_der_prefix[SHA384_DER_LEN] = { + 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, + 0x00, 0x04, 0x30 +}; + +const u8 sha512_der_prefix[SHA512_DER_LEN] = { + 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, + 0x00, 0x04, 0x40 +}; + +void sha384_starts(sha512_context *ctx) +{ + mbedtls_sha512_init(ctx); + mbedtls_sha512_starts(ctx, 1); +} + +void +sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length) +{ + mbedtls_sha512_update(ctx, input, length); +} + +void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]) +{ + mbedtls_sha512_finish(ctx, digest); + mbedtls_sha512_free(ctx); +} + +void sha384_csum_wd(const unsigned char *input, unsigned int length, + unsigned char *output, unsigned int chunk_sz) +{ + mbedtls_sha512(input, length, output, 1); +} + +void sha512_starts(sha512_context *ctx) +{ + mbedtls_sha512_init(ctx); + mbedtls_sha512_starts(ctx, 0); +} + +void +sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length) +{ + mbedtls_sha512_update(ctx, input, length); +} + +void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]) +{ + mbedtls_sha512_finish(ctx, digest); + mbedtls_sha512_free(ctx); +} + +void sha512_csum_wd(const unsigned char *input, unsigned int ilen, + unsigned char *output, unsigned int chunk_sz) +{ + sha512_context ctx; + + sha512_starts(&ctx); + + if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) { + const unsigned char *curr = input; + const unsigned char *end = input + ilen; + int chunk; + + while (curr < end) { + chunk = end - curr; + if (chunk > chunk_sz) + chunk = chunk_sz; + sha512_update(&ctx, curr, chunk); + curr += chunk; + schedule(); + } + } else { + sha512_update(&ctx, input, ilen); + } + + sha512_finish(&ctx, output); +}
Hi Raymond
[...]
+if MBEDTLS_LIB_CRYPTO
+config SHA1_MBEDTLS
bool "Enable SHA1 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA1helpThis option enables support of hashing using SHA1 algorithmwith MbedTLS crypto library.+config SHA256_MBEDTLS
bool "Enable SHA256 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA256helpThis option enables support of hashing using SHA256 algorithmwith MbedTLS crypto library.+config SHA512_MBEDTLS
bool "Enable SHA512 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA512default y if TI_SECURE_DEVICE && FIT_SIGNATURE
I don't like this default 'y' for 'ti secure devices'. This is a board specific option. I think it should be defined on the defconfig of those boards instead.
helpThis option enables support of hashing using SHA512 algorithmwith MbedTLS crypto library.+config SHA384_MBEDTLS
bool "Enable SHA384 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA384select SHA512_MBEDTLShelpThis option enables support of hashing using SHA384 algorithmwith MbedTLS crypto library.+config MD5_MBEDTLS
bool "Enable MD5 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && MD5helpThis option enables support of hashing using MD5 algorithmwith MbedTLS crypto library.+if SPL
+config SPL_SHA1_MBEDTLS
bool "Enable SHA1 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1default y if SHA1 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using SHA1 algorithmwith MbedTLS crypto library.+config SPL_SHA256_MBEDTLS
bool "Enable SHA256 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256default y if SHA256 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using SHA256 algorithmwith MbedTLS crypto library.+config SPL_SHA512_MBEDTLS
bool "Enable SHA512 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512default y if SHA512 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using SHA512 algorithmwith MbedTLS crypto library.+config SPL_SHA384_MBEDTLS
bool "Enable SHA384 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384default y if SHA384 && MBEDTLS_LIB_CRYPTOselect SPL_SHA512helpThis option enables support of hashing using SHA384 algorithmwith MbedTLS crypto library.+config SPL_MD5_MBEDTLS
bool "Enable MD5 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_MD5default y if MD5 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using MD5 algorithmwith MbedTLS crypto library.+endif # SPL
+endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 803ea0b62a0..32a98b7f4ca 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -13,17 +13,24 @@ ccflags-y += \ -I$(src)/external/mbedtls/include \ -I$(src)/external/mbedtls/library
+# shim layer for hash +obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += hash_mbedtls.o +hash_mbedtls-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y += \ $(MBEDTLS_LIB_DIR)/platform_util.o \ $(MBEDTLS_LIB_DIR)/constant_time.o \ $(MBEDTLS_LIB_DIR)/md.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5) += $(MBEDTLS_LIB_DIR)/md5.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1) += $(MBEDTLS_LIB_DIR)/sha1.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256) += \ +mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha256.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512) += \ +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o
# MbedTLS X509 library diff --git a/lib/mbedtls/md5.c b/lib/mbedtls/md5.c new file mode 100644 index 00000000000..04388fce249 --- /dev/null +++ b/lib/mbedtls/md5.c @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Hash shim layer on MbedTLS Crypto library
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
- */
+#include "compiler.h"
+#ifndef USE_HOSTCC +#include <watchdog.h> +#endif /* USE_HOSTCC */ +#include <u-boot/md5.h>
+void MD5Init(MD5Context *ctx) +{
mbedtls_md5_init(ctx);mbedtls_md5_starts(ctx);+}
+void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int len) +{
mbedtls_md5_update(ctx, buf, len);+}
+void MD5Final(unsigned char digest[16], MD5Context *ctx) +{
mbedtls_md5_finish(ctx, digest);mbedtls_md5_free(ctx);+}
+void md5_wd(const unsigned char *input, unsigned int len,
unsigned char output[16], unsigned int chunk_sz)+{
MD5Context context;MD5Init(&context);if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) {const unsigned char *curr = input;const unsigned char *end = input + len;int chunk;while (curr < end) {chunk = end - curr;if (chunk > chunk_sz)chunk = chunk_sz;MD5Update(&context, curr, chunk);curr += chunk;schedule();}} else {MD5Update(&context, input, len);}
You can probably split this part to a function, that takes the hashing algo as an argument, since the loop is identical for md5, sha1, sha256 etc
MD5Final(output, &context);+} diff --git a/lib/mbedtls/sha1.c b/lib/mbedtls/sha1.c new file mode 100644 index 00000000000..2aee5037795 --- /dev/null +++ b/lib/mbedtls/sha1.c @@ -0,0 +1,99 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Hash shim layer on MbedTLS Crypto library
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
- */
+#ifndef USE_HOSTCC +#include <cyclic.h> +#endif /* USE_HOSTCC */ +#include <string.h> +#include <u-boot/sha1.h>
+const u8 sha1_der_prefix[SHA1_DER_LEN] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14+};
+void sha1_starts(sha1_context *ctx) +{
mbedtls_sha1_init(ctx);mbedtls_sha1_starts(ctx);+}
+void sha1_update(sha1_context *ctx, const unsigned char *input,
unsigned int length)+{
mbedtls_sha1_update(ctx, input, length);+}
+void sha1_finish(sha1_context *ctx, unsigned char output[SHA1_SUM_LEN]) +{
mbedtls_sha1_finish(ctx, output);mbedtls_sha1_free(ctx);+}
+void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
unsigned char *output, unsigned int chunk_sz)+{
sha1_context ctx;sha1_starts(&ctx);if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) {const unsigned char *curr = input;const unsigned char *end = input + ilen;int chunk;while (curr < end) {chunk = end - curr;if (chunk > chunk_sz)chunk = chunk_sz;sha1_update(&ctx, curr, chunk);curr += chunk;schedule();}} else {sha1_update(&ctx, input, ilen);}sha1_finish(&ctx, output);+}
+void sha1_hmac(const unsigned char *key, int keylen,
const unsigned char *input, unsigned int ilen,unsigned char *output)+{
int i;sha1_context ctx;unsigned char k_ipad[K_PAD_LEN];unsigned char k_opad[K_PAD_LEN];unsigned char tmpbuf[20];if (keylen > K_PAD_LEN)return;memset(k_ipad, K_IPAD_VAL, sizeof(k_ipad));memset(k_opad, K_OPAD_VAL, sizeof(k_opad));for (i = 0; i < keylen; i++) {k_ipad[i] ^= key[i];k_opad[i] ^= key[i];}sha1_starts(&ctx);sha1_update(&ctx, k_ipad, sizeof(k_ipad));sha1_update(&ctx, input, ilen);sha1_finish(&ctx, tmpbuf);sha1_starts(&ctx);sha1_update(&ctx, k_opad, sizeof(k_opad));sha1_update(&ctx, tmpbuf, sizeof(tmpbuf));sha1_finish(&ctx, output);memset(k_ipad, 0, sizeof(k_ipad));memset(k_opad, 0, sizeof(k_opad));memset(tmpbuf, 0, sizeof(tmpbuf));memset(&ctx, 0, sizeof(sha1_context));+} diff --git a/lib/mbedtls/sha256.c b/lib/mbedtls/sha256.c new file mode 100644 index 00000000000..24aa58fa674 --- /dev/null +++ b/lib/mbedtls/sha256.c @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Hash shim layer on MbedTLS Crypto library
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
- */
+#ifndef USE_HOSTCC +#include <cyclic.h> +#endif /* USE_HOSTCC */ +#include <u-boot/sha256.h>
+const u8 sha256_der_prefix[SHA256_DER_LEN] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,0x00, 0x04, 0x20+};
+void sha256_starts(sha256_context *ctx) +{
mbedtls_sha256_init(ctx);mbedtls_sha256_starts(ctx, 0);+}
+void +sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length) +{
mbedtls_sha256_update(ctx, input, length);+}
+void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN]) +{
mbedtls_sha256_finish(ctx, digest);mbedtls_sha256_free(ctx);+}
+void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
unsigned char *output, unsigned int chunk_sz)+{
sha256_context ctx;sha256_starts(&ctx);if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) {const unsigned char *curr = input;const unsigned char *end = input + ilen;int chunk;while (curr < end) {chunk = end - curr;if (chunk > chunk_sz)chunk = chunk_sz;sha256_update(&ctx, curr, chunk);curr += chunk;schedule();}} else {sha256_update(&ctx, input, ilen);}sha256_finish(&ctx, output);+} diff --git a/lib/mbedtls/sha512.c b/lib/mbedtls/sha512.c new file mode 100644 index 00000000000..5615248cb91 --- /dev/null +++ b/lib/mbedtls/sha512.c @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Hash shim layer on MbedTLS Crypto library
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
- */
+#ifndef USE_HOSTCC +#include <cyclic.h> +#endif /* USE_HOSTCC */ +#include <compiler.h> +#include <u-boot/sha512.h>
+const u8 sha384_der_prefix[SHA384_DER_LEN] = {
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,0x00, 0x04, 0x30+};
+const u8 sha512_der_prefix[SHA512_DER_LEN] = {
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,0x00, 0x04, 0x40+};
+void sha384_starts(sha512_context *ctx) +{
mbedtls_sha512_init(ctx);mbedtls_sha512_starts(ctx, 1);+}
+void +sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length) +{
mbedtls_sha512_update(ctx, input, length);+}
+void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]) +{
mbedtls_sha512_finish(ctx, digest);mbedtls_sha512_free(ctx);+}
+void sha384_csum_wd(const unsigned char *input, unsigned int length,
unsigned char *output, unsigned int chunk_sz)+{
mbedtls_sha512(input, length, output, 1);+}
+void sha512_starts(sha512_context *ctx) +{
mbedtls_sha512_init(ctx);mbedtls_sha512_starts(ctx, 0);+}
+void +sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length) +{
mbedtls_sha512_update(ctx, input, length);+}
+void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]) +{
mbedtls_sha512_finish(ctx, digest);mbedtls_sha512_free(ctx);+}
+void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
unsigned char *output, unsigned int chunk_sz)+{
sha512_context ctx;sha512_starts(&ctx);if (IS_ENABLED(CONFIG_HW_WATCHDOG) || IS_ENABLED(CONFIG_WATCHDOG)) {const unsigned char *curr = input;const unsigned char *end = input + ilen;int chunk;while (curr < end) {chunk = end - curr;if (chunk > chunk_sz)chunk = chunk_sz;sha512_update(&ctx, curr, chunk);curr += chunk;schedule();}} else {sha512_update(&ctx, input, ilen);}sha512_finish(&ctx, output);+}
2.25.1
On Fri, Jul 26, 2024 at 01:18:57PM +0300, Ilias Apalodimas wrote:
Hi Raymond
[...]
+if MBEDTLS_LIB_CRYPTO
+config SHA1_MBEDTLS
bool "Enable SHA1 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA1helpThis option enables support of hashing using SHA1 algorithmwith MbedTLS crypto library.+config SHA256_MBEDTLS
bool "Enable SHA256 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA256helpThis option enables support of hashing using SHA256 algorithmwith MbedTLS crypto library.+config SHA512_MBEDTLS
bool "Enable SHA512 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA512default y if TI_SECURE_DEVICE && FIT_SIGNATUREI don't like this default 'y' for 'ti secure devices'. This is a board specific option. I think it should be defined on the defconfig of those boards instead.
This follows the current symbols which are this way because it's basically for all ARCH_K3 platforms, and unlike the Linux Kernel, I'm happy about seeing default y if ... in the Kconfig files for things where there's some, but not much, choice in the matter on a given SoC.
Hi Ilias,
On Fri, 26 Jul 2024 at 06:19, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
[...]
+if MBEDTLS_LIB_CRYPTO
+config SHA1_MBEDTLS
bool "Enable SHA1 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA1helpThis option enables support of hashing using SHA1 algorithmwith MbedTLS crypto library.+config SHA256_MBEDTLS
bool "Enable SHA256 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA256helpThis option enables support of hashing using SHA256 algorithmwith MbedTLS crypto library.+config SHA512_MBEDTLS
bool "Enable SHA512 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA512default y if TI_SECURE_DEVICE && FIT_SIGNATUREI don't like this default 'y' for 'ti secure devices'. This is a board specific option. I think it should be defined on the defconfig of those boards instead.
This dependence completely follows the original SHA512.
Removing TI_SECURE_DEVICE brings some additions work out of the scope of this patch series since we have to update all defconfigs which enables ARCH_K3 (TI_SECURE_DEVICE is an implicit setting of ARCH_K3). If we plan to do this, it is better to have another optimization patch set after this one is merged.
helpThis option enables support of hashing using SHA512 algorithmwith MbedTLS crypto library.+config SHA384_MBEDTLS
bool "Enable SHA384 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SHA384select SHA512_MBEDTLShelpThis option enables support of hashing using SHA384 algorithmwith MbedTLS crypto library.+config MD5_MBEDTLS
bool "Enable MD5 support with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && MD5helpThis option enables support of hashing using MD5 algorithmwith MbedTLS crypto library.+if SPL
+config SPL_SHA1_MBEDTLS
bool "Enable SHA1 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1default y if SHA1 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using SHA1 algorithmwith MbedTLS crypto library.+config SPL_SHA256_MBEDTLS
bool "Enable SHA256 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256default y if SHA256 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using SHA256 algorithmwith MbedTLS crypto library.+config SPL_SHA512_MBEDTLS
bool "Enable SHA512 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512default y if SHA512 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using SHA512 algorithmwith MbedTLS crypto library.+config SPL_SHA384_MBEDTLS
bool "Enable SHA384 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384default y if SHA384 && MBEDTLS_LIB_CRYPTOselect SPL_SHA512helpThis option enables support of hashing using SHA384 algorithmwith MbedTLS crypto library.+config SPL_MD5_MBEDTLS
bool "Enable MD5 support in SPL with MbedTLS crypto library"depends on MBEDTLS_LIB_CRYPTO && SPL_MD5default y if MD5 && MBEDTLS_LIB_CRYPTOhelpThis option enables support of hashing using MD5 algorithmwith MbedTLS crypto library.+endif # SPL
+endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 803ea0b62a0..32a98b7f4ca 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -13,17 +13,24 @@ ccflags-y += \ -I$(src)/external/mbedtls/include \ -I$(src)/external/mbedtls/library
+# shim layer for hash +obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += hash_mbedtls.o +hash_mbedtls-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o +hash_mbedtls-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y += \ $(MBEDTLS_LIB_DIR)/platform_util.o \ $(MBEDTLS_LIB_DIR)/constant_time.o \ $(MBEDTLS_LIB_DIR)/md.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5) += $(MBEDTLS_LIB_DIR)/md5.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1) += $(MBEDTLS_LIB_DIR)/sha1.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256) += \ +mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) +=
$(MBEDTLS_LIB_DIR)/md5.o
+mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) +=
$(MBEDTLS_LIB_DIR)/sha1.o
+mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha256.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512) += \ +mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o
# MbedTLS X509 library diff --git a/lib/mbedtls/md5.c b/lib/mbedtls/md5.c new file mode 100644 index 00000000000..04388fce249 --- /dev/null +++ b/lib/mbedtls/md5.c @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Hash shim layer on MbedTLS Crypto library
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
- */
+#include "compiler.h"
+#ifndef USE_HOSTCC +#include <watchdog.h> +#endif /* USE_HOSTCC */ +#include <u-boot/md5.h>
+void MD5Init(MD5Context *ctx) +{
mbedtls_md5_init(ctx);mbedtls_md5_starts(ctx);+}
+void MD5Update(MD5Context *ctx, unsigned char const *buf, unsigned int
len)
+{
mbedtls_md5_update(ctx, buf, len);+}
+void MD5Final(unsigned char digest[16], MD5Context *ctx) +{
mbedtls_md5_finish(ctx, digest);mbedtls_md5_free(ctx);+}
+void md5_wd(const unsigned char *input, unsigned int len,
unsigned char output[16], unsigned int chunk_sz)+{
MD5Context context;MD5Init(&context);if (IS_ENABLED(CONFIG_HW_WATCHDOG) ||IS_ENABLED(CONFIG_WATCHDOG)) {
const unsigned char *curr = input;const unsigned char *end = input + len;int chunk;while (curr < end) {chunk = end - curr;if (chunk > chunk_sz)chunk = chunk_sz;MD5Update(&context, curr, chunk);curr += chunk;schedule();}} else {MD5Update(&context, input, len);}You can probably split this part to a function, that takes the hashing algo as an argument, since the loop is identical for md5, sha1, sha256 etc
I think this change does not bring too much value.
They are calling different "_update()" functions and we need to switch the algorithm to select which one should be called. Other than that, we need to create a new file (e.g. md_common.c) to contain this new common function. As a trade-off, I prefer to keep the current implementation.
[snip]
Regards, Raymond
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Use the original head files instead of creating new ones. Changes in v3 - Add handle checkers for malloc. Changes in v4 - None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c @@ -35,6 +35,141 @@ #include <u-boot/sha512.h> #include <u-boot/md5.h>
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) + +static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{ + int ret; + mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context)); + + if (!ctx) + return -ENOMEM; + + mbedtls_sha1_init(ctx); + ret = mbedtls_sha1_starts(ctx); + if (!ret) { + *ctxp = ctx; + } else { + mbedtls_sha1_free(ctx); + free(ctx); + } + + return ret; +} + +static int hash_update_sha1(struct hash_algo *algo, void *ctx, const void *buf, + unsigned int size, int is_last) +{ + return mbedtls_sha1_update((mbedtls_sha1_context *)ctx, buf, size); +} + +static int +hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, int size) +{ + int ret; + + if (size < algo->digest_size) + return -1; + + ret = mbedtls_sha1_finish((mbedtls_sha1_context *)ctx, dest_buf); + if (!ret) { + mbedtls_sha1_free((mbedtls_sha1_context *)ctx); + free(ctx); + } + + return ret; +} + +static int hash_init_sha256(struct hash_algo *algo, void **ctxp) +{ + int ret; + int is224 = algo->digest_size == SHA224_SUM_LEN ? 1 : 0; + mbedtls_sha256_context *ctx = malloc(sizeof(mbedtls_sha256_context)); + + if (!ctx) + return -ENOMEM; + + mbedtls_sha256_init(ctx); + ret = mbedtls_sha256_starts(ctx, is224); + if (!ret) { + *ctxp = ctx; + } else { + mbedtls_sha256_free(ctx); + free(ctx); + } + + return ret; +} + +static int hash_update_sha256(struct hash_algo *algo, void *ctx, const void *buf, + uint size, int is_last) +{ + return mbedtls_sha256_update((mbedtls_sha256_context *)ctx, buf, size); +} + +static int +hash_finish_sha256(struct hash_algo *algo, void *ctx, void *dest_buf, int size) +{ + int ret; + + if (size < algo->digest_size) + return -1; + + ret = mbedtls_sha256_finish((mbedtls_sha256_context *)ctx, dest_buf); + if (!ret) { + mbedtls_sha256_free((mbedtls_sha256_context *)ctx); + free(ctx); + } + + return ret; +} + +static int hash_init_sha512(struct hash_algo *algo, void **ctxp) +{ + int ret; + int is384 = algo->digest_size == SHA384_SUM_LEN ? 1 : 0; + mbedtls_sha512_context *ctx = malloc(sizeof(mbedtls_sha512_context)); + + if (!ctx) + return -ENOMEM; + + mbedtls_sha512_init(ctx); + ret = mbedtls_sha512_starts(ctx, is384); + if (!ret) { + *ctxp = ctx; + } else { + mbedtls_sha512_free(ctx); + free(ctx); + } + + return ret; +} + +static int hash_update_sha512(struct hash_algo *algo, void *ctx, const void *buf, + uint size, int is_last) +{ + return mbedtls_sha512_update((mbedtls_sha512_context *)ctx, buf, size); +} + +static int +hash_finish_sha512(struct hash_algo *algo, void *ctx, void *dest_buf, int size) +{ + int ret; + + if (size < algo->digest_size) + return -1; + + ret = mbedtls_sha512_finish((mbedtls_sha512_context *)ctx, dest_buf); + if (!ret) { + mbedtls_sha512_free((mbedtls_sha512_context *)ctx); + free(ctx); + } + + return ret; +} + +#else /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */ + static int __maybe_unused hash_init_sha1(struct hash_algo *algo, void **ctxp) { sha1_context *ctx = malloc(sizeof(sha1_context)); @@ -143,6 +278,8 @@ static int __maybe_unused hash_finish_sha512(struct hash_algo *algo, void *ctx, return 0; }
+#endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */ + static int hash_init_crc16_ccitt(struct hash_algo *algo, void **ctxp) { uint16_t *ctx = malloc(sizeof(uint16_t)); @@ -267,10 +404,16 @@ static struct hash_algo hash_algo[] = { .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, +#else +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) + .hash_init = hash_init_sha512, + .hash_update = hash_update_sha512, + .hash_finish = hash_finish_sha512, #else .hash_init = hash_init_sha384, .hash_update = hash_update_sha384, .hash_finish = hash_finish_sha384, +#endif #endif }, #endif
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c @@ -35,6 +35,141 @@ #include <u-boot/sha512.h> #include <u-boot/md5.h>
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{
int ret;mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));if (!ctx)return -ENOMEM;mbedtls_sha1_init(ctx);ret = mbedtls_sha1_starts(ctx);if (!ret) {*ctxp = ctx;} else {mbedtls_sha1_free(ctx);free(ctx);}return ret;+}
+static int hash_update_sha1(struct hash_algo *algo, void *ctx, const void *buf,
unsigned int size, int is_last)+{
return mbedtls_sha1_update((mbedtls_sha1_context *)ctx, buf, size);+}
+static int +hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, int size) +{
int ret;if (size < algo->digest_size)return -1;ret = mbedtls_sha1_finish((mbedtls_sha1_context *)ctx, dest_buf);if (!ret) {mbedtls_sha1_free((mbedtls_sha1_context *)ctx);free(ctx);}return ret;+}
+static int hash_init_sha256(struct hash_algo *algo, void **ctxp) +{
int ret;int is224 = algo->digest_size == SHA224_SUM_LEN ? 1 : 0;mbedtls_sha256_context *ctx = malloc(sizeof(mbedtls_sha256_context));
I prefer sizeof(*ctx) on all the allocations. Also since it's a crypto stack I prefer a calloc (sha384 for example will allocate more bytes)
if (!ctx)return -ENOMEM;mbedtls_sha256_init(ctx);ret = mbedtls_sha256_starts(ctx, is224);if (!ret) {*ctxp = ctx;} else {mbedtls_sha256_free(ctx);free(ctx);}return ret;+}
+static int hash_update_sha256(struct hash_algo *algo, void *ctx, const void *buf,
uint size, int is_last)+{
return mbedtls_sha256_update((mbedtls_sha256_context *)ctx, buf, size);+}
+static int +hash_finish_sha256(struct hash_algo *algo, void *ctx, void *dest_buf, int size) +{
int ret;if (size < algo->digest_size)return -1;ret = mbedtls_sha256_finish((mbedtls_sha256_context *)ctx, dest_buf);if (!ret) {mbedtls_sha256_free((mbedtls_sha256_context *)ctx);free(ctx);}return ret;+}
+static int hash_init_sha512(struct hash_algo *algo, void **ctxp) +{
int ret;int is384 = algo->digest_size == SHA384_SUM_LEN ? 1 : 0;mbedtls_sha512_context *ctx = malloc(sizeof(mbedtls_sha512_context));if (!ctx)return -ENOMEM;mbedtls_sha512_init(ctx);ret = mbedtls_sha512_starts(ctx, is384);if (!ret) {*ctxp = ctx;} else {mbedtls_sha512_free(ctx);free(ctx);}return ret;+}
+static int hash_update_sha512(struct hash_algo *algo, void *ctx, const void *buf,
uint size, int is_last)+{
return mbedtls_sha512_update((mbedtls_sha512_context *)ctx, buf, size);+}
+static int +hash_finish_sha512(struct hash_algo *algo, void *ctx, void *dest_buf, int size) +{
int ret;if (size < algo->digest_size)return -1;ret = mbedtls_sha512_finish((mbedtls_sha512_context *)ctx, dest_buf);if (!ret) {mbedtls_sha512_free((mbedtls_sha512_context *)ctx);free(ctx);}return ret;+}
+#else /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
static int __maybe_unused hash_init_sha1(struct hash_algo *algo, void **ctxp) { sha1_context *ctx = malloc(sizeof(sha1_context)); @@ -143,6 +278,8 @@ static int __maybe_unused hash_finish_sha512(struct hash_algo *algo, void *ctx, return 0; }
+#endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
static int hash_init_crc16_ccitt(struct hash_algo *algo, void **ctxp) { uint16_t *ctx = malloc(sizeof(uint16_t)); @@ -267,10 +404,16 @@ static struct hash_algo hash_algo[] = { .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, +#else +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
.hash_init = hash_init_sha512,.hash_update = hash_update_sha512,.hash_finish = hash_finish_sha512,
I don't have strong opinion here, but you could alternatively define sha384 wrappers for mbedTLS and avoid this ifdef. In any case I personally don't mind.
#else .hash_init = hash_init_sha384, .hash_update = hash_update_sha384, .hash_finish = hash_finish_sha384, +#endif #endif },
#endif
2.25.1
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c @@ -35,6 +35,141 @@ #include <u-boot/sha512.h> #include <u-boot/md5.h>
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{
int ret;mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));
Why do we need allocation here? We should avoid it where possible.
if (!ctx)return -ENOMEM;mbedtls_sha1_init(ctx);ret = mbedtls_sha1_starts(ctx);if (!ret) {*ctxp = ctx;} else {mbedtls_sha1_free(ctx);free(ctx);}return ret;+}
[..]
Regards, Simon
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c @@ -35,6 +35,141 @@ #include <u-boot/sha512.h> #include <u-boot/md5.h>
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{
int ret;mbedtls_sha1_context *ctx =malloc(sizeof(mbedtls_sha1_context));
Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is passing a
pointer address and expecting to get the context from the pointer, it is reasonable to do the allocation. On top of that, this patch doesn't make changes on this API itself, but just adapted it to MbedTLS stacks, thus you can see the allocation is needed by the original API as well.
Regards, Raymond
Hi Raymond,
On Thu, 18 Jul 2024 at 17:46, Raymond Mao raymond.mao@linaro.org wrote:
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c @@ -35,6 +35,141 @@ #include <u-boot/sha512.h> #include <u-boot/md5.h>
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{
int ret;mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is passing a pointer address and expecting to get the context from the pointer, it is reasonable to do the allocation. On top of that, this patch doesn't make changes on this API itself, but just adapted it to MbedTLS stacks, thus you can see the allocation is needed by the original API as well.
Oh dear., I see Now I am looking at the code. It is full of #ifdefs for different cases.
The whole thing needs a bit of a rationalisation before adding another case.
Regards, Simon
On Fri, Jul 19, 2024 at 04:05:09PM +0100, Simon Glass wrote:
Hi Raymond,
On Thu, 18 Jul 2024 at 17:46, Raymond Mao raymond.mao@linaro.org wrote:
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c @@ -35,6 +35,141 @@ #include <u-boot/sha512.h> #include <u-boot/md5.h>
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{
int ret;mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is passing a pointer address and expecting to get the context from the pointer, it is reasonable to do the allocation. On top of that, this patch doesn't make changes on this API itself, but just adapted it to MbedTLS stacks, thus you can see the allocation is needed by the original API as well.
Oh dear., I see Now I am looking at the code. It is full of #ifdefs for different cases.
The whole thing needs a bit of a rationalisation before adding another case.
If you're referring too the hash_algo struct, I'm not sure we can do something different that doesn't in turn increase size globally. And long term some of this may be able to go away if we can remove non-mbedTLS options.
Hi Tom,
On Fri, 19 Jul 2024 at 16:25, Tom Rini trini@konsulko.com wrote:
On Fri, Jul 19, 2024 at 04:05:09PM +0100, Simon Glass wrote:
Hi Raymond,
On Thu, 18 Jul 2024 at 17:46, Raymond Mao raymond.mao@linaro.org wrote:
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c @@ -35,6 +35,141 @@ #include <u-boot/sha512.h> #include <u-boot/md5.h>
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{
int ret;mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is passing a pointer address and expecting to get the context from the pointer, it is reasonable to do the allocation. On top of that, this patch doesn't make changes on this API itself, but just adapted it to MbedTLS stacks, thus you can see the allocation is needed by the original API as well.
Oh dear., I see Now I am looking at the code. It is full of #ifdefs for different cases.
The whole thing needs a bit of a rationalisation before adding another case.
If you're referring too the hash_algo struct, I'm not sure we can do something different that doesn't in turn increase size globally. And long term some of this may be able to go away if we can remove non-mbedTLS options.
Well, at least using the existing functions rather than writing entirely new ones would help.
The real culprit here is the hardware-acceleration stuff, but making the software side messy too is not nice. Hashing should move to a linker-list approach for the implementation, and probably driver model for the hardware acceleration.
Regards, Simon
On Sat, Jul 20, 2024 at 01:36:02PM +0100, Simon Glass wrote:
Hi Tom,
On Fri, 19 Jul 2024 at 16:25, Tom Rini trini@konsulko.com wrote:
On Fri, Jul 19, 2024 at 04:05:09PM +0100, Simon Glass wrote:
Hi Raymond,
On Thu, 18 Jul 2024 at 17:46, Raymond Mao raymond.mao@linaro.org wrote:
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote: > > Integrate common/hash.c on the hash shim layer so that hash APIs > from mbedtls can be leveraged by boot/image and efi_loader. > > Signed-off-by: Raymond Mao raymond.mao@linaro.org > --- > Changes in v2 > - Use the original head files instead of creating new ones. > Changes in v3 > - Add handle checkers for malloc. > Changes in v4 > - None. > > common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 143 insertions(+) > > diff --git a/common/hash.c b/common/hash.c > index ac63803fed9..96caf074374 100644 > --- a/common/hash.c > +++ b/common/hash.c > @@ -35,6 +35,141 @@ > #include <u-boot/sha512.h> > #include <u-boot/md5.h> > > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) > + > +static int hash_init_sha1(struct hash_algo *algo, void **ctxp) > +{ > + int ret; > + mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));
Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is passing a pointer address and expecting to get the context from the pointer, it is reasonable to do the allocation. On top of that, this patch doesn't make changes on this API itself, but just adapted it to MbedTLS stacks, thus you can see the allocation is needed by the original API as well.
Oh dear., I see Now I am looking at the code. It is full of #ifdefs for different cases.
The whole thing needs a bit of a rationalisation before adding another case.
If you're referring too the hash_algo struct, I'm not sure we can do something different that doesn't in turn increase size globally. And long term some of this may be able to go away if we can remove non-mbedTLS options.
Well, at least using the existing functions rather than writing entirely new ones would help.
The real culprit here is the hardware-acceleration stuff, but making the software side messy too is not nice. Hashing should move to a linker-list approach for the implementation, and probably driver model for the hardware acceleration.
I'm fine with looking at that, after mbedtls is merged and we're looking at what can be removed / cleaned up. Perhaps we'll be able to shift most/all of the hardware assisted algorithms to being handled within mbedtls, I don't know.
Hi Tom,
On Sat, 20 Jul 2024 at 18:13, Tom Rini trini@konsulko.com wrote:
On Sat, Jul 20, 2024 at 01:36:02PM +0100, Simon Glass wrote:
Hi Tom,
On Fri, 19 Jul 2024 at 16:25, Tom Rini trini@konsulko.com wrote:
On Fri, Jul 19, 2024 at 04:05:09PM +0100, Simon Glass wrote:
Hi Raymond,
On Thu, 18 Jul 2024 at 17:46, Raymond Mao raymond.mao@linaro.org wrote:
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas ilias.apalodimas@linaro.org wrote: > > Hi Raymond > > On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote: > > > > Integrate common/hash.c on the hash shim layer so that hash APIs > > from mbedtls can be leveraged by boot/image and efi_loader. > > > > Signed-off-by: Raymond Mao raymond.mao@linaro.org > > --- > > Changes in v2 > > - Use the original head files instead of creating new ones. > > Changes in v3 > > - Add handle checkers for malloc. > > Changes in v4 > > - None. > > > > common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 143 insertions(+) > > > > diff --git a/common/hash.c b/common/hash.c > > index ac63803fed9..96caf074374 100644 > > --- a/common/hash.c > > +++ b/common/hash.c > > @@ -35,6 +35,141 @@ > > #include <u-boot/sha512.h> > > #include <u-boot/md5.h> > > > > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) > > + > > +static int hash_init_sha1(struct hash_algo *algo, void **ctxp) > > +{ > > + int ret; > > + mbedtls_sha1_context *ctx = malloc(sizeof(mbedtls_sha1_context));
Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is passing a pointer address and expecting to get the context from the pointer, it is reasonable to do the allocation. On top of that, this patch doesn't make changes on this API itself, but just adapted it to MbedTLS stacks, thus you can see the allocation is needed by the original API as well.
Oh dear., I see Now I am looking at the code. It is full of #ifdefs for different cases.
The whole thing needs a bit of a rationalisation before adding another case.
If you're referring too the hash_algo struct, I'm not sure we can do something different that doesn't in turn increase size globally. And long term some of this may be able to go away if we can remove non-mbedTLS options.
Well, at least using the existing functions rather than writing entirely new ones would help.
The real culprit here is the hardware-acceleration stuff, but making the software side messy too is not nice. Hashing should move to a linker-list approach for the implementation, and probably driver model for the hardware acceleration.
I'm fine with looking at that, after mbedtls is merged and we're looking at what can be removed / cleaned up. Perhaps we'll be able to shift most/all of the hardware assisted algorithms to being handled within mbedtls, I don't know.
So long as the same person does the clean-up straight afterwards, that sounds fine. Otherwise, no one else will take it on as this series makes it harder.
For hardware-assist, I think we need a driver model solution with a proper API.
Regards, Simon
Hi Tom,
On Sat, 20 Jul 2024 at 13:13, Tom Rini trini@konsulko.com wrote:
On Sat, Jul 20, 2024 at 01:36:02PM +0100, Simon Glass wrote:
Hi Tom,
On Fri, 19 Jul 2024 at 16:25, Tom Rini trini@konsulko.com wrote:
On Fri, Jul 19, 2024 at 04:05:09PM +0100, Simon Glass wrote:
Hi Raymond,
On Thu, 18 Jul 2024 at 17:46, Raymond Mao raymond.mao@linaro.org
wrote:
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas <
ilias.apalodimas@linaro.org> wrote:
> > Hi Raymond > > On Tue, 2 Jul 2024 at 21:27, Raymond Mao <
raymond.mao@linaro.org> wrote:
> > > > Integrate common/hash.c on the hash shim layer so that hash
APIs
> > from mbedtls can be leveraged by boot/image and efi_loader. > > > > Signed-off-by: Raymond Mao raymond.mao@linaro.org > > --- > > Changes in v2 > > - Use the original head files instead of creating new ones. > > Changes in v3 > > - Add handle checkers for malloc. > > Changes in v4 > > - None. > > > > common/hash.c | 143
++++++++++++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 143 insertions(+) > > > > diff --git a/common/hash.c b/common/hash.c > > index ac63803fed9..96caf074374 100644 > > --- a/common/hash.c > > +++ b/common/hash.c > > @@ -35,6 +35,141 @@ > > #include <u-boot/sha512.h> > > #include <u-boot/md5.h> > > > > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) > > + > > +static int hash_init_sha1(struct hash_algo *algo, void
**ctxp)
> > +{ > > + int ret; > > + mbedtls_sha1_context *ctx =
malloc(sizeof(mbedtls_sha1_context));
Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is
passing a pointer
address and expecting to get the context from the pointer, it is
reasonable to do the
allocation. On top of that, this patch doesn't make changes on this API
itself, but just adapted
it to MbedTLS stacks, thus you can see the allocation is needed by
the original API
as well.
Oh dear., I see Now I am looking at the code. It is full of #ifdefs for different cases.
The whole thing needs a bit of a rationalisation before adding
another case.
If you're referring too the hash_algo struct, I'm not sure we can do something different that doesn't in turn increase size globally. And long term some of this may be able to go away if we can remove non-mbedTLS options.
Well, at least using the existing functions rather than writing entirely new ones would help.
The real culprit here is the hardware-acceleration stuff, but making the software side messy too is not nice. Hashing should move to a linker-list approach for the implementation, and probably driver model for the hardware acceleration.
I'm fine with looking at that, after mbedtls is merged and we're looking at what can be removed / cleaned up. Perhaps we'll be able to shift most/all of the hardware assisted algorithms to being handled within mbedtls, I don't know.
Yes, I think to handle this within mbedtls is straight forward.
Regards, Raymond
Hi Simon,
On Sat, 20 Jul 2024 at 08:36, Simon Glass sjg@chromium.org wrote:
Hi Tom,
On Fri, 19 Jul 2024 at 16:25, Tom Rini trini@konsulko.com wrote:
On Fri, Jul 19, 2024 at 04:05:09PM +0100, Simon Glass wrote:
Hi Raymond,
On Thu, 18 Jul 2024 at 17:46, Raymond Mao raymond.mao@linaro.org
wrote:
Hi Simon,
On Fri, 5 Jul 2024 at 04:36, Simon Glass sjg@chromium.org wrote:
Hi,
On Wed, Jul 3, 2024, 09:56 Ilias Apalodimas <
ilias.apalodimas@linaro.org> wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org
wrote:
> > Integrate common/hash.c on the hash shim layer so that hash APIs > from mbedtls can be leveraged by boot/image and efi_loader. > > Signed-off-by: Raymond Mao raymond.mao@linaro.org > --- > Changes in v2 > - Use the original head files instead of creating new ones. > Changes in v3 > - Add handle checkers for malloc. > Changes in v4 > - None. > > common/hash.c | 143
++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 143 insertions(+) > > diff --git a/common/hash.c b/common/hash.c > index ac63803fed9..96caf074374 100644 > --- a/common/hash.c > +++ b/common/hash.c > @@ -35,6 +35,141 @@ > #include <u-boot/sha512.h> > #include <u-boot/md5.h> > > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) > + > +static int hash_init_sha1(struct hash_algo *algo, void **ctxp) > +{ > + int ret; > + mbedtls_sha1_context *ctx =
malloc(sizeof(mbedtls_sha1_context));
Why do we need allocation here? We should avoid it where possible.
The API "hash_init_sha1(struct hash_algo *algo, void **ctxp)" is
passing a pointer
address and expecting to get the context from the pointer, it is
reasonable to do the
allocation. On top of that, this patch doesn't make changes on this API itself,
but just adapted
it to MbedTLS stacks, thus you can see the allocation is needed by
the original API
as well.
Oh dear., I see Now I am looking at the code. It is full of #ifdefs for different cases.
The whole thing needs a bit of a rationalisation before adding another
case.
If you're referring too the hash_algo struct, I'm not sure we can do something different that doesn't in turn increase size globally. And long term some of this may be able to go away if we can remove non-mbedTLS options.
Well, at least using the existing functions rather than writing entirely new ones would help.
I understand that now the changes are not perfect but it is a trade-off
at the moment. I prefer to new functions, in this case we just need to add "CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)" only once. Otherwise, we have to add this build option under every function and make it messy and bad for reviewing.
Regards, Raymond
Hi Ilias,
On Wed, 3 Jul 2024 at 04:56, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
Changes in v4
- None.
common/hash.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
diff --git a/common/hash.c b/common/hash.c index ac63803fed9..96caf074374 100644 --- a/common/hash.c +++ b/common/hash.c
[snip]
@@ -267,10 +404,16 @@ static struct hash_algo hash_algo[] = { .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, +#else +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
.hash_init = hash_init_sha512,.hash_update = hash_update_sha512,.hash_finish = hash_finish_sha512,I don't have strong opinion here, but you could alternatively define sha384 wrappers for mbedTLS and avoid this ifdef. In any case I personally don't mind.
I will prefer not to create a new wrapper function in order to save
space.
Regards, Raymond
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - None. Changes in v3 - Remove changes for PLATFORM_CPPFLAGS. Changes in v4 - Fix errors when building without "O=". - Minor fix of the include directories.
Makefile | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/Makefile b/Makefile index 07d7947c8af..fd855dbd5c9 100644 --- a/Makefile +++ b/Makefile @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \ + $(if $(CONFIG_MBEDTLS_LIB), \ + "-DMBEDTLS_CONFIG_FILE="mbedtls_def_config.h"" \ + -I$(srctree)/lib/mbedtls \ + -I$(srctree)/lib/mbedtls/port \ + -I$(srctree)/lib/mbedtls/external/mbedtls \ + -I$(srctree)/lib/mbedtls/external/mbedtls/include) \ $(if $(CONFIG_$(SPL_)SYS_THUMB_BUILD), \ $(if $(CONFIG_HAS_THUMB2), \ $(if $(CONFIG_CPU_V7M), \
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- None.
Changes in v3
- Remove changes for PLATFORM_CPPFLAGS.
Changes in v4
- Fix errors when building without "O=".
- Minor fix of the include directories.
Makefile | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/Makefile b/Makefile index 07d7947c8af..fd855dbd5c9 100644 --- a/Makefile +++ b/Makefile @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \
$(if $(CONFIG_MBEDTLS_LIB), \"-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \
don't you need a full path to the config file?
-I$(srctree)/lib/mbedtls \-I$(srctree)/lib/mbedtls/port \-I$(srctree)/lib/mbedtls/external/mbedtls \-I$(srctree)/lib/mbedtls/external/mbedtls/include) \
Most of these paths are explicitly added in patch #3. Why don't we just keep them there?
Thanks /Ilias
$(if $(CONFIG_$(SPL_)SYS_THUMB_BUILD), \ $(if $(CONFIG_HAS_THUMB2), \ $(if $(CONFIG_CPU_V7M), \-- 2.25.1
Hi Ilias,
On Wed, 3 Jul 2024 at 07:35, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- None.
Changes in v3
- Remove changes for PLATFORM_CPPFLAGS.
Changes in v4
- Fix errors when building without "O=".
- Minor fix of the include directories.
Makefile | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/Makefile b/Makefile index 07d7947c8af..fd855dbd5c9 100644 --- a/Makefile +++ b/Makefile @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \
$(if $(CONFIG_MBEDTLS_LIB), \"-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \don't you need a full path to the config file?
-I$(srctree)/lib/mbedtls \-I$(srctree)/lib/mbedtls/port \-I$(srctree)/lib/mbedtls/external/mbedtls \-I$(srctree)/lib/mbedtls/external/mbedtls/include) \Most of these paths are explicitly added in patch #3. Why don't we just keep them there?
We still need this for building other modules other than the MbedTLS
library itself. For example, when those files include the "hash-checksum.h".
Regards, Raymond
Hi Ilias,
On Wed, 3 Jul 2024 at 07:35, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- None.
Changes in v3
- Remove changes for PLATFORM_CPPFLAGS.
Changes in v4
- Fix errors when building without "O=".
- Minor fix of the include directories.
Makefile | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/Makefile b/Makefile index 07d7947c8af..fd855dbd5c9 100644 --- a/Makefile +++ b/Makefile @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \
$(if $(CONFIG_MBEDTLS_LIB), \"-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \don't you need a full path to the config file?
No, we don't need the full path. Since "$(srctree)/lib/mbedtls" is in the include directories, and the this filename is unique in the project.
Regards, Raymond
On Thu, 18 Jul 2024 at 23:12, Raymond Mao raymond.mao@linaro.org wrote:
Hi Ilias,
On Wed, 3 Jul 2024 at 07:35, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org wrote:
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- None.
Changes in v3
- Remove changes for PLATFORM_CPPFLAGS.
Changes in v4
- Fix errors when building without "O=".
- Minor fix of the include directories.
Makefile | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/Makefile b/Makefile index 07d7947c8af..fd855dbd5c9 100644 --- a/Makefile +++ b/Makefile @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \
$(if $(CONFIG_MBEDTLS_LIB), \"-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \don't you need a full path to the config file?
No, we don't need the full path. Since "$(srctree)/lib/mbedtls" is in the include directories, and the this filename is unique in the project.
Then why are they needed on patch #3? Don't we include them already in the generic Makefile?
Cheers /Ilias
Regards, Raymond
Hi Ilias,
On Tue, 23 Jul 2024 at 03:45, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
On Thu, 18 Jul 2024 at 23:12, Raymond Mao raymond.mao@linaro.org wrote:
Hi Ilias,
On Wed, 3 Jul 2024 at 07:35, Ilias Apalodimas <
ilias.apalodimas@linaro.org> wrote:
On Tue, 2 Jul 2024 at 21:27, Raymond Mao raymond.mao@linaro.org
wrote:
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- None.
Changes in v3
- Remove changes for PLATFORM_CPPFLAGS.
Changes in v4
- Fix errors when building without "O=".
- Minor fix of the include directories.
Makefile | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/Makefile b/Makefile index 07d7947c8af..fd855dbd5c9 100644 --- a/Makefile +++ b/Makefile @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if
$(CONFIG_TOOLS_DEBUG),-g)
UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \
$(if $(CONFIG_MBEDTLS_LIB), \"-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \don't you need a full path to the config file?
No, we don't need the full path. Since "$(srctree)/lib/mbedtls" is in the include directories, and the
this filename is unique
in the project.
Then why are they needed on patch #3? Don't we include them already in the generic Makefile?
I will remove the ones from #3, and then squash this patch with #3.
Regards, Raymond
Populate Microsoft Authentication Code from the content data into PKCS7 decoding context if it exists in a PKCS7 message. Add OIDs for describing objects using for Microsoft Authentication Code.
The PR for this patch is at: https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build, we need this patch on top of MbedTLS v3.6.0 before it is merged into the next MbedTLS LTS release.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - None. Changes in v3 - Update commit message. Changes in v4 - None.
.../external/mbedtls/include/mbedtls/oid.h | 30 ++++++++++ .../external/mbedtls/include/mbedtls/pkcs7.h | 10 ++++ lib/mbedtls/external/mbedtls/library/pkcs7.c | 60 +++++++++++++++---- 3 files changed, 90 insertions(+), 10 deletions(-)
diff --git a/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h b/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h index fdc25ebf885..2ee982808fa 100644 --- a/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h +++ b/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h @@ -352,6 +352,36 @@ #define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ #define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+/* + * MicroSoft Authenticate Code OIDs + */ +#define MBEDTLS_OID_PRIVATE_ENTERPRISE MBEDTLS_OID_INTERNET "\x04\x01" /* {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) */ +#define MBEDTLS_OID_MICROSOFT "\x82\x37" /* {microsoft(311)} */ +/* + * OID_msIndirectData: (1.3.6.1.4.1.311.2.1.4) + * {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 2(2) 1(1) 4(4)} + */ +#define MBEDTLS_OID_MICROSOFT_INDIRECTDATA MBEDTLS_OID_PRIVATE_ENTERPRISE MBEDTLS_OID_MICROSOFT \ + "\x02\x01\x04" +/* + * OID_msStatementType: (1.3.6.1.4.1.311.2.1.11) + * {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 2(2) 1(1) 11(11)} + */ +#define MBEDTLS_OID_MICROSOFT_STATETYPE MBEDTLS_OID_PRIVATE_ENTERPRISE MBEDTLS_OID_MICROSOFT \ + "\x02\x01\x0b" +/* + * OID_msSpOpusInfo: (1.3.6.1.4.1.311.2.1.12) + * {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 2(2) 1(1) 12(12)} + */ +#define MBEDTLS_OID_MICROSOFT_SPOPUSINFO MBEDTLS_OID_PRIVATE_ENTERPRISE MBEDTLS_OID_MICROSOFT \ + "\x02\x01\x0b" +/* + * OID_msPeImageDataObjId: (1.3.6.1.4.1.311.2.1.15) + * {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 2(2) 1(1) 15(15)} + */ +#define MBEDTLS_OID_MICROSOFT_PEIMAGEDATA MBEDTLS_OID_PRIVATE_ENTERPRISE MBEDTLS_OID_MICROSOFT \ + "\x02\x01\x0f" + /* * EC key algorithms from RFC 5480 */ diff --git a/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h b/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h index e9b482208e6..9e29b74af70 100644 --- a/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h +++ b/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h @@ -132,12 +132,22 @@ typedef struct mbedtls_pkcs7_signed_data { } mbedtls_pkcs7_signed_data;
+/* Content Data for MicroSoft Authentication Code using in U-Boot Secure Boot */ +typedef struct mbedtls_pkcs7_conten_data { + int data_type; /* Type of Data */ + size_t data_len; /* Length of Data */ + size_t data_hdrlen; /* Length of Data ASN.1 header */ + void *data; /* Content Data */ +} +mbedtls_pkcs7_conten_data; + /** * Structure holding PKCS #7 structure, only signed data for now */ typedef struct mbedtls_pkcs7 { mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw); mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data); + mbedtls_pkcs7_conten_data content_data; } mbedtls_pkcs7;
diff --git a/lib/mbedtls/external/mbedtls/library/pkcs7.c b/lib/mbedtls/external/mbedtls/library/pkcs7.c index 3aac662ba69..0c2436b56b7 100644 --- a/lib/mbedtls/external/mbedtls/library/pkcs7.c +++ b/lib/mbedtls/external/mbedtls/library/pkcs7.c @@ -29,6 +29,13 @@ #include <time.h> #endif
+enum OID { + /* PKCS#7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)} */ + MBEDTLS_OID_DATA = 13, /* 1.2.840.113549.1.7.1 */ + /* Microsoft Authenticode & Software Publishing */ + MBEDTLS_OID_MS_INDIRECTDATA = 24, /* 1.3.6.1.4.1.311.2.1.4 */ +}; + /** * Initializes the mbedtls_pkcs7 structure. */ @@ -449,7 +456,7 @@ cleanup: * signerInfos SignerInfos } */ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, - mbedtls_pkcs7_signed_data *signed_data) + mbedtls_pkcs7 *pkcs7) { unsigned char *p = buf; unsigned char *end = buf + buflen; @@ -457,6 +464,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, size_t len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; + mbedtls_pkcs7_signed_data *signed_data = &pkcs7->signed_data;
ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); @@ -493,25 +501,57 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, if (ret != 0) { return ret; } - if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &content_type)) { + + /* + * We should only support 1.2.840.113549.1.7.1 (PKCS7 DATA) and + * 1.3.6.1.4.1.311.2.1.4 (MicroSoft Authentication Code) that is for + * U-Boot Secure Boot + */ + if (!MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &content_type)) { + pkcs7->content_data.data_type = MBEDTLS_OID_DATA; + } else if (!MBEDTLS_OID_CMP(MBEDTLS_OID_MICROSOFT_INDIRECTDATA, + &content_type)) { + pkcs7->content_data.data_type = MBEDTLS_OID_MS_INDIRECTDATA; + } else { return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO; }
if (p != end_content_info) { + unsigned char *tmp_p = p; + /* Determine if valid content is present */ ret = mbedtls_asn1_get_tag(&p, end_content_info, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC); + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_CONTEXT_SPECIFIC); + if (ret != 0 || p + len != end_content_info) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, + ret); + } + + /* + * U-Boot Secure Boot needs to calculate the digest of MicroSoft + * Authentication Code during verifying an EFI image. + * Thus we need to save the context of Content Data. + */ + pkcs7->content_data.data_hdrlen = p - tmp_p; + /* Parse the content data from a sequence */ + ret = mbedtls_asn1_get_tag(&p, end_content_info, &len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE); if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); + /* TODO: Other Content Data formats are not supported at the moment */ + return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; + } else if (p + len != end_content_info) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, + ret); } + + pkcs7->content_data.data = p; + pkcs7->content_data.data_len = len; + p += len; - if (p != end_content_info) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); - } - /* Valid content is present - this is not supported */ - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; }
/* Look for certificates, there may or may not be any */ @@ -624,7 +664,7 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, }
try_data: - ret = pkcs7_get_signed_data(p, len, &pkcs7->signed_data); + ret = pkcs7_get_signed_data(p, len, pkcs7); if (ret != 0) { goto out; }
Populate PKCS9 Authenticate Attributes from signer info if it exists in a PKCS7 message. Add OIDs for describing objects using for Authenticate Attributes.
The PR for this patch is at: https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build, we need this patch on top of MbedTLS v3.6.0 before it is merged into the next MbedTLS LTS release.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - None. Changes in v3 - Update commit message. Changes in v4 - None.
.../external/mbedtls/include/mbedtls/oid.h | 5 +++++ .../external/mbedtls/include/mbedtls/pkcs7.h | 11 +++++++++++ lib/mbedtls/external/mbedtls/library/pkcs7.c | 19 ++++++++++++++++++- 3 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h b/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h index 2ee982808fa..43cef99f1e3 100644 --- a/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h +++ b/lib/mbedtls/external/mbedtls/include/mbedtls/oid.h @@ -238,6 +238,11 @@ #define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ +#define MBEDTLS_OID_PKCS9_CONTENTTYPE MBEDTLS_OID_PKCS9 "\x03" /**< contentType AttributeType ::= { pkcs-9 3 } */ +#define MBEDTLS_OID_PKCS9_MESSAGEDIGEST MBEDTLS_OID_PKCS9 "\x04" /**< messageDigest AttributeType ::= { pkcs-9 4 } */ +#define MBEDTLS_OID_PKCS9_SIGNINGTIME MBEDTLS_OID_PKCS9 "\x05" /**< signingTime AttributeType ::= { pkcs-9 5 } */ +#define MBEDTLS_OID_PKCS9_SMIMECAP MBEDTLS_OID_PKCS9 "\x0f" /**< smimeCapabilites AttributeType ::= { pkcs-9 15 } */ +#define MBEDTLS_OID_PKCS9_SMIMEAA MBEDTLS_OID_PKCS9 "\x10\x02\x0b" /**< smimeCapabilites AttributeType ::= { pkcs-9 16 2 11} */
/* RFC 4055 */ #define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ diff --git a/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h b/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h index 9e29b74af70..a88a5e858fc 100644 --- a/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h +++ b/lib/mbedtls/external/mbedtls/include/mbedtls/pkcs7.h @@ -102,6 +102,16 @@ typedef enum { } mbedtls_pkcs7_type;
+/* + * Authenticate Attributes for MicroSoft Authentication Code using in U-Boot + * Secure Boot + */ +typedef struct mbedtls_pkcs7_authattrs { + size_t data_len; + void *data; +} +mbedtls_pkcs7_authattrs; + /** * Structure holding PKCS #7 signer info */ @@ -113,6 +123,7 @@ typedef struct mbedtls_pkcs7_signer_info { mbedtls_x509_buf MBEDTLS_PRIVATE(alg_identifier); mbedtls_x509_buf MBEDTLS_PRIVATE(sig_alg_identifier); mbedtls_x509_buf MBEDTLS_PRIVATE(sig); + mbedtls_pkcs7_authattrs authattrs; struct mbedtls_pkcs7_signer_info *MBEDTLS_PRIVATE(next); } mbedtls_pkcs7_signer_info; diff --git a/lib/mbedtls/external/mbedtls/library/pkcs7.c b/lib/mbedtls/external/mbedtls/library/pkcs7.c index 0c2436b56b7..da73fb341d6 100644 --- a/lib/mbedtls/external/mbedtls/library/pkcs7.c +++ b/lib/mbedtls/external/mbedtls/library/pkcs7.c @@ -288,6 +288,7 @@ static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, unsigned char *end_signer, *end_issuer_and_sn; int asn1_ret = 0, ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; + unsigned char *tmp_p;
asn1_ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); @@ -349,7 +350,23 @@ static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, goto out; }
- /* Assume authenticatedAttributes is nonexistent */ + /* Save authenticatedAttributes if present */ + if (*p < end_signer && + **p == (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)) { + tmp_p = *p; + + ret = mbedtls_asn1_get_tag(p, end_signer, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0); + if (ret != 0) { + goto out; + } + + signer->authattrs.data = tmp_p; + signer->authattrs.data_len = len + *p - tmp_p; + *p += len; + } + ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->sig_alg_identifier); if (ret != 0) { goto out;
Support decoding multiple signer's cert in the signed data within a PKCS7 message.
The PR for this patch is at: https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build, we need this patch on top of MbedTLS v3.6.0 before it is merged into the next MbedTLS LTS release.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - None. Changes in v3 - Update commit message. Changes in v4 - None.
lib/mbedtls/external/mbedtls/library/pkcs7.c | 75 ++++++++++++-------- 1 file changed, 47 insertions(+), 28 deletions(-)
diff --git a/lib/mbedtls/external/mbedtls/library/pkcs7.c b/lib/mbedtls/external/mbedtls/library/pkcs7.c index da73fb341d6..01105227d7a 100644 --- a/lib/mbedtls/external/mbedtls/library/pkcs7.c +++ b/lib/mbedtls/external/mbedtls/library/pkcs7.c @@ -61,6 +61,36 @@ static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end, return ret; }
+/** + * Get and decode one cert from a sequence. + * Return 0 for success, + * Return negative error code for failure. + **/ +static int pkcs7_get_one_cert(unsigned char **p, unsigned char *end, + mbedtls_x509_crt *certs) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0; + unsigned char *start = *p; + unsigned char *end_cert; + + ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CERT, ret); + } + + end_cert = *p + len; + + if ((ret = mbedtls_x509_crt_parse_der(certs, start, end_cert - start)) < 0) { + return MBEDTLS_ERR_PKCS7_INVALID_CERT; + } + + *p = end_cert; + + return 0; +} + /** * version Version * Version ::= INTEGER @@ -178,11 +208,12 @@ static int pkcs7_get_certificates(unsigned char **p, unsigned char *end, mbedtls_x509_crt *certs) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len1 = 0; - size_t len2 = 0; - unsigned char *end_set, *end_cert, *start; + size_t len = 0; + unsigned char *end_set; + int num_of_certs = 0;
- ret = mbedtls_asn1_get_tag(p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED + /* Get the set of certs */ + ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC); if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { return 0; @@ -190,38 +221,26 @@ static int pkcs7_get_certificates(unsigned char **p, unsigned char *end, if (ret != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); } - start = *p; - end_set = *p + len1; + end_set = *p + len;
- ret = mbedtls_asn1_get_tag(p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE); + ret = pkcs7_get_one_cert(p, end_set, certs); if (ret != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CERT, ret); + return ret; }
- end_cert = *p + len2; + num_of_certs++;
- /* - * This is to verify that there is only one signer certificate. It seems it is - * not easy to differentiate between the chain vs different signer's certificate. - * So, we support only the root certificate and the single signer. - * The behaviour would be improved with addition of multiple signer support. - */ - if (end_cert != end_set) { - return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - } - - if ((ret = mbedtls_x509_crt_parse_der(certs, start, len1)) < 0) { - return MBEDTLS_ERR_PKCS7_INVALID_CERT; + while (*p != end_set) { + ret = pkcs7_get_one_cert(p, end_set, certs); + if (ret != 0) { + return ret; + } + num_of_certs++; }
- *p = end_cert; + *p = end_set;
- /* - * Since in this version we strictly support single certificate, and reaching - * here implies we have parsed successfully, we return 1. - */ - return 1; + return num_of_certs; }
/**
Update the PKCS7 test suites for multiple certs.
The PR for this patch is at: https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build, we need this patch on top of MbedTLS v3.6.0 before it is merged into the next MbedTLS LTS release.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - None. Changes in v3 - Update commit message. Changes in v4 - None.
.../external/mbedtls/tests/suites/test_suite_pkcs7.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/mbedtls/external/mbedtls/tests/suites/test_suite_pkcs7.data b/lib/mbedtls/external/mbedtls/tests/suites/test_suite_pkcs7.data index d3b83cdf0aa..2dd1c56109f 100644 --- a/lib/mbedtls/external/mbedtls/tests/suites/test_suite_pkcs7.data +++ b/lib/mbedtls/external/mbedtls/tests/suites/test_suite_pkcs7.data @@ -14,9 +14,9 @@ PKCS7 Signed Data Parse with zero signers depends_on:MBEDTLS_MD_CAN_SHA256 pkcs7_parse:"data_files/pkcs7_data_no_signers.der":MBEDTLS_PKCS7_SIGNED_DATA
-PKCS7 Signed Data Parse Fail with multiple certs #4 +PKCS7 Signed Data Parse Pass with multiple certs #4 depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE +pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_PKCS7_SIGNED_DATA
PKCS7 Signed Data Parse Fail with corrupted cert #5.0 depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
Move public_key_free and public_key_signature_free as helper functions that can be shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v4 - Initial patch.
lib/crypto/Makefile | 4 +++- lib/crypto/public_key.c | 31 ------------------------- lib/crypto/public_key_helper.c | 42 ++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 32 deletions(-) create mode 100644 lib/crypto/public_key_helper.c
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index bec1bc95a65..4ad1849040d 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -7,7 +7,9 @@ obj-$(CONFIG_$(SPL_)ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
-obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += \ + public_key_helper.o \ + public_key.o
# # RSA public key parser diff --git a/lib/crypto/public_key.c b/lib/crypto/public_key.c index 6efe951c057..408742907f1 100644 --- a/lib/crypto/public_key.c +++ b/lib/crypto/public_key.c @@ -51,38 +51,7 @@ static void public_key_describe(const struct key *asymmetric_key, } #endif
-/* - * Destroy a public key algorithm key. - */ -void public_key_free(struct public_key *key) -{ - if (key) { - kfree(key->key); - kfree(key->params); - kfree(key); - } -} -EXPORT_SYMBOL_GPL(public_key_free); - #ifdef __UBOOT__ -/* - * from <linux>/crypto/asymmetric_keys/signature.c - * - * Destroy a public key signature. - */ -void public_key_signature_free(struct public_key_signature *sig) -{ - int i; - - if (sig) { - for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++) - free(sig->auth_ids[i]); - free(sig->s); - free(sig->digest); - free(sig); - } -} -EXPORT_SYMBOL_GPL(public_key_signature_free);
/** * public_key_verify_signature - Verify a signature using a public key. diff --git a/lib/crypto/public_key_helper.c b/lib/crypto/public_key_helper.c new file mode 100644 index 00000000000..4cb21edddf3 --- /dev/null +++ b/lib/crypto/public_key_helper.c @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * X509 helper functions + * + * Copyright (c) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ +#include <linux/compat.h> +#include <crypto/public_key.h> + +/* + * Destroy a public key algorithm key. + */ +void public_key_free(struct public_key *key) +{ + if (key) { + kfree(key->key); + kfree(key->params); + kfree(key); + } +} + +/* + * from <linux>/crypto/asymmetric_keys/signature.c + * + * Destroy a public key signature. + */ +void public_key_signature_free(struct public_key_signature *sig) +{ + int i; + + if (sig) { + for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++) + kfree(sig->auth_ids[i]); + kfree(sig->s); + kfree(sig->digest); + kfree(sig); + } +}
Hi Raymond
On Tue, 2 Jul 2024 at 21:29, Raymond Mao raymond.mao@linaro.org wrote:
Move public_key_free and public_key_signature_free as helper functions that can be shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v4
- Initial patch.
lib/crypto/Makefile | 4 +++- lib/crypto/public_key.c | 31 ------------------------- lib/crypto/public_key_helper.c | 42 ++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 32 deletions(-) create mode 100644 lib/crypto/public_key_helper.c
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index bec1bc95a65..4ad1849040d 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -7,7 +7,9 @@ obj-$(CONFIG_$(SPL_)ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
-obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += \
public_key_helper.o \public_key.o# # RSA public key parser diff --git a/lib/crypto/public_key.c b/lib/crypto/public_key.c index 6efe951c057..408742907f1 100644 --- a/lib/crypto/public_key.c +++ b/lib/crypto/public_key.c @@ -51,38 +51,7 @@ static void public_key_describe(const struct key *asymmetric_key, } #endif
-/*
- Destroy a public key algorithm key.
- */
-void public_key_free(struct public_key *key) -{
if (key) {kfree(key->key);kfree(key->params);kfree(key);}-} -EXPORT_SYMBOL_GPL(public_key_free);
#ifdef __UBOOT__ -/*
- from <linux>/crypto/asymmetric_keys/signature.c
- Destroy a public key signature.
- */
-void public_key_signature_free(struct public_key_signature *sig) -{
int i;if (sig) {for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)free(sig->auth_ids[i]);free(sig->s);free(sig->digest);free(sig);}-} -EXPORT_SYMBOL_GPL(public_key_signature_free);
/**
- public_key_verify_signature - Verify a signature using a public key.
diff --git a/lib/crypto/public_key_helper.c b/lib/crypto/public_key_helper.c new file mode 100644 index 00000000000..4cb21edddf3 --- /dev/null +++ b/lib/crypto/public_key_helper.c @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- X509 helper functions
- Copyright (c) 2012 Red Hat, Inc. All Rights Reserved.
- Written by David Howells (dhowells@redhat.com)
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
Similar comments here, the patch is ok, just remove the copyright and author
- */
+#include <linux/compat.h> +#include <crypto/public_key.h>
+/*
- Destroy a public key algorithm key.
- */
+void public_key_free(struct public_key *key) +{
if (key) {kfree(key->key);kfree(key->params);kfree(key);}+}
+/*
- from <linux>/crypto/asymmetric_keys/signature.c
- Destroy a public key signature.
- */
+void public_key_signature_free(struct public_key_signature *sig) +{
int i;if (sig) {for (i = 0; i < ARRAY_SIZE(sig->auth_ids); i++)kfree(sig->auth_ids[i]);kfree(sig->s);kfree(sig->digest);kfree(sig);}+}
2.25.1
With the above fixed Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Move x509_check_for_self_signed as a common helper function that can be shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v4 - Initial patch.
lib/crypto/Makefile | 1 + lib/crypto/x509_helper.c | 67 ++++++++++++++++++++++++++++++++++++ lib/crypto/x509_public_key.c | 56 +----------------------------- 3 files changed, 69 insertions(+), 55 deletions(-) create mode 100644 lib/crypto/x509_helper.c
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 4ad1849040d..946cc3a7b59 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -37,6 +37,7 @@ x509_key_parser-y := \ x509.asn1.o \ x509_akid.asn1.o \ x509_cert_parser.o \ + x509_helper.o \ x509_public_key.o
$(obj)/x509_cert_parser.o: \ diff --git a/lib/crypto/x509_helper.c b/lib/crypto/x509_helper.c new file mode 100644 index 00000000000..d0c80907ec3 --- /dev/null +++ b/lib/crypto/x509_helper.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * X509 helper functions + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ +#include <linux/err.h> +#include <crypto/public_key.h> +#include <crypto/x509_parser.h> + +/* + * Check for self-signedness in an X.509 cert and if found, check the signature + * immediately if we can. + */ +int x509_check_for_self_signed(struct x509_certificate *cert) +{ + int ret = 0; + + if (cert->raw_subject_size != cert->raw_issuer_size || + memcmp(cert->raw_subject, cert->raw_issuer, + cert->raw_issuer_size)) + goto not_self_signed; + + if (cert->sig->auth_ids[0] || cert->sig->auth_ids[1]) { + /* + * If the AKID is present it may have one or two parts. If + * both are supplied, both must match. + */ + bool a = asymmetric_key_id_same(cert->skid, + cert->sig->auth_ids[1]); + bool b = asymmetric_key_id_same(cert->id, + cert->sig->auth_ids[0]); + + if (!a && !b) + goto not_self_signed; + + ret = -EKEYREJECTED; + if (((a && !b) || (b && !a)) && + cert->sig->auth_ids[0] && cert->sig->auth_ids[1]) + goto out; + } + + ret = -EKEYREJECTED; + if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo)) + goto out; + + ret = public_key_verify_signature(cert->pub, cert->sig); + if (ret == -ENOPKG) { + cert->unsupported_sig = true; + goto not_self_signed; + } + if (ret < 0) + goto out; + + pr_devel("Cert Self-signature verified"); + cert->self_signed = true; + +out: + return ret; + +not_self_signed: + return 0; +} diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c index a10145a7cdc..4ba13c1adc3 100644 --- a/lib/crypto/x509_public_key.c +++ b/lib/crypto/x509_public_key.c @@ -139,61 +139,7 @@ error: return ret; }
-/* - * Check for self-signedness in an X.509 cert and if found, check the signature - * immediately if we can. - */ -int x509_check_for_self_signed(struct x509_certificate *cert) -{ - int ret = 0; - - pr_devel("==>%s()\n", __func__); - - if (cert->raw_subject_size != cert->raw_issuer_size || - memcmp(cert->raw_subject, cert->raw_issuer, - cert->raw_issuer_size) != 0) - goto not_self_signed; - - if (cert->sig->auth_ids[0] || cert->sig->auth_ids[1]) { - /* If the AKID is present it may have one or two parts. If - * both are supplied, both must match. - */ - bool a = asymmetric_key_id_same(cert->skid, cert->sig->auth_ids[1]); - bool b = asymmetric_key_id_same(cert->id, cert->sig->auth_ids[0]); - - if (!a && !b) - goto not_self_signed; - - ret = -EKEYREJECTED; - if (((a && !b) || (b && !a)) && - cert->sig->auth_ids[0] && cert->sig->auth_ids[1]) - goto out; - } - - ret = -EKEYREJECTED; - if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0) - goto out; - - ret = public_key_verify_signature(cert->pub, cert->sig); - if (ret < 0) { - if (ret == -ENOPKG) { - cert->unsupported_sig = true; - ret = 0; - } - goto out; - } - - pr_devel("Cert Self-signature verified"); - cert->self_signed = true; - -out: - pr_devel("<==%s() = %d\n", __func__, ret); - return ret; - -not_self_signed: - pr_devel("<==%s() = 0 [not]\n", __func__); - return 0; -} +#endif /* !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */
#ifndef __UBOOT__ /*
On Tue, 2 Jul 2024 at 21:29, Raymond Mao raymond.mao@linaro.org wrote:
Move x509_check_for_self_signed as a common helper function that can be shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v4
- Initial patch.
lib/crypto/Makefile | 1 + lib/crypto/x509_helper.c | 67 ++++++++++++++++++++++++++++++++++++ lib/crypto/x509_public_key.c | 56 +----------------------------- 3 files changed, 69 insertions(+), 55 deletions(-) create mode 100644 lib/crypto/x509_helper.c
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 4ad1849040d..946cc3a7b59 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -37,6 +37,7 @@ x509_key_parser-y := \ x509.asn1.o \ x509_akid.asn1.o \ x509_cert_parser.o \
x509_helper.o \ x509_public_key.o$(obj)/x509_cert_parser.o: \ diff --git a/lib/crypto/x509_helper.c b/lib/crypto/x509_helper.c new file mode 100644 index 00000000000..d0c80907ec3 --- /dev/null +++ b/lib/crypto/x509_helper.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- X509 helper functions
- Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- Written by David Howells (dhowells@redhat.com)
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
Same comment with your other patches moving code around. You haven't contributed a substantial amount of code here to justify the copyright and authorship
- */
+#include <linux/err.h> +#include <crypto/public_key.h> +#include <crypto/x509_parser.h>
+/*
- Check for self-signedness in an X.509 cert and if found, check the signature
- immediately if we can.
- */
+int x509_check_for_self_signed(struct x509_certificate *cert) +{
int ret = 0;if (cert->raw_subject_size != cert->raw_issuer_size ||memcmp(cert->raw_subject, cert->raw_issuer,cert->raw_issuer_size))goto not_self_signed;if (cert->sig->auth_ids[0] || cert->sig->auth_ids[1]) {/** If the AKID is present it may have one or two parts. If* both are supplied, both must match.*/bool a = asymmetric_key_id_same(cert->skid,cert->sig->auth_ids[1]);bool b = asymmetric_key_id_same(cert->id,cert->sig->auth_ids[0]);if (!a && !b)goto not_self_signed;ret = -EKEYREJECTED;if (((a && !b) || (b && !a)) &&cert->sig->auth_ids[0] && cert->sig->auth_ids[1])goto out;}ret = -EKEYREJECTED;if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo))goto out;ret = public_key_verify_signature(cert->pub, cert->sig);if (ret == -ENOPKG) {cert->unsupported_sig = true;goto not_self_signed;}if (ret < 0)goto out;pr_devel("Cert Self-signature verified");cert->self_signed = true;+out:
return ret;+not_self_signed:
return 0;+} diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c index a10145a7cdc..4ba13c1adc3 100644 --- a/lib/crypto/x509_public_key.c +++ b/lib/crypto/x509_public_key.c @@ -139,61 +139,7 @@ error: return ret; }
-/*
- Check for self-signedness in an X.509 cert and if found, check the signature
- immediately if we can.
- */
-int x509_check_for_self_signed(struct x509_certificate *cert) -{
int ret = 0;pr_devel("==>%s()\n", __func__);if (cert->raw_subject_size != cert->raw_issuer_size ||memcmp(cert->raw_subject, cert->raw_issuer,cert->raw_issuer_size) != 0)goto not_self_signed;if (cert->sig->auth_ids[0] || cert->sig->auth_ids[1]) {/* If the AKID is present it may have one or two parts. If* both are supplied, both must match.*/bool a = asymmetric_key_id_same(cert->skid, cert->sig->auth_ids[1]);bool b = asymmetric_key_id_same(cert->id, cert->sig->auth_ids[0]);if (!a && !b)goto not_self_signed;ret = -EKEYREJECTED;if (((a && !b) || (b && !a)) &&cert->sig->auth_ids[0] && cert->sig->auth_ids[1])goto out;}ret = -EKEYREJECTED;if (strcmp(cert->pub->pkey_algo, cert->sig->pkey_algo) != 0)goto out;ret = public_key_verify_signature(cert->pub, cert->sig);if (ret < 0) {if (ret == -ENOPKG) {cert->unsupported_sig = true;ret = 0;}goto out;}pr_devel("Cert Self-signature verified");cert->self_signed = true;-out:
pr_devel("<==%s() = %d\n", __func__, ret);return ret;-not_self_signed:
pr_devel("<==%s() = 0 [not]\n", __func__);return 0;-} +#endif /* !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */
#ifndef __UBOOT__ /* -- 2.25.1
with the above fixed Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Move pkcs7_get_content_data as a helper function that can be shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v4 - Initial patch.
lib/crypto/Makefile | 1 + lib/crypto/pkcs7_helper.c | 40 +++++++++++++++++++++++++++++++++++++++ lib/crypto/pkcs7_parser.c | 28 --------------------------- 3 files changed, 41 insertions(+), 28 deletions(-) create mode 100644 lib/crypto/pkcs7_helper.c
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 946cc3a7b59..16059088f26 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -53,6 +53,7 @@ $(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += pkcs7_message.o pkcs7_message-y := \ pkcs7.asn1.o \ + pkcs7_helper.o \ pkcs7_parser.o obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o
diff --git a/lib/crypto/pkcs7_helper.c b/lib/crypto/pkcs7_helper.c new file mode 100644 index 00000000000..6c8dcd1a935 --- /dev/null +++ b/lib/crypto/pkcs7_helper.c @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * PKCS7 helper functions + * + * Copyright (c) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ +#include <linux/kernel.h> +#include <linux/err.h> +#include <crypto/pkcs7_parser.h> + +/** + * pkcs7_get_content_data - Get access to the PKCS#7 content + * @pkcs7: The preparsed PKCS#7 message to access + * @_data: Place to return a pointer to the data + * @_data_len: Place to return the data length + * @_headerlen: Size of ASN.1 header not included in _data + * + * Get access to the data content of the PKCS#7 message. The size of the + * header of the ASN.1 object that contains it is also provided and can be used + * to adjust *_data and *_data_len to get the entire object. + * + * Returns -ENODATA if the data object was missing from the message. + */ +int pkcs7_get_content_data(const struct pkcs7_message *pkcs7, + const void **_data, size_t *_data_len, + size_t *_headerlen) +{ + if (!pkcs7->data) + return -ENODATA; + + *_data = pkcs7->data; + *_data_len = pkcs7->data_len; + if (_headerlen) + *_headerlen = pkcs7->data_hdrlen; + return 0; +} diff --git a/lib/crypto/pkcs7_parser.c b/lib/crypto/pkcs7_parser.c index d5efa828d6a..c849dc0d92d 100644 --- a/lib/crypto/pkcs7_parser.c +++ b/lib/crypto/pkcs7_parser.c @@ -182,34 +182,6 @@ out_no_ctx: } EXPORT_SYMBOL_GPL(pkcs7_parse_message);
-/** - * pkcs7_get_content_data - Get access to the PKCS#7 content - * @pkcs7: The preparsed PKCS#7 message to access - * @_data: Place to return a pointer to the data - * @_data_len: Place to return the data length - * @_headerlen: Size of ASN.1 header not included in _data - * - * Get access to the data content of the PKCS#7 message. The size of the - * header of the ASN.1 object that contains it is also provided and can be used - * to adjust *_data and *_data_len to get the entire object. - * - * Returns -ENODATA if the data object was missing from the message. - */ -int pkcs7_get_content_data(const struct pkcs7_message *pkcs7, - const void **_data, size_t *_data_len, - size_t *_headerlen) -{ - if (!pkcs7->data) - return -ENODATA; - - *_data = pkcs7->data; - *_data_len = pkcs7->data_len; - if (_headerlen) - *_headerlen = pkcs7->data_hdrlen; - return 0; -} -EXPORT_SYMBOL_GPL(pkcs7_get_content_data); - /* * Note an OID when we find one for later processing when we know how * to interpret it.
Hi Raymond
On Tue, 2 Jul 2024 at 21:30, Raymond Mao raymond.mao@linaro.org wrote:
Move pkcs7_get_content_data as a helper function that can be shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v4
- Initial patch.
lib/crypto/Makefile | 1 + lib/crypto/pkcs7_helper.c | 40 +++++++++++++++++++++++++++++++++++++++ lib/crypto/pkcs7_parser.c | 28 --------------------------- 3 files changed, 41 insertions(+), 28 deletions(-) create mode 100644 lib/crypto/pkcs7_helper.c
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 946cc3a7b59..16059088f26 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -53,6 +53,7 @@ $(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += pkcs7_message.o pkcs7_message-y := \ pkcs7.asn1.o \
pkcs7_helper.o \ pkcs7_parser.oobj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o
diff --git a/lib/crypto/pkcs7_helper.c b/lib/crypto/pkcs7_helper.c new file mode 100644 index 00000000000..6c8dcd1a935 --- /dev/null +++ b/lib/crypto/pkcs7_helper.c @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- PKCS7 helper functions
- Copyright (c) 2012 Red Hat, Inc. All Rights Reserved.
- Written by David Howells (dhowells@redhat.com)
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
Copyright and authorship is added if you add a significant portion of the file. You are moving a function around here, so just keep the original author & copyright
- */
+#include <linux/kernel.h> +#include <linux/err.h> +#include <crypto/pkcs7_parser.h>
+/**
- pkcs7_get_content_data - Get access to the PKCS#7 content
- @pkcs7: The preparsed PKCS#7 message to access
- @_data: Place to return a pointer to the data
- @_data_len: Place to return the data length
- @_headerlen: Size of ASN.1 header not included in _data
- Get access to the data content of the PKCS#7 message. The size of the
- header of the ASN.1 object that contains it is also provided and can be used
- to adjust *_data and *_data_len to get the entire object.
- Returns -ENODATA if the data object was missing from the message.
- */
+int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
const void **_data, size_t *_data_len,size_t *_headerlen)+{
if (!pkcs7->data)return -ENODATA;*_data = pkcs7->data;*_data_len = pkcs7->data_len;if (_headerlen)*_headerlen = pkcs7->data_hdrlen;return 0;+} diff --git a/lib/crypto/pkcs7_parser.c b/lib/crypto/pkcs7_parser.c index d5efa828d6a..c849dc0d92d 100644 --- a/lib/crypto/pkcs7_parser.c +++ b/lib/crypto/pkcs7_parser.c @@ -182,34 +182,6 @@ out_no_ctx: } EXPORT_SYMBOL_GPL(pkcs7_parse_message);
-/**
- pkcs7_get_content_data - Get access to the PKCS#7 content
- @pkcs7: The preparsed PKCS#7 message to access
- @_data: Place to return a pointer to the data
- @_data_len: Place to return the data length
- @_headerlen: Size of ASN.1 header not included in _data
- Get access to the data content of the PKCS#7 message. The size of the
- header of the ASN.1 object that contains it is also provided and can be used
- to adjust *_data and *_data_len to get the entire object.
- Returns -ENODATA if the data object was missing from the message.
- */
-int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
const void **_data, size_t *_data_len,size_t *_headerlen)-{
if (!pkcs7->data)return -ENODATA;*_data = pkcs7->data;*_data_len = pkcs7->data_len;if (_headerlen)*_headerlen = pkcs7->data_hdrlen;return 0;-} -EXPORT_SYMBOL_GPL(pkcs7_get_content_data);
/*
- Note an OID when we find one for later processing when we know how
- to interpret it.
-- 2.25.1
with the above fixed Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Add porting layer for public key on top of MbedTLS X509 library. Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. Changes in v3 - None. Changes in v4 - Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and MbedTLS implementations respectively. - Move common functions to helper.
lib/mbedtls/Kconfig | 50 ++++++++++++++++++++++++ lib/mbedtls/Makefile | 7 +++- lib/mbedtls/public_key.c | 82 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/public_key.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 0cdf0135667..6f29b0c81a2 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -122,9 +122,35 @@ endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ + ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ + ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help Enable legacy certificate libraries.
+if LEGACY_CRYPTO_CERT + +config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY + bool "Asymmetric public key crypto with legacy certificate library" + depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE + help + This option chooses legacy certificate library for asymmetric public + key crypto algorithm. + +if SPL + +config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY + bool "Asymmetric public key crypto with legacy certificate library in SPL" + depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + help + This option chooses legacy certificate library for asymmetric public + key crypto algorithm in SPL. + +endif # SPL + +endif # LEGACY_CRYPTO_CERT + endif # LEGACY_CRYPTO
if MBEDTLS_LIB @@ -232,7 +258,31 @@ endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ + ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ + ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help Enable MbedTLS certificate libraries.
+if MBEDTLS_LIB_X509 + +config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS + bool "Asymmetric public key crypto with MbedTLS certificate library" + help + This option chooses MbedTLS certificate library for asymmetric public + key crypto algorithm. + +if SPL + +config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS + bool "Asymmetric public key crypto with MbedTLS certificate library in SPL" + help + This option chooses MbedTLS certificate library for asymmetric public + key crypto algorithm in SPL. + +endif # SPL + +endif # MBEDTLS_LIB_X509 + endif # MBEDTLS_LIB diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 32a98b7f4ca..f06d0704502 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -20,6 +20,11 @@ hash_mbedtls-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o hash_mbedtls-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o hash_mbedtls-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o
+# x509 libraries +obj-$(CONFIG_MBEDTLS_LIB_X509) += x509_mbedtls.o +x509_mbedtls-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ + public_key.o + # MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y += \ @@ -45,7 +50,7 @@ mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += \ $(MBEDTLS_LIB_DIR)/bignum_core.o \ $(MBEDTLS_LIB_DIR)/rsa.o \ $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += \ +mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pk.o \ $(MBEDTLS_LIB_DIR)/pk_wrap.o \ $(MBEDTLS_LIB_DIR)/pkparse.o diff --git a/lib/mbedtls/public_key.c b/lib/mbedtls/public_key.c new file mode 100644 index 00000000000..076a61862cb --- /dev/null +++ b/lib/mbedtls/public_key.c @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Public key helper functions using MbedTLS X509 library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#include <linux/compat.h> +#include <crypto/public_key.h> + +int public_key_verify_signature(const struct public_key *pkey, + const struct public_key_signature *sig) +{ + mbedtls_md_type_t mb_hash_algo; + mbedtls_pk_context pk_ctx; + int ret; + + if (!pkey || !sig || pkey->key_is_private) + return -EINVAL; + + /* + * ECRDSA (Elliptic Curve RedDSA) from Red Hat is not supported by + * MbedTLS + */ + if (strcmp(pkey->pkey_algo, "rsa")) { + pr_err("Encryption is not RSA: %s\n", sig->pkey_algo); + return -EINVAL; + } + + /* + * Can be pkcs1 or raw, but pkcs1 is expected. + * This is just for argument checking, not necessarily passed to MbedTLS, + * For RSA signatures, MbedTLS typically supports the PKCS#1 v1.5 + * (aka. pkcs1) encoding by default. + * The library internally handles the details of decoding and verifying + * the signature according to the expected encoding for the specified algorithm. + */ + if (strcmp(sig->encoding, "pkcs1")) { + pr_err("Encoding %s is not supported, only supports pkcs1\n", + sig->encoding); + return -EINVAL; + } + + if (!strcmp(sig->hash_algo, "sha1")) + mb_hash_algo = MBEDTLS_MD_SHA1; + else if (!strcmp(sig->hash_algo, "sha224")) + mb_hash_algo = MBEDTLS_MD_SHA224; + else if (!strcmp(sig->hash_algo, "sha256")) + mb_hash_algo = MBEDTLS_MD_SHA256; + else if (!strcmp(sig->hash_algo, "sha384")) + mb_hash_algo = MBEDTLS_MD_SHA384; + else if (!strcmp(sig->hash_algo, "sha512")) + mb_hash_algo = MBEDTLS_MD_SHA512; + else /* Unknown or unsupported hash algorithm */ + return -EINVAL; + /* Initialize the mbedtls_pk_context with RSA key type */ + mbedtls_pk_init(&pk_ctx); + + /* Parse the DER-encoded public key */ + ret = mbedtls_pk_parse_public_key(&pk_ctx, pkey->key, pkey->keylen); + if (ret) { + pr_err("Failed to parse public key, ret:-0x%04x\n", -ret); + ret = -EINVAL; + goto err_key; + } + + /* Ensure that it is a RSA key */ + if (mbedtls_pk_get_type(&pk_ctx) != MBEDTLS_PK_RSA) { + pr_err("Only RSA keys are supported\n"); + ret = -EKEYREJECTED; + goto err_key; + } + + /* Verify the hash */ + ret = mbedtls_pk_verify(&pk_ctx, mb_hash_algo, sig->digest, + sig->digest_size, sig->s, sig->s_size); + +err_key: + mbedtls_pk_free(&pk_ctx); + return ret; +}
On Tue, 2 Jul 2024 at 21:30, Raymond Mao raymond.mao@linaro.org wrote:
Add porting layer for public key on top of MbedTLS X509 library. Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- None.
Changes in v4
- Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and MbedTLS implementations respectively.
- Move common functions to helper.
lib/mbedtls/Kconfig | 50 ++++++++++++++++++++++++ lib/mbedtls/Makefile | 7 +++- lib/mbedtls/public_key.c | 82 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/public_key.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 0cdf0135667..6f29b0c81a2 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -122,9 +122,35 @@ endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT bool "legacy certificate libraries"
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ASYMMETRIC_PUBLIC_KEY_SUBTYPEselect SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help Enable legacy certificate libraries.+if LEGACY_CRYPTO_CERT
+config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY
bool "Asymmetric public key crypto with legacy certificate library"depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPEhelpThis option chooses legacy certificate library for asymmetric publickey crypto algorithm.+if SPL
+config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY
subtype is either legacy or mbedTLS? If yes I think you can get rid of it and have SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY and ASYMMETRIC_PUBLIC_KEY_MBEDTLS
bool "Asymmetric public key crypto with legacy certificate library in SPL"depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPEhelpThis option chooses legacy certificate library for asymmetric publickey crypto algorithm in SPL.+endif # SPL
+endif # LEGACY_CRYPTO_CERT
endif # LEGACY_CRYPTO
if MBEDTLS_LIB @@ -232,7 +258,31 @@ endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries"
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ASYMMETRIC_PUBLIC_KEY_SUBTYPEselect SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL
Why do we have to select SPL here and in the Kconfig above for the legacy option?
help Enable MbedTLS certificate libraries.+if MBEDTLS_LIB_X509
+config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS
bool "Asymmetric public key crypto with MbedTLS certificate library"helpThis option chooses MbedTLS certificate library for asymmetric publickey crypto algorithm.+if SPL
+config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS
bool "Asymmetric public key crypto with MbedTLS certificate library in SPL"helpThis option chooses MbedTLS certificate library for asymmetric publickey crypto algorithm in SPL.+endif # SPL
+endif # MBEDTLS_LIB_X509
endif # MBEDTLS_LIB diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 32a98b7f4ca..f06d0704502 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -20,6 +20,11 @@ hash_mbedtls-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o hash_mbedtls-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o hash_mbedtls-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o
+# x509 libraries +obj-$(CONFIG_MBEDTLS_LIB_X509) += x509_mbedtls.o +x509_mbedtls-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \
public_key.o# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y += \ @@ -45,7 +50,7 @@ mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += \ $(MBEDTLS_LIB_DIR)/bignum_core.o \ $(MBEDTLS_LIB_DIR)/rsa.o \ $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += \ +mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pk.o \ $(MBEDTLS_LIB_DIR)/pk_wrap.o \ $(MBEDTLS_LIB_DIR)/pkparse.o diff --git a/lib/mbedtls/public_key.c b/lib/mbedtls/public_key.c new file mode 100644 index 00000000000..076a61862cb --- /dev/null +++ b/lib/mbedtls/public_key.c @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Public key helper functions using MbedTLS X509 library
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
- */
+#include <linux/compat.h> +#include <crypto/public_key.h>
+int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig)+{
mbedtls_md_type_t mb_hash_algo;mbedtls_pk_context pk_ctx;int ret;if (!pkey || !sig || pkey->key_is_private)return -EINVAL;/** ECRDSA (Elliptic Curve RedDSA) from Red Hat is not supported by* MbedTLS*/
That's not Redhat AFAICT. That's Elliptic Curve (Russian) Digital Signature Algorithm described in GOST 34.10-2018, GOST R 34.10-2012, RFC 7091, ISO/IEC 14888-3:2018
if (strcmp(pkey->pkey_algo, "rsa")) {pr_err("Encryption is not RSA: %s\n", sig->pkey_algo);return -EINVAL;}/** Can be pkcs1 or raw, but pkcs1 is expected.* This is just for argument checking, not necessarily passed to MbedTLS,* For RSA signatures, MbedTLS typically supports the PKCS#1 v1.5* (aka. pkcs1) encoding by default.* The library internally handles the details of decoding and verifying* the signature according to the expected encoding for the specified algorithm.*/if (strcmp(sig->encoding, "pkcs1")) {pr_err("Encoding %s is not supported, only supports pkcs1\n",sig->encoding);return -EINVAL;}if (!strcmp(sig->hash_algo, "sha1"))mb_hash_algo = MBEDTLS_MD_SHA1;else if (!strcmp(sig->hash_algo, "sha224"))mb_hash_algo = MBEDTLS_MD_SHA224;else if (!strcmp(sig->hash_algo, "sha256"))mb_hash_algo = MBEDTLS_MD_SHA256;else if (!strcmp(sig->hash_algo, "sha384"))mb_hash_algo = MBEDTLS_MD_SHA384;else if (!strcmp(sig->hash_algo, "sha512"))mb_hash_algo = MBEDTLS_MD_SHA512;else /* Unknown or unsupported hash algorithm */return -EINVAL;/* Initialize the mbedtls_pk_context with RSA key type */mbedtls_pk_init(&pk_ctx);/* Parse the DER-encoded public key */ret = mbedtls_pk_parse_public_key(&pk_ctx, pkey->key, pkey->keylen);if (ret) {pr_err("Failed to parse public key, ret:-0x%04x\n", -ret);ret = -EINVAL;goto err_key;}/* Ensure that it is a RSA key */if (mbedtls_pk_get_type(&pk_ctx) != MBEDTLS_PK_RSA) {pr_err("Only RSA keys are supported\n");ret = -EKEYREJECTED;goto err_key;}/* Verify the hash */ret = mbedtls_pk_verify(&pk_ctx, mb_hash_algo, sig->digest,sig->digest_size, sig->s, sig->s_size);+err_key:
mbedtls_pk_free(&pk_ctx);return ret;+}
2.25.1
Thanks /Ilias
Hi Ilias,
On Wed, 3 Jul 2024 at 07:47, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
On Tue, 2 Jul 2024 at 21:30, Raymond Mao raymond.mao@linaro.org wrote:
Add porting layer for public key on top of MbedTLS X509 library. Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- None.
Changes in v4
- Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and MbedTLS implementations respectively.
- Move common functions to helper.
lib/mbedtls/Kconfig | 50 ++++++++++++++++++++++++ lib/mbedtls/Makefile | 7 +++- lib/mbedtls/public_key.c | 82 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/public_key.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 0cdf0135667..6f29b0c81a2 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig
[snip]
@@ -232,7 +258,31 @@ endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries"
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ASYMMETRIC_PUBLIC_KEY_SUBTYPEselect SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPLWhy do we have to select SPL here and in the Kconfig above for the legacy option?
It should be:
"select SPL_<ALG>_<LEGACY/MBEDTLS> if SPL_<ALG>" For example: ``` config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" [...] select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ SPL_ASYMMETRIC_PUBLIC_KEY ```
Regards, Raymond
Previous patch has introduced MbedTLS porting layer for public key, here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. Changes in v3 - Update commit message. Changes in v4 - Control building legacy library via '_LEGACY' Kconfig. - Minor fix of the include directories.
include/crypto/public_key.h | 6 ++++++ lib/crypto/Makefile | 5 ++--- lib/crypto/asymmetric_type.c | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 3ba90fcc348..25cfb68adce 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -12,6 +12,12 @@
#ifdef __UBOOT__ #include <linux/types.h> +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <library/common.h> +#include <mbedtls/pk.h> +#include <mbedtls/x509_crt.h> +#include <mbedtls/md.h> +#endif #else #include <linux/keyctl.h> #endif diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 16059088f26..228ae443a27 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -7,9 +7,8 @@ obj-$(CONFIG_$(SPL_)ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
-obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += \ - public_key_helper.o \ - public_key.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key_helper.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY) += public_key.o
# # RSA public key parser diff --git a/lib/crypto/asymmetric_type.c b/lib/crypto/asymmetric_type.c index 24c2d15ef97..95b82cd8e84 100644 --- a/lib/crypto/asymmetric_type.c +++ b/lib/crypto/asymmetric_type.c @@ -12,7 +12,6 @@ #include <keys/asymmetric-subtype.h> #include <keys/asymmetric-parser.h> #endif -#include <crypto/public_key.h> #ifdef __UBOOT__ #include <linux/bug.h> #include <linux/compat.h> @@ -26,6 +25,7 @@ #include <linux/slab.h> #include <linux/ctype.h> #endif +#include <crypto/public_key.h> #ifdef __UBOOT__ #include <keys/asymmetric-type.h> #else
On Tue, 2 Jul 2024 at 21:31, Raymond Mao raymond.mao@linaro.org wrote:
Previous patch has introduced MbedTLS porting layer for public key, here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- Update commit message.
Changes in v4
- Control building legacy library via '_LEGACY' Kconfig.
- Minor fix of the include directories.
include/crypto/public_key.h | 6 ++++++ lib/crypto/Makefile | 5 ++--- lib/crypto/asymmetric_type.c | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 3ba90fcc348..25cfb68adce 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -12,6 +12,12 @@
#ifdef __UBOOT__ #include <linux/types.h> +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <library/common.h> +#include <mbedtls/pk.h> +#include <mbedtls/x509_crt.h> +#include <mbedtls/md.h> +#endif #else #include <linux/keyctl.h> #endif diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 16059088f26..228ae443a27 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -7,9 +7,8 @@ obj-$(CONFIG_$(SPL_)ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
-obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += \
public_key_helper.o \public_key.o+obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key_helper.o +obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY) += public_key.o
# # RSA public key parser diff --git a/lib/crypto/asymmetric_type.c b/lib/crypto/asymmetric_type.c index 24c2d15ef97..95b82cd8e84 100644 --- a/lib/crypto/asymmetric_type.c +++ b/lib/crypto/asymmetric_type.c @@ -12,7 +12,6 @@ #include <keys/asymmetric-subtype.h> #include <keys/asymmetric-parser.h> #endif -#include <crypto/public_key.h> #ifdef __UBOOT__ #include <linux/bug.h> #include <linux/compat.h> @@ -26,6 +25,7 @@ #include <linux/slab.h> #include <linux/ctype.h> #endif +#include <crypto/public_key.h> #ifdef __UBOOT__ #include <keys/asymmetric-type.h>
#else
2.25.1
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
Add porting layer for X509 cert parser on top of MbedTLS X509 library. Introduce _LEGACY and _MBEDTLS kconfigs for X509 cert parser legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. Changes in v3 - None. Changes in v4 - Introduce _LEGACY and _MBEDTLS kconfigs for X509 cert parser legacy and MbedTLS implementations respectively. - Move common functions to helper.
lib/mbedtls/Kconfig | 18 ++ lib/mbedtls/Makefile | 4 +- lib/mbedtls/x509_cert_parser.c | 446 +++++++++++++++++++++++++++++++++ 3 files changed, 467 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/x509_cert_parser.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 6f29b0c81a2..c62a556a39a 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -124,6 +124,7 @@ config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help @@ -138,6 +139,14 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY This option chooses legacy certificate library for asymmetric public key crypto algorithm.
+config X509_CERTIFICATE_PARSER_LEGACY + bool "X.509 certificate parser with legacy certificate library" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY + select ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for X509 certificate + parser. + if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY @@ -260,6 +269,7 @@ config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help @@ -273,6 +283,14 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm.
+config X509_CERTIFICATE_PARSER_MBEDTLS + bool "X.509 certificate parser with MbedTLS certificate library" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS + select ASN1_DECODER_MBEDTLS + help + This option chooses MbedTLS certificate library for X509 certificate + parser. + if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index f06d0704502..75d6a2cca07 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -24,6 +24,8 @@ hash_mbedtls-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o obj-$(CONFIG_MBEDTLS_LIB_X509) += x509_mbedtls.o x509_mbedtls-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ public_key.o +x509_mbedtls-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ + x509_cert_parser.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o @@ -54,7 +56,7 @@ mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pk.o \ $(MBEDTLS_LIB_DIR)/pk_wrap.o \ $(MBEDTLS_LIB_DIR)/pkparse.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER) += \ +mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/x509_crl.o \ $(MBEDTLS_LIB_DIR)/x509_crt.o mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += \ diff --git a/lib/mbedtls/x509_cert_parser.c b/lib/mbedtls/x509_cert_parser.c new file mode 100644 index 00000000000..0323dea3152 --- /dev/null +++ b/lib/mbedtls/x509_cert_parser.c @@ -0,0 +1,446 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * X509 cert parser using MbedTLS X509 library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#include <linux/err.h> +#include <crypto/public_key.h> +#include <crypto/x509_parser.h> + +static void x509_free_mbedtls_ctx(struct x509_cert_mbedtls_ctx *ctx) +{ + if (!ctx) + return; + + kfree(ctx->tbs); + kfree(ctx->raw_serial); + kfree(ctx->raw_issuer); + kfree(ctx->raw_subject); + kfree(ctx->raw_skid); + kfree(ctx); +} + +static int x509_set_cert_flags(struct x509_certificate *cert) +{ + struct public_key_signature *sig = cert->sig; + + if (!sig || !cert->pub) { + pr_err("Signature or public key is not initialized\n"); + return -ENOPKG; + } + + if (!cert->pub->pkey_algo) + cert->unsupported_key = true; + + if (!sig->pkey_algo) + cert->unsupported_sig = true; + + if (!sig->hash_algo) + cert->unsupported_sig = true; + + /* TODO: is_hash_blacklisted()? */ + + /* Detect self-signed certificates and set self_signed flag */ + return x509_check_for_self_signed(cert); +} + +time64_t x509_get_timestamp(const mbedtls_x509_time *x509_time) +{ + unsigned int year, mon, day, hour, min, sec; + + /* Adjust for year since 1900 */ + year = x509_time->year - 1900; + /* Adjust for 0-based month */ + mon = x509_time->mon - 1; + day = x509_time->day; + hour = x509_time->hour; + min = x509_time->min; + sec = x509_time->sec; + + return (time64_t)mktime64(year, mon, day, hour, min, sec); +} + +static char *x509_populate_dn_name_string(const mbedtls_x509_name *name) +{ + size_t len = 256; + size_t wb; + char *name_str; + + do { + name_str = kzalloc(len, GFP_KERNEL); + if (!name_str) + return NULL; + + wb = mbedtls_x509_dn_gets(name_str, len, name); + if (wb < 0) { + pr_err("Get DN string failed, ret:-0x%04x\n", + (unsigned int)-wb); + kfree(name_str); + len = len * 2; /* Try with a bigger buffer */ + } + } while (wb < 0); + + name_str[wb] = '\0'; /* add the terminator */ + + return name_str; +} + +static int x509_populate_signature_params(const mbedtls_x509_crt *cert, + struct public_key_signature **sig) +{ + struct public_key_signature *s; + struct image_region region; + size_t akid_len; + unsigned char *akid_data; + int ret; + + /* Check if signed data exist */ + if (!cert->tbs.p || !cert->tbs.len) + return -EINVAL; + + region.data = cert->tbs.p; + region.size = cert->tbs.len; + + s = kzalloc(sizeof(*s), GFP_KERNEL); + if (!s) + return -ENOMEM; + + /* + * Get the public key algorithm. + * Note: ECRDSA (Elliptic Curve RedDSA) from Red Hat is not supported by + * MbedTLS. + */ + switch (cert->sig_pk) { + case MBEDTLS_PK_RSA: + s->pkey_algo = "rsa"; + break; + default: + ret = -EINVAL; + goto error_sig; + } + + /* Get the hash algorithm */ + switch (cert->sig_md) { + case MBEDTLS_MD_SHA1: + s->hash_algo = "sha1"; + s->digest_size = SHA1_SUM_LEN; + break; + case MBEDTLS_MD_SHA256: + s->hash_algo = "sha256"; + s->digest_size = SHA256_SUM_LEN; + break; + case MBEDTLS_MD_SHA384: + s->hash_algo = "sha384"; + s->digest_size = SHA384_SUM_LEN; + break; + case MBEDTLS_MD_SHA512: + s->hash_algo = "sha512"; + s->digest_size = SHA512_SUM_LEN; + break; + /* Unsupported algo */ + case MBEDTLS_MD_MD5: + case MBEDTLS_MD_SHA224: + default: + ret = -EINVAL; + goto error_sig; + } + + /* + * Optional attributes: + * auth_ids holds AuthorityKeyIdentifier (information of issuer), + * aka akid, which is used to match with a cert's id or skid to + * indicate that is the issuer when we lookup a cert chain. + * + * auth_ids[0]: + * [PKCS#7 or CMS ver 1] - generated from "Issuer + Serial number" + * [CMS ver 3] - generated from skid (subjectKeyId) + * auth_ids[1]: generated from skid (subjectKeyId) + * + * Assume that we are using PKCS#7 (msg->version=1), + * not CMS ver 3 (msg->version=3). + */ + akid_len = cert->authority_key_id.authorityCertSerialNumber.len; + akid_data = cert->authority_key_id.authorityCertSerialNumber.p; + + /* Check if serial number exists */ + if (akid_len && akid_data) { + s->auth_ids[0] = asymmetric_key_generate_id(akid_data, + akid_len, + cert->issuer_raw.p, + cert->issuer_raw.len); + if (!s->auth_ids[0]) { + ret = -ENOMEM; + goto error_sig; + } + } + + akid_len = cert->authority_key_id.keyIdentifier.len; + akid_data = cert->authority_key_id.keyIdentifier.p; + + /* Check if subjectKeyId exists */ + if (akid_len && akid_data) { + s->auth_ids[1] = asymmetric_key_generate_id(akid_data, + akid_len, + "", 0); + if (!s->auth_ids[1]) { + ret = -ENOMEM; + goto error_sig; + } + } + + /* + * Encoding can be pkcs1 or raw, but only pkcs1 is supported. + * Set the encoding explicitly to pkcs1. + */ + s->encoding = "pkcs1"; + + /* Copy the signature data */ + s->s = kmemdup(cert->sig.p, cert->sig.len, GFP_KERNEL); + if (!s->s) { + ret = -ENOMEM; + goto error_sig; + } + s->s_size = cert->sig.len; + + /* Calculate the digest of signed data (tbs) */ + s->digest = kzalloc(s->digest_size, GFP_KERNEL); + if (!s->digest) { + ret = -ENOMEM; + goto error_sig; + } + + ret = hash_calculate(s->hash_algo, ®ion, 1, s->digest); + if (!ret) + *sig = s; + + return ret; + +error_sig: + public_key_signature_free(s); + return ret; +} + +static int x509_save_mbedtls_ctx(const mbedtls_x509_crt *cert, + struct x509_cert_mbedtls_ctx **pctx) +{ + struct x509_cert_mbedtls_ctx *ctx; + + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) + return -ENOMEM; + + /* Signed data (tbs - The part that is To Be Signed)*/ + ctx->tbs = kmemdup(cert->tbs.p, cert->tbs.len, + GFP_KERNEL); + if (!ctx->tbs) + goto error_ctx; + + /* Raw serial number */ + ctx->raw_serial = kmemdup(cert->serial.p, + cert->serial.len, GFP_KERNEL); + if (!ctx->raw_serial) + goto error_ctx; + + /* Raw issuer */ + ctx->raw_issuer = kmemdup(cert->issuer_raw.p, + cert->issuer_raw.len, GFP_KERNEL); + if (!ctx->raw_issuer) + goto error_ctx; + + /* Raw subject */ + ctx->raw_subject = kmemdup(cert->subject_raw.p, + cert->subject_raw.len, GFP_KERNEL); + if (!ctx->raw_subject) + goto error_ctx; + + /* Raw subjectKeyId */ + ctx->raw_skid = kmemdup(cert->subject_key_id.p, + cert->subject_key_id.len, GFP_KERNEL); + if (!ctx->raw_skid) + goto error_ctx; + + *pctx = ctx; + + return 0; + +error_ctx: + x509_free_mbedtls_ctx(ctx); + return -ENOMEM; +} + +/* + * Free an X.509 certificate + */ +void x509_free_certificate(struct x509_certificate *cert) +{ + if (cert) { + public_key_free(cert->pub); + public_key_signature_free(cert->sig); + kfree(cert->issuer); + kfree(cert->subject); + kfree(cert->id); + kfree(cert->skid); + x509_free_mbedtls_ctx(cert->mbedtls_ctx); + kfree(cert); + } +} + +int x509_populate_pubkey(mbedtls_x509_crt *cert, struct public_key **pub_key) +{ + struct public_key *pk; + + pk = kzalloc(sizeof(*pk), GFP_KERNEL); + if (!pk) + return -ENOMEM; + + pk->key = kzalloc(cert->pk_raw.len, GFP_KERNEL); + if (!pk->key) { + kfree(pk); + return -ENOMEM; + } + memcpy(pk->key, cert->pk_raw.p, cert->pk_raw.len); + pk->keylen = cert->pk_raw.len; + + /* + * For ECC keys, params field might include information about the curve used, + * the generator point, or other algorithm-specific parameters. + * For RSA keys, it's common for the params field to be NULL. + * FIXME: Assume that we just support RSA keys with id_type X509. + */ + pk->params = NULL; + pk->paramlen = 0; + + pk->key_is_private = false; + pk->id_type = "X509"; + pk->pkey_algo = "rsa"; + pk->algo = OID_rsaEncryption; + + *pub_key = pk; + + return 0; +} + +int x509_populate_cert(mbedtls_x509_crt *mbedtls_cert, + struct x509_certificate **pcert) +{ + struct x509_certificate *cert; + struct asymmetric_key_id *kid; + struct asymmetric_key_id *skid; + int ret; + + cert = kzalloc(sizeof(*cert), GFP_KERNEL); + if (!cert) + return -ENOMEM; + + /* Public key details */ + ret = x509_populate_pubkey(mbedtls_cert, &cert->pub); + if (ret) + goto error_cert_pop; + + /* Signature parameters */ + ret = x509_populate_signature_params(mbedtls_cert, &cert->sig); + if (ret) + goto error_cert_pop; + + ret = -ENOMEM; + + /* Name of certificate issuer */ + cert->issuer = x509_populate_dn_name_string(&mbedtls_cert->issuer); + if (!cert->issuer) + goto error_cert_pop; + + /* Name of certificate subject */ + cert->subject = x509_populate_dn_name_string(&mbedtls_cert->subject); + if (!cert->subject) + goto error_cert_pop; + + /* Certificate validity */ + cert->valid_from = x509_get_timestamp(&mbedtls_cert->valid_from); + cert->valid_to = x509_get_timestamp(&mbedtls_cert->valid_to); + + /* Save mbedtls context we need */ + ret = x509_save_mbedtls_ctx(mbedtls_cert, &cert->mbedtls_ctx); + if (ret) + goto error_cert_pop; + + /* Signed data (tbs - The part that is To Be Signed)*/ + cert->tbs = cert->mbedtls_ctx->tbs; + cert->tbs_size = mbedtls_cert->tbs.len; + + /* Raw serial number */ + cert->raw_serial = cert->mbedtls_ctx->raw_serial; + cert->raw_serial_size = mbedtls_cert->serial.len; + + /* Raw issuer */ + cert->raw_issuer = cert->mbedtls_ctx->raw_issuer; + cert->raw_issuer_size = mbedtls_cert->issuer_raw.len; + + /* Raw subject */ + cert->raw_subject = cert->mbedtls_ctx->raw_subject; + cert->raw_subject_size = mbedtls_cert->subject_raw.len; + + /* Raw subjectKeyId */ + cert->raw_skid = cert->mbedtls_ctx->raw_skid; + cert->raw_skid_size = mbedtls_cert->subject_key_id.len; + + /* Generate cert issuer + serial number key ID */ + kid = asymmetric_key_generate_id(cert->raw_serial, + cert->raw_serial_size, + cert->raw_issuer, + cert->raw_issuer_size); + if (IS_ERR(kid)) { + ret = PTR_ERR(kid); + goto error_cert_pop; + } + cert->id = kid; + + /* Generate subject + subjectKeyId */ + skid = asymmetric_key_generate_id(cert->raw_skid, cert->raw_skid_size, "", 0); + if (IS_ERR(skid)) { + ret = PTR_ERR(skid); + goto error_cert_pop; + } + cert->skid = skid; + + /* + * Set the certificate flags: + * self_signed, unsupported_key, unsupported_sig, blacklisted + */ + ret = x509_set_cert_flags(cert); + if (!ret) { + *pcert = cert; + return 0; + } + +error_cert_pop: + x509_free_certificate(cert); + return ret; +} + +struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) +{ + mbedtls_x509_crt mbedtls_cert; + struct x509_certificate *cert = NULL; + long ret; + + /* Parse DER encoded certificate */ + mbedtls_x509_crt_init(&mbedtls_cert); + ret = mbedtls_x509_crt_parse_der(&mbedtls_cert, data, datalen); + if (ret) + goto clean_up_ctx; + + /* Populate x509_certificate from mbedtls_x509_crt */ + ret = x509_populate_cert(&mbedtls_cert, &cert); + if (ret) + goto clean_up_ctx; + +clean_up_ctx: + mbedtls_x509_crt_free(&mbedtls_cert); + if (!ret) + return cert; + + return ERR_PTR(ret); +}
Previous patch has introduced MbedTLS porting layer for x509 cert parser, here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. Changes in v3 - Update commit message. Changes in v4 - Control building legacy library via '_LEGACY' Kconfig. - Add function comments for the new APIs. - Update the dependence of ASYMMETRIC_KEY_TYPE. - Minor fix of the include directories.
include/crypto/x509_parser.h | 56 ++++++++++++++++++++++++++++++++++++ lib/crypto/Kconfig | 2 +- lib/crypto/Makefile | 4 +-- lib/crypto/x509_public_key.c | 2 ++ 4 files changed, 61 insertions(+), 3 deletions(-)
diff --git a/include/crypto/x509_parser.h b/include/crypto/x509_parser.h index 4cbdc1d6612..3f917da5430 100644 --- a/include/crypto/x509_parser.h +++ b/include/crypto/x509_parser.h @@ -11,8 +11,36 @@ #include <linux/time.h> #include <crypto/public_key.h> #include <keys/asymmetric-type.h> +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <image.h> +#include <mbedtls/error.h> +#include <mbedtls/asn1.h> +#endif
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +/* Backup of part of the parsing context */ +struct x509_cert_mbedtls_ctx { + void *tbs; /* Signed data */ + void *raw_serial; /* Raw serial number in ASN.1 */ + void *raw_issuer; /* Raw issuer name in ASN.1 */ + void *raw_subject; /* Raw subject name in ASN.1 */ + void *raw_skid; /* Raw subjectKeyId in ASN.1 */ +}; +#endif + +/* + * MbedTLS integration Notes: + * + * Fields we don't need to populate from MbedTLS: + * 'raw_sig' and 'raw_sig_size' are buffer for x509_parse_context, + * not needed for MbedTLS. + * 'signer' and 'seen' are used internally by pkcs7_verify. + * 'verified' is not inuse. + */ struct x509_certificate { +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) + struct x509_cert_mbedtls_ctx *mbedtls_ctx; +#endif struct x509_certificate *next; struct x509_certificate *signer; /* Certificate that signed this one */ struct public_key *pub; /* Public key details */ @@ -48,6 +76,32 @@ struct x509_certificate { * x509_cert_parser.c */ extern void x509_free_certificate(struct x509_certificate *cert); +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +/** + * x509_populate_pubkey() - Populate public key from MbedTLS context + * + * @cert: Pointer to MbedTLS X509 cert + * @pub_key: Pointer to the populated public key handle + * Return: 0 on succcess, error code on failure + */ +int x509_populate_pubkey(mbedtls_x509_crt *cert, struct public_key **pub_key); +/** + * x509_populate_cert() - Populate X509 cert from MbedTLS context + * + * @mbedtls_cert: Pointer to MbedTLS X509 cert + * @pcert: Pointer to the populated X509 cert handle + * Return: 0 on succcess, error code on failure + */ +int x509_populate_cert(mbedtls_x509_crt *mbedtls_cert, + struct x509_certificate **pcert); +/** + * x509_get_timestamp() - Translate timestamp from MbedTLS context + * + * @x509_time: Pointer to MbedTLS time + * Return: Time in time64_t format + */ +time64_t x509_get_timestamp(const mbedtls_x509_time *x509_time); +#endif extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); extern int x509_decode_time(time64_t *_t, size_t hdrlen, unsigned char tag, @@ -56,6 +110,8 @@ extern int x509_decode_time(time64_t *_t, size_t hdrlen, /* * x509_public_key.c */ +#if !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) extern int x509_get_sig_params(struct x509_certificate *cert); +#endif extern int x509_check_for_self_signed(struct x509_certificate *cert); #endif /* _X509_PARSER_H */ diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 6e0656ad1c5..6106190677e 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -1,6 +1,6 @@ menuconfig ASYMMETRIC_KEY_TYPE bool "Asymmetric (public-key cryptographic) key Support" - depends on FIT_SIGNATURE + depends on LEGACY_CRYPTO_CERT || MBEDTLS_LIB_X509 help This option provides support for a key type that holds the data for the asymmetric keys used for public key cryptographic operations such diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 228ae443a27..7f5f04d582c 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -32,11 +32,11 @@ endif # X.509 Certificate handling # obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER) += x509_key_parser.o -x509_key_parser-y := \ +x509_key_parser-y := x509_helper.o +x509_key_parser-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_LEGACY) += \ x509.asn1.o \ x509_akid.asn1.o \ x509_cert_parser.o \ - x509_helper.o \ x509_public_key.o
$(obj)/x509_cert_parser.o: \ diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c index 4ba13c1adc3..310edbd21be 100644 --- a/lib/crypto/x509_public_key.c +++ b/lib/crypto/x509_public_key.c @@ -30,6 +30,8 @@ #include "x509_parser.h" #endif
+#if !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) + /* * Set up the signature parameters in an X.509 certificate. This involves * digesting the signed data and extracting the signature.
Hi Raymond
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +/* Backup of part of the parsing context */
I am not sure I understand the comment
+struct x509_cert_mbedtls_ctx {
void *tbs; /* Signed data */void *raw_serial; /* Raw serial number in ASN.1 */void *raw_issuer; /* Raw issuer name in ASN.1 */void *raw_subject; /* Raw subject name in ASN.1 */void *raw_skid; /* Raw subjectKeyId in ASN.1 */+}; +#endif
+/*
- MbedTLS integration Notes:
- Fields we don't need to populate from MbedTLS:
You mean *for* mbedTLS?
- 'raw_sig' and 'raw_sig_size' are buffer for x509_parse_context,
'raw_sig' and 'raw_sig_size' are used in x509_parse_context(), which in turn is not used in mbedTLS?
- not needed for MbedTLS.
- 'signer' and 'seen' are used internally by pkcs7_verify.
- 'verified' is not inuse.
either 'unsued' or 'not in use'
- */
struct x509_certificate { +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
struct x509_cert_mbedtls_ctx *mbedtls_ctx;+#endif struct x509_certificate *next; struct x509_certificate *signer; /* Certificate that signed this one */ struct public_key *pub; /* Public key details */ @@ -48,6 +76,32 @@ struct x509_certificate {
- x509_cert_parser.c
*/ extern void x509_free_certificate(struct x509_certificate *cert); +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +/**
- x509_populate_pubkey() - Populate public key from MbedTLS context
- @cert: Pointer to MbedTLS X509 cert
- @pub_key: Pointer to the populated public key handle
- Return: 0 on succcess, error code on failure
- */
+int x509_populate_pubkey(mbedtls_x509_crt *cert, struct public_key **pub_key); +/**
- x509_populate_cert() - Populate X509 cert from MbedTLS context
- @mbedtls_cert: Pointer to MbedTLS X509 cert
- @pcert: Pointer to the populated X509 cert handle
- Return: 0 on succcess, error code on failure
- */
+int x509_populate_cert(mbedtls_x509_crt *mbedtls_cert,
struct x509_certificate **pcert);+/**
- x509_get_timestamp() - Translate timestamp from MbedTLS context
- @x509_time: Pointer to MbedTLS time
- Return: Time in time64_t format
- */
+time64_t x509_get_timestamp(const mbedtls_x509_time *x509_time); +#endif extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); extern int x509_decode_time(time64_t *_t, size_t hdrlen, unsigned char tag, @@ -56,6 +110,8 @@ extern int x509_decode_time(time64_t *_t, size_t hdrlen, /*
- x509_public_key.c
*/ +#if !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) extern int x509_get_sig_params(struct x509_certificate *cert); +#endif extern int x509_check_for_self_signed(struct x509_certificate *cert); #endif /* _X509_PARSER_H */ diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 6e0656ad1c5..6106190677e 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -1,6 +1,6 @@ menuconfig ASYMMETRIC_KEY_TYPE bool "Asymmetric (public-key cryptographic) key Support"
depends on FIT_SIGNATURE
depends on LEGACY_CRYPTO_CERT || MBEDTLS_LIB_X509 help This option provides support for a key type that holds the data for the asymmetric keys used for public key cryptographic operations suchdiff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 228ae443a27..7f5f04d582c 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -32,11 +32,11 @@ endif # X.509 Certificate handling # obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER) += x509_key_parser.o -x509_key_parser-y := \ +x509_key_parser-y := x509_helper.o +x509_key_parser-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_LEGACY) += \ x509.asn1.o \ x509_akid.asn1.o \ x509_cert_parser.o \
x509_helper.o \ x509_public_key.o$(obj)/x509_cert_parser.o: \ diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c index 4ba13c1adc3..310edbd21be 100644 --- a/lib/crypto/x509_public_key.c +++ b/lib/crypto/x509_public_key.c @@ -30,6 +30,8 @@ #include "x509_parser.h" #endif
+#if !CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
/*
- Set up the signature parameters in an X.509 certificate. This involves
- digesting the signed data and extracting the signature.
-- 2.25.1
On Mon, 29 Jul 2024 at 09:20, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +/* Backup of part of the parsing context */
I am not sure I understand the comment
We can remove this comment line.
+struct x509_cert_mbedtls_ctx {
void *tbs; /* Signed data */void *raw_serial; /* Raw serial number in ASN.1 */void *raw_issuer; /* Raw issuer name in ASN.1 */void *raw_subject; /* Raw subject name in ASN.1 */void *raw_skid; /* Raw subjectKeyId in ASN.1 */+}; +#endif
+/*
- MbedTLS integration Notes:
- Fields we don't need to populate from MbedTLS:
You mean *for* mbedTLS?
- 'raw_sig' and 'raw_sig_size' are buffer for x509_parse_context,
'raw_sig' and 'raw_sig_size' are used in x509_parse_context(), which in turn is not used in mbedTLS?
Both are used by the U-Boot ASN1 library when parsing the x509.
But for MbedTLS, we removed "struct x509_parse_context ", since all parsing is done under MbedTLS and we don't need to expose them at all.
- not needed for MbedTLS.
- 'signer' and 'seen' are used internally by pkcs7_verify.
- 'verified' is not inuse.
either 'unsued' or 'not in use'
A typo. will fix it.
Regards, Raymond
Add porting layer for PKCS7 parser on top of MbedTLS PKCS7 library. Introduce _LEGACY and _MBEDTLS kconfigs for PKCS7 parser legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. - Fix EFI Capsule CI test failures. Changes in v3 - None. Changes in v4 - Introduce _LEGACY and _MBEDTLS kconfigs for PKCS7 parser legacy and MbedTLS implementations respectively. - Move common functions to helper. - Fix an unnecessary pointer casting.
lib/mbedtls/Kconfig | 18 ++ lib/mbedtls/Makefile | 3 +- lib/mbedtls/pkcs7_parser.c | 506 +++++++++++++++++++++++++++++++++++++ 3 files changed, 526 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/pkcs7_parser.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index c62a556a39a..8c5b617bb48 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -125,6 +125,7 @@ config LEGACY_CRYPTO_CERT select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER + select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help @@ -147,6 +148,14 @@ config X509_CERTIFICATE_PARSER_LEGACY This option chooses legacy certificate library for X509 certificate parser.
+config PKCS7_MESSAGE_PARSER_LEGACY + bool "PKCS#7 message parser with legacy certificate library" + depends on X509_CERTIFICATE_PARSER_LEGACY + select ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for PKCS7 message + parser. + if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY @@ -270,6 +279,7 @@ config MBEDTLS_LIB_X509 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER + select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help @@ -291,6 +301,14 @@ config X509_CERTIFICATE_PARSER_MBEDTLS This option chooses MbedTLS certificate library for X509 certificate parser.
+config PKCS7_MESSAGE_PARSER_MBEDTLS + bool "PKCS#7 message parser with MbedTLS certificate library" + depends on X509_CERTIFICATE_PARSER_MBEDTLS + select ASN1_DECODER_MBEDTLS + help + This option chooses MbedTLS certificate library for PKCS7 message + parser. + if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 75d6a2cca07..7b40ff0c467 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -26,6 +26,7 @@ x509_mbedtls-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ public_key.o x509_mbedtls-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o +x509_mbedtls-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o @@ -59,5 +60,5 @@ mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/x509_crl.o \ $(MBEDTLS_LIB_DIR)/x509_crt.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += \ +mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pkcs7.o diff --git a/lib/mbedtls/pkcs7_parser.c b/lib/mbedtls/pkcs7_parser.c new file mode 100644 index 00000000000..69ca784858e --- /dev/null +++ b/lib/mbedtls/pkcs7_parser.c @@ -0,0 +1,506 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * PKCS#7 parser using MbedTLS PKCS#7 library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#include <log.h> +#include <linux/kernel.h> +#include <linux/err.h> +#include <crypto/public_key.h> +#include <crypto/pkcs7_parser.h> + +static void pkcs7_free_mbedtls_ctx(struct pkcs7_mbedtls_ctx *ctx) +{ + if (ctx) { + kfree(ctx->content_data); + kfree(ctx); + } +} + +static void pkcs7_free_sinfo_mbedtls_ctx(struct pkcs7_sinfo_mbedtls_ctx *ctx) +{ + if (ctx) { + kfree(ctx->authattrs_data); + kfree(ctx->content_data_digest); + kfree(ctx); + } +} + +/* + * Parse Authenticate Attributes + * TODO: Shall we consider to integrate decoding of authenticate attribute into + * MbedTLS library? + * + * There are two kinds of structure for the Authenticate Attributes being used + * in U-Boot. + * + * Type 1 - contains in a PE/COFF EFI image: + * + * [C.P.0] { + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.3 (OID_contentType) + * U.P.SET { + * U.P.OBJECTIDENTIFIER 1.3.6.1.4.1.311.2.1.4 (OID_msIndirectData) + * } + * } + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.5 (OID_signingTime) + * U.P.SET { + * U.P.UTCTime '<siging_time>' + * } + * } + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.4 (OID_messageDigest) + * U.P.SET { + * U.P.OCTETSTRING <digest> + * } + * } + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.15 (OID_smimeCapabilites) + * U.P.SET { + * U.P.SEQUENCE { + * <...> + * } + * } + * } + * } + * + * Type 2 - contains in an EFI Capsule: + * + * [C.P.0] { + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.3 (OID_contentType) + * U.P.SET { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.7.1 (OID_data) + * } + * } + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.5 (OID_signingTime) + * U.P.SET { + * U.P.UTCTime '<siging_time>' + * } + * } + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.2.840.113549.1.9.4 (OID_messageDigest) + * U.P.SET { + * U.P.OCTETSTRING <digest> + * } + * } + *} + * + * Note: + * They have different Content Type (OID_msIndirectData or OID_data). + * OID_smimeCapabilites only exists in a PE/COFF EFI image. + */ +static int authattrs_parse(struct pkcs7_message *msg, void *aa, size_t aa_len, + struct pkcs7_signed_info *sinfo) +{ + unsigned char *p = aa; + unsigned char *end = (unsigned char *)aa + aa_len; + size_t len = 0; + int ret; + unsigned char *inner_p; + size_t seq_len = 0; + + ret = mbedtls_asn1_get_tag(&p, end, &seq_len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED); + if (ret) + return ret; + + while (!mbedtls_asn1_get_tag(&p, end, &seq_len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)) { + inner_p = p; + ret = mbedtls_asn1_get_tag(&inner_p, p + seq_len, &len, + MBEDTLS_ASN1_OID); + if (ret) + return ret; + + if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS9_CONTENTTYPE, inner_p, len)) { + inner_p += len; + ret = mbedtls_asn1_get_tag(&inner_p, p + seq_len, &len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SET); + if (ret) + return ret; + + ret = mbedtls_asn1_get_tag(&inner_p, p + seq_len, &len, + MBEDTLS_ASN1_OID); + if (ret) + return ret; + + /* + * We should only support 1.2.840.113549.1.7.1 (OID_data) + * for PKCS7 DATA that is used in EFI Capsule and + * 1.3.6.1.4.1.311.2.1.4 (OID_msIndirectData) for + * MicroSoft Authentication Code that is used in EFI + * Secure Boot. + */ + if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_INDIRECTDATA, + inner_p, len) && + MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DATA, + inner_p, len)) + return -EINVAL; + + if (__test_and_set_bit(sinfo_has_content_type, &sinfo->aa_set)) + return -EINVAL; + } else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS9_MESSAGEDIGEST, inner_p, + len)) { + inner_p += len; + ret = mbedtls_asn1_get_tag(&inner_p, p + seq_len, &len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SET); + if (ret) + return ret; + + ret = mbedtls_asn1_get_tag(&inner_p, p + seq_len, &len, + MBEDTLS_ASN1_OCTET_STRING); + if (ret) + return ret; + + sinfo->msgdigest = inner_p; + sinfo->msgdigest_len = len; + + if (__test_and_set_bit(sinfo_has_message_digest, &sinfo->aa_set)) + return -EINVAL; + } else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS9_SIGNINGTIME, inner_p, + len)) { + mbedtls_x509_time st; + + inner_p += len; + ret = mbedtls_asn1_get_tag(&inner_p, p + seq_len, &len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SET); + if (ret) + return ret; + + ret = mbedtls_x509_get_time(&inner_p, p + seq_len, &st); + if (ret) + return ret; + sinfo->signing_time = x509_get_timestamp(&st); + + if (__test_and_set_bit(sinfo_has_signing_time, &sinfo->aa_set)) + return -EINVAL; + } else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS9_SMIMECAP, inner_p, + len)) { + if (__test_and_set_bit(sinfo_has_smime_caps, &sinfo->aa_set)) + return -EINVAL; + + if (msg->data_type != OID_msIndirectData && + msg->data_type != OID_data) + return -EINVAL; + } else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_SPOPUSINFO, inner_p, + len)) { + if (__test_and_set_bit(sinfo_has_ms_opus_info, &sinfo->aa_set)) + return -EINVAL; + } else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_STATETYPE, inner_p, + len)) { + if (__test_and_set_bit(sinfo_has_ms_statement_type, &sinfo->aa_set)) + return -EINVAL; + } + + p += seq_len; + } + + if (ret && ret != MBEDTLS_ERR_ASN1_OUT_OF_DATA) + return ret; + + msg->have_authattrs = true; + + /* + * Skip the leading tag byte (MBEDTLS_ASN1_CONTEXT_SPECIFIC | + * MBEDTLS_ASN1_CONSTRUCTED) to satisfy pkcs7_digest() when calculating + * the digest of authattrs. + */ + sinfo->authattrs = aa + 1; + sinfo->authattrs_len = aa_len - 1; + + return 0; +} + +static int x509_populate_content_data(struct pkcs7_message *msg, + mbedtls_pkcs7 *pkcs7_ctx) +{ + struct pkcs7_mbedtls_ctx *mctx; + + if (!pkcs7_ctx->content_data.data || + !pkcs7_ctx->content_data.data_len) + return 0; + + mctx = kzalloc(sizeof(*mctx), GFP_KERNEL); + if (!mctx) + return -ENOMEM; + + mctx->content_data = kmemdup(pkcs7_ctx->content_data.data, + pkcs7_ctx->content_data.data_len, + GFP_KERNEL); + if (!mctx->content_data) { + pkcs7_free_mbedtls_ctx(mctx); + return -ENOMEM; + } + + msg->data = mctx->content_data; + msg->data_len = pkcs7_ctx->content_data.data_len; + msg->data_hdrlen = pkcs7_ctx->content_data.data_hdrlen; + msg->data_type = pkcs7_ctx->content_data.data_type; + + msg->mbedtls_ctx = mctx; + return 0; +} + +static int x509_populate_sinfo(struct pkcs7_message *msg, + mbedtls_pkcs7_signer_info *mb_sinfo, + struct pkcs7_signed_info **sinfo) +{ + struct pkcs7_signed_info *signed_info; + struct public_key_signature *s; + mbedtls_md_type_t md_alg; + struct pkcs7_sinfo_mbedtls_ctx *mctx; + int ret; + + signed_info = kzalloc(sizeof(*signed_info), GFP_KERNEL); + if (!signed_info) + return -ENOMEM; + + s = kzalloc(sizeof(*s), GFP_KERNEL); + if (!s) { + ret = -ENOMEM; + goto out_no_sig; + } + + mctx = kzalloc(sizeof(*mctx), GFP_KERNEL); + if (!mctx) { + ret = -ENOMEM; + goto out_no_mctx; + } + + /* + * Hash algorithm: + * + * alg_identifier = digestAlgorithm (DigestAlgorithmIdentifier) + * MbedTLS internally checks this field to ensure + * it is the same as digest_alg_identifiers. + * sig_alg_identifier = digestEncryptionAlgorithm + * (DigestEncryptionAlgorithmIdentifier) + * MbedTLS just saves this field without any actions. + * See function pkcs7_get_signer_info() for reference. + * + * Public key algorithm: + * No information related to public key algorithm under MbedTLS signer + * info. Assume that we are using RSA. + */ + ret = mbedtls_oid_get_md_alg(&mb_sinfo->alg_identifier, &md_alg); + if (ret) + goto out_err_sinfo; + s->pkey_algo = "rsa"; + + /* Translate the hash algorithm */ + switch (md_alg) { + case MBEDTLS_MD_SHA1: + s->hash_algo = "sha1"; + s->digest_size = SHA1_SUM_LEN; + break; + case MBEDTLS_MD_SHA256: + s->hash_algo = "sha256"; + s->digest_size = SHA256_SUM_LEN; + break; + case MBEDTLS_MD_SHA384: + s->hash_algo = "sha384"; + s->digest_size = SHA384_SUM_LEN; + break; + case MBEDTLS_MD_SHA512: + s->hash_algo = "sha512"; + s->digest_size = SHA512_SUM_LEN; + break; + /* Unsupported algo */ + case MBEDTLS_MD_MD5: + case MBEDTLS_MD_SHA224: + default: + ret = -EINVAL; + goto out_err_sinfo; + } + + /* + * auth_ids holds AuthorityKeyIdentifier, aka akid + * auth_ids[0]: + * [PKCS#7 or CMS ver 1] - generated from "Issuer + Serial number" + * [CMS ver 3] - generated from skid (subjectKeyId) + * auth_ids[1]: generated from skid (subjectKeyId) + * + * Assume that we are using PKCS#7 (msg->version=1), + * not CMS ver 3 (msg->version=3). + */ + s->auth_ids[0] = asymmetric_key_generate_id(mb_sinfo->serial.p, + mb_sinfo->serial.len, + mb_sinfo->issuer_raw.p, + mb_sinfo->issuer_raw.len); + if (!s->auth_ids[0]) { + ret = -ENOMEM; + goto out_err_sinfo; + } + + /* skip s->auth_ids[1], no subjectKeyId in MbedTLS signer info ctx */ + + /* + * Encoding can be pkcs1 or raw, but only pkcs1 is supported. + * Set the encoding explicitly to pkcs1. + */ + s->encoding = "pkcs1"; + + /* Copy the signature data */ + s->s = kmemdup(mb_sinfo->sig.p, mb_sinfo->sig.len, GFP_KERNEL); + if (!s->s) { + ret = -ENOMEM; + goto out_err_sinfo; + } + s->s_size = mb_sinfo->sig.len; + signed_info->sig = s; + + /* Save the Authenticate Attributes data if exists */ + if (!mb_sinfo->authattrs.data || !mb_sinfo->authattrs.data_len) + goto no_authattrs; + + mctx->authattrs_data = kmemdup(mb_sinfo->authattrs.data, + mb_sinfo->authattrs.data_len, + GFP_KERNEL); + if (!mctx->authattrs_data) { + ret = -ENOMEM; + goto out_err_sinfo; + } + signed_info->mbedtls_ctx = mctx; + + /* If authattrs exists, decode it and parse msgdigest from it */ + ret = authattrs_parse(msg, mctx->authattrs_data, + mb_sinfo->authattrs.data_len, + signed_info); + if (ret) + goto out_err_sinfo; + +no_authattrs: + *sinfo = signed_info; + return 0; + +out_err_sinfo: + pkcs7_free_sinfo_mbedtls_ctx(mctx); +out_no_mctx: + public_key_signature_free(s); +out_no_sig: + kfree(signed_info); + return ret; +} + +/* + * Free a signed information block. + */ +static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo) +{ + if (sinfo) { + public_key_signature_free(sinfo->sig); + pkcs7_free_sinfo_mbedtls_ctx(sinfo->mbedtls_ctx); + kfree(sinfo); + } +} + +/** + * pkcs7_free_message - Free a PKCS#7 message + * @pkcs7: The PKCS#7 message to free + */ +void pkcs7_free_message(struct pkcs7_message *pkcs7) +{ + struct x509_certificate *cert; + struct pkcs7_signed_info *sinfo; + + if (pkcs7) { + while (pkcs7->certs) { + cert = pkcs7->certs; + pkcs7->certs = cert->next; + x509_free_certificate(cert); + } + while (pkcs7->crl) { + cert = pkcs7->crl; + pkcs7->crl = cert->next; + x509_free_certificate(cert); + } + while (pkcs7->signed_infos) { + sinfo = pkcs7->signed_infos; + pkcs7->signed_infos = sinfo->next; + pkcs7_free_signed_info(sinfo); + } + pkcs7_free_mbedtls_ctx(pkcs7->mbedtls_ctx); + kfree(pkcs7); + } +} + +struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen) +{ + int i; + int ret; + mbedtls_pkcs7 pkcs7_ctx; + mbedtls_pkcs7_signer_info *mb_sinfos; + mbedtls_x509_crt *mb_certs; + struct pkcs7_message *msg; + struct x509_certificate **cert; + struct pkcs7_signed_info **sinfos; + + msg = kzalloc(sizeof(*msg), GFP_KERNEL); + if (!msg) { + ret = -ENOMEM; + goto out_no_msg; + } + + /* Parse the DER encoded PKCS#7 message using MbedTLS */ + mbedtls_pkcs7_init(&pkcs7_ctx); + ret = mbedtls_pkcs7_parse_der(&pkcs7_ctx, data, datalen); + /* Check if it is a PKCS#7 message with signed data */ + if (ret != MBEDTLS_PKCS7_SIGNED_DATA) + goto parse_fail; + + /* Assume that we are using PKCS#7, not CMS ver 3 */ + msg->version = 1; /* 1 for [PKCS#7 or CMS ver 1] */ + + /* Populate the certs to msg->certs */ + for (i = 0, cert = &msg->certs, mb_certs = &pkcs7_ctx.signed_data.certs; + i < pkcs7_ctx.signed_data.no_of_certs && mb_certs; + i++, cert = &(*cert)->next, mb_certs = mb_certs->next) { + ret = x509_populate_cert(mb_certs, cert); + if (ret) + goto parse_fail; + + (*cert)->index = i + 1; + } + + /* + * Skip populating crl, that is not currently in-use. + */ + + /* Populate content data */ + ret = x509_populate_content_data(msg, &pkcs7_ctx); + if (ret) + goto parse_fail; + + /* Populate signed info to msg->signed_infos */ + for (i = 0, sinfos = &msg->signed_infos, + mb_sinfos = &pkcs7_ctx.signed_data.signers; + i < pkcs7_ctx.signed_data.no_of_signers && mb_sinfos; + i++, sinfos = &(*sinfos)->next, mb_sinfos = mb_sinfos->next) { + ret = x509_populate_sinfo(msg, mb_sinfos, sinfos); + if (ret) + goto parse_fail; + + (*sinfos)->index = i + 1; + } + + mbedtls_pkcs7_free(&pkcs7_ctx); + return msg; + +parse_fail: + mbedtls_pkcs7_free(&pkcs7_ctx); + pkcs7_free_message(msg); +out_no_msg: + msg = ERR_PTR(ret); + return msg; +}
Previous patch has introduced MbedTLS porting layer for PKCS7 parser, here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. Changes in v3 - Update commit message. Changes in v4 - Control building legacy library via '_LEGACY' Kconfig. - Minor fix of the include directories.
include/crypto/pkcs7_parser.h | 56 +++++++++++++++++++++++++++++++++++ lib/crypto/Makefile | 7 +++-- 2 files changed, 60 insertions(+), 3 deletions(-)
diff --git a/include/crypto/pkcs7_parser.h b/include/crypto/pkcs7_parser.h index 2c45cce5234..469c2711fa6 100644 --- a/include/crypto/pkcs7_parser.h +++ b/include/crypto/pkcs7_parser.h @@ -11,6 +11,12 @@ #include <linux/oid_registry.h> #include <crypto/pkcs7.h> #include <crypto/x509_parser.h> +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <mbedtls/pkcs7.h> +#include <library/x509_internal.h> +#include <mbedtls/asn1.h> +#include <mbedtls/oid.h> +#endif #include <linux/printk.h>
#define kenter(FMT, ...) \ @@ -18,7 +24,54 @@ #define kleave(FMT, ...) \ pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
+/* Backup the parsed MedTLS context that we need */ +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +struct pkcs7_mbedtls_ctx { + void *content_data; +}; + +struct pkcs7_sinfo_mbedtls_ctx { + void *authattrs_data; + void *content_data_digest; +}; +#endif + +/* + * MbedTLS integration Notes: + * + * MbedTLS PKCS#7 library does not originally support parsing MicroSoft + * Authentication Code which is used for verifying the PE image digest. + * + * 1. Authenticated Attributes (authenticatedAttributes) + * MbedTLS assumes unauthenticatedAttributes and authenticatedAttributes + * fields not exist. + * See MbedTLS function 'pkcs7_get_signer_info' for details. + * + * 2. MicroSoft Authentication Code (mscode) + * MbedTLS only supports Content Data type defined as 1.2.840.113549.1.7.1 + * (MBEDTLS_OID_PKCS7_DATA, aka OID_data). + * 1.3.6.1.4.1.311.2.1.4 (MicroSoft Authentication Code, aka + * OID_msIndirectData) is not supported. + * See MbedTLS function 'pkcs7_get_content_info_type' for details. + * + * But the EFI loader assumes that a PKCS#7 message with an EFI image always + * contains MicroSoft Authentication Code as Content Data (msg->data is NOT + * NULL), see function 'efi_signature_verify'. + * + * MbedTLS patch "0002-support-MicroSoft-authentication-code-in-PKCS7-lib.patch" + * is to support both above features by parsing the Content Data and + * Authenticate Attributes from a given PKCS#7 message. + * + * Other fields we don't need to populate from MbedTLS, which are used + * internally by pkcs7_verify: + * 'signer', 'unsupported_crypto', 'blacklisted' + * 'sig->digest' is used internally by pkcs7_digest to calculate the hash of + * Content Data or Authenticate Attributes. + */ struct pkcs7_signed_info { +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) + struct pkcs7_sinfo_mbedtls_ctx *mbedtls_ctx; +#endif struct pkcs7_signed_info *next; struct x509_certificate *signer; /* Signing certificate (in msg->certs) */ unsigned index; @@ -55,6 +108,9 @@ struct pkcs7_signed_info { };
struct pkcs7_message { +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) + struct pkcs7_mbedtls_ctx *mbedtls_ctx; +#endif struct x509_certificate *certs; /* Certificate list */ struct x509_certificate *crl; /* Revocation list */ struct pkcs7_signed_info *signed_infos; diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 7f5f04d582c..428dcba0a6b 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -50,15 +50,16 @@ $(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h # PKCS#7 message handling # obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += pkcs7_message.o -pkcs7_message-y := \ +pkcs7_message-y := pkcs7_helper.o +pkcs7_message-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_LEGACY) += \ pkcs7.asn1.o \ - pkcs7_helper.o \ pkcs7_parser.o -obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o
$(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h $(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h
+obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o + # # Signed PE binary-wrapped key handling #
Add porting layer for MSCode on top of MbedTLS ASN1 library. Introduce _LEGACY and _MBEDTLS kconfigs for MSCode legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. Changes in v3 - None. Changes in v4 - Introduce _LEGACY and _MBEDTLS kconfigs for MSCode legacy and MbedTLS implementations respectively. - Fix a few code style.
lib/mbedtls/Kconfig | 17 +++++ lib/mbedtls/Makefile | 1 + lib/mbedtls/mscode_parser.c | 123 ++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 lib/mbedtls/mscode_parser.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 8c5b617bb48..d8a8f87e031 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -126,6 +126,7 @@ config LEGACY_CRYPTO_CERT ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER + select MSCODE_PARSER_LEGACY if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help @@ -156,6 +157,14 @@ config PKCS7_MESSAGE_PARSER_LEGACY This option chooses legacy certificate library for PKCS7 message parser.
+config MSCODE_PARSER_LEGACY + bool "MS authenticode parser with legacy certificate library" + depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER + select ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for MS authenticode + parser. + if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY @@ -280,6 +289,7 @@ config MBEDTLS_LIB_X509 ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER + select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help @@ -309,6 +319,13 @@ config PKCS7_MESSAGE_PARSER_MBEDTLS This option chooses MbedTLS certificate library for PKCS7 message parser.
+config MSCODE_PARSER_MBEDTLS + bool "MS authenticode parser with MbedTLS certificate library" + select ASN1_DECODER_MBEDTLS + help + This option chooses MbedTLS certificate library for MS authenticode + parser. + if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 7b40ff0c467..ac7c487449d 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -27,6 +27,7 @@ x509_mbedtls-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ x509_mbedtls-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o x509_mbedtls-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o +x509_mbedtls-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o diff --git a/lib/mbedtls/mscode_parser.c b/lib/mbedtls/mscode_parser.c new file mode 100644 index 00000000000..c3805c6503c --- /dev/null +++ b/lib/mbedtls/mscode_parser.c @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * MSCode parser using MbedTLS ASN1 library + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#include <linux/kernel.h> +#include <linux/err.h> +#include <crypto/pkcs7.h> +#include <crypto/mscode.h> + +/* + * Parse a Microsoft Individual Code Signing blob + * + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER 1.3.6.1.4.1.311.2.1.15 (SPC_PE_IMAGE_DATA_OBJID) + * U.P.SEQUENCE { + * U.P.BITSTRING NaN : 0 unused bit(s); + * [C.P.0] { + * [C.P.2] { + * [C.P.0] <arbitrary string> + * } + * } + * } + * } + * U.P.SEQUENCE { + * U.P.SEQUENCE { + * U.P.OBJECTIDENTIFIER <digest algorithm OID> + * U.P.NULL + * } + * U.P.OCTETSTRING <PE image digest> + * } + * + * @ctx: PE file context. + * @content_data: content data pointer. + * @data_len: content data length. + * @asn1hdrlen: ASN1 header length. + */ +int mscode_parse(void *ctx, const void *content_data, size_t data_len, + size_t asn1hdrlen) +{ + struct pefile_context *_ctx = ctx; + unsigned char *p = (unsigned char *)content_data; + unsigned char *end = (unsigned char *)content_data + data_len; + size_t len = 0; + int ret; + unsigned char *inner_p; + size_t seq_len = 0; + + ret = mbedtls_asn1_get_tag(&p, end, &seq_len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE); + if (ret) + return ret; + + inner_p = p; + ret = mbedtls_asn1_get_tag(&inner_p, inner_p + seq_len, &len, + MBEDTLS_ASN1_OID); + if (ret) + return ret; + + /* Sanity check on the PE Image Data OID (1.3.6.1.4.1.311.2.1.15) */ + if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_MICROSOFT_PEIMAGEDATA, inner_p, + len)) + return -EINVAL; + + p += seq_len; + ret = mbedtls_asn1_get_tag(&p, end, &seq_len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE); + if (ret) + return ret; + + ret = mbedtls_asn1_get_tag(&p, p + seq_len, &seq_len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE); + if (ret) + return ret; + + inner_p = p; + + /* + * Check if the inner sequence contains a supported hash + * algorithm OID + */ + ret = mbedtls_asn1_get_tag(&inner_p, inner_p + seq_len, &len, + MBEDTLS_ASN1_OID); + if (ret) + return ret; + + if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_MD5, inner_p, len)) + _ctx->digest_algo = "md5"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA1, inner_p, + len)) + _ctx->digest_algo = "sha1"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA224, inner_p, + len)) + _ctx->digest_algo = "sha224"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA256, inner_p, + len)) + _ctx->digest_algo = "sha256"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA384, inner_p, + len)) + _ctx->digest_algo = "sha384"; + else if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_DIGEST_ALG_SHA512, inner_p, + len)) + _ctx->digest_algo = "sha512"; + + if (!_ctx->digest_algo) + return -EINVAL; + + p += seq_len; + ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING); + if (ret) + return ret; + + _ctx->digest = p; + _ctx->digest_len = len; + + return 0; +}
Hi Raymond
On Tue, 2 Jul 2024 at 21:33, Raymond Mao raymond.mao@linaro.org wrote:
Add porting layer for MSCode on top of MbedTLS ASN1 library. Introduce _LEGACY and _MBEDTLS kconfigs for MSCode legacy and MbedTLS implementations respectively.
You should mention explicitly on the commit message, that this patch is expected to be merged in mbedTLS upstream and we can remove it in the future
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- None.
Changes in v4
- Introduce _LEGACY and _MBEDTLS kconfigs for MSCode legacy and MbedTLS implementations respectively.
- Fix a few code style.
lib/mbedtls/Kconfig | 17 +++++ lib/mbedtls/Makefile | 1 + lib/mbedtls/mscode_parser.c | 123 ++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 lib/mbedtls/mscode_parser.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 8c5b617bb48..d8a8f87e031 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -126,6 +126,7 @@ config LEGACY_CRYPTO_CERT ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER
select MSCODE_PARSER_LEGACY if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help@@ -156,6 +157,14 @@ config PKCS7_MESSAGE_PARSER_LEGACY This option chooses legacy certificate library for PKCS7 message parser.
+config MSCODE_PARSER_LEGACY
Where is this used? Is it on a later patch? The MSCODE_PARSER_MBEDTLS option is part of this patch on the Makefile
bool "MS authenticode parser with legacy certificate library"depends on LEGACY_CRYPTO_CERT && MSCODE_PARSERselect ASN1_DECODER_LEGACYhelpThis option chooses legacy certificate library for MS authenticodeparser.if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY @@ -280,6 +289,7 @@ config MBEDTLS_LIB_X509 ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER
select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help@@ -309,6 +319,13 @@ config PKCS7_MESSAGE_PARSER_MBEDTLS This option chooses MbedTLS certificate library for PKCS7 message parser.
+config MSCODE_PARSER_MBEDTLS
bool "MS authenticode parser with MbedTLS certificate library"select ASN1_DECODER_MBEDTLShelpThis option chooses MbedTLS certificate library for MS authenticodeparser.if SPL
config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 7b40ff0c467..ac7c487449d 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -27,6 +27,7 @@ x509_mbedtls-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS) += \ x509_mbedtls-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o x509_mbedtls-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o +x509_mbedtls-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o diff --git a/lib/mbedtls/mscode_parser.c b/lib/mbedtls/mscode_parser.c new file mode 100644 index 00000000000..c3805c6503c --- /dev/null +++ b/lib/mbedtls/mscode_parser.c @@ -0,0 +1,123 @@
[...]
Thanks /Ilias
Hi Ilias,
On Fri, 26 Jul 2024 at 06:10, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:33, Raymond Mao raymond.mao@linaro.org wrote:
Add porting layer for MSCode on top of MbedTLS ASN1 library. Introduce _LEGACY and _MBEDTLS kconfigs for MSCode legacy and MbedTLS implementations respectively.
You should mention explicitly on the commit message, that this patch is expected to be merged in mbedTLS upstream and we can remove it in the future
This patch is native U-Boot patch. The ones for MbedTLS upstream are all
tagged with "mbedtls/external".
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- None.
Changes in v4
- Introduce _LEGACY and _MBEDTLS kconfigs for MSCode legacy and MbedTLS implementations respectively.
- Fix a few code style.
lib/mbedtls/Kconfig | 17 +++++ lib/mbedtls/Makefile | 1 + lib/mbedtls/mscode_parser.c | 123 ++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 lib/mbedtls/mscode_parser.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 8c5b617bb48..d8a8f87e031 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -126,6 +126,7 @@ config LEGACY_CRYPTO_CERT ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER
select MSCODE_PARSER_LEGACY if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL help@@ -156,6 +157,14 @@ config PKCS7_MESSAGE_PARSER_LEGACY This option chooses legacy certificate library for PKCS7
message
parser.+config MSCODE_PARSER_LEGACY
Where is this used? Is it on a later patch? The MSCODE_PARSER_MBEDTLS option is part of this patch on the Makefile
It is used in the next patch (#24) , it is good to split into two since
they are in different domains (mbedtls/crypto).
Regards, Raymond
Previous patch has introduced MbedTLS porting layer for mscode parser, here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Move the porting layer to MbedTLS dir. Changes in v3 - Update commit message. Changes in v4 - Control building legacy library via '_LEGACY' Kconfig. - Minor fix of the include directories.
include/crypto/mscode.h | 4 ++++ lib/crypto/Makefile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h index 551058b96e6..678e69001b9 100644 --- a/include/crypto/mscode.h +++ b/include/crypto/mscode.h @@ -9,6 +9,10 @@ #ifndef __UBOOT__ #include <crypto/hash_info.h> #endif +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <mbedtls/asn1.h> +#include <mbedtls/oid.h> +#endif
struct pefile_context { #ifndef __UBOOT__ diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 428dcba0a6b..9bbd8b48d77 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -63,7 +63,7 @@ obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o # # Signed PE binary-wrapped key handling # -obj-$(CONFIG_$(SPL_)MSCODE_PARSER) += mscode.o +obj-$(CONFIG_$(SPL_)MSCODE_PARSER_LEGACY) += mscode.o
mscode-y := \ mscode_parser.o \
Hi Raymond,
On Tue, 2 Jul 2024 at 21:33, Raymond Mao raymond.mao@linaro.org wrote:
Previous patch has introduced MbedTLS porting layer for mscode parser, here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- Update commit message.
Changes in v4
- Control building legacy library via '_LEGACY' Kconfig.
- Minor fix of the include directories.
include/crypto/mscode.h | 4 ++++ lib/crypto/Makefile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h index 551058b96e6..678e69001b9 100644 --- a/include/crypto/mscode.h +++ b/include/crypto/mscode.h @@ -9,6 +9,10 @@ #ifndef __UBOOT__ #include <crypto/hash_info.h> #endif +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <mbedtls/asn1.h> +#include <mbedtls/oid.h> +#endif
struct pefile_context { #ifndef __UBOOT__ diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 428dcba0a6b..9bbd8b48d77 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -63,7 +63,7 @@ obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o # # Signed PE binary-wrapped key handling # -obj-$(CONFIG_$(SPL_)MSCODE_PARSER) += mscode.o +obj-$(CONFIG_$(SPL_)MSCODE_PARSER_LEGACY) += mscode.o
The change it self is correct. But patches should be self contained as much as possible without breaking the compilation or functionality. IOW I think this should be in a different patch where the MSCODE_PARSER_LEGACY is introduced.
Cheers /Ilias
mscode-y := \ mscode_parser.o \ -- 2.25.1
Hi Ilias,
On Tue, 30 Jul 2024 at 04:04, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond,
On Tue, 2 Jul 2024 at 21:33, Raymond Mao raymond.mao@linaro.org wrote:
Previous patch has introduced MbedTLS porting layer for mscode parser, here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- Update commit message.
Changes in v4
- Control building legacy library via '_LEGACY' Kconfig.
- Minor fix of the include directories.
include/crypto/mscode.h | 4 ++++ lib/crypto/Makefile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h index 551058b96e6..678e69001b9 100644 --- a/include/crypto/mscode.h +++ b/include/crypto/mscode.h @@ -9,6 +9,10 @@ #ifndef __UBOOT__ #include <crypto/hash_info.h> #endif +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include <mbedtls/asn1.h> +#include <mbedtls/oid.h> +#endif
struct pefile_context { #ifndef __UBOOT__ diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 428dcba0a6b..9bbd8b48d77 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -63,7 +63,7 @@ obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o # # Signed PE binary-wrapped key handling # -obj-$(CONFIG_$(SPL_)MSCODE_PARSER) += mscode.o +obj-$(CONFIG_$(SPL_)MSCODE_PARSER_LEGACY) += mscode.o
The change it self is correct. But patches should be self contained as much as possible without breaking the compilation or functionality. IOW I think this should be in a different patch where the MSCODE_PARSER_LEGACY is introduced.
No worries, I can move them into the same patch.
Regards, Raymond
Add RSA helper layer on top on MbedTLS PK and RSA library. Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Initial patch. Changes in v3 - None. Changes in v4 - Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and MbedTLS implementations respectively. - Remove unnecessary type casting. - Minor fix of the include directories.
lib/mbedtls/Kconfig | 36 +++++++++++++++ lib/mbedtls/Makefile | 3 +- lib/mbedtls/rsa_helper.c | 95 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/rsa_helper.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index d8a8f87e031..87c500d6ca9 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -124,11 +124,13 @@ config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_LEGACY if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL + select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER && SPL help Enable legacy certificate libraries.
@@ -141,6 +143,14 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY This option chooses legacy certificate library for asymmetric public key crypto algorithm.
+config RSA_PUBLIC_KEY_PARSER_LEGACY + bool "RSA public key parser with legacy certificate library" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY + select ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for RSA public key + parser. + config X509_CERTIFICATE_PARSER_LEGACY bool "X.509 certificate parser with legacy certificate library" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY @@ -174,6 +184,14 @@ config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY This option chooses legacy certificate library for asymmetric public key crypto algorithm in SPL.
+config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY + bool "RSA public key parser with legacy certificate library in SPL" + depends on SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY + select SPL_ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for RSA public key + parser in SPL. + endif # SPL
endif # LEGACY_CRYPTO_CERT @@ -287,11 +305,13 @@ config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select RSA_PUBLIC_KEY_PARSER_MBEDTLS if RSA_PUBLIC_KEY_PARSER select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL + select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if RSA_PUBLIC_KEY_PARSER && SPL help Enable MbedTLS certificate libraries.
@@ -303,6 +323,14 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm.
+config RSA_PUBLIC_KEY_PARSER_MBEDTLS + bool "RSA public key parser with MbedTLS certificate library" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS + select ASN1_DECODER_MBEDTLS + help + This option chooses MbedTLS certificate library for RSA public key + parser. + config X509_CERTIFICATE_PARSER_MBEDTLS bool "X.509 certificate parser with MbedTLS certificate library" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS @@ -334,6 +362,14 @@ config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm in SPL.
+config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS + bool "RSA public key parser with MbedTLS certificate library in SPL" + depends on SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS + select SPL_ASN1_DECODER_MBEDTLS + help + This option chooses MbedTLS certificate library for RSA public key + parser in SPL. + endif # SPL
endif # MBEDTLS_LIB_X509 diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index ac7c487449d..9c6991f8783 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -28,6 +28,7 @@ x509_mbedtls-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o x509_mbedtls-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o x509_mbedtls-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o +x509_mbedtls-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o @@ -49,7 +50,7 @@ mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER) += \ $(MBEDTLS_LIB_DIR)/asn1parse.o \ $(MBEDTLS_LIB_DIR)/asn1write.o \ $(MBEDTLS_LIB_DIR)/oid.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += \ +mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/bignum.o \ $(MBEDTLS_LIB_DIR)/bignum_core.o \ $(MBEDTLS_LIB_DIR)/rsa.o \ diff --git a/lib/mbedtls/rsa_helper.c b/lib/mbedtls/rsa_helper.c new file mode 100644 index 00000000000..3d94eee9954 --- /dev/null +++ b/lib/mbedtls/rsa_helper.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * RSA helper functions using MbedTLS + * + * Copyright (c) 2024 Linaro Limited + * Author: Raymond Mao raymond.mao@linaro.org + */ + +#include <linux/err.h> +#include <crypto/internal/rsa.h> +#include <library/common.h> +#include <mbedtls/pk.h> +#include <mbedtls/rsa.h> +#include <mbedtls/asn1.h> + +/** + * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the + * provided struct rsa_key, pointers to the raw key as is, + * so that the caller can copy it or MPI parse it, etc. + * + * @rsa_key: struct rsa_key key representation + * @key: key in BER format + * @key_len: length of key + * + * Return: 0 on success or error code in case of error + */ +int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key, + unsigned int key_len) +{ + int ret = 0; + mbedtls_pk_context pk; + mbedtls_rsa_context *rsa; + + mbedtls_pk_init(&pk); + + ret = mbedtls_pk_parse_public_key(&pk, (const unsigned char *)key, + key_len); + if (ret) { + pr_err("Failed to parse public key, ret:-0x%04x\n", -ret); + ret = -EINVAL; + goto clean_pubkey; + } + + /* Ensure that it is a RSA key */ + if (mbedtls_pk_get_type(&pk) != MBEDTLS_PK_RSA) { + pr_err("Non-RSA keys are not supported\n"); + ret = -EKEYREJECTED; + goto clean_pubkey; + } + + /* Get RSA key context */ + rsa = mbedtls_pk_rsa(pk); + if (!rsa) { + pr_err("Failed to get RSA key context, ret:-0x%04x\n", -ret); + ret = -EINVAL; + goto clean_pubkey; + } + + /* Parse modulus (n) */ + rsa_key->n_sz = mbedtls_mpi_size(&rsa->N); + rsa_key->n = kzalloc(rsa_key->n_sz, GFP_KERNEL); + if (!rsa_key->n) { + ret = -ENOMEM; + goto clean_pubkey; + } + ret = mbedtls_mpi_write_binary(&rsa->N, (unsigned char *)rsa_key->n, + rsa_key->n_sz); + if (ret) { + pr_err("Failed to parse modulus (n), ret:-0x%04x\n", -ret); + ret = -EINVAL; + goto clean_modulus; + } + + /* Parse public exponent (e) */ + rsa_key->e_sz = mbedtls_mpi_size(&rsa->E); + rsa_key->e = kzalloc(rsa_key->e_sz, GFP_KERNEL); + if (!rsa_key->e) { + ret = -ENOMEM; + goto clean_modulus; + } + ret = mbedtls_mpi_write_binary(&rsa->E, (unsigned char *)rsa_key->e, + rsa_key->e_sz); + if (!ret) + return 0; + + pr_err("Failed to parse public exponent (e), ret:-0x%04x\n", -ret); + ret = -EINVAL; + + kfree(rsa_key->e); +clean_modulus: + kfree(rsa_key->n); +clean_pubkey: + mbedtls_pk_free(&pk); + return ret; +}
Hi Raymond
On Tue, 2 Jul 2024 at 21:33, Raymond Mao raymond.mao@linaro.org wrote:
Add RSA helper layer on top on MbedTLS PK and RSA library. Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Initial patch.
Changes in v3
- None.
Changes in v4
- Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and MbedTLS implementations respectively.
- Remove unnecessary type casting.
- Minor fix of the include directories.
lib/mbedtls/Kconfig | 36 +++++++++++++++ lib/mbedtls/Makefile | 3 +- lib/mbedtls/rsa_helper.c | 95 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/rsa_helper.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index d8a8f87e031..87c500d6ca9 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -124,11 +124,13 @@ config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE
select RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_LEGACY if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPLselect SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER && SPL
SPL shouldn't be selected. IIRC we discussed the same thing on another patch, so I assume this is fixed already?
Cheers /Ilias
help Enable legacy certificate libraries.@@ -141,6 +143,14 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY This option chooses legacy certificate library for asymmetric public key crypto algorithm.
+config RSA_PUBLIC_KEY_PARSER_LEGACY
bool "RSA public key parser with legacy certificate library"depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACYselect ASN1_DECODER_LEGACYhelpThis option chooses legacy certificate library for RSA public keyparser.config X509_CERTIFICATE_PARSER_LEGACY bool "X.509 certificate parser with legacy certificate library" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY @@ -174,6 +184,14 @@ config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY This option chooses legacy certificate library for asymmetric public key crypto algorithm in SPL.
+config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
bool "RSA public key parser with legacy certificate library in SPL"depends on SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACYselect SPL_ASN1_DECODER_LEGACYhelpThis option chooses legacy certificate library for RSA public keyparser in SPL.endif # SPL
endif # LEGACY_CRYPTO_CERT @@ -287,11 +305,13 @@ config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE
select RSA_PUBLIC_KEY_PARSER_MBEDTLS if RSA_PUBLIC_KEY_PARSER select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPLselect SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if RSA_PUBLIC_KEY_PARSER && SPL help Enable MbedTLS certificate libraries.@@ -303,6 +323,14 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm.
+config RSA_PUBLIC_KEY_PARSER_MBEDTLS
bool "RSA public key parser with MbedTLS certificate library"depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLSselect ASN1_DECODER_MBEDTLShelpThis option chooses MbedTLS certificate library for RSA public keyparser.config X509_CERTIFICATE_PARSER_MBEDTLS bool "X.509 certificate parser with MbedTLS certificate library" depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS @@ -334,6 +362,14 @@ config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm in SPL.
+config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
bool "RSA public key parser with MbedTLS certificate library in SPL"depends on SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLSselect SPL_ASN1_DECODER_MBEDTLShelpThis option chooses MbedTLS certificate library for RSA public keyparser in SPL.endif # SPL
endif # MBEDTLS_LIB_X509 diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index ac7c487449d..9c6991f8783 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -28,6 +28,7 @@ x509_mbedtls-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o x509_mbedtls-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o x509_mbedtls-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o +x509_mbedtls-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o
# MbedTLS crypto library obj-$(CONFIG_MBEDTLS_LIB_CRYPTO) += mbedtls_lib_crypto.o @@ -49,7 +50,7 @@ mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER) += \ $(MBEDTLS_LIB_DIR)/asn1parse.o \ $(MBEDTLS_LIB_DIR)/asn1write.o \ $(MBEDTLS_LIB_DIR)/oid.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += \ +mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/bignum.o \ $(MBEDTLS_LIB_DIR)/bignum_core.o \ $(MBEDTLS_LIB_DIR)/rsa.o \ diff --git a/lib/mbedtls/rsa_helper.c b/lib/mbedtls/rsa_helper.c new file mode 100644 index 00000000000..3d94eee9954 --- /dev/null +++ b/lib/mbedtls/rsa_helper.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- RSA helper functions using MbedTLS
- Copyright (c) 2024 Linaro Limited
- Author: Raymond Mao raymond.mao@linaro.org
- */
+#include <linux/err.h> +#include <crypto/internal/rsa.h> +#include <library/common.h> +#include <mbedtls/pk.h> +#include <mbedtls/rsa.h> +#include <mbedtls/asn1.h>
+/**
- rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
provided struct rsa_key, pointers to the raw key as is,
so that the caller can copy it or MPI parse it, etc.
- @rsa_key: struct rsa_key key representation
- @key: key in BER format
- @key_len: length of key
- Return: 0 on success or error code in case of error
- */
+int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
unsigned int key_len)+{
int ret = 0;mbedtls_pk_context pk;mbedtls_rsa_context *rsa;mbedtls_pk_init(&pk);ret = mbedtls_pk_parse_public_key(&pk, (const unsigned char *)key,key_len);if (ret) {pr_err("Failed to parse public key, ret:-0x%04x\n", -ret);ret = -EINVAL;goto clean_pubkey;}/* Ensure that it is a RSA key */if (mbedtls_pk_get_type(&pk) != MBEDTLS_PK_RSA) {pr_err("Non-RSA keys are not supported\n");ret = -EKEYREJECTED;goto clean_pubkey;}/* Get RSA key context */rsa = mbedtls_pk_rsa(pk);if (!rsa) {pr_err("Failed to get RSA key context, ret:-0x%04x\n", -ret);ret = -EINVAL;goto clean_pubkey;}/* Parse modulus (n) */rsa_key->n_sz = mbedtls_mpi_size(&rsa->N);rsa_key->n = kzalloc(rsa_key->n_sz, GFP_KERNEL);if (!rsa_key->n) {ret = -ENOMEM;goto clean_pubkey;}ret = mbedtls_mpi_write_binary(&rsa->N, (unsigned char *)rsa_key->n,rsa_key->n_sz);if (ret) {pr_err("Failed to parse modulus (n), ret:-0x%04x\n", -ret);ret = -EINVAL;goto clean_modulus;}/* Parse public exponent (e) */rsa_key->e_sz = mbedtls_mpi_size(&rsa->E);rsa_key->e = kzalloc(rsa_key->e_sz, GFP_KERNEL);if (!rsa_key->e) {ret = -ENOMEM;goto clean_modulus;}ret = mbedtls_mpi_write_binary(&rsa->E, (unsigned char *)rsa_key->e,rsa_key->e_sz);if (!ret)return 0;pr_err("Failed to parse public exponent (e), ret:-0x%04x\n", -ret);ret = -EINVAL;kfree(rsa_key->e);+clean_modulus:
kfree(rsa_key->n);+clean_pubkey:
mbedtls_pk_free(&pk);return ret;+}
2.25.1
Hi Ilias,
On Tue, 30 Jul 2024 at 04:05, Ilias Apalodimas ilias.apalodimas@linaro.org wrote:
Hi Raymond
On Tue, 2 Jul 2024 at 21:33, Raymond Mao raymond.mao@linaro.org wrote:
Add RSA helper layer on top on MbedTLS PK and RSA library. Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Initial patch.
Changes in v3
- None.
Changes in v4
- Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and MbedTLS implementations respectively.
- Remove unnecessary type casting.
- Minor fix of the include directories.
lib/mbedtls/Kconfig | 36 +++++++++++++++ lib/mbedtls/Makefile | 3 +- lib/mbedtls/rsa_helper.c | 95 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 lib/mbedtls/rsa_helper.c
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index d8a8f87e031..87c500d6ca9 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -124,11 +124,13 @@ config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE
select RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_LEGACY if MSCODE_PARSER select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPLselect SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER&& SPL
SPL shouldn't be selected. IIRC we discussed the same thing on another patch, so I assume this is fixed already?
Yes. It is already fixed in the upcoming v5 as below:
``` select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER ```
Regards, Raymond
Previous patch has introduced MbedTLS porting layer for RSA helper, here to adjust the makefile accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Initial patch. Changes in v3 - Update commit message. Changes in v4 - Control building legacy library via '_LEGACY' Kconfig.
lib/crypto/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 9bbd8b48d77..281e507743a 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -13,7 +13,7 @@ obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY) += public_key.o # # RSA public key parser # -obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o +obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_LEGACY) += rsa_public_key.o rsa_public_key-y := \ rsapubkey.asn1.o \ rsa_helper.o
On Tue, 2 Jul 2024 at 21:34, Raymond Mao raymond.mao@linaro.org wrote:
Previous patch has introduced MbedTLS porting layer for RSA helper, here to adjust the makefile accordingly.
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- Initial patch.
Changes in v3
- Update commit message.
Changes in v4
- Control building legacy library via '_LEGACY' Kconfig.
lib/crypto/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 9bbd8b48d77..281e507743a 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -13,7 +13,7 @@ obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY) += public_key.o # # RSA public key parser # -obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o +obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_LEGACY) += rsa_public_key.o rsa_public_key-y := \ rsapubkey.asn1.o \ rsa_helper.o -- 2.25.1
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
When building with MbedTLS, we are using MbedTLS to decode ASN1 data for x509, pkcs7 and mscode. Introduce _LEGACY and _MBEDTLS kconfigs for ASN1 decoder legacy and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - Initial patch. Changes in v3 - None. Changes in v4 - Introduce _LEGACY and _MBEDTLS kconfigs for ASN1 decoder legacy and MbedTLS implementations respectively. - Update the commit subject.
lib/Makefile | 2 +- lib/mbedtls/Kconfig | 28 ++++++++++++++++++++++++++++ lib/mbedtls/Makefile | 2 +- 3 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/lib/Makefile b/lib/Makefile index f76af77a969..c3b44c3c9ae 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -80,7 +80,7 @@ obj-$(CONFIG_$(SPL_)SHA256_LEGACY) += sha256.o obj-$(CONFIG_$(SPL_)SHA512_LEGACY) += sha512.o
obj-$(CONFIG_CRYPT_PW) += crypt/ -obj-$(CONFIG_$(SPL_)ASN1_DECODER) += asn1_decoder.o +obj-$(CONFIG_$(SPL_)ASN1_DECODER_LEGACY) += asn1_decoder.o
obj-$(CONFIG_$(SPL_)ZLIB) += zlib/ obj-$(CONFIG_$(SPL_)ZSTD) += zstd/ diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 87c500d6ca9..4dd2fe07a1f 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -122,12 +122,14 @@ endif # LEGACY_CRYPTO_BASIC
config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" + select ASN1_DECODER_LEGACY if ASN1_DECODER select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE select RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_LEGACY if MSCODE_PARSER + select SPL_ASN1_DECODER_LEGACY if ASN1_DECODER && SPL select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER && SPL @@ -136,6 +138,12 @@ config LEGACY_CRYPTO_CERT
if LEGACY_CRYPTO_CERT
+config ASN1_DECODER_LEGACY + bool "ASN1 decoder with legacy certificate library" + depends on LEGACY_CRYPTO_CERT && ASN1_DECODER + help + This option chooses legacy certificate library for ASN1 decoder. + config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY bool "Asymmetric public key crypto with legacy certificate library" depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -177,6 +185,13 @@ config MSCODE_PARSER_LEGACY
if SPL
+config SPL_ASN1_DECODER_LEGACY + bool "ASN1 decoder with legacy certificate library in SPL" + depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER + help + This option chooses legacy certificate library for ASN1 decoder in + SPL. + config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_LEGACY bool "Asymmetric public key crypto with legacy certificate library in SPL" depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -303,12 +318,14 @@ endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509 bool "MbedTLS certificate libraries" + select ASN1_DECODER_MBEDTLS if ASN1_DECODER select ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE select RSA_PUBLIC_KEY_PARSER_MBEDTLS if RSA_PUBLIC_KEY_PARSER select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER + select SPL_ASN1_DECODER_MBEDTLS if ASN1_DECODER && SPL select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE && SPL select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if RSA_PUBLIC_KEY_PARSER && SPL @@ -317,6 +334,11 @@ config MBEDTLS_LIB_X509
if MBEDTLS_LIB_X509
+config ASN1_DECODER_MBEDTLS + bool "ASN1 decoder with MbedTLS certificate library" + help + This option chooses MbedTLS certificate library for ASN1 decoder. + config ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS bool "Asymmetric public key crypto with MbedTLS certificate library" help @@ -356,6 +378,12 @@ config MSCODE_PARSER_MBEDTLS
if SPL
+config SPL_ASN1_DECODER_MBEDTLS + bool "ASN1 decoder with MbedTLS certificate library in SPL" + help + This option chooses MbedTLS certificate library for ASN1 decoder in + SPL. + config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE_MBEDTLS bool "Asymmetric public key crypto with MbedTLS certificate library in SPL" help diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 9c6991f8783..9b09fbcea28 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -46,7 +46,7 @@ mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ # MbedTLS X509 library obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o mbedtls_lib_x509-y += $(MBEDTLS_LIB_DIR)/x509.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER) += \ +mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/asn1parse.o \ $(MBEDTLS_LIB_DIR)/asn1write.o \ $(MBEDTLS_LIB_DIR)/oid.o
With MBEDTLS_LIB_X509 enabled, we don't build the original ASN1 lib, So remove it from test.
Signed-off-by: Raymond Mao raymond.mao@linaro.org Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org --- Changes in v2 - Initial patch. Changes in v3 - None. Changes in v4 - None.
test/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/Kconfig b/test/Kconfig index e2ec0994a2e..558a9cd49b4 100644 --- a/test/Kconfig +++ b/test/Kconfig @@ -32,7 +32,7 @@ if UT_LIB
config UT_LIB_ASN1 bool "Unit test for asn1 compiler and decoder function" - depends on SANDBOX + depends on SANDBOX && !MBEDTLS_LIB_X509 default y imply ASYMMETRIC_KEY_TYPE imply ASYMMETRIC_PUBLIC_KEY_SUBTYPE
Enable MbedTLS as default setting for qemu arm64
Signed-off-by: Raymond Mao raymond.mao@linaro.org --- Changes in v2 - None. Changes in v3 - None. Changes in v4 - removed the unused CONFIG_MBEDTLS_LIB_TLS.
configs/qemu_arm64_defconfig | 4 ++++ configs/sandbox_defconfig | 3 +++ 2 files changed, 7 insertions(+)
diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig index 7e166f43908..9e2c490192c 100644 --- a/configs/qemu_arm64_defconfig +++ b/configs/qemu_arm64_defconfig @@ -67,4 +67,8 @@ CONFIG_TPM2_MMIO=y CONFIG_USB_EHCI_HCD=y CONFIG_USB_EHCI_PCI=y CONFIG_SEMIHOSTING=y +CONFIG_MBEDTLS_LIB=y +CONFIG_MBEDTLS_LIB_CRYPTO=y +CONFIG_MBEDTLS_LIB_X509=y CONFIG_TPM=y +CONFIG_EFI_SECURE_BOOT=y diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 93b52f2de5c..679bbf69936 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -343,6 +343,9 @@ CONFIG_FS_CBFS=y CONFIG_FS_CRAMFS=y CONFIG_ADDR_MAP=y CONFIG_CMD_DHRYSTONE=y +CONFIG_MBEDTLS_LIB=y +CONFIG_MBEDTLS_LIB_CRYPTO=y +CONFIG_MBEDTLS_LIB_X509=y CONFIG_ECDSA=y CONFIG_ECDSA_VERIFY=y CONFIG_TPM=y
On Tue, 2 Jul 2024 at 21:35, Raymond Mao raymond.mao@linaro.org wrote:
Enable MbedTLS as default setting for qemu arm64
Signed-off-by: Raymond Mao raymond.mao@linaro.org
Changes in v2
- None.
Changes in v3
- None.
Changes in v4
- removed the unused CONFIG_MBEDTLS_LIB_TLS.
configs/qemu_arm64_defconfig | 4 ++++ configs/sandbox_defconfig | 3 +++ 2 files changed, 7 insertions(+)
diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig index 7e166f43908..9e2c490192c 100644 --- a/configs/qemu_arm64_defconfig +++ b/configs/qemu_arm64_defconfig @@ -67,4 +67,8 @@ CONFIG_TPM2_MMIO=y CONFIG_USB_EHCI_HCD=y CONFIG_USB_EHCI_PCI=y CONFIG_SEMIHOSTING=y +CONFIG_MBEDTLS_LIB=y +CONFIG_MBEDTLS_LIB_CRYPTO=y +CONFIG_MBEDTLS_LIB_X509=y CONFIG_TPM=y +CONFIG_EFI_SECURE_BOOT=y diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 93b52f2de5c..679bbf69936 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -343,6 +343,9 @@ CONFIG_FS_CBFS=y CONFIG_FS_CRAMFS=y CONFIG_ADDR_MAP=y CONFIG_CMD_DHRYSTONE=y +CONFIG_MBEDTLS_LIB=y +CONFIG_MBEDTLS_LIB_CRYPTO=y +CONFIG_MBEDTLS_LIB_X509=y CONFIG_ECDSA=y CONFIG_ECDSA_VERIFY=y CONFIG_TPM=y -- 2.25.1
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs with MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed image verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)
bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
And in both cases, there's a pretty big non-removal of code I was expecting since overall we're replacing a lot of functionality, not just enabling new functionality? If I'm wrong about that and we're doing both, please separate out "enables new features" from "feature parity with legacy" in commit updates to qemu_arm64 since buildman's handy "show the delta for each commit in a series" is quite helpful in spotting when we changed more/less than expected. And in this case perhaps qemu_army64 wasn't fully enabling stuff before? sandbox changes by only ~16Kib which is much better and I see pkcs7 and x509 related removals in the size comparison.
Another note is that qemu-x86_64, which should be similar in EFI feature function only grows by 129 bytes. Which isn't zero, but isn't bad. I haven't done a for-each-commit build, but if we have generic bugfixes here, we should split those out.
For example, I do see we're dropping some legacy hash related code, but I'd want to dig a bit to make sure it's all of it.
And for v4 I'm not doing a world build comparison with mbedTLS being default rather than legacy since I think the logic there is where some of the Kconfig issues I mentioned are from and so I'm not confident the results would look good. But for v5, please pick some arbitrary platforms and switch them over and check the size change there as well.
Thanks!
Hi Tom,
On Tue, 2 Jul 2024 at 21:26, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs
with
MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's
certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash
functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed
image
verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
I have a problem with buildman. As I followed the buildman/README.rst and run below command, but cannot get any output size summary. Is anything missing? I saw some artifacts of building each commit being generated in the upper dir though. ``` ./tools/buildman/buildman -b <my_branch_name> --boards qemu_arm64 -sSdB ``` I have set my branch upstream to upstream/next.
Regards, Raymond
On Tue, Jul 23, 2024 at 03:24:29PM -0400, Raymond Mao wrote:
Hi Tom,
On Tue, 2 Jul 2024 at 21:26, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs
with
MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's
certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash
functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed
image
verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
I have a problem with buildman. As I followed the buildman/README.rst and run below command, but cannot get any output size summary. Is anything missing? I saw some artifacts of building each commit being generated in the upper dir though.
./tools/buildman/buildman -b <my_branch_name> --boards qemu_arm64 -sSdBI have set my branch upstream to upstream/next.
You have to tell it twice, once to build and a second to summarize things. My wrapper looks like: #!/bin/bash
# Initial and constant buildman args ARGS="-devl -PEWM" ALL=0 KEEP=0
# Find our arguments while test $# -ne 0; do if [ "$1" == "--all" ]; then ALL=1 shift 1 elif [ "$1" == "--branch" ]; then BRANCH=$2 shift 2 elif [ "$1" == "--keep" ]; then KEEP=1 ARGS="$ARGS -k" shift 1 elif [ "$1" == "--board" ]; then MACHINE="--board $2" OUTDIR=/tmp/$2 shift 2 else MACHINE=$1 shift 1 fi done
OUTDIR=${OUTDIR:-/tmp/$MACHINE}
if [ -z "$MACHINE" ]; then echo Usage: $0 MACHINE [--all] [--keep] [--branch BRANCH] exit 1 fi
# If not all, then only first/last if [ $ALL -ne 1 ]; then ARGS="$ARGS --step 0" fi
if [ ! -z $BRANCH ]; then ARGS="$ARGS -b $BRANCH" else ARGS="$ARGS -b `git rev-parse --abbrev-ref HEAD`" fi
mkdir -p ${OUTDIR}
export SOURCE_DATE_EPOCH=`date +%s` ./tools/buildman/buildman -o ${OUTDIR} $ARGS -SBC $MACHINE ./tools/buildman/buildman -o ${OUTDIR} $ARGS -SsB $MACHINE
[ $KEEP -eq 0 ] && rm -rf ${OUTDIR}
Hi Raymond,
On Tue, 23 Jul 2024 at 14:45, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 23, 2024 at 03:24:29PM -0400, Raymond Mao wrote:
Hi Tom,
On Tue, 2 Jul 2024 at 21:26, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs
with
MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's
certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash
functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed
image
verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
I have a problem with buildman. As I followed the buildman/README.rst and run below command, but cannot get any output size summary. Is anything missing? I saw some artifacts of building each commit being generated in the upper dir though.
./tools/buildman/buildman -b <my_branch_name> --boards qemu_arm64 -sSdBI have set my branch upstream to upstream/next.
Please check here as well:
https://docs.u-boot.org/en/latest/build/buildman.html#theory-of-operation
You have to tell it twice, once to build and a second to summarize things. My wrapper looks like: #!/bin/bash
# Initial and constant buildman args ARGS="-devl -PEWM" ALL=0 KEEP=0
# Find our arguments while test $# -ne 0; do if [ "$1" == "--all" ]; then ALL=1 shift 1 elif [ "$1" == "--branch" ]; then BRANCH=$2 shift 2 elif [ "$1" == "--keep" ]; then KEEP=1 ARGS="$ARGS -k" shift 1 elif [ "$1" == "--board" ]; then MACHINE="--board $2" OUTDIR=/tmp/$2 shift 2 else MACHINE=$1 shift 1 fi done
OUTDIR=${OUTDIR:-/tmp/$MACHINE}
if [ -z "$MACHINE" ]; then echo Usage: $0 MACHINE [--all] [--keep] [--branch BRANCH] exit 1 fi
# If not all, then only first/last if [ $ALL -ne 1 ]; then ARGS="$ARGS --step 0" fi
if [ ! -z $BRANCH ]; then ARGS="$ARGS -b $BRANCH" else ARGS="$ARGS -b `git rev-parse --abbrev-ref HEAD`" fi
mkdir -p ${OUTDIR}
export SOURCE_DATE_EPOCH=`date +%s` ./tools/buildman/buildman -o ${OUTDIR} $ARGS -SBC $MACHINE ./tools/buildman/buildman -o ${OUTDIR} $ARGS -SsB $MACHINE
[ $KEEP -eq 0 ] && rm -rf ${OUTDIR}
Regards, Simon
Hi Tom,
On Tue, 2 Jul 2024 at 21:26, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs
with
MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's
certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash
functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed
image
verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
The reason that buildman is showing more growth is because I enable
"CONFIG_EFI_SECURE_BOOT=y" in my patch, which is off by default for qemu_arm64. Since the buildman is always comparing one local branch with the 'upstream' (I didn't find a way to let it compare two local branches or maybe I am wrong), I guess I have to first merge one commit with just enabling CONFIG_EFI_SECURE_BOOT to solve this. But I get this makes less value...
I think it is better to use sandbox for comparison from v5, and I will add one more platform (e.g. imx8mp) for reference.
Regards, Raymond
Hi Raymond,
On Wed, 24 Jul 2024 at 08:35, Raymond Mao raymond.mao@linaro.org wrote:
Hi Tom,
On Tue, 2 Jul 2024 at 21:26, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs with MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed image verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
The reason that buildman is showing more growth is because I enable "CONFIG_EFI_SECURE_BOOT=y" in my patch, which is off by default for qemu_arm64. Since the buildman is always comparing one local branch with the 'upstream' (I didn't find a way to let it compare two local branches or maybe I am wrong), I guess I have to first merge one commit with just enabling CONFIG_EFI_SECURE_BOOT to solve this. But I get this makes less value...
Yes, that's one way to do it. It cannot compare two branches. It only compares one commit with the next.
I think it is better to use sandbox for comparison from v5, and I will add one more platform (e.g. imx8mp) for reference.
Regards, Simon
On Wed, Jul 24, 2024 at 10:34:50AM -0400, Raymond Mao wrote:
Hi Tom,
On Tue, 2 Jul 2024 at 21:26, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs
with
MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1, and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for MbedTLS is ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library. `LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS` Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509 are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's
certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the building will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256, sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash
functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of the size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed
image
verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
The reason that buildman is showing more growth is because I enable
"CONFIG_EFI_SECURE_BOOT=y" in my patch, which is off by default for qemu_arm64. Since the buildman is always comparing one local branch with the 'upstream' (I didn't find a way to let it compare two local branches or maybe I am wrong), I guess I have to first merge one commit with just enabling CONFIG_EFI_SECURE_BOOT to solve this. But I get this makes less value...
I think it is better to use sandbox for comparison from v5, and I will add one more platform (e.g. imx8mp) for reference.
Please note that I check the world before/after, not just single platforms, for size growth. I'll note some examples of issues when I find them, typically. And with the wrapper I posted, sometimes I will "--all" a platform to see which commit increases things.
Hi Tom,
On Wed, 24 Jul 2024 at 18:42, Tom Rini trini@konsulko.com wrote:
On Wed, Jul 24, 2024 at 10:34:50AM -0400, Raymond Mao wrote:
Hi Tom,
On Tue, 2 Jul 2024 at 21:26, Tom Rini trini@konsulko.com wrote:
On Tue, Jul 02, 2024 at 11:22:36AM -0700, Raymond Mao wrote:
Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
Motivations:
- MbedTLS is well maintained with LTS versions.
- LWIP is integrated with MbedTLS and easily to enable HTTPS.
- MbedTLS recently switched license back to GPLv2.
Prerequisite:
This patch series requires mbedtls git repo to be added as a subtree to the main U-Boot repo via: $ git subtree add --prefix lib/mbedtls/external/mbedtls \ https://github.com/Mbed-TLS/mbedtls.git \ v3.6.0 --squash Moreover, due to the Windows-style files from mbedtls git repo, we need to convert the CRLF endings to LF and do a commit manually: $ git add --renormalize . $ git commit
New Kconfig options:
`MBEDTLS_LIB` is for MbedTLS general switch. `MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs
with
MbedTLS. `MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode,
ASN1,
and Pubkey parser with MbedTLS. `MBEDTLS_LIB_TLS` is for SSL/TLS (Disabled until LWIP port for
MbedTLS is
ready). `LEGACY_CRYPTO` is introduced as a main switch for legacy crypto
library.
`LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and `LEGACY_CRYPTO_CERT` is for the certificate related functionalities. For each of the algorithm, a pair of `<alg>_LEGACY` and
`<alg>_MBEDTLS`
Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and
MBEDTLS_LIB_X509
are by default enabled in qemu_arm64_defconfig for testing purpose.
Patches for external MbedTLS project:
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs executables which is not supported by MbedTLS at the moment, addtional patches for MbedTLS are created to adapt with the EFI
loader:
- Decoding of Microsoft Authentication Code.
- Decoding of PKCS#9 Authenticate Attributes.
- Extending MbedTLS PKCS#7 lib to support multiple signer's
certificates.
- MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to MbedTLS project and being reviewed, eventually they should be part of MbedTLS LTS release. But before that, please merge them into U-Boot, otherwise the
building
will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference: https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
Optimized MbedTLS library size by tailoring the config file and disabling all unnecessary features for EFI loader. From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1,
sha256,
sha512) are completely replaced when MbedTLS is enabled. From v3, the size-growth is slightly reduced by refactoring Hash
functions.
Target(QEMU arm64) size-growth when enabling MbedTLS: v1: 6.03% v2: 4.66% v3 & v4: 4.55%
Please see the latest output of bloat-o-meter for the reference of
the
size-growth on QEMU arm64 target [1].
Tests done:
EFI Secure Boot test (EFI variables loading and verifying, EFI signed
image
verifying and booting) via U-Boot console. EFI Secure Boot and Capsule sandbox test passed.
Known issues:
None.
[1]: bloat-o-meter output between disabling/enabling MbedTLS (QEMU
arm64)
add/remove: 206/81 grow/shrink: 19/17 up/down: 55548/-17495 (38053)bloat-o-meter is a bit off then, since buildman shows: u-boot: add: 243/-17, grow: 18/-17 bytes: 65723/-8480 (57243)
(Please use buildman for the size comparisons in the future).
The reason that buildman is showing more growth is because I enable
"CONFIG_EFI_SECURE_BOOT=y" in my patch, which is off by default for qemu_arm64. Since the buildman is always comparing one local branch with the 'upstream' (I didn't find a way to let it compare two local branches or maybe I am wrong), I guess I have to first merge one commit with just enabling CONFIG_EFI_SECURE_BOOT to solve this. But I get this makes less value...
I think it is better to use sandbox for comparison from v5, and I will add one more platform (e.g. imx8mp) for reference.
Please note that I check the world before/after, not just single platforms, for size growth. I'll note some examples of issues when I find them, typically. And with the wrapper I posted, sometimes I will "--all" a platform to see which commit increases things.
For your reference, below size-growth is for v5 (qemu_arm64, nanopi_a64,
sandbox):
aarch64: (for 2/2 boards) all +582.0 bss +40.0 data -64.0 rodata +206.0 text +400.0 qemu_arm64 : all +7040 bss +80 data -64 rodata +212 text +6812 u-boot: add: 28/-17, grow: 12/-16 bytes: 15492/-8304 (7188) nanopi_a64 : all -5876 data -64 rodata +200 text -6012 u-boot: add: 21/-8, grow: 4/-8 bytes: 12312/-4364 (7948) sandbox: (for 1/1 boards) all +22416.0 data +1440.0 rodata -4160.0 text +25136.0 sandbox : all +22416 data +1440 rodata -4160 text +25136 u-boot: add: 253/-203, grow: 115/-61 bytes: 93168/-76647 (16521)
I think the size-growth should be reasonable. I will attach the details in v5 cover-letter.
Regards, Raymond
participants (5)
-
Ilias Apalodimas -
Jerome Forissier -
Raymond Mao -
Simon Glass -
Tom Rini