based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>master
parent
2842c1c242
commit
646257d1f4
@ -0,0 +1,23 @@ |
||||
/*
|
||||
* Copyright (c) 2013, Andreas Oetken. |
||||
* |
||||
* SPDX-License-Identifier: GPL-2.0+ |
||||
*/ |
||||
|
||||
#ifndef _RSA_CHECKSUM_H |
||||
#define _RSA_CHECKSUM_H |
||||
|
||||
#include <errno.h> |
||||
#include <image.h> |
||||
#include <sha1.h> |
||||
#include <sha256.h> |
||||
|
||||
extern const uint8_t padding_sha256_rsa2048[]; |
||||
extern const uint8_t padding_sha1_rsa2048[]; |
||||
|
||||
void sha256_calculate(const struct image_region region[], int region_count, |
||||
uint8_t *checksum); |
||||
void sha1_calculate(const struct image_region region[], int region_count, |
||||
uint8_t *checksum); |
||||
|
||||
#endif |
@ -0,0 +1,98 @@ |
||||
/*
|
||||
* Copyright (c) 2013, Andreas Oetken. |
||||
* |
||||
* SPDX-License-Identifier: GPL-2.0+ |
||||
*/ |
||||
|
||||
#include <common.h> |
||||
#include <fdtdec.h> |
||||
#include <rsa.h> |
||||
#include <sha1.h> |
||||
#include <sha256.h> |
||||
#include <asm/byteorder.h> |
||||
#include <asm/errno.h> |
||||
#include <asm/unaligned.h> |
||||
|
||||
#define RSA2048_BYTES 256 |
||||
|
||||
/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */ |
||||
|
||||
const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = { |
||||
0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30, |
||||
0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, |
||||
0x00, 0x04, 0x20 |
||||
}; |
||||
|
||||
const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = { |
||||
0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30, |
||||
0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, |
||||
0x05, 0x00, 0x04, 0x14 |
||||
}; |
||||
|
||||
void sha1_calculate(const struct image_region region[], int region_count, |
||||
uint8_t *checksum) |
||||
{ |
||||
sha1_context ctx; |
||||
uint32_t i; |
||||
i = 0; |
||||
|
||||
sha1_starts(&ctx); |
||||
for (i = 0; i < region_count; i++) |
||||
sha1_update(&ctx, region[i].data, region[i].size); |
||||
sha1_finish(&ctx, checksum); |
||||
} |
||||
|
||||
void sha256_calculate(const struct image_region region[], int region_count, |
||||
uint8_t *checksum) |
||||
{ |
||||
sha256_context ctx; |
||||
uint32_t i; |
||||
i = 0; |
||||
|
||||
sha256_starts(&ctx); |
||||
for (i = 0; i < region_count; i++) |
||||
sha256_update(&ctx, region[i].data, region[i].size); |
||||
sha256_finish(&ctx, checksum); |
||||
} |
@ -0,0 +1,45 @@ |
||||
/dts-v1/; |
||||
|
||||
/ { |
||||
description = "Chrome OS kernel image with one or more FDT blobs"; |
||||
#address-cells = <1>; |
||||
|
||||
images { |
||||
kernel@1 { |
||||
data = /incbin/("test-kernel.bin"); |
||||
type = "kernel_noload"; |
||||
arch = "sandbox"; |
||||
os = "linux"; |
||||
compression = "none"; |
||||
load = <0x4>; |
||||
entry = <0x8>; |
||||
kernel-version = <1>; |
||||
hash@1 { |
||||
algo = "sha256"; |
||||
}; |
||||
}; |
||||
fdt@1 { |
||||
description = "snow"; |
||||
data = /incbin/("sandbox-kernel.dtb"); |
||||
type = "flat_dt"; |
||||
arch = "sandbox"; |
||||
compression = "none"; |
||||
fdt-version = <1>; |
||||
hash@1 { |
||||
algo = "sha256"; |
||||
}; |
||||
}; |
||||
}; |
||||
configurations { |
||||
default = "conf@1"; |
||||
conf@1 { |
||||
kernel = "kernel@1"; |
||||
fdt = "fdt@1"; |
||||
signature@1 { |
||||
algo = "sha256,rsa2048"; |
||||
key-name-hint = "dev"; |
||||
sign-images = "fdt", "kernel"; |
||||
}; |
||||
}; |
||||
}; |
||||
}; |
@ -0,0 +1,42 @@ |
||||
/dts-v1/; |
||||
|
||||
/ { |
||||
description = "Chrome OS kernel image with one or more FDT blobs"; |
||||
#address-cells = <1>; |
||||
|
||||
images { |
||||
kernel@1 { |
||||
data = /incbin/("test-kernel.bin"); |
||||
type = "kernel_noload"; |
||||
arch = "sandbox"; |
||||
os = "linux"; |
||||
compression = "none"; |
||||
load = <0x4>; |
||||
entry = <0x8>; |
||||
kernel-version = <1>; |
||||
signature@1 { |
||||
algo = "sha256,rsa2048"; |
||||
key-name-hint = "dev"; |
||||
}; |
||||
}; |
||||
fdt@1 { |
||||
description = "snow"; |
||||
data = /incbin/("sandbox-kernel.dtb"); |
||||
type = "flat_dt"; |
||||
arch = "sandbox"; |
||||
compression = "none"; |
||||
fdt-version = <1>; |
||||
signature@1 { |
||||
algo = "sha256,rsa2048"; |
||||
key-name-hint = "dev"; |
||||
}; |
||||
}; |
||||
}; |
||||
configurations { |
||||
default = "conf@1"; |
||||
conf@1 { |
||||
kernel = "kernel@1"; |
||||
fdt = "fdt@1"; |
||||
}; |
||||
}; |
||||
}; |
Loading…
Reference in new issue