based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>master
parent
2842c1c242
commit
646257d1f4
@ -0,0 +1,23 @@ |
|||||||
|
/*
|
||||||
|
* Copyright (c) 2013, Andreas Oetken. |
||||||
|
* |
||||||
|
* SPDX-License-Identifier: GPL-2.0+ |
||||||
|
*/ |
||||||
|
|
||||||
|
#ifndef _RSA_CHECKSUM_H |
||||||
|
#define _RSA_CHECKSUM_H |
||||||
|
|
||||||
|
#include <errno.h> |
||||||
|
#include <image.h> |
||||||
|
#include <sha1.h> |
||||||
|
#include <sha256.h> |
||||||
|
|
||||||
|
extern const uint8_t padding_sha256_rsa2048[]; |
||||||
|
extern const uint8_t padding_sha1_rsa2048[]; |
||||||
|
|
||||||
|
void sha256_calculate(const struct image_region region[], int region_count, |
||||||
|
uint8_t *checksum); |
||||||
|
void sha1_calculate(const struct image_region region[], int region_count, |
||||||
|
uint8_t *checksum); |
||||||
|
|
||||||
|
#endif |
@ -0,0 +1,98 @@ |
|||||||
|
/*
|
||||||
|
* Copyright (c) 2013, Andreas Oetken. |
||||||
|
* |
||||||
|
* SPDX-License-Identifier: GPL-2.0+ |
||||||
|
*/ |
||||||
|
|
||||||
|
#include <common.h> |
||||||
|
#include <fdtdec.h> |
||||||
|
#include <rsa.h> |
||||||
|
#include <sha1.h> |
||||||
|
#include <sha256.h> |
||||||
|
#include <asm/byteorder.h> |
||||||
|
#include <asm/errno.h> |
||||||
|
#include <asm/unaligned.h> |
||||||
|
|
||||||
|
#define RSA2048_BYTES 256 |
||||||
|
|
||||||
|
/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */ |
||||||
|
|
||||||
|
const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = { |
||||||
|
0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30, |
||||||
|
0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, |
||||||
|
0x00, 0x04, 0x20 |
||||||
|
}; |
||||||
|
|
||||||
|
const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = { |
||||||
|
0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||||
|
0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30, |
||||||
|
0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, |
||||||
|
0x05, 0x00, 0x04, 0x14 |
||||||
|
}; |
||||||
|
|
||||||
|
void sha1_calculate(const struct image_region region[], int region_count, |
||||||
|
uint8_t *checksum) |
||||||
|
{ |
||||||
|
sha1_context ctx; |
||||||
|
uint32_t i; |
||||||
|
i = 0; |
||||||
|
|
||||||
|
sha1_starts(&ctx); |
||||||
|
for (i = 0; i < region_count; i++) |
||||||
|
sha1_update(&ctx, region[i].data, region[i].size); |
||||||
|
sha1_finish(&ctx, checksum); |
||||||
|
} |
||||||
|
|
||||||
|
void sha256_calculate(const struct image_region region[], int region_count, |
||||||
|
uint8_t *checksum) |
||||||
|
{ |
||||||
|
sha256_context ctx; |
||||||
|
uint32_t i; |
||||||
|
i = 0; |
||||||
|
|
||||||
|
sha256_starts(&ctx); |
||||||
|
for (i = 0; i < region_count; i++) |
||||||
|
sha256_update(&ctx, region[i].data, region[i].size); |
||||||
|
sha256_finish(&ctx, checksum); |
||||||
|
} |
@ -0,0 +1,45 @@ |
|||||||
|
/dts-v1/; |
||||||
|
|
||||||
|
/ { |
||||||
|
description = "Chrome OS kernel image with one or more FDT blobs"; |
||||||
|
#address-cells = <1>; |
||||||
|
|
||||||
|
images { |
||||||
|
kernel@1 { |
||||||
|
data = /incbin/("test-kernel.bin"); |
||||||
|
type = "kernel_noload"; |
||||||
|
arch = "sandbox"; |
||||||
|
os = "linux"; |
||||||
|
compression = "none"; |
||||||
|
load = <0x4>; |
||||||
|
entry = <0x8>; |
||||||
|
kernel-version = <1>; |
||||||
|
hash@1 { |
||||||
|
algo = "sha256"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
fdt@1 { |
||||||
|
description = "snow"; |
||||||
|
data = /incbin/("sandbox-kernel.dtb"); |
||||||
|
type = "flat_dt"; |
||||||
|
arch = "sandbox"; |
||||||
|
compression = "none"; |
||||||
|
fdt-version = <1>; |
||||||
|
hash@1 { |
||||||
|
algo = "sha256"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
}; |
||||||
|
configurations { |
||||||
|
default = "conf@1"; |
||||||
|
conf@1 { |
||||||
|
kernel = "kernel@1"; |
||||||
|
fdt = "fdt@1"; |
||||||
|
signature@1 { |
||||||
|
algo = "sha256,rsa2048"; |
||||||
|
key-name-hint = "dev"; |
||||||
|
sign-images = "fdt", "kernel"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
}; |
||||||
|
}; |
@ -0,0 +1,42 @@ |
|||||||
|
/dts-v1/; |
||||||
|
|
||||||
|
/ { |
||||||
|
description = "Chrome OS kernel image with one or more FDT blobs"; |
||||||
|
#address-cells = <1>; |
||||||
|
|
||||||
|
images { |
||||||
|
kernel@1 { |
||||||
|
data = /incbin/("test-kernel.bin"); |
||||||
|
type = "kernel_noload"; |
||||||
|
arch = "sandbox"; |
||||||
|
os = "linux"; |
||||||
|
compression = "none"; |
||||||
|
load = <0x4>; |
||||||
|
entry = <0x8>; |
||||||
|
kernel-version = <1>; |
||||||
|
signature@1 { |
||||||
|
algo = "sha256,rsa2048"; |
||||||
|
key-name-hint = "dev"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
fdt@1 { |
||||||
|
description = "snow"; |
||||||
|
data = /incbin/("sandbox-kernel.dtb"); |
||||||
|
type = "flat_dt"; |
||||||
|
arch = "sandbox"; |
||||||
|
compression = "none"; |
||||||
|
fdt-version = <1>; |
||||||
|
signature@1 { |
||||||
|
algo = "sha256,rsa2048"; |
||||||
|
key-name-hint = "dev"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
}; |
||||||
|
configurations { |
||||||
|
default = "conf@1"; |
||||||
|
conf@1 { |
||||||
|
kernel = "kernel@1"; |
||||||
|
fdt = "fdt@1"; |
||||||
|
}; |
||||||
|
}; |
||||||
|
}; |
Loading…
Reference in new issue