* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
@ 2014-02-06 3:47 Marek Vasut
2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut
` (3 more replies)
0 siblings, 4 replies; 13+ messages in thread
From: Marek Vasut @ 2014-02-06 3:47 UTC (permalink / raw)
To: u-boot
This patch adds support for SHA-256 hash into the FIT image. The usage is
as with the other hashing algorithms:
"
hash at 1 {
algo = "sha256";
};
"
Signed-off-by: Marek Vasut <marex@denx.de>
---
common/image-fit.c | 5 +++++
include/image.h | 15 ++++++++++++++-
tools/Makefile | 2 ++
3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index cf4b67e..a7ecf8b 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -22,6 +22,7 @@ DECLARE_GLOBAL_DATA_PTR;
#include <bootstage.h>
#include <sha1.h>
+#include <sha256.h>
#include <u-boot/crc.h>
#include <u-boot/md5.h>
@@ -882,6 +883,10 @@ int calculate_hash(const void *data, int data_len, const char *algo,
sha1_csum_wd((unsigned char *)data, data_len,
(unsigned char *)value, CHUNKSZ_SHA1);
*value_len = 20;
+ } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
+ sha256_csum_wd((unsigned char *)data, data_len,
+ (unsigned char *)value, CHUNKSZ_SHA256);
+ *value_len = 32;
} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
*value_len = 16;
diff --git a/include/image.h b/include/image.h
index 7de2bb2..e5c76e7 100644
--- a/include/image.h
+++ b/include/image.h
@@ -57,13 +57,18 @@ struct lmb;
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
+# ifdef CONFIG_SPL_SHA256_SUPPORT
+# define IMAGE_ENABLE_SHA256 1
+# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
# define CONFIG_MD5 /* and MD5 */
# define CONFIG_SHA1 /* and SHA1 */
+# define CONFIG_SHA256 /* and SHA256 */
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
+# define IMAGE_ENABLE_SHA256 1
# endif
#ifndef IMAGE_ENABLE_CRC32
@@ -78,6 +83,10 @@ struct lmb;
#define IMAGE_ENABLE_SHA1 0
#endif
+#ifndef IMAGE_ENABLE_SHA256
+#define IMAGE_ENABLE_SHA256 0
+#endif
+
#endif /* CONFIG_FIT */
#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
@@ -345,6 +354,10 @@ extern bootm_headers_t images;
#define CHUNKSZ_SHA1 (64 * 1024)
#endif
+#ifndef CHUNKSZ_SHA256
+#define CHUNKSZ_SHA256 (64 * 1024)
+#endif
+
#define uimage_to_cpu(x) be32_to_cpu(x)
#define cpu_to_uimage(x) cpu_to_be32(x)
@@ -691,7 +704,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
#define FIT_FDT_PROP "fdt"
#define FIT_DEFAULT_PROP "default"
-#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */
+#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), sha256_len(32)) */
/* cmdline argument format parsing */
int fit_parse_conf(const char *spec, ulong addr_curr,
diff --git a/tools/Makefile b/tools/Makefile
index 328cea3..e025004 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -71,6 +71,7 @@ EXT_OBJ_FILES-y += common/image-sig.o
EXT_OBJ_FILES-y += lib/crc32.o
EXT_OBJ_FILES-y += lib/md5.o
EXT_OBJ_FILES-y += lib/sha1.o
+EXT_OBJ_FILES-y += lib/sha256.o
# Source files located in the tools directory
NOPED_OBJ_FILES-y += aisimage.o
@@ -252,6 +253,7 @@ $(obj)mkimage$(SFX): $(obj)aisimage.o \
$(obj)os_support.o \
$(obj)pblimage.o \
$(obj)sha1.o \
+ $(obj)sha256.o \
$(obj)ublimage.o \
$(LIBFDT_OBJS) \
$(RSA_OBJS)
--
1.8.5.3
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes
2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut
@ 2014-02-06 3:47 ` Marek Vasut
2014-02-06 12:18 ` Wolfgang Denk
2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut
` (2 subsequent siblings)
3 siblings, 1 reply; 13+ messages in thread
From: Marek Vasut @ 2014-02-06 3:47 UTC (permalink / raw)
To: u-boot
Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c .
Each file now has a function which does the correct hashing operation
instead of having the SHA-1 hashing operation hard-coded in the rest
of the code. This makes adding a new hashing operating much easier and
cleaner.
Signed-off-by: Marek Vasut <marex@denx.de>
---
lib/rsa/rsa-sign.c | 45 ++++++++++++++++++++++++--
lib/rsa/rsa-verify.c | 89 +++++++++++++++++++++++++++++++++++++++-------------
2 files changed, 110 insertions(+), 24 deletions(-)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 549130e..4e11720 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -15,6 +15,11 @@
#include <openssl/ssl.h>
#include <openssl/evp.h>
+enum rsa_hash_type {
+ RSA_HASH_SHA1,
+ RSA_HASH_UNKNOWN,
+};
+
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#define HAVE_ERR_REMOVE_THREAD_STATE
#endif
@@ -159,7 +164,19 @@ static void rsa_remove(void)
EVP_cleanup();
}
-static int rsa_sign_with_key(RSA *rsa, const struct image_region region[],
+static const EVP_MD *rsa_sign_get_hash(enum rsa_hash_type hash)
+{
+ switch (hash) {
+ case RSA_HASH_SHA1:
+ return EVP_sha1();
+ default: /* This must never happen. */
+ rsa_err("Invalid hash type!\n");
+ exit(1);
+ };
+}
+
+static int rsa_sign_with_key(RSA *rsa, enum rsa_hash_type hash,
+ const struct image_region region[],
int region_count, uint8_t **sigp, uint *sig_size)
{
EVP_PKEY *key;
@@ -192,7 +209,7 @@ static int rsa_sign_with_key(RSA *rsa, const struct image_region region[],
goto err_create;
}
EVP_MD_CTX_init(context);
- if (!EVP_SignInit(context, EVP_sha1())) {
+ if (!EVP_SignInit(context, rsa_sign_get_hash(hash))) {
ret = rsa_err("Signer setup failed");
goto err_sign;
}
@@ -228,12 +245,34 @@ err_set:
return ret;
}
+static enum rsa_hash_type rsa_get_sha_type(struct image_sign_info *info)
+{
+ char *pos;
+ unsigned int hash_str_len;
+
+ pos = strstr(info->algo->name, ",");
+ if (!pos)
+ return -EINVAL;
+
+ hash_str_len = pos - info->algo->name;
+
+ if (!strncmp(info->algo->name, "sha1", hash_str_len))
+ return RSA_HASH_SHA1;
+ else
+ return RSA_HASH_UNKNOWN;
+}
+
int rsa_sign(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t **sigp, uint *sig_len)
{
RSA *rsa;
int ret;
+ enum rsa_hash_type hash;
+
+ hash = rsa_get_sha_type(info);
+ if (hash == RSA_HASH_UNKNOWN)
+ return -EINVAL;
ret = rsa_init();
if (ret)
@@ -242,7 +281,7 @@ int rsa_sign(struct image_sign_info *info,
ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa);
if (ret)
goto err_priv;
- ret = rsa_sign_with_key(rsa, region, region_count, sigp, sig_len);
+ ret = rsa_sign_with_key(rsa, hash, region, region_count, sigp, sig_len);
if (ret)
goto err_sign;
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 02cc4e3..9617f8d 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -6,6 +6,7 @@
#include <common.h>
#include <fdtdec.h>
+#include <malloc.h>
#include <rsa.h>
#include <sha1.h>
#include <asm/byteorder.h>
@@ -209,10 +210,9 @@ static int pow_mod(const struct rsa_public_key *key, uint32_t *inout)
}
static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig,
- const uint32_t sig_len, const uint8_t *hash)
+ const uint32_t sig_len, const uint8_t *hash,
+ const uint8_t *padding, int pad_len)
{
- const uint8_t *padding;
- int pad_len;
int ret;
if (!key || !sig || !hash)
@@ -238,10 +238,6 @@ static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig,
if (ret)
return ret;
- /* Determine padding to use depending on the signature type. */
- padding = padding_sha1_rsa2048;
- pad_len = RSA2048_BYTES - SHA1_SUM_LEN;
-
/* Check pkcs1.5 padding bytes. */
if (memcmp(buf, padding, pad_len)) {
debug("In RSAVerify(): Padding check failed!\n");
@@ -266,7 +262,8 @@ static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src, int len)
}
static int rsa_verify_with_keynode(struct image_sign_info *info,
- const void *hash, uint8_t *sig, uint sig_len, int node)
+ const void *hash, uint8_t *sig, uint sig_len, int node,
+ const uint8_t *padding, int pad_len)
{
const void *blob = info->fdt_blob;
struct rsa_public_key key;
@@ -309,7 +306,7 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
}
debug("key length %d\n", key.len);
- ret = rsa_verify_key(&key, sig, sig_len, hash);
+ ret = rsa_verify_key(&key, sig, sig_len, hash, padding, pad_len);
if (ret) {
printf("%s: RSA failed to verify: %d\n", __func__, ret);
return ret;
@@ -318,17 +315,64 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
return 0;
}
+static int
+rsa_compute_hash_sha1(const struct image_region region[], int region_count,
+ uint8_t **out_hash)
+{
+ sha1_context ctx;
+ int i;
+ uint8_t *hash;
+
+ hash = calloc(1, SHA1_SUM_LEN);
+ if (!hash)
+ return -ENOMEM;
+
+ sha1_starts(&ctx);
+ for (i = 0; i < region_count; i++)
+ sha1_update(&ctx, region[i].data, region[i].size);
+ sha1_finish(&ctx, hash);
+
+ *out_hash = hash;
+
+ return 0;
+}
+
+static int rsa_compute_hash(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t **out_hash, const uint8_t **padding,
+ int *pad_len)
+{
+ int len, ret;
+ const uint8_t *pad;
+
+ if (!strcmp(info->algo->name, "sha1,rsa2048")) {
+ pad = padding_sha1_rsa2048;
+ len = RSA2048_BYTES - SHA1_SUM_LEN;
+ ret = rsa_compute_hash_sha1(region, region_count, out_hash);
+ } else {
+ ret = -EINVAL;
+ }
+
+ if (!ret) {
+ *padding = pad;
+ *pad_len = len;
+ }
+
+ return ret;
+}
+
int rsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len)
{
const void *blob = info->fdt_blob;
- uint8_t hash[SHA1_SUM_LEN];
+ uint8_t *hash = NULL;
int ndepth, noffset;
int sig_node, node;
char name[100];
- sha1_context ctx;
- int ret, i;
+ const uint8_t *padding;
+ int pad_len;
+ int ret;
sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME);
if (sig_node < 0) {
@@ -336,25 +380,26 @@ int rsa_verify(struct image_sign_info *info,
return -ENOENT;
}
- sha1_starts(&ctx);
- for (i = 0; i < region_count; i++)
- sha1_update(&ctx, region[i].data, region[i].size);
- sha1_finish(&ctx, hash);
+ ret = rsa_compute_hash(info, region, region_count, &hash,
+ &padding, &pad_len);
+ if (ret)
+ return ret;
/* See if we must use a particular key */
if (info->required_keynode != -1) {
ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
- info->required_keynode);
+ info->required_keynode, padding, pad_len);
if (!ret)
- return ret;
+ goto exit;
}
/* Look for a key that matches our hint */
snprintf(name, sizeof(name), "key-%s", info->keyname);
node = fdt_subnode_offset(blob, sig_node, name);
- ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node);
+ ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node,
+ padding, pad_len);
if (!ret)
- return ret;
+ goto exit;
/* No luck, so try each of the keys in turn */
for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, &ndepth);
@@ -362,11 +407,13 @@ int rsa_verify(struct image_sign_info *info,
noffset = fdt_next_node(info->fit, noffset, &ndepth)) {
if (ndepth == 1 && noffset != node) {
ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
- noffset);
+ noffset, padding, pad_len);
if (!ret)
break;
}
}
+exit:
+ free(hash);
return ret;
}
--
1.8.5.3
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash
2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut
2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut
@ 2014-02-06 3:47 ` Marek Vasut
2014-02-15 23:31 ` Simon Glass
2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher
2014-02-06 12:17 ` Wolfgang Denk
3 siblings, 1 reply; 13+ messages in thread
From: Marek Vasut @ 2014-02-06 3:47 UTC (permalink / raw)
To: u-boot
Add support for "sha256,rsa2048" signature. This patch utilises the previously
laid groundwork for adding other hashes.
Signed-off-by: Marek Vasut <marex@denx.de>
---
common/image-sig.c | 8 +++++++-
lib/rsa/rsa-sign.c | 5 +++++
lib/rsa/rsa-verify.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 973b06d..c3d63bc 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -23,7 +23,13 @@ struct image_sig_algo image_sig_algos[] = {
rsa_sign,
rsa_add_verify_data,
rsa_verify,
- }
+ },
+ {
+ "sha256,rsa2048",
+ rsa_sign,
+ rsa_add_verify_data,
+ rsa_verify,
+ },
};
struct image_sig_algo *image_get_sig_algo(const char *name)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 4e11720..f1167b1 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -17,6 +17,7 @@
enum rsa_hash_type {
RSA_HASH_SHA1,
+ RSA_HASH_SHA256,
RSA_HASH_UNKNOWN,
};
@@ -169,6 +170,8 @@ static const EVP_MD *rsa_sign_get_hash(enum rsa_hash_type hash)
switch (hash) {
case RSA_HASH_SHA1:
return EVP_sha1();
+ case RSA_HASH_SHA256:
+ return EVP_sha256();
default: /* This must never happen. */
rsa_err("Invalid hash type!\n");
exit(1);
@@ -258,6 +261,8 @@ static enum rsa_hash_type rsa_get_sha_type(struct image_sign_info *info)
if (!strncmp(info->algo->name, "sha1", hash_str_len))
return RSA_HASH_SHA1;
+ else if (!strncmp(info->algo->name, "sha256", hash_str_len))
+ return RSA_HASH_SHA256;
else
return RSA_HASH_UNKNOWN;
}
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 9617f8d..67fb882 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -9,6 +9,7 @@
#include <malloc.h>
#include <rsa.h>
#include <sha1.h>
+#include <sha256.h>
#include <asm/byteorder.h>
#include <asm/errno.h>
#include <asm/unaligned.h>
@@ -70,6 +71,37 @@ static const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = {
0x05, 0x00, 0x04, 0x14
};
+static const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = {
+ 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+ 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
+};
+
/**
* subtract_modulus() - subtract modulus from the given value
*
@@ -337,6 +369,28 @@ rsa_compute_hash_sha1(const struct image_region region[], int region_count,
return 0;
}
+static int
+rsa_compute_hash_sha256(const struct image_region region[], int region_count,
+ uint8_t **out_hash)
+{
+ sha256_context ctx;
+ int i;
+ uint8_t *hash;
+
+ hash = calloc(1, SHA256_SUM_LEN);
+ if (!hash)
+ return -ENOMEM;
+
+ sha256_starts(&ctx);
+ for (i = 0; i < region_count; i++)
+ sha256_update(&ctx, region[i].data, region[i].size);
+ sha256_finish(&ctx, hash);
+
+ *out_hash = hash;
+
+ return 0;
+}
+
static int rsa_compute_hash(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t **out_hash, const uint8_t **padding,
@@ -349,6 +403,10 @@ static int rsa_compute_hash(struct image_sign_info *info,
pad = padding_sha1_rsa2048;
len = RSA2048_BYTES - SHA1_SUM_LEN;
ret = rsa_compute_hash_sha1(region, region_count, out_hash);
+ } else if (!strcmp(info->algo->name, "sha256,rsa2048")) {
+ pad = padding_sha256_rsa2048;
+ len = RSA2048_BYTES - SHA256_SUM_LEN;
+ ret = rsa_compute_hash_sha256(region, region_count, out_hash);
} else {
ret = -EINVAL;
}
--
1.8.5.3
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut
2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut
2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut
@ 2014-02-06 5:19 ` Heiko Schocher
2014-02-08 14:18 ` Marek Vasut
2014-02-06 12:17 ` Wolfgang Denk
3 siblings, 1 reply; 13+ messages in thread
From: Heiko Schocher @ 2014-02-06 5:19 UTC (permalink / raw)
To: u-boot
Hello Marek,
Am 06.02.2014 04:47, schrieb Marek Vasut:
> This patch adds support for SHA-256 hash into the FIT image. The usage is
> as with the other hashing algorithms:
>
> "
> hash at 1 {
> algo = "sha256";
> };
> "
>
> Signed-off-by: Marek Vasut<marex@denx.de>
> ---
> common/image-fit.c | 5 +++++
> include/image.h | 15 ++++++++++++++-
> tools/Makefile | 2 ++
> 3 files changed, 21 insertions(+), 1 deletion(-)
seems I posted similiar patches ... you find them here:
[U-Boot,1/7] tools/image-host: fix sign-images bug
http://patchwork.ozlabs.org/patch/314125/
[U-Boot,2/7] fdt: add "fdt sign" command
http://patchwork.ozlabs.org/patch/314120/
[U-Boot,3/7] fit: add sha256 support
http://patchwork.ozlabs.org/patch/314126/
[U-Boot,4/7] rsa: add sha256-rsa2048 algorithm
http://patchwork.ozlabs.org/patch/314124/
[U-Boot,5/7] rsa: add sha256,rsa4096 algorithm
http://patchwork.ozlabs.org/patch/314121/
I reworked the comments, except one is missing, and I can post "v2"
Maybe you can try this patches?
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut
` (2 preceding siblings ...)
2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher
@ 2014-02-06 12:17 ` Wolfgang Denk
2014-02-08 14:17 ` Marek Vasut
3 siblings, 1 reply; 13+ messages in thread
From: Wolfgang Denk @ 2014-02-06 12:17 UTC (permalink / raw)
To: u-boot
Dear Marek,
In message <1391658426-24799-1-git-send-email-marex@denx.de> you wrote:
> This patch adds support for SHA-256 hash into the FIT image. The usage is
> as with the other hashing algorithms:
...
> -#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */
> +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), sha256_len(32)) */
Line too long.
Please make sure to run your patches through checkpatch !
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
I have made mistakes, but have never made the mistake of claiming I
never made one. - James G. Bennet
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes
2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut
@ 2014-02-06 12:18 ` Wolfgang Denk
2014-02-06 19:40 ` Marek Vasut
0 siblings, 1 reply; 13+ messages in thread
From: Wolfgang Denk @ 2014-02-06 12:18 UTC (permalink / raw)
To: u-boot
Dear Marek,
In message <1391658426-24799-2-git-send-email-marex@denx.de> you wrote:
> Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c .
> Each file now has a function which does the correct hashing operation
> instead of having the SHA-1 hashing operation hard-coded in the rest
> of the code. This makes adding a new hashing operating much easier and
> cleaner.
...
> - noffset);
> + noffset, padding, pad_len);
Line too long.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
It is easier to write an incorrect program than understand a correct
one.
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes
2014-02-06 12:18 ` Wolfgang Denk
@ 2014-02-06 19:40 ` Marek Vasut
0 siblings, 0 replies; 13+ messages in thread
From: Marek Vasut @ 2014-02-06 19:40 UTC (permalink / raw)
To: u-boot
On Thursday, February 06, 2014 at 01:18:31 PM, Wolfgang Denk wrote:
> Dear Marek,
>
> In message <1391658426-24799-2-git-send-email-marex@denx.de> you wrote:
> > Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c .
> > Each file now has a function which does the correct hashing operation
> > instead of having the SHA-1 hashing operation hard-coded in the rest
> > of the code. This makes adding a new hashing operating much easier and
> > cleaner.
>
> ...
>
> > - noffset);
> > + noffset, padding,
pad_len);
>
> Line too long.
I will need to cross-correlate this with Heiko's efforts, so there'll be V2 of
either mine or his stuff.
Thanks for the review though.
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
2014-02-06 12:17 ` Wolfgang Denk
@ 2014-02-08 14:17 ` Marek Vasut
0 siblings, 0 replies; 13+ messages in thread
From: Marek Vasut @ 2014-02-08 14:17 UTC (permalink / raw)
To: u-boot
On Thursday, February 06, 2014 at 01:17:36 PM, Wolfgang Denk wrote:
> Dear Marek,
>
> In message <1391658426-24799-1-git-send-email-marex@denx.de> you wrote:
> > This patch adds support for SHA-256 hash into the FIT image. The usage is
>
> > as with the other hashing algorithms:
> ...
>
> > -#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */
> > +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20),
> > sha256_len(32)) */
>
> Line too long.
>
> Please make sure to run your patches through checkpatch !
This is weird, since all my patches should be checked upon 'git commit' via
hook. Thanks for bringing this up to my attention, I will verify that.
Nonetheless, I would vouch for applying Heiko's patches instead.
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher
@ 2014-02-08 14:18 ` Marek Vasut
2014-02-10 6:35 ` Heiko Schocher
0 siblings, 1 reply; 13+ messages in thread
From: Marek Vasut @ 2014-02-08 14:18 UTC (permalink / raw)
To: u-boot
On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote:
> Hello Marek,
>
> Am 06.02.2014 04:47, schrieb Marek Vasut:
> > This patch adds support for SHA-256 hash into the FIT image. The usage is
> > as with the other hashing algorithms:
> >
> > "
> >
> > hash at 1 {
> >
> > algo = "sha256";
> >
> > };
> >
> > "
> >
> > Signed-off-by: Marek Vasut<marex@denx.de>
> > ---
> >
> > common/image-fit.c | 5 +++++
> > include/image.h | 15 ++++++++++++++-
> > tools/Makefile | 2 ++
> > 3 files changed, 21 insertions(+), 1 deletion(-)
>
> seems I posted similiar patches ... you find them here:
Nice, thanks for bringing this up. Please review my series and check if there's
possibly something interesting in that you might pull out into yours.
Otherwise, I'm all for applying your , since you also added rsa4096.
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
2014-02-08 14:18 ` Marek Vasut
@ 2014-02-10 6:35 ` Heiko Schocher
2014-02-12 10:46 ` Marek Vasut
0 siblings, 1 reply; 13+ messages in thread
From: Heiko Schocher @ 2014-02-10 6:35 UTC (permalink / raw)
To: u-boot
Hello Marek,
Am 08.02.2014 15:18, schrieb Marek Vasut:
> On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote:
>> Hello Marek,
>>
>> Am 06.02.2014 04:47, schrieb Marek Vasut:
>>> This patch adds support for SHA-256 hash into the FIT image. The usage is
>>> as with the other hashing algorithms:
>>>
>>> "
>>>
>>> hash at 1 {
>>>
>>> algo = "sha256";
>>>
>>> };
>>>
>>> "
>>>
>>> Signed-off-by: Marek Vasut<marex@denx.de>
>>> ---
>>>
>>> common/image-fit.c | 5 +++++
>>> include/image.h | 15 ++++++++++++++-
>>> tools/Makefile | 2 ++
>>> 3 files changed, 21 insertions(+), 1 deletion(-)
>>
>> seems I posted similiar patches ... you find them here:
>
> Nice, thanks for bringing this up. Please review my series and check if there's
> possibly something interesting in that you might pull out into yours.
I think, all your changes are also in my patchseries ...
> Otherwise, I'm all for applying your , since you also added rsa4096.
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash
2014-02-10 6:35 ` Heiko Schocher
@ 2014-02-12 10:46 ` Marek Vasut
0 siblings, 0 replies; 13+ messages in thread
From: Marek Vasut @ 2014-02-12 10:46 UTC (permalink / raw)
To: u-boot
On Monday, February 10, 2014 at 07:35:44 AM, Heiko Schocher wrote:
> Hello Marek,
>
> Am 08.02.2014 15:18, schrieb Marek Vasut:
> > On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote:
> >> Hello Marek,
> >>
> >> Am 06.02.2014 04:47, schrieb Marek Vasut:
> >>> This patch adds support for SHA-256 hash into the FIT image. The usage
> >>> is as with the other hashing algorithms:
> >>>
> >>> "
> >>>
> >>> hash at 1 {
> >>>
> >>> algo = "sha256";
> >>>
> >>> };
> >>>
> >>> "
> >>>
> >>> Signed-off-by: Marek Vasut<marex@denx.de>
> >>> ---
> >>>
> >>> common/image-fit.c | 5 +++++
> >>> include/image.h | 15 ++++++++++++++-
> >>> tools/Makefile | 2 ++
> >>> 3 files changed, 21 insertions(+), 1 deletion(-)
> >>
> >> seems I posted similiar patches ... you find them here:
> > Nice, thanks for bringing this up. Please review my series and check if
> > there's possibly something interesting in that you might pull out into
> > yours.
>
> I think, all your changes are also in my patchseries ...
OK, thanks!
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash
2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut
@ 2014-02-15 23:31 ` Simon Glass
2014-03-05 18:12 ` Marek Vasut
0 siblings, 1 reply; 13+ messages in thread
From: Simon Glass @ 2014-02-15 23:31 UTC (permalink / raw)
To: u-boot
Hi Marek,
On 5 February 2014 20:47, Marek Vasut <marex@denx.de> wrote:
> Add support for "sha256,rsa2048" signature. This patch utilises the previously
> laid groundwork for adding other hashes.
>
> Signed-off-by: Marek Vasut <marex@denx.de>
Does this conflict with Heiko's patch or is it the same?
Regards,
Simon
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash
2014-02-15 23:31 ` Simon Glass
@ 2014-03-05 18:12 ` Marek Vasut
0 siblings, 0 replies; 13+ messages in thread
From: Marek Vasut @ 2014-03-05 18:12 UTC (permalink / raw)
To: u-boot
On Sunday, February 16, 2014 at 12:31:53 AM, Simon Glass wrote:
> Hi Marek,
>
> On 5 February 2014 20:47, Marek Vasut <marex@denx.de> wrote:
> > Add support for "sha256,rsa2048" signature. This patch utilises the
> > previously laid groundwork for adding other hashes.
> >
> > Signed-off-by: Marek Vasut <marex@denx.de>
>
> Does this conflict with Heiko's patch or is it the same?
Heiko's patchset is superior, so I drop this one please.
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2014-03-05 18:12 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut
2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut
2014-02-06 12:18 ` Wolfgang Denk
2014-02-06 19:40 ` Marek Vasut
2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut
2014-02-15 23:31 ` Simon Glass
2014-03-05 18:12 ` Marek Vasut
2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher
2014-02-08 14:18 ` Marek Vasut
2014-02-10 6:35 ` Heiko Schocher
2014-02-12 10:46 ` Marek Vasut
2014-02-06 12:17 ` Wolfgang Denk
2014-02-08 14:17 ` Marek Vasut
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.