* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash @ 2014-02-06 3:47 Marek Vasut 2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut ` (3 more replies) 0 siblings, 4 replies; 13+ messages in thread From: Marek Vasut @ 2014-02-06 3:47 UTC (permalink / raw) To: u-boot This patch adds support for SHA-256 hash into the FIT image. The usage is as with the other hashing algorithms: " hash at 1 { algo = "sha256"; }; " Signed-off-by: Marek Vasut <marex@denx.de> --- common/image-fit.c | 5 +++++ include/image.h | 15 ++++++++++++++- tools/Makefile | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/common/image-fit.c b/common/image-fit.c index cf4b67e..a7ecf8b 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -22,6 +22,7 @@ DECLARE_GLOBAL_DATA_PTR; #include <bootstage.h> #include <sha1.h> +#include <sha256.h> #include <u-boot/crc.h> #include <u-boot/md5.h> @@ -882,6 +883,10 @@ int calculate_hash(const void *data, int data_len, const char *algo, sha1_csum_wd((unsigned char *)data, data_len, (unsigned char *)value, CHUNKSZ_SHA1); *value_len = 20; + } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) { + sha256_csum_wd((unsigned char *)data, data_len, + (unsigned char *)value, CHUNKSZ_SHA256); + *value_len = 32; } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5); *value_len = 16; diff --git a/include/image.h b/include/image.h index 7de2bb2..e5c76e7 100644 --- a/include/image.h +++ b/include/image.h @@ -57,13 +57,18 @@ struct lmb; # ifdef CONFIG_SPL_SHA1_SUPPORT # define IMAGE_ENABLE_SHA1 1 # endif +# ifdef CONFIG_SPL_SHA256_SUPPORT +# define IMAGE_ENABLE_SHA256 1 +# endif # else # define CONFIG_CRC32 /* FIT images need CRC32 support */ # define CONFIG_MD5 /* and MD5 */ # define CONFIG_SHA1 /* and SHA1 */ +# define CONFIG_SHA256 /* and SHA256 */ # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 # define IMAGE_ENABLE_SHA1 1 +# define IMAGE_ENABLE_SHA256 1 # endif #ifndef IMAGE_ENABLE_CRC32 @@ -78,6 +83,10 @@ struct lmb; #define IMAGE_ENABLE_SHA1 0 #endif +#ifndef IMAGE_ENABLE_SHA256 +#define IMAGE_ENABLE_SHA256 0 +#endif + #endif /* CONFIG_FIT */ #ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH @@ -345,6 +354,10 @@ extern bootm_headers_t images; #define CHUNKSZ_SHA1 (64 * 1024) #endif +#ifndef CHUNKSZ_SHA256 +#define CHUNKSZ_SHA256 (64 * 1024) +#endif + #define uimage_to_cpu(x) be32_to_cpu(x) #define cpu_to_uimage(x) cpu_to_be32(x) @@ -691,7 +704,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end); #define FIT_FDT_PROP "fdt" #define FIT_DEFAULT_PROP "default" -#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), sha256_len(32)) */ /* cmdline argument format parsing */ int fit_parse_conf(const char *spec, ulong addr_curr, diff --git a/tools/Makefile b/tools/Makefile index 328cea3..e025004 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -71,6 +71,7 @@ EXT_OBJ_FILES-y += common/image-sig.o EXT_OBJ_FILES-y += lib/crc32.o EXT_OBJ_FILES-y += lib/md5.o EXT_OBJ_FILES-y += lib/sha1.o +EXT_OBJ_FILES-y += lib/sha256.o # Source files located in the tools directory NOPED_OBJ_FILES-y += aisimage.o @@ -252,6 +253,7 @@ $(obj)mkimage$(SFX): $(obj)aisimage.o \ $(obj)os_support.o \ $(obj)pblimage.o \ $(obj)sha1.o \ + $(obj)sha256.o \ $(obj)ublimage.o \ $(LIBFDT_OBJS) \ $(RSA_OBJS) -- 1.8.5.3 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes 2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut @ 2014-02-06 3:47 ` Marek Vasut 2014-02-06 12:18 ` Wolfgang Denk 2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut ` (2 subsequent siblings) 3 siblings, 1 reply; 13+ messages in thread From: Marek Vasut @ 2014-02-06 3:47 UTC (permalink / raw) To: u-boot Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c . Each file now has a function which does the correct hashing operation instead of having the SHA-1 hashing operation hard-coded in the rest of the code. This makes adding a new hashing operating much easier and cleaner. Signed-off-by: Marek Vasut <marex@denx.de> --- lib/rsa/rsa-sign.c | 45 ++++++++++++++++++++++++-- lib/rsa/rsa-verify.c | 89 +++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 110 insertions(+), 24 deletions(-) diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 549130e..4e11720 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -15,6 +15,11 @@ #include <openssl/ssl.h> #include <openssl/evp.h> +enum rsa_hash_type { + RSA_HASH_SHA1, + RSA_HASH_UNKNOWN, +}; + #if OPENSSL_VERSION_NUMBER >= 0x10000000L #define HAVE_ERR_REMOVE_THREAD_STATE #endif @@ -159,7 +164,19 @@ static void rsa_remove(void) EVP_cleanup(); } -static int rsa_sign_with_key(RSA *rsa, const struct image_region region[], +static const EVP_MD *rsa_sign_get_hash(enum rsa_hash_type hash) +{ + switch (hash) { + case RSA_HASH_SHA1: + return EVP_sha1(); + default: /* This must never happen. */ + rsa_err("Invalid hash type!\n"); + exit(1); + }; +} + +static int rsa_sign_with_key(RSA *rsa, enum rsa_hash_type hash, + const struct image_region region[], int region_count, uint8_t **sigp, uint *sig_size) { EVP_PKEY *key; @@ -192,7 +209,7 @@ static int rsa_sign_with_key(RSA *rsa, const struct image_region region[], goto err_create; } EVP_MD_CTX_init(context); - if (!EVP_SignInit(context, EVP_sha1())) { + if (!EVP_SignInit(context, rsa_sign_get_hash(hash))) { ret = rsa_err("Signer setup failed"); goto err_sign; } @@ -228,12 +245,34 @@ err_set: return ret; } +static enum rsa_hash_type rsa_get_sha_type(struct image_sign_info *info) +{ + char *pos; + unsigned int hash_str_len; + + pos = strstr(info->algo->name, ","); + if (!pos) + return -EINVAL; + + hash_str_len = pos - info->algo->name; + + if (!strncmp(info->algo->name, "sha1", hash_str_len)) + return RSA_HASH_SHA1; + else + return RSA_HASH_UNKNOWN; +} + int rsa_sign(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t **sigp, uint *sig_len) { RSA *rsa; int ret; + enum rsa_hash_type hash; + + hash = rsa_get_sha_type(info); + if (hash == RSA_HASH_UNKNOWN) + return -EINVAL; ret = rsa_init(); if (ret) @@ -242,7 +281,7 @@ int rsa_sign(struct image_sign_info *info, ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa); if (ret) goto err_priv; - ret = rsa_sign_with_key(rsa, region, region_count, sigp, sig_len); + ret = rsa_sign_with_key(rsa, hash, region, region_count, sigp, sig_len); if (ret) goto err_sign; diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 02cc4e3..9617f8d 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -6,6 +6,7 @@ #include <common.h> #include <fdtdec.h> +#include <malloc.h> #include <rsa.h> #include <sha1.h> #include <asm/byteorder.h> @@ -209,10 +210,9 @@ static int pow_mod(const struct rsa_public_key *key, uint32_t *inout) } static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig, - const uint32_t sig_len, const uint8_t *hash) + const uint32_t sig_len, const uint8_t *hash, + const uint8_t *padding, int pad_len) { - const uint8_t *padding; - int pad_len; int ret; if (!key || !sig || !hash) @@ -238,10 +238,6 @@ static int rsa_verify_key(const struct rsa_public_key *key, const uint8_t *sig, if (ret) return ret; - /* Determine padding to use depending on the signature type. */ - padding = padding_sha1_rsa2048; - pad_len = RSA2048_BYTES - SHA1_SUM_LEN; - /* Check pkcs1.5 padding bytes. */ if (memcmp(buf, padding, pad_len)) { debug("In RSAVerify(): Padding check failed!\n"); @@ -266,7 +262,8 @@ static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src, int len) } static int rsa_verify_with_keynode(struct image_sign_info *info, - const void *hash, uint8_t *sig, uint sig_len, int node) + const void *hash, uint8_t *sig, uint sig_len, int node, + const uint8_t *padding, int pad_len) { const void *blob = info->fdt_blob; struct rsa_public_key key; @@ -309,7 +306,7 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, } debug("key length %d\n", key.len); - ret = rsa_verify_key(&key, sig, sig_len, hash); + ret = rsa_verify_key(&key, sig, sig_len, hash, padding, pad_len); if (ret) { printf("%s: RSA failed to verify: %d\n", __func__, ret); return ret; @@ -318,17 +315,64 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, return 0; } +static int +rsa_compute_hash_sha1(const struct image_region region[], int region_count, + uint8_t **out_hash) +{ + sha1_context ctx; + int i; + uint8_t *hash; + + hash = calloc(1, SHA1_SUM_LEN); + if (!hash) + return -ENOMEM; + + sha1_starts(&ctx); + for (i = 0; i < region_count; i++) + sha1_update(&ctx, region[i].data, region[i].size); + sha1_finish(&ctx, hash); + + *out_hash = hash; + + return 0; +} + +static int rsa_compute_hash(struct image_sign_info *info, + const struct image_region region[], int region_count, + uint8_t **out_hash, const uint8_t **padding, + int *pad_len) +{ + int len, ret; + const uint8_t *pad; + + if (!strcmp(info->algo->name, "sha1,rsa2048")) { + pad = padding_sha1_rsa2048; + len = RSA2048_BYTES - SHA1_SUM_LEN; + ret = rsa_compute_hash_sha1(region, region_count, out_hash); + } else { + ret = -EINVAL; + } + + if (!ret) { + *padding = pad; + *pad_len = len; + } + + return ret; +} + int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len) { const void *blob = info->fdt_blob; - uint8_t hash[SHA1_SUM_LEN]; + uint8_t *hash = NULL; int ndepth, noffset; int sig_node, node; char name[100]; - sha1_context ctx; - int ret, i; + const uint8_t *padding; + int pad_len; + int ret; sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME); if (sig_node < 0) { @@ -336,25 +380,26 @@ int rsa_verify(struct image_sign_info *info, return -ENOENT; } - sha1_starts(&ctx); - for (i = 0; i < region_count; i++) - sha1_update(&ctx, region[i].data, region[i].size); - sha1_finish(&ctx, hash); + ret = rsa_compute_hash(info, region, region_count, &hash, + &padding, &pad_len); + if (ret) + return ret; /* See if we must use a particular key */ if (info->required_keynode != -1) { ret = rsa_verify_with_keynode(info, hash, sig, sig_len, - info->required_keynode); + info->required_keynode, padding, pad_len); if (!ret) - return ret; + goto exit; } /* Look for a key that matches our hint */ snprintf(name, sizeof(name), "key-%s", info->keyname); node = fdt_subnode_offset(blob, sig_node, name); - ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node); + ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node, + padding, pad_len); if (!ret) - return ret; + goto exit; /* No luck, so try each of the keys in turn */ for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, &ndepth); @@ -362,11 +407,13 @@ int rsa_verify(struct image_sign_info *info, noffset = fdt_next_node(info->fit, noffset, &ndepth)) { if (ndepth == 1 && noffset != node) { ret = rsa_verify_with_keynode(info, hash, sig, sig_len, - noffset); + noffset, padding, pad_len); if (!ret) break; } } +exit: + free(hash); return ret; } -- 1.8.5.3 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes 2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut @ 2014-02-06 12:18 ` Wolfgang Denk 2014-02-06 19:40 ` Marek Vasut 0 siblings, 1 reply; 13+ messages in thread From: Wolfgang Denk @ 2014-02-06 12:18 UTC (permalink / raw) To: u-boot Dear Marek, In message <1391658426-24799-2-git-send-email-marex@denx.de> you wrote: > Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c . > Each file now has a function which does the correct hashing operation > instead of having the SHA-1 hashing operation hard-coded in the rest > of the code. This makes adding a new hashing operating much easier and > cleaner. ... > - noffset); > + noffset, padding, pad_len); Line too long. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de It is easier to write an incorrect program than understand a correct one. ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes 2014-02-06 12:18 ` Wolfgang Denk @ 2014-02-06 19:40 ` Marek Vasut 0 siblings, 0 replies; 13+ messages in thread From: Marek Vasut @ 2014-02-06 19:40 UTC (permalink / raw) To: u-boot On Thursday, February 06, 2014 at 01:18:31 PM, Wolfgang Denk wrote: > Dear Marek, > > In message <1391658426-24799-2-git-send-email-marex@denx.de> you wrote: > > Separate out the SHA1 code from the rsa-sign.c and rsa-verify.c . > > Each file now has a function which does the correct hashing operation > > instead of having the SHA-1 hashing operation hard-coded in the rest > > of the code. This makes adding a new hashing operating much easier and > > cleaner. > > ... > > > - noffset); > > + noffset, padding, pad_len); > > Line too long. I will need to cross-correlate this with Heiko's efforts, so there'll be V2 of either mine or his stuff. Thanks for the review though. Best regards, Marek Vasut ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash 2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut 2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut @ 2014-02-06 3:47 ` Marek Vasut 2014-02-15 23:31 ` Simon Glass 2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher 2014-02-06 12:17 ` Wolfgang Denk 3 siblings, 1 reply; 13+ messages in thread From: Marek Vasut @ 2014-02-06 3:47 UTC (permalink / raw) To: u-boot Add support for "sha256,rsa2048" signature. This patch utilises the previously laid groundwork for adding other hashes. Signed-off-by: Marek Vasut <marex@denx.de> --- common/image-sig.c | 8 +++++++- lib/rsa/rsa-sign.c | 5 +++++ lib/rsa/rsa-verify.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/common/image-sig.c b/common/image-sig.c index 973b06d..c3d63bc 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -23,7 +23,13 @@ struct image_sig_algo image_sig_algos[] = { rsa_sign, rsa_add_verify_data, rsa_verify, - } + }, + { + "sha256,rsa2048", + rsa_sign, + rsa_add_verify_data, + rsa_verify, + }, }; struct image_sig_algo *image_get_sig_algo(const char *name) diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 4e11720..f1167b1 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -17,6 +17,7 @@ enum rsa_hash_type { RSA_HASH_SHA1, + RSA_HASH_SHA256, RSA_HASH_UNKNOWN, }; @@ -169,6 +170,8 @@ static const EVP_MD *rsa_sign_get_hash(enum rsa_hash_type hash) switch (hash) { case RSA_HASH_SHA1: return EVP_sha1(); + case RSA_HASH_SHA256: + return EVP_sha256(); default: /* This must never happen. */ rsa_err("Invalid hash type!\n"); exit(1); @@ -258,6 +261,8 @@ static enum rsa_hash_type rsa_get_sha_type(struct image_sign_info *info) if (!strncmp(info->algo->name, "sha1", hash_str_len)) return RSA_HASH_SHA1; + else if (!strncmp(info->algo->name, "sha256", hash_str_len)) + return RSA_HASH_SHA256; else return RSA_HASH_UNKNOWN; } diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 9617f8d..67fb882 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -9,6 +9,7 @@ #include <malloc.h> #include <rsa.h> #include <sha1.h> +#include <sha256.h> #include <asm/byteorder.h> #include <asm/errno.h> #include <asm/unaligned.h> @@ -70,6 +71,37 @@ static const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = { 0x05, 0x00, 0x04, 0x14 }; +static const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = { + 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, + 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, +}; + /** * subtract_modulus() - subtract modulus from the given value * @@ -337,6 +369,28 @@ rsa_compute_hash_sha1(const struct image_region region[], int region_count, return 0; } +static int +rsa_compute_hash_sha256(const struct image_region region[], int region_count, + uint8_t **out_hash) +{ + sha256_context ctx; + int i; + uint8_t *hash; + + hash = calloc(1, SHA256_SUM_LEN); + if (!hash) + return -ENOMEM; + + sha256_starts(&ctx); + for (i = 0; i < region_count; i++) + sha256_update(&ctx, region[i].data, region[i].size); + sha256_finish(&ctx, hash); + + *out_hash = hash; + + return 0; +} + static int rsa_compute_hash(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t **out_hash, const uint8_t **padding, @@ -349,6 +403,10 @@ static int rsa_compute_hash(struct image_sign_info *info, pad = padding_sha1_rsa2048; len = RSA2048_BYTES - SHA1_SUM_LEN; ret = rsa_compute_hash_sha1(region, region_count, out_hash); + } else if (!strcmp(info->algo->name, "sha256,rsa2048")) { + pad = padding_sha256_rsa2048; + len = RSA2048_BYTES - SHA256_SUM_LEN; + ret = rsa_compute_hash_sha256(region, region_count, out_hash); } else { ret = -EINVAL; } -- 1.8.5.3 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash 2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut @ 2014-02-15 23:31 ` Simon Glass 2014-03-05 18:12 ` Marek Vasut 0 siblings, 1 reply; 13+ messages in thread From: Simon Glass @ 2014-02-15 23:31 UTC (permalink / raw) To: u-boot Hi Marek, On 5 February 2014 20:47, Marek Vasut <marex@denx.de> wrote: > Add support for "sha256,rsa2048" signature. This patch utilises the previously > laid groundwork for adding other hashes. > > Signed-off-by: Marek Vasut <marex@denx.de> Does this conflict with Heiko's patch or is it the same? Regards, Simon ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash 2014-02-15 23:31 ` Simon Glass @ 2014-03-05 18:12 ` Marek Vasut 0 siblings, 0 replies; 13+ messages in thread From: Marek Vasut @ 2014-03-05 18:12 UTC (permalink / raw) To: u-boot On Sunday, February 16, 2014 at 12:31:53 AM, Simon Glass wrote: > Hi Marek, > > On 5 February 2014 20:47, Marek Vasut <marex@denx.de> wrote: > > Add support for "sha256,rsa2048" signature. This patch utilises the > > previously laid groundwork for adding other hashes. > > > > Signed-off-by: Marek Vasut <marex@denx.de> > > Does this conflict with Heiko's patch or is it the same? Heiko's patchset is superior, so I drop this one please. Best regards, Marek Vasut ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash 2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut 2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut 2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut @ 2014-02-06 5:19 ` Heiko Schocher 2014-02-08 14:18 ` Marek Vasut 2014-02-06 12:17 ` Wolfgang Denk 3 siblings, 1 reply; 13+ messages in thread From: Heiko Schocher @ 2014-02-06 5:19 UTC (permalink / raw) To: u-boot Hello Marek, Am 06.02.2014 04:47, schrieb Marek Vasut: > This patch adds support for SHA-256 hash into the FIT image. The usage is > as with the other hashing algorithms: > > " > hash at 1 { > algo = "sha256"; > }; > " > > Signed-off-by: Marek Vasut<marex@denx.de> > --- > common/image-fit.c | 5 +++++ > include/image.h | 15 ++++++++++++++- > tools/Makefile | 2 ++ > 3 files changed, 21 insertions(+), 1 deletion(-) seems I posted similiar patches ... you find them here: [U-Boot,1/7] tools/image-host: fix sign-images bug http://patchwork.ozlabs.org/patch/314125/ [U-Boot,2/7] fdt: add "fdt sign" command http://patchwork.ozlabs.org/patch/314120/ [U-Boot,3/7] fit: add sha256 support http://patchwork.ozlabs.org/patch/314126/ [U-Boot,4/7] rsa: add sha256-rsa2048 algorithm http://patchwork.ozlabs.org/patch/314124/ [U-Boot,5/7] rsa: add sha256,rsa4096 algorithm http://patchwork.ozlabs.org/patch/314121/ I reworked the comments, except one is missing, and I can post "v2" Maybe you can try this patches? bye, Heiko -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash 2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher @ 2014-02-08 14:18 ` Marek Vasut 2014-02-10 6:35 ` Heiko Schocher 0 siblings, 1 reply; 13+ messages in thread From: Marek Vasut @ 2014-02-08 14:18 UTC (permalink / raw) To: u-boot On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote: > Hello Marek, > > Am 06.02.2014 04:47, schrieb Marek Vasut: > > This patch adds support for SHA-256 hash into the FIT image. The usage is > > as with the other hashing algorithms: > > > > " > > > > hash at 1 { > > > > algo = "sha256"; > > > > }; > > > > " > > > > Signed-off-by: Marek Vasut<marex@denx.de> > > --- > > > > common/image-fit.c | 5 +++++ > > include/image.h | 15 ++++++++++++++- > > tools/Makefile | 2 ++ > > 3 files changed, 21 insertions(+), 1 deletion(-) > > seems I posted similiar patches ... you find them here: Nice, thanks for bringing this up. Please review my series and check if there's possibly something interesting in that you might pull out into yours. Otherwise, I'm all for applying your , since you also added rsa4096. Best regards, Marek Vasut ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash 2014-02-08 14:18 ` Marek Vasut @ 2014-02-10 6:35 ` Heiko Schocher 2014-02-12 10:46 ` Marek Vasut 0 siblings, 1 reply; 13+ messages in thread From: Heiko Schocher @ 2014-02-10 6:35 UTC (permalink / raw) To: u-boot Hello Marek, Am 08.02.2014 15:18, schrieb Marek Vasut: > On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote: >> Hello Marek, >> >> Am 06.02.2014 04:47, schrieb Marek Vasut: >>> This patch adds support for SHA-256 hash into the FIT image. The usage is >>> as with the other hashing algorithms: >>> >>> " >>> >>> hash at 1 { >>> >>> algo = "sha256"; >>> >>> }; >>> >>> " >>> >>> Signed-off-by: Marek Vasut<marex@denx.de> >>> --- >>> >>> common/image-fit.c | 5 +++++ >>> include/image.h | 15 ++++++++++++++- >>> tools/Makefile | 2 ++ >>> 3 files changed, 21 insertions(+), 1 deletion(-) >> >> seems I posted similiar patches ... you find them here: > > Nice, thanks for bringing this up. Please review my series and check if there's > possibly something interesting in that you might pull out into yours. I think, all your changes are also in my patchseries ... > Otherwise, I'm all for applying your , since you also added rsa4096. bye, Heiko -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash 2014-02-10 6:35 ` Heiko Schocher @ 2014-02-12 10:46 ` Marek Vasut 0 siblings, 0 replies; 13+ messages in thread From: Marek Vasut @ 2014-02-12 10:46 UTC (permalink / raw) To: u-boot On Monday, February 10, 2014 at 07:35:44 AM, Heiko Schocher wrote: > Hello Marek, > > Am 08.02.2014 15:18, schrieb Marek Vasut: > > On Thursday, February 06, 2014 at 06:19:11 AM, Heiko Schocher wrote: > >> Hello Marek, > >> > >> Am 06.02.2014 04:47, schrieb Marek Vasut: > >>> This patch adds support for SHA-256 hash into the FIT image. The usage > >>> is as with the other hashing algorithms: > >>> > >>> " > >>> > >>> hash at 1 { > >>> > >>> algo = "sha256"; > >>> > >>> }; > >>> > >>> " > >>> > >>> Signed-off-by: Marek Vasut<marex@denx.de> > >>> --- > >>> > >>> common/image-fit.c | 5 +++++ > >>> include/image.h | 15 ++++++++++++++- > >>> tools/Makefile | 2 ++ > >>> 3 files changed, 21 insertions(+), 1 deletion(-) > >> > >> seems I posted similiar patches ... you find them here: > > Nice, thanks for bringing this up. Please review my series and check if > > there's possibly something interesting in that you might pull out into > > yours. > > I think, all your changes are also in my patchseries ... OK, thanks! Best regards, Marek Vasut ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash 2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut ` (2 preceding siblings ...) 2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher @ 2014-02-06 12:17 ` Wolfgang Denk 2014-02-08 14:17 ` Marek Vasut 3 siblings, 1 reply; 13+ messages in thread From: Wolfgang Denk @ 2014-02-06 12:17 UTC (permalink / raw) To: u-boot Dear Marek, In message <1391658426-24799-1-git-send-email-marex@denx.de> you wrote: > This patch adds support for SHA-256 hash into the FIT image. The usage is > as with the other hashing algorithms: ... > -#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ > +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), sha256_len(32)) */ Line too long. Please make sure to run your patches through checkpatch ! Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de I have made mistakes, but have never made the mistake of claiming I never made one. - James G. Bennet ^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash 2014-02-06 12:17 ` Wolfgang Denk @ 2014-02-08 14:17 ` Marek Vasut 0 siblings, 0 replies; 13+ messages in thread From: Marek Vasut @ 2014-02-08 14:17 UTC (permalink / raw) To: u-boot On Thursday, February 06, 2014 at 01:17:36 PM, Wolfgang Denk wrote: > Dear Marek, > > In message <1391658426-24799-1-git-send-email-marex@denx.de> you wrote: > > This patch adds support for SHA-256 hash into the FIT image. The usage is > > > as with the other hashing algorithms: > ... > > > -#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ > > +#define FIT_MAX_HASH_LEN 32 /* max(crc32_len(4), sha1_len(20), > > sha256_len(32)) */ > > Line too long. > > Please make sure to run your patches through checkpatch ! This is weird, since all my patches should be checked upon 'git commit' via hook. Thanks for bringing this up to my attention, I will verify that. Nonetheless, I would vouch for applying Heiko's patches instead. Best regards, Marek Vasut ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2014-03-05 18:12 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-02-06 3:47 [U-Boot] [PATCH 1/3] fit: Add support for SHA256 hash Marek Vasut 2014-02-06 3:47 ` [U-Boot] [PATCH 2/3] fit: rsa: Add groundwork to support other hashes Marek Vasut 2014-02-06 12:18 ` Wolfgang Denk 2014-02-06 19:40 ` Marek Vasut 2014-02-06 3:47 ` [U-Boot] [PATCH 3/3] fit: rsa: Add support for SHA256 hash Marek Vasut 2014-02-15 23:31 ` Simon Glass 2014-03-05 18:12 ` Marek Vasut 2014-02-06 5:19 ` [U-Boot] [PATCH 1/3] fit: " Heiko Schocher 2014-02-08 14:18 ` Marek Vasut 2014-02-10 6:35 ` Heiko Schocher 2014-02-12 10:46 ` Marek Vasut 2014-02-06 12:17 ` Wolfgang Denk 2014-02-08 14:17 ` Marek Vasut
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.