All of lore.kernel.org
 help / color / mirror / Atom feed
From: Simon Glass <sjg@chromium.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [RFC 3/3] lib: rsa: add rsa_verify_with_pkey()
Date: Sun, 27 Oct 2019 10:31:59 -0600	[thread overview]
Message-ID: <CAPnjgZ20SUCptFy82N73GwfTN7K-1h+hiToTG8joHV3ERnM=AA@mail.gmail.com> (raw)
In-Reply-To: <20191023054405.GC10448@linaro.org>

Hi Takahiro,

On Tue, 22 Oct 2019 at 23:43, AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
>
> On Tue, Oct 22, 2019 at 07:50:20AM -0600, Simon Glass wrote:
> > Hi Takahiro,
> >
> > On Tue, 17 Sep 2019 at 20:59, AKASHI Takahiro
> > <takahiro.akashi@linaro.org> wrote:
> > >
> > > Simon,
> > >
> > > Overall, do you agree to my approach here?
> > >
> > > On Mon, Sep 16, 2019 at 10:48:07PM -0700, Simon Glass wrote:
> > > > Hi AKASHI,
> > > >
> > > > On Fri, 6 Sep 2019 at 00:06, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote:
> > > > >
> > > > > This function, and hence rsa_verify(), will perform RSA verification
> > > > > with two essential parameters for a RSA public key in contract of
> > > > > rsa_verify_with_keynode(), which requires additional three parameters
> > > > > stored in FIT image.
> > > > >
> > > > > It will be used in implementing UEFI secure boot, i.e. image authentication
> > > > > and variable authentication.
> > > > >
> > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > > > > ---
> > > > >  lib/rsa/Kconfig      |  7 +++++
> > > > >  lib/rsa/Makefile     |  3 ++-
> > > > >  lib/rsa/rsa-verify.c | 63 ++++++++++++++++++++++++++++++++++++++------
> > > > >  3 files changed, 64 insertions(+), 9 deletions(-)
> > > > >
> > > > > diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> > > > > index 338c8124da59..3c1986a26f8c 100644
> > > > > --- a/lib/rsa/Kconfig
> > > > > +++ b/lib/rsa/Kconfig
> > > > > @@ -25,6 +25,13 @@ config RSA_VERIFY
> > > > >         help
> > > > >           Add RSA signature verification support.
> > > > >
> > > > > +config RSA_VERIFY_WITH_PKEY
> > > > > +       bool "Execute RSA verification without key parameters from FDT"
> > > > > +       depends on RSA
> > > > > +       help
> > > > > +         This options enables RSA signature verification without
> > > > > +         using public key parameters which is embedded control FDT.
> > > >
> > > > Please expand this, a lot. It is too brief.
> > >
> > > Will add more description.
> > >
> > > > > +
> > > > >  config RSA_SOFTWARE_EXP
> > > > >         bool "Enable driver for RSA Modular Exponentiation in software"
> > > > >         depends on DM
> > > > > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
> > > > > index d66eef74c514..fd4592fd6a8a 100644
> > > > > --- a/lib/rsa/Makefile
> > > > > +++ b/lib/rsa/Makefile
> > > > > @@ -5,5 +5,6 @@
> > > > >  # (C) Copyright 2000-2007
> > > > >  # Wolfgang Denk, DENX Software Engineering, wd at denx.de.
> > > > >
> > > > > -obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o rsa-keyprop.o
> > > > > +obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o
> > > > > +obj-$(CONFIG_RSA_VERIFY_WITH_PKEY) += rsa-keyprop.o
> > > > >  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
> > > > > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> > > > > index 287fcc4d234d..80eabff3e940 100644
> > > > > --- a/lib/rsa/rsa-verify.c
> > > > > +++ b/lib/rsa/rsa-verify.c
> > > > > @@ -17,9 +17,14 @@
> > > > >  #include "mkimage.h"
> > > > >  #include <fdt_support.h>
> > > > >  #endif
> > > > > +#include <linux/kconfig.h>
> > > > >  #include <u-boot/rsa-mod-exp.h>
> > > > >  #include <u-boot/rsa.h>
> > > > >
> > > > > +#ifndef __UBOOT__ /* for host tools */
> > > > > +#undef CONFIG_RSA_VERIFY_WITH_PKEY
> > > > > +#endif
> > > > > +
> > > > >  /* Default public exponent for backward compatibility */
> > > > >  #define RSA_DEFAULT_PUBEXP     65537
> > > > >
> > > > > @@ -342,6 +347,34 @@ static int rsa_verify_key(struct image_sign_info *info,
> > > > >         return 0;
> > > > >  }
> > > > >
> > > > > +#ifdef CONFIG_RSA_VERIFY_WITH_PKEY
> > > > > +/**
> > > > > + * rsa_verify_with_pkey()
> > > > > + *
> > > > > + */
> > > > > +static int rsa_verify_with_pkey(struct image_sign_info *info,
> > > > > +                               const void *hash, uint8_t *sig, uint sig_len)
> > > > > +{
> > > > > +       struct key_prop *prop;
> > > > > +       int ret;
> > > > > +
> > > > > +       /* Public key is self-described to fill key_prop */
> > > > > +       prop = rsa_gen_key_prop(info->key, info->keylen);
> > > > > +       if (!prop) {
> > > > > +               debug("Generating necessary parameter for decoding failed\n");
> > > > > +               return -EACCES;
> > > > > +       }
> > > > > +
> > > > > +       ret = rsa_verify_key(info, prop, sig, sig_len, hash,
> > > > > +                            info->crypto->key_len);
> > > > > +
> > > > > +       rsa_free_key_prop(prop);
> > > > > +
> > > > > +       return ret;
> > > > > +}
> > > > > +#endif
> > > > > +
> > > > > +#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
> > > > >  /**
> > > > >   * rsa_verify_with_keynode() - Verify a signature against some data using
> > > > >   * information in node with prperties of RSA Key like modulus, exponent etc.
> > > > > @@ -395,18 +428,21 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
> > > > >
> > > > >         return ret;
> > > > >  }
> > > > > +#endif
> > > > >
> > > > >  int rsa_verify(struct image_sign_info *info,
> > > > >                const struct image_region region[], int region_count,
> > > > >                uint8_t *sig, uint sig_len)
> > > > >  {
> > > > > -       const void *blob = info->fdt_blob;
> > > > >         /* Reserve memory for maximum checksum-length */
> > > > >         uint8_t hash[info->crypto->key_len];
> > > > > +       int ret = -EACCES;
> > > > > +#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
> >
> > Can you use if() instead of #if ?
>
> This code is for local variable declaration, and so changing as you suggested
> can be difficult. Or do you accept moving this stuff further down to the next
> "#if CONFIG_IS_ENABLED(FIT_SIGNATURE)":

Yes if you use if() then you don't need to #ifdef the variables.

> === 8< ===
> if (IS_ENABLED(CONFIG_RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
>         /* don't rely on fdt properties */
>                 ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
>
>                 return ret;
> }
>
> if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) {
>         /*
>          * declare variables here!
>          */
>         const void *blob = info->fdt_blob;
>         int ndepth, noffset;
>         int sig_node, node;
>         char name[100];
>
>         sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME);
>         if (sig_node < 0) {
>                 debug("%s: No signature node found\n", __func__);
>                 return -ENOENT;
>         }
>
>         /* See if we must use a particular key */
>         ...
> }
> === >8 ===
>
> Otherwise, we will have to introduce another function, rsa_verify_with_fdt?,
> just for this purpose.
>

Regards,
Simon

  reply	other threads:[~2019-10-27 16:31 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-06  7:08 [U-Boot] [RFC 0/3] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2019-09-06  7:08 ` [U-Boot] [RFC 1/3] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2019-09-06  7:39   ` Heinrich Schuchardt
2019-09-06  9:26     ` AKASHI Takahiro
2019-09-06  7:08 ` [U-Boot] [RFC 2/3] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2019-09-17  5:48   ` Simon Glass
2019-09-18  2:35     ` AKASHI Takahiro
2019-10-03  7:34   ` Ilias Apalodimas
2019-10-03  8:58     ` AKASHI Takahiro
2019-10-03 13:37       ` Heinrich Schuchardt
2019-09-06  7:08 ` [U-Boot] [RFC 3/3] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2019-09-17  5:48   ` Simon Glass
2019-09-18  3:03     ` AKASHI Takahiro
2019-10-03  5:48       ` AKASHI Takahiro
2019-10-22 13:50       ` Simon Glass
2019-10-23  5:44         ` AKASHI Takahiro
2019-10-27 16:31           ` Simon Glass [this message]
2019-10-28  0:43             ` AKASHI Takahiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPnjgZ20SUCptFy82N73GwfTN7K-1h+hiToTG8joHV3ERnM=AA@mail.gmail.com' \
    --to=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.