* [PATCH v4 0/1] rsa: adds rsa3072 algorithm
@ 2022-01-19 8:23 Jamin Lin
2022-01-19 8:23 ` [PATCH v4 1/1] " Jamin Lin
0 siblings, 1 reply; 4+ messages in thread
From: Jamin Lin @ 2022-01-19 8:23 UTC (permalink / raw)
To: Simon Glass, Alexandru Gagniuc, Philippe Reynes, Thomas Perrot,
Sean Anderson, open list
Cc: troy_lee, steven_lee
Add to support rsa 3072 bits algorithm in tools
for make-image signing at host side and add rsa 3072
bits verification in the image binary.
v4:
- Fix vboot test failed for sha384 with rsa3072
v3:
- Fix typo
- Add test case in vboot for rsa3072 testing
v2:
- update to send a single patch
Jamin Lin (1):
rsa: adds rsa3072 algorithm
configs/sandbox_defconfig | 1 +
include/u-boot/rsa.h | 1 +
lib/rsa/rsa-verify.c | 6 +++
test/py/tests/test_vboot.py | 12 +++++-
test/py/tests/vboot/sign-configs-sha384.its | 45 +++++++++++++++++++++
test/py/tests/vboot/sign-images-sha384.its | 42 +++++++++++++++++++
tools/image-sig-host.c | 7 ++++
7 files changed, 112 insertions(+), 2 deletions(-)
create mode 100644 test/py/tests/vboot/sign-configs-sha384.its
create mode 100644 test/py/tests/vboot/sign-images-sha384.its
--
2.17.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v4 1/1] rsa: adds rsa3072 algorithm
2022-01-19 8:23 [PATCH v4 0/1] rsa: adds rsa3072 algorithm Jamin Lin
@ 2022-01-19 8:23 ` Jamin Lin
2022-01-27 15:05 ` Simon Glass
2022-01-29 18:49 ` Tom Rini
0 siblings, 2 replies; 4+ messages in thread
From: Jamin Lin @ 2022-01-19 8:23 UTC (permalink / raw)
To: Simon Glass, Alexandru Gagniuc, Philippe Reynes, Thomas Perrot,
Sean Anderson, open list
Cc: troy_lee, steven_lee
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.
Add test case in vboot for sha384 with rsa3072 algorithm testing.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
---
configs/sandbox_defconfig | 1 +
include/u-boot/rsa.h | 1 +
lib/rsa/rsa-verify.c | 6 +++
test/py/tests/test_vboot.py | 12 +++++-
test/py/tests/vboot/sign-configs-sha384.its | 45 +++++++++++++++++++++
test/py/tests/vboot/sign-images-sha384.its | 42 +++++++++++++++++++
tools/image-sig-host.c | 7 ++++
7 files changed, 112 insertions(+), 2 deletions(-)
create mode 100644 test/py/tests/vboot/sign-configs-sha384.its
create mode 100644 test/py/tests/vboot/sign-images-sha384.its
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 4f413582fb..6686085d2c 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -312,3 +312,4 @@ CONFIG_TEST_FDTDEC=y
CONFIG_UNIT_TEST=y
CONFIG_UT_TIME=y
CONFIG_UT_DM=y
+CONFIG_SHA384=y
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 7556aa5b4b..bb56c2243c 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -110,6 +110,7 @@ int padding_pss_verify(struct image_sign_info *info,
#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
#define RSA2048_BYTES (2048 / 8)
+#define RSA3072_BYTES (3072 / 8)
#define RSA4096_BYTES (4096 / 8)
/* This is the minimum/maximum key size we support, in bits */
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 83f7564101..4fe487d7e5 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -588,6 +588,12 @@ U_BOOT_CRYPTO_ALGO(rsa2048) = {
.verify = rsa_verify,
};
+U_BOOT_CRYPTO_ALGO(rsa3072) = {
+ .name = "rsa3072",
+ .key_len = RSA3072_BYTES,
+ .verify = rsa_verify,
+};
+
U_BOOT_CRYPTO_ALGO(rsa4096) = {
.name = "rsa4096",
.key_len = RSA4096_BYTES,
diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index 095e00cce3..b080d482af 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -45,6 +45,8 @@ TESTDATA = [
['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False],
['sha256-pss-required', 'sha256', '-pss', None, True, False],
['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True],
+ ['sha384-basic', 'sha384', '', None, False, False],
+ ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False],
]
@pytest.mark.boardspec('sandbox')
@@ -180,10 +182,16 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
name: Name of of the key (e.g. 'dev')
"""
public_exponent = 65537
+
+ if sha_algo == "sha384":
+ rsa_keygen_bits = 3072
+ else:
+ rsa_keygen_bits = 2048
+
util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %s%s.key '
- '-pkeyopt rsa_keygen_bits:2048 '
+ '-pkeyopt rsa_keygen_bits:%d '
'-pkeyopt rsa_keygen_pubexp:%d' %
- (tmpdir, name, public_exponent))
+ (tmpdir, name, rsa_keygen_bits, public_exponent))
# Create a certificate containing the public key
util.run_and_log(cons, 'openssl req -batch -new -x509 -key %s%s.key '
diff --git a/test/py/tests/vboot/sign-configs-sha384.its b/test/py/tests/vboot/sign-configs-sha384.its
new file mode 100644
index 0000000000..2869401991
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha384.its
@@ -0,0 +1,45 @@
+/dts-v1/;
+
+/ {
+ description = "Chrome OS kernel image with one or more FDT blobs";
+ #address-cells = <1>;
+
+ images {
+ kernel {
+ data = /incbin/("test-kernel.bin");
+ type = "kernel_noload";
+ arch = "sandbox";
+ os = "linux";
+ compression = "none";
+ load = <0x4>;
+ entry = <0x8>;
+ kernel-version = <1>;
+ hash-1 {
+ algo = "sha384";
+ };
+ };
+ fdt-1 {
+ description = "snow";
+ data = /incbin/("sandbox-kernel.dtb");
+ type = "flat_dt";
+ arch = "sandbox";
+ compression = "none";
+ fdt-version = <1>;
+ hash-1 {
+ algo = "sha384";
+ };
+ };
+ };
+ configurations {
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
+ signature {
+ algo = "sha384,rsa3072";
+ key-name-hint = "dev";
+ sign-images = "fdt", "kernel";
+ };
+ };
+ };
+};
diff --git a/test/py/tests/vboot/sign-images-sha384.its b/test/py/tests/vboot/sign-images-sha384.its
new file mode 100644
index 0000000000..be1a9a653c
--- /dev/null
+++ b/test/py/tests/vboot/sign-images-sha384.its
@@ -0,0 +1,42 @@
+/dts-v1/;
+
+/ {
+ description = "Chrome OS kernel image with one or more FDT blobs";
+ #address-cells = <1>;
+
+ images {
+ kernel {
+ data = /incbin/("test-kernel.bin");
+ type = "kernel_noload";
+ arch = "sandbox";
+ os = "linux";
+ compression = "none";
+ load = <0x4>;
+ entry = <0x8>;
+ kernel-version = <1>;
+ signature {
+ algo = "sha384,rsa3072";
+ key-name-hint = "dev";
+ };
+ };
+ fdt-1 {
+ description = "snow";
+ data = /incbin/("sandbox-kernel.dtb");
+ type = "flat_dt";
+ arch = "sandbox";
+ compression = "none";
+ fdt-version = <1>;
+ signature {
+ algo = "sha384,rsa3072";
+ key-name-hint = "dev";
+ };
+ };
+ };
+ configurations {
+ default = "conf-1";
+ conf-1 {
+ kernel = "kernel";
+ fdt = "fdt-1";
+ };
+ };
+};
diff --git a/tools/image-sig-host.c b/tools/image-sig-host.c
index 8ed6998dab..d0133aec4c 100644
--- a/tools/image-sig-host.c
+++ b/tools/image-sig-host.c
@@ -55,6 +55,13 @@ struct crypto_algo crypto_algos[] = {
.add_verify_data = rsa_add_verify_data,
.verify = rsa_verify,
},
+ {
+ .name = "rsa3072",
+ .key_len = RSA3072_BYTES,
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
+ },
{
.name = "rsa4096",
.key_len = RSA4096_BYTES,
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v4 1/1] rsa: adds rsa3072 algorithm
2022-01-19 8:23 ` [PATCH v4 1/1] " Jamin Lin
@ 2022-01-27 15:05 ` Simon Glass
2022-01-29 18:49 ` Tom Rini
1 sibling, 0 replies; 4+ messages in thread
From: Simon Glass @ 2022-01-27 15:05 UTC (permalink / raw)
To: Jamin Lin
Cc: Alexandru Gagniuc, Philippe Reynes, Thomas Perrot, Sean Anderson,
open list, troy_lee, steven_lee
On Wed, 19 Jan 2022 at 01:23, Jamin Lin <jamin_lin@aspeedtech.com> wrote:
>
> Add to support rsa 3072 bits algorithm in tools
> for image sign at host side and adds rsa 3072 bits
> verification in the image binary.
>
> Add test case in vboot for sha384 with rsa3072 algorithm testing.
>
> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
> ---
> configs/sandbox_defconfig | 1 +
> include/u-boot/rsa.h | 1 +
> lib/rsa/rsa-verify.c | 6 +++
> test/py/tests/test_vboot.py | 12 +++++-
> test/py/tests/vboot/sign-configs-sha384.its | 45 +++++++++++++++++++++
> test/py/tests/vboot/sign-images-sha384.its | 42 +++++++++++++++++++
> tools/image-sig-host.c | 7 ++++
> 7 files changed, 112 insertions(+), 2 deletions(-)
> create mode 100644 test/py/tests/vboot/sign-configs-sha384.its
> create mode 100644 test/py/tests/vboot/sign-images-sha384.its
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v4 1/1] rsa: adds rsa3072 algorithm
2022-01-19 8:23 ` [PATCH v4 1/1] " Jamin Lin
2022-01-27 15:05 ` Simon Glass
@ 2022-01-29 18:49 ` Tom Rini
1 sibling, 0 replies; 4+ messages in thread
From: Tom Rini @ 2022-01-29 18:49 UTC (permalink / raw)
To: Jamin Lin
Cc: Simon Glass, Alexandru Gagniuc, Philippe Reynes, Thomas Perrot,
Sean Anderson, open list, troy_lee, steven_lee
[-- Attachment #1: Type: text/plain, Size: 432 bytes --]
On Wed, Jan 19, 2022 at 04:23:21PM +0800, Jamin Lin wrote:
> Add to support rsa 3072 bits algorithm in tools
> for image sign at host side and adds rsa 3072 bits
> verification in the image binary.
>
> Add test case in vboot for sha384 with rsa3072 algorithm testing.
>
> Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-01-29 18:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-19 8:23 [PATCH v4 0/1] rsa: adds rsa3072 algorithm Jamin Lin
2022-01-19 8:23 ` [PATCH v4 1/1] " Jamin Lin
2022-01-27 15:05 ` Simon Glass
2022-01-29 18:49 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.