[U-Boot] [U-Boot v2] [PATCH] rsa: add a more flexible way to support different hash algorithms (e.g. sha256)

[U-Boot] [U-Boot v2] [PATCH] rsa: add a more flexible way to support different hash algorithms (e.g. sha256)

[andreas at oetken.name]

As proposed by Heiko I made some small changes and verified the patch with the
checkpatch-script.
?
?

[U-Boot] [U-Boot v2] [PATCH] rsa: add a more flexible way to support different hash algorithms (e.g. sha256)

[Heiko Schocher]

Hello Andreas,

Am 27.11.2013 13:10, schrieb andreas at oetken.name:
> As proposed by Heiko I made some small changes and verified the patch with the
> checkpatch-script.
>
>
>> From 169f40e72fceb222bb15dd59c1337f42371e97a5 Mon Sep 17 00:00:00 2001
> From: Andreas Oetken<andreas.oetken@siemens.com>
> Date: Wed, 27 Nov 2013 13:09:19 +0100
> Subject: [PATCH] Added rsa-sha256 support.

Could you fix your commit message?

Please write in the commit message why and what you have changed
in your patch. After "---" you can write for example the changelog
of your patch, see a detailed help for sending patches, here:

http://www.denx.de/wiki/U-Boot/Patches

> Signed-off-by: Andreas Oetken<andreas.oetken@siemens.com>
> ---
>   common/image-sig.c          |   33 +++++++++++++
>   include/image.h             |   20 +++++++-
>   include/rsa-checksum.h      |   25 ++++++++++
>   include/rsa.h               |   17 +++++++
>   lib/rsa/Makefile            |    2 +-
>   lib/rsa/rsa-checksum.c      |  108 +++++++++++++++++++++++++++++++++++++++++++
>   lib/rsa/rsa-sign.c          |   10 ++--
>   lib/rsa/rsa-verify.c        |   80 +++++++++-----------------------
>   test/vboot/sign-configs.its |    2 +-
>   test/vboot/sign-images.its  |    2 +-
>   10 files changed, 233 insertions(+), 66 deletions(-)
>   create mode 100644 include/rsa-checksum.h
>   create mode 100644 lib/rsa/rsa-checksum.c

Hmm.. I tried to apply your patch, but I get:

pollux:u-boot hs [20131202] $ git am mbox
Wende an: rsa: add a more flexible way to support different hash algorithms (e.g. sha256)
fatal: fehlerhafter Patch bei Zeile 24
Anwendung des Patches fehlgeschlagen bei 0001 rsa: add a more flexible way to support different hash algorithms (e.g. sha256)
Die Kopie des fehlgeschlagenen Patches befindet sich in:
    /home/hs/ids/u-boot/.git/rebase-apply/patch
Wenn Sie das Problem gel?st haben, f?hren Sie "git am --resolved" aus.
Falls Sie diesen Patch auslassen m?chten, f?hren Sie stattdessen
"git am --skip" aus.
Um den urspr?nglichen Zweig wiederherzustellen und die Anwendung der
Patches abzubrechen, f?hren Sie "git am --abort" aus.
pollux:u-boot hs [20131202] $ git am --abort
pollux:u-boot hs [20131202] $ vi mbox
pollux:u-boot hs [20131202] $ patch -p1 < mbox
patching file common/image-sig.c
patch: **** malformed patch at line 49:  #endif /* !USE_HOSTCC*/

pollux:u-boot hs [20131202] $

Can you have a look@this issue?

Beside of that, just some nitpicking comment:

[...]
> diff --git a/include/rsa.h b/include/rsa.h
> index add4c78..12ae443 100644
> --- a/include/rsa.h
> +++ b/include/rsa.h
> @@ -15,6 +15,23 @@
>   #include<errno.h>
>   #include<image.h>
>
> +#define RSA2048_BYTES  (2048 / 8)
> +
> +/**
> + * struct rsa_public_key - holder for a public key
> + *
> + * An RSA public key consists of a modulus (typically called N), the inverse
> + * and R^2, where R is 2^(# key bits).
> + */
> +
> +struct rsa_public_key {
> +       uint len;               /* Length of modulus[] in number of uint32_t */
> +       uint32_t n0inv;         /* -1 / modulus[0] mod 2^32 */
> +       uint32_t *modulus;      /* modulus as little endian array */
> +       uint32_t *rr;           /* R^2 as little endian array */
> +};
> +
> +

only one empty line please.

>   #if IMAGE_ENABLE_SIGN
>   /**
>    * sign() - calculate and return signature for given input data
[...]
> diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
> new file mode 100644
> index 0000000..e75abb8
> --- /dev/null
> +++ b/lib/rsa/rsa-checksum.c
> @@ -0,0 +1,108 @@
> +/*
> + * Copyright (c) 2013, Andreas Oetken.
> + *
> + * SPDX-License-Identifier:    GPL-2.0+
> + */
> +
> +#include<common.h>
> +#include<fdtdec.h>
> +#include<rsa.h>
> +#include<sha1.h>
> +#include<sha256.h>
> +#include<asm/byteorder.h>
> +#include<asm/errno.h>
> +#include<asm/unaligned.h>
> +
> +

only one empty line please.

> +/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
> +
> +

here too.. please fix globally.

[...]

bye,
Heiko
-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[U-Boot] [U-Boot v2] [PATCH] rsa: add a more flexible way to support different hash algorithms (e.g. sha256)

[Simon Glass]

Hi,

On 1 December 2013 23:10, Heiko Schocher <hs@denx.de> wrote:
> Hello Andreas,
>
> Am 27.11.2013 13:10, schrieb andreas at oetken.name:
>
>> As proposed by Heiko I made some small changes and verified the patch with
>> the
>> checkpatch-script.

You can also use patman to generate, check and send your patch if you like.

I couldn't apply it due to the problems Heiko mentioned, but it looks
promising. One I think I wonder if whether you could use the existing
infrastructure in common/hash.c to select the hash algorithm?

Regards,
Simon

>>
>>
>>> From 169f40e72fceb222bb15dd59c1337f42371e97a5 Mon Sep 17 00:00:00 2001
>>
>> From: Andreas Oetken<andreas.oetken@siemens.com>
>> Date: Wed, 27 Nov 2013 13:09:19 +0100
>> Subject: [PATCH] Added rsa-sha256 support.
>
>
> Could you fix your commit message?
>
> Please write in the commit message why and what you have changed
> in your patch. After "---" you can write for example the changelog
> of your patch, see a detailed help for sending patches, here:
>
> http://www.denx.de/wiki/U-Boot/Patches
>
>
>> Signed-off-by: Andreas Oetken<andreas.oetken@siemens.com>
>> ---
>>   common/image-sig.c          |   33 +++++++++++++
>>   include/image.h             |   20 +++++++-
>>   include/rsa-checksum.h      |   25 ++++++++++
>>   include/rsa.h               |   17 +++++++
>>   lib/rsa/Makefile            |    2 +-
>>   lib/rsa/rsa-checksum.c      |  108
>> +++++++++++++++++++++++++++++++++++++++++++
>>   lib/rsa/rsa-sign.c          |   10 ++--
>>   lib/rsa/rsa-verify.c        |   80 +++++++++-----------------------
>>   test/vboot/sign-configs.its |    2 +-
>>   test/vboot/sign-images.its  |    2 +-
>>   10 files changed, 233 insertions(+), 66 deletions(-)
>>   create mode 100644 include/rsa-checksum.h
>>   create mode 100644 lib/rsa/rsa-checksum.c
>
>
> Hmm.. I tried to apply your patch, but I get:
>
> pollux:u-boot hs [20131202] $ git am mbox
> Wende an: rsa: add a more flexible way to support different hash algorithms
> (e.g. sha256)
> fatal: fehlerhafter Patch bei Zeile 24
> Anwendung des Patches fehlgeschlagen bei 0001 rsa: add a more flexible way
> to support different hash algorithms (e.g. sha256)
> Die Kopie des fehlgeschlagenen Patches befindet sich in:
>    /home/hs/ids/u-boot/.git/rebase-apply/patch
> Wenn Sie das Problem gel?st haben, f?hren Sie "git am --resolved" aus.
> Falls Sie diesen Patch auslassen m?chten, f?hren Sie stattdessen
> "git am --skip" aus.
> Um den urspr?nglichen Zweig wiederherzustellen und die Anwendung der
> Patches abzubrechen, f?hren Sie "git am --abort" aus.
> pollux:u-boot hs [20131202] $ git am --abort
> pollux:u-boot hs [20131202] $ vi mbox
> pollux:u-boot hs [20131202] $ patch -p1 < mbox
> patching file common/image-sig.c
> patch: **** malformed patch at line 49:  #endif /* !USE_HOSTCC*/
>
> pollux:u-boot hs [20131202] $
>
> Can you have a look at this issue?
>
> Beside of that, just some nitpicking comment:
>
> [...]
>
>> diff --git a/include/rsa.h b/include/rsa.h
>> index add4c78..12ae443 100644
>> --- a/include/rsa.h
>> +++ b/include/rsa.h
>> @@ -15,6 +15,23 @@
>>   #include<errno.h>
>>   #include<image.h>
>>
>> +#define RSA2048_BYTES  (2048 / 8)
>> +
>> +/**
>> + * struct rsa_public_key - holder for a public key
>> + *
>> + * An RSA public key consists of a modulus (typically called N), the
>> inverse
>> + * and R^2, where R is 2^(# key bits).
>> + */
>> +
>> +struct rsa_public_key {
>> +       uint len;               /* Length of modulus[] in number of
>> uint32_t */
>> +       uint32_t n0inv;         /* -1 / modulus[0] mod 2^32 */
>> +       uint32_t *modulus;      /* modulus as little endian array */
>> +       uint32_t *rr;           /* R^2 as little endian array */
>> +};
>> +
>> +
>
>
> only one empty line please.
>
>
>>   #if IMAGE_ENABLE_SIGN
>>   /**
>>    * sign() - calculate and return signature for given input data
>
> [...]
>
>> diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c
>> new file mode 100644
>> index 0000000..e75abb8
>> --- /dev/null
>> +++ b/lib/rsa/rsa-checksum.c
>> @@ -0,0 +1,108 @@
>> +/*
>> + * Copyright (c) 2013, Andreas Oetken.
>> + *
>> + * SPDX-License-Identifier:    GPL-2.0+
>> + */
>> +
>> +#include<common.h>
>> +#include<fdtdec.h>
>> +#include<rsa.h>
>> +#include<sha1.h>
>> +#include<sha256.h>
>> +#include<asm/byteorder.h>
>> +#include<asm/errno.h>
>> +#include<asm/unaligned.h>
>> +
>> +
>
>
> only one empty line please.
>
>
>> +/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */
>> +
>> +
>
>
> here too.. please fix globally.
>
> [...]
>
> bye,
> Heiko
> --
> DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany