[U-Boot] [PATCH V4 1/7] rsa: use new openssl API to create signature

[U-Boot] [PATCH V4 1/7] rsa: use new openssl API to create signature

[Philippe Reynes]

Previous implementation of the rsa signature was using
the openssl API EVP_Sign*, but the new openssl API
EVP_DigestSign* is more flexible. So we move to this
new API.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 lib/rsa/rsa-sign.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

Changelog:
v4:
- remove Reviewed-by Clement Peron (added by mistake)
v3:
- no change
v2:
- no change

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 05ac67b..78e348e 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -393,7 +393,8 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
 {
 	EVP_PKEY *key;
 	EVP_MD_CTX *context;
-	int size, ret = 0;
+	int ret = 0;
+	size_t size;
 	uint8_t *sig;
 	int i;
 
@@ -409,7 +410,7 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
 	size = EVP_PKEY_size(key);
 	sig = malloc(size);
 	if (!sig) {
-		fprintf(stderr, "Out of memory for signature (%d bytes)\n",
+		fprintf(stderr, "Out of memory for signature (%zu bytes)\n",
 			size);
 		ret = -ENOMEM;
 		goto err_alloc;
@@ -421,22 +422,26 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
 		goto err_create;
 	}
 	EVP_MD_CTX_init(context);
-	if (!EVP_SignInit(context, checksum_algo->calculate_sign())) {
+	if (EVP_DigestSignInit(context, NULL,
+			       checksum_algo->calculate_sign(),
+			       NULL, key) <= 0) {
 		ret = rsa_err("Signer setup failed");
 		goto err_sign;
 	}
 
 	for (i = 0; i < region_count; i++) {
-		if (!EVP_SignUpdate(context, region[i].data, region[i].size)) {
+		if (!EVP_DigestSignUpdate(context, region[i].data,
+					  region[i].size)) {
 			ret = rsa_err("Signing data failed");
 			goto err_sign;
 		}
 	}
 
-	if (!EVP_SignFinal(context, sig, sig_size, key)) {
+	if (!EVP_DigestSignFinal(context, sig, &size)) {
 		ret = rsa_err("Could not obtain signature");
 		goto err_sign;
 	}
+
 	#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
 		(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
 		EVP_MD_CTX_cleanup(context);
@@ -446,7 +451,7 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
 	EVP_MD_CTX_destroy(context);
 	EVP_PKEY_free(key);
 
-	debug("Got signature: %d bytes, expected %d\n", *sig_size, size);
+	debug("Got signature: %d bytes, expected %zu\n", *sig_size, size);
 	*sigp = sig;
 	*sig_size = size;
 
-- 
2.7.4

[U-Boot] [PATCH V4 2/7] rsa: add a structure for the padding

[Philippe Reynes]

The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/image-fit.c   |  5 +++++
 common/image-sig.c   | 29 ++++++++++++++++++++++++++
 include/image.h      | 16 +++++++++++++++
 include/u-boot/rsa.h | 13 ++++++++++++
 lib/rsa/rsa-sign.c   | 15 +++++++++++---
 lib/rsa/rsa-verify.c | 57 ++++++++++++++++++++++++++++++++++------------------
 tools/image-host.c   |  4 ++++
 7 files changed, 116 insertions(+), 23 deletions(-)

Changelog:
v4:
- remove Reviewed-by Clement Peron (added by mistake)
v3:
- no change
v2:
- no change

diff --git a/common/image-fit.c b/common/image-fit.c
index 8d39a24..ac901e1 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -165,6 +165,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
 	uint8_t *value;
 	int value_len;
 	char *algo;
+	const char *padding;
 	int required;
 	int ret, i;
 
@@ -184,6 +185,10 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p,
 		printf(" (required)");
 	printf("\n");
 
+	padding = fdt_getprop(fit, noffset, "padding", NULL);
+	if (padding)
+		printf("%s  %s padding: %s\n", p, type, padding);
+
 	ret = fit_image_hash_get_value(fit, noffset, &value,
 				       &value_len);
 	printf("%s  %s value:   ", p, type);
diff --git a/common/image-sig.c b/common/image-sig.c
index 5a269d3..b7ca657 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -71,6 +71,13 @@ struct crypto_algo crypto_algos[] = {
 
 };
 
+struct padding_algo padding_algos[] = {
+	{
+		.name = "pkcs-1.5",
+		.verify = padding_pkcs_15_verify,
+	},
+};
+
 struct checksum_algo *image_get_checksum_algo(const char *full_name)
 {
 	int i;
@@ -106,6 +113,21 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name)
 	return NULL;
 }
 
+struct padding_algo *image_get_padding_algo(const char *name)
+{
+	int i;
+
+	if (!name)
+		return NULL;
+
+	for (i = 0; i < ARRAY_SIZE(padding_algos); i++) {
+		if (!strcmp(padding_algos[i].name, name))
+			return &padding_algos[i];
+	}
+
+	return NULL;
+}
+
 /**
  * fit_region_make_list() - Make a list of image regions
  *
@@ -155,6 +177,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
 		char **err_msgp)
 {
 	char *algo_name;
+	const char *padding_name;
 
 	if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) {
 		*err_msgp = "Total size too large";
@@ -165,6 +188,11 @@ static int fit_image_setup_verify(struct image_sign_info *info,
 		*err_msgp = "Can't get hash algo property";
 		return -1;
 	}
+
+	padding_name = fdt_getprop(fit, noffset, "padding", NULL);
+	if (!padding_name)
+		padding_name = RSA_DEFAULT_PADDING_NAME;
+
 	memset(info, '\0', sizeof(*info));
 	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
 	info->fit = (void *)fit;
@@ -172,6 +200,7 @@ static int fit_image_setup_verify(struct image_sign_info *info,
 	info->name = algo_name;
 	info->checksum = image_get_checksum_algo(algo_name);
 	info->crypto = image_get_crypto_algo(algo_name);
+	info->padding = image_get_padding_algo(padding_name);
 	info->fdt_blob = gd_fdt_blob();
 	info->required_keynode = required_keynode;
 	printf("%s:%s", algo_name, info->keyname);
diff --git a/include/image.h b/include/image.h
index 031c355..7fed0ae 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1100,6 +1100,7 @@ struct image_sign_info {
 	int node_offset;		/* Offset of signature node */
 	const char *name;		/* Algorithm name */
 	struct checksum_algo *checksum;	/* Checksum algorithm information */
+	struct padding_algo *padding;	/* Padding algorithm information */
 	struct crypto_algo *crypto;	/* Crypto algorithm information */
 	const void *fdt_blob;		/* FDT containing public keys */
 	int required_keynode;		/* Node offset of key to use: -1=any */
@@ -1185,6 +1186,13 @@ struct crypto_algo {
 		      uint8_t *sig, uint sig_len);
 };
 
+struct padding_algo {
+	const char *name;
+	int (*verify)(struct image_sign_info *info,
+		      uint8_t *pad, int pad_len,
+		      const uint8_t *hash, int hash_len);
+};
+
 /**
  * image_get_checksum_algo() - Look up a checksum algorithm
  *
@@ -1202,6 +1210,14 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name);
 struct crypto_algo *image_get_crypto_algo(const char *full_name);
 
 /**
+ * image_get_padding_algo() - Look up a padding algorithm
+ *
+ * @param name		Name of padding algorithm
+ * @return pointer to algorithm information, or NULL if not found
+ */
+struct padding_algo *image_get_padding_algo(const char *name);
+
+/**
  * fit_image_verify_required_sigs() - Verify signatures marked as 'required'
  *
  * @fit:		FIT to check
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 68bcb14..16b4c4c 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -97,6 +97,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
 int rsa_verify(struct image_sign_info *info,
 	       const struct image_region region[], int region_count,
 	       uint8_t *sig, uint sig_len);
+
+int padding_pkcs_15_verify(struct image_sign_info *info,
+			   uint8_t *msg, int msg_len,
+			   const uint8_t *hash, int hash_len);
 #else
 static inline int rsa_verify(struct image_sign_info *info,
 		const struct image_region region[], int region_count,
@@ -104,8 +108,17 @@ static inline int rsa_verify(struct image_sign_info *info,
 {
 	return -ENXIO;
 }
+
+static inline int padding_pkcs_15_verify(struct image_sign_info *info,
+					 uint8_t *msg, int msg_len,
+					 const uint8_t *hash, int hash_len)
+{
+	return -ENXIO;
+}
 #endif
 
+#define RSA_DEFAULT_PADDING_NAME		"pkcs-1.5"
+
 #define RSA2048_BYTES	(2048 / 8)
 #define RSA4096_BYTES	(4096 / 8)
 
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 78e348e..6aa0e2a 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -387,11 +387,13 @@ static void rsa_engine_remove(ENGINE *e)
 	}
 }
 
-static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
+static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo,
+			     struct checksum_algo *checksum_algo,
 		const struct image_region region[], int region_count,
 		uint8_t **sigp, uint *sig_size)
 {
 	EVP_PKEY *key;
+	EVP_PKEY_CTX *ckey;
 	EVP_MD_CTX *context;
 	int ret = 0;
 	size_t size;
@@ -422,7 +424,14 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
 		goto err_create;
 	}
 	EVP_MD_CTX_init(context);
-	if (EVP_DigestSignInit(context, NULL,
+
+	ckey = EVP_PKEY_CTX_new(key, NULL);
+	if (!ckey) {
+		ret = rsa_err("EVP key context creation failed");
+		goto err_create;
+	}
+
+	if (EVP_DigestSignInit(context, &ckey,
 			       checksum_algo->calculate_sign(),
 			       NULL, key) <= 0) {
 		ret = rsa_err("Signer setup failed");
@@ -488,7 +497,7 @@ int rsa_sign(struct image_sign_info *info,
 	ret = rsa_get_priv_key(info->keydir, info->keyname, e, &rsa);
 	if (ret)
 		goto err_priv;
-	ret = rsa_sign_with_key(rsa, info->checksum, region,
+	ret = rsa_sign_with_key(rsa, info->padding, info->checksum, region,
 				region_count, sigp, sig_len);
 	if (ret)
 		goto err_sign;
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index bc83354..279a9ba 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -57,31 +57,57 @@ static int rsa_verify_padding(const uint8_t *msg, const int pad_len,
 	return ret;
 }
 
+int padding_pkcs_15_verify(struct image_sign_info *info,
+			   uint8_t *msg, int msg_len,
+			   const uint8_t *hash, int hash_len)
+{
+	struct checksum_algo *checksum = info->checksum;
+	int ret, pad_len = msg_len - checksum->checksum_len;
+
+	/* Check pkcs1.5 padding bytes. */
+	ret = rsa_verify_padding(msg, pad_len, checksum);
+	if (ret) {
+		debug("In RSAVerify(): Padding check failed!\n");
+		return -EINVAL;
+	}
+
+	/* Check hash. */
+	if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) {
+		debug("In RSAVerify(): Hash check failed!\n");
+		return -EACCES;
+	}
+
+	return 0;
+}
+
 /**
  * rsa_verify_key() - Verify a signature against some data using RSA Key
  *
  * Verify a RSA PKCS1.5 signature against an expected hash using
  * the RSA Key properties in prop structure.
  *
+ * @info:	Specifies key and FIT information
  * @prop:	Specifies key
  * @sig:	Signature
  * @sig_len:	Number of bytes in signature
  * @hash:	Pointer to the expected hash
  * @key_len:	Number of bytes in rsa key
- * @algo:	Checksum algo structure having information on DER encoding etc.
  * @return 0 if verified, -ve on error
  */
-static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
+static int rsa_verify_key(struct image_sign_info *info,
+			  struct key_prop *prop, const uint8_t *sig,
 			  const uint32_t sig_len, const uint8_t *hash,
-			  const uint32_t key_len, struct checksum_algo *algo)
+			  const uint32_t key_len)
 {
-	int pad_len;
 	int ret;
 #if !defined(USE_HOSTCC)
 	struct udevice *mod_exp_dev;
 #endif
+	struct checksum_algo *checksum = info->checksum;
+	struct padding_algo *padding = info->padding;
+	int hash_len = checksum->checksum_len;
 
-	if (!prop || !sig || !hash || !algo)
+	if (!prop || !sig || !hash || !checksum)
 		return -EIO;
 
 	if (sig_len != (prop->num_bits / 8)) {
@@ -89,7 +115,7 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
 		return -EINVAL;
 	}
 
-	debug("Checksum algorithm: %s", algo->name);
+	debug("Checksum algorithm: %s", checksum->name);
 
 	/* Sanity check for stack size */
 	if (sig_len > RSA_MAX_SIG_BITS / 8) {
@@ -116,19 +142,10 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
 		return ret;
 	}
 
-	pad_len = key_len - algo->checksum_len;
-
-	/* Check pkcs1.5 padding bytes. */
-	ret = rsa_verify_padding(buf, pad_len, algo);
+	ret = padding->verify(info, buf, key_len, hash, hash_len);
 	if (ret) {
-		debug("In RSAVerify(): Padding check failed!\n");
-		return -EINVAL;
-	}
-
-	/* Check hash. */
-	if (memcmp((uint8_t *)buf + pad_len, hash, sig_len - pad_len)) {
-		debug("In RSAVerify(): Hash check failed!\n");
-		return -EACCES;
+		debug("In RSAVerify(): padding check failed!\n");
+		return ret;
 	}
 
 	return 0;
@@ -182,8 +199,8 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
 		return -EFAULT;
 	}
 
-	ret = rsa_verify_key(&prop, sig, sig_len, hash,
-			     info->crypto->key_len, info->checksum);
+	ret = rsa_verify_key(info, &prop, sig, sig_len, hash,
+			     info->crypto->key_len);
 
 	return ret;
 }
diff --git a/tools/image-host.c b/tools/image-host.c
index 09e4f47..88b3295 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -157,6 +157,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
 {
 	const char *node_name;
 	char *algo_name;
+	const char *padding_name;
 
 	node_name = fit_get_name(fit, noffset, NULL);
 	if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
@@ -165,6 +166,8 @@ static int fit_image_setup_sig(struct image_sign_info *info,
 		return -1;
 	}
 
+	padding_name = fdt_getprop(fit, noffset, "padding", NULL);
+
 	memset(info, '\0', sizeof(*info));
 	info->keydir = keydir;
 	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
@@ -173,6 +176,7 @@ static int fit_image_setup_sig(struct image_sign_info *info,
 	info->name = strdup(algo_name);
 	info->checksum = image_get_checksum_algo(algo_name);
 	info->crypto = image_get_crypto_algo(algo_name);
+	info->padding = image_get_padding_algo(padding_name);
 	info->require_keys = require_keys;
 	info->engine_id = engine_id;
 	if (!info->checksum || !info->crypto) {
-- 
2.7.4

[U-Boot] [PATCH V4 3/7] rsa: add support of padding pss

[Philippe Reynes]

We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 Kconfig              |   8 +++
 common/image-sig.c   |   6 ++
 include/image.h      |   1 +
 include/u-boot/rsa.h |  15 ++++
 lib/rsa/rsa-sign.c   |  10 +++
 lib/rsa/rsa-verify.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 230 insertions(+)

Changelog:
v4:
- remove Reviewed-by Clement Peron (added by mistake)
v3:
- no change
v2:
- add a Kconfig option (thanks Simon Glass)
- some code cleaning (thanks Simon Glass)

diff --git a/Kconfig b/Kconfig
index dca9bb4..3120553 100644
--- a/Kconfig
+++ b/Kconfig
@@ -290,6 +290,14 @@ config FIT_SIGNATURE_MAX_SIZE
 	  device memory. Assure this size does not extend past expected storage
 	  space.
 
+config FIT_ENABLE_RSASSA_PSS_SUPPORT
+	bool "Support rsassa-pss signature scheme of FIT image contents"
+	depends on FIT_SIGNATURE
+	default n
+	help
+	  Enable this to support the pss padding algorithm as described
+	  in the rfc8017 (https://tools.ietf.org/html/rfc8017).
+
 config FIT_VERBOSE
 	bool "Show verbose messages when FIT images fail"
 	help
diff --git a/common/image-sig.c b/common/image-sig.c
index b7ca657..f5ce3b2 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -76,6 +76,12 @@ struct padding_algo padding_algos[] = {
 		.name = "pkcs-1.5",
 		.verify = padding_pkcs_15_verify,
 	},
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+	{
+		.name = "pss",
+		.verify = padding_pss_verify,
+	}
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
 };
 
 struct checksum_algo *image_get_checksum_algo(const char *full_name)
diff --git a/include/image.h b/include/image.h
index 7fed0ae..f4c5a15 100644
--- a/include/image.h
+++ b/include/image.h
@@ -30,6 +30,7 @@ struct fdt_region;
 #define IMAGE_ENABLE_FIT	1
 #define IMAGE_ENABLE_OF_LIBFDT	1
 #define CONFIG_FIT_VERBOSE	1 /* enable fit_format_{error,warning}() */
+#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
 #define CONFIG_FIT_ENABLE_SHA256_SUPPORT
 #define CONFIG_SHA1
 #define CONFIG_SHA256
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 16b4c4c..2d3024d 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -101,6 +101,12 @@ int rsa_verify(struct image_sign_info *info,
 int padding_pkcs_15_verify(struct image_sign_info *info,
 			   uint8_t *msg, int msg_len,
 			   const uint8_t *hash, int hash_len);
+
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+int padding_pss_verify(struct image_sign_info *info,
+		       uint8_t *msg, int msg_len,
+		       const uint8_t *hash, int hash_len);
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
 #else
 static inline int rsa_verify(struct image_sign_info *info,
 		const struct image_region region[], int region_count,
@@ -115,6 +121,15 @@ static inline int padding_pkcs_15_verify(struct image_sign_info *info,
 {
 	return -ENXIO;
 }
+
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+static inline int padding_pss_verify(struct image_sign_info *info,
+				     uint8_t *msg, int msg_len,
+				     const uint8_t *hash, int hash_len)
+{
+	return -ENXIO;
+}
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
 #endif
 
 #define RSA_DEFAULT_PADDING_NAME		"pkcs-1.5"
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 6aa0e2a..fb5e07b 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -438,6 +438,16 @@ static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo,
 		goto err_sign;
 	}
 
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+	if (padding_algo && !strcmp(padding_algo->name, "pss")) {
+		if (EVP_PKEY_CTX_set_rsa_padding(ckey,
+						 RSA_PKCS1_PSS_PADDING) <= 0) {
+			ret = rsa_err("Signer padding setup failed");
+			goto err_sign;
+		}
+	}
+#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+
 	for (i = 0; i < region_count; i++) {
 		if (!EVP_DigestSignUpdate(context, region[i].data,
 					  region[i].size)) {
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 279a9ba..9734f6d 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -80,6 +80,196 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
 	return 0;
 }
 
+#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+static void u32_i2osp(uint32_t val, uint8_t *buf)
+{
+	buf[0] = (uint8_t)((val >> 24) & 0xff);
+	buf[1] = (uint8_t)((val >> 16) & 0xff);
+	buf[2] = (uint8_t)((val >>  8) & 0xff);
+	buf[3] = (uint8_t)((val >>  0) & 0xff);
+}
+
+/**
+ * mask_generation_function1() - generate an octet string
+ *
+ * Generate an octet string used to check rsa signature.
+ * It use an input octet string and a hash function.
+ *
+ * @checksum:	A Hash function
+ * @seed:	Specifies an input variable octet string
+ * @seed_len:	Size of the input octet string
+ * @output:	Specifies the output octet string
+ * @output_len:	Size of the output octet string
+ * @return 0 if the octet string was correctly generated, others on error
+ */
+static int mask_generation_function1(struct checksum_algo *checksum,
+				     uint8_t *seed, int seed_len,
+				     uint8_t *output, int output_len)
+{
+	struct image_region region[2];
+	int ret = 0, i, i_output = 0, region_count = 2;
+	uint32_t counter = 0;
+	uint8_t buf_counter[4], *tmp;
+	int hash_len = checksum->checksum_len;
+
+	memset(output, 0, output_len);
+
+	region[0].data = seed;
+	region[0].size = seed_len;
+	region[1].data = &buf_counter[0];
+	region[1].size = 4;
+
+	tmp = malloc(hash_len);
+	if (!tmp) {
+		debug("%s: can't allocate array tmp\n", __func__);
+		ret = -ENOMEM;
+		goto out;
+	}
+
+	while (i_output < output_len) {
+		u32_i2osp(counter, &buf_counter[0]);
+
+		ret = checksum->calculate(checksum->name,
+					  region, region_count,
+					  tmp);
+		if (ret < 0) {
+			debug("%s: Error in checksum calculation\n", __func__);
+			goto out;
+		}
+
+		i = 0;
+		while ((i_output < output_len) && (i < hash_len)) {
+			output[i_output] = tmp[i];
+			i_output++;
+			i++;
+		}
+
+		counter++;
+	}
+
+out:
+	free(tmp);
+
+	return ret;
+}
+
+static int compute_hash_prime(struct checksum_algo *checksum,
+			      uint8_t *pad, int pad_len,
+			      uint8_t *hash, int hash_len,
+			      uint8_t *salt, int salt_len,
+			      uint8_t *hprime)
+{
+	struct image_region region[3];
+	int ret, region_count = 3;
+
+	region[0].data = pad;
+	region[0].size = pad_len;
+	region[1].data = hash;
+	region[1].size = hash_len;
+	region[2].data = salt;
+	region[2].size = salt_len;
+
+	ret = checksum->calculate(checksum->name, region, region_count, hprime);
+	if (ret < 0) {
+		debug("%s: Error in checksum calculation\n", __func__);
+		goto out;
+	}
+
+out:
+	return ret;
+}
+
+int padding_pss_verify(struct image_sign_info *info,
+		       uint8_t *msg, int msg_len,
+		       const uint8_t *hash, int hash_len)
+{
+	uint8_t *masked_db = NULL;
+	int masked_db_len = msg_len - hash_len - 1;
+	uint8_t *h = NULL, *hprime = NULL;
+	int h_len = hash_len;
+	uint8_t *db_mask = NULL;
+	int db_mask_len = masked_db_len;
+	uint8_t *db = NULL, *salt = NULL;
+	int db_len = masked_db_len, salt_len = msg_len - hash_len - 2;
+	uint8_t pad_zero[8] = { 0 };
+	int ret, i, leftmost_bits = 1;
+	uint8_t leftmost_mask;
+	struct checksum_algo *checksum = info->checksum;
+
+	/* first, allocate everything */
+	masked_db = malloc(masked_db_len);
+	h = malloc(h_len);
+	db_mask = malloc(db_mask_len);
+	db = malloc(db_len);
+	salt = malloc(salt_len);
+	hprime = malloc(hash_len);
+	if (!masked_db || !h || !db_mask || !db || !salt || !hprime) {
+		printf("%s: can't allocate some buffer\n", __func__);
+		ret = -ENOMEM;
+		goto out;
+	}
+
+	/* step 4: check if the last byte is 0xbc */
+	if (msg[msg_len - 1] != 0xbc) {
+		printf("%s: invalid pss padding (0xbc is missing)\n", __func__);
+		ret = -EINVAL;
+		goto out;
+	}
+
+	/* step 5 */
+	memcpy(masked_db, msg, masked_db_len);
+	memcpy(h, msg + masked_db_len, h_len);
+
+	/* step 6 */
+	leftmost_mask = (0xff >> (8 - leftmost_bits)) << (8 - leftmost_bits);
+	if (masked_db[0] & leftmost_mask) {
+		printf("%s: invalid pss padding ", __func__);
+		printf("(leftmost bit of maskedDB not zero)\n");
+		ret = -EINVAL;
+		goto out;
+	}
+
+	/* step 7 */
+	mask_generation_function1(checksum, h, h_len, db_mask, db_mask_len);
+
+	/* step 8 */
+	for (i = 0; i < db_len; i++)
+		db[i] = masked_db[i] ^ db_mask[i];
+
+	/* step 9 */
+	db[0] &= 0xff >> leftmost_bits;
+
+	/* step 10 */
+	if (db[0] != 0x01) {
+		printf("%s: invalid pss padding ", __func__);
+		printf("(leftmost byte of db isn't 0x01)\n");
+		ret = EINVAL;
+		goto out;
+	}
+
+	/* step 11 */
+	memcpy(salt, &db[1], salt_len);
+
+	/* step 12 & 13 */
+	compute_hash_prime(checksum, pad_zero, 8,
+			   (uint8_t *)hash, hash_len,
+			   salt, salt_len, hprime);
+
+	/* step 14 */
+	ret = memcmp(h, hprime, hash_len);
+
+out:
+	free(hprime);
+	free(salt);
+	free(db);
+	free(db_mask);
+	free(h);
+	free(masked_db);
+
+	return ret;
+}
+#endif
+
 /**
  * rsa_verify_key() - Verify a signature against some data using RSA Key
  *
-- 
2.7.4

[U-Boot] [PATCH V4 4/7] doc: uImage.FIT: signature.txt: add option padding

[Philippe Reynes]

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 doc/uImage.FIT/signature.txt | 3 +++
 1 file changed, 3 insertions(+)

Changelog:
v4:
- remove Reviewed-by Clement Peron (added by mistake)
v3:
- no change
v2:
- no change

diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index a765722..bfff6fd 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -106,6 +106,9 @@ When the image is signed, the following properties are optional:
 
 - comment: Additional information about the signer or image
 
+- padding: The padding algorithm, it may be pkcs-1.5 or pss,
+	if no value is provided we assume pkcs-1.5
+
 For config bindings (see Signed Configurations below), the following
 additional properties are optional:
 
-- 
2.7.4

[U-Boot] [PATCH V4 5/7] configs: sandbox: enable padding pss for rsa signature

[Philippe Reynes]

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 configs/sandbox_defconfig | 1 +
 1 file changed, 1 insertion(+)

Changelog:
v4:
- remove Reviewed-by Clement Peron (added by mistake)
v3:
- no change
v2:
- new patch in the serie

diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 2ce336f..b2565e1 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -6,6 +6,7 @@ CONFIG_NR_DRAM_BANKS=1
 CONFIG_ANDROID_BOOT_IMAGE=y
 CONFIG_FIT=y
 CONFIG_FIT_SIGNATURE=y
+CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_BOOTSTAGE=y
 CONFIG_BOOTSTAGE_REPORT=y
-- 
2.7.4

[U-Boot] [PATCH V4 6/7] test: vboot: add padding pss for rsa signature

[Philippe Reynes]

The padding pss is now supported for rsa signature.
This add test with padding pss on vboot test.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 test/py/tests/test_vboot.py                     | 12 ++++---
 test/py/tests/vboot/sign-configs-sha1-pss.its   | 46 +++++++++++++++++++++++++
 test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++
 test/py/tests/vboot/sign-images-sha1-pss.its    | 44 +++++++++++++++++++++++
 test/py/tests/vboot/sign-images-sha256-pss.its  | 44 +++++++++++++++++++++++
 5 files changed, 187 insertions(+), 5 deletions(-)
 create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its
 create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its
 create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its
 create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its

Changelog:
v4:
- remove Reviewed-by Clement Peron (added by mistake)
v3:
- fix make_fit for sign-configs (should also use padding)
v2:
- new patch in the serie
- add vboot for pss padding (thanks Simon Glass)

diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index e9cbd57..a3a3879 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -126,7 +126,7 @@ def test_vboot(u_boot_console):
             handle.write(struct.pack(">I", size))
         return struct.unpack(">I", total_size)[0]
 
-    def test_with_algo(sha_algo):
+    def test_with_algo(sha_algo, padding):
         """Test verified boot with the given hash algorithm.
 
         This is the main part of the test code. The same procedure is followed
@@ -144,7 +144,7 @@ def test_vboot(u_boot_console):
 
         # Build the FIT, but don't sign anything yet
         cons.log.action('%s: Test FIT with signed images' % sha_algo)
-        make_fit('sign-images-%s.its' % sha_algo)
+        make_fit('sign-images-%s%s.its' % (sha_algo , padding))
         run_bootm(sha_algo, 'unsigned images', 'dev-', True)
 
         # Sign images with our dev keys
@@ -155,7 +155,7 @@ def test_vboot(u_boot_console):
         dtc('sandbox-u-boot.dts')
 
         cons.log.action('%s: Test FIT with signed configuration' % sha_algo)
-        make_fit('sign-configs-%s.its' % sha_algo)
+        make_fit('sign-configs-%s%s.its' % (sha_algo , padding))
         run_bootm(sha_algo, 'unsigned config', '%s+ OK' % sha_algo, True)
 
         # Sign images with our dev keys
@@ -226,8 +226,10 @@ def test_vboot(u_boot_console):
         # afterwards.
         old_dtb = cons.config.dtb
         cons.config.dtb = dtb
-        test_with_algo('sha1')
-        test_with_algo('sha256')
+        test_with_algo('sha1','')
+        test_with_algo('sha1','-pss')
+        test_with_algo('sha256','')
+        test_with_algo('sha256','-pss')
     finally:
         # Go back to the original U-Boot with the correct dtb.
         cons.config.dtb = old_dtb
diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its
new file mode 100644
index 0000000..3c3ab20
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha1-pss.its
@@ -0,0 +1,46 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel at 1 {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			hash at 1 {
+				algo = "sha1";
+			};
+		};
+		fdt at 1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			hash at 1 {
+				algo = "sha1";
+			};
+		};
+	};
+	configurations {
+		default = "conf at 1";
+		conf at 1 {
+			kernel = "kernel at 1";
+			fdt = "fdt at 1";
+			signature at 1 {
+				algo = "sha1,rsa2048";
+				padding = "pss";
+				key-name-hint = "dev";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its
new file mode 100644
index 0000000..8e33510
--- /dev/null
+++ b/test/py/tests/vboot/sign-configs-sha256-pss.its
@@ -0,0 +1,46 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel at 1 {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			hash at 1 {
+				algo = "sha256";
+			};
+		};
+		fdt at 1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			hash at 1 {
+				algo = "sha256";
+			};
+		};
+	};
+	configurations {
+		default = "conf at 1";
+		conf at 1 {
+			kernel = "kernel at 1";
+			fdt = "fdt at 1";
+			signature at 1 {
+				algo = "sha256,rsa2048";
+				padding = "pss";
+				key-name-hint = "dev";
+				sign-images = "fdt", "kernel";
+			};
+		};
+	};
+};
diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its
new file mode 100644
index 0000000..d19c4d7
--- /dev/null
+++ b/test/py/tests/vboot/sign-images-sha1-pss.its
@@ -0,0 +1,44 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel at 1 {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			signature at 1 {
+				algo = "sha1,rsa2048";
+				padding = "pss";
+				key-name-hint = "dev";
+			};
+		};
+		fdt at 1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			signature at 1 {
+				algo = "sha1,rsa2048";
+				padding = "pss";
+				key-name-hint = "dev";
+			};
+		};
+	};
+	configurations {
+		default = "conf at 1";
+		conf at 1 {
+			kernel = "kernel at 1";
+			fdt = "fdt at 1";
+		};
+	};
+};
diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its
new file mode 100644
index 0000000..43612f8
--- /dev/null
+++ b/test/py/tests/vboot/sign-images-sha256-pss.its
@@ -0,0 +1,44 @@
+/dts-v1/;
+
+/ {
+	description = "Chrome OS kernel image with one or more FDT blobs";
+	#address-cells = <1>;
+
+	images {
+		kernel at 1 {
+			data = /incbin/("test-kernel.bin");
+			type = "kernel_noload";
+			arch = "sandbox";
+			os = "linux";
+			compression = "none";
+			load = <0x4>;
+			entry = <0x8>;
+			kernel-version = <1>;
+			signature at 1 {
+				algo = "sha256,rsa2048";
+				padding = "pss";
+				key-name-hint = "dev";
+			};
+		};
+		fdt at 1 {
+			description = "snow";
+			data = /incbin/("sandbox-kernel.dtb");
+			type = "flat_dt";
+			arch = "sandbox";
+			compression = "none";
+			fdt-version = <1>;
+			signature at 1 {
+				algo = "sha256,rsa2048";
+				padding = "pss";
+				key-name-hint = "dev";
+			};
+		};
+	};
+	configurations {
+		default = "conf at 1";
+		conf at 1 {
+			kernel = "kernel at 1";
+			fdt = "fdt at 1";
+		};
+	};
+};
-- 
2.7.4

[U-Boot] [PATCH V4 7/7] test: vboot: clean its file

[Philippe Reynes]

This update the its file used in vboot test to respect the new
node style name defined in doc/uImage.FIT (for example: replace
kernel at 1 by kernel and fdt at 1 by fdt-1)

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
 test/py/tests/test_vboot.py                     |  2 +-
 test/py/tests/vboot/sign-configs-sha1-pss.its   | 18 +++++++++---------
 test/py/tests/vboot/sign-configs-sha1.its       | 18 +++++++++---------
 test/py/tests/vboot/sign-configs-sha256-pss.its | 18 +++++++++---------
 test/py/tests/vboot/sign-configs-sha256.its     | 18 +++++++++---------
 test/py/tests/vboot/sign-images-sha1-pss.its    | 16 ++++++++--------
 test/py/tests/vboot/sign-images-sha1.its        | 16 ++++++++--------
 test/py/tests/vboot/sign-images-sha256-pss.its  | 16 ++++++++--------
 test/py/tests/vboot/sign-images-sha256.its      | 16 ++++++++--------
 9 files changed, 69 insertions(+), 69 deletions(-)

Changelog:
v4:
- remove Reviewed-by Clement Peron (added by mistake)
- remove Reviewed-by Simon Glass (added by mistake)
v3:
- new patch in the serie (feedback from Clement Peron)

diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
index a3a3879..1e6ae7a 100644
--- a/test/py/tests/test_vboot.py
+++ b/test/py/tests/test_vboot.py
@@ -204,7 +204,7 @@ def test_vboot(u_boot_console):
     fit_check_sign = cons.config.build_dir + '/tools/fit_check_sign'
     dtc_args = '-I dts -O dtb -i %s' % tmpdir
     dtb = '%ssandbox-u-boot.dtb' % tmpdir
-    sig_node = '/configurations/conf at 1/signature at 1'
+    sig_node = '/configurations/conf-1/signature'
 
     # Create an RSA key pair
     public_exponent = 65537
diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its
index 3c3ab20..72a5637 100644
--- a/test/py/tests/vboot/sign-configs-sha1-pss.its
+++ b/test/py/tests/vboot/sign-configs-sha1-pss.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,28 +14,28 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha1";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha1";
 			};
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
-			signature at 1 {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+			signature {
 				algo = "sha1,rsa2048";
 				padding = "pss";
 				key-name-hint = "dev";
diff --git a/test/py/tests/vboot/sign-configs-sha1.its b/test/py/tests/vboot/sign-configs-sha1.its
index db2ed79..d8bc1fa 100644
--- a/test/py/tests/vboot/sign-configs-sha1.its
+++ b/test/py/tests/vboot/sign-configs-sha1.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,28 +14,28 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha1";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha1";
 			};
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
-			signature at 1 {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+			signature {
 				algo = "sha1,rsa2048";
 				key-name-hint = "dev";
 				sign-images = "fdt", "kernel";
diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its
index 8e33510..7bdcc7e 100644
--- a/test/py/tests/vboot/sign-configs-sha256-pss.its
+++ b/test/py/tests/vboot/sign-configs-sha256-pss.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,28 +14,28 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha256";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha256";
 			};
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
-			signature at 1 {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+			signature {
 				algo = "sha256,rsa2048";
 				padding = "pss";
 				key-name-hint = "dev";
diff --git a/test/py/tests/vboot/sign-configs-sha256.its b/test/py/tests/vboot/sign-configs-sha256.its
index 1b3432e..f5591aa 100644
--- a/test/py/tests/vboot/sign-configs-sha256.its
+++ b/test/py/tests/vboot/sign-configs-sha256.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,28 +14,28 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha256";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			hash at 1 {
+			hash-1 {
 				algo = "sha256";
 			};
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
-			signature at 1 {
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
+			signature {
 				algo = "sha256,rsa2048";
 				key-name-hint = "dev";
 				sign-images = "fdt", "kernel";
diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its
index d19c4d7..ded7ae4 100644
--- a/test/py/tests/vboot/sign-images-sha1-pss.its
+++ b/test/py/tests/vboot/sign-images-sha1-pss.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,20 +14,20 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha1,rsa2048";
 				padding = "pss";
 				key-name-hint = "dev";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha1,rsa2048";
 				padding = "pss";
 				key-name-hint = "dev";
@@ -35,10 +35,10 @@
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
 		};
 	};
 };
diff --git a/test/py/tests/vboot/sign-images-sha1.its b/test/py/tests/vboot/sign-images-sha1.its
index f69326a..18c759e 100644
--- a/test/py/tests/vboot/sign-images-sha1.its
+++ b/test/py/tests/vboot/sign-images-sha1.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,29 +14,29 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha1,rsa2048";
 				key-name-hint = "dev";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha1,rsa2048";
 				key-name-hint = "dev";
 			};
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
 		};
 	};
 };
diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its
index 43612f8..34850cc 100644
--- a/test/py/tests/vboot/sign-images-sha256-pss.its
+++ b/test/py/tests/vboot/sign-images-sha256-pss.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,20 +14,20 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha256,rsa2048";
 				padding = "pss";
 				key-name-hint = "dev";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha256,rsa2048";
 				padding = "pss";
 				key-name-hint = "dev";
@@ -35,10 +35,10 @@
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
 		};
 	};
 };
diff --git a/test/py/tests/vboot/sign-images-sha256.its b/test/py/tests/vboot/sign-images-sha256.its
index e6aa9fc..bb0f8ee 100644
--- a/test/py/tests/vboot/sign-images-sha256.its
+++ b/test/py/tests/vboot/sign-images-sha256.its
@@ -5,7 +5,7 @@
 	#address-cells = <1>;
 
 	images {
-		kernel at 1 {
+		kernel {
 			data = /incbin/("test-kernel.bin");
 			type = "kernel_noload";
 			arch = "sandbox";
@@ -14,29 +14,29 @@
 			load = <0x4>;
 			entry = <0x8>;
 			kernel-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha256,rsa2048";
 				key-name-hint = "dev";
 			};
 		};
-		fdt at 1 {
+		fdt-1 {
 			description = "snow";
 			data = /incbin/("sandbox-kernel.dtb");
 			type = "flat_dt";
 			arch = "sandbox";
 			compression = "none";
 			fdt-version = <1>;
-			signature at 1 {
+			signature {
 				algo = "sha256,rsa2048";
 				key-name-hint = "dev";
 			};
 		};
 	};
 	configurations {
-		default = "conf at 1";
-		conf at 1 {
-			kernel = "kernel at 1";
-			fdt = "fdt at 1";
+		default = "conf-1";
+		conf-1 {
+			kernel = "kernel";
+			fdt = "fdt-1";
 		};
 	};
 };
-- 
2.7.4

[U-Boot] [PATCH V4 7/7] test: vboot: clean its file

[Simon Glass]

On 14 November 2018 at 04:51, Philippe Reynes
<philippe.reynes@softathome.com> wrote:
> This update the its file used in vboot test to respect the new
> node style name defined in doc/uImage.FIT (for example: replace
> kernel at 1 by kernel and fdt at 1 by fdt-1)
>
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> ---
>  test/py/tests/test_vboot.py                     |  2 +-
>  test/py/tests/vboot/sign-configs-sha1-pss.its   | 18 +++++++++---------
>  test/py/tests/vboot/sign-configs-sha1.its       | 18 +++++++++---------
>  test/py/tests/vboot/sign-configs-sha256-pss.its | 18 +++++++++---------
>  test/py/tests/vboot/sign-configs-sha256.its     | 18 +++++++++---------
>  test/py/tests/vboot/sign-images-sha1-pss.its    | 16 ++++++++--------
>  test/py/tests/vboot/sign-images-sha1.its        | 16 ++++++++--------
>  test/py/tests/vboot/sign-images-sha256-pss.its  | 16 ++++++++--------
>  test/py/tests/vboot/sign-images-sha256.its      | 16 ++++++++--------
>  9 files changed, 69 insertions(+), 69 deletions(-)
>
> Changelog:
> v4:
> - remove Reviewed-by Clement Peron (added by mistake)
> - remove Reviewed-by Simon Glass (added by mistake)
> v3:
> - new patch in the serie (feedback from Clement Peron)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

[U-Boot] [U-Boot, V4, 1/7] rsa: use new openssl API to create signature

[Tom Rini]

On Wed, Nov 14, 2018 at 01:50:59PM +0100, Philippe Reynes wrote:

> Previous implementation of the rsa signature was using
> the openssl API EVP_Sign*, but the new openssl API
> EVP_DigestSign* is more flexible. So we move to this
> new API.
> 
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181203/bde7d642/attachment.sig>

[U-Boot] [U-Boot,V4,2/7] rsa: add a structure for the padding

[Tom Rini]

On Wed, Nov 14, 2018 at 01:51:00PM +0100, Philippe Reynes wrote:

> The rsa signature use a padding algorithm. By default, we use the
> padding pkcs-1.5. In order to add some new padding algorithm, we
> add a padding framework to manage several padding algorithm.
> The choice of the padding is done in the file .its.
> 
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181203/876f1285/attachment.sig>

[U-Boot] [U-Boot,V4,3/7] rsa: add support of padding pss

[Tom Rini]

On Wed, Nov 14, 2018 at 01:51:01PM +0100, Philippe Reynes wrote:

> We add the support of the padding pss for rsa signature.
> This new padding is often recommended instead of pkcs-1.5.
> 
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181203/e7b0f38d/attachment.sig>

[U-Boot] [U-Boot, V4, 4/7] doc: uImage.FIT: signature.txt: add option padding

[Tom Rini]

On Wed, Nov 14, 2018 at 01:51:02PM +0100, Philippe Reynes wrote:

> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181203/957d34ef/attachment.sig>

[U-Boot] [U-Boot, V4, 5/7] configs: sandbox: enable padding pss for rsa signature

[Tom Rini]

On Wed, Nov 14, 2018 at 01:51:03PM +0100, Philippe Reynes wrote:

> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181203/ae14c61e/attachment.sig>

[U-Boot] [U-Boot, V4, 6/7] test: vboot: add padding pss for rsa signature

[Tom Rini]

On Wed, Nov 14, 2018 at 01:51:04PM +0100, Philippe Reynes wrote:

> The padding pss is now supported for rsa signature.
> This add test with padding pss on vboot test.
> 
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181203/e714347d/attachment.sig>

[U-Boot] [U-Boot,V4,7/7] test: vboot: clean its file

[Tom Rini]

On Wed, Nov 14, 2018 at 01:51:05PM +0100, Philippe Reynes wrote:

> This update the its file used in vboot test to respect the new
> node style name defined in doc/uImage.FIT (for example: replace
> kernel at 1 by kernel and fdt at 1 by fdt-1)
> 
> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181203/e45f225d/attachment.sig>