From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 00/17] import x509/pkcs7 parsers from linux
Date: Mon, 28 Oct 2019 10:44:39 +0900 [thread overview]
Message-ID: <20191028014438.GQ10448@linaro.org> (raw)
In-Reply-To: <20191025100749.16165-1-takahiro.akashi@linaro.org>
On Fri, Oct 25, 2019 at 07:07:32PM +0900, AKASHI Takahiro wrote:
> # This patch set should be merged first prior to my rsa extension patch
> # due to some dependency. I plan to send out a new version of rsa
> # extension next week.
>
> Asn1 parsers of x509 certificates and pkcs7 messages are required
> to implement image authentication and variable authentication as
> part of UEFI secure boot feature.
>
> As we discussed before in the thread[1], most people insisted that
> we should re-use corresponding source code from Linux repository
> for this purpose.
>
> Here is my attempt to import all the necessary files from Linux; Those
> will eventually be part of UEFI secure boot implementation, but I'd like
> to get early feedback from other peoples before submitting the whole
> patchset so that they will be better formatted for merging.
>
> My approach here is
> * files from the latest Linux
> * modify files as little as possible
> * mark/protect unavoidable changes with "#if(n)def __UBOOT__"
> so that future fixes/differences in Linux repository will easily
> be applied to U-Boot.
>
> Known issues:
> * checkpatch.pl
> Checkpatch.pl will complain with a bunch of warnings/errors but
> I intentionally left them unchanged for the sake of better
> maintainability I said above.
>
> * unit test
> I'm still waiting for a feedback from Tom[2] regarding how we should
> enable "unit test" for ASN1 compiler/decoder on sandbox and others
> in Travis CI.
>
> * Travis CI
> It is still running against this very version, but I'm sure I have
> fixed all the issues (as long as Heinrich's [3] is applied);
> I will let you know the result on Monday.
All Travis CI tests have passed.
-Takahiro Akashi
> Any comments will be appreciated.
> -Takahiro Akashi
>
> [1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html
> [2] https://lists.denx.de/pipermail/u-boot/2019-October/387734.html
> [3] https://lists.denx.de/pipermail/u-boot/2019-October/385643.html
>
> Changes in v2 (Oct 25, 2019)
> * revise commit messages, describing what files are modified or not.
> * move kmemdump() in ubifs.c to linux_compat.c for general use (patch#1)
> * add patch#2
> * move date.c to lib/ for general use (patch#3)
> * implement mktime64() with rtc_mktime() (patch#4)
> * move asn1_compiler.c to tools/ (patch#7)
> * change CONFIG_BUILD_ASN1 to CONFIG_ASN1_COMPILER (patch#7)
> * add clean rule to asn1_compiler-generated files to clean targets (patch#8)
> * change CONFIG_ASN1 to CONFIG_ASN1_DECODER (patch#9)
> * add README for asn1 compiler/decoder (patch#10)
> * move build_oid_registory to scripts/ (patch#11)
> * shuffle an order of patches (patch#13,#14,#15)
> * add a new config CONFIG_RSA_PUBLIC_KEY_PARSER so that it can be
> * modify Kconfig dependency (patch#13,#14,#15)
> compiled in independently (patch#13)
> * add unit test (patch#16,#17)
>
> Changes in v1 (Oct 11, 2019) from RFC
> * change the kernel code base from v5.0 to v5.3
> * add preparatory patches (#1, #2 and #3)
> * comment off x509_check_for_self_signed() which is not useful
> for UEFI secure boot (patch#9)
> * improve usages of "#if(n)def __UBOOT__* to minimize differences
> between U-Boot and linux kernel
>
> AKASHI Takahiro (17):
> linux_compat: move kmemdup() from ubifs.c to linux_compat.c
> rtc.h: add struct udevice declaration
> rtc: move date.c from drivers/rtc/ to lib/
> lib: add mktime64() for linux compatibility
> include: kernel.h: include printk.h
> linux/time.h: include vsprintf.h
> cmd: add asn1_compiler
> Makefile: add build script for asn1 parsers
> lib: add asn1 decoder
> doc: add README for asn1 compiler and decoder
> lib: add oid registry utility
> lib: crypto: add public key utility
> lib: crypto: add rsa public key parser
> lib: crypto: add x509 parser
> lib: crypto: add pkcs7 message parser
> test: add lib specific Kconfig
> test: add asn1 unit test
>
> Makefile | 1 +
> cmd/Kconfig | 1 +
> doc/README.asn1 | 40 +
> drivers/rtc/Kconfig | 1 +
> drivers/rtc/Makefile | 1 -
> fs/ubifs/ubifs.c | 19 +-
> include/crypto/internal/rsa.h | 57 +
> include/crypto/pkcs7.h | 47 +
> include/crypto/public_key.h | 90 ++
> include/keys/asymmetric-type.h | 88 ++
> include/linux/asn1.h | 65 ++
> include/linux/asn1_ber_bytecode.h | 89 ++
> include/linux/asn1_decoder.h | 20 +
> include/linux/kernel.h | 2 +-
> include/linux/oid_registry.h | 117 +++
> include/linux/time.h | 11 +
> include/rtc.h | 2 +
> lib/Kconfig | 17 +
> lib/Makefile | 20 +
> lib/asn1_decoder.c | 527 ++++++++++
> lib/crypto/Kconfig | 52 +
> lib/crypto/Makefile | 49 +
> lib/crypto/asymmetric_type.c | 668 ++++++++++++
> lib/crypto/pkcs7.asn1 | 135 +++
> lib/crypto/pkcs7_parser.c | 693 +++++++++++++
> lib/crypto/pkcs7_parser.h | 65 ++
> lib/crypto/public_key.c | 376 +++++++
> lib/crypto/rsa_helper.c | 198 ++++
> lib/crypto/rsapubkey.asn1 | 4 +
> lib/crypto/x509.asn1 | 60 ++
> lib/crypto/x509_akid.asn1 | 35 +
> lib/crypto/x509_cert_parser.c | 697 +++++++++++++
> lib/crypto/x509_parser.h | 57 +
> lib/crypto/x509_public_key.c | 292 ++++++
> {drivers/rtc => lib}/date.c | 23 +-
> lib/linux_compat.c | 17 +
> lib/oid_registry.c | 179 ++++
> scripts/Makefile.build | 4 +-
> scripts/build_OID_registry | 203 ++++
> test/Kconfig | 8 +-
> test/lib/Kconfig | 23 +
> test/lib/Makefile | 2 +
> test/lib/asn1.c | 392 +++++++
> tools/Makefile | 3 +
> tools/asn1_compiler.c | 1611 +++++++++++++++++++++++++++++
> 45 files changed, 7030 insertions(+), 31 deletions(-)
> create mode 100644 doc/README.asn1
> create mode 100644 include/crypto/internal/rsa.h
> create mode 100644 include/crypto/pkcs7.h
> create mode 100644 include/crypto/public_key.h
> create mode 100644 include/keys/asymmetric-type.h
> create mode 100644 include/linux/asn1.h
> create mode 100644 include/linux/asn1_ber_bytecode.h
> create mode 100644 include/linux/asn1_decoder.h
> create mode 100644 include/linux/oid_registry.h
> create mode 100644 lib/asn1_decoder.c
> create mode 100644 lib/crypto/Kconfig
> create mode 100644 lib/crypto/Makefile
> create mode 100644 lib/crypto/asymmetric_type.c
> create mode 100644 lib/crypto/pkcs7.asn1
> create mode 100644 lib/crypto/pkcs7_parser.c
> create mode 100644 lib/crypto/pkcs7_parser.h
> create mode 100644 lib/crypto/public_key.c
> create mode 100644 lib/crypto/rsa_helper.c
> create mode 100644 lib/crypto/rsapubkey.asn1
> create mode 100644 lib/crypto/x509.asn1
> create mode 100644 lib/crypto/x509_akid.asn1
> create mode 100644 lib/crypto/x509_cert_parser.c
> create mode 100644 lib/crypto/x509_parser.h
> create mode 100644 lib/crypto/x509_public_key.c
> rename {drivers/rtc => lib}/date.c (81%)
> create mode 100644 lib/oid_registry.c
> create mode 100755 scripts/build_OID_registry
> create mode 100644 test/lib/Kconfig
> create mode 100644 test/lib/asn1.c
> create mode 100644 tools/asn1_compiler.c
>
> --
> 2.21.0
>
prev parent reply other threads:[~2019-10-28 1:44 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-25 10:07 [U-Boot] [PATCH v2 00/17] import x509/pkcs7 parsers from linux AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 01/17] linux_compat: move kmemdup() from ubifs.c to linux_compat.c AKASHI Takahiro
2019-10-25 17:38 ` Heinrich Schuchardt
2019-10-28 0:28 ` AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 02/17] rtc.h: add struct udevice declaration AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 03/17] rtc: move date.c from drivers/rtc/ to lib/ AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 04/17] lib: add mktime64() for linux compatibility AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 05/17] include: kernel.h: include printk.h AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 06/17] linux/time.h: include vsprintf.h AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 07/17] cmd: add asn1_compiler AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 08/17] Makefile: add build script for asn1 parsers AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 09/17] lib: add asn1 decoder AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 10/17] doc: add README for asn1 compiler and decoder AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 11/17] lib: add oid registry utility AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 12/17] lib: crypto: add public key utility AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 13/17] lib: crypto: add rsa public key parser AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 14/17] lib: crypto: add x509 parser AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 15/17] lib: crypto: add pkcs7 message parser AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 16/17] test: add lib specific Kconfig AKASHI Takahiro
2019-10-25 16:07 ` Tom Rini
2019-10-28 0:26 ` AKASHI Takahiro
2019-10-25 10:07 ` [U-Boot] [PATCH v2 17/17] test: add asn1 unit test AKASHI Takahiro
2019-10-28 1:44 ` AKASHI Takahiro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191028014438.GQ10448@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox