From: Alexandru Gagniuc <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v4 0/6] Add support for ECDSA image signing (with test)
Date: Fri, 8 Jan 2021 13:17:31 -0600 [thread overview]
Message-ID: <20210108191737.615022-1-mr.nuke.me@gmail.com> (raw)
## Purpose and intent
The purpose of this series is to enable ECDSA as an alternative to RSA
for FIT signing. As new chips have built-in support for ECDSA verified
boot, it makes sense to stick to one signing algorithm, instead of
resorting to RSA for u-boot images.
The focus of this series is signing an existing FIT image:
mkimage -F some-existing.fit --signing-key some/key.pem
Signing while assembling a FIT is not a tested use case.
# Implementation
## Code organization
Unlike the RSA path, which mixes host and firmware code in the same,
source files, this series keeps a very clear distinction.
ecdsa-libcrypto.c is intended to be used for host code and only for
host code. There is more opportunity for code reuse this way.
## Signing
There is one major difference from the RSA path. The 'key-name-hint'
property is ignored in the ECDSA path. There are two reasons:
(1) The intent of 'key-name-hint' is not clear
(2) Initial implementation is much easier to review
There is an intentional side-effect. The RSA path takes 'key-name-hint'
to decide which key file to read from disk. In the context of "which
fdt node describes my signing key", this makes sense. On the other
hand, 'key-name-hint' is also used as the basename of where the key is
on the filesystem. This leads to some funny search paths, such as
"some/dir/(null).key"
So I am using the -K option to mkimage as the _full_ path to the key
file. It doesn't have to be named .key, it doesn't have to be named
.crt, and it doesn't have to exist in a particular directory (as is
the case for the RSA path). I understand and recognize that this
discrepancy must be resolved, but resolving it right now would make
the initial implementation much harder and longer.
# Testing
test/py/tests/test_fit_ecdsa.py is implemented withe the goal to check
that the signing is done correctly, and that the signature is encoded
in the proper raw format. Verification is done with pyCryptodomex, so
this test will catch both coding errors and openssl bugs. This is the
only scope of testing proposed here.
# Things not yet resolved:
- is mkimage '-k' supposed to be a directory or file path
I'm hoping I can postpone answering this question pending further discussion.
Changes since v3:
- Don't use 'log_msg_ret()', as it's not available host-side
Changes since v1 and v2:
- Added lots of function comments
- Replaced hardcoded error numbers with more meaningful errno numbers
- Changed some error paths to use 'return log_msg_ret'
Alexandru Gagniuc (6):
lib: Rename rsa-checksum.c to hash-checksum.c
lib/rsa: Make fdt_add_bignum() available outside of RSA code
lib: Add support for ECDSA image signing
doc: signature.txt: Document devicetree format for ECDSA keys
test/py: Add pycryptodomex to list of required pakages
test/py: ecdsa: Add test for mkimage ECDSA signing
common/image-fit-sig.c | 2 +-
common/image-sig.c | 13 +-
doc/uImage.FIT/signature.txt | 7 +-
include/image.h | 5 +-
include/u-boot/ecdsa.h | 94 ++++++
include/u-boot/fdt-libcrypto.h | 27 ++
.../{rsa-checksum.h => hash-checksum.h} | 0
lib/Makefile | 1 +
lib/crypto/pkcs7_verify.c | 2 +-
lib/crypto/x509_public_key.c | 2 +-
lib/ecdsa/ecdsa-libcrypto.c | 306 ++++++++++++++++++
lib/fdt-libcrypto.c | 72 +++++
lib/{rsa/rsa-checksum.c => hash-checksum.c} | 3 +-
lib/rsa/Makefile | 2 +-
lib/rsa/rsa-sign.c | 65 +---
test/py/requirements.txt | 1 +
test/py/tests/test_fit_ecdsa.py | 111 +++++++
tools/Makefile | 7 +-
18 files changed, 645 insertions(+), 75 deletions(-)
create mode 100644 include/u-boot/ecdsa.h
create mode 100644 include/u-boot/fdt-libcrypto.h
rename include/u-boot/{rsa-checksum.h => hash-checksum.h} (100%)
create mode 100644 lib/ecdsa/ecdsa-libcrypto.c
create mode 100644 lib/fdt-libcrypto.c
rename lib/{rsa/rsa-checksum.c => hash-checksum.c} (96%)
create mode 100644 test/py/tests/test_fit_ecdsa.py
--
2.26.2
next reply other threads:[~2021-01-08 19:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-08 19:17 Alexandru Gagniuc [this message]
2021-01-08 19:17 ` [PATCH v4 1/6] lib: Rename rsa-checksum.c to hash-checksum.c Alexandru Gagniuc
2021-01-27 19:02 ` Patrick DELAUNAY
2021-01-08 19:17 ` [PATCH v4 2/6] lib/rsa: Make fdt_add_bignum() available outside of RSA code Alexandru Gagniuc
2021-01-27 19:10 ` Patrick DELAUNAY
2021-01-28 0:57 ` Tom Rini
2021-01-08 19:17 ` [PATCH v4 3/6] lib: Add support for ECDSA image signing Alexandru Gagniuc
2021-01-08 19:17 ` [PATCH v4 4/6] doc: signature.txt: Document devicetree format for ECDSA keys Alexandru Gagniuc
2021-01-08 19:17 ` [PATCH v4 5/6] test/py: Add pycryptodomex to list of required pakages Alexandru Gagniuc
2021-01-08 19:17 ` [PATCH v4 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing Alexandru Gagniuc
2021-01-28 16:40 ` [PATCH v4 0/6] Add support for ECDSA image signing (with test) Patrick DELAUNAY
2021-01-28 17:54 ` Alex G.
2021-02-01 20:44 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210108191737.615022-1-mr.nuke.me@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox