From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id A0817C433F5
	for <u-boot@archiver.kernel.org>; Tue, 18 Jan 2022 07:10:30 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id DB24C830C0;
	Tue, 18 Jan 2022 08:10:27 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=aspeedtech.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id 66D4583103; Tue, 18 Jan 2022 08:10:26 +0100 (CET)
Received: from twspam01.aspeedtech.com (twspam01.aspeedtech.com
 [211.20.114.71])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 6269082F89
 for <u-boot@lists.denx.de>; Tue, 18 Jan 2022 08:10:22 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none)
 header.from=aspeedtech.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=jamin_lin@aspeedtech.com
Received: from mail.aspeedtech.com ([192.168.0.24])
 by twspam01.aspeedtech.com with ESMTP id 20I738f0005776;
 Tue, 18 Jan 2022 15:03:08 +0800 (GMT-8)
 (envelope-from jamin_lin@aspeedtech.com)
Received: from aspeedtech.com (118.99.190.129) by TWMBX02.aspeed.com
 (192.168.0.24) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 18 Jan
 2022 15:10:04 +0800
Date: Tue, 18 Jan 2022 15:09:53 +0800
From: Jamin Lin <jamin_lin@aspeedtech.com>
To: Tom Rini <trini@konsulko.com>
CC: Alexandru Gagniuc <mr.nuke.me@gmail.com>, Simon Glass <sjg@chromium.org>, 
 Philippe Reynes <philippe.reynes@softathome.com>, Sean Anderson
 <sean.anderson@seco.com>, Thomas Perrot <thomas.perrot@bootlin.com>, "open
 list" <u-boot@lists.denx.de>, Troy Lee <troy_lee@aspeedtech.com>,
 Steven Lee <steven_lee@aspeedtech.com>
Subject: Re: [PATCH v3 1/1] rsa: adds rsa3072 algorithm
Message-ID: <20220118070952.GA4566@aspeedtech.com>
References: <20211210060100.16521-1-jamin_lin@aspeedtech.com>
 <20211210060100.16521-2-jamin_lin@aspeedtech.com>
 <20220114181400.GA1810710@bill-the-cat>
 <20220118070238.GA4528@aspeedtech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <20220118070238.GA4528@aspeedtech.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Originating-IP: [118.99.190.129]
X-ClientProxiedBy: TWMBX02.aspeed.com (192.168.0.24) To TWMBX02.aspeed.com
 (192.168.0.24)
X-DNSRBL: 
X-MAIL: twspam01.aspeedtech.com 20I738f0005776
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

The 01/18/2022 07:02, Jamin Lin wrote:
> The 01/14/2022 18:14, Tom Rini wrote:
> > On Fri, Dec 10, 2021 at 02:00:55PM +0800, Jamin Lin wrote:
> > 
> > > Add to support rsa 3072 bits algorithm in tools
> > > for image sign at host side and adds rsa 3072 bits
> > > verification in the image binary.
> > > 
> > > Add test case in vboot for sha384 with rsa3072 algorithm testing.
> > > 
> > > Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
> > > ---
> > >  include/u-boot/rsa.h                        |  1 +
> > >  lib/rsa/rsa-verify.c                        |  6 +++
> > >  test/py/tests/test_vboot.py                 | 12 +++++-
> > >  test/py/tests/vboot/sign-configs-sha384.its | 45 +++++++++++++++++++++
> > >  test/py/tests/vboot/sign-images-sha384.its  | 42 +++++++++++++++++++
> > >  tools/image-sig-host.c                      |  7 ++++
> > >  6 files changed, 111 insertions(+), 2 deletions(-)
> > >  create mode 100644 test/py/tests/vboot/sign-configs-sha384.its
> > >  create mode 100644 test/py/tests/vboot/sign-images-sha384.its
> > > 
> > > diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
> > > index 7556aa5b4b..bb56c2243c 100644
> > > --- a/include/u-boot/rsa.h
> > > +++ b/include/u-boot/rsa.h
> > > @@ -110,6 +110,7 @@ int padding_pss_verify(struct image_sign_info *info,
> > >  #define RSA_DEFAULT_PADDING_NAME		"pkcs-1.5"
> > >  
> > >  #define RSA2048_BYTES	(2048 / 8)
> > > +#define RSA3072_BYTES	(3072 / 8)
> > >  #define RSA4096_BYTES	(4096 / 8)
> > >  
> > >  /* This is the minimum/maximum key size we support, in bits */
> > > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> > > index 83f7564101..4fe487d7e5 100644
> > > --- a/lib/rsa/rsa-verify.c
> > > +++ b/lib/rsa/rsa-verify.c
> > > @@ -588,6 +588,12 @@ U_BOOT_CRYPTO_ALGO(rsa2048) = {
> > >  	.verify = rsa_verify,
> > >  };
> > >  
> > > +U_BOOT_CRYPTO_ALGO(rsa3072) = {
> > > +	.name = "rsa3072",
> > > +	.key_len = RSA3072_BYTES,
> > > +	.verify = rsa_verify,
> > > +};
> > > +
> > >  U_BOOT_CRYPTO_ALGO(rsa4096) = {
> > >  	.name = "rsa4096",
> > >  	.key_len = RSA4096_BYTES,
> > > diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py
> > > index 095e00cce3..b080d482af 100644
> > > --- a/test/py/tests/test_vboot.py
> > > +++ b/test/py/tests/test_vboot.py
> > > @@ -45,6 +45,8 @@ TESTDATA = [
> > >      ['sha256-pss-pad', 'sha256', '-pss', '-E -p 0x10000', False, False],
> > >      ['sha256-pss-required', 'sha256', '-pss', None, True, False],
> > >      ['sha256-pss-pad-required', 'sha256', '-pss', '-E -p 0x10000', True, True],
> > > +    ['sha384-basic', 'sha384', '', None, False, False],
> > > +    ['sha384-pad', 'sha384', '', '-E -p 0x10000', False, False],
> > >  ]
> > >  
> > >  @pytest.mark.boardspec('sandbox')
> > > @@ -180,10 +182,16 @@ def test_vboot(u_boot_console, name, sha_algo, padding, sign_options, required,
> > >              name: Name of of the key (e.g. 'dev')
> > >          """
> > >          public_exponent = 65537
> > > +
> > > +        if sha_algo == "sha384":
> > > +            rsa_keygen_bits = 3072
> > > +        else:
> > > +            rsa_keygen_bits = 2048
> > > +
> > >          util.run_and_log(cons, 'openssl genpkey -algorithm RSA -out %s%s.key '
> > > -                     '-pkeyopt rsa_keygen_bits:2048 '
> > > +                     '-pkeyopt rsa_keygen_bits:%d '
> > >                       '-pkeyopt rsa_keygen_pubexp:%d' %
> > > -                     (tmpdir, name, public_exponent))
> > > +                     (tmpdir, name, rsa_keygen_bits, public_exponent))
> > >  
> > >          # Create a certificate containing the public key
> > >          util.run_and_log(cons, 'openssl req -batch -new -x509 -key %s%s.key '
> > > diff --git a/test/py/tests/vboot/sign-configs-sha384.its b/test/py/tests/vboot/sign-configs-sha384.its
> > > new file mode 100644
> > > index 0000000000..2869401991
> > > --- /dev/null
> > > +++ b/test/py/tests/vboot/sign-configs-sha384.its
> > > @@ -0,0 +1,45 @@
> > > +/dts-v1/;
> > > +
> > > +/ {
> > > +	description = "Chrome OS kernel image with one or more FDT blobs";
> > > +	#address-cells = <1>;
> > > +
> > > +	images {
> > > +		kernel {
> > > +			data = /incbin/("test-kernel.bin");
> > > +			type = "kernel_noload";
> > > +			arch = "sandbox";
> > > +			os = "linux";
> > > +			compression = "none";
> > > +			load = <0x4>;
> > > +			entry = <0x8>;
> > > +			kernel-version = <1>;
> > > +			hash-1 {
> > > +				algo = "sha384";
> > > +			};
> > > +		};
> > > +		fdt-1 {
> > > +			description = "snow";
> > > +			data = /incbin/("sandbox-kernel.dtb");
> > > +			type = "flat_dt";
> > > +			arch = "sandbox";
> > > +			compression = "none";
> > > +			fdt-version = <1>;
> > > +			hash-1 {
> > > +				algo = "sha384";
> > > +			};
> > > +		};
> > > +	};
> > > +	configurations {
> > > +		default = "conf-1";
> > > +		conf-1 {
> > > +			kernel = "kernel";
> > > +			fdt = "fdt-1";
> > > +			signature {
> > > +				algo = "sha384,rsa3072";
> > > +				key-name-hint = "dev";
> > > +				sign-images = "fdt", "kernel";
> > > +			};
> > > +		};
> > > +	};
> > > +};
> > > diff --git a/test/py/tests/vboot/sign-images-sha384.its b/test/py/tests/vboot/sign-images-sha384.its
> > > new file mode 100644
> > > index 0000000000..be1a9a653c
> > > --- /dev/null
> > > +++ b/test/py/tests/vboot/sign-images-sha384.its
> > > @@ -0,0 +1,42 @@
> > > +/dts-v1/;
> > > +
> > > +/ {
> > > +	description = "Chrome OS kernel image with one or more FDT blobs";
> > > +	#address-cells = <1>;
> > > +
> > > +	images {
> > > +		kernel {
> > > +			data = /incbin/("test-kernel.bin");
> > > +			type = "kernel_noload";
> > > +			arch = "sandbox";
> > > +			os = "linux";
> > > +			compression = "none";
> > > +			load = <0x4>;
> > > +			entry = <0x8>;
> > > +			kernel-version = <1>;
> > > +			signature {
> > > +				algo = "sha384,rsa3072";
> > > +				key-name-hint = "dev";
> > > +			};
> > > +		};
> > > +		fdt-1 {
> > > +			description = "snow";
> > > +			data = /incbin/("sandbox-kernel.dtb");
> > > +			type = "flat_dt";
> > > +			arch = "sandbox";
> > > +			compression = "none";
> > > +			fdt-version = <1>;
> > > +			signature {
> > > +				algo = "sha384,rsa3072";
> > > +				key-name-hint = "dev";
> > > +			};
> > > +		};
> > > +	};
> > > +	configurations {
> > > +		default = "conf-1";
> > > +		conf-1 {
> > > +			kernel = "kernel";
> > > +			fdt = "fdt-1";
> > > +		};
> > > +	};
> > > +};
> > > diff --git a/tools/image-sig-host.c b/tools/image-sig-host.c
> > > index 8ed6998dab..d0133aec4c 100644
> > > --- a/tools/image-sig-host.c
> > > +++ b/tools/image-sig-host.c
> > > @@ -55,6 +55,13 @@ struct crypto_algo crypto_algos[] = {
> > >  		.add_verify_data = rsa_add_verify_data,
> > >  		.verify = rsa_verify,
> > >  	},
> > > +	{
> > > +		.name = "rsa3072",
> > > +		.key_len = RSA3072_BYTES,
> > > +		.sign = rsa_sign,
> > > +		.add_verify_data = rsa_add_verify_data,
> > > +		.verify = rsa_verify,
> > > +	},
> > >  	{
> > >  		.name = "rsa4096",
> > >  		.key_len = RSA4096_BYTES,
> > 
> > With current master these tests run and fail:
> > https://source.denx.de/u-boot/u-boot/-/jobs/376757 (and also fail for me
> > when running locally), please re-check and resubmit, thanks.
> > 
> > -- 
> > Tom
> 
> Hi Tom,
> Thanks for review.
> I noticed that the latest version of u-boot test vboot failed for sha384.
> So far, u-boot support sha256, sha384 and sha512 for hash algorithm.
> And supports RSA 2048 and 4096 bits.
> 
> I tried to add test cases in test_vboot.py but I encountered verified failed issue
> only if hash algorithm was "sha384"
> 
> For example:
> I created two test files which were sign-images-sha384.its and sign-configs-sha384.its and
> placed them here, https://source.denx.de/u-boot/u-boot/-/tree/master/test/py/tests/vboot 
> The contents of both files were very similar sign-images-sha256.its and sign-images-sha256.its.
> The difference was that I modified to use sha384 with RSA 2048.
> I tested sha256/rsa2048, sha256/rsa512 pass but failed in sha384.
Sorry for typo, sha512/rsa4096
> Do you have any idea or could you please give any suggestion?
> Could you please help me to check this issue?
> 
> https://source.denx.de/u-boot/u-boot/-/jobs/376757 
> The CI showed incorrect hash data for sha384.
> My local got the same test result
> Thanks-Jamin
> 
> ## Loading kernel from FIT Image at 00000100 ...
>    Using 'conf-1' configuration
>    Verifying Hash Integrity ... OK
>    Trying 'kernel' kernel subimage
>      Description:  unavailable
>      Created:      2022-01-18   6:39:31 UTC
>      Type:         Kernel Image (no loading done)
>      Compression:  uncompressed
>      Data Start:   0x000001c4
>      Data Size:    500 Bytes = 500 Bytes
>      Sign algo:    sha384,rsa2048:dev
>      Sign value:   2cf3105d0f3d455f3c234b817279af7091a89e7f4f33df0acb03ebb04405606d2bd8bd612cf17d1932c8fe142a8f7ccdd952245497c5b98cbaa4b7ffda06a5802db5da8d32b9111c9a3ed6587b5bb1eb9eb4665af5da317d19fefa471c6a5ee596340921923102f622b850738061aeab11fdf8387312e610b41a7b62e491c30e22a64177020a7df0f09e08211a66b61fb04763cd447d08459b82f19baa226b3e6f40f29ee28edd001d2d5a23549834aaf83160a0cd73285836d3e2fe039b22371bd313989e5a47329d046054c043944a451bf2b5046ff14869121c2bcc1f7e3029d7bdfc5f488e76584234631c91627a1203834051e7e6dc11f5d210501a5467
>      Timestamp:    2022-01-18   6:39:32 UTC
>    Verifying Hash Integrity ... sha384,rsa2048:dev- Failed to verify required signature 'key-dev'
>  error!
> Unable to verify required signature for '' hash node in 'kernel' image node
> Bad Data Hash
> ERROR: can't get kernel image!
> 
> 
> My test data:
> /dts-v1/;
> 
> / {
> 	description = "Chrome OS kernel image with one or more FDT blobs";
> 	#address-cells = <1>;
> 
> 	images {
> 		kernel {
> 			data = /incbin/("test-kernel.bin");
> 			type = "kernel_noload";
> 			arch = "sandbox";
> 			os = "linux";
> 			compression = "none";
> 			load = <0x4>;
> 			entry = <0x8>;
> 			kernel-version = <1>;
> 			signature {
> 				algo = "sha384,rsa2048";
> 				key-name-hint = "dev";
> 			};
> 		};
> 		fdt-1 {
> 			description = "snow";
> 			data = /incbin/("sandbox-kernel.dtb");
> 			type = "flat_dt";
> 			arch = "sandbox";
> 			compression = "none";
> 			fdt-version = <1>;
> 			signature {
> 				algo = "sha384,rsa2048";
> 				key-name-hint = "dev";
> 			};
> 		};
> 	};
> 	configurations {
> 		default = "conf-1";
> 		conf-1 {
> 			kernel = "kernel";
> 			fdt = "fdt-1";
> 		};
> 	};
> };
>