From mboxrd@z Thu Jan 1 00:00:00 1970 From: Heiko Schocher Date: Mon, 27 Jan 2014 07:45:23 +0100 Subject: [U-Boot] [PATCH 4/7] rsa: add sha256-rsa2048 algorithm In-Reply-To: References: <1390632269-8971-1-git-send-email-hs@denx.de> <1390632269-8971-5-git-send-email-hs@denx.de> Message-ID: <52E60083.2070303@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hello Simon, Am 26.01.2014 22:10, schrieb Simon Glass: > Hi Heiko, > > On 24 January 2014 23:44, Heiko Schocher wrote: >> based on patch from andreas at oetken.name: >> >> http://patchwork.ozlabs.org/patch/294318/ > > Should probably add the full commit message in here. Ok, do this in v2. >> - removed checkpatch warnings >> - removed compiler warnings >> - rebased against current head >> >> Signed-off-by: Heiko Schocher >> Cc: Simon Glass >> Cc: andreas at oetken.name >> --- >> common/image-sig.c | 33 +++++++++++++++++ >> include/image.h | 21 +++++++++++ >> include/rsa-checksum.h | 25 +++++++++++++ >> include/rsa.h | 25 +++++++++++++ >> lib/rsa/Makefile | 2 +- >> lib/rsa/rsa-checksum.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++ >> lib/rsa/rsa-sign.c | 10 +++--- >> lib/rsa/rsa-verify.c | 83 +++++++++++++----------------------------- >> 8 files changed, 233 insertions(+), 64 deletions(-) >> create mode 100644 include/rsa-checksum.h >> create mode 100644 lib/rsa/rsa-checksum.c [...] >> diff --git a/include/rsa.h b/include/rsa.h >> index add4c78..adf809b 100644 >> --- a/include/rsa.h >> +++ b/include/rsa.h >> @@ -15,6 +15,20 @@ >> #include >> #include >> >> +/** >> + * struct rsa_public_key - holder for a public key >> + * >> + * An RSA public key consists of a modulus (typically called N), the inverse >> + * and R^2, where R is 2^(# key bits). >> + */ >> + >> +struct rsa_public_key { >> + uint len; /* Length of modulus[] in number of uint32_t */ >> + uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ >> + uint32_t *modulus; /* modulus as little endian array */ >> + uint32_t *rr; /* R^2 as little endian array */ >> +}; >> + >> #if IMAGE_ENABLE_SIGN >> /** >> * sign() - calculate and return signature for given input data >> @@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info, >> int rsa_verify(struct image_sign_info *info, >> const struct image_region region[], int region_count, >> uint8_t *sig, uint sig_len); >> + >> +int rsa_verify_256(struct image_sign_info *info, >> + const struct image_region region[], int region_count, >> + uint8_t *sig, uint sig_len); > > Do we need to create this as a separate function? It seems a bit icky. > Can rsa_verify() not handle both? Good catch! I never defined rsa_verify_256(), remove this in v2. >> #else >> static inline int rsa_verify(struct image_sign_info *info, >> const struct image_region region[], int region_count, >> @@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info *info, >> { >> return -ENXIO; >> } >> + >> +static inline int rsa_verify_256(struct image_sign_info *info, >> + const struct image_region region[], int region_count, >> + uint8_t *sig, uint sig_len) >> +{ >> + return -ENXIO; >> +} >> #endif >> >> #endif [...] > Also can you please update the tests to include a sha256 test? You mean the "test/vboot/vboot_test.sh" ? bye, Heiko -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany