diff options
| author | Heiko Schocher <hs@denx.de> | 2014-03-03 12:19:26 +0100 |
|---|---|---|
| committer | Tom Rini <trini@ti.com> | 2014-03-21 16:39:34 -0400 |
| commit | 646257d1f4004855d486024527a4784bf57c4c4d (patch) | |
| tree | a16c9627f823bcb68606b621fe9ff2fe493f90ed /include | |
| parent | 2842c1c24269a05142802d25520e7cb9035e456c (diff) | |
| download | talos-obmc-uboot-646257d1f4004855d486024527a4784bf57c4c4d.tar.gz talos-obmc-uboot-646257d1f4004855d486024527a4784bf57c4c4d.zip | |
rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.
aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/image.h | 21 | ||||
| -rw-r--r-- | include/rsa-checksum.h | 23 | ||||
| -rw-r--r-- | include/rsa.h | 14 |
3 files changed, 58 insertions, 0 deletions
diff --git a/include/image.h b/include/image.h index 52969aa653..44b2b469b0 100644 --- a/include/image.h +++ b/include/image.h @@ -833,6 +833,7 @@ int calculate_hash(const void *data, int data_len, const char *algo, # ifdef USE_HOSTCC # define IMAGE_ENABLE_SIGN 1 # define IMAGE_ENABLE_VERIFY 0 +# include <openssl/evp.h> #else # define IMAGE_ENABLE_SIGN 0 # define IMAGE_ENABLE_VERIFY 1 @@ -872,6 +873,23 @@ struct image_region { int size; }; +#if IMAGE_ENABLE_VERIFY +# include <rsa-checksum.h> +#endif +struct checksum_algo { + const char *name; + const int checksum_len; +#if IMAGE_ENABLE_SIGN + const EVP_MD *(*calculate)(void); +#else +#if IMAGE_ENABLE_VERIFY + void (*calculate)(const struct image_region region[], + int region_count, uint8_t *checksum); + const uint8_t *rsa_padding; +#endif +#endif +}; + struct image_sig_algo { const char *name; /* Name of algorithm */ @@ -922,6 +940,9 @@ struct image_sig_algo { int (*verify)(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len); + + /* pointer to checksum algorithm */ + struct checksum_algo *checksum; }; /** diff --git a/include/rsa-checksum.h b/include/rsa-checksum.h new file mode 100644 index 0000000000..850b253753 --- /dev/null +++ b/include/rsa-checksum.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2013, Andreas Oetken. + * + * SPDX-License-Identifier: GPL-2.0+ +*/ + +#ifndef _RSA_CHECKSUM_H +#define _RSA_CHECKSUM_H + +#include <errno.h> +#include <image.h> +#include <sha1.h> +#include <sha256.h> + +extern const uint8_t padding_sha256_rsa2048[]; +extern const uint8_t padding_sha1_rsa2048[]; + +void sha256_calculate(const struct image_region region[], int region_count, + uint8_t *checksum); +void sha1_calculate(const struct image_region region[], int region_count, + uint8_t *checksum); + +#endif diff --git a/include/rsa.h b/include/rsa.h index add4c789f3..e9ae870622 100644 --- a/include/rsa.h +++ b/include/rsa.h @@ -15,6 +15,20 @@ #include <errno.h> #include <image.h> +/** + * struct rsa_public_key - holder for a public key + * + * An RSA public key consists of a modulus (typically called N), the inverse + * and R^2, where R is 2^(# key bits). + */ + +struct rsa_public_key { + uint len; /* len of modulus[] in number of uint32_t */ + uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ + uint32_t *modulus; /* modulus as little endian array */ + uint32_t *rr; /* R^2 as little endian array */ +}; + #if IMAGE_ENABLE_SIGN /** * sign() - calculate and return signature for given input data |
