From e0f2f15534146729fdf2ce58b740121fd67eea1c Mon Sep 17 00:00:00 2001
From: Michael van der Westhuizen <michael@smart-africa.com>
Date: Wed, 2 Jul 2014 10:17:26 +0200
Subject: Implement generalised RSA public exponents for verified boot

Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4).  This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>
---
 include/u-boot/rsa.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/u-boot')

diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 325751ab7e..fd08a617fb 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -27,6 +27,7 @@ struct rsa_public_key {
 	uint32_t n0inv;		/* -1 / modulus[0] mod 2^32 */
 	uint32_t *modulus;	/* modulus as little endian array */
 	uint32_t *rr;		/* R^2 as little endian array */
+	uint64_t exponent;	/* public exponent */
 };
 
 #if IMAGE_ENABLE_SIGN
-- 
cgit v1.2.1