From patchwork Thu Nov 21 00:11:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1198591 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="i2nUNIi/"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 47JKjM2hGSz9sPJ for ; Thu, 21 Nov 2019 11:11:19 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id BCBB3C21EF2; Thu, 21 Nov 2019 00:11:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D452FC21EFC; Thu, 21 Nov 2019 00:11:04 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A3ABCC21DA2; Thu, 21 Nov 2019 00:10:59 +0000 (UTC) Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by lists.denx.de (Postfix) with ESMTPS id 6B67CC21F4D for ; Thu, 21 Nov 2019 00:10:59 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id x28so644941pfo.6 for ; Wed, 20 Nov 2019 16:10:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=boRnU9X8uf1Eje8mKY4cvOFGwdm+dqvo7ZRlAvmIyQk=; b=i2nUNIi/5a8oTHVjXiZnTcbdwhjPVWmqdCDFpuMQoX81a4E1S5L9/HibMPQ8VrIZWz rcWVGKQM4WJXC7xc2smouOkgricA6kcYbCO0AQ7f8JipydTOgNGMNqfIIoRcqjeBpu6e t9Cm0DDtllNiG8dVm7RRM/Dzwb1PnA8jPGRgrMRYVkAd5rIVR2Hc4o/jyiL7WOtI9f+K SWdCP0zZ1i6bHJ5z9O9tWxtr+IK5S/FvrE/aevNLVto5DEpW/Y5uRwIQpN5QiQsT71Ie w/xa5wkyCxC/hcAEcsrKA2ICzJUNMfIPX/p2kS/BxnSUeVbWPDR+SxjJC2CFckarKo/u L7gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=boRnU9X8uf1Eje8mKY4cvOFGwdm+dqvo7ZRlAvmIyQk=; b=qn0ofjCBEd0cowgrjC1qhvSkTLCqiLM8ZEkbgSB1lhRUeF6uWqYeq6/B6JP+hJGxtu pZMEu31x70jCcbKMikw8IS7uEuAOzqyvu8dsgKySF2rJguCVMUyzf+LvVbGjOFKeHJGO h+clj6Soc1hbXme1+qf1SaP3kpfXMKO2/k9PvufE1sIFiF0ngYCqRkGByPQp8FEgtnIJ jyIkiAqxq+WRlMokOLg0TkL2P1X9/jTimQwIFDnEjY1fJsSAze18wxCOAmqmQ9s6vzsL wJtVOaXGNaosN56yDRtp5Ao0PYc1iNA7wiGzFnvWP1usnYGrrtrORVHJXRZOZmGDGMLY +V5A== X-Gm-Message-State: APjAAAV6tegWnTwKaFWPgK3B2NKMGk/fy4mtBgxImzyZWqdx7cCCIhsg j3sim7ldHn6TZ4l9EA3La7RoAQ== X-Google-Smtp-Source: APXvYqx7oIsWnF0OrOuFb5yY4mbsI4Y5qzqjkAPBK6a51gyKiFCCd+MtQHBX9z9qEdwB2qCmvlTHsw== X-Received: by 2002:a63:6b03:: with SMTP id g3mr5706337pgc.199.1574295058048; Wed, 20 Nov 2019 16:10:58 -0800 (PST) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id v19sm384033pjr.14.2019.11.20.16.10.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Nov 2019 16:10:57 -0800 (PST) From: AKASHI Takahiro To: trini@konsulko.com, sjg@chromium.org, xypron.glpk@gmx.de, agraf@csgraf.de Date: Thu, 21 Nov 2019 09:11:17 +0900 Message-Id: <20191121001121.21854-3-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191121001121.21854-1-takahiro.akashi@linaro.org> References: <20191121001121.21854-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 Cc: u-boot@lists.denx.de, mail@patrick-wildt.de Subject: [U-Boot] [PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro Reviewed-by: Simon Glass --- lib/rsa/Kconfig | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 03ffa2969048..71e4c06bf883 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -30,6 +30,20 @@ config RSA_VERIFY help Add RSA signature verification support. +config RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT" + depends on RSA + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM