From patchwork Thu Oct 25 09:29:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 988975 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42ghfq0PjQz9sBk for ; Thu, 25 Oct 2018 20:29:54 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 9FA1EC21FCB; Thu, 25 Oct 2018 09:29:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id BC943C21F1B; Thu, 25 Oct 2018 09:29:46 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5540FC21F2F; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) by lists.denx.de (Postfix) with ESMTPS id E94C7C21EE4 for ; Thu, 25 Oct 2018 09:29:44 +0000 (UTC) Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id 8389151F35; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id EEFF91604DE; Thu, 25 Oct 2018 11:29:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at mtaout20.int.yaziba.net Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id hXlBSy7ZqBz3; Thu, 25 Oct 2018 11:29:43 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id A715D16020E; Thu, 25 Oct 2018 11:29:43 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, michal.simek@xilinx.com, joe.hershberger@ni.com, marex@denx.de, yamada.masahiro@socionext.com, aford173@gmail.com, woods.technical@gmail.com, teddy.reed@gmail.com, jun.nie@linaro.org, peron.clem@gmail.com, peng.fan@nxp.com, keguang.zhang@gmail.com, andre.przywara@arm.com, philipp.tomsich@theobroma-systems.com, bin.chen@linaro.org, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, paul.burton@mips.com, alex.kiernan@gmail.com Date: Thu, 25 Oct 2018 11:29:31 +0200 Message-Id: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 X-DRWEB-SCAN: ok X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrgeelgdduiecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecukfhppedugeelrdeirdduieeirddujedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH V2 1/6] rsa: use new openssl API to create signature X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Previous implementation of the rsa signature was using the openssl API EVP_Sign*, but the new openssl API EVP_DigestSign* is more flexible. So we move to this new API. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- lib/rsa/rsa-sign.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) Changelog: v2: - no change diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 05ac67b..78e348e 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -393,7 +393,8 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, { EVP_PKEY *key; EVP_MD_CTX *context; - int size, ret = 0; + int ret = 0; + size_t size; uint8_t *sig; int i; @@ -409,7 +410,7 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, size = EVP_PKEY_size(key); sig = malloc(size); if (!sig) { - fprintf(stderr, "Out of memory for signature (%d bytes)\n", + fprintf(stderr, "Out of memory for signature (%zu bytes)\n", size); ret = -ENOMEM; goto err_alloc; @@ -421,22 +422,26 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, goto err_create; } EVP_MD_CTX_init(context); - if (!EVP_SignInit(context, checksum_algo->calculate_sign())) { + if (EVP_DigestSignInit(context, NULL, + checksum_algo->calculate_sign(), + NULL, key) <= 0) { ret = rsa_err("Signer setup failed"); goto err_sign; } for (i = 0; i < region_count; i++) { - if (!EVP_SignUpdate(context, region[i].data, region[i].size)) { + if (!EVP_DigestSignUpdate(context, region[i].data, + region[i].size)) { ret = rsa_err("Signing data failed"); goto err_sign; } } - if (!EVP_SignFinal(context, sig, sig_size, key)) { + if (!EVP_DigestSignFinal(context, sig, &size)) { ret = rsa_err("Could not obtain signature"); goto err_sign; } + #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL) EVP_MD_CTX_cleanup(context); @@ -446,7 +451,7 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, EVP_MD_CTX_destroy(context); EVP_PKEY_free(key); - debug("Got signature: %d bytes, expected %d\n", *sig_size, size); + debug("Got signature: %d bytes, expected %zu\n", *sig_size, size); *sigp = sig; *sig_size = size; From patchwork Thu Oct 25 09:29:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 988977 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42ghj746hnz9sBk for ; Thu, 25 Oct 2018 20:31:55 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 98ADCC21F1B; Thu, 25 Oct 2018 09:30:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 854E7C21FB8; Thu, 25 Oct 2018 09:29:48 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9CBB7C21F2F; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) by lists.denx.de (Postfix) with ESMTPS id 4E707C21F2A for ; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id A130151F47; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id 1EB831604E4; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at mtaout20.int.yaziba.net Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id jK-PRj3QqNU7; Thu, 25 Oct 2018 11:29:43 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id DA72F1604DB; Thu, 25 Oct 2018 11:29:43 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, michal.simek@xilinx.com, joe.hershberger@ni.com, marex@denx.de, yamada.masahiro@socionext.com, aford173@gmail.com, woods.technical@gmail.com, teddy.reed@gmail.com, jun.nie@linaro.org, peron.clem@gmail.com, peng.fan@nxp.com, keguang.zhang@gmail.com, andre.przywara@arm.com, philipp.tomsich@theobroma-systems.com, bin.chen@linaro.org, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, paul.burton@mips.com, alex.kiernan@gmail.com Date: Thu, 25 Oct 2018 11:29:32 +0200 Message-Id: <1540459776-1935-2-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> References: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> X-DRWEB-SCAN: ok X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrgeelgdduiecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecukfhppedugeelrdeirdduieeirddujedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH V2 2/6] rsa: add a structure for the padding X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- common/image-fit.c | 5 +++++ common/image-sig.c | 29 ++++++++++++++++++++++++++ include/image.h | 16 +++++++++++++++ include/u-boot/rsa.h | 13 ++++++++++++ lib/rsa/rsa-sign.c | 15 +++++++++++--- lib/rsa/rsa-verify.c | 57 ++++++++++++++++++++++++++++++++++------------------ tools/image-host.c | 4 ++++ 7 files changed, 116 insertions(+), 23 deletions(-) Changelog: v2: - no change diff --git a/common/image-fit.c b/common/image-fit.c index 8d39a24..ac901e1 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -165,6 +165,7 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, uint8_t *value; int value_len; char *algo; + const char *padding; int required; int ret, i; @@ -184,6 +185,10 @@ static void fit_image_print_data(const void *fit, int noffset, const char *p, printf(" (required)"); printf("\n"); + padding = fdt_getprop(fit, noffset, "padding", NULL); + if (padding) + printf("%s %s padding: %s\n", p, type, padding); + ret = fit_image_hash_get_value(fit, noffset, &value, &value_len); printf("%s %s value: ", p, type); diff --git a/common/image-sig.c b/common/image-sig.c index 5a269d3..b7ca657 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -71,6 +71,13 @@ struct crypto_algo crypto_algos[] = { }; +struct padding_algo padding_algos[] = { + { + .name = "pkcs-1.5", + .verify = padding_pkcs_15_verify, + }, +}; + struct checksum_algo *image_get_checksum_algo(const char *full_name) { int i; @@ -106,6 +113,21 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name) return NULL; } +struct padding_algo *image_get_padding_algo(const char *name) +{ + int i; + + if (!name) + return NULL; + + for (i = 0; i < ARRAY_SIZE(padding_algos); i++) { + if (!strcmp(padding_algos[i].name, name)) + return &padding_algos[i]; + } + + return NULL; +} + /** * fit_region_make_list() - Make a list of image regions * @@ -155,6 +177,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, char **err_msgp) { char *algo_name; + const char *padding_name; if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) { *err_msgp = "Total size too large"; @@ -165,6 +188,11 @@ static int fit_image_setup_verify(struct image_sign_info *info, *err_msgp = "Can't get hash algo property"; return -1; } + + padding_name = fdt_getprop(fit, noffset, "padding", NULL); + if (!padding_name) + padding_name = RSA_DEFAULT_PADDING_NAME; + memset(info, '\0', sizeof(*info)); info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); info->fit = (void *)fit; @@ -172,6 +200,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, info->name = algo_name; info->checksum = image_get_checksum_algo(algo_name); info->crypto = image_get_crypto_algo(algo_name); + info->padding = image_get_padding_algo(padding_name); info->fdt_blob = gd_fdt_blob(); info->required_keynode = required_keynode; printf("%s:%s", algo_name, info->keyname); diff --git a/include/image.h b/include/image.h index 3bb7d29..5c8154e 100644 --- a/include/image.h +++ b/include/image.h @@ -1099,6 +1099,7 @@ struct image_sign_info { int node_offset; /* Offset of signature node */ const char *name; /* Algorithm name */ struct checksum_algo *checksum; /* Checksum algorithm information */ + struct padding_algo *padding; /* Padding algorithm information */ struct crypto_algo *crypto; /* Crypto algorithm information */ const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ @@ -1184,6 +1185,13 @@ struct crypto_algo { uint8_t *sig, uint sig_len); }; +struct padding_algo { + const char *name; + int (*verify)(struct image_sign_info *info, + uint8_t *pad, int pad_len, + const uint8_t *hash, int hash_len); +}; + /** * image_get_checksum_algo() - Look up a checksum algorithm * @@ -1201,6 +1209,14 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name); struct crypto_algo *image_get_crypto_algo(const char *full_name); /** + * image_get_padding_algo() - Look up a padding algorithm + * + * @param name Name of padding algorithm + * @return pointer to algorithm information, or NULL if not found + */ +struct padding_algo *image_get_padding_algo(const char *name); + +/** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * * @fit: FIT to check diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index 68bcb14..16b4c4c 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -97,6 +97,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info, int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len); + +int padding_pkcs_15_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len); #else static inline int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, @@ -104,8 +108,17 @@ static inline int rsa_verify(struct image_sign_info *info, { return -ENXIO; } + +static inline int padding_pkcs_15_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len) +{ + return -ENXIO; +} #endif +#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5" + #define RSA2048_BYTES (2048 / 8) #define RSA4096_BYTES (4096 / 8) diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 78e348e..6aa0e2a 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -387,11 +387,13 @@ static void rsa_engine_remove(ENGINE *e) } } -static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, +static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo, + struct checksum_algo *checksum_algo, const struct image_region region[], int region_count, uint8_t **sigp, uint *sig_size) { EVP_PKEY *key; + EVP_PKEY_CTX *ckey; EVP_MD_CTX *context; int ret = 0; size_t size; @@ -422,7 +424,14 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, goto err_create; } EVP_MD_CTX_init(context); - if (EVP_DigestSignInit(context, NULL, + + ckey = EVP_PKEY_CTX_new(key, NULL); + if (!ckey) { + ret = rsa_err("EVP key context creation failed"); + goto err_create; + } + + if (EVP_DigestSignInit(context, &ckey, checksum_algo->calculate_sign(), NULL, key) <= 0) { ret = rsa_err("Signer setup failed"); @@ -488,7 +497,7 @@ int rsa_sign(struct image_sign_info *info, ret = rsa_get_priv_key(info->keydir, info->keyname, e, &rsa); if (ret) goto err_priv; - ret = rsa_sign_with_key(rsa, info->checksum, region, + ret = rsa_sign_with_key(rsa, info->padding, info->checksum, region, region_count, sigp, sig_len); if (ret) goto err_sign; diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index bc83354..279a9ba 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -57,31 +57,57 @@ static int rsa_verify_padding(const uint8_t *msg, const int pad_len, return ret; } +int padding_pkcs_15_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len) +{ + struct checksum_algo *checksum = info->checksum; + int ret, pad_len = msg_len - checksum->checksum_len; + + /* Check pkcs1.5 padding bytes. */ + ret = rsa_verify_padding(msg, pad_len, checksum); + if (ret) { + debug("In RSAVerify(): Padding check failed!\n"); + return -EINVAL; + } + + /* Check hash. */ + if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) { + debug("In RSAVerify(): Hash check failed!\n"); + return -EACCES; + } + + return 0; +} + /** * rsa_verify_key() - Verify a signature against some data using RSA Key * * Verify a RSA PKCS1.5 signature against an expected hash using * the RSA Key properties in prop structure. * + * @info: Specifies key and FIT information * @prop: Specifies key * @sig: Signature * @sig_len: Number of bytes in signature * @hash: Pointer to the expected hash * @key_len: Number of bytes in rsa key - * @algo: Checksum algo structure having information on DER encoding etc. * @return 0 if verified, -ve on error */ -static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, +static int rsa_verify_key(struct image_sign_info *info, + struct key_prop *prop, const uint8_t *sig, const uint32_t sig_len, const uint8_t *hash, - const uint32_t key_len, struct checksum_algo *algo) + const uint32_t key_len) { - int pad_len; int ret; #if !defined(USE_HOSTCC) struct udevice *mod_exp_dev; #endif + struct checksum_algo *checksum = info->checksum; + struct padding_algo *padding = info->padding; + int hash_len = checksum->checksum_len; - if (!prop || !sig || !hash || !algo) + if (!prop || !sig || !hash || !checksum) return -EIO; if (sig_len != (prop->num_bits / 8)) { @@ -89,7 +115,7 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, return -EINVAL; } - debug("Checksum algorithm: %s", algo->name); + debug("Checksum algorithm: %s", checksum->name); /* Sanity check for stack size */ if (sig_len > RSA_MAX_SIG_BITS / 8) { @@ -116,19 +142,10 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, return ret; } - pad_len = key_len - algo->checksum_len; - - /* Check pkcs1.5 padding bytes. */ - ret = rsa_verify_padding(buf, pad_len, algo); + ret = padding->verify(info, buf, key_len, hash, hash_len); if (ret) { - debug("In RSAVerify(): Padding check failed!\n"); - return -EINVAL; - } - - /* Check hash. */ - if (memcmp((uint8_t *)buf + pad_len, hash, sig_len - pad_len)) { - debug("In RSAVerify(): Hash check failed!\n"); - return -EACCES; + debug("In RSAVerify(): padding check failed!\n"); + return ret; } return 0; @@ -182,8 +199,8 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, return -EFAULT; } - ret = rsa_verify_key(&prop, sig, sig_len, hash, - info->crypto->key_len, info->checksum); + ret = rsa_verify_key(info, &prop, sig, sig_len, hash, + info->crypto->key_len); return ret; } diff --git a/tools/image-host.c b/tools/image-host.c index 09e4f47..88b3295 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -157,6 +157,7 @@ static int fit_image_setup_sig(struct image_sign_info *info, { const char *node_name; char *algo_name; + const char *padding_name; node_name = fit_get_name(fit, noffset, NULL); if (fit_image_hash_get_algo(fit, noffset, &algo_name)) { @@ -165,6 +166,8 @@ static int fit_image_setup_sig(struct image_sign_info *info, return -1; } + padding_name = fdt_getprop(fit, noffset, "padding", NULL); + memset(info, '\0', sizeof(*info)); info->keydir = keydir; info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); @@ -173,6 +176,7 @@ static int fit_image_setup_sig(struct image_sign_info *info, info->name = strdup(algo_name); info->checksum = image_get_checksum_algo(algo_name); info->crypto = image_get_crypto_algo(algo_name); + info->padding = image_get_padding_algo(padding_name); info->require_keys = require_keys; info->engine_id = engine_id; if (!info->checksum || !info->crypto) { From patchwork Thu Oct 25 09:29:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 988976 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42ghgQ1yxQz9sBk for ; Thu, 25 Oct 2018 20:30:26 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id CB961C21FC5; Thu, 25 Oct 2018 09:30:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 9D153C21F76; Thu, 25 Oct 2018 09:29:47 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 8C81BC21EE4; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) by lists.denx.de (Postfix) with ESMTPS id 2371FC21F1B for ; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id A10A851F42; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id 38E181604EB; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at mtaout20.int.yaziba.net Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id OYUq1fijcNmZ; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id 016D41604E1; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, michal.simek@xilinx.com, joe.hershberger@ni.com, marex@denx.de, yamada.masahiro@socionext.com, aford173@gmail.com, woods.technical@gmail.com, teddy.reed@gmail.com, jun.nie@linaro.org, peron.clem@gmail.com, peng.fan@nxp.com, keguang.zhang@gmail.com, andre.przywara@arm.com, philipp.tomsich@theobroma-systems.com, bin.chen@linaro.org, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, paul.burton@mips.com, alex.kiernan@gmail.com Date: Thu, 25 Oct 2018 11:29:33 +0200 Message-Id: <1540459776-1935-3-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> References: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> X-DRWEB-SCAN: ok X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrgeelgdduiecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecuffhomhgrihhnpehivghtfhdrohhrghenucfkphepudegledriedrudeiiedrudejtdenucfrrghrrghmpehmohguvgepshhmthhpohhuth X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH V2 3/6] rsa: add support of padding pss X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- Kconfig | 8 +++ common/image-sig.c | 6 ++ include/image.h | 1 + include/u-boot/rsa.h | 15 ++++ lib/rsa/rsa-sign.c | 10 +++ lib/rsa/rsa-verify.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 230 insertions(+) Changelog: v2: - add a Kconfig option (thanks Simon Glass) - some code cleaning (thanks Simon Glass) diff --git a/Kconfig b/Kconfig index dca9bb4..3120553 100644 --- a/Kconfig +++ b/Kconfig @@ -290,6 +290,14 @@ config FIT_SIGNATURE_MAX_SIZE device memory. Assure this size does not extend past expected storage space. +config FIT_ENABLE_RSASSA_PSS_SUPPORT + bool "Support rsassa-pss signature scheme of FIT image contents" + depends on FIT_SIGNATURE + default n + help + Enable this to support the pss padding algorithm as described + in the rfc8017 (https://tools.ietf.org/html/rfc8017). + config FIT_VERBOSE bool "Show verbose messages when FIT images fail" help diff --git a/common/image-sig.c b/common/image-sig.c index b7ca657..f5ce3b2 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -76,6 +76,12 @@ struct padding_algo padding_algos[] = { .name = "pkcs-1.5", .verify = padding_pkcs_15_verify, }, +#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT + { + .name = "pss", + .verify = padding_pss_verify, + } +#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ }; struct checksum_algo *image_get_checksum_algo(const char *full_name) diff --git a/include/image.h b/include/image.h index 5c8154e..ac4ec59 100644 --- a/include/image.h +++ b/include/image.h @@ -30,6 +30,7 @@ struct fdt_region; #define IMAGE_ENABLE_FIT 1 #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ +#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1 #define CONFIG_FIT_ENABLE_SHA256_SUPPORT #define CONFIG_SHA1 #define CONFIG_SHA256 diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index 16b4c4c..2d3024d 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -101,6 +101,12 @@ int rsa_verify(struct image_sign_info *info, int padding_pkcs_15_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); + +#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT +int padding_pss_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len); +#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ #else static inline int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, @@ -115,6 +121,15 @@ static inline int padding_pkcs_15_verify(struct image_sign_info *info, { return -ENXIO; } + +#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT +static inline int padding_pss_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len) +{ + return -ENXIO; +} +#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ #endif #define RSA_DEFAULT_PADDING_NAME "pkcs-1.5" diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 6aa0e2a..fb5e07b 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -438,6 +438,16 @@ static int rsa_sign_with_key(RSA *rsa, struct padding_algo *padding_algo, goto err_sign; } +#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT + if (padding_algo && !strcmp(padding_algo->name, "pss")) { + if (EVP_PKEY_CTX_set_rsa_padding(ckey, + RSA_PKCS1_PSS_PADDING) <= 0) { + ret = rsa_err("Signer padding setup failed"); + goto err_sign; + } + } +#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ + for (i = 0; i < region_count; i++) { if (!EVP_DigestSignUpdate(context, region[i].data, region[i].size)) { diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 279a9ba..9734f6d 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -80,6 +80,196 @@ int padding_pkcs_15_verify(struct image_sign_info *info, return 0; } +#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT +static void u32_i2osp(uint32_t val, uint8_t *buf) +{ + buf[0] = (uint8_t)((val >> 24) & 0xff); + buf[1] = (uint8_t)((val >> 16) & 0xff); + buf[2] = (uint8_t)((val >> 8) & 0xff); + buf[3] = (uint8_t)((val >> 0) & 0xff); +} + +/** + * mask_generation_function1() - generate an octet string + * + * Generate an octet string used to check rsa signature. + * It use an input octet string and a hash function. + * + * @checksum: A Hash function + * @seed: Specifies an input variable octet string + * @seed_len: Size of the input octet string + * @output: Specifies the output octet string + * @output_len: Size of the output octet string + * @return 0 if the octet string was correctly generated, others on error + */ +static int mask_generation_function1(struct checksum_algo *checksum, + uint8_t *seed, int seed_len, + uint8_t *output, int output_len) +{ + struct image_region region[2]; + int ret = 0, i, i_output = 0, region_count = 2; + uint32_t counter = 0; + uint8_t buf_counter[4], *tmp; + int hash_len = checksum->checksum_len; + + memset(output, 0, output_len); + + region[0].data = seed; + region[0].size = seed_len; + region[1].data = &buf_counter[0]; + region[1].size = 4; + + tmp = malloc(hash_len); + if (!tmp) { + debug("%s: can't allocate array tmp\n", __func__); + ret = -ENOMEM; + goto out; + } + + while (i_output < output_len) { + u32_i2osp(counter, &buf_counter[0]); + + ret = checksum->calculate(checksum->name, + region, region_count, + tmp); + if (ret < 0) { + debug("%s: Error in checksum calculation\n", __func__); + goto out; + } + + i = 0; + while ((i_output < output_len) && (i < hash_len)) { + output[i_output] = tmp[i]; + i_output++; + i++; + } + + counter++; + } + +out: + free(tmp); + + return ret; +} + +static int compute_hash_prime(struct checksum_algo *checksum, + uint8_t *pad, int pad_len, + uint8_t *hash, int hash_len, + uint8_t *salt, int salt_len, + uint8_t *hprime) +{ + struct image_region region[3]; + int ret, region_count = 3; + + region[0].data = pad; + region[0].size = pad_len; + region[1].data = hash; + region[1].size = hash_len; + region[2].data = salt; + region[2].size = salt_len; + + ret = checksum->calculate(checksum->name, region, region_count, hprime); + if (ret < 0) { + debug("%s: Error in checksum calculation\n", __func__); + goto out; + } + +out: + return ret; +} + +int padding_pss_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len) +{ + uint8_t *masked_db = NULL; + int masked_db_len = msg_len - hash_len - 1; + uint8_t *h = NULL, *hprime = NULL; + int h_len = hash_len; + uint8_t *db_mask = NULL; + int db_mask_len = masked_db_len; + uint8_t *db = NULL, *salt = NULL; + int db_len = masked_db_len, salt_len = msg_len - hash_len - 2; + uint8_t pad_zero[8] = { 0 }; + int ret, i, leftmost_bits = 1; + uint8_t leftmost_mask; + struct checksum_algo *checksum = info->checksum; + + /* first, allocate everything */ + masked_db = malloc(masked_db_len); + h = malloc(h_len); + db_mask = malloc(db_mask_len); + db = malloc(db_len); + salt = malloc(salt_len); + hprime = malloc(hash_len); + if (!masked_db || !h || !db_mask || !db || !salt || !hprime) { + printf("%s: can't allocate some buffer\n", __func__); + ret = -ENOMEM; + goto out; + } + + /* step 4: check if the last byte is 0xbc */ + if (msg[msg_len - 1] != 0xbc) { + printf("%s: invalid pss padding (0xbc is missing)\n", __func__); + ret = -EINVAL; + goto out; + } + + /* step 5 */ + memcpy(masked_db, msg, masked_db_len); + memcpy(h, msg + masked_db_len, h_len); + + /* step 6 */ + leftmost_mask = (0xff >> (8 - leftmost_bits)) << (8 - leftmost_bits); + if (masked_db[0] & leftmost_mask) { + printf("%s: invalid pss padding ", __func__); + printf("(leftmost bit of maskedDB not zero)\n"); + ret = -EINVAL; + goto out; + } + + /* step 7 */ + mask_generation_function1(checksum, h, h_len, db_mask, db_mask_len); + + /* step 8 */ + for (i = 0; i < db_len; i++) + db[i] = masked_db[i] ^ db_mask[i]; + + /* step 9 */ + db[0] &= 0xff >> leftmost_bits; + + /* step 10 */ + if (db[0] != 0x01) { + printf("%s: invalid pss padding ", __func__); + printf("(leftmost byte of db isn't 0x01)\n"); + ret = EINVAL; + goto out; + } + + /* step 11 */ + memcpy(salt, &db[1], salt_len); + + /* step 12 & 13 */ + compute_hash_prime(checksum, pad_zero, 8, + (uint8_t *)hash, hash_len, + salt, salt_len, hprime); + + /* step 14 */ + ret = memcmp(h, hprime, hash_len); + +out: + free(hprime); + free(salt); + free(db); + free(db_mask); + free(h); + free(masked_db); + + return ret; +} +#endif + /** * rsa_verify_key() - Verify a signature against some data using RSA Key * From patchwork Thu Oct 25 09:29:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 988980 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42ghkd5z0bz9sCr for ; Thu, 25 Oct 2018 20:33:13 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 0DA44C21FB5; Thu, 25 Oct 2018 09:31:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 72CAFC21FBE; Thu, 25 Oct 2018 09:29:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id CE350C21EE4; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) by lists.denx.de (Postfix) with ESMTPS id 8E04AC21F1B for ; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id DA1FC51FE7; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id B170F1604DB; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at mtaout20.int.yaziba.net Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8LraQ8IBOu-0; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id 223C71604E7; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, michal.simek@xilinx.com, joe.hershberger@ni.com, marex@denx.de, yamada.masahiro@socionext.com, aford173@gmail.com, woods.technical@gmail.com, teddy.reed@gmail.com, jun.nie@linaro.org, peron.clem@gmail.com, peng.fan@nxp.com, keguang.zhang@gmail.com, andre.przywara@arm.com, philipp.tomsich@theobroma-systems.com, bin.chen@linaro.org, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, paul.burton@mips.com, alex.kiernan@gmail.com Date: Thu, 25 Oct 2018 11:29:34 +0200 Message-Id: <1540459776-1935-4-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> References: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> X-DRWEB-SCAN: ok X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrgeelgdduiecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecuffhomhgrihhnpehuihhmrghgvgdrfhhithenucfkphepudegledriedrudeiiedrudejtdenucfrrghrrghmpehmohguvgepshhmthhpohhuth X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH V2 4/6] doc: uImage.FIT: signature.txt: add option padding X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- doc/uImage.FIT/signature.txt | 3 +++ 1 file changed, 3 insertions(+) Changelog: v2: - no change diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt index a765722..bfff6fd 100644 --- a/doc/uImage.FIT/signature.txt +++ b/doc/uImage.FIT/signature.txt @@ -106,6 +106,9 @@ When the image is signed, the following properties are optional: - comment: Additional information about the signer or image +- padding: The padding algorithm, it may be pkcs-1.5 or pss, + if no value is provided we assume pkcs-1.5 + For config bindings (see Signed Configurations below), the following additional properties are optional: From patchwork Thu Oct 25 09:29:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 988981 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42ghl03p63z9sBk for ; Thu, 25 Oct 2018 20:33:32 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 28638C21FCC; Thu, 25 Oct 2018 09:31:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 6F5DEC21FA8; Thu, 25 Oct 2018 09:29:50 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 09C9DC21EE4; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) by lists.denx.de (Postfix) with ESMTPS id B1062C21F2A for ; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id 34AC051FFA; Thu, 25 Oct 2018 11:29:45 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id D160B1604EE; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at mtaout20.int.yaziba.net Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id NXv3L5PX3Vw7; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id 3D4BE1604DF; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, michal.simek@xilinx.com, joe.hershberger@ni.com, marex@denx.de, yamada.masahiro@socionext.com, aford173@gmail.com, woods.technical@gmail.com, teddy.reed@gmail.com, jun.nie@linaro.org, peron.clem@gmail.com, peng.fan@nxp.com, keguang.zhang@gmail.com, andre.przywara@arm.com, philipp.tomsich@theobroma-systems.com, bin.chen@linaro.org, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, paul.burton@mips.com, alex.kiernan@gmail.com Date: Thu, 25 Oct 2018 11:29:35 +0200 Message-Id: <1540459776-1935-5-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> References: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> X-DRWEB-SCAN: ok X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrgeelgdduiecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecukfhppedugeelrdeirdduieeirddujedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH V2 5/6] configs: sandbox: enable padding pss for rsa signature X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- configs/sandbox_defconfig | 1 + 1 file changed, 1 insertion(+) Changelog: v2: - new patch in the serie diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 2ce336f..b2565e1 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -6,6 +6,7 @@ CONFIG_NR_DRAM_BANKS=1 CONFIG_ANDROID_BOOT_IMAGE=y CONFIG_FIT=y CONFIG_FIT_SIGNATURE=y +CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT=y CONFIG_FIT_VERBOSE=y CONFIG_BOOTSTAGE=y CONFIG_BOOTSTAGE_REPORT=y From patchwork Thu Oct 25 09:29:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Philippe REYNES X-Patchwork-Id: 988982 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=softathome.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42ghl71bmmz9sBk for ; Thu, 25 Oct 2018 20:33:39 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id C9DFEC21F1B; Thu, 25 Oct 2018 09:31:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=KHOP_BIG_TO_CC, RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 6EDC9C21F2A; Thu, 25 Oct 2018 09:29:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 4AE66C21EE4; Thu, 25 Oct 2018 09:29:46 +0000 (UTC) Received: from vrout30.yaziba.net (vrout30.yaziba.net [185.56.204.33]) by lists.denx.de (Postfix) with ESMTPS id E9B13C21F1B for ; Thu, 25 Oct 2018 09:29:45 +0000 (UTC) Received: from mtaout20.int.yaziba.net (mtaout20.int.yaziba.net [10.4.20.37]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by vrout30.yaziba.net (mx10.yaziba.net) with ESMTPS id 350E452011; Thu, 25 Oct 2018 11:29:45 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mtaout20.int.yaziba.net (Postfix) with ESMTP id D019F1604DE; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at mtaout20.int.yaziba.net Received: from mtaout20.int.yaziba.net ([127.0.0.1]) by localhost (mtaout20.int.yaziba.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Rtb0f1Za_Fjo; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) Received: from sahnlpt0333.softathome.com (unknown [149.6.166.170]) by mtaout20.int.yaziba.net (Postfix) with ESMTPSA id 8B06216020E; Thu, 25 Oct 2018 11:29:44 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, michal.simek@xilinx.com, joe.hershberger@ni.com, marex@denx.de, yamada.masahiro@socionext.com, aford173@gmail.com, woods.technical@gmail.com, teddy.reed@gmail.com, jun.nie@linaro.org, peron.clem@gmail.com, peng.fan@nxp.com, keguang.zhang@gmail.com, andre.przywara@arm.com, philipp.tomsich@theobroma-systems.com, bin.chen@linaro.org, jsg@jsg.id.au, nomble@palism.com, swarren@nvidia.com, paul.burton@mips.com, alex.kiernan@gmail.com Date: Thu, 25 Oct 2018 11:29:36 +0200 Message-Id: <1540459776-1935-6-git-send-email-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> References: <1540459776-1935-1-git-send-email-philippe.reynes@softathome.com> X-DRWEB-SCAN: ok X-CLAMAV-SCAN: ok X-VRSPAM-SCORE: 0 X-VRSPAM-STATE: legit X-VRSPAM-CAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrgeelgdduiecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhestddtredtredttdenucfhrhhomheprfhhihhlihhpphgvucftvgihnhgvshcuoehphhhilhhiphhpvgdrrhgvhihnvghssehsohhfthgrthhhohhmvgdrtghomheqnecukfhppedugeelrdeirdduieeirddujedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH V2 6/6] test: vboot: add padding pss for rsa signature X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The padding pss is now supported for rsa signature. This add test with padding pss on vboot test. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- test/py/tests/test_vboot.py | 10 +++--- test/py/tests/vboot/sign-configs-sha1-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-configs-sha256-pss.its | 46 +++++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha1-pss.its | 44 +++++++++++++++++++++++ test/py/tests/vboot/sign-images-sha256-pss.its | 44 +++++++++++++++++++++++ 5 files changed, 186 insertions(+), 4 deletions(-) create mode 100644 test/py/tests/vboot/sign-configs-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-configs-sha256-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha1-pss.its create mode 100644 test/py/tests/vboot/sign-images-sha256-pss.its Changelog: v2: - new patch in the serie - add vboot for pss padding (thanks Simon Glass) diff --git a/test/py/tests/test_vboot.py b/test/py/tests/test_vboot.py index e9cbd57..f427c69 100644 --- a/test/py/tests/test_vboot.py +++ b/test/py/tests/test_vboot.py @@ -126,7 +126,7 @@ def test_vboot(u_boot_console): handle.write(struct.pack(">I", size)) return struct.unpack(">I", total_size)[0] - def test_with_algo(sha_algo): + def test_with_algo(sha_algo, padding): """Test verified boot with the given hash algorithm. This is the main part of the test code. The same procedure is followed @@ -144,7 +144,7 @@ def test_vboot(u_boot_console): # Build the FIT, but don't sign anything yet cons.log.action('%s: Test FIT with signed images' % sha_algo) - make_fit('sign-images-%s.its' % sha_algo) + make_fit('sign-images-%s%s.its' % (sha_algo , padding)) run_bootm(sha_algo, 'unsigned images', 'dev-', True) # Sign images with our dev keys @@ -226,8 +226,10 @@ def test_vboot(u_boot_console): # afterwards. old_dtb = cons.config.dtb cons.config.dtb = dtb - test_with_algo('sha1') - test_with_algo('sha256') + test_with_algo('sha1','') + test_with_algo('sha1','-pss') + test_with_algo('sha256','') + test_with_algo('sha256','-pss') finally: # Go back to the original U-Boot with the correct dtb. cons.config.dtb = old_dtb diff --git a/test/py/tests/vboot/sign-configs-sha1-pss.its b/test/py/tests/vboot/sign-configs-sha1-pss.its new file mode 100644 index 0000000..3c3ab20 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha1-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha1"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-configs-sha256-pss.its b/test/py/tests/vboot/sign-configs-sha256-pss.its new file mode 100644 index 0000000..8e33510 --- /dev/null +++ b/test/py/tests/vboot/sign-configs-sha256-pss.its @@ -0,0 +1,46 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + hash@1 { + algo = "sha256"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + sign-images = "fdt", "kernel"; + }; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha1-pss.its b/test/py/tests/vboot/sign-images-sha1-pss.its new file mode 100644 index 0000000..d19c4d7 --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha1-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha1,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +}; diff --git a/test/py/tests/vboot/sign-images-sha256-pss.its b/test/py/tests/vboot/sign-images-sha256-pss.its new file mode 100644 index 0000000..43612f8 --- /dev/null +++ b/test/py/tests/vboot/sign-images-sha256-pss.its @@ -0,0 +1,44 @@ +/dts-v1/; + +/ { + description = "Chrome OS kernel image with one or more FDT blobs"; + #address-cells = <1>; + + images { + kernel@1 { + data = /incbin/("test-kernel.bin"); + type = "kernel_noload"; + arch = "sandbox"; + os = "linux"; + compression = "none"; + load = <0x4>; + entry = <0x8>; + kernel-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + fdt@1 { + description = "snow"; + data = /incbin/("sandbox-kernel.dtb"); + type = "flat_dt"; + arch = "sandbox"; + compression = "none"; + fdt-version = <1>; + signature@1 { + algo = "sha256,rsa2048"; + padding = "pss"; + key-name-hint = "dev"; + }; + }; + }; + configurations { + default = "conf@1"; + conf@1 { + kernel = "kernel@1"; + fdt = "fdt@1"; + }; + }; +};