From patchwork Fri Oct 11 07:41:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1174972 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="A8bvObR+"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 46qKZQ0FhGz9sNx for ; Fri, 11 Oct 2019 18:38:32 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id B4971C21DFD; Fri, 11 Oct 2019 07:38:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 0BDB1C21C38; Fri, 11 Oct 2019 07:38:24 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 37B5EC21C38; Fri, 11 Oct 2019 07:38:22 +0000 (UTC) Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com [209.85.215.196]) by lists.denx.de (Postfix) with ESMTPS id 889F6C21BE5 for ; Fri, 11 Oct 2019 07:38:21 +0000 (UTC) Received: by mail-pg1-f196.google.com with SMTP id p1so5290349pgi.4 for ; Fri, 11 Oct 2019 00:38:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=L6PfcmmzAXKxeXq+KaEzmHDgCQE1nD8Tp+FaShQon3s=; b=A8bvObR+RECGJqZsQTbFfdmpiahhH+2SOp1aGoA5W6mCxOoQpDEsEyCFw+Mq3djdNm Z1GGL4hCcNDqKHQdSB5eSydHcJ9zezFNp4SrScZFQMmDXJPp4/YI5DZJYprZvDBwkQ97 pJ7aGs5+1AG5HvjPt2zqPQn+oH0hQc/9QuKMnHz4FHuM9BB3GV2GFn8q/NFVptSu5eZ/ DwzKR/D0SZrf08m94Kop+thCVigO4X8qpyD6g9hsDEeFq/5mAwqyNwtoF7otAhcDsNic A1sWe6sl5THdGuMQVA75+ytPpjRX5I2mZf+SUqD6IWJL4mn8+fJS1gga+BXBBwQZPE+t bhHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=L6PfcmmzAXKxeXq+KaEzmHDgCQE1nD8Tp+FaShQon3s=; b=NCvjeOoQjvGvxVNPcvIFUh4UUYCMsiTCG3YVpjEEebpFtNrQkj1kVs9yCaENy+qtDT G8AUNQAplqSyP40t9ffhPUgQ0Y5br914BXgt9xqmKtcjPAoIWL3iHD8MhjtYpOzaRV0R 78aaDUkDXIhckoAAX5etoz914pOsiz/tQmW+QTwvHF2fU9CCpfmrU7ekT/jaIPXTmuBL 8KV2NYAOFs4TEivyTvzbGIifY4iBfY90KNrSED4mdyPF9NgRItP9Mwgz5MqBpAZd3AJW AhwDTIRxI2GgQCELjSfqqchv9iRbBmTmSL5IyHVQnegJTw6zcEyq/drbI4Sa3B7qUHiV QEhg== X-Gm-Message-State: APjAAAWxxkH0qGJfhR0FkoR2P4QWerjyIcxOrHzY/IR9FhHIFh+VY9tB 9Hq0sAKK7wAlsDvi5mqk3nWifg== X-Google-Smtp-Source: APXvYqzSNrhtv3YGvI1/FdVav6pJSH00fsv9T0Zu9hIF9RfgKCE++W8QA0jzdk2O5lr1+dxN++vleQ== X-Received: by 2002:a62:b504:: with SMTP id y4mr14999088pfe.198.1570779499463; Fri, 11 Oct 2019 00:38:19 -0700 (PDT) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id s10sm17545565pgn.9.2019.10.11.00.38.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Oct 2019 00:38:18 -0700 (PDT) From: AKASHI Takahiro To: trini@konsulko.com, xypron.glpk@gmx.de, agraf@csgraf.de Date: Fri, 11 Oct 2019 16:41:49 +0900 Message-Id: <20191011074200.30269-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v1 00/11] import x509/pkcs7 parsers from linux X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Asn1 parsers of x509 certificates and pkcs7 messages are required to implement image authentication and variable authentication as part of UEFI secure boot feature. As we discussed before in the thread[1], most people insisted that we should re-use corresponding source code from Linux repository for this purpose. Here is my attempt to import all the necessary files from Linux; Those will eventually be part of UEFI secure boot implementation, but I'd like to get early feedback from other peoples before submitting the whole patchset so that they will be better formatted for merging. My approach here is * files from the latest Linux * modify files as little as possible * mark/protect unavoidable changes with "#if(n)def __UBOOT__" so that future fixes/differences in Linux repository will easily be applied to U-Boot. Please note that checkpatch.pl will complain with a bunch of warnings/errors but I intentionally left them unchanged for the sake of better maintainability I said above. Any comments will be appreciated. -Takahiro Akashi [1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html Changes in v1 (Oct 11, 2019) from RFC * change the kernel code base from v5.0 to v5.3 * comment off x509_check_for_self_signed() which is not useful for UEFI secure boot (patch#9) * improve usages of "#if(n)def __UBOOT__* to minimize differences between U-Boot and linux kernel AKASHI Takahiro (11): linux_compat: add kmemdup() include: time.h: define time64_t include: kernel.h: include printk.h cmd: add asn1_compiler Makefile: add build script for asn1 parsers lib: add asn1 decoder lib: add oid registry utility lib: crypto: add public key utility lib: crypto: add x509 parser lib: crypto: add pkcs7 message parser lib: crypto: add rsa public key parser cmd/Kconfig | 3 + include/crypto/internal/rsa.h | 57 + include/crypto/pkcs7.h | 47 + include/crypto/public_key.h | 90 ++ include/keys/asymmetric-type.h | 88 ++ include/linux/asn1.h | 65 ++ include/linux/asn1_ber_bytecode.h | 89 ++ include/linux/asn1_decoder.h | 20 + include/linux/compat.h | 4 +- include/linux/kernel.h | 2 + include/linux/oid_registry.h | 117 +++ include/linux/time.h | 24 + lib/Kconfig | 12 + lib/Makefile | 18 + lib/asn1_decoder.c | 527 ++++++++++ lib/build_OID_registry | 203 ++++ lib/crypto/Kconfig | 38 + lib/crypto/Makefile | 46 + lib/crypto/asymmetric_type.c | 668 ++++++++++++ lib/crypto/pkcs7.asn1 | 135 +++ lib/crypto/pkcs7_parser.c | 693 +++++++++++++ lib/crypto/pkcs7_parser.h | 65 ++ lib/crypto/public_key.c | 376 +++++++ lib/crypto/rsa_helper.c | 198 ++++ lib/crypto/rsapubkey.asn1 | 4 + lib/crypto/x509.asn1 | 60 ++ lib/crypto/x509_akid.asn1 | 35 + lib/crypto/x509_cert_parser.c | 697 +++++++++++++ lib/crypto/x509_parser.h | 57 + lib/crypto/x509_public_key.c | 292 ++++++ lib/linux_compat.c | 11 + lib/oid_registry.c | 179 ++++ scripts/Makefile | 3 + scripts/Makefile.build | 2 +- scripts/asn1_compiler.c | 1611 +++++++++++++++++++++++++++++ 35 files changed, 6533 insertions(+), 3 deletions(-) create mode 100644 include/crypto/internal/rsa.h create mode 100644 include/crypto/pkcs7.h create mode 100644 include/crypto/public_key.h create mode 100644 include/keys/asymmetric-type.h create mode 100644 include/linux/asn1.h create mode 100644 include/linux/asn1_ber_bytecode.h create mode 100644 include/linux/asn1_decoder.h create mode 100644 include/linux/oid_registry.h create mode 100644 lib/asn1_decoder.c create mode 100755 lib/build_OID_registry create mode 100644 lib/crypto/Kconfig create mode 100644 lib/crypto/Makefile create mode 100644 lib/crypto/asymmetric_type.c create mode 100644 lib/crypto/pkcs7.asn1 create mode 100644 lib/crypto/pkcs7_parser.c create mode 100644 lib/crypto/pkcs7_parser.h create mode 100644 lib/crypto/public_key.c create mode 100644 lib/crypto/rsa_helper.c create mode 100644 lib/crypto/rsapubkey.asn1 create mode 100644 lib/crypto/x509.asn1 create mode 100644 lib/crypto/x509_akid.asn1 create mode 100644 lib/crypto/x509_cert_parser.c create mode 100644 lib/crypto/x509_parser.h create mode 100644 lib/crypto/x509_public_key.c create mode 100644 lib/oid_registry.c create mode 100644 scripts/asn1_compiler.c