mbox series

[U-Boot,v2,00/17] import x509/pkcs7 parsers from linux

Message ID 20191025100749.16165-1-takahiro.akashi@linaro.org
Headers show
Series import x509/pkcs7 parsers from linux | expand

Message

AKASHI Takahiro Oct. 25, 2019, 10:07 a.m. UTC
# This patch set should be merged first prior to my rsa extension patch
# due to some dependency. I plan to send out a new version of rsa
# extension next week.

Asn1 parsers of x509 certificates and pkcs7 messages are required
to implement image authentication and variable authentication as
part of UEFI secure boot feature.

As we discussed before in the thread[1], most people insisted that
we should re-use corresponding source code from Linux repository
for this purpose.

Here is my attempt to import all the necessary files from Linux; Those
will eventually be part of UEFI secure boot implementation, but I'd like
to get early feedback from other peoples before submitting the whole
patchset so that they will be better formatted for merging.

My approach here is
* files from the latest Linux
* modify files as little as possible
* mark/protect unavoidable changes with "#if(n)def __UBOOT__"
so that future fixes/differences in Linux repository will easily
be applied to U-Boot.

Known issues:
* checkpatch.pl
  Checkpatch.pl will complain with a bunch of warnings/errors but
  I intentionally left them unchanged for the sake of better
  maintainability I said above.

* unit test
  I'm still waiting for a feedback from Tom[2] regarding how we should
  enable "unit test" for ASN1 compiler/decoder on sandbox and others
  in Travis CI.

* Travis CI
  It is still running against this very version, but I'm sure I have
  fixed all the issues (as long as Heinrich's [3] is applied);
  I will let you know the result on Monday.

Any comments will be appreciated.
-Takahiro Akashi

[1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html
[2] https://lists.denx.de/pipermail/u-boot/2019-October/387734.html
[3] https://lists.denx.de/pipermail/u-boot/2019-October/385643.html

Changes in v2 (Oct 25, 2019)
* revise commit messages, describing what files are modified or not.
* move kmemdump() in ubifs.c to linux_compat.c for general use (patch#1)
* add patch#2
* move date.c to lib/ for general use (patch#3)
* implement mktime64() with rtc_mktime() (patch#4)
* move asn1_compiler.c to tools/ (patch#7)
* change CONFIG_BUILD_ASN1 to CONFIG_ASN1_COMPILER (patch#7)
* add clean rule to asn1_compiler-generated files to clean targets (patch#8)
* change CONFIG_ASN1 to CONFIG_ASN1_DECODER (patch#9)
* add README for asn1 compiler/decoder (patch#10)
* move build_oid_registory to scripts/ (patch#11)
* shuffle an order of patches (patch#13,#14,#15)
* add a new config CONFIG_RSA_PUBLIC_KEY_PARSER so that it can be
* modify Kconfig dependency (patch#13,#14,#15)
  compiled in independently (patch#13)
* add unit test (patch#16,#17)

Changes in v1 (Oct 11, 2019) from RFC
* change the kernel code base from v5.0 to v5.3
* add preparatory patches (#1, #2 and #3)
* comment off x509_check_for_self_signed() which is not useful
  for UEFI secure boot (patch#9)
* improve usages of "#if(n)def __UBOOT__* to minimize differences
  between U-Boot and linux kernel

AKASHI Takahiro (17):
  linux_compat: move kmemdup() from ubifs.c to linux_compat.c
  rtc.h: add struct udevice declaration
  rtc: move date.c from drivers/rtc/ to lib/
  lib: add mktime64() for linux compatibility
  include: kernel.h: include printk.h
  linux/time.h: include vsprintf.h
  cmd: add asn1_compiler
  Makefile: add build script for asn1 parsers
  lib: add asn1 decoder
  doc: add README for asn1 compiler and decoder
  lib: add oid registry utility
  lib: crypto: add public key utility
  lib: crypto: add rsa public key parser
  lib: crypto: add x509 parser
  lib: crypto: add pkcs7 message parser
  test: add lib specific Kconfig
  test: add asn1 unit test

 Makefile                          |    1 +
 cmd/Kconfig                       |    1 +
 doc/README.asn1                   |   40 +
 drivers/rtc/Kconfig               |    1 +
 drivers/rtc/Makefile              |    1 -
 fs/ubifs/ubifs.c                  |   19 +-
 include/crypto/internal/rsa.h     |   57 +
 include/crypto/pkcs7.h            |   47 +
 include/crypto/public_key.h       |   90 ++
 include/keys/asymmetric-type.h    |   88 ++
 include/linux/asn1.h              |   65 ++
 include/linux/asn1_ber_bytecode.h |   89 ++
 include/linux/asn1_decoder.h      |   20 +
 include/linux/kernel.h            |    2 +-
 include/linux/oid_registry.h      |  117 +++
 include/linux/time.h              |   11 +
 include/rtc.h                     |    2 +
 lib/Kconfig                       |   17 +
 lib/Makefile                      |   20 +
 lib/asn1_decoder.c                |  527 ++++++++++
 lib/crypto/Kconfig                |   52 +
 lib/crypto/Makefile               |   49 +
 lib/crypto/asymmetric_type.c      |  668 ++++++++++++
 lib/crypto/pkcs7.asn1             |  135 +++
 lib/crypto/pkcs7_parser.c         |  693 +++++++++++++
 lib/crypto/pkcs7_parser.h         |   65 ++
 lib/crypto/public_key.c           |  376 +++++++
 lib/crypto/rsa_helper.c           |  198 ++++
 lib/crypto/rsapubkey.asn1         |    4 +
 lib/crypto/x509.asn1              |   60 ++
 lib/crypto/x509_akid.asn1         |   35 +
 lib/crypto/x509_cert_parser.c     |  697 +++++++++++++
 lib/crypto/x509_parser.h          |   57 +
 lib/crypto/x509_public_key.c      |  292 ++++++
 {drivers/rtc => lib}/date.c       |   23 +-
 lib/linux_compat.c                |   17 +
 lib/oid_registry.c                |  179 ++++
 scripts/Makefile.build            |    4 +-
 scripts/build_OID_registry        |  203 ++++
 test/Kconfig                      |    8 +-
 test/lib/Kconfig                  |   23 +
 test/lib/Makefile                 |    2 +
 test/lib/asn1.c                   |  392 +++++++
 tools/Makefile                    |    3 +
 tools/asn1_compiler.c             | 1611 +++++++++++++++++++++++++++++
 45 files changed, 7030 insertions(+), 31 deletions(-)
 create mode 100644 doc/README.asn1
 create mode 100644 include/crypto/internal/rsa.h
 create mode 100644 include/crypto/pkcs7.h
 create mode 100644 include/crypto/public_key.h
 create mode 100644 include/keys/asymmetric-type.h
 create mode 100644 include/linux/asn1.h
 create mode 100644 include/linux/asn1_ber_bytecode.h
 create mode 100644 include/linux/asn1_decoder.h
 create mode 100644 include/linux/oid_registry.h
 create mode 100644 lib/asn1_decoder.c
 create mode 100644 lib/crypto/Kconfig
 create mode 100644 lib/crypto/Makefile
 create mode 100644 lib/crypto/asymmetric_type.c
 create mode 100644 lib/crypto/pkcs7.asn1
 create mode 100644 lib/crypto/pkcs7_parser.c
 create mode 100644 lib/crypto/pkcs7_parser.h
 create mode 100644 lib/crypto/public_key.c
 create mode 100644 lib/crypto/rsa_helper.c
 create mode 100644 lib/crypto/rsapubkey.asn1
 create mode 100644 lib/crypto/x509.asn1
 create mode 100644 lib/crypto/x509_akid.asn1
 create mode 100644 lib/crypto/x509_cert_parser.c
 create mode 100644 lib/crypto/x509_parser.h
 create mode 100644 lib/crypto/x509_public_key.c
 rename {drivers/rtc => lib}/date.c (81%)
 create mode 100644 lib/oid_registry.c
 create mode 100755 scripts/build_OID_registry
 create mode 100644 test/lib/Kconfig
 create mode 100644 test/lib/asn1.c
 create mode 100644 tools/asn1_compiler.c

Comments

AKASHI Takahiro Oct. 28, 2019, 1:44 a.m. UTC | #1
On Fri, Oct 25, 2019 at 07:07:32PM +0900, AKASHI Takahiro wrote:
> # This patch set should be merged first prior to my rsa extension patch
> # due to some dependency. I plan to send out a new version of rsa
> # extension next week.
> 
> Asn1 parsers of x509 certificates and pkcs7 messages are required
> to implement image authentication and variable authentication as
> part of UEFI secure boot feature.
> 
> As we discussed before in the thread[1], most people insisted that
> we should re-use corresponding source code from Linux repository
> for this purpose.
> 
> Here is my attempt to import all the necessary files from Linux; Those
> will eventually be part of UEFI secure boot implementation, but I'd like
> to get early feedback from other peoples before submitting the whole
> patchset so that they will be better formatted for merging.
> 
> My approach here is
> * files from the latest Linux
> * modify files as little as possible
> * mark/protect unavoidable changes with "#if(n)def __UBOOT__"
> so that future fixes/differences in Linux repository will easily
> be applied to U-Boot.
> 
> Known issues:
> * checkpatch.pl
>   Checkpatch.pl will complain with a bunch of warnings/errors but
>   I intentionally left them unchanged for the sake of better
>   maintainability I said above.
> 
> * unit test
>   I'm still waiting for a feedback from Tom[2] regarding how we should
>   enable "unit test" for ASN1 compiler/decoder on sandbox and others
>   in Travis CI.
> 
> * Travis CI
>   It is still running against this very version, but I'm sure I have
>   fixed all the issues (as long as Heinrich's [3] is applied);
>   I will let you know the result on Monday.

All Travis CI tests have passed.

-Takahiro Akashi


> Any comments will be appreciated.
> -Takahiro Akashi
> 
> [1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html
> [2] https://lists.denx.de/pipermail/u-boot/2019-October/387734.html
> [3] https://lists.denx.de/pipermail/u-boot/2019-October/385643.html
> 
> Changes in v2 (Oct 25, 2019)
> * revise commit messages, describing what files are modified or not.
> * move kmemdump() in ubifs.c to linux_compat.c for general use (patch#1)
> * add patch#2
> * move date.c to lib/ for general use (patch#3)
> * implement mktime64() with rtc_mktime() (patch#4)
> * move asn1_compiler.c to tools/ (patch#7)
> * change CONFIG_BUILD_ASN1 to CONFIG_ASN1_COMPILER (patch#7)
> * add clean rule to asn1_compiler-generated files to clean targets (patch#8)
> * change CONFIG_ASN1 to CONFIG_ASN1_DECODER (patch#9)
> * add README for asn1 compiler/decoder (patch#10)
> * move build_oid_registory to scripts/ (patch#11)
> * shuffle an order of patches (patch#13,#14,#15)
> * add a new config CONFIG_RSA_PUBLIC_KEY_PARSER so that it can be
> * modify Kconfig dependency (patch#13,#14,#15)
>   compiled in independently (patch#13)
> * add unit test (patch#16,#17)
> 
> Changes in v1 (Oct 11, 2019) from RFC
> * change the kernel code base from v5.0 to v5.3
> * add preparatory patches (#1, #2 and #3)
> * comment off x509_check_for_self_signed() which is not useful
>   for UEFI secure boot (patch#9)
> * improve usages of "#if(n)def __UBOOT__* to minimize differences
>   between U-Boot and linux kernel
> 
> AKASHI Takahiro (17):
>   linux_compat: move kmemdup() from ubifs.c to linux_compat.c
>   rtc.h: add struct udevice declaration
>   rtc: move date.c from drivers/rtc/ to lib/
>   lib: add mktime64() for linux compatibility
>   include: kernel.h: include printk.h
>   linux/time.h: include vsprintf.h
>   cmd: add asn1_compiler
>   Makefile: add build script for asn1 parsers
>   lib: add asn1 decoder
>   doc: add README for asn1 compiler and decoder
>   lib: add oid registry utility
>   lib: crypto: add public key utility
>   lib: crypto: add rsa public key parser
>   lib: crypto: add x509 parser
>   lib: crypto: add pkcs7 message parser
>   test: add lib specific Kconfig
>   test: add asn1 unit test
> 
>  Makefile                          |    1 +
>  cmd/Kconfig                       |    1 +
>  doc/README.asn1                   |   40 +
>  drivers/rtc/Kconfig               |    1 +
>  drivers/rtc/Makefile              |    1 -
>  fs/ubifs/ubifs.c                  |   19 +-
>  include/crypto/internal/rsa.h     |   57 +
>  include/crypto/pkcs7.h            |   47 +
>  include/crypto/public_key.h       |   90 ++
>  include/keys/asymmetric-type.h    |   88 ++
>  include/linux/asn1.h              |   65 ++
>  include/linux/asn1_ber_bytecode.h |   89 ++
>  include/linux/asn1_decoder.h      |   20 +
>  include/linux/kernel.h            |    2 +-
>  include/linux/oid_registry.h      |  117 +++
>  include/linux/time.h              |   11 +
>  include/rtc.h                     |    2 +
>  lib/Kconfig                       |   17 +
>  lib/Makefile                      |   20 +
>  lib/asn1_decoder.c                |  527 ++++++++++
>  lib/crypto/Kconfig                |   52 +
>  lib/crypto/Makefile               |   49 +
>  lib/crypto/asymmetric_type.c      |  668 ++++++++++++
>  lib/crypto/pkcs7.asn1             |  135 +++
>  lib/crypto/pkcs7_parser.c         |  693 +++++++++++++
>  lib/crypto/pkcs7_parser.h         |   65 ++
>  lib/crypto/public_key.c           |  376 +++++++
>  lib/crypto/rsa_helper.c           |  198 ++++
>  lib/crypto/rsapubkey.asn1         |    4 +
>  lib/crypto/x509.asn1              |   60 ++
>  lib/crypto/x509_akid.asn1         |   35 +
>  lib/crypto/x509_cert_parser.c     |  697 +++++++++++++
>  lib/crypto/x509_parser.h          |   57 +
>  lib/crypto/x509_public_key.c      |  292 ++++++
>  {drivers/rtc => lib}/date.c       |   23 +-
>  lib/linux_compat.c                |   17 +
>  lib/oid_registry.c                |  179 ++++
>  scripts/Makefile.build            |    4 +-
>  scripts/build_OID_registry        |  203 ++++
>  test/Kconfig                      |    8 +-
>  test/lib/Kconfig                  |   23 +
>  test/lib/Makefile                 |    2 +
>  test/lib/asn1.c                   |  392 +++++++
>  tools/Makefile                    |    3 +
>  tools/asn1_compiler.c             | 1611 +++++++++++++++++++++++++++++
>  45 files changed, 7030 insertions(+), 31 deletions(-)
>  create mode 100644 doc/README.asn1
>  create mode 100644 include/crypto/internal/rsa.h
>  create mode 100644 include/crypto/pkcs7.h
>  create mode 100644 include/crypto/public_key.h
>  create mode 100644 include/keys/asymmetric-type.h
>  create mode 100644 include/linux/asn1.h
>  create mode 100644 include/linux/asn1_ber_bytecode.h
>  create mode 100644 include/linux/asn1_decoder.h
>  create mode 100644 include/linux/oid_registry.h
>  create mode 100644 lib/asn1_decoder.c
>  create mode 100644 lib/crypto/Kconfig
>  create mode 100644 lib/crypto/Makefile
>  create mode 100644 lib/crypto/asymmetric_type.c
>  create mode 100644 lib/crypto/pkcs7.asn1
>  create mode 100644 lib/crypto/pkcs7_parser.c
>  create mode 100644 lib/crypto/pkcs7_parser.h
>  create mode 100644 lib/crypto/public_key.c
>  create mode 100644 lib/crypto/rsa_helper.c
>  create mode 100644 lib/crypto/rsapubkey.asn1
>  create mode 100644 lib/crypto/x509.asn1
>  create mode 100644 lib/crypto/x509_akid.asn1
>  create mode 100644 lib/crypto/x509_cert_parser.c
>  create mode 100644 lib/crypto/x509_parser.h
>  create mode 100644 lib/crypto/x509_public_key.c
>  rename {drivers/rtc => lib}/date.c (81%)
>  create mode 100644 lib/oid_registry.c
>  create mode 100755 scripts/build_OID_registry
>  create mode 100644 test/lib/Kconfig
>  create mode 100644 test/lib/asn1.c
>  create mode 100644 tools/asn1_compiler.c
> 
> -- 
> 2.21.0
>