From patchwork Wed Nov 13 00:44:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1193903 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="PIx5Uy9F"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 47CQqj39xSz9sPh for ; Wed, 13 Nov 2019 11:44:47 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 3DB79C21F69; Wed, 13 Nov 2019 00:44:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 1CB97C21E2F; Wed, 13 Nov 2019 00:44:39 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 71637C21E2F; Wed, 13 Nov 2019 00:44:37 +0000 (UTC) Received: from mail-pl1-f196.google.com (mail-pl1-f196.google.com [209.85.214.196]) by lists.denx.de (Postfix) with ESMTPS id C076BC21C51 for ; Wed, 13 Nov 2019 00:44:36 +0000 (UTC) Received: by mail-pl1-f196.google.com with SMTP id ay6so286702plb.0 for ; Tue, 12 Nov 2019 16:44:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=HelLwZhXmgZWDDatgizRohHk6m2Xx7Wxh7bEw4+XgkU=; b=PIx5Uy9FQAWAF7U1dOwm9CBYTf+qw238KOZ5j89KhrN7uEN/MjvbLaX8NWaX5BNDjs 2GhoFKHHx1YX9OK9jy2wdto+2ordkSGBvZEHi94NM9FgaGGM7OF0Datk34qPI5ZTjGX6 FTil/dQPEToMn5a17/CDa1QXnbKsD/jpatmGH4ztNSS3eXLtp0yVdjhC9cYSbO7LepPl lTAMF0XFXqvVtkjsHpWnJpxJTLJV99Z41XySLrLvOdiEwbhyabO+nJSLtlWS7k5WZver qiJlGchs7G8DbNoD6S/4SSlQN8O8LpoKnO2/yZ52ezBmpyhixT14Q3rGQ8fgRwkHZygW V6dQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=HelLwZhXmgZWDDatgizRohHk6m2Xx7Wxh7bEw4+XgkU=; b=CRbKpkzqA89QB58nxXagBWgAqASHlMpKb50zJ3wMztoRv4cUEa+4oQNaNtmaBbeUth 6aSTIBPvR4qGkCSW/cS9zqdQQikkCjIJ5gxCQUmjyVKkQQUnca+dWIMa+kCAhLpupwl1 83aV/RpIEYAQuXsra+2Y/jZF7HLNpYj+7vKY9TPdnbHzEvvkFl+muV2nJdkwbbJe6bd9 6dkpUDO/E3WgjHztfol9gXcWOMKMN24Cm7CVY6yGinwU242tq9dvKBlb289xOQsgF898 7AQdjobH8jJNBBswHBzSOX7sjlqh9jCaHC5AaIZbDz8BzoLZoE0PCMv+BUcZFQcugBUG sRrw== X-Gm-Message-State: APjAAAU85+0P4snm8wPAkpimdeVcDmqz5xlkruOYGrkWgKEOKKXRQ1hs SrG8+ds/2lwo9ZdWbsDDtgTGHg== X-Google-Smtp-Source: APXvYqwOcTsQc4jTIk9KAaLmE8WjzaNdk2nsWyEwL7so/goYYAArzCrc8Cm4OJEQ1eKCyenAdirZfA== X-Received: by 2002:a17:902:744b:: with SMTP id e11mr707285plt.208.1573605874840; Tue, 12 Nov 2019 16:44:34 -0800 (PST) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id g6sm154281pfh.125.2019.11.12.16.44.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Nov 2019 16:44:34 -0800 (PST) From: AKASHI Takahiro To: trini@konsulko.com, xypron.glpk@gmx.de, agraf@csgraf.de Date: Wed, 13 Nov 2019 09:44:46 +0900 Message-Id: <20191113004502.29986-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Cc: u-boot@lists.denx.de, mail@patrick-wildt.de Subject: [U-Boot] [PATCH v3 00/16] import x509/pkcs7 parsers from linux X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" # This patch set is a prerequisite for UEFI secure boot. # This patch set should be merged first prior to my rsa extension patch # due to some dependency. Asn1 parsers of x509 certificates and pkcs7 messages are required to implement image authentication and variable authentication as part of UEFI secure boot feature. As we discussed before in the thread[1], most people insisted that we should re-use corresponding source code from Linux repository for this purpose. Here is my attempt to import all the necessary files from Linux; Those will eventually be part of UEFI secure boot implementation, but I'd like to get early feedback from other peoples before submitting the whole patchset so that they will be better formatted for merging. My approach here is * files from the latest Linux * modify files as little as possible * mark/protect unavoidable changes with "#if(n)def __UBOOT__" so that future fixes/differences in Linux repository will easily be applied to U-Boot. Known issues: * checkpatch.pl Checkpatch.pl will complain with a bunch of warnings/errors but I intentionally left them unchanged for the sake of better maintainability I said above. -Takahiro Akashi [1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html Changes in v3 (Nov 13, 2019) * rebased to v2020.01-rc * improve function description of kmemdup() (patch#1) * remove test/lib/Kconfig (patch#16) * declare variables in unit test as static (patch#16) Changes in v2 (Oct 25, 2019) * revise commit messages, describing what files are modified or not. * move kmemdump() in ubifs.c to linux_compat.c for general use (patch#1) * add patch#2 * move date.c to lib/ for general use (patch#3) * implement mktime64() with rtc_mktime() (patch#4) * move asn1_compiler.c to tools/ (patch#7) * change CONFIG_BUILD_ASN1 to CONFIG_ASN1_COMPILER (patch#7) * add clean rule to asn1_compiler-generated files to clean targets (patch#8) * change CONFIG_ASN1 to CONFIG_ASN1_DECODER (patch#9) * add README for asn1 compiler/decoder (patch#10) * move build_oid_registry to scripts/ (patch#11) * shuffle an order of patches (patch#13,#14,#15) * add a new config CONFIG_RSA_PUBLIC_KEY_PARSER so that it can be * modify Kconfig dependency (patch#13,#14,#15) compiled in independently (patch#13) * add unit test (patch#16,#17) Changes in v1 (Oct 11, 2019) from RFC * change the kernel code base from v5.0 to v5.3 * add preparatory patches (#1, #2 and #3) * comment off x509_check_for_self_signed() which is not useful for UEFI secure boot (patch#9) * improve usages of "#if(n)def __UBOOT__* to minimize differences between U-Boot and linux kernel AKASHI Takahiro (16): linux_compat: move kmemdup() from ubifs.c to linux_compat.c rtc.h: add struct udevice declaration rtc: move date.c from drivers/rtc/ to lib/ lib: add mktime64() for linux compatibility include: kernel.h: include printk.h linux/time.h: include vsprintf.h cmd: add asn1_compiler Makefile: add build script for asn1 parsers lib: add asn1 decoder doc: add README for asn1 compiler and decoder lib: add oid registry utility lib: crypto: add public key utility lib: crypto: add rsa public key parser lib: crypto: add x509 parser lib: crypto: add pkcs7 message parser test: add asn1 unit test Makefile | 1 + cmd/Kconfig | 1 + doc/README.asn1 | 40 + drivers/rtc/Kconfig | 1 + drivers/rtc/Makefile | 1 - fs/ubifs/ubifs.c | 19 +- include/crypto/internal/rsa.h | 57 + include/crypto/pkcs7.h | 47 + include/crypto/public_key.h | 90 ++ include/keys/asymmetric-type.h | 88 ++ include/linux/asn1.h | 65 ++ include/linux/asn1_ber_bytecode.h | 89 ++ include/linux/asn1_decoder.h | 20 + include/linux/kernel.h | 2 +- include/linux/oid_registry.h | 117 +++ include/linux/time.h | 11 + include/rtc.h | 2 + lib/Kconfig | 17 + lib/Makefile | 20 + lib/asn1_decoder.c | 527 ++++++++++ lib/crypto/Kconfig | 52 + lib/crypto/Makefile | 49 + lib/crypto/asymmetric_type.c | 668 ++++++++++++ lib/crypto/pkcs7.asn1 | 135 +++ lib/crypto/pkcs7_parser.c | 693 +++++++++++++ lib/crypto/pkcs7_parser.h | 65 ++ lib/crypto/public_key.c | 376 +++++++ lib/crypto/rsa_helper.c | 198 ++++ lib/crypto/rsapubkey.asn1 | 4 + lib/crypto/x509.asn1 | 60 ++ lib/crypto/x509_akid.asn1 | 35 + lib/crypto/x509_cert_parser.c | 697 +++++++++++++ lib/crypto/x509_parser.h | 57 + lib/crypto/x509_public_key.c | 292 ++++++ {drivers/rtc => lib}/date.c | 23 +- lib/linux_compat.c | 19 + lib/oid_registry.c | 179 ++++ scripts/Makefile.build | 4 +- scripts/build_OID_registry | 203 ++++ test/Kconfig | 18 +- test/lib/Makefile | 1 + test/lib/asn1.c | 392 +++++++ tools/Makefile | 3 + tools/asn1_compiler.c | 1611 +++++++++++++++++++++++++++++ 44 files changed, 7024 insertions(+), 25 deletions(-) create mode 100644 doc/README.asn1 create mode 100644 include/crypto/internal/rsa.h create mode 100644 include/crypto/pkcs7.h create mode 100644 include/crypto/public_key.h create mode 100644 include/keys/asymmetric-type.h create mode 100644 include/linux/asn1.h create mode 100644 include/linux/asn1_ber_bytecode.h create mode 100644 include/linux/asn1_decoder.h create mode 100644 include/linux/oid_registry.h create mode 100644 lib/asn1_decoder.c create mode 100644 lib/crypto/Kconfig create mode 100644 lib/crypto/Makefile create mode 100644 lib/crypto/asymmetric_type.c create mode 100644 lib/crypto/pkcs7.asn1 create mode 100644 lib/crypto/pkcs7_parser.c create mode 100644 lib/crypto/pkcs7_parser.h create mode 100644 lib/crypto/public_key.c create mode 100644 lib/crypto/rsa_helper.c create mode 100644 lib/crypto/rsapubkey.asn1 create mode 100644 lib/crypto/x509.asn1 create mode 100644 lib/crypto/x509_akid.asn1 create mode 100644 lib/crypto/x509_cert_parser.c create mode 100644 lib/crypto/x509_parser.h create mode 100644 lib/crypto/x509_public_key.c rename {drivers/rtc => lib}/date.c (81%) create mode 100644 lib/oid_registry.c create mode 100755 scripts/build_OID_registry create mode 100644 test/lib/asn1.c create mode 100644 tools/asn1_compiler.c