From patchwork Mon Jan 27 10:27:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1229663 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=d++pHzg4; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 485mDD10kkz9sPK for ; Mon, 27 Jan 2020 21:28:12 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8A7F2818F1; Mon, 27 Jan 2020 11:28:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="d++pHzg4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id ECCEF81917; Mon, 27 Jan 2020 11:28:04 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 80F8281877 for ; Mon, 27 Jan 2020 11:28:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x1041.google.com with SMTP id m4so2929302pjv.3 for ; Mon, 27 Jan 2020 02:28:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=AZjyjMSlXLxMkhojHchymfhF/KNbN2atTw/n70MaWY4=; b=d++pHzg4lXzHQLPnzWg5k9phIbqh4OzCwrz/OQ4Zqq0DUmJX//+0Lj+/p7BgofxixC SZZ/V+KFdyQmWbW57w1iaS1WptUz7MhVf141PGkqqFCeTkBxJU+lNH4Dz0U5bXWOJrP7 pXu44qIZGFaqmvjXiwy4Sv4GaN8iBVcAphzGcjrnrrvMThmtBwxvdfiqD9PG6VETITUf Bb84rUY+TL/pSu0f17vVu3Guh7G5UaccGRrB4DCP5ijuxrCrzenFBygffZsg/Y2AMBH/ aFPiQmFbSCMJnTcjCDqmCw9AoJx4TOz9qBReZyf0nkdpmuq8Gcf1i2YtcqyVO9Y6Z654 oCkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=AZjyjMSlXLxMkhojHchymfhF/KNbN2atTw/n70MaWY4=; b=SttAMzhiYJ1DAaBkML7wJjmBn+JGWuow+U+m0J06n8wICPgIDXA961jOTvKIFV5ddN sMvu7rXAxgeowQpFahp36/vWD6Wb9KtcZOu52ZPEmrcHkoR84IiVWRexUx4ZQwauCgK9 QtckcKuIkV/teES4TDhs14T79aWNj7/YukY55bI23Kw31dnRRB+3+xa9cW+EJ4CiL7xi gk8YbalHE5pEBq+QIbQOySMH2pDarY5xrcxWyA7+UQuNqC1c02rNmrMvUl3Spywx2BzQ P1KsOago2kDNwAUcdYHUJ1NkHU/BaotuQSK3g7xJgW7awlK1/48FkRRT135h74N5QKot QioA== X-Gm-Message-State: APjAAAXkhFeew3xTlPejKkKZiWA1ttZ9VNfj4WOlSrMebJxqwJXqZO6R EsTYw3JBtNEIgknxS3Xdi+vyIg== X-Google-Smtp-Source: APXvYqw4K2gcpAX+t95SkyOgwm3SFRSv1tlWAEurkfwicUkcYSGVJci3rWCue+9HSFEiaIPtrvBL7A== X-Received: by 2002:a17:902:900a:: with SMTP id a10mr16790191plp.191.1580120878628; Mon, 27 Jan 2020 02:27:58 -0800 (PST) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id y2sm8200169pff.139.2020.01.27.02.27.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Jan 2020 02:27:58 -0800 (PST) From: AKASHI Takahiro To: trini@konsulko.com, sjg@chromium.org, xypron.glpk@gmx.de, agraf@csgraf.de Subject: [PATCH v6 0/7] rsa: extend rsa_verify() for UEFI secure boot Date: Mon, 27 Jan 2020 19:27:33 +0900 Message-Id: <20200127102740.26831-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.26 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: u-boot@lists.denx.de, mail@patrick-wildt.de Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.101.4 at phobos.denx.de X-Virus-Status: Clean # This patch set is a prerequisite for UEFI secure boot. The current rsa_verify() requires five parameters for a RSA public key for efficiency while RSA, in theory, requires only two. In addition, those parameters are expected to come from FIT image. So this function won't fit very well when we want to use it for the purpose of implementing UEFI secure boot, in particular, image authentication as well as variable authentication, where the essential two parameters are set to be retrieved from one of X509 certificates in signature database. So, in this patch, additional three parameters will be calculated on the fly when rsa_verify() is called without fdt which should contain parameters above. This calculation heavily relies on "big-number (or multi-precision) library." Therefore some routines from BearSSL[1] under MIT license are imported in this implementation. See Patch#4. # Please let me know if this is not appropriate. Prerequisite: * public key parser in my "import x509/pkcs7 parser" patch[2] # Checkpatch will complain with lots of warnings/errors, but # I intentionally don't fix them for maximum maintainability. [1] https://bearssl.org/ [2] https://lists.denx.de/pipermail/u-boot/2019-November/390127.html Changes in v6 (Jan 27, 2020) * rebased to v2020.01 * change CONFIG_UT_LIB_RSA dependencies after Tom's suggestion (patch#6) * add patch#7 to enable RSA library test on sandbox Changes in v5 (Dec 17, 2019) * modify RSA_VERIFY-related configuration to fix size growth problem on some platforms (T1042RDB_PI_NAND_SECURE_BOOT and else), adding IMAGE_SIGN_INFO config (patch #1, #2, #6) * simplify kconfig dependencies; - RSA_VERIFY_WITH_PKEY *selects* RSA_VERIFY instead of "depends on" (patch#2) - remove some implicit dependencies (patch#6) Changes in v4 (Nov 21, 2019) * rebased to v2020.01-rc3 * change a function prototype of rsa_gen_key_prop() to return an error code (patch#4,#5) * re-order include files in alphabetical order (patch#6) * add some comments per Simon's review comments Changes in v3 (Nov 13, 2019) * remove RSA_VERIFY_WITH_PKEY, which is to be added in patch#2 (patch#1) * modify unit test Kconfg due to removal of test/lib/Kconfig (patch#6) Changes in v2 (Oct 29, 2019) * fix build errors at Travis CI * not include linux/kconfig.h (patch#1) * add a separate patch for adding CONFIG_RSA_VERIFY_WITH_PKEY (patch#2) * take a prerequisite patch from my "secure boot patch" (patch#3) * add a dependency on RSA_PUBLIC_KEY_PARSER (patch#4) * remove "inline" directives (patch#4) * add function descriptions, which mostly come from BearSSL's src/inner.h (patch#4) * improve Kconfig help text after Simon's comment (patch#5) * add function description of rsa_verify_with_pkey() (patch#5) * modify rsa_verify() to use "if (CONFIG_IS_ENABLED(...) " style rather than "#ifdef CONFIG_..." (patch#5) * add function tests (patch#6) Changes in v1 (Oct 9, 2019) * fix a build error on pine64-lts_defconfig (reported by Heinrich) by defining FIT_IMAGE_ENABLE_VERIFY flag and adding SPL_RSA_VERIFY config (patch#1) * remove FIT-specific code from image-sig.c and put them to new image-fit-sig.c to allow us to disable CONFIG_FIT_SIGNATURE (patch#1) * compile rsa-keyprop.c only if necessary (i.e. if CONFIG_RSA_VERIFY_WITH_PKEY) (patch#2) * add SPDX license identifier in rsa-keyprop.c (patch#2) * include instead of (patch#2) * use U-Boot's byteorder helper functions instead of BearSSL's (patch#2) AKASHI Takahiro (7): lib: rsa: decouple rsa from FIT image verification rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config include: image.h: add key info to image_sign_info lib: rsa: generate additional parameters for public key lib: rsa: add rsa_verify_with_pkey() test: add rsa_verify() unit test test: enable RSA library test on sandbox Kconfig | 4 + common/Kconfig | 7 + common/Makefile | 3 +- common/image-fit-sig.c | 417 +++++++++++++++++ common/image-fit.c | 6 +- common/image-sig.c | 396 ---------------- configs/sandbox64_defconfig | 1 + configs/sandbox_defconfig | 1 + configs/sandbox_flattree_defconfig | 1 + configs/sandbox_spl_defconfig | 1 + include/image.h | 20 +- include/u-boot/rsa-mod-exp.h | 23 + lib/rsa/Kconfig | 27 ++ lib/rsa/Makefile | 3 +- lib/rsa/rsa-keyprop.c | 725 +++++++++++++++++++++++++++++ lib/rsa/rsa-verify.c | 137 ++++-- test/Kconfig | 10 + test/lib/Makefile | 1 + test/lib/rsa.c | 206 ++++++++ tools/Makefile | 2 +- 20 files changed, 1556 insertions(+), 435 deletions(-) create mode 100644 common/image-fit-sig.c create mode 100644 lib/rsa/rsa-keyprop.c create mode 100644 test/lib/rsa.c