[v2,37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines

Message ID	20210506142438.1310977-10-sjg@chromium.org
State	Deferred
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Simon Glass <sjg@chromium.org> To: U-Boot Mailing List <u-boot@lists.denx.de> Cc: Tom Rini <trini@konsulko.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>, Andre Przywara <andre.przywara@arm.com>, Masahiro Yamada <masahiroy@kernel.org>, Rasmus Villemoes <rasmus.villemoes@prevas.dk>, Robert Marko <robert.marko@sartura.hr>, Bin Meng <bmeng.cn@gmail.com>, Simon Glass <sjg@chromium.org>, Joe Hershberger <joe.hershberger@ni.com>, Marek Vasut <marex@denx.de> Subject: [PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines Date: Thu, 6 May 2021 08:24:25 -0600 Message-Id: <20210506142438.1310977-10-sjg@chromium.org> In-Reply-To: <20210506142438.1310977-1-sjg@chromium.org> References: <20210506142438.1310977-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	image: Reduce #ifdefs and ad-hoc defines in image code \| expand [v2,00/50] image: Reduce #ifdefs and ad-hoc defines in image code [v2,01/50] lib: Add memdup() [v2,02/50] Add support for an owned buffer [v2,03/50] compiler: Add a comment to host_build() [v2,04/50] zstd: Create a function for use from U-Boot [v2,05/50] btrfs: Use U-Boot API for decompression [v2,06/50] image: Avoid switch default in image_decomp() [v2,07/50] image: Update zstd to avoid reporting error twice [v2,08/50] gzip: Avoid use of u64 [v2,09/50] image: Update image_decomp() to avoid ifdefs [v2,10/50] image: Split board code out into its own file [v2,11/50] image: Fix up checkpatch warnings in image-board.c [v2,12/50] image: Split host code out into its own file [v2,13/50] image: Create a function to do manual relocation [v2,14/50] image: Avoid #ifdefs for manual relocation [v2,15/50] image: Remove ifdefs around image_setup_linux() el at [v2,16/50] image: Add Kconfig options for FIT in the host build [v2,17/50] kconfig: Add host support to CONFIG_IS_ENABLED() [v2,18/50] image: Shorten FIT_ENABLE_SHAxxx_SUPPORT [v2,19/50] image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx [v2,20/50] hash: Use Kconfig to enable hashing in host tools [v2,21/50] hash: Drop some #ifdefs in hash.c [v2,22/50] image: Drop IMAGE_ENABLE_FIT [v2,23/50] image: Drop IMAGE_ENABLE_OF_LIBFDT [v2,24/50] image: Use Kconfig to enable CONFIG_FIT_VERBOSE on host [v2,25/50] image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT [v2,26/50] image: Use Kconfig to enable FIT_RSASSA_PSS on host [v2,27/50] Kconfig: Rename SPL_CRC32_SUPPORT to SPL_CRC32 [v2,28/50] image: Drop IMAGE_ENABLE_CRC32 [v2,29/50] Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5 [v2,30/50] image: Drop IMAGE_ENABLE_MD5 [v2,31/50] image: Drop IMAGE_ENABLE_SHA1 [v2,32/50] image: Drop IMAGE_ENABLE_SHAxxx [v2,33/50] image: Drop IMAGE_BOOT_GET_CMDLINE [v2,34/50] image: Drop IMAGE_OF_BOARD_SETUP [v2,35/50] image: Drop IMAGE_OF_SYSTEM_SETUP [v2,36/50] image: Drop IMAGE_ENABLE_IGNORE [v2,37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines [v2,38/50] image: Drop IMAGE_ENABLE_BEST_MATCH [v2,39/50] image: Drop IMAGE_ENABLE_EN/DECRYPT defines [v2,40/50] image: Tidy up fit_unsupported_reset() [v2,41/50] image: Drop unnecessary #ifdefs from image.h [v2,42/50] image: Drop #ifdefs for fit_print_contents() [v2,43/50] image: Drop most #ifdefs in image-board.c [v2,44/50] image: Reduce variable scope in boot_get_ramdisk() [v2,45/50] image: Split up boot_get_ramdisk() [v2,46/50] image: Remove #ifdefs from select_ramdisk() [v2,47/50] image: Remove some #ifdefs from image-fit and image-fit-sig [v2,48/50] image: Reduce variable scope in boot_get_fdt() [v2,49/50] image: Split up boot_get_fdt() [v2,50/50] image: Remove #ifdefs from select_fdt()

Message ID

20210506142438.1310977-10-sjg@chromium.org

State

Deferred

Delegated to:

Tom Rini

Headers

From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Tom Rini <trini@konsulko.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Andre Przywara <andre.przywara@arm.com>,
 Masahiro Yamada <masahiroy@kernel.org>,
 Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
 Robert Marko <robert.marko@sartura.hr>, Bin Meng <bmeng.cn@gmail.com>,
 Simon Glass <sjg@chromium.org>, Joe Hershberger <joe.hershberger@ni.com>,
 Marek Vasut <marex@denx.de>
Subject: [PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines
Date: Thu,  6 May 2021 08:24:25 -0600
Message-Id: <20210506142438.1310977-10-sjg@chromium.org>
In-Reply-To: <20210506142438.1310977-1-sjg@chromium.org>
References: <20210506142438.1310977-1-sjg@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

image: Reduce #ifdefs and ad-hoc defines in image code | expand

Commit Message

Simon Glass May 6, 2021, 2:24 p.m. UTC

Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can use
CONFIG_IS_ENABLED() directly in the host build, so drop the unnecessary
indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY. Also drop
FIT_IMAGE_ENABLE_VERIFY which is not actually used.

Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is incomplete
and needs to be integrated with RSA.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

(no changes since v1)

 common/image-fit.c     |  6 +++---
 common/image-sig.c     | 10 +++++-----
 include/image.h        | 13 ++-----------
 include/u-boot/ecdsa.h |  2 +-
 include/u-boot/rsa.h   |  4 ++--
 tools/Kconfig          | 10 ++++++++++
 tools/image-host.c     |  4 ++--
 7 files changed, 25 insertions(+), 24 deletions(-)

Comments

Alex G. May 14, 2021, 8:38 p.m. UTC | #1

On 5/6/21 9:24 AM, Simon Glass wrote:
> Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can use
> CONFIG_IS_ENABLED() directly in the host build, so drop the unnecessary
> indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY. Also drop
> FIT_IMAGE_ENABLE_VERIFY which is not actually used.
> 
> Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is incomplete
> and needs to be integrated with RSA.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
> 
> (no changes since v1)
> 
>   common/image-fit.c     |  6 +++---
>   common/image-sig.c     | 10 +++++-----
>   include/image.h        | 13 ++-----------
>   include/u-boot/ecdsa.h |  2 +-
>   include/u-boot/rsa.h   |  4 ++--
>   tools/Kconfig          | 10 ++++++++++
>   tools/image-host.c     |  4 ++--
>   7 files changed, 25 insertions(+), 24 deletions(-)
> 
> diff --git a/common/image-fit.c b/common/image-fit.c
> index c13ff6bba24..e81a0858dc1 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -1301,7 +1301,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset,
>   	int ret;
>   
>   	/* Verify all required signatures */
> -	if (FIT_IMAGE_ENABLE_VERIFY &&
> +	if (CONFIG_IS_ENABLED(RSA_VERIFY) &&

NAK. Having verification depend directly on CONFIG_RSA_VERIFY will make 
adding ECDSA support that much more convoluted.


>   	    fit_image_verify_required_sigs(fit, image_noffset, data, size,
>   					   gd_fdt_blob(), &verify_all)) {
>   		err_msg = "Unable to verify required signature";
> @@ -1323,7 +1323,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset,
>   						 &err_msg))
>   				goto error;
>   			puts("+ ");
> -		} else if (FIT_IMAGE_ENABLE_VERIFY && verify_all &&
> +		} else if (CONFIG_IS_ENABLED(RSA_VERIFY) && verify_all &&
>   				!strncmp(name, FIT_SIG_NODENAME,
>   					strlen(FIT_SIG_NODENAME))) {
>   			ret = fit_image_check_sig(fit, noffset, data,
> @@ -2045,7 +2045,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
>   		if (image_type == IH_TYPE_KERNEL)
>   			images->fit_uname_cfg = fit_base_uname_config;
>   
> -		if (FIT_IMAGE_ENABLE_VERIFY && images->verify) {
> +		if (CONFIG_IS_ENABLED(RSA_VERIFY) && images->verify) {
>   			puts("   Verifying Hash Integrity ... ");
>   			if (fit_config_verify(fit, cfg_noffset)) {
>   				puts("Bad Data Hash\n");
> diff --git a/common/image-sig.c b/common/image-sig.c
> index bbc6bb3b1e3..74ca96a39e9 100644
> --- a/common/image-sig.c
> +++ b/common/image-sig.c
> @@ -29,7 +29,7 @@ struct checksum_algo checksum_algos[] = {
>   		.checksum_len = SHA1_SUM_LEN,
>   		.der_len = SHA1_DER_LEN,
>   		.der_prefix = sha1_der_prefix,
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   		.calculate_sign = EVP_sha1,
>   #endif
>   		.calculate = hash_calculate,
> @@ -39,7 +39,7 @@ struct checksum_algo checksum_algos[] = {
>   		.checksum_len = SHA256_SUM_LEN,
>   		.der_len = SHA256_DER_LEN,
>   		.der_prefix = sha256_der_prefix,
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   		.calculate_sign = EVP_sha256,
>   #endif
>   		.calculate = hash_calculate,
> @@ -50,7 +50,7 @@ struct checksum_algo checksum_algos[] = {
>   		.checksum_len = SHA384_SUM_LEN,
>   		.der_len = SHA384_DER_LEN,
>   		.der_prefix = sha384_der_prefix,
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   		.calculate_sign = EVP_sha384,
>   #endif
>   		.calculate = hash_calculate,
> @@ -62,7 +62,7 @@ struct checksum_algo checksum_algos[] = {
>   		.checksum_len = SHA512_SUM_LEN,
>   		.der_len = SHA512_DER_LEN,
>   		.der_prefix = sha512_der_prefix,
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   		.calculate_sign = EVP_sha512,
>   #endif
>   		.calculate = hash_calculate,
> @@ -122,7 +122,7 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name)
>   				struct checksum_algo *algo = &checksum_algos[i];
>   
>   				MANUAL_RELOC(algo->name);
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   				MANUAL_RELOC(algo->calculate_sign);
>   #endif
>   				MANUAL_RELOC(algo->calculate);
> diff --git a/include/image.h b/include/image.h
> index 64866c609f4..12043abd049 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1139,22 +1139,13 @@ int calculate_hash(const void *data, int data_len, const char *algo,
>    */
>   #if defined(USE_HOSTCC)
>   # if defined(CONFIG_FIT_SIGNATURE)
> -#  define IMAGE_ENABLE_SIGN	1
> -#  define IMAGE_ENABLE_VERIFY	1
>   #  define IMAGE_ENABLE_VERIFY_ECDSA	1
> -#  define FIT_IMAGE_ENABLE_VERIFY	1
>   #  include <openssl/evp.h>
>   # else
> -#  define IMAGE_ENABLE_SIGN	0
> -#  define IMAGE_ENABLE_VERIFY	0
>   # define IMAGE_ENABLE_VERIFY_ECDSA	0
> -#  define FIT_IMAGE_ENABLE_VERIFY	0
>   # endif
>   #else
> -# define IMAGE_ENABLE_SIGN	0
> -# define IMAGE_ENABLE_VERIFY		CONFIG_IS_ENABLED(RSA_VERIFY)
>   # define IMAGE_ENABLE_VERIFY_ECDSA	0
> -# define FIT_IMAGE_ENABLE_VERIFY	CONFIG_IS_ENABLED(FIT_SIGNATURE)
>   #endif
>   
>   #if CONFIG_IS_ENABLED(FIT)
> @@ -1209,7 +1200,7 @@ struct image_region {
>   	int size;
>   };
>   
> -#if IMAGE_ENABLE_VERIFY
> +#if CONFIG_IS_ENABLED(RSA_VERIFY)
>   # include <u-boot/hash-checksum.h>
>   #endif
>   struct checksum_algo {
> @@ -1217,7 +1208,7 @@ struct checksum_algo {
>   	const int checksum_len;
>   	const int der_len;
>   	const uint8_t *der_prefix;
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   	const EVP_MD *(*calculate_sign)(void);
>   #endif
>   	int (*calculate)(const char *name,
> diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
> index 979690d9660..a446b656a29 100644
> --- a/include/u-boot/ecdsa.h
> +++ b/include/u-boot/ecdsa.h
> @@ -15,7 +15,7 @@
>    * @see "struct crypto_algo"
>    * @{
>    */
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   /**
>    * sign() - calculate and return signature for given input data
>    *
> diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
> index 45fe3509093..84cefbab442 100644
> --- a/include/u-boot/rsa.h
> +++ b/include/u-boot/rsa.h
> @@ -31,7 +31,7 @@ struct rsa_public_key {
>   
>   struct image_sign_info;
>   
> -#if IMAGE_ENABLE_SIGN
> +#if CONFIG_IS_ENABLED(FIT_SIGN)
>   /**
>    * sign() - calculate and return signature for given input data
>    *
> @@ -81,7 +81,7 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
>   }
>   #endif
>   
> -#if IMAGE_ENABLE_VERIFY
> +#if CONFIG_IS_ENABLED(RSA_VERIFY)
>   /**
>    * rsa_verify_hash() - Verify a signature against a hash
>    *
> diff --git a/tools/Kconfig b/tools/Kconfig
> index bbd6e8b9d79..13f923c7ac7 100644
> --- a/tools/Kconfig
> +++ b/tools/Kconfig
> @@ -59,6 +59,11 @@ config HOST_FIT_SIGNATURE
>   	help
>   	  Enable signature verification of FIT uImages in the host build
>   
> +config HOST_FIT_SIGN
> +	def_bool y
> +	help
> +	  Enable signing FIT uImages in the host build
> +
>   config HOST_FIT_SIGNATURE_MAX_SIZE
>   	hex
>   	depends on HOST_FIT_SIGNATURE
> @@ -79,6 +84,11 @@ config HOST_OF_LIBFDT
>   	help
>   	  Enable libfdt support in the host build.
>   
> +config HOST_RSA_VERIFY
> +	def_bool y
> +	help
> +	  Enable RSA verification support in the host build.
> +
>   config HOST_SHA1
>   	def_bool y
>   	help
> diff --git a/tools/image-host.c b/tools/image-host.c
> index 270d36fe451..2be897db943 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -636,7 +636,7 @@ int fit_image_add_verification_data(const char *keydir, const char *keyfile,
>   			     strlen(FIT_HASH_NODENAME))) {
>   			ret = fit_image_process_hash(fit, image_name, noffset,
>   						data, size);
> -		} else if (IMAGE_ENABLE_SIGN && (keydir || keyfile) &&
> +		} else if (CONFIG_IS_ENABLED(FIT_SIGN) && (keydir || keyfile) &&
>   			   !strncmp(node_name, FIT_SIG_NODENAME,
>   				strlen(FIT_SIG_NODENAME))) {
>   			ret = fit_image_process_sig(keydir, keyfile, keydest,
> @@ -1086,7 +1086,7 @@ int fit_add_verification_data(const char *keydir, const char *keyfile,
>   	}
>   
>   	/* If there are no keys, we can't sign configurations */
> -	if (!IMAGE_ENABLE_SIGN || !(keydir || keyfile))
> +	if (!CONFIG_IS_ENABLED(FIT_SIGN) || !(keydir || keyfile))
>   		return 0;
>   
>   	/* Find configurations parent node offset */
>

Simon Glass May 14, 2021, 8:44 p.m. UTC | #2

Hi Alex,

On Fri, 14 May 2021 at 14:38, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 5/6/21 9:24 AM, Simon Glass wrote:
> > Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can use
> > CONFIG_IS_ENABLED() directly in the host build, so drop the unnecessary
> > indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY. Also drop
> > FIT_IMAGE_ENABLE_VERIFY which is not actually used.
> >
> > Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is incomplete
> > and needs to be integrated with RSA.
> >
> > Signed-off-by: Simon Glass <sjg@chromium.org>
> > ---
> >
> > (no changes since v1)
> >
> >   common/image-fit.c     |  6 +++---
> >   common/image-sig.c     | 10 +++++-----
> >   include/image.h        | 13 ++-----------
> >   include/u-boot/ecdsa.h |  2 +-
> >   include/u-boot/rsa.h   |  4 ++--
> >   tools/Kconfig          | 10 ++++++++++
> >   tools/image-host.c     |  4 ++--
> >   7 files changed, 25 insertions(+), 24 deletions(-)
> >
> > diff --git a/common/image-fit.c b/common/image-fit.c
> > index c13ff6bba24..e81a0858dc1 100644
> > --- a/common/image-fit.c
> > +++ b/common/image-fit.c
> > @@ -1301,7 +1301,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset,
> >       int ret;
> >
> >       /* Verify all required signatures */
> > -     if (FIT_IMAGE_ENABLE_VERIFY &&
> > +     if (CONFIG_IS_ENABLED(RSA_VERIFY) &&
>
> NAK. Having verification depend directly on CONFIG_RSA_VERIFY will make
> adding ECDSA support that much more convoluted.

Let me counter-NAK.

The ECDSA needs to be integrated into the RSA stuff, as we have done
with hashing. E.g. CONFIG_VERIFY that enables the feature, with a
driver to select which methods are supported.

I think I mentioned that in the original review.

Regards,
Simon

Alex G. May 14, 2021, 9:17 p.m. UTC | #3

On 5/14/21 3:44 PM, Simon Glass wrote:
> Hi Alex,
> 
> On Fri, 14 May 2021 at 14:38, Alex G. <mr.nuke.me@gmail.com> wrote:
>> 
>> 
>> 
>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>> Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can
>>> use CONFIG_IS_ENABLED() directly in the host build, so drop the
>>> unnecessary indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY.
>>> Also drop FIT_IMAGE_ENABLE_VERIFY which is not actually used.
>>> 
>>> Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is
>>> incomplete and needs to be integrated with RSA.
>>> 
>>> Signed-off-by: Simon Glass <sjg@chromium.org> ---
>>> 
>>> (no changes since v1)
>>> 
>>> common/image-fit.c     |  6 +++--- common/image-sig.c     | 10
>>> +++++----- include/image.h        | 13 ++----------- 
>>> include/u-boot/ecdsa.h |  2 +- include/u-boot/rsa.h   |  4 ++-- 
>>> tools/Kconfig          | 10 ++++++++++ tools/image-host.c     |
>>> 4 ++-- 7 files changed, 25 insertions(+), 24 deletions(-)
>>> 
>>> diff --git a/common/image-fit.c b/common/image-fit.c index
>>> c13ff6bba24..e81a0858dc1 100644 --- a/common/image-fit.c +++
>>> b/common/image-fit.c @@ -1301,7 +1301,7 @@ int
>>> fit_image_verify_with_data(const void *fit, int image_noffset, 
>>> int ret;
>>> 
>>> /* Verify all required signatures */ -     if
>>> (FIT_IMAGE_ENABLE_VERIFY && +     if
>>> (CONFIG_IS_ENABLED(RSA_VERIFY) &&
>> 
>> NAK. Having verification depend directly on CONFIG_RSA_VERIFY will
>> make adding ECDSA support that much more convoluted.
> 
> Let me counter-NAK.
> 
> The ECDSA needs to be integrated into the RSA stuff, as we have done 
> with hashing. E.g. CONFIG_VERIFY that enables the feature, with a 
> driver to select which methods are supported.

Then why not add a CONFIG_(SPL_)VERIFY to this patch instead of 
replacing a common define with an algo-secific CONFIG?

> I think I mentioned that in the original review.

You did. Integrating ECDSA with RSA is orthogonal to ECDSA verification.
I like the motivation behind this cosmetic series, but it is
creating unnecessary complications to adding the ECDSA features.

     "It is relatively straightforward to add new algorithms if required.
      [...] If another algorithm is needed (such as DSA) then it can be
      placed alongside rsa.c, and its functions added to the table in
      image-sig.c also."

That's from doc/uImage.FIT/signature.txt. Seems like we're changing goal 
posts as the balls are already in the air. I want to tone down this 
series, pick a few patches that I really like, combine them with some of 
my changes and submit a co-authored series with the uncontroversial changes.

I posted a parallel series which eliminates IMAGE_ENABLE_VERIFY_ECDSA, 
and is far less intrusive. I was already trying to combine it with some 
patches in this series. Let's see how that goes

Alex

Simon Glass May 15, 2021, 3:20 p.m. UTC | #4

Hi Alex,

On Fri, 14 May 2021 at 15:17, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 5/14/21 3:44 PM, Simon Glass wrote:
> > Hi Alex,
> >
> > On Fri, 14 May 2021 at 14:38, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>
> >>
> >>
> >> On 5/6/21 9:24 AM, Simon Glass wrote:
> >>> Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can
> >>> use CONFIG_IS_ENABLED() directly in the host build, so drop the
> >>> unnecessary indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY.
> >>> Also drop FIT_IMAGE_ENABLE_VERIFY which is not actually used.
> >>>
> >>> Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is
> >>> incomplete and needs to be integrated with RSA.
> >>>
> >>> Signed-off-by: Simon Glass <sjg@chromium.org> ---
> >>>
> >>> (no changes since v1)
> >>>
> >>> common/image-fit.c     |  6 +++--- common/image-sig.c     | 10
> >>> +++++----- include/image.h        | 13 ++-----------
> >>> include/u-boot/ecdsa.h |  2 +- include/u-boot/rsa.h   |  4 ++--
> >>> tools/Kconfig          | 10 ++++++++++ tools/image-host.c     |
> >>> 4 ++-- 7 files changed, 25 insertions(+), 24 deletions(-)
> >>>
> >>> diff --git a/common/image-fit.c b/common/image-fit.c index
> >>> c13ff6bba24..e81a0858dc1 100644 --- a/common/image-fit.c +++
> >>> b/common/image-fit.c @@ -1301,7 +1301,7 @@ int
> >>> fit_image_verify_with_data(const void *fit, int image_noffset,
> >>> int ret;
> >>>
> >>> /* Verify all required signatures */ -     if
> >>> (FIT_IMAGE_ENABLE_VERIFY && +     if
> >>> (CONFIG_IS_ENABLED(RSA_VERIFY) &&
> >>
> >> NAK. Having verification depend directly on CONFIG_RSA_VERIFY will
> >> make adding ECDSA support that much more convoluted.
> >
> > Let me counter-NAK.
> >
> > The ECDSA needs to be integrated into the RSA stuff, as we have done
> > with hashing. E.g. CONFIG_VERIFY that enables the feature, with a
> > driver to select which methods are supported.
>
> Then why not add a CONFIG_(SPL_)VERIFY to this patch instead of
> replacing a common define with an algo-secific CONFIG?

That would be a separate series. CONFIG_RSA_VERIFY is not new and
adding an SPL / host version of it is the goal here.

>
> > I think I mentioned that in the original review.
>
> You did. Integrating ECDSA with RSA is orthogonal to ECDSA verification.
> I like the motivation behind this cosmetic series, but it is
> creating unnecessary complications to adding the ECDSA features.

RSA and ECDSA should have a common API on the board, with a linker
list. The sooner that happens (even with an dummy ECDSA impl), the
better.

>
>      "It is relatively straightforward to add new algorithms if required.
>       [...] If another algorithm is needed (such as DSA) then it can be
>       placed alongside rsa.c, and its functions added to the table in
>       image-sig.c also."
>
> That's from doc/uImage.FIT/signature.txt. Seems like we're changing goal
> posts as the balls are already in the air. I want to tone down this
> series, pick a few patches that I really like, combine them with some of
> my changes and submit a co-authored series with the uncontroversial changes.
>
> I posted a parallel series which eliminates IMAGE_ENABLE_VERIFY_ECDSA,
> and is far less intrusive. I was already trying to combine it with some
> patches in this series. Let's see how that goes

See above. The goal of my series is to remove #ifdefs from image code.
If your approach can do that, or some combination, that is fine with
me.

Regards,
SImon

diff --git a/common/image-fit.c b/common/image-fit.c
index c13ff6bba24..e81a0858dc1 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1301,7 +1301,7 @@  int fit_image_verify_with_data(const void *fit, int image_noffset,
 	int ret;
 
 	/* Verify all required signatures */
-	if (FIT_IMAGE_ENABLE_VERIFY &&
+	if (CONFIG_IS_ENABLED(RSA_VERIFY) &&
 	    fit_image_verify_required_sigs(fit, image_noffset, data, size,
 					   gd_fdt_blob(), &verify_all)) {
 		err_msg = "Unable to verify required signature";
@@ -1323,7 +1323,7 @@  int fit_image_verify_with_data(const void *fit, int image_noffset,
 						 &err_msg))
 				goto error;
 			puts("+ ");
-		} else if (FIT_IMAGE_ENABLE_VERIFY && verify_all &&
+		} else if (CONFIG_IS_ENABLED(RSA_VERIFY) && verify_all &&
 				!strncmp(name, FIT_SIG_NODENAME,
 					strlen(FIT_SIG_NODENAME))) {
 			ret = fit_image_check_sig(fit, noffset, data,
@@ -2045,7 +2045,7 @@  int fit_image_load(bootm_headers_t *images, ulong addr,
 		if (image_type == IH_TYPE_KERNEL)
 			images->fit_uname_cfg = fit_base_uname_config;
 
-		if (FIT_IMAGE_ENABLE_VERIFY && images->verify) {
+		if (CONFIG_IS_ENABLED(RSA_VERIFY) && images->verify) {
 			puts("   Verifying Hash Integrity ... ");
 			if (fit_config_verify(fit, cfg_noffset)) {
 				puts("Bad Data Hash\n");
diff --git a/common/image-sig.c b/common/image-sig.c
index bbc6bb3b1e3..74ca96a39e9 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -29,7 +29,7 @@  struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA1_SUM_LEN,
 		.der_len = SHA1_DER_LEN,
 		.der_prefix = sha1_der_prefix,
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 		.calculate_sign = EVP_sha1,
 #endif
 		.calculate = hash_calculate,
@@ -39,7 +39,7 @@  struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA256_SUM_LEN,
 		.der_len = SHA256_DER_LEN,
 		.der_prefix = sha256_der_prefix,
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 		.calculate_sign = EVP_sha256,
 #endif
 		.calculate = hash_calculate,
@@ -50,7 +50,7 @@  struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA384_SUM_LEN,
 		.der_len = SHA384_DER_LEN,
 		.der_prefix = sha384_der_prefix,
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 		.calculate_sign = EVP_sha384,
 #endif
 		.calculate = hash_calculate,
@@ -62,7 +62,7 @@  struct checksum_algo checksum_algos[] = {
 		.checksum_len = SHA512_SUM_LEN,
 		.der_len = SHA512_DER_LEN,
 		.der_prefix = sha512_der_prefix,
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 		.calculate_sign = EVP_sha512,
 #endif
 		.calculate = hash_calculate,
@@ -122,7 +122,7 @@  struct checksum_algo *image_get_checksum_algo(const char *full_name)
 				struct checksum_algo *algo = &checksum_algos[i];
 
 				MANUAL_RELOC(algo->name);
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 				MANUAL_RELOC(algo->calculate_sign);
 #endif
 				MANUAL_RELOC(algo->calculate);
diff --git a/include/image.h b/include/image.h
index 64866c609f4..12043abd049 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1139,22 +1139,13 @@  int calculate_hash(const void *data, int data_len, const char *algo,
  */
 #if defined(USE_HOSTCC)
 # if defined(CONFIG_FIT_SIGNATURE)
-#  define IMAGE_ENABLE_SIGN	1
-#  define IMAGE_ENABLE_VERIFY	1
 #  define IMAGE_ENABLE_VERIFY_ECDSA	1
-#  define FIT_IMAGE_ENABLE_VERIFY	1
 #  include <openssl/evp.h>
 # else
-#  define IMAGE_ENABLE_SIGN	0
-#  define IMAGE_ENABLE_VERIFY	0
 # define IMAGE_ENABLE_VERIFY_ECDSA	0
-#  define FIT_IMAGE_ENABLE_VERIFY	0
 # endif
 #else
-# define IMAGE_ENABLE_SIGN	0
-# define IMAGE_ENABLE_VERIFY		CONFIG_IS_ENABLED(RSA_VERIFY)
 # define IMAGE_ENABLE_VERIFY_ECDSA	0
-# define FIT_IMAGE_ENABLE_VERIFY	CONFIG_IS_ENABLED(FIT_SIGNATURE)
 #endif
 
 #if CONFIG_IS_ENABLED(FIT)
@@ -1209,7 +1200,7 @@  struct image_region {
 	int size;
 };
 
-#if IMAGE_ENABLE_VERIFY
+#if CONFIG_IS_ENABLED(RSA_VERIFY)
 # include <u-boot/hash-checksum.h>
 #endif
 struct checksum_algo {
@@ -1217,7 +1208,7 @@  struct checksum_algo {
 	const int checksum_len;
 	const int der_len;
 	const uint8_t *der_prefix;
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 	const EVP_MD *(*calculate_sign)(void);
 #endif
 	int (*calculate)(const char *name,
diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
index 979690d9660..a446b656a29 100644
--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@@ -15,7 +15,7 @@ 
  * @see "struct crypto_algo"
  * @{
  */
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 /**
  * sign() - calculate and return signature for given input data
  *
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 45fe3509093..84cefbab442 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -31,7 +31,7 @@  struct rsa_public_key {
 
 struct image_sign_info;
 
-#if IMAGE_ENABLE_SIGN
+#if CONFIG_IS_ENABLED(FIT_SIGN)
 /**
  * sign() - calculate and return signature for given input data
  *
@@ -81,7 +81,7 @@  static inline int rsa_add_verify_data(struct image_sign_info *info,
 }
 #endif
 
-#if IMAGE_ENABLE_VERIFY
+#if CONFIG_IS_ENABLED(RSA_VERIFY)
 /**
  * rsa_verify_hash() - Verify a signature against a hash
  *
diff --git a/tools/Kconfig b/tools/Kconfig
index bbd6e8b9d79..13f923c7ac7 100644
--- a/tools/Kconfig
+++ b/tools/Kconfig
@@ -59,6 +59,11 @@  config HOST_FIT_SIGNATURE
 	help
 	  Enable signature verification of FIT uImages in the host build
 
+config HOST_FIT_SIGN
+	def_bool y
+	help
+	  Enable signing FIT uImages in the host build
+
 config HOST_FIT_SIGNATURE_MAX_SIZE
 	hex
 	depends on HOST_FIT_SIGNATURE
@@ -79,6 +84,11 @@  config HOST_OF_LIBFDT
 	help
 	  Enable libfdt support in the host build.
 
+config HOST_RSA_VERIFY
+	def_bool y
+	help
+	  Enable RSA verification support in the host build.
+
 config HOST_SHA1
 	def_bool y
 	help
diff --git a/tools/image-host.c b/tools/image-host.c
index 270d36fe451..2be897db943 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -636,7 +636,7 @@  int fit_image_add_verification_data(const char *keydir, const char *keyfile,
 			     strlen(FIT_HASH_NODENAME))) {
 			ret = fit_image_process_hash(fit, image_name, noffset,
 						data, size);
-		} else if (IMAGE_ENABLE_SIGN && (keydir || keyfile) &&
+		} else if (CONFIG_IS_ENABLED(FIT_SIGN) && (keydir || keyfile) &&
 			   !strncmp(node_name, FIT_SIG_NODENAME,
 				strlen(FIT_SIG_NODENAME))) {
 			ret = fit_image_process_sig(keydir, keyfile, keydest,
@@ -1086,7 +1086,7 @@  int fit_add_verification_data(const char *keydir, const char *keyfile,
 	}
 
 	/* If there are no keys, we can't sign configurations */
-	if (!IMAGE_ENABLE_SIGN || !(keydir || keyfile))
+	if (!CONFIG_IS_ENABLED(FIT_SIGN) || !(keydir || keyfile))
 		return 0;
 
 	/* Find configurations parent node offset */

[v2,37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines

Commit Message

Comments

Patch