mkimage: ecdsa: password for signing from environment

Message ID	20230525081805.538669-1-sbabic@denx.de
State	Accepted
Commit	50195a23468e3a8a32cba8534d76627b5d189551
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Stefano Babic <sbabic@denx.de> To: U-Boot@lists.denx.de Cc: trini@konsulko.com, Stefano Babic <sbabic@denx.de> Subject: [PATCH] mkimage: ecdsa: password for signing from environment Date: Thu, 25 May 2023 10:18:05 +0200 Message-Id: <20230525081805.538669-1-sbabic@denx.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	mkimage: ecdsa: password for signing from environment \| expand mkimage: ecdsa: password for signing from environment

Message ID

20230525081805.538669-1-sbabic@denx.de

State

Accepted

Commit

50195a23468e3a8a32cba8534d76627b5d189551

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=denx.de header.i=@denx.de header.a=rsa-sha256
 header.s=phobos-20191101 header.b=xfsQku4f;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4QRgt75SvGz20QL
	for <incoming@patchwork.ozlabs.org>; Thu, 25 May 2023 18:18:22 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 2168F8471A;
	Thu, 25 May 2023 10:18:17 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=denx.de
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de;
	s=phobos-20191101; t=1685002697;
	bh=yYtAtuBZpGJ7wvcdAGf5S41KS9D1+H6t/FaAWJvPxm8=;
	h=From:To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From;
	b=xfsQku4fNgFfmyLPP86s05KlvSPhz0AbFl2lOWxzoqcxqvquPW7nAUbfjA/CCQgsy
	 Dz+gRggnY1xHTE6UDWwEtxJST4gRMq//p8ODI5S7zVdM+fVKqdok5JT6d+egdDWoSe
	 fTieBaqDPkZVCq9AOBbJUEQeRHRsgPA6YC5ZsOL+z/fpBGeqNFKSfg982ZO/UlvJhT
	 jn50UQQi8FMyLWcnipjF9lk6GR3ScbCmRxLjwQ25d7qnhGNcL2MJ4kD1auRVYmSAeA
	 XEOyLuH40XWTuPR81eyqZE6qV2N9B/Cd3aGfVVh5DIFOCDtBnewpiXAbs5DW+wKzda
	 slmFBrNY3mchQ==
Received: by phobos.denx.de (Postfix, from userid 109)
 id E7ECD847C8; Thu, 25 May 2023 10:18:15 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NEUTRAL,T_SCC_BODY_TEXT_LINE
 autolearn=no autolearn_force=no version=3.4.2
Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.9])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id E15FD8471A
 for <U-Boot@lists.denx.de>; Thu, 25 May 2023 10:18:13 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=denx.de
Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sbabic@denx.de
Received: from frontend01.mail.m-online.net (unknown [192.168.8.182])
 by mail-out.m-online.net (Postfix) with ESMTP id 4QRgsx43Jfz1r6Rt;
 Thu, 25 May 2023 10:18:13 +0200 (CEST)
Received: from localhost (dynscan1.mnet-online.de [192.168.6.70])
 by mail.m-online.net (Postfix) with ESMTP id 4QRgsx3j43z1qqlS;
 Thu, 25 May 2023 10:18:13 +0200 (CEST)
Received: from mail.mnet-online.de ([192.168.8.182])
 by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new,
 port 10024)
 with ESMTP id tXyvh5cms8Yj; Thu, 25 May 2023 10:18:12 +0200 (CEST)
Received: from babic.homelinux.org (host-88-217-136-221.customer.m-online.net
 [88.217.136.221])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mail.mnet-online.de (Postfix) with ESMTPS;
 Thu, 25 May 2023 10:18:11 +0200 (CEST)
Received: from localhost (mail.babic.homelinux.org [127.0.0.1])
 by babic.homelinux.org (Postfix) with ESMTP id 2EC50454075E;
 Thu, 25 May 2023 10:18:11 +0200 (CEST)
Received: from babic.homelinux.org ([IPv6:::1])
 by localhost (mail.babic.homelinux.org [IPv6:::1]) (amavisd-new, port 10024)
 with ESMTP id RrA-WrjS6qla; Thu, 25 May 2023 10:18:08 +0200 (CEST)
Received: from paperino.fritz.box (paperino.fritz.box [192.168.178.48])
 by babic.homelinux.org (Postfix) with ESMTP id 658AF454065D;
 Thu, 25 May 2023 10:18:08 +0200 (CEST)
From: Stefano Babic <sbabic@denx.de>
To: U-Boot@lists.denx.de
Cc: trini@konsulko.com,
	Stefano Babic <sbabic@denx.de>
Subject: [PATCH] mkimage: ecdsa: password for signing from environment
Date: Thu, 25 May 2023 10:18:05 +0200
Message-Id: <20230525081805.538669-1-sbabic@denx.de>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de
X-Virus-Status: Clean

Series

mkimage: ecdsa: password for signing from environment | expand

Commit Message

Stefano Babic May 25, 2023, 8:18 a.m. UTC

Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 lib/ecdsa/ecdsa-libcrypto.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

Comments

Tom Rini June 21, 2023, 6:40 p.m. UTC | #1

On Thu, May 25, 2023 at 10:18:05AM +0200, Stefano Babic wrote:

> Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
> allow the signing process to run in batch.
> 
> Signed-off-by: Stefano Babic <sbabic@denx.de>

Applied to u-boot/next, thanks!

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index d5939af2c5..5fa9be10b4 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -111,16 +111,30 @@  static size_t ecdsa_key_size_bytes(const EC_KEY *key)
 	return EC_GROUP_order_bits(group) / 8;
 }
 
+static int default_password(char *buf, int size, int rwflag, void *u)
+{
+	strncpy(buf, (char *)u, size);
+	buf[size - 1] = '\0';
+	return strlen(buf);
+}
+
 static int read_key(struct signer *ctx, const char *key_name)
 {
 	FILE *f = fopen(key_name, "r");
+	const char *key_pass;
 
 	if (!f) {
 		fprintf(stderr, "Can not get key file '%s'\n", key_name);
 		return -ENOENT;
 	}
 
-	ctx->evp_key = PEM_read_PrivateKey(f, NULL, NULL, NULL);
+	key_pass = getenv("MKIMAGE_SIGN_PASSWORD");
+	if (key_pass) {
+		ctx->evp_key = PEM_read_PrivateKey(f, NULL, default_password, (void *)key_pass);
+
+	} else {
+		ctx->evp_key = PEM_read_PrivateKey(f, NULL, NULL, NULL);
+	}
 	fclose(f);
 	if (!ctx->evp_key) {
 		fprintf(stderr, "Can not read key from '%s'\n", key_name);

mkimage: ecdsa: password for signing from environment

Commit Message

Comments

Patch