Hello Simon,

Am 26.01.2014 22:10, schrieb Simon Glass:
Hi Heiko,

On 24 January 2014 23:44, Heiko Schocher<h...@denx.de>  wrote:
based on patch from andr...@oetken.name:

http://patchwork.ozlabs.org/patch/294318/

Should probably add the full commit message in here.

Ok, do this in v2.

- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher<h...@denx.de>
Cc: Simon Glass<s...@chromium.org>
Cc: andr...@oetken.name
---
  common/image-sig.c     | 33 +++++++++++++++++
  include/image.h        | 21 +++++++++++
  include/rsa-checksum.h | 25 +++++++++++++
  include/rsa.h          | 25 +++++++++++++
  lib/rsa/Makefile       |  2 +-
  lib/rsa/rsa-checksum.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++
  lib/rsa/rsa-sign.c     | 10 +++---
  lib/rsa/rsa-verify.c   | 83 +++++++++++++-----------------------------
  8 files changed, 233 insertions(+), 64 deletions(-)
  create mode 100644 include/rsa-checksum.h
  create mode 100644 lib/rsa/rsa-checksum.c
[...]
diff --git a/include/rsa.h b/include/rsa.h
index add4c78..adf809b 100644
--- a/include/rsa.h
+++ b/include/rsa.h
@@ -15,6 +15,20 @@
  #include<errno.h>
  #include<image.h>

+/**
+ * struct rsa_public_key - holder for a public key
+ *
+ * An RSA public key consists of a modulus (typically called N), the inverse
+ * and R^2, where R is 2^(# key bits).
+ */
+
+struct rsa_public_key {
+       uint len;        /* Length of modulus[] in number of uint32_t */
+       uint32_t n0inv;        /* -1 / modulus[0] mod 2^32 */
+       uint32_t *modulus;    /* modulus as little endian array */
+       uint32_t *rr;        /* R^2 as little endian array */
+};
+
  #if IMAGE_ENABLE_SIGN
  /**
   * sign() - calculate and return signature for given input data
@@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct image_sign_info 
*info,
  int rsa_verify(struct image_sign_info *info,
                const struct image_region region[], int region_count,
                uint8_t *sig, uint sig_len);
+
+int rsa_verify_256(struct image_sign_info *info,
+              const struct image_region region[], int region_count,
+              uint8_t *sig, uint sig_len);

Do we need to create this as a separate function? It seems a bit icky.
Can rsa_verify() not handle both?

Good catch! I never defined rsa_verify_256(), remove this in v2.

  #else
  static inline int rsa_verify(struct image_sign_info *info,
                 const struct image_region region[], int region_count,
@@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info *info,
  {
         return -ENXIO;
  }
+
+static inline int rsa_verify_256(struct image_sign_info *info,
+               const struct image_region region[], int region_count,
+               uint8_t *sig, uint sig_len)
+{
+       return -ENXIO;
+}
  #endif

  #endif
[...]
Also can you please update the tests to include a sha256 test?

You mean the "test/vboot/vboot_test.sh" ?

bye,
Heiko
--
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Reply via email to