Hello Simon,
Am 26.01.2014 22:10, schrieb Simon Glass:
Hi Heiko,
On 24 January 2014 23:44, Heiko Schocher<h...@denx.de> wrote:
based on patch from andr...@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
Should probably add the full commit message in here.
Ok, do this in v2.
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head
Signed-off-by: Heiko Schocher<h...@denx.de>
Cc: Simon Glass<s...@chromium.org>
Cc: andr...@oetken.name
---
common/image-sig.c | 33 +++++++++++++++++
include/image.h | 21 +++++++++++
include/rsa-checksum.h | 25 +++++++++++++
include/rsa.h | 25 +++++++++++++
lib/rsa/Makefile | 2 +-
lib/rsa/rsa-checksum.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++
lib/rsa/rsa-sign.c | 10 +++---
lib/rsa/rsa-verify.c | 83 +++++++++++++-----------------------------
8 files changed, 233 insertions(+), 64 deletions(-)
create mode 100644 include/rsa-checksum.h
create mode 100644 lib/rsa/rsa-checksum.c
[...]
diff --git a/include/rsa.h b/include/rsa.h
index add4c78..adf809b 100644
--- a/include/rsa.h
+++ b/include/rsa.h
@@ -15,6 +15,20 @@
#include<errno.h>
#include<image.h>
+/**
+ * struct rsa_public_key - holder for a public key
+ *
+ * An RSA public key consists of a modulus (typically called N), the inverse
+ * and R^2, where R is 2^(# key bits).
+ */
+
+struct rsa_public_key {
+ uint len; /* Length of modulus[] in number of uint32_t */
+ uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */
+ uint32_t *modulus; /* modulus as little endian array */
+ uint32_t *rr; /* R^2 as little endian array */
+};
+
#if IMAGE_ENABLE_SIGN
/**
* sign() - calculate and return signature for given input data
@@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct image_sign_info
*info,
int rsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len);
+
+int rsa_verify_256(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t *sig, uint sig_len);
Do we need to create this as a separate function? It seems a bit icky.
Can rsa_verify() not handle both?
Good catch! I never defined rsa_verify_256(), remove this in v2.
#else
static inline int rsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
@@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info *info,
{
return -ENXIO;
}
+
+static inline int rsa_verify_256(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t *sig, uint sig_len)
+{
+ return -ENXIO;
+}
#endif
#endif
[...]
Also can you please update the tests to include a sha256 test?
You mean the "test/vboot/vboot_test.sh" ?
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot