Hi Heiko, On 26 January 2014 22:45, Heiko Schocher <h...@denx.de> wrote: > Hello Simon, > > Am 26.01.2014 22:10, schrieb Simon Glass: > >> Hi Heiko, >> >> On 24 January 2014 23:44, Heiko Schocher<h...@denx.de> wrote: >>> >>> based on patch from andr...@oetken.name: >>> >>> http://patchwork.ozlabs.org/patch/294318/ >> >> >> Should probably add the full commit message in here. > > > Ok, do this in v2. > > >>> - removed checkpatch warnings >>> - removed compiler warnings >>> - rebased against current head >>> >>> Signed-off-by: Heiko Schocher<h...@denx.de> >>> Cc: Simon Glass<s...@chromium.org> >>> Cc: andr...@oetken.name >>> --- >>> common/image-sig.c | 33 +++++++++++++++++ >>> include/image.h | 21 +++++++++++ >>> include/rsa-checksum.h | 25 +++++++++++++ >>> include/rsa.h | 25 +++++++++++++ >>> lib/rsa/Makefile | 2 +- >>> lib/rsa/rsa-checksum.c | 98 >>> ++++++++++++++++++++++++++++++++++++++++++++++++++ >>> lib/rsa/rsa-sign.c | 10 +++--- >>> lib/rsa/rsa-verify.c | 83 +++++++++++++----------------------------- >>> 8 files changed, 233 insertions(+), 64 deletions(-) >>> create mode 100644 include/rsa-checksum.h >>> create mode 100644 lib/rsa/rsa-checksum.c > > [...] > >>> diff --git a/include/rsa.h b/include/rsa.h >>> index add4c78..adf809b 100644 >>> --- a/include/rsa.h >>> +++ b/include/rsa.h >>> @@ -15,6 +15,20 @@ >>> #include<errno.h> >>> #include<image.h> >>> >>> +/** >>> + * struct rsa_public_key - holder for a public key >>> + * >>> + * An RSA public key consists of a modulus (typically called N), the >>> inverse >>> + * and R^2, where R is 2^(# key bits). >>> + */ >>> + >>> +struct rsa_public_key { >>> + uint len; /* Length of modulus[] in number of uint32_t */ >>> + uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ >>> + uint32_t *modulus; /* modulus as little endian array */ >>> + uint32_t *rr; /* R^2 as little endian array */ >>> +}; >>> + >>> #if IMAGE_ENABLE_SIGN >>> /** >>> * sign() - calculate and return signature for given input data >>> @@ -80,6 +94,10 @@ static inline int rsa_add_verify_data(struct >>> image_sign_info *info, >>> int rsa_verify(struct image_sign_info *info, >>> const struct image_region region[], int region_count, >>> uint8_t *sig, uint sig_len); >>> + >>> +int rsa_verify_256(struct image_sign_info *info, >>> + const struct image_region region[], int region_count, >>> + uint8_t *sig, uint sig_len); >> >> >> Do we need to create this as a separate function? It seems a bit icky. >> Can rsa_verify() not handle both? > > > Good catch! I never defined rsa_verify_256(), remove this in v2. > > >>> #else >>> static inline int rsa_verify(struct image_sign_info *info, >>> const struct image_region region[], int region_count, >>> @@ -87,6 +105,13 @@ static inline int rsa_verify(struct image_sign_info >>> *info, >>> { >>> return -ENXIO; >>> } >>> + >>> +static inline int rsa_verify_256(struct image_sign_info *info, >>> + const struct image_region region[], int region_count, >>> + uint8_t *sig, uint sig_len) >>> +{ >>> + return -ENXIO; >>> +} >>> #endif >>> >>> #endif > > [...] > >> Also can you please update the tests to include a sha256 test? > > > You mean the "test/vboot/vboot_test.sh" ?
Yes, you could expand this, or convert to Python if you prefer. Regards, Simon _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
