On Fri, Oct 25, 2019 at 07:07:32PM +0900, AKASHI Takahiro wrote: > # This patch set should be merged first prior to my rsa extension patch > # due to some dependency. I plan to send out a new version of rsa > # extension next week. > > Asn1 parsers of x509 certificates and pkcs7 messages are required > to implement image authentication and variable authentication as > part of UEFI secure boot feature. > > As we discussed before in the thread[1], most people insisted that > we should re-use corresponding source code from Linux repository > for this purpose. > > Here is my attempt to import all the necessary files from Linux; Those > will eventually be part of UEFI secure boot implementation, but I'd like > to get early feedback from other peoples before submitting the whole > patchset so that they will be better formatted for merging. > > My approach here is > * files from the latest Linux > * modify files as little as possible > * mark/protect unavoidable changes with "#if(n)def __UBOOT__" > so that future fixes/differences in Linux repository will easily > be applied to U-Boot. > > Known issues: > * checkpatch.pl > Checkpatch.pl will complain with a bunch of warnings/errors but > I intentionally left them unchanged for the sake of better > maintainability I said above. > > * unit test > I'm still waiting for a feedback from Tom[2] regarding how we should > enable "unit test" for ASN1 compiler/decoder on sandbox and others > in Travis CI. > > * Travis CI > It is still running against this very version, but I'm sure I have > fixed all the issues (as long as Heinrich's [3] is applied); > I will let you know the result on Monday.
All Travis CI tests have passed. -Takahiro Akashi > Any comments will be appreciated. > -Takahiro Akashi > > [1] https://lists.denx.de/pipermail/u-boot/2019-April/366423.html > [2] https://lists.denx.de/pipermail/u-boot/2019-October/387734.html > [3] https://lists.denx.de/pipermail/u-boot/2019-October/385643.html > > Changes in v2 (Oct 25, 2019) > * revise commit messages, describing what files are modified or not. > * move kmemdump() in ubifs.c to linux_compat.c for general use (patch#1) > * add patch#2 > * move date.c to lib/ for general use (patch#3) > * implement mktime64() with rtc_mktime() (patch#4) > * move asn1_compiler.c to tools/ (patch#7) > * change CONFIG_BUILD_ASN1 to CONFIG_ASN1_COMPILER (patch#7) > * add clean rule to asn1_compiler-generated files to clean targets (patch#8) > * change CONFIG_ASN1 to CONFIG_ASN1_DECODER (patch#9) > * add README for asn1 compiler/decoder (patch#10) > * move build_oid_registory to scripts/ (patch#11) > * shuffle an order of patches (patch#13,#14,#15) > * add a new config CONFIG_RSA_PUBLIC_KEY_PARSER so that it can be > * modify Kconfig dependency (patch#13,#14,#15) > compiled in independently (patch#13) > * add unit test (patch#16,#17) > > Changes in v1 (Oct 11, 2019) from RFC > * change the kernel code base from v5.0 to v5.3 > * add preparatory patches (#1, #2 and #3) > * comment off x509_check_for_self_signed() which is not useful > for UEFI secure boot (patch#9) > * improve usages of "#if(n)def __UBOOT__* to minimize differences > between U-Boot and linux kernel > > AKASHI Takahiro (17): > linux_compat: move kmemdup() from ubifs.c to linux_compat.c > rtc.h: add struct udevice declaration > rtc: move date.c from drivers/rtc/ to lib/ > lib: add mktime64() for linux compatibility > include: kernel.h: include printk.h > linux/time.h: include vsprintf.h > cmd: add asn1_compiler > Makefile: add build script for asn1 parsers > lib: add asn1 decoder > doc: add README for asn1 compiler and decoder > lib: add oid registry utility > lib: crypto: add public key utility > lib: crypto: add rsa public key parser > lib: crypto: add x509 parser > lib: crypto: add pkcs7 message parser > test: add lib specific Kconfig > test: add asn1 unit test > > Makefile | 1 + > cmd/Kconfig | 1 + > doc/README.asn1 | 40 + > drivers/rtc/Kconfig | 1 + > drivers/rtc/Makefile | 1 - > fs/ubifs/ubifs.c | 19 +- > include/crypto/internal/rsa.h | 57 + > include/crypto/pkcs7.h | 47 + > include/crypto/public_key.h | 90 ++ > include/keys/asymmetric-type.h | 88 ++ > include/linux/asn1.h | 65 ++ > include/linux/asn1_ber_bytecode.h | 89 ++ > include/linux/asn1_decoder.h | 20 + > include/linux/kernel.h | 2 +- > include/linux/oid_registry.h | 117 +++ > include/linux/time.h | 11 + > include/rtc.h | 2 + > lib/Kconfig | 17 + > lib/Makefile | 20 + > lib/asn1_decoder.c | 527 ++++++++++ > lib/crypto/Kconfig | 52 + > lib/crypto/Makefile | 49 + > lib/crypto/asymmetric_type.c | 668 ++++++++++++ > lib/crypto/pkcs7.asn1 | 135 +++ > lib/crypto/pkcs7_parser.c | 693 +++++++++++++ > lib/crypto/pkcs7_parser.h | 65 ++ > lib/crypto/public_key.c | 376 +++++++ > lib/crypto/rsa_helper.c | 198 ++++ > lib/crypto/rsapubkey.asn1 | 4 + > lib/crypto/x509.asn1 | 60 ++ > lib/crypto/x509_akid.asn1 | 35 + > lib/crypto/x509_cert_parser.c | 697 +++++++++++++ > lib/crypto/x509_parser.h | 57 + > lib/crypto/x509_public_key.c | 292 ++++++ > {drivers/rtc => lib}/date.c | 23 +- > lib/linux_compat.c | 17 + > lib/oid_registry.c | 179 ++++ > scripts/Makefile.build | 4 +- > scripts/build_OID_registry | 203 ++++ > test/Kconfig | 8 +- > test/lib/Kconfig | 23 + > test/lib/Makefile | 2 + > test/lib/asn1.c | 392 +++++++ > tools/Makefile | 3 + > tools/asn1_compiler.c | 1611 +++++++++++++++++++++++++++++ > 45 files changed, 7030 insertions(+), 31 deletions(-) > create mode 100644 doc/README.asn1 > create mode 100644 include/crypto/internal/rsa.h > create mode 100644 include/crypto/pkcs7.h > create mode 100644 include/crypto/public_key.h > create mode 100644 include/keys/asymmetric-type.h > create mode 100644 include/linux/asn1.h > create mode 100644 include/linux/asn1_ber_bytecode.h > create mode 100644 include/linux/asn1_decoder.h > create mode 100644 include/linux/oid_registry.h > create mode 100644 lib/asn1_decoder.c > create mode 100644 lib/crypto/Kconfig > create mode 100644 lib/crypto/Makefile > create mode 100644 lib/crypto/asymmetric_type.c > create mode 100644 lib/crypto/pkcs7.asn1 > create mode 100644 lib/crypto/pkcs7_parser.c > create mode 100644 lib/crypto/pkcs7_parser.h > create mode 100644 lib/crypto/public_key.c > create mode 100644 lib/crypto/rsa_helper.c > create mode 100644 lib/crypto/rsapubkey.asn1 > create mode 100644 lib/crypto/x509.asn1 > create mode 100644 lib/crypto/x509_akid.asn1 > create mode 100644 lib/crypto/x509_cert_parser.c > create mode 100644 lib/crypto/x509_parser.h > create mode 100644 lib/crypto/x509_public_key.c > rename {drivers/rtc => lib}/date.c (81%) > create mode 100644 lib/oid_registry.c > create mode 100755 scripts/build_OID_registry > create mode 100644 test/lib/Kconfig > create mode 100644 test/lib/asn1.c > create mode 100644 tools/asn1_compiler.c > > -- > 2.21.0 > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
