summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorHeiko Schocher <hs@denx.de>2014-03-03 12:19:26 +0100
committerTom Rini <trini@ti.com>2014-03-21 16:39:34 -0400
commit646257d1f4004855d486024527a4784bf57c4c4d (patch)
treea16c9627f823bcb68606b621fe9ff2fe493f90ed /include
parent2842c1c24269a05142802d25520e7cb9035e456c (diff)
downloadu-boot-imx-646257d1f4004855d486024527a4784bf57c4c4d.zip
u-boot-imx-646257d1f4004855d486024527a4784bf57c4c4d.tar.gz
u-boot-imx-646257d1f4004855d486024527a4784bf57c4c4d.tar.bz2
rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher <hs@denx.de> Cc: andreas@oetken.name Cc: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include')
-rw-r--r--include/image.h21
-rw-r--r--include/rsa-checksum.h23
-rw-r--r--include/rsa.h14
3 files changed, 58 insertions, 0 deletions
diff --git a/include/image.h b/include/image.h
index 52969aa..44b2b46 100644
--- a/include/image.h
+++ b/include/image.h
@@ -833,6 +833,7 @@ int calculate_hash(const void *data, int data_len, const char *algo,
# ifdef USE_HOSTCC
# define IMAGE_ENABLE_SIGN 1
# define IMAGE_ENABLE_VERIFY 0
+# include <openssl/evp.h>
#else
# define IMAGE_ENABLE_SIGN 0
# define IMAGE_ENABLE_VERIFY 1
@@ -872,6 +873,23 @@ struct image_region {
int size;
};
+#if IMAGE_ENABLE_VERIFY
+# include <rsa-checksum.h>
+#endif
+struct checksum_algo {
+ const char *name;
+ const int checksum_len;
+#if IMAGE_ENABLE_SIGN
+ const EVP_MD *(*calculate)(void);
+#else
+#if IMAGE_ENABLE_VERIFY
+ void (*calculate)(const struct image_region region[],
+ int region_count, uint8_t *checksum);
+ const uint8_t *rsa_padding;
+#endif
+#endif
+};
+
struct image_sig_algo {
const char *name; /* Name of algorithm */
@@ -922,6 +940,9 @@ struct image_sig_algo {
int (*verify)(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len);
+
+ /* pointer to checksum algorithm */
+ struct checksum_algo *checksum;
};
/**
diff --git a/include/rsa-checksum.h b/include/rsa-checksum.h
new file mode 100644
index 0000000..850b253
--- /dev/null
+++ b/include/rsa-checksum.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2013, Andreas Oetken.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+*/
+
+#ifndef _RSA_CHECKSUM_H
+#define _RSA_CHECKSUM_H
+
+#include <errno.h>
+#include <image.h>
+#include <sha1.h>
+#include <sha256.h>
+
+extern const uint8_t padding_sha256_rsa2048[];
+extern const uint8_t padding_sha1_rsa2048[];
+
+void sha256_calculate(const struct image_region region[], int region_count,
+ uint8_t *checksum);
+void sha1_calculate(const struct image_region region[], int region_count,
+ uint8_t *checksum);
+
+#endif
diff --git a/include/rsa.h b/include/rsa.h
index add4c78..e9ae870 100644
--- a/include/rsa.h
+++ b/include/rsa.h
@@ -15,6 +15,20 @@
#include <errno.h>
#include <image.h>
+/**
+ * struct rsa_public_key - holder for a public key
+ *
+ * An RSA public key consists of a modulus (typically called N), the inverse
+ * and R^2, where R is 2^(# key bits).
+ */
+
+struct rsa_public_key {
+ uint len; /* len of modulus[] in number of uint32_t */
+ uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */
+ uint32_t *modulus; /* modulus as little endian array */
+ uint32_t *rr; /* R^2 as little endian array */
+};
+
#if IMAGE_ENABLE_SIGN
/**
* sign() - calculate and return signature for given input data