lib/rsa-sign: Support generate np factor for rsa4096

Signed-off-by: Yi Liu <liuyi@rock-chips.com>
Change-Id: I248a129941b64e78c901a887eb9eb3f82a46bdd2

lib: rsa-sign: support calculate deferent size of rsa's key

Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Change-Id: Ia473b5123c11ed57d1eed560964b6a7dc482b7df

lib: rsa-sign: add rockchip rsa key hash

SPL requires key hash to verify and flash it to OTP/EFUSE.

- hash@c: n, e, c
- hash@np: n, e, np

/ {
signature {
key-dev {
require

lib: rsa-sign: add rockchip rsa key hash

SPL requires key hash to verify and flash it to OTP/EFUSE.

- hash@c: n, e, c
- hash@np: n, e, np

/ {
signature {
key-dev {
required = "conf";
algo = "sha256,rsa2048";
rsa,np = <...>;
rsa,c = <...>;
rsa,modulus = <...>;
rsa,exponent-BN = <...>;
...
key-name-hint = "dev";
hash@np {
algo = "sha256";
value = <0x0934bc4d 0xfbc31ffe 0x9224d6c2 0x1a3aa280 0x881d881e 0xe2006246 0x01b9e724 0x35c03428>;
};
hash@c {
algo = "sha256";
value = <0x08962385 0x34585e06 0x0b73a496 0x374b148d 0xa2700a75 0x4aae08ad 0xb2a324a3 0x95ee6b52>;
};
};
};
...
};

But after processed by scripts/fit.sh, only one of "hash@c" and "hash@np" would be left.

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: Id9454100f9fdb06b30f9a4b2a7bdd180f117cb68

show more ...

UPSTREAM: rsa: add support of padding pss

We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philipp

UPSTREAM: rsa: add support of padding pss

We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 061daa0b61f0fbeb214c566f3adb23da05545320)

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I28e5722504bfd0428cd119b2aaae60682a720648

show more ...

UPSTREAM: rsa: add a structure for the padding

The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framew

UPSTREAM: rsa: add a structure for the padding

The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 20031567e12bb312bff95b70767f6275e20f0346)

Conflicts:
common/image-fit.c
lib/rsa/rsa-sign.c
lib/rsa/rsa-verify.c

Change-Id: Ie522fec1ea69e6b86ebde0f7dad91a45670da66b
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>

show more ...

UPSTREAM: rsa: use new openssl API to create signature

Previous implementation of the rsa signature was using
the openssl API EVP_Sign*, but the new openssl API
EVP_DigestSign* is more flexible. So

UPSTREAM: rsa: use new openssl API to create signature

Previous implementation of the rsa signature was using
the openssl API EVP_Sign*, but the new openssl API
EVP_DigestSign* is more flexible. So we move to this
new API.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit 3b5d6979fcb80ffae3b140be6edc04cbde1a0b72)

Conflicts:
lib/rsa/rsa-sign.c

Change-Id: I6016a13904024a63d6fb8110cef37e57a164eed9
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>

show more ...

Merge branch 'next-dev' into thunder-boot

Change-Id: I83b054613effee1a89bdcbffbc68ebf37abe7a2b

lib: rsa: fix compile warning

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I75acadbb4fe6873c7306bd953234c1fb4ef5b0d9

Merge branch 'next-dev' into thunder-boot

lib: rsa: generate data to be signed

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I125f61051c9c9604903603ef06cd7f368b48f3d8

Merge branch 'next-dev' into thunder-boot

lib: rsa: add hardware crypto for FIT image checksum and rsa

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I526dd1b9a2a7e0050786f6006fd166f3dfb3a5c4

rsa: Fix build with OpenSSL 1.1.x

The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.

EVP_MD_CTX_cleanup has been removed in 1.

rsa: Fix build with OpenSSL 1.1.x

The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.

EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.

show more ...

mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, e

mkimage: Add support for signing with pkcs11

Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

image: Combine image_sig_algo with image_sign_info

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer th

image: Combine image_sig_algo with image_sign_info

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7

[NOTE: I took v1 of these patches in, and then v2 came out, this commit
is squashing the minor deltas from v1 -> v2 of updates to c236

tools, rsa: Further minor cleanups on top of c236ebd and 2b9ec7

[NOTE: I took v1 of these patches in, and then v2 came out, this commit
is squashing the minor deltas from v1 -> v2 of updates to c236ebd and
2b9ec76 into this commit - trini]

- Added an additional NULL check, as suggested by Simon Glass to
fit_image_process_sig
- Re-formatted the comment blocks

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
[For merging the chnages from v2 back onto v1]
Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

rsa: Fix return value and masked error

When signing images, we repeatedly call fit_add_file_data() with
successively increasing size values to include the keys in the DTB.

Unfortunately, if large k

rsa: Fix return value and masked error

When signing images, we repeatedly call fit_add_file_data() with
successively increasing size values to include the keys in the DTB.

Unfortunately, if large keys are used (such as 4096 bit RSA keys), this
process fails sometimes, and mkimage needs to be called repeatedly to
integrate the keys into the DTB.

This is because fit_add_file_data actually returns the wrong error
code, and the loop terminates prematurely, instead of trying again with
a larger size value.

This patch corrects the return value by fixing the return value of
fdt_add_bignum, fixes a case where an error is masked by a unconditional
setting of a return value variable, and also removes a error message,
which is misleading, since we actually allow the function to fail. A
(hopefully helpful) comment is also added to explain the lack of error
message.

This is probably related to 1152a05 ("tools: Correct error handling in
fit_image_process_hash()") and the corresponding error reported here:

https://www.mail-archive.com/u-boot@lists.denx.de/msg217417.html

Signed-off-by: Mario Six <mario.six@gdsys.cc>

show more ...

rsa: Fix two errors in the implementation

1. Failure to set the return code correctly
2. Failure to detect the loop end condition when the value is equal to
the modulus.

Reported-by: Jeroen Hofstee

rsa: Fix two errors in the implementation

1. Failure to set the return code correctly
2. Failure to detect the loop end condition when the value is equal to
the modulus.

Reported-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Signed-off-by: Simon Glass <sjg@chromium.org>

show more ...

Implement generalised RSA public exponents for verified boot

Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PK

Implement generalised RSA public exponents for verified boot

Remove the verified boot limitation that only allows a single
RSA public exponent of 65537 (F4). This change allows use with
existing PKI infrastructure and has been tested with HSM-based
PKI.

Change the configuration OF tree format to store the RSA public
exponent as a 64 bit integer and implement backward compatibility
for verified boot configuration trees without this extra field.

Parameterise vboot_test.sh to test different public exponents.

Mathematics and other hard work by Andrew Bott.

Tested with the following public exponents: 3, 5, 17, 257, 39981,
50457, 65537 and 4294967297.

Signed-off-by: Andrew Bott <Andrew.Bott@ipaccess.com>
Signed-off-by: Andrew Wishart <Andrew.Wishart@ipaccess.com>
Signed-off-by: Neil Piercy <Neil.Piercy@ipaccess.com>
Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Cc: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

Conflicts:
boards.cfg

Merge branch 'u-boot/master' into 'u-boot-arm/master'

mkimage: Automatically expand FDT in more cases

The original code did not cover every case and there was a missing negative
sign in one case. Expand the coverage and fix the bug.

Signed-off-by: Sim

mkimage: Automatically expand FDT in more cases

The original code did not cover every case and there was a missing negative
sign in one case. Expand the coverage and fix the bug.

Signed-off-by: Simon Glass <sjg@chromium.org>

show more ...

fdt: Update functions which write to an FDT to return -ENOSPC

When writing values into an FDT it is possible that there will be
insufficient space. If the caller gets a useful error then it can
pote

fdt: Update functions which write to an FDT to return -ENOSPC

When writing values into an FDT it is possible that there will be
insufficient space. If the caller gets a useful error then it can
potentially deal with the situation.

Adjust these functions to return -ENOSPC when the FDT is full.

Signed-off-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-arm