subject:"Re\: \[U\-Boot\] \[PATCH 3\/4\] SECURE BOOT\: separate function created for signature"

Re: [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature

2016-01-27 Thread york sun

On 12/08/2015 12:45 AM, Aneesh Bansal wrote:
> The code for image hash calculation, hash calculation from
> RSA signature and comparison of hashes has been mobed to a
> separate function.
> 
> Signed-off-by: Saksham Jain 
> Signed-off-by: Aneesh Bansal 
> ---
>  board/freescale/common/fsl_validate.c | 98 
> +++
>  1 file changed, 54 insertions(+), 44 deletions(-)
> 

Applied to u-boot-fsl-qoriq master. Awaiting upstream.

Thanks.

York


___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Re: [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature

2016-01-15 Thread Ruchika Gupta



> -Original Message-
> From: Aneesh Bansal
> Sent: Tuesday, December 08, 2015 2:14 PM
> To: u-boot@lists.denx.de
> Cc: Yusong Sun ; Ruchika Gupta
> ; Prabhakar Kushwaha
> ; Aneesh Bansal
> ; Saksham Jain 
> Subject: [PATCH 3/4] SECURE BOOT: separate function created for signature
> 
> The code for image hash calculation, hash calculation from RSA signature and
> comparison of hashes has been mobed to a separate function.
> 
> Signed-off-by: Saksham Jain 
> Signed-off-by: Aneesh Bansal 
> ---
>  board/freescale/common/fsl_validate.c | 98 +++---
> -
>  1 file changed, 54 insertions(+), 44 deletions(-)
> 
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index ef7a5ae..08a2f79 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -721,6 +721,58 @@ static inline int str2longbe(const char *p, ulong
> *num)
> 
>   return *p != '\0' && *endptr == '\0';
>  }
> +/* Function to calculate the ESBC Image Hash
> + * and hash from Digital signature.
> + * The Two hash's are compared to yield the
> + * result of signature validation.
> + */
> +static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) {
> + int ret;
> + uint32_t key_len;
> + struct key_prop prop;
> +#if !defined(USE_HOSTCC)
> + struct udevice *mod_exp_dev;
> +#endif
> + ret = calc_esbchdr_esbc_hash(img);
> + if (ret)
> + return ret;
> +
> + /* Construct encoded hash EM' wrt PKCSv1.5 */
> + construct_img_encoded_hash_second(img);
> +
> + /* Fill prop structure for public key */
> + memset(&prop, 0, sizeof(struct key_prop));
> + key_len = get_key_len(img) / 2;
> + prop.modulus = img->img_key;
> + prop.public_exponent = img->img_key + key_len;
> + prop.num_bits = key_len * 8;
> + prop.exp_len = key_len;
> +
> + ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
> + if (ret) {
> + printf("RSA: Can't find Modular Exp implementation\n");
> + return -EINVAL;
> + }
> +
> + ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
> +   &prop, img->img_encoded_hash);
> + if (ret)
> + return ret;
> +
> + /*
> +  * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
> +  * memcmp returns zero on success
> +  * memcmp returns non-zero on failure
> +  */
> + ret = memcmp(&img->img_encoded_hash_second, &img-
> >img_encoded_hash,
> + img->hdr.sign_len);
> +
> + if (ret)
> + return ERROR_ESBC_CLIENT_HASH_COMPARE_EM;
> +
> + return 0;
> +}
> 
>  int fsl_secboot_validate(ulong haddr, char *arg_hash_str)  { @@ -732,11
> +784,6 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
>   void *esbc;
>   int ret, i, hash_cmd = 0;
>   u32 srk_hash[8];
> - uint32_t key_len;
> - struct key_prop prop;
> -#if !defined(USE_HOSTCC)
> - struct udevice *mod_exp_dev;
> -#endif
> 
>   if (arg_hash_str != NULL) {
>   const char *cp = arg_hash_str;
> @@ -821,46 +868,9 @@ int fsl_secboot_validate(ulong haddr, char
> *arg_hash_str)
>   goto exit;
>   }
> 
> - ret = calc_esbchdr_esbc_hash(img);
> - if (ret) {
> - fsl_secblk_handle_error(ret);
> - goto exit;
> - }
> -
> - /* Construct encoded hash EM' wrt PKCSv1.5 */
> - construct_img_encoded_hash_second(img);
> -
> - /* Fill prop structure for public key */
> - memset(&prop, 0, sizeof(struct key_prop));
> - key_len = get_key_len(img) / 2;
> - prop.modulus = img->img_key;
> - prop.public_exponent = img->img_key + key_len;
> - prop.num_bits = key_len * 8;
> - prop.exp_len = key_len;
> -
> - ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
> - if (ret) {
> - printf("RSA: Can't find Modular Exp implementation\n");
> - return -EINVAL;
> - }
> -
> - ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
> -   &prop, img->img_encoded_hash);
> - if (ret) {
> - fsl_secblk_handle_error(ret);
> - goto exit;
> - }
> -
> - /*
> -  * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
> -  * memcmp returns zero on success
> -  * memcmp returns non-zero on failure
> -  */
> - ret = memcmp(&img->img_encoded_hash_second, &img-
> >img_encoded_hash,
> - img->hdr.sign_len);
> -
> + ret = calculate_cmp_img_sig(img);
>   if (ret) {
> -
>   fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_E
> M);
> + fsl_secboot_handle_error(ret);
>   goto exit;
>   }
> 
> --
> 1.8.1.4
Acked-by: Ruchika Gupta 
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Re: [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature

Re: [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature

2 matches

Site Navigation

Mail list logo

Footer information