Hi Jan, all,
Your fix seems to work fine, but I only tested with keys of size 256,
please see my "rude" test script attached:
#!/bin/bash
for i in {0..1000} do
{
openssl genpkey -out privateKey_$i.key -algorithm RSA -pkeyopt
rsa_keygen_bits:2048
openssl rsa -in privateKey_$i.key -pubout > publicKey_$i.pub
key2dtsi.py publicKey_$i.pub key2dtsi_$i.dtsi
wc_cmd=`grep r-squared key2dtsi_$i.dtsi |sed -e 's/\s*rsa,r\-squared =
\[\(.*\)\]\;/\1/'`
# size of r-squared is expected to be 256, I print one additional
parameter -> 257
echo "$wc_cmd $i" | wc | awk -e '{if ($2 != 257){ print "key ",$4,":
Error value ",$2;exit -1}}'
}
BR
Hans
-----Original Message-----
From: Jan Kiszka <[email protected]>
Sent: Friday, October 31, 2025 10:35 AM
To: U-Boot Mailing List <[email protected]>; Tom Rini <[email protected]>;
Hans Gfirtner (Nokia) <[email protected]>
Subject: [PATCH] tools: key2dtsi: Write out modulus and r-squared with the
correct length
CAUTION: This is an external email. Please be very careful when clicking links
or opening attachments. See the URL nok.it/ext for additional information.
From: Jan Kiszka <[email protected]>
Align the implementation to rsa_add_verify_data() by writing the modulus and
r-squared properties with the same length as the key itself. This fixes
signature verification issues when one of the parameters has leading zeros.
Reported-by: Hans Gfirtner (Nokia) <[email protected]>
Signed-off-by: Jan Kiszka <[email protected]>
---
Hans, please validate. I only had a dry run with your test key.
tools/key2dtsi.py | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/tools/key2dtsi.py b/tools/key2dtsi.py index
1dbb2cc94bf..320ea930a97 100755
--- a/tools/key2dtsi.py
+++ b/tools/key2dtsi.py
@@ -11,10 +11,8 @@ from os.path import basename, splitext from
Cryptodome.PublicKey import RSA from Cryptodome.Util.number import inverse
-def int_to_bytestr(n, length=None):
- if not length:
- length = (n.bit_length() + 7) // 8
- byte_array = n.to_bytes(length, 'big')
+def int_to_bytestr(n, bits):
+ byte_array = n.to_bytes(bits // 8, 'big')
return ' '.join(['{:02x}'.format(byte) for byte in byte_array])
ap = ArgumentParser(description='Public key to dtsi converter') @@ -39,7 +37,8
@@ key_name, _ = splitext(basename(args.key_file.name))
key_data = args.key_file.read()
key = RSA.importKey(key_data)
-r_squared = (2**key.size_in_bits())**2 % key.n
+key_bits = key.size_in_bits()
+r_squared = (2**key_bits)**2 % key.n
n0_inverse = 2**32 - inverse(key.n, 2**32)
out = args.dtsi_file
@@ -47,11 +46,13 @@ out.write('/ {\n')
out.write('\tsignature {\n')
out.write('\t\tkey-{} {{\n'.format(key_name)) out.write('\t\t\tkey-name-hint
= "{}";\n'.format(key_name)) -out.write('\t\t\talgo =
"{},rsa{}";\n'.format(args.hash, key.size_in_bits()))
-out.write('\t\t\trsa,num-bits = <{}>;\n'.format(key.size_in_bits()))
-out.write('\t\t\trsa,modulus = [{}];\n'.format(int_to_bytestr(key.n)))
-out.write('\t\t\trsa,exponent = [{}];\n'.format(int_to_bytestr(key.e, 8)))
-out.write('\t\t\trsa,r-squared = [{}];\n'.format(int_to_bytestr(r_squared)))
+out.write('\t\t\talgo = "{},rsa{}";\n'.format(args.hash, key_bits))
+out.write('\t\t\trsa,num-bits = <{}>;\n'.format(key_bits))
+out.write('\t\t\trsa,modulus = [{}];\n'.format(int_to_bytestr(key.n,
+
+key_bits))) out.write('\t\t\trsa,exponent =
+[{}];\n'.format(int_to_bytestr(key.e, 64))) out.write('\t\t\trsa,r-squared =
[{}];\n'.format(int_to_bytestr(r_squared,
+
+key_bits)))
out.write('\t\t\trsa,n0-inverse = <0x{:x}>;\n'.format(n0_inverse)) if
args.required_conf:
out.write('\t\t\trequired = "conf";\n')
--
2.51.0
