Re: [U-Boot] [PATCH v3 4/8] rsa: add sha256-rsa2048 algorithm
Hello Simon,
Am 09.03.2014 06:33, schrieb Simon Glass:
Hi Heiko,
On 3 March 2014 04:19, Heiko Schocherh...@denx.de wrote:
based on patch from andr...@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.
aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head
Signed-off-by: Heiko Schocherh...@denx.de
Cc: andr...@oetken.name
Cc: Simon Glasss...@chromium.org
This looks good to me. However, when running it I hit this crash?
O=b/sandbox test/vboot/vboot_test.sh
Simple Verified Boot Test
=
Please see doc/uImage.FIT/verified-boot.txt for more information
/home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/mkimage -D -I
dts -O dtb -p 2000
Build keys
do sha1 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
Test Verified Boot Run: signed images: OK
Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
*** buffer overflow detected ***:
/home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign
terminated
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f07c7ba9f47]
/lib/x86_64-linux-gnu/libc.so.6(+0x109e40)[0x7f07c7ba8e40]
[...]
[vsyscall]
test/vboot/vboot_test.sh: line 65: 7597 Aborted (core
dumped) ${fit_check_sign} -f test.fit -k sandbox-u-boot.dtb ${tmp}
Verified boot key check on host failed, output follows:
Do you see this? Presumably not - I can dig a bit if you like?
No, I do not see this crash ... Hmm... you reply this error to the
4/8 patch of this series, but fit_check_sign is introduced in the
8/8 ... did you tried with all 8 patches applied?
Just tested with current head of U-Boot and I see no error:
commit 247161b8160fc699b0a517f081220bb50bc502a8
Merge: d57d60c 96ac18c
Author: Tom Rini tr...@ti.com
Date: Fri Mar 7 20:54:22 2014 -0500
Merge branch 'master' of git://git.denx.de/u-boot-mpc85xx
$ O=sandbox ./test/vboot/vboot_test.sh
Simple Verified Boot Test
=
Please see doc/uImage.FIT/verified-boot.txt for more information
/home/hs/ids/u-boot/sandbox/tools/mkimage -D -I dts -O dtb -p 2000
Build keys
do sha1 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
Test Verified Boot Run: signed images: OK
Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
do sha256 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
Test Verified Boot Run: signed images: OK
Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
Test passed
pollux:u-boot hs [temp] $
Can you try with current head again?
bye,
Heiko
--
DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH v3 4/8] rsa: add sha256-rsa2048 algorithm
Hi Heiko, On 3 March 2014 04:19, Heiko Schocher h...@denx.de wrote: based on patch from andr...@oetken.name: http://patchwork.ozlabs.org/patch/294318/ commit message: I currently need support for rsa-sha256 signatures in u-boot and found out that the code for signatures is not very generic. Thus adding of different hash-algorithms for rsa-signatures is not easy to do without copy-pasting the rsa-code. I attached a patch for how I think it could be better and included support for rsa-sha256. This is a fast first shot. aditionally work: - removed checkpatch warnings - removed compiler warnings - rebased against current head Signed-off-by: Heiko Schocher h...@denx.de Cc: andr...@oetken.name Cc: Simon Glass s...@chromium.org This looks good to me. However, when running it I hit this crash? O=b/sandbox test/vboot/vboot_test.sh Simple Verified Boot Test = Please see doc/uImage.FIT/verified-boot.txt for more information /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/mkimage -D -I dts -O dtb -p 2000 Build keys do sha1 test Build FIT with signed images Test Verified Boot Run: unsigned signatures:: OK Sign images Test Verified Boot Run: signed images: OK Build FIT with signed configuration Test Verified Boot Run: unsigned config: OK Sign images Test Verified Boot Run: signed config: OK check signed config on the host *** buffer overflow detected ***: /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign terminated === Backtrace: = /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f07c7ba9f47] /lib/x86_64-linux-gnu/libc.so.6(+0x109e40)[0x7f07c7ba8e40] /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign[0x40226f] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f07c7ac076d] /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign[0x4023c5] === Memory map: 0040-0041a000 r-xp fc:01 9840801 /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign 00619000-0061a000 r--p 00019000 fc:01 9840801 /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign 0061a000-0061b000 rw-p 0001a000 fc:01 9840801 /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign 0061b000-00711000 rw-p 00:00 0 00c24000-00c45000 rw-p 00:00 0 [heap] 7f07c746e000-7f07c7483000 r-xp fc:01 2622892 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f07c7483000-7f07c7682000 ---p 00015000 fc:01 2622892 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f07c7682000-7f07c7683000 r--p 00014000 fc:01 2622892 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f07c7683000-7f07c7684000 rw-p 00015000 fc:01 2622892 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f07c7684000-7f07c769a000 r-xp fc:01 2622826 /lib/x86_64-linux-gnu/libz.so.1.2.3.4 7f07c769a000-7f07c7899000 ---p 00016000 fc:01 2622826 /lib/x86_64-linux-gnu/libz.so.1.2.3.4 7f07c7899000-7f07c789a000 r--p 00015000 fc:01 2622826 /lib/x86_64-linux-gnu/libz.so.1.2.3.4 7f07c789a000-7f07c789b000 rw-p 00016000 fc:01 2622826 /lib/x86_64-linux-gnu/libz.so.1.2.3.4 7f07c789b000-7f07c789d000 r-xp fc:01 2622044 /lib/x86_64-linux-gnu/libdl-2.15.so 7f07c789d000-7f07c7a9d000 ---p 2000 fc:01 2622044 /lib/x86_64-linux-gnu/libdl-2.15.so 7f07c7a9d000-7f07c7a9e000 r--p 2000 fc:01 2622044 /lib/x86_64-linux-gnu/libdl-2.15.so 7f07c7a9e000-7f07c7a9f000 rw-p 3000 fc:01 2622044 /lib/x86_64-linux-gnu/libdl-2.15.so 7f07c7a9f000-7f07c7c54000 r-xp fc:01 2622027 /lib/x86_64-linux-gnu/libc-2.15.so 7f07c7c54000-7f07c7e54000 ---p 001b5000 fc:01 2622027 /lib/x86_64-linux-gnu/libc-2.15.so 7f07c7e54000-7f07c7e58000 r--p 001b5000 fc:01 2622027 /lib/x86_64-linux-gnu/libc-2.15.so 7f07c7e58000-7f07c7e5a000 rw-p 001b9000 fc:01 2622027 /lib/x86_64-linux-gnu/libc-2.15.so 7f07c7e5a000-7f07c7e5f000 rw-p 00:00 0 7f07c7e5f000-7f07c801 r-xp fc:01 2640614 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f07c801-7f07c821 ---p 001b1000 fc:01 2640614 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f07c821-7f07c822b000 r--p 001b1000 fc:01 2640614 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f07c822b000-7f07c8236000 rw-p 001cc000 fc:01 2640614 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 7f07c8236000-7f07c823a000 rw-p 00:00 0 7f07c823a000-7f07c828e000 r-xp fc:01 2640615 /lib/x86_64-linux-gnu/libssl.so.1.0.0 7f07c828e000-7f07c848e000 ---p 00054000 fc:01 2640615 /lib/x86_64-linux-gnu/libssl.so.1.0.0 7f07c848e000-7f07c8491000 r--p 00054000 fc:01 2640615 /lib/x86_64-linux-gnu/libssl.so.1.0.0 7f07c8491000-7f07c8497000 rw-p 00057000 fc:01 2640615 /lib/x86_64-linux-gnu/libssl.so.1.0.0 7f07c8497000-7f07c8498000 rw-p 00:00 0 7f07c8498000-7f07c84ba000 r-xp fc:01 2622041 /lib/x86_64-linux-gnu/ld-2.15.so 7f07c869f000-7f07c86a3000 rw-p 00:00 0 7f07c86b7000-7f07c86ba000 rw-p 00:00 0
[U-Boot] [PATCH v3 4/8] rsa: add sha256-rsa2048 algorithm
based on patch from andr...@oetken.name:
http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.
aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head
Signed-off-by: Heiko Schocher h...@denx.de
Cc: andr...@oetken.name
Cc: Simon Glass s...@chromium.org
---
changes for v2:
- add comment from Simon Glass:
- add commit message from original patch
- remove unnecessary function declaration
rsa_verify_256()
- sandbox: add sha256 tests
changes for v3:
- add comment from Simon Glass:
- remove #if defined(CONFIG_FIT_SIGNATURE)
- remove #if IMAGE_ENABLE_VERIFY
- left-align the comments in struct rsa_public_key
- test without parameter, do sha1 and sha256 tests in one call
---
common/image-sig.c | 38 +
doc/uImage.FIT/signature.txt | 14 +++-
include/image.h| 21 +
include/rsa-checksum.h | 23 +
include/rsa.h | 14
lib/rsa/Makefile | 2 +-
lib/rsa/rsa-checksum.c | 98 ++
lib/rsa/rsa-sign.c | 10 ++-
lib/rsa/rsa-verify.c | 83 ++
.../{sign-configs.its = sign-configs-sha1.its}| 0
test/vboot/sign-configs-sha256.its | 45 ++
.../{sign-images.its = sign-images-sha1.its} | 0
test/vboot/sign-images-sha256.its | 42 ++
test/vboot/vboot_test.sh | 66 ---
14 files changed, 363 insertions(+), 93 deletions(-)
create mode 100644 include/rsa-checksum.h
create mode 100644 lib/rsa/rsa-checksum.c
rename test/vboot/{sign-configs.its = sign-configs-sha1.its} (100%)
create mode 100644 test/vboot/sign-configs-sha256.its
rename test/vboot/{sign-images.its = sign-images-sha1.its} (100%)
create mode 100644 test/vboot/sign-images-sha256.its
diff --git a/common/image-sig.c b/common/image-sig.c
index 973b06d..8b6f49b 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -14,15 +14,53 @@ DECLARE_GLOBAL_DATA_PTR;
#endif /* !USE_HOSTCC*/
#include image.h
#include rsa.h
+#include rsa-checksum.h
#define IMAGE_MAX_HASHED_NODES 100
+#ifdef USE_HOSTCC
+__attribute__((weak)) void *get_blob(void)
+{
+ return NULL;
+}
+#endif
+
+struct checksum_algo checksum_algos[] = {
+ {
+ sha1,
+ SHA1_SUM_LEN,
+#if IMAGE_ENABLE_SIGN
+ EVP_sha1,
+#else
+ sha1_calculate,
+ padding_sha1_rsa2048,
+#endif
+ },
+ {
+ sha256,
+ SHA256_SUM_LEN,
+#if IMAGE_ENABLE_SIGN
+ EVP_sha256,
+#else
+ sha256_calculate,
+ padding_sha256_rsa2048,
+#endif
+ }
+};
struct image_sig_algo image_sig_algos[] = {
{
sha1,rsa2048,
rsa_sign,
rsa_add_verify_data,
rsa_verify,
+ checksum_algos[0],
+ },
+ {
+ sha256,rsa2048,
+ rsa_sign,
+ rsa_add_verify_data,
+ rsa_verify,
+ checksum_algos[1],
}
};
diff --git a/doc/uImage.FIT/signature.txt b/doc/uImage.FIT/signature.txt
index bc9f3fa..71f8b6c 100644
--- a/doc/uImage.FIT/signature.txt
+++ b/doc/uImage.FIT/signature.txt
@@ -346,7 +346,9 @@ Simple Verified Boot Test
Please see doc/uImage.FIT/verified-boot.txt for more information
+/home/hs/ids/u-boot/sandbox/tools/mkimage -D -I dts -O dtb -p 2000
Build keys
+do sha1 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
@@ -355,10 +357,20 @@ Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
+Test Verified Boot Run: signed config with bad hash: OK
+do sha256 test
+Build FIT with signed images
+Test Verified Boot Run: unsigned signatures:: OK
+Sign images
+Test Verified Boot Run: signed images: OK
+Build FIT with signed configuration
+Test Verified Boot Run: unsigned config: OK
+Sign images
+Test Verified Boot Run: signed config: OK
+Test Verified Boot Run: signed config with bad hash: OK
Test passed
-
Future Work
---
- Roll-back protection using a TPM is done using the tpm command. This can
diff --git a/include/image.h b/include/image.h
index 52969aa..44b2b46 100644
--- a/include/image.h
+++ b/include/image.h
@@ -833,6 +833,7 @@ int
