u-boot.git/lib/rsa, branch next Unnamed repository; edit this file 'description' to name the repository. lib: rsa: use FIT_ALGO_PROP constant instead of "algo" in FIT 2025-12-16T17:39:38+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-12-03T16:19:33+00:00 883359e152d5000943411ef7d2daaec6c137f47d Some FIT image properties have their string represented in include/image.h via constants. FIT_ALGO_PROP does exist and would fit the bill so let's use it instead of using a hardcoded string. Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
Some FIT image properties have their string represented in
include/image.h via constants. FIT_ALGO_PROP does exist and would fit the
bill so let's use it instead of using a hardcoded string.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Merge patch series "rsa: fix dependency, rename and relocate RSASSA PSS symbols" 2025-11-11T20:53:33+00:00 Tom Rini trini@konsulko.com 2025-11-11T20:53:33+00:00 62e89de7698a637c673b08ec129941d8079a5405 Quentin Schulz <foss+uboot@0leil.net> says: While historically signature verification is mostly done for FIT such FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't the only kind of file we can verify signatures of. It can also be done manually with rsa_verify_hash() with an embedded public key. Considering the impacted code is guarded by RSA_VERIFY, let's make the symbol depend on that otherwise selecting it without RSA_VERIFY won't do anything. The FIT_SIGNATURE dependency wasn't also enough before as it only implied RSA_VERIFY. Then, simply relocate the RSA SSA PSS padding with the other RSA symbols in lib/rsa instead of in boot/ and rename it to remove the mention to FIT. Finally, add the PSS padding wherever PKCS1.5 padding is specified as one or the other can be used. Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de 
Quentin Schulz <foss+uboot@0leil.net> says:

While historically signature verification is mostly done for FIT such
FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't
the only kind of file we can verify signatures of. It can also be done
manually with rsa_verify_hash() with an embedded public key.

Considering the impacted code is guarded by RSA_VERIFY, let's make the
symbol depend on that otherwise selecting it without RSA_VERIFY won't do
anything. The FIT_SIGNATURE dependency wasn't also enough before as it
only implied RSA_VERIFY.

Then, simply relocate the RSA SSA PSS padding with the other RSA symbols
in lib/rsa instead of in boot/ and rename it to remove the mention to
FIT.

Finally, add the PSS padding wherever PKCS1.5 padding is specified as
one or the other can be used.

Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de
rsa: update doxygen doc for RSA signature verification to mention PSS 2025-11-11T20:53:25+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-10-31T17:08:24+00:00 c50f6b11b3242adba0c8a3a6a50082a2eca01772 While the verification step originally only supported PKCS1.5 as padding algorithm for the signature, it was later extended to add support for PSS but the doxygen doc wasn't updated to reflect that so let's fix that oversight. Fixes: 061daa0b61f0 ("rsa: add support of padding pss") Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
While the verification step originally only supported PKCS1.5 as padding
algorithm for the signature, it was later extended to add support for
PSS but the doxygen doc wasn't updated to reflect that so let's fix
that oversight.

Fixes: 061daa0b61f0 ("rsa: add support of padding pss")
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
rsa: rename FIT_RSASSA_PSS to RSASSA_PSS and move symbols under lib/rsa 2025-11-11T20:53:25+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-10-31T17:08:23+00:00 360dd89b361dde2a0bbad65763538e1eea7d3c94 This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid potential confusion since there's nothing FIT specific to those symbols. It also isn't really related to booting, so boot/Kconfig is an odd place for them to live. Since they make sense only in relation with RSA, simply move them to lib/rsa where it makes more sense for them to reside. Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid
potential confusion since there's nothing FIT specific to those symbols.

It also isn't really related to booting, so boot/Kconfig is an odd place
for them to live. Since they make sense only in relation with RSA,
simply move them to lib/rsa where it makes more sense for them to
reside.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
rsa: fix typo in $(PHASE_)RSA_VERIFY_WITH_PKEY help text 2025-11-06T23:32:33+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-10-29T11:20:27+00:00 64ba0aa9f48cd3c2bba92c1f15a9da4c21000d2e Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
lib/rsa: allow matching pkcs11 path by object id 2025-07-08T22:19:31+00:00 Tobias Olausson tobias@eub.se 2025-06-26T06:54:20+00:00 0707f73a8ba26f5aeaeada6f5942d003bf67ce06 The object= part matches against the label that the pkcs11 token uses for that object, but in some cases, specifically with a Yubikey using ykcs11, where the keys have been imported, the labels differ between the private and public keys [1], making the object= matching useless. These keys will have the same id however, so matching against that works for both the private and public part. [1]: https://github.com/Yubico/yubico-piv-tool/blob/master/doc/YKCS11/Functions_and_values.adoc#key-alias-per-slot-and-object-type Signed-off-by: Tobias Olausson <tobias@eub.se> 
The object= part matches against the label that the pkcs11 token uses
for that object, but in some cases, specifically with a Yubikey using
ykcs11, where the keys have been imported, the labels differ between the
private and public keys [1], making the object= matching useless. These
keys will have the same id however, so matching against that works for
both the private and public part.

[1]: https://github.com/Yubico/yubico-piv-tool/blob/master/doc/YKCS11/Functions_and_values.adoc#key-alias-per-slot-and-object-type

Signed-off-by: Tobias Olausson <tobias@eub.se>
lib: rsa: fix compilation error without openssl 2025-06-22T16:16:39+00:00 Shiji Yang yangshiji66@outlook.com 2025-06-19T16:38:17+00:00 961e260cdcd01d68c8dae87eef67e116f1a67aed The symbol TOOLS_IMAGE_PRE_LOAD doesn't depend on TOOLS_LIBCRYPTO. If we choose to build tools without openssl, rsa_verify_openssl() will attempt to call the unavailable openssl library functions. Fixes: 942c8c8e6697 ("rsa: Add rsa_verify_openssl() to use openssl for host builds") Signed-off-by: Shiji Yang <yangshiji66@outlook.com> 
The symbol TOOLS_IMAGE_PRE_LOAD doesn't depend on TOOLS_LIBCRYPTO.
If we choose to build tools without openssl, rsa_verify_openssl()
will attempt to call the unavailable openssl library functions.

Fixes: 942c8c8e6697 ("rsa: Add rsa_verify_openssl() to use openssl for host builds")
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
lib: rsa: add NULL check for 'algo' in 2025-03-13T20:23:09+00:00 Anton Moryakov ant.v.moryakov@gmail.com 2025-02-25T13:53:27+00:00 babc6eef2f48970f394816c955a4a7481ce8df80 - Check return value of fdt_getprop for NULL. - Return -EFAULT if 'algo' property is missing. - Prevent NULL pointer dereference in strcmp." Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> 
- Check return value of fdt_getprop for NULL.
- Return -EFAULT if 'algo' property is missing.
- Prevent NULL pointer dereference in strcmp."

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
rsa: Add rsa_verify_openssl() to use openssl for host builds 2025-02-28T22:51:01+00:00 Paul HENRYS paul.henrys_ext@softathome.com 2025-02-24T21:20:50+00:00 942c8c8e669739d2e8dec67a7ed90158defc93ed rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data when building host tools. Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com> 
rsa_verify_openssl() is used in lib/rsa/rsa-verify.c to authenticate data
when building host tools.

Signed-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>
lib: rsa: Set conventional salt length RSA-PSS parameter 2024-11-15T00:14:05+00:00 Loic Poulain loic.poulain@linaro.org 2024-10-31T09:15:31+00:00 1b99c15d73c10a7f5953e7cd69264754f5f604ba RFC 3447 says that Typical salt length are either 0 or the length of the output of the digest algorithm, RFC 4055 also recommends hash value length as the salt length. Moreover, By convention, most of the signing infrastructures/libraries use the length of the digest algorithm (such as google cloud kms: https://cloud.google.com/kms/docs/algorithms). If the salt-length parameter is not set, openssl default to the maximum allowed value, which is a openssl 'specificity', so this works well for local signing, but restricts compatibility with other engines (e.g pkcs11/libkmsp11): ``` returning 0x71 from C_SignInit due to status INVALID_ARGUMENT: at rsassa_pss.cc:53: expected salt length for key XX is 32, but 478 was supplied in the parameters Could not obtain signature: error:41000070:PKCS#11 module::Mechanism invalid ``` To improve compatibility, we set the default RSA-PSS salt-length value to the conventional one. A further improvement could consist in making it configurable as signature FIT node attribute. rfc3447: https://datatracker.ietf.org/doc/html/rfc3447 rfc4055: https://datatracker.ietf.org/doc/html/rfc4055 Signed-off-by: Loic Poulain <loic.poulain@linaro.org> 
RFC 3447 says that Typical salt length are either 0 or the length
of the output of the digest algorithm, RFC 4055 also recommends
hash value length as the salt length. Moreover, By convention,
most of the signing infrastructures/libraries use the length of
the digest algorithm (such as google cloud kms:
                      https://cloud.google.com/kms/docs/algorithms).

If the salt-length parameter is not set, openssl default to the
maximum allowed value, which is a openssl 'specificity', so this
works well for local signing, but restricts compatibility with
other engines (e.g pkcs11/libkmsp11):

```
returning 0x71 from C_SignInit due to status INVALID_ARGUMENT:
    at rsassa_pss.cc:53: expected salt length for key XX is 32,
    but 478 was supplied in the parameters
Could not obtain signature: error:41000070:PKCS#11 module::Mechanism invalid
```

To improve compatibility, we set the default RSA-PSS salt-length
value to the conventional one. A further improvement could consist
in making it configurable as signature FIT node attribute.

rfc3447: https://datatracker.ietf.org/doc/html/rfc3447
rfc4055: https://datatracker.ietf.org/doc/html/rfc4055

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>