From 20031567e12bb312bff95b70767f6275e20f0346 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Wed, 14 Nov 2018 13:51:00 +0100 Subject: rsa: add a structure for the padding The rsa signature use a padding algorithm. By default, we use the padding pkcs-1.5. In order to add some new padding algorithm, we add a padding framework to manage several padding algorithm. The choice of the padding is done in the file .its. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- include/image.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include/image.h') diff --git a/include/image.h b/include/image.h index f67502e333e..e75d1763b58 100644 --- a/include/image.h +++ b/include/image.h @@ -1101,6 +1101,7 @@ struct image_sign_info { int node_offset; /* Offset of signature node */ const char *name; /* Algorithm name */ struct checksum_algo *checksum; /* Checksum algorithm information */ + struct padding_algo *padding; /* Padding algorithm information */ struct crypto_algo *crypto; /* Crypto algorithm information */ const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ @@ -1186,6 +1187,13 @@ struct crypto_algo { uint8_t *sig, uint sig_len); }; +struct padding_algo { + const char *name; + int (*verify)(struct image_sign_info *info, + uint8_t *pad, int pad_len, + const uint8_t *hash, int hash_len); +}; + /** * image_get_checksum_algo() - Look up a checksum algorithm * @@ -1202,6 +1210,14 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name); */ struct crypto_algo *image_get_crypto_algo(const char *full_name); +/** + * image_get_padding_algo() - Look up a padding algorithm + * + * @param name Name of padding algorithm + * @return pointer to algorithm information, or NULL if not found + */ +struct padding_algo *image_get_padding_algo(const char *name); + /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * -- cgit v1.2.3 From 061daa0b61f0fbeb214c566f3adb23da05545320 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Wed, 14 Nov 2018 13:51:01 +0100 Subject: rsa: add support of padding pss We add the support of the padding pss for rsa signature. This new padding is often recommended instead of pkcs-1.5. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- include/image.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/image.h') diff --git a/include/image.h b/include/image.h index e75d1763b58..83a2d412c9f 100644 --- a/include/image.h +++ b/include/image.h @@ -30,6 +30,7 @@ struct fdt_region; #define IMAGE_ENABLE_FIT 1 #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ +#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1 #define CONFIG_FIT_ENABLE_SHA256_SUPPORT #define CONFIG_SHA1 #define CONFIG_SHA256 -- cgit v1.2.3