dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-10-22 10:31:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

lib/rsa: Make fdt_add_bignum() available outside of RSA code

Browse Source 
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Alexandru Gagniuc
2021-02-19 12:45:11 -06:00
committed by Tom Rini
parent 0bcb28dfb9
commit 4c17e5f691
4 changed files with 105 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
lib/rsa/rsa-sign.c
View File

@@ -9,6 +9,7 @@
#include <string.h>
#include <image.h>
#include <time.h>
#include <u-boot/fdt-libcrypto.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
@@ -680,70 +681,6 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
return ret;
}
static int fdt_add_bignum(void *blob, int noffset, const char *prop_name,
BIGNUM *num, int num_bits)
{
int nwords = num_bits / 32;
int size;
uint32_t *buf, *ptr;
BIGNUM *tmp, *big2, *big32, *big2_32;
BN_CTX *ctx;
int ret;
tmp = BN_new();
big2 = BN_new();
big32 = BN_new();
big2_32 = BN_new();
/*
* Note: This code assumes that all of the above succeed, or all fail.
* In practice memory allocations generally do not fail (unless the
* process is killed), so it does not seem worth handling each of these
* as a separate case. Technicaly this could leak memory on failure,
* but a) it won't happen in practice, and b) it doesn't matter as we
* will immediately exit with a failure code.
*/
if (!tmp || !big2 || !big32 || !big2_32) {
fprintf(stderr, "Out of memory (bignum)\n");
return -ENOMEM;
}
ctx = BN_CTX_new();
if (!ctx) {
fprintf(stderr, "Out of memory (bignum context)\n");
return -ENOMEM;
}
BN_set_word(big2, 2L);
BN_set_word(big32, 32L);
BN_exp(big2_32, big2, big32, ctx); /* B = 2^32 */
size = nwords * sizeof(uint32_t);
buf = malloc(size);
if (!buf) {
fprintf(stderr, "Out of memory (%d bytes)\n", size);
return -ENOMEM;
}
/* Write out modulus as big endian array of integers */
for (ptr = buf + nwords - 1; ptr >= buf; ptr--) {
BN_mod(tmp, num, big2_32, ctx); /* n = N mod B */
*ptr = cpu_to_fdt32(BN_get_word(tmp));
BN_rshift(num, num, 32); /* N = N/B */
}
/*
* We try signing with successively increasing size values, so this
* might fail several times
*/
ret = fdt_setprop(blob, noffset, prop_name, buf, size);
free(buf);
BN_free(tmp);
BN_free(big2);
BN_free(big32);
BN_free(big2_32);
return ret ? -FDT_ERR_NOSPACE : 0;
}
int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
{
BIGNUM *modulus, *r_squared;