diff options
| author | Stefano Babic <sbabic@denx.de> | 2016-11-29 15:28:28 (GMT) |
|---|---|---|
| committer | Stefano Babic <sbabic@denx.de> | 2016-11-29 15:28:28 (GMT) |
| commit | 2d221489df021393654805536be7effcb9d39702 (patch) | |
| tree | 1b636f10b4ccde42624ec665df13288408b59b7f /lib | |
| parent | 45a3ad81fafe3090f7f89b458f6bd9f547a453df (diff) | |
| parent | e94793c844a40606252f2e3f6428063e057b3fd2 (diff) | |
| download | u-boot-2d221489df021393654805536be7effcb9d39702.tar.xz | |
Merge branch 'master' of git://git.denx.de/u-boot
Signed-off-by: Stefano Babic <sbabic@denx.de>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/efi/Makefile | 4 | ||||
| -rw-r--r-- | lib/efi_loader/Kconfig | 2 | ||||
| -rw-r--r-- | lib/efi_loader/Makefile | 7 | ||||
| -rw-r--r-- | lib/efi_loader/efi_boottime.c | 2 | ||||
| -rw-r--r-- | lib/efi_loader/efi_console.c | 100 | ||||
| -rw-r--r-- | lib/efi_loader/efi_image_loader.c | 3 | ||||
| -rw-r--r-- | lib/efi_loader/efi_net.c | 17 | ||||
| -rw-r--r-- | lib/efi_loader/helloworld.c | 24 | ||||
| -rw-r--r-- | lib/rsa/rsa-checksum.c | 121 | ||||
| -rw-r--r-- | lib/rsa/rsa-sign.c | 4 | ||||
| -rw-r--r-- | lib/rsa/rsa-verify.c | 59 | ||||
| -rw-r--r-- | lib/sha1.c | 5 | ||||
| -rw-r--r-- | lib/sha256.c | 6 |
13 files changed, 191 insertions, 163 deletions
diff --git a/lib/efi/Makefile b/lib/efi/Makefile index e32dc14..9449600 100644 --- a/lib/efi/Makefile +++ b/lib/efi/Makefile @@ -9,9 +9,9 @@ obj-$(CONFIG_EFI_STUB) += efi_info.o CFLAGS_REMOVE_efi_stub.o := -mregparm=3 \ $(if $(CONFIG_EFI_STUB_64BIT),-march=i386 -m32) -CFLAGS_efi_stub.o := -fpic -fshort-wchar +CFLAGS_efi_stub.o := -fpic -fshort-wchar -DEFI_STUB CFLAGS_REMOVE_efi.o := -mregparm=3 \ $(if $(CONFIG_EFI_STUB_64BIT),-march=i386 -m32) -CFLAGS_efi.o := -fpic -fshort-wchar +CFLAGS_efi.o := -fpic -fshort-wchar -DEFI_STUB extra-$(CONFIG_EFI_STUB) += efi_stub.o efi.o diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 37a0dd6..d2b6327 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -1,6 +1,6 @@ config EFI_LOADER bool "Support running EFI Applications in U-Boot" - depends on (ARM64 || ARM) && OF_LIBFDT + depends on (ARM || X86) && OF_LIBFDT default y help Select this option if you want to run EFI applications (like grub2) diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 12159dd..fa8b91a 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -7,6 +7,13 @@ # This file only gets included with CONFIG_EFI_LOADER set, so all # object inclusion implicitly depends on it +CFLAGS_helloworld.o := $(CFLAGS_EFI) +CFLAGS_REMOVE_helloworld.o := $(CFLAGS_NON_EFI) + +efiprogs-$(CONFIG_CMD_BOOTEFI_HELLO_COMPILE) += helloworld.efi +always := $(efiprogs-y) + +obj-$(CONFIG_CMD_BOOTEFI_HELLO) += helloworld_efi.o obj-y += efi_image_loader.o efi_boottime.o efi_runtime.o efi_console.o obj-y += efi_memory.o obj-$(CONFIG_LCD) += efi_gop.o diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 1fdddf4..51080cb 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -538,6 +538,8 @@ static efi_status_t EFIAPI efi_exit_boot_services(void *image_handle, { EFI_ENTRY("%p, %ld", image_handle, map_key); + board_quiesce_devices(); + /* Fix up caches for EFI payloads if necessary */ efi_exit_caches(); diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c index 2e0228c..8ef7326 100644 --- a/lib/efi_loader/efi_console.c +++ b/lib/efi_loader/efi_console.c @@ -9,11 +9,38 @@ #include <common.h> #include <efi_loader.h> -/* If we can't determine the console size, default to 80x24 */ -static int console_columns = 80; -static int console_rows = 24; static bool console_size_queried; +#define EFI_COUT_MODE_2 2 +#define EFI_MAX_COUT_MODE 3 + +struct cout_mode { + unsigned long columns; + unsigned long rows; + int present; +}; + +static struct cout_mode efi_cout_modes[] = { + /* EFI Mode 0 is 80x25 and always present */ + { + .columns = 80, + .rows = 25, + .present = 1, + }, + /* EFI Mode 1 is always 80x50 */ + { + .columns = 80, + .rows = 50, + .present = 0, + }, + /* Value are unknown until we query the console */ + { + .columns = 0, + .rows = 0, + .present = 0, + }, +}; + const efi_guid_t efi_guid_console_control = CONSOLE_CONTROL_GUID; #define cESC '\x1b' @@ -56,8 +83,9 @@ const struct efi_console_control_protocol efi_console_control = { .lock_std_in = efi_cin_lock_std_in, }; +/* Default to mode 0 */ static struct simple_text_output_mode efi_con_mode = { - .max_mode = 0, + .max_mode = 1, .mode = 0, .attribute = 0, .cursor_column = 0, @@ -131,8 +159,10 @@ static efi_status_t EFIAPI efi_cout_output_string( struct efi_simple_text_output_protocol *this, const unsigned short *string) { + struct cout_mode *mode; u16 ch; + mode = &efi_cout_modes[efi_con_mode.mode]; EFI_ENTRY("%p, %p", this, string); for (;(ch = *string); string++) { print_unicode_in_utf8(ch); @@ -140,13 +170,12 @@ static efi_status_t EFIAPI efi_cout_output_string( if (ch == '\n') { efi_con_mode.cursor_column = 1; efi_con_mode.cursor_row++; - } else if (efi_con_mode.cursor_column > console_columns) { + } else if (efi_con_mode.cursor_column > mode->columns) { efi_con_mode.cursor_column = 1; efi_con_mode.cursor_row++; } - if (efi_con_mode.cursor_row > console_rows) { - efi_con_mode.cursor_row = console_rows; - } + if (efi_con_mode.cursor_row > mode->rows) + efi_con_mode.cursor_row = mode->rows; } return EFI_EXIT(EFI_SUCCESS); @@ -160,6 +189,14 @@ static efi_status_t EFIAPI efi_cout_test_string( return EFI_EXIT(EFI_SUCCESS); } +static bool cout_mode_matches(struct cout_mode *mode, int rows, int cols) +{ + if (!mode->present) + return false; + + return (mode->rows == rows) && (mode->columns == cols); +} + static efi_status_t EFIAPI efi_cout_query_mode( struct efi_simple_text_output_protocol *this, unsigned long mode_number, unsigned long *columns, @@ -170,6 +207,8 @@ static efi_status_t EFIAPI efi_cout_query_mode( if (!console_size_queried) { /* Ask the terminal about its size */ int n[3]; + int cols; + int rows; u64 timeout; console_size_queried = true; @@ -191,15 +230,40 @@ static efi_status_t EFIAPI efi_cout_query_mode( goto out; } - console_columns = n[2]; - console_rows = n[1]; + cols = n[2]; + rows = n[1]; + + /* Test if we can have Mode 1 */ + if (cols >= 80 && rows >= 50) { + efi_cout_modes[1].present = 1; + efi_con_mode.max_mode = 2; + } + + /* + * Install our mode as mode 2 if it is different + * than mode 0 or 1 and set it as the currently selected mode + */ + if (!cout_mode_matches(&efi_cout_modes[0], rows, cols) && + !cout_mode_matches(&efi_cout_modes[1], rows, cols)) { + efi_cout_modes[EFI_COUT_MODE_2].columns = cols; + efi_cout_modes[EFI_COUT_MODE_2].rows = rows; + efi_cout_modes[EFI_COUT_MODE_2].present = 1; + efi_con_mode.max_mode = EFI_MAX_COUT_MODE; + efi_con_mode.mode = EFI_COUT_MODE_2; + } } + if (mode_number >= efi_con_mode.max_mode) + return EFI_EXIT(EFI_UNSUPPORTED); + + if (efi_cout_modes[mode_number].present != 1) + return EFI_EXIT(EFI_UNSUPPORTED); + out: if (columns) - *columns = console_columns; + *columns = efi_cout_modes[mode_number].columns; if (rows) - *rows = console_rows; + *rows = efi_cout_modes[mode_number].rows; return EFI_EXIT(EFI_SUCCESS); } @@ -210,11 +274,15 @@ static efi_status_t EFIAPI efi_cout_set_mode( { EFI_ENTRY("%p, %ld", this, mode_number); - /* We only support text output for now */ - if (mode_number == EFI_CONSOLE_MODE_TEXT) - return EFI_EXIT(EFI_SUCCESS); - return EFI_EXIT(EFI_UNSUPPORTED); + if (mode_number > efi_con_mode.max_mode) + return EFI_EXIT(EFI_UNSUPPORTED); + + efi_con_mode.mode = mode_number; + efi_con_mode.cursor_column = 0; + efi_con_mode.cursor_row = 0; + + return EFI_EXIT(EFI_SUCCESS); } static efi_status_t EFIAPI efi_cout_set_attribute( diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 5165377..3262d76 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -174,7 +174,8 @@ void *efi_load_pe(void *efi, struct efi_loaded_image *loaded_image_info) efi_loader_relocate(rel, rel_size, efi_reloc); /* Flush cache */ - flush_cache((ulong)efi_reloc, virt_size); + flush_cache((ulong)efi_reloc, + ALIGN(virt_size, CONFIG_SYS_CACHELINE_SIZE)); invalidate_icache_all(); /* Populate the loaded image interface bits */ diff --git a/lib/efi_loader/efi_net.c b/lib/efi_loader/efi_net.c index 3796496..604ac6e 100644 --- a/lib/efi_loader/efi_net.c +++ b/lib/efi_loader/efi_net.c @@ -27,7 +27,8 @@ struct efi_net_obj { struct efi_simple_network net; struct efi_simple_network_mode net_mode; /* Device path to the network adapter */ - struct efi_device_path_file_path dp[2]; + struct efi_device_path_mac_addr dp_mac; + struct efi_device_path_file_path dp_end; /* PXE struct to transmit dhcp data */ struct efi_pxe pxe; struct efi_pxe_mode pxe_mode; @@ -205,7 +206,7 @@ static efi_status_t EFIAPI efi_net_open_dp(void *handle, efi_guid_t *protocol, struct efi_simple_network *net = handle; struct efi_net_obj *netobj = container_of(net, struct efi_net_obj, net); - *protocol_interface = netobj->dp; + *protocol_interface = &netobj->dp_mac; return EFI_SUCCESS; } @@ -236,11 +237,10 @@ void efi_net_set_dhcp_ack(void *pkt, int len) int efi_net_register(void **handle) { struct efi_net_obj *netobj; - struct efi_device_path_file_path dp_net = { - .dp.type = DEVICE_PATH_TYPE_MEDIA_DEVICE, - .dp.sub_type = DEVICE_PATH_SUB_TYPE_FILE_PATH, + struct efi_device_path_mac_addr dp_net = { + .dp.type = DEVICE_PATH_TYPE_MESSAGING_DEVICE, + .dp.sub_type = DEVICE_PATH_SUB_TYPE_MSG_MAC_ADDR, .dp.length = sizeof(dp_net), - .str = { 'N', 'e', 't' }, }; struct efi_device_path_file_path dp_end = { .dp.type = DEVICE_PATH_TYPE_END, @@ -279,8 +279,9 @@ int efi_net_register(void **handle) netobj->net.receive = efi_net_receive; netobj->net.mode = &netobj->net_mode; netobj->net_mode.state = EFI_NETWORK_STARTED; - netobj->dp[0] = dp_net; - netobj->dp[1] = dp_end; + netobj->dp_mac = dp_net; + netobj->dp_end = dp_end; + memcpy(netobj->dp_mac.mac.addr, eth_get_ethaddr(), 6); memcpy(netobj->net_mode.current_address.mac_addr, eth_get_ethaddr(), 6); netobj->net_mode.max_packet_size = PKTSIZE; diff --git a/lib/efi_loader/helloworld.c b/lib/efi_loader/helloworld.c new file mode 100644 index 0000000..03e65ab --- /dev/null +++ b/lib/efi_loader/helloworld.c @@ -0,0 +1,24 @@ +/* + * EFI hello world + * + * Copyright (c) 2016 Google, Inc + * Written by Simon Glass <sjg@chromium.org> + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <part_efi.h> +#include <efi_api.h> + +efi_status_t EFIAPI efi_main(efi_handle_t handle, + struct efi_system_table *systable) +{ + struct efi_simple_text_output_protocol *con_out = systable->con_out; + struct efi_boot_services *boottime = systable->boottime; + + con_out->output_string(con_out, L"Hello, world!\n"); + boottime->exit(handle, 0, 0, NULL); + + return EFI_SUCCESS; +} diff --git a/lib/rsa/rsa-checksum.c b/lib/rsa/rsa-checksum.c index db183ff..2bf28e2 100644 --- a/lib/rsa/rsa-checksum.c +++ b/lib/rsa/rsa-checksum.c @@ -13,130 +13,9 @@ #include <hash.h> #else #include "fdt_host.h" -#include <u-boot/sha1.h> -#include <u-boot/sha256.h> #endif #include <u-boot/rsa.h> -/* PKCS 1.5 paddings as described in the RSA PKCS#1 v2.1 standard. */ - -const uint8_t padding_sha256_rsa2048[RSA2048_BYTES - SHA256_SUM_LEN] = { -0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30, -0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, -0x00, 0x04, 0x20 -}; - -const uint8_t padding_sha1_rsa2048[RSA2048_BYTES - SHA1_SUM_LEN] = { - 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30, - 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, - 0x05, 0x00, 0x04, 0x14 -}; - -const uint8_t padding_sha256_rsa4096[RSA4096_BYTES - SHA256_SUM_LEN] = { - 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30, - 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, - 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 -}; - int hash_calculate(const char *name, const struct image_region region[], int region_count, uint8_t *checksum) diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index c26f741..9a09280 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -244,7 +244,7 @@ int rsa_sign(struct image_sign_info *info, ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa); if (ret) goto err_priv; - ret = rsa_sign_with_key(rsa, info->algo->checksum, region, + ret = rsa_sign_with_key(rsa, info->checksum, region, region_count, sigp, sig_len); if (ret) goto err_sign; @@ -508,7 +508,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) } if (!ret) { ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP, - info->algo->name); + info->name); } if (!ret && info->require_keys) { ret = fdt_setprop_string(keydest, node, "required", diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 442b769..0d548f8 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -25,6 +25,40 @@ #define RSA_DEFAULT_PUBEXP 65537 /** + * rsa_verify_padding() - Verify RSA message padding is valid + * + * Verify a RSA message's padding is consistent with PKCS1.5 + * padding as described in the RSA PKCS#1 v2.1 standard. + * + * @msg: Padded message + * @pad_len: Number of expected padding bytes + * @algo: Checksum algo structure having information on DER encoding etc. + * @return 0 on success, != 0 on failure + */ +static int rsa_verify_padding(const uint8_t *msg, const int pad_len, + struct checksum_algo *algo) +{ + int ff_len; + int ret; + + /* first byte must be 0x00 */ + ret = *msg++; + /* second byte must be 0x01 */ + ret |= *msg++ ^ 0x01; + /* next ff_len bytes must be 0xff */ + ff_len = pad_len - algo->der_len - 3; + ret |= *msg ^ 0xff; + ret |= memcmp(msg, msg+1, ff_len-1); + msg += ff_len; + /* next byte must be 0x00 */ + ret |= *msg++; + /* next der_len bytes must match der_prefix */ + ret |= memcmp(msg, algo->der_prefix, algo->der_len); + + return ret; +} + +/** * rsa_verify_key() - Verify a signature against some data using RSA Key * * Verify a RSA PKCS1.5 signature against an expected hash using @@ -34,14 +68,14 @@ * @sig: Signature * @sig_len: Number of bytes in signature * @hash: Pointer to the expected hash - * @algo: Checksum algo structure having information on RSA padding etc. + * @key_len: Number of bytes in rsa key + * @algo: Checksum algo structure having information on DER encoding etc. * @return 0 if verified, -ve on error */ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, const uint32_t sig_len, const uint8_t *hash, - struct checksum_algo *algo) + const uint32_t key_len, struct checksum_algo *algo) { - const uint8_t *padding; int pad_len; int ret; #if !defined(USE_HOSTCC) @@ -83,11 +117,11 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, return ret; } - padding = algo->rsa_padding; - pad_len = algo->pad_len - algo->checksum_len; + pad_len = key_len - algo->checksum_len; /* Check pkcs1.5 padding bytes. */ - if (memcmp(buf, padding, pad_len)) { + ret = rsa_verify_padding(buf, pad_len, algo); + if (ret) { debug("In RSAVerify(): Padding check failed!\n"); return -EINVAL; } @@ -149,7 +183,8 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, return -EFAULT; } - ret = rsa_verify_key(&prop, sig, sig_len, hash, info->algo->checksum); + ret = rsa_verify_key(&prop, sig, sig_len, hash, + info->crypto->key_len, info->checksum); return ret; } @@ -160,7 +195,7 @@ int rsa_verify(struct image_sign_info *info, { const void *blob = info->fdt_blob; /* Reserve memory for maximum checksum-length */ - uint8_t hash[info->algo->checksum->pad_len]; + uint8_t hash[info->crypto->key_len]; int ndepth, noffset; int sig_node, node; char name[100]; @@ -170,10 +205,10 @@ int rsa_verify(struct image_sign_info *info, * Verify that the checksum-length does not exceed the * rsa-signature-length */ - if (info->algo->checksum->checksum_len > - info->algo->checksum->pad_len) { + if (info->checksum->checksum_len > + info->crypto->key_len) { debug("%s: invlaid checksum-algorithm %s for %s\n", - __func__, info->algo->checksum->name, info->algo->name); + __func__, info->checksum->name, info->crypto->name); return -EINVAL; } @@ -184,7 +219,7 @@ int rsa_verify(struct image_sign_info *info, } /* Calculate checksum with checksum-algorithm */ - ret = info->algo->checksum->calculate(info->algo->checksum->name, + ret = info->checksum->calculate(info->checksum->name, region, region_count, hash); if (ret < 0) { debug("%s: Error in checksum calculation\n", __func__); @@ -26,6 +26,11 @@ #include <watchdog.h> #include <u-boot/sha1.h> +const uint8_t sha1_der_prefix[SHA1_DER_LEN] = { + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, + 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 +}; + /* * 32-bit integer manipulation macros (big endian) */ diff --git a/lib/sha256.c b/lib/sha256.c index bb338ba..7f5a361 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -15,6 +15,12 @@ #include <watchdog.h> #include <u-boot/sha256.h> +const uint8_t sha256_der_prefix[SHA256_DER_LEN] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20 +}; + /* * 32-bit integer manipulation macros (big endian) */ |