aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandru Gagniuc2021-08-18 17:49:02 -0500
committerTom Rini2021-09-14 11:46:48 -0400
commitde41f0ee0d68bcdf7d97018fdfe4bfe9fe3e53a2 (patch)
tree5a61299f2b0786ddf20627a5ea83ee90d10f674a
parent423e324de2a6ada4e24d97cc7aed1c8a7cd15e5f (diff)
image: rsa: Move padding_algos to linker lists
We are not guaranteed to have the padding_pkcs_15_verify symbol since commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY") The padding_algos only make sense with RSA verification, which can now be disabled in lieu of ECDSA. In fact this will lead to build failures because of the missing symbol mentioned earlier. To resolve this, move the padding_algos to a linker list, with declarations moved to rsa_verify.c. This is consistent with commit 6909edb4ce ("image: rsa: Move verification algorithm to a linker list") One could argue that the added #ifdef USE_HOSTCC is ugly, and should be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would be inconsistent with the "cryptos" list. This logic for was not previously explored: Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is similar to something being declared. However, should #ifndef USE_HOSTCC be part of the macro, it would not be obvious that it behaves differently on host code and target code. Having the #ifndef outside the macro makes this obvious. Also, the #ifdef is not always necessary. For example ecda-verify makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs. The fundamental issue is a lack of separation of host and target code in rsa_verify. Therefore, the declaration of a padding algo with the external #ifdef is more readable and consistent. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
-rw-r--r--common/image-sig.c23
-rw-r--r--include/image.h4
-rw-r--r--lib/rsa/rsa-verify.c15
3 files changed, 25 insertions, 17 deletions
diff --git a/common/image-sig.c b/common/image-sig.c
index fb0035524e0..fa9407bb300 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -51,19 +51,6 @@ struct checksum_algo checksum_algos[] = {
};
-struct padding_algo padding_algos[] = {
- {
- .name = "pkcs-1.5",
- .verify = padding_pkcs_15_verify,
- },
-#ifdef CONFIG_FIT_RSASSA_PSS
- {
- .name = "pss",
- .verify = padding_pss_verify,
- }
-#endif /* CONFIG_FIT_RSASSA_PSS */
-};
-
struct checksum_algo *image_get_checksum_algo(const char *full_name)
{
int i;
@@ -129,14 +116,16 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name)
struct padding_algo *image_get_padding_algo(const char *name)
{
- int i;
+ struct padding_algo *padding, *end;
if (!name)
return NULL;
- for (i = 0; i < ARRAY_SIZE(padding_algos); i++) {
- if (!strcmp(padding_algos[i].name, name))
- return &padding_algos[i];
+ padding = ll_entry_start(struct padding_algo, paddings);
+ end = ll_entry_end(struct padding_algo, paddings);
+ for (; padding < end; padding++) {
+ if (!strcmp(padding->name, name))
+ return padding;
}
return NULL;
diff --git a/include/image.h b/include/image.h
index 98b33d0629d..73a763a6936 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1312,6 +1312,10 @@ struct padding_algo {
const uint8_t *hash, int hash_len);
};
+/* Declare a new U-Boot padding algorithm handler */
+#define U_BOOT_PADDING_ALGO(__name) \
+ll_entry_declare(struct padding_algo, __name, paddings)
+
/**
* image_get_checksum_algo() - Look up a checksum algorithm
*
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 3840764e420..ad6d33d043a 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -95,6 +95,13 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
return 0;
}
+#ifndef USE_HOSTCC
+U_BOOT_PADDING_ALGO(pkcs_15) = {
+ .name = "pkcs-1.5",
+ .verify = padding_pkcs_15_verify,
+};
+#endif
+
#ifdef CONFIG_FIT_RSASSA_PSS
static void u32_i2osp(uint32_t val, uint8_t *buf)
{
@@ -296,6 +303,14 @@ out:
return ret;
}
+
+#ifndef USE_HOSTCC
+U_BOOT_PADDING_ALGO(pss) = {
+ .name = "pss",
+ .verify = padding_pss_verify,
+};
+#endif
+
#endif
#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)